From b8cf0a282afc3cf092e92076f8f15c7a9ed35f55 Mon Sep 17 00:00:00 2001 From: purplerain Date: Fri, 5 Jul 2024 02:44:07 +0000 Subject: [PATCH] sync with OpenBSD -current --- etc/daily | 5 +- share/man/man8/daily.8 | 6 +- sys/dev/acpi/qcgpio.c | 23 ++++- sys/dev/fdt/qcscm.c | 4 +- sys/dev/fdt/qcspmi.c | 137 +++++++++++++++++++++------- sys/net/pf.c | 14 ++- sys/net/pf_norm.c | 17 +++- sys/netinet6/ip6_forward.c | 11 ++- sys/netinet6/ip6_input.c | 14 ++- sys/netinet6/ip6_mroute.c | 20 ++-- sys/netinet6/ip6_output.c | 13 ++- sys/netinet6/ip6_var.h | 5 +- sys/uvm/uvm_addr.c | 26 +----- sys/uvm/uvm_addr.h | 4 +- usr.bin/ssh/ssh_config.5 | 8 +- usr.bin/ssh/sshd_config.5 | 8 +- usr.sbin/radiusd/radiusd.conf.5 | 35 ++++--- usr.sbin/radiusd/radiusd_bsdauth.8 | 8 +- usr.sbin/radiusd/radiusd_standard.8 | 6 +- 19 files changed, 237 insertions(+), 127 deletions(-) diff --git a/etc/daily b/etc/daily index 5463c72fc..32a61146d 100644 --- a/etc/daily +++ b/etc/daily @@ -1,5 +1,5 @@ # -# $OpenBSD: daily,v 1.99 2024/05/30 14:29:05 sthen Exp $ +# $OpenBSD: daily,v 1.100 2024/07/04 05:06:58 bket Exp $ # From: @(#)daily 8.2 (Berkeley) 1/25/94 # # For local additions, create the file /etc/daily.local. @@ -136,9 +136,6 @@ done next_part "Services that should be running but aren't:" rcctl ls failed -next_part "Services that are running but shouldn't:" -rcctl ls rogue - next_part "Filesystems which need to be dumped:" dump w | grep -vB1 ^Dump diff --git a/share/man/man8/daily.8 b/share/man/man8/daily.8 index 20743edc7..22071017a 100644 --- a/share/man/man8/daily.8 +++ b/share/man/man8/daily.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: daily.8,v 1.30 2024/05/16 11:33:59 solene Exp $ +.\" $OpenBSD: daily.8,v 1.31 2024/07/04 05:06:58 bket Exp $ .\" .\" Copyright (c) 2003 Jason McIntyre .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 16 2024 $ +.Dd $Mdocdate: July 4 2024 $ .Dt DAILY 8 .Os .Sh NAME @@ -112,7 +112,7 @@ for the mount options, e.g. Checks daemon status. Lists any daemons which are enabled in .Xr rc.conf.local 8 -but which are not actually running (and vice versa). +but which are not actually running. .It Reports on which file systems need to be dumped via .Xr dump 8 . diff --git a/sys/dev/acpi/qcgpio.c b/sys/dev/acpi/qcgpio.c index c1b0c3b48..c9ce00cd5 100644 --- a/sys/dev/acpi/qcgpio.c +++ b/sys/dev/acpi/qcgpio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qcgpio.c,v 1.9 2023/04/11 04:45:11 mglocker Exp $ */ +/* $OpenBSD: qcgpio.c,v 1.10 2024/07/04 18:35:36 patrick Exp $ */ /* * Copyright (c) 2022 Mark Kettenis * @@ -93,11 +93,13 @@ struct cfdriver qcgpio_cd = { const char *qcgpio_hids[] = { "QCOM060C", "QCOM080D", + "QCOM0C0C", NULL }; int qcgpio_sc7180_pin_map(int, bus_size_t *); int qcgpio_sc8280xp_pin_map(int, bus_size_t *); +int qcgpio_x1e80100_pin_map(int, bus_size_t *); int qcgpio_read_pin(void *, int); void qcgpio_write_pin(void *, int, int); @@ -142,6 +144,9 @@ qcgpio_acpi_attach(struct device *parent, struct device *self, void *aux) } else if (strcmp(aaa->aaa_dev, "QCOM060C") == 0) { sc->sc_npins = 228; sc->sc_pin_map = qcgpio_sc8280xp_pin_map; + } else if (strcmp(aaa->aaa_dev, "QCOM0C0C") == 0) { + sc->sc_npins = 239; + sc->sc_pin_map = qcgpio_x1e80100_pin_map; } KASSERT(sc->sc_npins != 0); @@ -223,6 +228,22 @@ qcgpio_sc8280xp_pin_map(int pin, bus_size_t *off) } } +int +qcgpio_x1e80100_pin_map(int pin, bus_size_t *off) +{ + switch (pin) { + case 3: + case 51: + return pin; + case 0x180: + return 67; + case 0x3c0: + return 3; + default: + return -1; + } +} + int qcgpio_read_pin(void *cookie, int pin) { diff --git a/sys/dev/fdt/qcscm.c b/sys/dev/fdt/qcscm.c index 93ed4cd0d..50b9f9e0b 100644 --- a/sys/dev/fdt/qcscm.c +++ b/sys/dev/fdt/qcscm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qcscm.c,v 1.6 2024/06/23 22:04:53 patrick Exp $ */ +/* $OpenBSD: qcscm.c,v 