sync code with last improvements from OpenBSD

distrib/sets/lists/base/md.amd64

@@ -92,6 +92,7 @@
 ./usr/libdata/perl5/amd64-secbsd/CORE/scope.h
 ./usr/libdata/perl5/amd64-secbsd/CORE/sv.h
 ./usr/libdata/perl5/amd64-secbsd/CORE/sv_inline.h
+./usr/libdata/perl5/amd64-secbsd/CORE/syscall_emulator.h
 ./usr/libdata/perl5/amd64-secbsd/CORE/thread.h
 ./usr/libdata/perl5/amd64-secbsd/CORE/time64.h
 ./usr/libdata/perl5/amd64-secbsd/CORE/time64_config.h

distrib/sets/lists/base/md.arm64

@@ -87,6 +87,7 @@
 ./usr/libdata/perl5/aarch64-secbsd/CORE/scope.h
 ./usr/libdata/perl5/aarch64-secbsd/CORE/sv.h
 ./usr/libdata/perl5/aarch64-secbsd/CORE/sv_inline.h
+./usr/libdata/perl5/aarch64-secbsd/CORE/syscall_emulator.h
 ./usr/libdata/perl5/aarch64-secbsd/CORE/thread.h
 ./usr/libdata/perl5/aarch64-secbsd/CORE/time64.h
 ./usr/libdata/perl5/aarch64-secbsd/CORE/time64_config.h

distrib/sets/lists/base/md.armv7

@@ -87,6 +87,7 @@
 ./usr/libdata/perl5/arm-secbsd/CORE/scope.h
 ./usr/libdata/perl5/arm-secbsd/CORE/sv.h
 ./usr/libdata/perl5/arm-secbsd/CORE/sv_inline.h
+./usr/libdata/perl5/arm-secbsd/CORE/syscall_emulator.h
 ./usr/libdata/perl5/arm-secbsd/CORE/thread.h
 ./usr/libdata/perl5/arm-secbsd/CORE/time64.h
 ./usr/libdata/perl5/arm-secbsd/CORE/time64_config.h

distrib/sets/lists/base/md.i386

@@ -94,6 +94,7 @@
 ./usr/libdata/perl5/i386-secbsd/CORE/scope.h
 ./usr/libdata/perl5/i386-secbsd/CORE/sv.h
 ./usr/libdata/perl5/i386-secbsd/CORE/sv_inline.h
+./usr/libdata/perl5/i386-secbsd/CORE/syscall_emulator.h
 ./usr/libdata/perl5/i386-secbsd/CORE/thread.h
 ./usr/libdata/perl5/i386-secbsd/CORE/time64.h
 ./usr/libdata/perl5/i386-secbsd/CORE/time64_config.h

sys/netinet/tcp_input.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_input.c,v 1.390 2023/08/28 14:50:01 bluhm Exp $	*/
+/*	$OpenBSD: tcp_input.c,v 1.391 2023/09/03 21:37:17 bluhm Exp $	*/
 /*	$NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $	*/
 
 /*
@@ -3159,19 +3159,6 @@ syn_cache_put(struct syn_cache *sc)
 	pool_put(&syn_cache_pool, sc);
 }
 
-/*
- * We don't estimate RTT with SYNs, so each packet starts with the default
- * RTT and each timer step has a fixed timeout value.
- */
-#define	SYN_CACHE_TIMER_ARM(sc)						\
-do {									\
-	TCPT_RANGESET((sc)->sc_rxtcur,					\
-	    TCPTV_SRTTDFLT * tcp_backoff[(sc)->sc_rxtshift], TCPTV_MIN,	\
-	    TCPTV_REXMTMAX);						\
-	if (timeout_add_msec(&(sc)->sc_timer, (sc)->sc_rxtcur))		\
-		refcnt_take(&(sc)->sc_refcnt);				\
-} while (/*CONSTCOND*/0)
-
 void
 syn_cache_init(void)
 {
@@ -3300,11 +3287,17 @@ syn_cache_insert(struct syn_cache *sc, struct tcpcb *tp)
 	}
 
 	/*
-	 * Initialize the entry's timer.
+	 * Initialize the entry's timer.  We don't estimate RTT
+	 * with SYNs, so each packet starts with the default RTT
+	 * and each timer step has a fixed timeout value.
 	 */
 	sc->sc_rxttot = 0;
 	sc->sc_rxtshift = 0;
-	SYN_CACHE_TIMER_ARM(sc);
+	TCPT_RANGESET(sc->sc_rxtcur,
+	    TCPTV_SRTTDFLT * tcp_backoff[sc->sc_rxtshift], TCPTV_MIN,
+	    TCPTV_REXMTMAX);
+	if (timeout_add_msec(&sc->sc_timer, sc->sc_rxtcur))
+		refcnt_take(&sc->sc_refcnt);
 
