diff --git a/distrib/sets/lists/base/md.amd64 b/distrib/sets/lists/base/md.amd64 index 517bb718c..e4a2da2b6 100644 --- a/distrib/sets/lists/base/md.amd64 +++ b/distrib/sets/lists/base/md.amd64 @@ -92,6 +92,7 @@ ./usr/libdata/perl5/amd64-secbsd/CORE/scope.h ./usr/libdata/perl5/amd64-secbsd/CORE/sv.h ./usr/libdata/perl5/amd64-secbsd/CORE/sv_inline.h +./usr/libdata/perl5/amd64-secbsd/CORE/syscall_emulator.h ./usr/libdata/perl5/amd64-secbsd/CORE/thread.h ./usr/libdata/perl5/amd64-secbsd/CORE/time64.h ./usr/libdata/perl5/amd64-secbsd/CORE/time64_config.h @@ -468,4 +469,4 @@ ./usr/share/misc/pcvtfonts/vt220l.808 ./usr/share/misc/pcvtfonts/vt220l.810 ./usr/share/misc/pcvtfonts/vt220l.814 -./usr/share/misc/pcvtfonts/vt220l.816 +./usr/share/misc/pcvtfonts/vt220l.816 \ No newline at end of file diff --git a/distrib/sets/lists/base/md.arm64 b/distrib/sets/lists/base/md.arm64 index 6f031a7c8..88bb6b772 100644 --- a/distrib/sets/lists/base/md.arm64 +++ b/distrib/sets/lists/base/md.arm64 @@ -87,6 +87,7 @@ ./usr/libdata/perl5/aarch64-secbsd/CORE/scope.h ./usr/libdata/perl5/aarch64-secbsd/CORE/sv.h ./usr/libdata/perl5/aarch64-secbsd/CORE/sv_inline.h +./usr/libdata/perl5/aarch64-secbsd/CORE/syscall_emulator.h ./usr/libdata/perl5/aarch64-secbsd/CORE/thread.h ./usr/libdata/perl5/aarch64-secbsd/CORE/time64.h ./usr/libdata/perl5/aarch64-secbsd/CORE/time64_config.h @@ -430,4 +431,4 @@ ./usr/sbin/wsconscfg ./usr/sbin/wsfontload ./usr/sbin/wsmoused -./usr/sbin/zzz +./usr/sbin/zzz \ No newline at end of file diff --git a/distrib/sets/lists/base/md.armv7 b/distrib/sets/lists/base/md.armv7 index 821616dc4..a26d51659 100644 --- a/distrib/sets/lists/base/md.armv7 +++ b/distrib/sets/lists/base/md.armv7 @@ -87,6 +87,7 @@ ./usr/libdata/perl5/arm-secbsd/CORE/scope.h ./usr/libdata/perl5/arm-secbsd/CORE/sv.h ./usr/libdata/perl5/arm-secbsd/CORE/sv_inline.h +./usr/libdata/perl5/arm-secbsd/CORE/syscall_emulator.h ./usr/libdata/perl5/arm-secbsd/CORE/thread.h ./usr/libdata/perl5/arm-secbsd/CORE/time64.h ./usr/libdata/perl5/arm-secbsd/CORE/time64_config.h @@ -425,4 +426,4 @@ ./usr/sbin/pcidump ./usr/sbin/wsconscfg ./usr/sbin/wsfontload -./usr/sbin/wsmoused +./usr/sbin/wsmoused \ No newline at end of file diff --git a/distrib/sets/lists/base/md.i386 b/distrib/sets/lists/base/md.i386 index 9aad44431..fa31cbb36 100644 --- a/distrib/sets/lists/base/md.i386 +++ b/distrib/sets/lists/base/md.i386 @@ -94,6 +94,7 @@ ./usr/libdata/perl5/i386-secbsd/CORE/scope.h ./usr/libdata/perl5/i386-secbsd/CORE/sv.h ./usr/libdata/perl5/i386-secbsd/CORE/sv_inline.h +./usr/libdata/perl5/i386-secbsd/CORE/syscall_emulator.h ./usr/libdata/perl5/i386-secbsd/CORE/thread.h ./usr/libdata/perl5/i386-secbsd/CORE/time64.h ./usr/libdata/perl5/i386-secbsd/CORE/time64_config.h @@ -466,4 +467,4 @@ ./usr/share/misc/pcvtfonts/vt220l.808 ./usr/share/misc/pcvtfonts/vt220l.810 ./usr/share/misc/pcvtfonts/vt220l.814 -./usr/share/misc/pcvtfonts/vt220l.816 +./usr/share/misc/pcvtfonts/vt220l.816 \ No newline at end of file diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 06a3bf7a6..1cf7c8755 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.390 2023/08/28 14:50:01 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.391 2023/09/03 21:37:17 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3159,19 +3159,6 @@ syn_cache_put(struct syn_cache *sc) pool_put(&syn_cache_pool, sc); } -/* - * We don't estimate RTT with SYNs, so each packet starts with the default - * RTT and each timer step has a fixed timeout value. - */ -#define SYN_CACHE_TIMER_ARM(sc) \ -do { \ - TCPT_RANGESET((sc)->sc_rxtcur, \ - TCPTV_SRTTDFLT * tcp_backoff[(sc)->sc_rxtshift], TCPTV_MIN, \ - TCPTV_REXMTMAX); \ - if (timeout_add_msec(&(sc)->sc_timer, (sc)->sc_rxtcur)) \ - refcnt_take(&(sc)->sc_refcnt); \ -} while (/*CONSTCOND*/0) - void syn_cache_init(void) { @@ -3300,11 +3287,17 @@ syn_cache_insert(struct syn_cache *sc, struct tcpcb *tp) } /* - * Initialize the entry's timer. + * Initialize the entry's timer. We don't estimate RTT + * with SYNs, so each packet starts with the default RTT + * and each timer step has a fixed timeout value. */ sc->sc_rxttot = 0; sc->sc_rxtshift = 0; - SYN_CACHE_TIMER_ARM(sc); + TCPT_RANGESET(sc->sc_rxtcur, + TCPTV_SRTTDFLT * tcp_backoff[sc->sc_rxtshift], TCPTV_MIN, + TCPTV_REXMTMAX); + if (timeout_add_msec(&sc->sc_timer, sc->sc_rxtcur)) + refcnt_take(&sc->sc_refcnt); /* Link it from tcpcb entry */ refcnt_take(&sc->sc_refcnt); @@ -3365,15 +3358,12 @@ syn_cache_timer(void *arg) /* Advance the timer back-off. */ sc->sc_rxtshift++; - SYN_CACHE_TIMER_ARM(sc); + TCPT_RANGESET(sc->sc_rxtcur, + TCPTV_SRTTDFLT * tcp_backoff[sc->sc_rxtshift], TCPTV_MIN, + TCPTV_REXMTMAX); + if (!timeout_add_msec(&sc->sc_timer, sc->sc_rxtcur)) + syn_cache_put(sc); - /* - * Decrement reference of this timer. We know there is another timer - * as we just added it. So just deref, free is not necessary. - */ - lastref = refcnt_rele(&sc->sc_refcnt); - KASSERT(lastref == 0); - (void)lastref; NET_UNLOCK(); return; diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 7c43bf38f..1b310e3c6 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.432 2023/07/04 03:59:21 dlg Exp $ */ +/* $OpenBSD: channels.c,v 1.433 2023/09/04 00:01:46 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2848,8 +2848,9 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd) /* * Enqueue data for channels with open or draining c->input. + * Returns non-zero if a packet was enqueued. */ -static void +static int channel_output_poll_input_open(struct ssh *ssh, Channel *c) { size_t len, plen; @@ -2872,7 +2873,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) else chan_ibuf_empty(ssh, c); } - return; + return 0; } if (!c->have_remote_id) @@ -2889,7 +2890,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) */ if (plen > c->remote_window || plen > c->remote_maxpacket) { debug("channel %d: datagram too big", c->self); - return; + return 0; } /* Enqueue it */ if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 || @@ -2898,7 +2899,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) (r = sshpkt_send(ssh)) != 0) fatal_fr(r, "channel %i: send datagram", c->self); c->remote_window -= plen; - return; + return 1; } /* Enqueue packet for buffered data. */ @@ -2907,7 +2908,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) if (len > c->remote_maxpacket) len = c->remote_maxpacket; if (len == 0) - return; + return 0; if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_string(ssh, sshbuf_ptr(c->input), len)) != 0 || @@ -2916,19 +2917,21 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) if ((r = sshbuf_consume(c->input, len)) != 0) fatal_fr(r, "channel %i: consume", c->self); c->remote_window -= len; + return 1; } /* * Enqueue data for channels with open c->extended in read mode. + * Returns non-zero if a packet was enqueued. */ -static void +static int channel_output_poll_extended_read(struct ssh *ssh, Channel *c) { size_t len; int r; if ((len = sshbuf_len(c->extended)) == 0) - return; + return 0; debug2("channel %d: rwin %u elen %zu euse %d", c->self, c->remote_window, sshbuf_len(c->extended), c->extended_usage); @@ -2937,7 +2940,7 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c) if (len > c->remote_maxpacket) len = c->remote_maxpacket; if (len == 0) - return; + return 0; if (!c->have_remote_id) fatal_f("channel %d: no remote id", c->self); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA)) != 0 || @@ -2950,15 +2953,20 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c) fatal_fr(r, "channel %i: consume", c->self); c->remote_window -= len; debug2("channel %d: sent ext data %zu", c->self, len); + return 1; } -/* If there is data to send to the connection, enqueue some of it now. */ -void +/* + * If there is data to send to the connection, enqueue some of it now. + * Returns non-zero if data was enqueued. + */ +int channel_output_poll(struct ssh *ssh) { struct ssh_channels *sc = ssh->chanctxt; Channel *c; u_int i; + int ret = 0; for (i = 0; i < sc->channels_alloc; i++) { c = sc->channels[i]; @@ -2981,12 +2989,13 @@ channel_output_poll(struct ssh *ssh) /* Get the amount of buffered data for this channel. */ if (c->istate == CHAN_INPUT_OPEN || c->istate == CHAN_INPUT_WAIT_DRAIN) - channel_output_poll_input_open(ssh, c); + ret |= channel_output_poll_input_open(ssh, c); /* Send extended data, i.e. stderr */ if (!