[odc] Daily src changes for 2008-05-07
ODC
auto at squish.net
Thu May 8 07:00:01 BST 2008
OpenBSD src changes summary for 2008-05-07
==========================================
distrib/sets etc/rc
etc/rc.conf etc/services
lib/libc lib/libssl
libexec/spamd regress/sbin
sbin sbin/ifconfig
sbin/pfctl sbin/ping
sbin/route sbin/routed
share/man sys/arch/i386/conf
sys/arch/i386/i386 sys/arch/i386/include
sys/arch/i386/isa sys/dev/pci
sys/kern sys/net
sys/netinet sys/netinet6
sys/netmpls sys/sys
sys/xfs usr.bin/cdio
usr.bin/ssh usr.sbin/dhcpd
usr.sbin/ospfd usr.sbin/pppd
usr.sbin/relayd usr.sbin/route6d
== distrib =========================================================== 01/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/distrib
sets
~ lists/base/md.alpha ~ lists/base/md.amd64
~ lists/base/md.armish ~ lists/base/md.aviion
~ lists/base/md.hp300 ~ lists/base/md.hppa
~ lists/base/md.hppa64 ~ lists/base/md.i386
~ lists/base/md.landisk ~ lists/base/md.luna88k
~ lists/base/md.mac68k ~ lists/base/md.macppc
~ lists/base/md.mvme68k ~ lists/base/md.mvme88k
~ lists/base/md.mvmeppc ~ lists/base/md.sgi
~ lists/base/md.sparc ~ lists/base/md.sparc64
~ lists/base/md.vax ~ lists/base/md.zaurus
~ lists/comp/mi ~ lists/man/mi
> sync (deraadt@)
~ lists/base/mi ~ lists/man/mi
> sync (deraadt@)
~ lists/base/mi ~ lists/man/mi
> sync (deraadt@)
~ lists/comp/mi ~ lists/man/mi
> sync (deraadt@)
== etc =============================================================== 02/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/etc
rc
~ rc
> routed is no longer, use ripd instead. (claudio@)
rc.conf
~ rc.conf
> routed is no longer, use ripd instead. (claudio@)
services
~ services
> Add synchronisation support for dhcpd - this allows for two dhcpd's
> with the same configuration to be run on the same net and they will
> keep their lease files/state in synch, and therefore allowing you to
> run redundant dhcpd's. Synchronization code stolen from spamd, uses
> an hmac key in /var/db/dhcpd.key if it exists.
> ok krw@ deraadt@ (beck@)
== lib =============================================================== 03/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/lib
libc
~ gen/syslog.3
> routed is no more so use dhcpd in these examples instead. OK norby@
> (claudio@)
libssl
~ man/Makefile
> remove duplicates; remove des_random_key; remove unused; sort MLINKS; ok
> jmc@ (markus@)
== libexec =========================================================== 04/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec
spamd
~ sync.c
> check if the received buffer of a sync element is even big enough to
> hold the header with length field.
> ok deraadt@ beck@ (reyk@)
== regress =========================================================== 05/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/regress
sbin
~ pfctl/pf15.in ~ pfctl/pf15.ok
> allow setting TOS with scrub; ok mcbride, claudio (markus@)
~ pfctl/pf15.in ~ pfctl/pf15.ok
> scrub packets based on tags; ok henning (markus@)
== sbin ============================================================== 06/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin
sbin
~ Makefile
> unlink routed. unbreaks the tree (it is obvious claudio has it removed in
> his tree already) (henning@)
ifconfig
~ ifconfig.8
> Document the new mpe interface and explain the appropriate commands
> in ifconfig(8). The man pages reference mpls(8) which doesn't exist,
> but claudio promises it will follow shortly.