1.7 2024/07/04 20:11:46 kettenis Exp $ */ /* * Copyright (c) 2022 Patrick Wildt * @@ -744,8 +744,6 @@ qcscm_uefi_rtc_set(uint32_t off) return 0; rtcinfo[0] = off; - rtcinfo[1] = 0x10000; - rtcinfo[2] = 0; if (qcscm_uefi_set_variable(sc, u"RTCInfo", sizeof(u"RTCInfo"), &qcscm_uefi_rtcinfo_guid, EFI_VARIABLE_NON_VOLATILE | diff --git a/sys/dev/fdt/qcspmi.c b/sys/dev/fdt/qcspmi.c index abf1c2395..5cc807f71 100644 --- a/sys/dev/fdt/qcspmi.c +++ b/sys/dev/fdt/qcspmi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qcspmi.c,v 1.4 2024/05/13 01:15:50 jsg Exp $ */ +/* $OpenBSD: qcspmi.c,v 1.5 2024/07/04 21:54:38 kettenis Exp $ */ /* * Copyright (c) 2022 Patrick Wildt * @@ -34,14 +34,16 @@ #define SPMI_VERSION_V2_MIN 0x20010000 #define SPMI_VERSION_V3_MIN 0x30000000 #define SPMI_VERSION_V5_MIN 0x50000000 -#define SPMI_ARB_APID_MAP(x) (0x900 + (x) * 0x4) +#define SPMI_VERSION_V7_MIN 0x70000000 +#define SPMI_ARB_APID_MAP(sc, x) ((sc)->sc_arb_apid_map + (x) * 0x4) #define SPMI_ARB_APID_MAP_PPID_MASK 0xfff #define SPMI_ARB_APID_MAP_PPID_SHIFT 8 #define SPMI_ARB_APID_MAP_IRQ_OWNER (1 << 14) /* Channel registers. */ -#define SPMI_CHAN_OFF(x) (0x10000 * (x)) -#define SPMI_OBSV_OFF(x, y) (0x10000 * (x) + 0x80 * (y)) +#define SPMI_CHAN_OFF(sc, x) ((sc)->sc_chan_stride * (x)) +#define SPMI_OBSV_OFF(sc, x, y) \ + ((sc)->sc_obsv_ee_stride * (x) + (sc)->sc_obsv_apid_stride * (y)) #define SPMI_COMMAND 0x00 #define SPMI_COMMAND_OP_EXT_WRITEL (0 << 27) #define SPMI_COMMAND_OP_EXT_READL (1 << 27) @@ -75,14 +77,15 @@ #define SPMI_IRQ_CLEAR 0x108 /* Intr registers */ -#define SPMI_OWNER_ACC_STATUS(x, y) (0x10000 * (x) + 0x4 * (y)) +#define SPMI_OWNER_ACC_STATUS(sc, x, y) \ + ((sc)->sc_chan_stride * (x) + 0x4 * (y)) /* Config registers */ -#define SPMI_OWNERSHIP_TABLE(x) (0x700 + (x) * 0x4) +#define SPMI_OWNERSHIP_TABLE(sc, x) ((sc)->sc_ownership_table + (x) * 0x4) #define SPMI_OWNERSHIP_TABLE_OWNER(x) ((x) & 0x7) /* Misc */ -#define SPMI_MAX_PERIPH 512 +#define SPMI_MAX_PERIPH 1024 #define SPMI_MAX_PPID 4096 #define SPMI_PPID_TO_APID_VALID (1U << 15) #define SPMI_PPID_TO_APID_MASK (0x7fff) @@ -144,6 +147,12 @@ struct qcspmi_softc { struct qcspmi_apid sc_apid[SPMI_MAX_PERIPH]; uint16_t sc_ppid_to_apid[SPMI_MAX_PPID]; + uint16_t sc_max_periph; + bus_size_t sc_chan_stride; + bus_size_t sc_obsv_ee_stride; + bus_size_t sc_obsv_apid_stride; + bus_size_t sc_arb_apid_map; + bus_size_t sc_ownership_table; struct spmi_controller sc_tag; struct interrupt_controller sc_ic; @@ -180,7 +189,8 @@ qcspmi_match(struct device *parent, void *match, void *aux) { struct fdt_attach_args *faa = aux; - return OF_is_compatible(faa->fa_node, "qcom,spmi-pmic-arb"); + return OF_is_compatible(faa->fa_node, "qcom,spmi-pmic-arb") || + OF_is_compatible(faa->fa_node, "qcom,x1e80100-spmi-pmic-arb"); } void @@ -190,15 +200,14 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux) struct qcspmi_softc *sc = (struct qcspmi_softc *)self; struct qcspmi_apid *apid, *last_apid; uint32_t val, ppid, irq_own; - struct spmi_attach_args sa; - char name[32]; - uint32_t reg[2]; - int i, j, node; + struct fdt_reg *spmi_reg; + int spmi_nreg; + int i, j, node, spmi; sc->sc_node = faa->fa_node; sc->sc_iot = faa->fa_iot; - for (i = 0; i < nitems(qcspmi_regs); i++) { + for (i = QCSPMI_REG_CORE; i < QCSPMI_REG_INTR; i++) { j = OF_getindex(faa->fa_node, qcspmi_regs[i], "reg-names"); if (j < 0 || j >= faa->fa_nreg) { printf(": no %s registers\n", qcspmi_regs[i]); @@ -212,13 +221,69 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux) } } - /* Support only version 5 for now */ + spmi = OF_getnodebyname(faa->fa_node, "spmi"); + if (spmi) { + /* Multiple busses; only support the first. */ + uint32_t reg[8]; + + if (OF_getpropintarray(spmi, "reg", reg, + sizeof(reg)) != sizeof(reg)) { + printf(": no spmi registers\n"); + return; + } + + spmi_reg = faa->fa_reg; + spmi_reg[0].addr = ((uint64_t)reg[0] << 32) | reg[1]; + spmi_reg[0].size = ((uint64_t)reg[2] << 32) | reg[3]; + spmi_reg[1].addr = ((uint64_t)reg[4] << 32) | reg[5]; + spmi_reg[1].size = ((uint64_t)reg[6] << 32) | reg[7]; + spmi_nreg = 2; + } else { + /* Single bus. */ + spmi = faa->fa_node; + spmi_reg = faa->fa_reg; + spmi_nreg = faa->fa_nreg; + } + + for (i = QCSPMI_REG_INTR; i < QCSPMI_REG_MAX; i++) { + j = OF_getindex(spmi, qcspmi_regs[i], "reg-names"); + if (j < 0 || j >= spmi_nreg) { + printf(": no %s registers\n", qcspmi_regs[i]); + return; + } + + if (bus_space_map(sc->sc_iot, spmi_reg[j].addr, + spmi_reg[j].size, 0, &sc->sc_ioh[i])) { + printf(": can't map %s registers\n", qcspmi_regs[i]); + return; + } + } + + /* Support only version 5 and 7 for now */ val = HREAD4(sc, QCSPMI_REG_CORE, SPMI_VERSION); if (val < SPMI_VERSION_V5_MIN) { printf(": unsupported version 0x%08x\n", val); return; } + if (val < SPMI_VERSION_V7_MIN) { + sc->sc_max_periph = 512; + sc->sc_chan_stride = 0x10000; + sc->sc_obsv_ee_stride = 0x10000; + sc->sc_obsv_apid_stride = 0x00080; + sc->sc_arb_apid_map = 0x00900; + sc->sc_ownership_table = 0x00700; + } else { + sc->sc_max_periph = 1024; + sc->sc_chan_stride = 0x01000; + sc->sc_obsv_ee_stride = 0x08000; + sc->sc_obsv_apid_stride = 0x00020; + sc->sc_arb_apid_map = 0x02000; + sc->sc_ownership_table = 0x00000; + } + + KASSERT(sc->sc_max_periph <= SPMI_MAX_PERIPH); + sc->sc_ee = OF_getpropint(sc->sc_node, "qcom,ee", 0); if (sc->sc_ee > 5) { printf(": unsupported EE\n"); @@ -227,7 +292,7 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux) TAILQ_INIT(&sc->sc_intrq); - sc->sc_ih = fdt_intr_establish(sc->sc_node, IPL_BIO, qcspmi_intr, + sc->sc_ih = fdt_intr_establish(spmi, IPL_BIO, qcspmi_intr, sc, sc->sc_dev.dv_xname); if (sc->sc_ih == NULL) { printf(": can't establish interrupt\n"); @@ -236,14 +301,14 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux) printf("\n"); - for (i = 0; i < SPMI_MAX_PERIPH; i++) { - val = HREAD4(sc, QCSPMI_REG_CORE, SPMI_ARB_APID_MAP(i)); + for (i = 0; i < sc->sc_max_periph; i++) { + val = HREAD4(sc, QCSPMI_REG_CORE, SPMI_ARB_APID_MAP(sc, i)); if (!val) continue; ppid = (val >> SPMI_ARB_APID_MAP_PPID_SHIFT) & SPMI_ARB_APID_MAP_PPID_MASK; irq_own = val & SPMI_ARB_APID_MAP_IRQ_OWNER; - val = HREAD4(sc, QCSPMI_REG_CNFG, SPMI_OWNERSHIP_TABLE(i)); + val = HREAD4(sc, QCSPMI_REG_CNFG, SPMI_OWNERSHIP_TABLE(sc, i)); apid = &sc->sc_apid[i]; apid->write_ee = SPMI_OWNERSHIP_TABLE_OWNER(val); apid->irq_ee = 0xff; @@ -265,7 +330,7 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux) sc->sc_tag.sc_cmd_read = qcspmi_cmd_read; sc->sc_tag.sc_cmd_write = qcspmi_cmd_write; - sc->sc_ic.ic_node = faa->fa_node; + sc->sc_ic.ic_node = spmi; sc->sc_ic.ic_cookie = sc; sc->sc_ic.ic_establish = qcspmi_intr_establish; sc->sc_ic.ic_disestablish = qcspmi_intr_disestablish; @@ -274,7 +339,11 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux) sc->sc_ic.ic_barrier = qcspmi_intr_barrier; fdt_intr_register(&sc->sc_ic); - for (node = OF_child(faa->fa_node); node; node = OF_peer(node)) { + for (node = OF_child(spmi); node; node = OF_peer(node)) { + struct spmi_attach_args sa; + uint32_t reg[2]; + char name[32]; + if (OF_getpropintarray(node, "reg", reg, sizeof(reg)) != sizeof(reg)) continue; @@ -330,13 +399,13 @@ qcspmi_cmd_read(void *cookie, uint8_t sid, uint8_t cmd, uint16_t addr, apid = sc->sc_ppid_to_apid[ppid] & SPMI_PPID_TO_APID_MASK; HWRITE4(sc, QCSPMI_REG_OBSRVR, - SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_COMMAND, + SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_COMMAND, SPMI_COMMAND_OP_EXT_READL | SPMI_COMMAND_ADDR(addr) | SPMI_COMMAND_LEN(bc)); for (i = 1000; i > 0; i--) { reg = HREAD4(sc, QCSPMI_REG_OBSRVR, - SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_STATUS); + SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_STATUS); if (reg & SPMI_STATUS_DONE) break; } @@ -350,14 +419,14 @@ qcspmi_cmd_read(void *cookie, uint8_t sid, uint8_t cmd, uint16_t addr, if (len > 0) { reg = HREAD4(sc, QCSPMI_REG_OBSRVR, - SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_RDATA0); + SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_RDATA0); memcpy(cbuf, ®, MIN(len, 4)); cbuf += MIN(len, 4); len -= MIN(len, 4); } if (len > 0) { reg = HREAD4(sc, QCSPMI_REG_OBSRVR, - SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_RDATA1); + SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_RDATA1); memcpy(cbuf, ®, MIN(len, 4)); cbuf += MIN(len, 4); len -= MIN(len, 4); @@ -394,25 +463,25 @@ qcspmi_cmd_write(void *cookie, uint8_t sid, uint8_t cmd, uint16_t addr, if (len > 0) { memcpy(®, cbuf, MIN(len, 4)); - HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) + + HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) + SPMI_WDATA0, reg); cbuf += MIN(len, 4); len -= MIN(len, 4); } if (len > 0) { memcpy(®, cbuf, MIN(len, 4)); - HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) + + HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) + SPMI_WDATA1, reg); cbuf += MIN(len, 4); len -= MIN(len, 4); } - HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) + SPMI_COMMAND, + HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) + SPMI_COMMAND, SPMI_COMMAND_OP_EXT_WRITEL | SPMI_COMMAND_ADDR(addr) | SPMI_COMMAND_LEN(bc)); for (i = 1000; i > 0; i--) { - reg = HREAD4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) + + reg = HREAD4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) + SPMI_STATUS); if (reg & SPMI_STATUS_DONE) break; @@ -492,7 +561,7 @@ qcspmi_intr_establish(void *cookie, int *cells, int ipl, if (error) printf("%s: cannot write irq setting\n", sc->sc_dev.dv_xname); - HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(ih->ih_apid) + + HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_IRQ_CLEAR, (1U << ih->ih_pin)); qcspmi_intr_enable(ih); @@ -522,7 +591,7 @@ qcspmi_intr_enable(void *cookie) uint8_t reg[2]; int error; - HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(ih->ih_apid) + + HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_ACC_ENABLE, SPMI_ACC_ENABLE_BIT); error = spmi_cmd_read(&sc->sc_tag, ih->ih_sid, SPMI_CMD_EXT_READL, @@ -576,22 +645,22 @@ qcspmi_intr(void *arg) TAILQ_FOREACH(ih, &sc->sc_intrq, ih_q) { status = HREAD4(sc, QCSPMI_REG_INTR, - SPMI_OWNER_ACC_STATUS(sc->sc_ee, ih->ih_apid / 32)); + SPMI_OWNER_ACC_STATUS(sc, sc->sc_ee, ih->ih_apid / 32)); if (!(status & (1U << (ih->ih_apid % 32)))) continue; status = HREAD4(sc, QCSPMI_REG_CHNLS, - SPMI_CHAN_OFF(ih->ih_apid) + SPMI_ACC_ENABLE); + SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_ACC_ENABLE); if (!(status & SPMI_ACC_ENABLE_BIT)) continue; status = HREAD4(sc, QCSPMI_REG_CHNLS, - SPMI_CHAN_OFF(ih->ih_apid) + SPMI_IRQ_STATUS); + SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_IRQ_STATUS); if (!(status & (1U << ih->ih_pin))) continue; ih->ih_func(ih->ih_arg); handled = 1; - HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(ih->ih_apid) + + HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_IRQ_CLEAR, (1U << ih->ih_pin)); reg = 1U << ih->ih_pin; error = spmi_cmd_write(&sc->sc_tag, ih->ih_sid, diff --git a/sys/net/pf.c b/sys/net/pf.c index b967b11aa..f22c31900 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1200 2024/07/02 18:33:47 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.1201 2024/07/04 12:50:08 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -7986,14 +7986,20 @@ done: break; case AF_INET6: if (pd.dir == PF_IN) { - int flags; + int flags = IPV6_REDIRECT; - if (ip6_forwarding == 0) { + switch (ip6_forwarding) { + case 2: + SET(flags, IPV6_FORWARDING_IPSEC); + /* FALLTHROUGH */ + case 1: + SET(flags, IPV6_FORWARDING); + break; + default: ip6stat_inc(ip6s_cantforward); action = PF_DROP; goto out; } - flags = IPV6_FORWARDING | IPV6_REDIRECT; ip6_forward(pd.m, NULL, flags); } else ip6_output(pd.m, NULL, NULL, 0, NULL, NULL); diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 8799b845e..4178fe785 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.231 2024/06/20 19:25:42 bluhm Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.232 2024/07/04 12:50:08 bluhm Exp $ */ /* * Copyright 2001 Niels Provos @@ -1011,7 +1011,20 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst, while ((m = ml_dequeue(&ml)) != NULL) { m->m_pkthdr.pf.flags |= PF_TAG_REFRAGMENTED; if (ifp == NULL) { - ip6_forward(m, NULL, IPV6_FORWARDING); + int flags = 0; + + switch (ip6_forwarding) { + case 2: + SET(flags, IPV6_FORWARDING_IPSEC); + /* FALLTHROUGH */ + case 1: + SET(flags, IPV6_FORWARDING); + break; + default: + ip6stat_inc(ip6s_cantforward); + return (PF_DROP); + } + ip6_forward(m, NULL, flags); } else if ((u_long)m->m_pkthdr.len <= ifp->if_mtu) { ifp->if_output(ifp, m, sin6tosa(dst), rt); } else { diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 9daf51f92..c706c32c5 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.119 2024/06/20 19:25:42 bluhm Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.120 2024/07/04 12:50:08 bluhm Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -315,6 +315,15 @@ reroute: } #endif +#ifdef IPSEC + if (ISSET(flags, IPV6_FORWARDING) && + ISSET(flags, IPV6_FORWARDING_IPSEC) && + !ISSET(m->m_pkthdr.ph_tagsset, PACKET_TAG_IPSEC_IN_DONE)) { + error = EHOSTUNREACH; + goto senderr; + } +#endif + error = if_output_tso(ifp, &m, dst, rt, ifp->if_mtu); if (error) ip6stat_inc(ip6s_cantforward); diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index de9468ecc..6952cf632 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.263 2024/06/20 19:25:42 bluhm Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.264 2024/07/04 12:50:08 bluhm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -416,8 +416,14 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) SET(flags, IPV6_REDIRECT); #endif - if (ip6_forwarding != 0) + switch (ip6_forwarding) { + case 2: + SET(flags, IPV6_FORWARDING_IPSEC); + /* FALLTHROUGH */ + case 1: SET(flags, IPV6_FORWARDING); + break; + } /* * Without embedded scope ID we cannot find link-local @@ -491,7 +497,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) * must be discarded, else it may be accepted below. */ KERNEL_LOCK(); - error = ip6_mforward(ip6, ifp, m); + error = ip6_mforward(ip6, ifp, m, flags); KERNEL_UNLOCK(); if (error) { ip6stat_inc(ip6s_cantforward); @@ -1442,7 +1448,7 @@ const struct sysctl_bounded_args ipv6ctl_vars[] = { #ifdef MROUTING { IPV6CTL_MRTPROTO, &ip6_mrtproto, SYSCTL_INT_READONLY }, #endif - { IPV6CTL_FORWARDING, &ip6_forwarding, 0, 1 }, + { IPV6CTL_FORWARDING, &ip6_forwarding, 0, 2 }, { IPV6CTL_SENDREDIRECTS, &ip6_sendredirects, 0, 1 }, { IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 }, { IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 }, diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index f2ab244ff..34bcb28ce 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_mroute.c,v 1.142 2024/06/07 08:37:59 jsg Exp $ */ +/* $OpenBSD: ip6_mroute.c,v 1.143 2024/07/04 12:50:08 bluhm Exp $ */ /* $NetBSD: ip6_mroute.c,v 1.59 2003/12/10 09:28:38 itojun Exp $ */ /* $KAME: ip6_mroute.c,v 1.45 2001/03/25 08:38:51 itojun Exp $ */ @@ -122,8 +122,8 @@ int mcast6_debug = 1; do { } while (0) #endif -int ip6_mdq(struct mbuf *, struct ifnet *, struct rtentry *); -void phyint_send6(struct ifnet *, struct ip6_hdr *, struct mbuf *); +int ip6_mdq(struct mbuf *, struct ifnet *, struct rtentry *, int); +void phyint_send6(struct ifnet *, struct ip6_hdr *, struct mbuf *, int); /* * Globals. All but ip6_mrouter, ip6_mrtproto and mrt6stat could be