(c->flags & CHAN_EOF_SENT) && c->extended_usage == CHAN_EXTENDED_READ) - channel_output_poll_extended_read(ssh, c); + ret |= channel_output_poll_extended_read(ssh, c); } + return ret; } /* -- mux proxy support */ diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index 36820d3ae..7cfba92a8 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.151 2023/07/04 03:59:21 dlg Exp $ */ +/* $OpenBSD: channels.h,v 1.152 2023/09/04 00:01:46 djm Exp $ */ /* * Author: Tatu Ylonen @@ -332,7 +332,7 @@ struct timespec; void channel_prepare_poll(struct ssh *, struct pollfd **, u_int *, u_int *, u_int, struct timespec *); void channel_after_poll(struct ssh *, struct pollfd *, u_int); -void channel_output_poll(struct ssh *); +int channel_output_poll(struct ssh *); int channel_not_very_much_buffered_data(struct ssh *); void channel_close_all(struct ssh *); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 035643f9e..b46191758 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.394 2023/08/28 04:06:52 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.396 2023/09/04 00:08:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -524,7 +524,8 @@ send_chaff(struct ssh *ssh) * output fd should be polled. */ static int -obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout) +obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout, + int channel_did_enqueue) { static int active; static struct timespec next_interval, chaff_until; @@ -549,7 +550,8 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout) ssh_packet_have_data_to_write(ssh)) { /* Stop if the output buffer has more than a few keystrokes */ stop_reason = "output buffer filling"; - } else if (active && ssh_packet_have_data_to_write(ssh)) { + } else if (active && channel_did_enqueue && + ssh_packet_have_data_to_write(ssh)) { /* Still in active mode and have a keystroke queued. */ had_keystroke = 1; } else if (active) { @@ -564,9 +566,11 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout) } if (stop_reason != NULL) { - active = 0; - debug3_f("stopping: %s (%llu chaff packets sent)", - stop_reason, nchaff); + if (active) { + debug3_f("stopping: %s (%llu chaff packets sent)", + stop_reason, nchaff); + active = 0; + } return 1; } @@ -576,7 +580,8 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout) * interactively. In this case, start quantising outbound packets to * fixed time intervals to hide inter-keystroke timing. */ - if (!active && ssh_packet_interactive_data_to_write(ssh)) { + if (!active && ssh_packet_interactive_data_to_write(ssh) && + channel_did_enqueue && ssh_packet_have_data_to_write(ssh)) { debug3_f("starting: interval %d", options.obscure_keystroke_timing_interval); just_started = had_keystroke = active = 1; @@ -626,7 +631,7 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout) */ static void client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp, - u_int *npfd_allocp, u_int *npfd_activep, int rekeying, + u_int *npfd_allocp, u_int *npfd_activep, int channel_did_enqueue, int *conn_in_readyp, int *conn_out_readyp) { struct timespec timeout; @@ -650,7 +655,7 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp, return; } - oready = obfuscate_keystroke_timing(ssh, &timeout); + oready = obfuscate_keystroke_timing(ssh, &timeout, channel_did_enqueue); /* Monitor server connection on reserved pollfd entries */ (*pfdp)[0].fd = connection_in; @@ -669,7 +674,7 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp, ptimeout_deadline_monotime(&timeout, control_persist_exit_time); if (options.server_alive_interval > 0) ptimeout_deadline_monotime(&timeout, server_alive_time); - if (options.rekey_interval > 0 && !rekeying) { + if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) { ptimeout_deadline_sec(&timeout, ssh_packet_get_rekey_timeout(ssh)); } @@ -1391,7 +1396,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, struct pollfd *pfd = NULL; u_int npfd_alloc = 0, npfd_active = 0; double start_time, total_time; - int r, len; + int channel_did_enqueue = 0, r, len; u_int64_t ibytes, obytes; int conn_in_ready, conn_out_ready; @@ -1481,6 +1486,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* Main loop of the client for the interactive session mode. */ while (!quit_pending) { + channel_did_enqueue = 0; /* Process buffered packets sent