 	/* Link it from tcpcb entry */
 	refcnt_take(&sc->sc_refcnt);
@@ -3365,15 +3358,12 @@ syn_cache_timer(void *arg)
 
 	/* Advance the timer back-off. */
 	sc->sc_rxtshift++;
-	SYN_CACHE_TIMER_ARM(sc);
+	TCPT_RANGESET(sc->sc_rxtcur,
+	    TCPTV_SRTTDFLT * tcp_backoff[sc->sc_rxtshift], TCPTV_MIN,
+	    TCPTV_REXMTMAX);
+	if (!timeout_add_msec(&sc->sc_timer, sc->sc_rxtcur))
+		syn_cache_put(sc);
 
-	/*
-	 * Decrement reference of this timer.  We know there is another timer
-	 * as we just added it.  So just deref, free is not necessary.
-	 */
-	lastref = refcnt_rele(&sc->sc_refcnt);
-	KASSERT(lastref == 0);
-	(void)lastref;
 	NET_UNLOCK();
 	return;
 

usr.bin/ssh/channels.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.432 2023/07/04 03:59:21 dlg Exp $ */
+/* $OpenBSD: channels.c,v 1.433 2023/09/04 00:01:46 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2848,8 +2848,9 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd)
 
 /*
  * Enqueue data for channels with open or draining c->input.
+ * Returns non-zero if a packet was enqueued.
  */
-static void
+static int
 channel_output_poll_input_open(struct ssh *ssh, Channel *c)
 {
 	size_t len, plen;
@@ -2872,7 +2873,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
 			else
 				chan_ibuf_empty(ssh, c);
 		}
-		return;
+		return 0;
 	}
 
 	if (!c->have_remote_id)
@@ -2889,7 +2890,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
 		 */
 		if (plen > c->remote_window || plen > c->remote_maxpacket) {
 			debug("channel %d: datagram too big", c->self);
-			return;
+			return 0;
 		}
 		/* Enqueue it */
 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 ||
@@ -2898,7 +2899,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
 		    (r = sshpkt_send(ssh)) != 0)
 			fatal_fr(r, "channel %i: send datagram", c->self);
 		c->remote_window -= plen;
-		return;
+		return 1;
 	}
 
 	/* Enqueue packet for buffered data. */
@@ -2907,7 +2908,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
 	if (len > c->remote_maxpacket)
 		len = c->remote_maxpacket;
 	if (len == 0)
-		return;
+		return 0;
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_string(ssh, sshbuf_ptr(c->input), len)) != 0 ||
@@ -2916,19 +2917,21 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
 	if ((r = sshbuf_consume(c->input, len)) != 0)
 		fatal_fr(r, "channel %i: consume", c->self);
 	c->remote_window -= len;
+	return 1;
 }
 
 /*
  * Enqueue data for channels with open c->extended in read mode.
+ * Returns non-zero if a packet was enqueued.
  */
-static void
+static int
 channel_output_poll_extended_read(struct ssh *ssh, Channel *c)
 {
 	size_t len;
 	int r;
 
 	if ((len = sshbuf_len(c->extended)) == 0)
-		return;
+		return 0;
 
 	debug2("channel %d: rwin %u elen %zu euse %d", c->self,
 	    c->remote_window, sshbuf_len(c->extended), c->extended_usage);
@@ -2937,7 +2940,7 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c)
 	if (len > c->remote_maxpacket)
 		len = c->remote_maxpacket;
 	if (len == 0)
-		return;
+		return 0;
 	if (!c->have_remote_id)
 		fatal_f("channel %d: no remote id", c->self);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA)) != 0 ||
@@ -2950,15 +2953,20 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c)
 		fatal_fr(r, "channel %i: consume", c->self);
 	c->remote_window -= len;
 	debug2("channel %d: sent ext data %zu", c->self, len);
+	return 1;
 }
 
-/* If there is data to send to the connection, enqueue some of it now. */
-void
+/*
+ * If there is data to send to the connection, enqueue some of it now.
+ * Returns non-zero if data was enqueued.
+ */
+int
 channel_output_poll(struct ssh *ssh)
 {
 	struct ssh_channels *sc = ssh->chanctxt;
 	Channel *c;
 	u_int i;
+	int ret = 0;
 
 	for (i = 0; i < sc->channels_alloc; i++) {
 		c = sc->channels[i];
@@ -2981,12 +2989,13 @@ channel_output_poll(struct ssh *ssh)
 		/* Get the amount of buffered data for this channel. */
 		if (c->istate == CHAN_INPUT_OPEN ||
 		    c->istate == CHAN_INPUT_WAIT_DRAIN)
-			channel_output_poll_input_open(ssh, c);
+			ret |= channel_output_poll_input_open(ssh, c);
 		/* Send extended data, i.e. stderr */
 		if (!(c->flags & CHAN_EOF_SENT) &&
 		    c->extended_usage == CHAN_EXTENDED_READ)
-			channel_output_poll_extended_read(ssh, c);
+			ret |= channel_output_poll_extended_read(ssh, c);
 	}
+	return ret;
 }
 