> a thumb up and ok from claudio@ (pyr@)
~ ifconfig.8
> put the mpe bits in the right place; (jmc@)
~ ifconfig.8
> Remove references to routed. (claudio@)
pfctl
~ parse.y ~ pfctl_optimize.c
~ pfctl_parser.c
> allow setting TOS with scrub; ok mcbride, claudio (markus@)
~ parse.y
> scrub packets based on tags; ok henning (markus@)
~ parse.y
> do not assume PF_INOUT is 0 in the enum; ok mcbride (deraadt@)
ping
~ ping.8
> Remove references to routed. (claudio@)
route
~ keywords.h ~ keywords.sh
~ route.c ~ show.c
> Add support to show and modify rtm_priority. (claudio@)
~ route.8
> Document -priority. looks good norby@ (claudio@)
routed
- Makefile - defs.h
- if.c - input.c
- main.c - output.c
- parms.c - pathnames.h
- radix.c - rdisc.c
- routed.8 - table.c
- trace.c - rtquery/Makefile
- rtquery/rtquery.8 - rtquery/rtquery.c
> RIP routed.
> You were a nice thing in the 4.2BSD times but now it is time for you to go.
> Superseded by the shiny privseped ripd that does not have the evil habit to
> use kernel internals in userland.
> OK everybody in the onsen 'cause it unbreaks the tree (claudio@)
== share ============================================================= 07/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/share
man
~ man4/Makefile
> Rather than fixing ises(4), nuke it.
> ok deraadt@ (krw@)
+ man4/mpe.4
> Document the new mpe interface and explain the appropriate commands
> in ifconfig(8). The man pages reference mpls(8) which doesn't exist,
> but claudio promises it will follow shortly.
> a thumb up and ok from claudio@ (pyr@)
- man4/ises.4
> Rather than fixing ises(4), nuke it.
> ok deraadt@ (krw@)
~ man4/crypto.4 ~ man4/pci.4
> no Xr ises (deraadt@)
~ man5/pf.conf.5
> allow setting TOS with scrub; ok mcbride, claudio (markus@)
~ man4/mpe.4
> tweak previous; (jmc@)
~ man5/pf.conf.5
> scrub allows tagged, too (markus@)
~ man4/netintro.4 ~ man4/route.4
> More .Xr routed removes. Add the other routing daemons to netintro instead.
> (claudio@)
~ man8/rc.conf.8
> routed is no more so use dhcpd in these examples instead. OK norby@
> (claudio@)
== sys =============================================================== 08/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sys
arch/i386/conf
~ GENERIC
> Rather than fixing ises(4), nuke it.
> ok deraadt@ (krw@)
~ files.i386
> Move i386 to __HAVE_GENERIC_SOFT_INTERRUPTS
> ok dlg@, tested by dlg@, oga@, jsg@, deraadt@ (kettenis@)
arch/i386/i386
~ apicvec.s ~ machdep.c
+ softintr.c
> Move i386 to __HAVE_GENERIC_SOFT_INTERRUPTS
> ok dlg@, tested by dlg@, oga@, jsg@, deraadt@ (kettenis@)
arch/i386/include
~ _types.h ~ intr.h
> Move i386 to __HAVE_GENERIC_SOFT_INTERRUPTS
> ok dlg@, tested by dlg@, oga@, jsg@, deraadt@ (kettenis@)
arch/i386/isa
~ icu.s
> Move i386 to __HAVE_GENERIC_SOFT_INTERRUPTS
> ok dlg@, tested by dlg@, oga@, jsg@, deraadt@ (kettenis@)
dev/pci
~ files.pci
> Rather than fixing ises(4), nuke it.
> ok deraadt@ (krw@)
- ises.c - isesreg.h
> Rather than fixing ises(4), nuke it.
> ok deraadt@ (krw@)
- isesvar.h
> Rather than fixing ises(4), nuke it.
> ok deraadt@ (krw@)
kern
~ vfs_subr.c
> Implement routing priorities. Every route inserted has a priority assigned
> and the one route with the lowest number wins. This will be used by the
> routing daemons to resolve the synchronisations issue in case of conflicts.