by the server. */ client_process_buffered_input_packets(ssh); @@ -1502,7 +1508,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * enqueue them for sending to the server. */ if (ssh_packet_not_very_much_data_to_write(ssh)) - channel_output_poll(ssh); + channel_did_enqueue = channel_output_poll(ssh); /* * Check if the window size has changed, and buffer a @@ -1518,7 +1524,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * available on one of the descriptors). */ client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc, - &npfd_active, ssh_packet_is_rekeying(ssh), + &npfd_active, channel_did_enqueue, &conn_in_ready, &conn_out_ready); if (quit_pending) diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 5933b0a15..f21587240 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.593 2023/07/26 23:06:00 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.594 2023/09/03 23:59:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2119,7 +2119,7 @@ ssh_session2_open(struct ssh *ssh) static int ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo) { - int r, id = -1; + int r, interactive, id = -1; char *cp, *tun_fwd_ifname = NULL; /* XXX should be pre-session */ @@ -2176,8 +2176,11 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo) if (options.session_type != SESSION_TYPE_NONE) id = ssh_session2_open(ssh); else { - ssh_packet_set_interactive(ssh, - options.control_master == SSHCTL_MASTER_NO, + interactive = options.control_master == SSHCTL_MASTER_NO; + /* ControlPersist may have clobbered ControlMaster, so check */ + if (need_controlpersist_detach) + interactive = otty_flag != 0; + ssh_packet_set_interactive(ssh, interactive, options.ip_qos_interactive, options.ip_qos_bulk); } diff --git a/usr.sbin/dhcpd/dhcpd.8 b/usr.sbin/dhcpd/dhcpd.8 index 3725399e6..858535043 100644 --- a/usr.sbin/dhcpd/dhcpd.8 +++ b/usr.sbin/dhcpd/dhcpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dhcpd.8,v 1.31 2023/03/02 17:09:54 jmc Exp $ +.\" $OpenBSD: dhcpd.8,v 1.32 2023/09/03 20:19:13 stsp Exp $ .\" .\" Copyright (c) 1995, 1996 The Internet Software Consortium. .\" All rights reserved. @@ -36,7 +36,7 @@ .\" see ``http://www.isc.org/''. To learn more about Vixie .\" Enterprises, see ``http://www.vix.com''. .\" -.Dd $Mdocdate: March 2 2023 $ +.Dd $Mdocdate: September 3 2023 $ .Dt DHCPD 8 .Os .Sh NAME @@ -145,17 +145,27 @@ which a newly booted client would not be able to grasp. The names of the network interfaces on which .Nm should listen for broadcasts may be specified on the command line. -This should be done on systems where +Listing interfaces on the command line is usually optional but is required +for running .Nm -is unable to identify non-broadcast interfaces, -but should not be required on other systems. +in an +.Xr rdomain 4 +other than 0, or on systems where +.Nm +is unable to identify non-broadcast interfaces. +All specified interfaces must share the same routing domain and +.Nm +will set its own routing domain accordingly. +.Pp If no interface names are specified on the command line, -and the -.Fl u -option is not given, .Nm -will identify all network interfaces which are up, eliminating non-broadcast -interfaces if possible, and listen for DHCP broadcasts on each interface. +will run in routing domain 0, and if the +.Fl u +option is not given +.Nm +will identify all network interfaces in all routing domains, +eliminating non-broadcast interfaces if possible, +and listen for DHCP broadcasts on each interface. .Pp The options are as follows: .Bl -tag -width Ds @@ -464,6 +474,7 @@ DHCPD lease file. .El .Sh SEE ALSO .Xr pf 4 , +.Xr rdomain 4 , .Xr dhcpd.conf 5 , .Xr dhcpd.leases 5 , .Xr dhclient 8 , diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index fec44e82a..c7e8e891f 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inetd.c,v 1.164 2023/04/19 12:58:16 jsg Exp $ */ +/* $OpenBSD: inetd.c,v 1.165 2023/09/03 22:01:00 bluhm Exp $ */ /* * Copyright (c) 1983,1991 The Regents of the University of California. @@ -444,7 +444,7 @@ dg_badinput(struct sockaddr *sa) if (IN_MULTICAST(in.s_addr)) goto bad; switch ((in.s_addr & 0xff000000) >> 24) { - case 0: case 127: case 255: + case 0: case 255: goto bad; } if (dg_broadcast(&in))