diff options
| author | ngie <ngie@FreeBSD.org> | 2015-12-15 19:52:02 +0000 |
|---|---|---|
| committer | ngie <ngie@FreeBSD.org> | 2015-12-15 19:52:02 +0000 |
| commit | 3fed53d02350ae9cbd7b2786b72b83d2e292b8d1 (patch) | |
| tree | 57320bb171eaf81a24aa51f751919d972710edf9 | |
| parent | 17ca717571c27f52897c406a71864f864ca65710 (diff) | |
| parent | 3713a6d4d1859668807d1f8c46fc21b15334f7c9 (diff) | |
| download | FreeBSD-src-3fed53d02350ae9cbd7b2786b72b83d2e292b8d1.zip FreeBSD-src-3fed53d02350ae9cbd7b2786b72b83d2e292b8d1.tar.gz | |
MFhead @ r292285
206 files changed, 3390 insertions, 1307 deletions
@@ -57,8 +57,8 @@ # Makefile.inc1. The exceptions are universe, tinderbox and targets. # # If you want to build your system from source be sure that /usr/obj has -# at least 1GB of diskspace available. A complete 'universe' build requires -# about 15GB of space. +# at least 6GB of diskspace available. A complete 'universe' build requires +# about 100GB of space. # # For individuals wanting to build from the sources currently on their # system, the simple instructions are: diff --git a/Makefile.inc1 b/Makefile.inc1 index 11fc0b9..8a43898 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -146,7 +146,11 @@ CLEANDIR= cleandir LOCAL_TOOL_DIRS?= PACKAGEDIR?= ${DESTDIR}/${DISTDIR} +.if empty(SHELL:M*csh*) BUILDENV_SHELL?=${SHELL} +.else +BUILDENV_SHELL?=/bin/sh +.endif SVN?= /usr/local/bin/svn SVNFLAGS?= -r HEAD @@ -172,10 +176,24 @@ VERSION= FreeBSD ${REVISION}-${BRANCH:C/-p[0-9]+$//} ${TARGET_ARCH} ${SRCRELDATE .export VERSION .endif -KNOWN_ARCHES?= aarch64/arm64 amd64 arm armeb/arm armv6/arm armv6hf/arm \ - i386 i386/pc98 mips mipsel/mips mips64el/mips mips64/mips \ - mipsn32el/mips mipsn32/mips powerpc powerpc64/powerpc \ - riscv64/riscv sparc64 +KNOWN_ARCHES?= aarch64/arm64 \ + amd64 \ + arm \ + armeb/arm \ + armv6/arm \ + armv6hf/arm \ + i386 \ + i386/pc98 \ + mips \ + mipsel/mips \ + mips64el/mips \ + mips64/mips \ + mipsn32el/mips \ + mipsn32/mips \ + powerpc \ + powerpc64/powerpc \ + riscv64/riscv \ + sparc64 .if ${TARGET} == ${TARGET_ARCH} _t= ${TARGET} diff --git a/contrib/mdocml/lib.in b/contrib/mdocml/lib.in index d69a654..ca04e94 100644 --- a/contrib/mdocml/lib.in +++ b/contrib/mdocml/lib.in @@ -24,6 +24,7 @@ * Be sure to escape strings. */ +LINE("lib80211", "802.11 Wireless Network Management Library (lib80211, \\-l80211)") LINE("libarchive", "Streaming Archive Library (libarchive, \\-larchive)") LINE("libarm", "ARM Architecture Library (libarm, \\-larm)") LINE("libarm32", "ARM32 Architecture Library (libarm32, \\-larm32)") @@ -110,6 +111,7 @@ LINE("libsdp", "Bluetooth Service Discovery Protocol User Library (libsdp, \\-l LINE("libssp", "Buffer Overflow Protection Library (libssp, \\-lssp)") LINE("libstdthreads", "C11 Threads Library (libstdthreads, \\-lstdthreads)") LINE("libSystem", "System Library (libSystem, \\-lSystem)") +LINE("libsysdecode", "System Argument Decoding Library (libsysdecode, \\-lsysdecode)") LINE("libtacplus", "TACACS+ Client Library (libtacplus, \\-ltacplus)") LINE("libtcplay", "TrueCrypt-compatible API library (libtcplay, \\-ltcplay)") LINE("libtermcap", "Termcap Access Library (libtermcap, \\-ltermcap)") diff --git a/contrib/smbfs/README b/contrib/smbfs/README index b63e16c..f0a61b1 100644 --- a/contrib/smbfs/README +++ b/contrib/smbfs/README @@ -15,7 +15,7 @@ It is a complete, kernel side implementation of SMB requester and filesystem. Darwin maintained in the Darwin's tree. - I'm would be very grateful for any feedback, bug reports etc. + I would be very grateful for any feedback, bug reports etc. Supported SMB servers: Samba @@ -23,14 +23,14 @@ It is a complete, kernel side implementation of SMB requester