static, @@ -853,7 +853,7 @@ socket6_send(struct socket *so, struct mbuf *mm, struct sockaddr_in6 *src) * discard it. */ int -ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m) +ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m, int flags) { struct rtentry *rt; struct mif6 *mifp; @@ -902,7 +902,7 @@ ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m) /* Entry exists, so forward if necessary */ if (rt) { - return (ip6_mdq(m, ifp, rt)); + return (ip6_mdq(m, ifp, rt, flags)); } else { /* * If we don't have a route for packet's origin, @@ -997,7 +997,7 @@ mf6c_expire_route(struct rtentry *rt, u_int rtableid) * Packet forwarding routine once entry in the cache is made */ int -ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt) +ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int flags) { struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct mif6 *m6, *mifp = (struct mif6 *)ifp->if_mcast6; @@ -1085,7 +1085,7 @@ ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt) m6->m6_pkt_out++; m6->m6_bytes_out += plen; - phyint_send6(ifn, ip6, m); + phyint_send6(ifn, ip6, m, flags); if_put(ifn); } while ((rt = rtable_iterate(rt)) != NULL); @@ -1093,7 +1093,7 @@ ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt) } void -phyint_send6(struct ifnet *ifp, struct ip6_hdr *ip6, struct mbuf *m) +phyint_send6(struct ifnet *ifp, struct ip6_hdr *ip6, struct mbuf *m, int flags) { struct mbuf *mb_copy; struct sockaddr_in6 *dst6, sin6; @@ -1126,8 +1126,8 @@ phyint_send6(struct ifnet *ifp, struct ip6_hdr *ip6, struct mbuf *m) /* XXX: ip6_output will override ip6->ip6_hlim */ im6o.im6o_hlim = ip6->ip6_hlim; im6o.im6o_loop = 1; - error = ip6_output(mb_copy, NULL, NULL, IPV6_FORWARDING, &im6o, - NULL); + error = ip6_output(mb_copy, NULL, NULL, flags | IPV6_FORWARDING, + &im6o, NULL); return; } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index c65bfd0b9..c5c82e5fe 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.291 2024/04/17 20:48:51 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.292 2024/07/04 12:50:08 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -533,7 +533,7 @@ reroute: */ if (ip6_mforwarding && ip6_mrouter[ifp->if_rdomain] && (flags & IPV6_FORWARDING) == 0) { - if (ip6_mforward(ip6, ifp, m) != 0) { + if (ip6_mforward(ip6, ifp, m, flags) != 0) { m_freem(m); goto done; } @@ -644,6 +644,15 @@ reroute: } #endif +#ifdef IPSEC + if (ISSET(flags, IPV6_FORWARDING) && + ISSET(flags, IPV6_FORWARDING_IPSEC) && + !ISSET(m->m_pkthdr.ph_tagsset, PACKET_TAG_IPSEC_IN_DONE)) { + error = EHOSTUNREACH; + goto bad; + } +#endif + /* * If the packet is not going on the wire it can be destined * to any local address. In this case do not clear its scopes diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 47fca707d..bbe59c744 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.118 2024/06/20 19:25:42 bluhm Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.119 2024/07/04 12:50:08 bluhm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -270,6 +270,7 @@ ip6stat_add(enum ip6stat_counters c, uint64_t v) #define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */ #define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */ #define IPV6_REDIRECT 0x08 /* redirected by pf */ +#define IPV6_FORWARDING_IPSEC 0x10 /* only packets processed by IPsec */ extern int ip6_mtudisc_timeout; /* mtu discovery */ extern struct rttimer_queue icmp6_mtudisc_timeout_q; @@ -316,7 +317,7 @@ int ip6_unknown_opt(struct mbuf **, u_int8_t *, int); int ip6_get_prevhdr(struct mbuf *, int); int ip6_nexthdr(struct mbuf *, int, int, int *); int ip6_lasthdr(struct mbuf *, int, int, int *); -int ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *); +int ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *, int); int ip6_process_hopopts(struct mbuf **, u_int8_t *, int, u_int32_t *, u_int32_t *); void ip6_savecontrol(struct inpcb *, struct mbuf *, struct mbuf **); diff --git a/sys/uvm/uvm_addr.c b/sys/uvm/uvm_addr.c index 904218034..d022bdf3a 100644 --- a/sys/uvm/uvm_addr.c +++ b/sys/uvm/uvm_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_addr.c,v 1.35 2024/06/07 06:04:43 jsg Exp $ */ +/* $OpenBSD: uvm_addr.c,v 1.36 2024/07/04 04:52:10 jsg Exp $ */ /* * Copyright (c) 2011 Ariane van der Steldt @@ -290,30 +290,6 @@ uvm_addr_destroy(struct uvm_addr_state *uaddr) (*uaddr->uaddr_functions->uaddr_destroy)(uaddr); } -/* - * Move address forward to satisfy align, offset. - */ -vaddr_t -uvm_addr_align(vaddr_t addr, vaddr_t align, vaddr_t offset) -{ - vaddr_t result = (addr & ~(align - 1)) + offset; - if (result < addr) - result += align; - return result; -} - -/* - * Move address backwards to satisfy align, offset. - */ -vaddr_t -uvm_addr_align_back(vaddr_t addr, vaddr_t align, vaddr_t offset) -{ - vaddr_t result = (addr & ~(align - 1)) + offset; - if (result > addr) - result -= align; - return result; -} - /* * Directional first fit. * diff --git a/sys/uvm/uvm_addr.h b/sys/uvm/uvm_addr.h index f16126da8..987fcbad9 100644 --- a/sys/uvm/uvm_addr.h +++ b/sys/uvm/uvm_addr.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_addr.h,v 1.7 2017/01/17 17:19:21 stefan Exp $ */ +/* $OpenBSD: uvm_addr.h,v 1.8 2024/07/04 04:52:10 jsg Exp $ */ /* * Copyright (c) 2011 Ariane van der Steldt @@ -75,8 +75,6 @@ struct uvm_addr_functions { void uvm_addr_init(void); void uvm_addr_destroy(struct uvm_addr_state *); -vaddr_t uvm_addr_align(vaddr_t, vaddr_t, vaddr_t); -vaddr_t uvm_addr_align_back(vaddr_t, vaddr_t, vaddr_t); int uvm_addr_linsearch(struct vm_map *, struct uvm_addr_state *, struct vm_map_entry **, vaddr_t *addr_out, vaddr_t, vsize_t, diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 129ed951b..10ce6ea31 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $ -.Dd $Mdocdate: June 17 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.397 2024/07/04 22:53:59 djm Exp $ +.Dd $Mdocdate: July 4 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1383,8 +1383,8 @@ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output. .It Cm LogVerbose Specify one or more overrides to LogLevel. -An override consists of a pattern lists that matches the source file, function -and line number to force detailed logging for. +An override consists of one or more pattern lists that matches the +source file, function and line number to force detailed logging for. For example, an override pattern of: .Bd -literal -offset indent kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index ef31e91b3..b76386513 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.365 2024/06/24 06:59:39 jmc Exp $ -.Dd $Mdocdate: June 24 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.366 2024/07/04 22:53:59 djm Exp $ +.Dd $Mdocdate: July 4 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1134,8 +1134,8 @@ Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm LogVerbose Specify one or more overrides to .Cm LogLevel . -An override consists of a pattern lists that matches the source file, function -and line number to force detailed logging for. +An override consists of one or more pattern lists that matches the +source file, function and line number to force detailed logging for. For example, an override pattern of: .Bd -literal -offset indent kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* diff --git a/usr.sbin/radiusd/radiusd.conf.5 b/usr.sbin/radiusd/radiusd.conf.5 index d4270a97a..1e0f0e7ef 100644 --- a/usr.sbin/radiusd/radiusd.conf.5 +++ b/usr.sbin/radiusd/radiusd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radiusd.conf.5,v 1.24 2024/07/03 06:09:13 yasuoka Exp $ +.\" $OpenBSD: radiusd.conf.5,v 1.27 2024/07/04 13:14:26 sobrado Exp $ .\" .\" Copyright (c) 2014 Esdenera Networks GmbH .