 /* -- mux proxy support  */

usr.bin/ssh/channels.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.151 2023/07/04 03:59:21 dlg Exp $ */
+/* $OpenBSD: channels.h,v 1.152 2023/09/04 00:01:46 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -332,7 +332,7 @@ struct timespec;
 void	 channel_prepare_poll(struct ssh *, struct pollfd **,
 	    u_int *, u_int *, u_int, struct timespec *);
 void	 channel_after_poll(struct ssh *, struct pollfd *, u_int);
-void     channel_output_poll(struct ssh *);
+int	 channel_output_poll(struct ssh *);
 
 int      channel_not_very_much_buffered_data(struct ssh *);
 void     channel_close_all(struct ssh *);

usr.bin/ssh/clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.394 2023/08/28 04:06:52 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.396 2023/09/04 00:08:14 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -524,7 +524,8 @@ send_chaff(struct ssh *ssh)
  * output fd should be polled.
  */
 static int
-obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout)
+obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
+    int channel_did_enqueue)
 {
 	static int active;
 	static struct timespec next_interval, chaff_until;
@@ -549,7 +550,8 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout)
 	    ssh_packet_have_data_to_write(ssh)) {
 		/* Stop if the output buffer has more than a few keystrokes */
 		stop_reason = "output buffer filling";
-	} else if (active && ssh_packet_have_data_to_write(ssh)) {
+	} else if (active && channel_did_enqueue &&
+	    ssh_packet_have_data_to_write(ssh)) {
 		/* Still in active mode and have a keystroke queued. */
 		had_keystroke = 1;
 	} else if (active) {
@@ -564,9 +566,11 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout)
 	}
 
 	if (stop_reason != NULL) {
-		active = 0;
-		debug3_f("stopping: %s (%llu chaff packets sent)",
-		    stop_reason, nchaff);
+		if (active) {
+			debug3_f("stopping: %s (%llu chaff packets sent)",
+			    stop_reason, nchaff);
+			active = 0;
+		}
 		return 1;
 	}
 
@@ -576,7 +580,8 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout)
 	 * interactively. In this case, start quantising outbound packets to
 	 * fixed time intervals to hide inter-keystroke timing.
 	 */
-	if (!active && ssh_packet_interactive_data_to_write(ssh)) {
+	if (!active && ssh_packet_interactive_data_to_write(ssh) &&
+	    channel_did_enqueue && ssh_packet_have_data_to_write(ssh)) {
 		debug3_f("starting: interval %d",
 		    options.obscure_keystroke_timing_interval);
 		just_started = had_keystroke = active = 1;
@@ -626,7 +631,7 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout)
  */
 static void
 client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp,
-    u_int *npfd_allocp, u_int *npfd_activep, int rekeying,
+    u_int *npfd_allocp, u_int *npfd_activep, int channel_did_enqueue,
     int *conn_in_readyp, int *conn_out_readyp)
 {
 	struct timespec timeout;
@@ -650,7 +655,7 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp,
 		return;
 	}
 
-	oready = obfuscate_keystroke_timing(ssh, &timeout);
+	oready = obfuscate_keystroke_timing(ssh, &timeout, channel_did_enqueue);
 
 	/* Monitor server connection on reserved pollfd entries */
 	(*pfdp)[0].fd = connection_in;
@@ -669,7 +674,7 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp,
 		ptimeout_deadline_monotime(&timeout, control_persist_exit_time);
 	if (options.server_alive_interval > 0)
 		ptimeout_deadline_monotime(&timeout, server_alive_time);
-	if (options.rekey_interval > 0 && !rekeying) {
+	if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) {
 		ptimeout_deadline_sec(&timeout,
 		    ssh_packet_get_rekey_timeout(ssh));
 	}
@@ -1391,7 +1396,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
 	struct pollfd *pfd = NULL;
 	u_int npfd_alloc = 0, npfd_active = 0;
 	double start_time, total_time;
-	int r, len;
+	int channel_did_enqueue = 0, r, len;
 	u_int64_t ibytes, obytes;
 	int conn_in_ready, conn_out_ready;
 
@@ -1481,6 +1486,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
 
 	/* Main loop of the client for the interactive session mode. */
 	while (!quit_pending) {
+		channel_did_enqueue = 0;
 