and filesystem. IBM LanManager NetApp - An updated versions of this package can be retrieved from ftp server: + An updated version of this package can be retrieved from ftp server: ftp://ftp.butya.kz/pub/smbfs/smbfs.tar.gz - Perfomance + Performance ========== - There is some perfomance benchmarks over 10Mbit network: + These are some performance benchmarks over a 10Mbit network: Win95 machine as server: IOZONE: auto-test mode diff --git a/contrib/unbound/.gitignore b/contrib/unbound/.gitignore new file mode 100644 index 0000000..7fed8d7 --- /dev/null +++ b/contrib/unbound/.gitignore @@ -0,0 +1,38 @@ +*.lo +*.o +/.libs/ +/Makefile +/autom4te.cache/ +/config.h +/config.log +/config.status +/dnstap/dnstap_config.h +/doc/example.conf +/doc/libunbound.3 +/doc/unbound-anchor.8 +/doc/unbound-checkconf.8 +/doc/unbound-control.8 +/doc/unbound-host.1 +/doc/unbound.8 +/doc/unbound.conf.5 +/libtool +/libunbound.la +/smallapp/unbound-control-setup.sh +/unbound +/unbound-anchor +/unbound-checkconf +/unbound-control +/unbound-control-setup +/unbound-host +/unbound.h +/asynclook +/delayer +/lock-verify +/memstats +/perf +/petal +/pktview +/streamtcp +/testbound +/unittest + diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index 20829d8..282c7d6 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -38,6 +38,7 @@ UNBOUND_VERSION_MINOR=@UNBOUND_VERSION_MINOR@ UNBOUND_VERSION_MICRO=@UNBOUND_VERSION_MICRO@ ALLTARGET=@ALLTARGET@ INSTALLTARGET=@INSTALLTARGET@ +SSLLIB=@SSLLIB@ # _unbound.la if pyunbound enabled. PYUNBOUND_TARGET=@PYUNBOUND_TARGET@ @@ -132,7 +133,7 @@ compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ -compat/arc4_lock.c compat/sha512.c compat/reallocarray.c +compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c COMPAT_OBJ=$(LIBOBJS:.o=.lo) COMPAT_OBJ_WITHOUT_CTIME=$(LIBOBJ_WITHOUT_CTIME:.o=.lo) COMPAT_OBJ_WITHOUT_CTIMEARC4=$(LIBOBJ_WITHOUT_CTIMEARC4:.o=.lo) @@ -295,22 +296,22 @@ longtest: tests lib: libunbound.la unbound.h libunbound.la: $(LIBUNBOUND_OBJ_LINK) - $(LINK_LIB) $(UBSYMS) -o $@ $(LIBUNBOUND_OBJ_LINK) -rpath $(libdir) -lssl $(LIBS) + $(LINK_LIB) $(UBSYMS) -o $@ $(LIBUNBOUND_OBJ_LINK) -rpath $(libdir) $(SSLLIB) $(LIBS) unbound$(EXEEXT): $(DAEMON_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) -lssl $(LIBS) + $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-checkconf$(EXEEXT): $(CHECKCONF_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) -lssl $(LIBS) + $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) -lssl $(LIBS) + $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat -lssl $(LIBS) + $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS) unbound-service-install$(EXEEXT): $(SVCINST_OBJ_LINK) $(LINK) -o $@ $(SVCINST_OBJ_LINK) $(LIBS) @@ -322,37 +323,37 @@ anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) unittest$(EXEEXT): $(UNITTEST_OBJ_LINK) - $(LINK) -o $@ $(UNITTEST_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) testbound$(EXEEXT): $(TESTBOUND_OBJ_LINK) - $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) lock-verify$(EXEEXT): $(LOCKVERIFY_OBJ_LINK) - $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) petal$(EXEEXT): $(PETAL_OBJ_LINK) - $(LINK) -o $@ $(PETAL_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(PETAL_OBJ_LINK) $(SSLLIB) $(LIBS) pktview$(EXEEXT): $(PKTVIEW_OBJ_LINK) - $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK) - $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) $(LIBS) -L. -L.libs -lunbound streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) - $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) perf$(EXEEXT): $(PERF_OBJ_LINK) - $(LINK) -o $@ $(PERF_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) delayer$(EXEEXT): $(DELAYER_OBJ_LINK) - $(LINK) -o $@ $(DELAYER_OBJ_LINK) -lssl $(LIBS) + $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) signit$(EXEEXT): testcode/signit.c - $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ testcode/signit.c $(LDFLAGS) -lldns -lssl $(LIBS) + $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS) unbound.h: $(srcdir)/libunbound/unbound.h sed -e 's/@''UNBOUND_VERSION_MAJOR@/$(UNBOUND_VERSION_MAJOR)/' -e 's/@''UNBOUND_VERSION_MINOR@/$(UNBOUND_VERSION_MINOR)/' -e 's/@''UNBOUND_VERSION_MICRO@/$(UNBOUND_VERSION_MICRO)/' < $(srcdir)/libunbound/unbound.h > $@ @@ -644,7 +645,7 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ @@ -727,8 +728,7 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ - + $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -776,14 +776,12 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/wire2str.h random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -818,8 +816,7 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/services/modstack.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ - + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ @@ -844,18 +841,16 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/ val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h -val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/validator.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h +val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h +val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ @@ -867,17 +862,15 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -895,11 +888,6 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h -dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/dnstap/dnstap.pb-c.h -dnstap.pb-c.lo dnstap.pb-c.o: $(srcdir)/dnstap/dnstap.pb-c.c $(srcdir)/dnstap/dnstap.pb-c.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -908,8 +896,7 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ +unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ @@ -947,38 +934,35 @@ unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/lo acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ - $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h \ +cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ +remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1002,35 +986,33 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h \ - $(srcdir)/util/rbtree.h + $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/libworker.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ + $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1046,12 +1028,12 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ @@ -1059,14 +1041,13 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ @@ -1141,19 +1122,18 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/services/localzone.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/netevent.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h +libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \ + $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ @@ -1164,21 +1144,18 @@ streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ - $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h +unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ - -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ - + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h +petal.lo petal.o: $(srcdir)/testcode/petal.c config.h pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ @@ -1191,8 +1168,7 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1200,14 +1176,11 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/rrdef.h \ - +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h \ - + $(srcdir)/sldns/keyraw.