\" Copyright (c) 2014, 2023 Internet Initiative Japan Inc. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 3 2024 $ +.Dd $Mdocdate: July 4 2024 $ .Dt RADIUSD.CONF 5 .Os .Sh NAME @@ -35,7 +35,7 @@ Keywords may be specified multiple times within the configuration file. The configuration options are as follows: .Bl -tag -width Ds .It Xo -.Ic listen on Ar address Oo Ic accounting Oc Ic port Ar port +.Ic listen on Ar address Oo Ic accounting Oc Oo Ic port Ar port Oc .Xc Specify an .Ar address @@ -113,8 +113,12 @@ and .Ar value must be quoted to be distinguished from the reserved word if needed. .El -.It Ic authenticate Ar username-pattern ... Ic by Ar auth Oo Ic decorated-by \ -Ar deco ... Oc +.It Xo +.Ic authenticate +.Ar username-pattern ... +.Ic by Ar auth +.Op Ic decorate-by Ar deco ... +.Xc Specify an authentication configuration for the users specified by .Ar username-pattern . The users matched by the pattern are authenticated by the module @@ -133,8 +137,13 @@ matches an authenticating user is used. Optionally decoration modules can be specified by .Ar deco . The specified modules decorate the RADIUS messages in the configured order. -.It Ic account Oo Ic quick Oc Ar username-pattern ... Ic to Ar module \ -Oo Ic decoratd by Ar deco ... Oc +.It Xo +.Ic account +.Op Ic quick +.Ar username-pattern ... +.Ic to Ar module +.Op Ic decorate-by Ar deco ... +.Xc Specify an accounting configuration for the users specified by .Ar username-pattern . The accounting messages for the users matched by the pattern are handled @@ -144,13 +153,11 @@ Use shell globbing rules for the patterns; multiple patterns can be determined by separating them with space characters. When multiple .Ic account -lines are selected, -all account settings whose -.Ar username-pattern -matches an accounting users are used. -until the user matches the setting with the -.Ar quick -option. +configurations are specified, +all matches are used; +if the user matches a pattern with the +.Ic quick +option, then processing stops after that configuration. .Pp Optionally decoration modules can be specified by .Ar deco . diff --git a/usr.sbin/radiusd/radiusd_bsdauth.8 b/usr.sbin/radiusd/radiusd_bsdauth.8 index 219eee0ea..3c37a7030 100644 --- a/usr.sbin/radiusd/radiusd_bsdauth.8 +++ b/usr.sbin/radiusd/radiusd_bsdauth.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radiusd_bsdauth.8,v 1.1 2024/07/02 00:00:12 yasuoka Exp $ +.\" $OpenBSD: radiusd_bsdauth.8,v 1.2 2024/07/04 05:25:14 jmc Exp $ .\" .\" Copyright (c) 2014 Esdenera Networks GmbH .\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc. @@ -17,7 +17,7 @@ .\" .\" The following requests are required for all man pages. .\" -.Dd $Mdocdate: July 2 2024 $ +.Dd $Mdocdate: July 4 2024 $ .Dt RADIUSD_BSDAUTH 8 .Os .Sh NAME @@ -52,8 +52,8 @@ module executable. .El .Sh SEE ALSO .Xr authenticate 3 , -.Xr radiusd 8 , -.Xr radiusd.conf 5 +.Xr radiusd.conf 5 , +.Xr radiusd 8 .Sh HISTORY The .Nm diff --git a/usr.sbin/radiusd/radiusd_standard.8 b/usr.sbin/radiusd/radiusd_standard.8 index d434c7c22..85f440ad5 100644 --- a/usr.sbin/radiusd/radiusd_standard.8 +++ b/usr.sbin/radiusd/radiusd_standard.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radiusd_standard.8,v 1.2 2024/07/02 00:33:51 yasuoka Exp $ +.\" $OpenBSD: radiusd_standard.8,v 1.3 2024/07/04 05:27:20 jmc Exp $ .\" .\" Copyright (c) 2014 Esdenera Networks GmbH .\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc. @@ -17,7 +17,7 @@ .\" .\" The following requests are required for all man pages. .\" -.Dd $Mdocdate: July 2 2024 $ +.Dd $Mdocdate: July 4 2024 $ .Dt RADIUSD_STANDARD 8 .Os .Sh NAME @@ -41,7 +41,7 @@ The .Nm module supports the following configuration key and value: .Pp -.Bl -tag -width Ds +.Bl -tag -width Ds -compact .It Ic strip-atmark-realm Ar true | false Remove the realm part which starts with @ .Pq atmark