 		/* Process buffered packets sent by the server. */
 		client_process_buffered_input_packets(ssh);
@@ -1502,7 +1508,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
 			 * enqueue them for sending to the server.
 			 */
 			if (ssh_packet_not_very_much_data_to_write(ssh))
-				channel_output_poll(ssh);
+				channel_did_enqueue = channel_output_poll(ssh);
 
 			/*
 			 * Check if the window size has changed, and buffer a
@@ -1518,7 +1524,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
 		 * available on one of the descriptors).
 		 */
 		client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc,
-		    &npfd_active, ssh_packet_is_rekeying(ssh),
+		    &npfd_active, channel_did_enqueue,
 		    &conn_in_ready, &conn_out_ready);
 
 		if (quit_pending)

usr.bin/ssh/ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.593 2023/07/26 23:06:00 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.594 2023/09/03 23:59:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2119,7 +2119,7 @@ ssh_session2_open(struct ssh *ssh)
 static int
 ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
 {
-	int r, id = -1;
+	int r, interactive, id = -1;
 	char *cp, *tun_fwd_ifname = NULL;
 
 	/* XXX should be pre-session */
@@ -2176,8 +2176,11 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
 	if (options.session_type != SESSION_TYPE_NONE)
 		id = ssh_session2_open(ssh);
 	else {
-		ssh_packet_set_interactive(ssh,
-		    options.control_master == SSHCTL_MASTER_NO,
+		interactive = options.control_master == SSHCTL_MASTER_NO;
+		/* ControlPersist may have clobbered ControlMaster, so check */
+		if (need_controlpersist_detach)
+			interactive = otty_flag != 0;
+		ssh_packet_set_interactive(ssh, interactive,
 		    options.ip_qos_interactive, options.ip_qos_bulk);
 	}
 

usr.sbin/dhcpd/dhcpd.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dhcpd.8,v 1.31 2023/03/02 17:09:54 jmc Exp $
+.\"	$OpenBSD: dhcpd.8,v 1.32 2023/09/03 20:19:13 stsp Exp $
 .\"
 .\" Copyright (c) 1995, 1996 The Internet Software Consortium.
 .\" All rights reserved.
@@ -36,7 +36,7 @@
 .\" see ``http://www.isc.org/''.  To learn more about Vixie
 .\" Enterprises, see ``http://www.vix.com''.
 .\"
-.Dd $Mdocdate: March 2 2023 $
+.Dd $Mdocdate: September 3 2023 $
 .Dt DHCPD 8
 .Os
 .Sh NAME
@@ -145,17 +145,27 @@ which a newly booted client would not be able to grasp.
 The names of the network interfaces on which
 .Nm
 should listen for broadcasts may be specified on the command line.
-This should be done on systems where
+Listing interfaces on the command line is usually optional but is required
+for running
 .Nm
-is unable to identify non-broadcast interfaces,
-but should not be required on other systems.
+in an
+.Xr rdomain 4
+other than 0, or on systems where
+.Nm
+is unable to identify non-broadcast interfaces.
+All specified interfaces must share the same routing domain and
+.Nm
+will set its own routing domain accordingly.
+.Pp
 If no interface names are specified on the command line,
-and the
-.Fl u
-option is not given,
 .Nm
-will identify all network interfaces which are up, eliminating non-broadcast
-interfaces if possible, and listen for DHCP broadcasts on each interface.
+will run in routing domain 0, and if the
+.Fl u
+option is not given
+.Nm
+will identify all network interfaces in all routing domains,
+eliminating non-broadcast interfaces if possible,
+and listen for DHCP broadcasts on each interface.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
@@ -464,6 +474,7 @@ DHCPD lease file.
 .El
 .Sh SEE ALSO
 .Xr pf 4 ,
+.Xr rdomain 4 ,
 .Xr dhcpd.conf 5 ,
 .Xr dhcpd.leases 5 ,
 .Xr dhclient 8 ,

usr.sbin/inetd/inetd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: inetd.c,v 1.164 2023/04/19 12:58:16 jsg Exp $	*/
+/*	$OpenBSD: inetd.c,v 1.165 2023/09/03 22:01:00 bluhm Exp $	*/
 
 /*
  * Copyright (c) 1983,1991 The Regents of the University of California.
@@ -444,7 +444,7 @@ dg_badinput(struct sockaddr *sa)
 		if (IN_MULTICAST(in.s_addr))
 			goto bad;
 		switch ((in.s_addr & 0xff000000) >> 24) {
-		case 0: case 127: case 255:
+		case 0: case 255:
 			goto bad;
 		}
 		if (dg_broadcast(&in))