> The nasty bits of this are in the multipath code. If no priority is
> specified
> the kernel will choose an appropriate priority.
> Looked at by a few people at n2k8 code is much older (claudio@)
~ tty_pty.c
> check TIOCSIG for 0 and do not send that to psignal() and pgsignal()
> ok fgsch (deraadt@)
~ vfs_conf.c ~ vfs_subr.c
> remove the vfc_mountroot member from vfsconf and
> do appropriate cleanup;
> OK deraadt@ (thib@)
net
~ if_faith.c
> There is no reason to have a faithrtrequest() function that sets the MTU to
> route MTU to the interface MTU. By default if no route MTU is set it will
> fall back to the interface MTU anyway. OK henning@ (claudio@)
~ radix_mpath.c ~ route.c
> Redo rev 1.8 but this time with an additional fix to solve the dhclient
> crashes
> seen by krw. This is a prerequisite for upcomming routing priorities:
> Always compare the nexthop if one is specified even if it is a
> non-multipath
> route. This mostly affects "route delete" and it will not remove the last
> route if previous delete is redone. OK henning@ (claudio@)
~ pf_table.c ~ radix.c
~ radix.h ~ radix_mpath.c
~ radix_mpath.h ~ route.c
~ route.h ~ rtsock.c
> Implement routing priorities. Every route inserted has a priority assigned
> and the one route with the lowest number wins. This will be used by the
> routing daemons to resolve the synchronisations issue in case of conflicts.
> The nasty bits of this are in the multipath code. If no priority is
> specified
> the kernel will choose an appropriate priority.
> Looked at by a few people at n2k8 code is much older (claudio@)
~ if.c ~ if_ethersubr.c
~ if_tun.c ~ netisr.h
~ netisr_dispatch.h
> Prevent virtual interfaces from adding to the random pool.
> Also move the sampling into ether_input() where it can happen
> at the interrupt and not within splnet() processing, which might
> be less random. Discussed with mickey.
> OK markus@, mcbride@ (mpf@)
~ pf.c
> backout last change, it's already there.... (markus@)
~ pf_norm.c ~ pfvar.h
> allow setting TOS with scrub; ok mcbride, claudio (markus@)
~ if_mpe.c
> Correctly initialize labels by byte-swapping and inserting BoS and TTL.
> While there bump MTU to 1500 and set the receiving interface before
> calling mpls_input. mpestart will eventually call mpls_output when it
> exists.
> ``yaaaaayyy'' and ok claudio@ and norby@ (pyr@)
~ pf.c ~ pf_norm.c
~ pfvar.h
> scrub packets based on tags; ok henning (markus@)
~ if_mpe.c
> Make mpe a point-to-point interface.
> Make the mtu user definable.
> ok claudio@ (pyr@)
~ if_mpe.c
> add mpe_input() to be able to be fed packets that will reenter ip.
> no consumers yet, they should come soon.
> ok norby@ (pyr@)
~ if_mpe.c
> Missing return and correctly indent a debug printf. (claudio@)
~ if_loop.c
> Add MPLS support to loopback.
> Makes it possible to do evil tricks locally.
> ok claudio@ (norby@)
~ bridgestp.c ~ if_atmsubr.c
~ if_bridge.c ~ if_fddisubr.c
~ if_gif.c ~ if_trunk.c
~ if_vlan.c
> enable tx mitigation when putting packets on the wire by switching from
> calls to ifp->if_start to if_start(). these are the obviously right cases
> where we can do that, the less obvious ones may follow as theyre figured
> out.
> deraadt@ said to go for it (dlg@)
netinet
~ in_pcb.c ~ ip_carp.c
> Implement routing priorities. Every route inserted has a priority assigned
> and the one route with the lowest number wins. This will be used by the
> routing daemons to resolve the synchronisations issue in case of conflicts.