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h @@ -1227,8 +1200,7 @@ snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ - +getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c @@ -1238,3 +1210,4 @@ arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform. arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h $(srcdir)/util/locks.h sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h +isblank.lo isblank.o: $(srcdir)/compat/isblank.c config.h diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4 index c9ca755..26513e4 100644 --- a/contrib/unbound/acx_nlnetlabs.m4 +++ b/contrib/unbound/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 28 +# Version 30 +# 2015-11-18 spelling check fix. +# 2015-11-05 ACX_SSL_CHECKS no longer adds -ldl needlessly. # 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added. # 2015-03-17 AHX_CONFIG_REALLOCARRAY added # 2013-09-19 FLTO help text improved. @@ -24,7 +26,7 @@ # 2010-07-02 Add check for ss_family (for minix). # 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS. # 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end. -# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS seperate, -ldl +# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS separate, -ldl # 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN # 2010-01-20 added AHX_COONFIG_STRLCAT # 2009-07-14 U_CHAR detection improved for windows crosscompile. @@ -715,12 +717,6 @@ AC_DEFUN([ACX_SSL_CHECKS], [ fi AC_SUBST(HAVE_SSL) AC_SUBST(RUNTIME_PATH) - # openssl engine functionality needs dlopen(). - BAKLIBS="$LIBS" - AC_SEARCH_LIBS([dlopen], [dl]) - if test "$LIBS" != "$BAKLIBS"; then - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - fi fi AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT]) diff --git a/contrib/unbound/compat/arc4random.c b/contrib/unbound/compat/arc4random.c index 27a626b..2c859f1 100644 --- a/contrib/unbound/compat/arc4random.c +++ b/contrib/unbound/compat/arc4random.c @@ -26,7 +26,9 @@ #include <fcntl.h> #include <limits.h> #include <signal.h> +#ifdef HAVE_STDINT_H #include <stdint.h> +#endif #include <stdlib.h> #include <string.h> #include <unistd.h> diff --git a/contrib/unbound/compat/getentropy_linux.c b/contrib/unbound/compat/getentropy_linux.c index 76f0f9d..37d86a8 100644 --- a/contrib/unbound/compat/getentropy_linux.c +++ b/contrib/unbound/compat/getentropy_linux.c @@ -46,7 +46,12 @@ #include <errno.h> #include <unistd.h> #include <time.h> + +#if defined(HAVE_SSL) #include <openssl/sha.h> +#elif defined(HAVE_NETTLE) +#include <nettle/sha.h> +#endif #include <linux/types.h> #include <linux/random.h> @@ -67,9 +72,21 @@ HD(b); \ } while (0) +#if defined(HAVE_SSL) +#define CRYPTO_SHA512_CTX SHA512_CTX +#define CRYPTO_SHA512_INIT(x) SHA512_Init(x) +#define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) +#elif defined(HAVE_NETTLE) +#define CRYPTO_SHA512_CTX struct sha512_ctx +#define CRYPTO_SHA512_INIT(x) sha512_init(x) +#define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) +#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) +#define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) +#define HF(x) (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x))) +#endif int getentropy(void *buf, size_t len); @@ -122,7 +139,7 @@ getentropy(void *buf, size_t len) * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID. * sysctl is a failsafe API, so it guarantees a result. This * should work inside a chroot, or when file descriptors are - * exhuasted. + * exhausted. * * However this can fail if the Linux kernel removes support * for sysctl. Starting in 2007, there have been efforts to @@ -337,7 +354,7 @@ getentropy_fallback(void *buf, size_t