> The nasty bits of this are in the multipath code. If no priority is
> specified
> the kernel will choose an appropriate priority.
> Looked at by a few people at n2k8 code is much older (claudio@)
netinet6
~ in6.c
> Implement routing priorities. Every route inserted has a priority assigned
> and the one route with the lowest number wins. This will be used by the
> routing daemons to resolve the synchronisations issue in case of conflicts.
> The nasty bits of this are in the multipath code. If no priority is
> specified
> the kernel will choose an appropriate priority.
> Looked at by a few people at n2k8 code is much older (claudio@)
netmpls
~ mpls.h
> Correctly initialize labels by byte-swapping and inserting BoS and TTL.
> While there bump MTU to 1500 and set the receiving interface before
> calling mpls_input. mpestart will eventually call mpls_output when it
> exists.
> ``yaaaaayyy'' and ok claudio@ and norby@ (pyr@)
~ mpls.h
> Make mpe a point-to-point interface.
> Make the mtu user definable.
> ok claudio@ (pyr@)
~ mpls.h
> add mpe_input() to be able to be fed packets that will reenter ip.
> no consumers yet, they should come soon.
> ok norby@ (pyr@)
sys
~ mount.h
> oops, forgot to remove vfc_mountroot from vfsconf for real. (thib@)
xfs
~ xfs_vfsops-openbsd.c
> remove the vfc_mountroot member from vfsconf and
> do appropriate cleanup;
> OK deraadt@ (thib@)
== usr.bin =========================================================== 09/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin
cdio
~ cdio.c
> correct duration by taking the pre-gap into account; ok by many. (fgsch@)
ssh
~ servconf.c ~ servconf.h
~ session.c ~ sshd_config.5
> Enable the AllowAgentForwarding option in sshd_config (global and match
> context), to specify if agents should be permitted on the server.
> As the man page states:
> ``Note that disabling Agent forwarding does not improve security
> unless users are also denied shell access, as they can always install
> their own forwarders.''
> ok djm@, ok and a mild frown markus@ (pyr@)
~ sshd_config
> push the sshd_config bits in, spotted by ajacoutot@ (pyr@)
~ sshd_config.5
> sort; (jmc@)
== usr.sbin ========================================================== 10/10 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin
dhcpd
~ Makefile ~ dhcp.c
~ dhcpd.8 ~ dhcpd.c
~ dhcpd.h ~ dispatch.c
~ errwarn.c ~ memory.c
+ sync.c + sync.h
> Add synchronisation support for dhcpd - this allows for two dhcpd's
> with the same configuration to be run on the same net and they will
> keep their lease files/state in synch, and therefore allowing you to
> run redundant dhcpd's. Synchronization code stolen from spamd, uses
> an hmac key in /var/db/dhcpd.key if it exists.
> ok krw@ deraadt@ (beck@)
ospfd
~ ospfd.conf.5
> OSPF uses the highest IP address, not the lowest.
> hai norby@ (jsing@)
pppd
~ pppd.8
> Remove .Xr to routed and reword the sentence a bit to make more sense.
> pppd can filter on network protocols not network daemons.
> OK norby@ (claudio@)
relayd
~ parse.y ~ pfe_filter.c
~ relayd.8 ~ relayd.conf.5
~ relayd.h
> add an alternative "route to" mode to relayd redirections which maps
> to pf route-to instead of the default rdr. it is a first steps towards
> support for "direct server return" (dsr), an asynchronous mode where
> the load balanced servers send the replies to a different gateway like
> a l3 switch/router to handle higher amounts of return traffic.
> because the state handling in pf isn't optimal for this case yet, it
> just sees half of the TCP connection, the sessions are forced to time
> out after fixed number of seconds.
> discussed with many, thought about in the onsen (reyk@)
route6d
~ route6d.8
> Ref to ripd instead of routed. (claudio@)
===============================================================================
More information about the odc
mailing list