len) struct rusage ru; sigset_t sigset; struct stat st; - SHA512_CTX ctx; + CRYPTO_SHA512_CTX ctx; static pid_t lastpid; pid_t pid; size_t i, ii, m; @@ -354,7 +371,7 @@ getentropy_fallback(void *buf, size_t len) } for (i = 0; i < len; ) { int j; - SHA512_Init(&ctx); + CRYPTO_SHA512_INIT(&ctx); for (j = 0; j < repeat; j++) { HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { @@ -526,7 +543,7 @@ getentropy_fallback(void *buf, size_t len) # endif #endif /* HAVE_GETAUXVAL */ - SHA512_Final(results, &ctx); + CRYPTO_SHA512_FINAL(results, &ctx); memcpy((char*)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } diff --git a/contrib/unbound/compat/getentropy_solaris.c b/contrib/unbound/compat/getentropy_solaris.c index 8389573..810098a 100644 --- a/contrib/unbound/compat/getentropy_solaris.c +++ b/contrib/unbound/compat/getentropy_solaris.c @@ -30,7 +30,9 @@ #include <sys/stat.h> #include <sys/time.h> #include <stdlib.h> +#ifdef HAVE_STDINT_H #include <stdint.h> +#endif #include <stdio.h> #include <termios.h> #include <fcntl.h> @@ -39,10 +41,14 @@ #include <errno.h> #include <unistd.h> #include <time.h> +#ifdef HAVE_SYS_SHA2_H #include <sys/sha2.h> #define SHA512_Init SHA512Init #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final +#else +#include "openssl/sha.h" +#endif #include <sys/vfs.h> #include <sys/statfs.h> diff --git a/contrib/unbound/compat/isblank.c b/contrib/unbound/compat/isblank.c new file mode 100644 index 0000000..8feabed --- /dev/null +++ b/contrib/unbound/compat/isblank.c @@ -0,0 +1,45 @@ +/* isblank - compatibility implementation of isblank + * + * Copyright (c) 2015, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +/* return true for a blank character: space or tab */ +int isblank(int c); + +/* implementation of isblank. unsigned char is the argument */ +int +isblank(int c) +{ + return (c==' ' || c=='\t'); +} diff --git a/contrib/unbound/compat/reallocarray.c b/contrib/unbound/compat/reallocarray.c index 04d5d71..c969bd0 100644 --- a/contrib/unbound/compat/reallocarray.c +++ b/contrib/unbound/compat/reallocarray.c @@ -18,7 +18,10 @@ #include "config.h" #include <sys/types.h> #include <errno.h> +#ifdef HAVE_STDINT_H #include <stdint.h> +#endif +#include <limits.h> #include <stdlib.h> /* diff --git a/contrib/unbound/compat/sha512.c b/contrib/unbound/compat/sha512.c index ac046ab..744b7ac7b 100644 --- a/contrib/unbound/compat/sha512.c +++ b/contrib/unbound/compat/sha512.c @@ -70,7 +70,7 @@ unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest); * Please make sure that your system defines BYTE_ORDER. If your * architecture is little-endian, make sure it also defines * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. + * equivalent. * * If your system does not define the above, then you can do so by * hand like this: diff --git a/contrib/unbound/compat/snprintf.c b/contrib/unbound/compat/snprintf.c index 0663557..97cd706 100644 --- a/contrib/unbound/compat/snprintf.c +++ b/contrib/unbound/compat/snprintf.c @@ -42,6 +42,7 @@ #ifdef HAVE_STDINT_H #include <stdint.h> #endif +#include <limits.h> /* for test */ /* #define SNPRINTF_TEST 1 */ @@ -428,7 +429,7 @@ print_num_llp(char** at, size_t* left, int* ret, void* value, char buf[PRINT_DEC_BUFSZ]; int negative = 0; int zero = (value == 0); -#if defined(UINTPTR_MAX) && defined(UINT32_MAX) && (UINTPTR_MAX == UINT32_MAX) +#if defined(SIZE_MAX) && defined(UINT32_MAX) && (UINT32_MAX == SIZE_MAX || INT32_MAX == SIZE_MAX) /* avoid warning about upcast on 32bit systems */ unsigned long long llvalue = (unsigned long)value; #else diff --git a/contrib/unbound/config.h b/contrib/unbound/config.h index 287ef57..47c5722 100644 --- a/contrib/unbound/config.h +++ b/contrib/unbound/config.h @@ -85,7 +85,7 @@ /* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to 0 if you don't. */ -#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO 0 +#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO 1 /* Define to 1 if you have the declaration of `strlcat', and to 0 if you don't. */ @@ -95,6 +95,10 @@ don't. */ /* #undef HAVE_DECL_STRLCPY */ +/* Define to 1 if you have the declaration of `XML_StopParser', and to 0 if + you don't. */ +#define HAVE_DECL_XML_STOPPARSER 1 + /* Define to 1 if you have the <dlfcn.h> header file. */ #define HAVE_DLFCN_H 1 @@ -152,6 +156,9 @@ /* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ #define HAVE_FSEEKO 1 +/* Define to 1 if you have the `fsync' function. */ +#define HAVE_FSYNC 1 + /* Whether getaddrinfo is available */ #define HAVE_GETADDRINFO 1 @@ -206,6 +213,9 @@ /* Define to 1 if you have the <iphlpapi.h> header file. */ /* #undef HAVE_IPHLPAPI_H */ +/* Define to 1 if you have the `isblank' function. */ +#define HAVE_ISBLANK 1 + /* Define to 1 if you have the `kill' function. */ #define HAVE_KILL 1 @@ -233,6 +243,9 @@ /* Define to 1 if you have the <netinet/in.h> header file. */ #define HAVE_NETINET_IN_H 1 +/* Use libnettle for crypto */ +/* #undef HAVE_NETTLE */ + /* Use libnss for crypto */ /* #undef HAVE_NSS */ @@ -497,7 +510,7 @@ #define PACKAGE_NAME "unbound" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "unbound 1.5.5" +#define PACKAGE_STRING "unbound 1.5.7" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "unbound" @@ -506,7 +519,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.5.5" +#define PACKAGE_VERSION "1.5.7" /* default pidfile location */ #define PIDFILE "/var/unbound/unbound.pid" @@ -525,7 +538,7 @@ #define ROOT_CERT_FILE "/var/unbound/icannbundle.pem" /* version number for resource files */ -#define RSRC_PACKAGE_VERSION 1,5,5,0 +#define RSRC_PACKAGE_VERSION 1,5,7,0 /* Directory to chdir to */ #define RUN_DIR "/var/unbound" @@ -536,6 +549,9 @@ /* The size of `time_t', as computed by sizeof. */ #define SIZEOF_TIME_T 8 +/* define if (v)snprintf does not return length needed, (but length used) */ +/* #undef SNPRINTF_RET_BROKEN */ + /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 @@ -570,7 +586,7 @@ /* #undef USE_ECDSA_EVP_WORKAROUND */ /* Define this to enable GOST support. */ -/* #undef USE_GOST */ +#define USE_GOST 1 /* Define if you want to use internal select based events */ #define USE_MINI_EVENT 1 @@ -849,15 +865,13 @@ #define MAXHOSTNAMELEN 256 #endif - -#ifndef HAVE_SNPRINTF +#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) #define snprintf snprintf_unbound #define vsnprintf vsnprintf_unbound #include <stdarg.h> int snprintf (char *str, size_t count, const char *fmt, ...); int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF */ - +#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ #ifndef HAVE_INET_PTON #define inet_pton inet_pton_unbound @@ -953,6 +967,11 @@ int memcmp(const void *x, const void *y, size_t n); char *ctime_r(const time_t *timep, char *buf); #endif +#ifndef HAVE_ISBLANK +#define isblank unbound_isblank +int isblank(int c); +#endif + #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) #define strptime unbound_strptime struct tm; diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index 7576e15..e90f036 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -94,6 +94,10 @@ don't. */ #undef HAVE_DECL_STRLCPY +/* Define to 1 if you have the declaration of `XML_StopParser', and to 0 if + you don't. */ +#undef HAVE_DECL_XML_STOPPARSER + /* Define to 1 if you have the <dlfcn.h> header file. */ #undef HAVE_DLFCN_H @@ -151,6 +155,9 @@ /* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ #undef HAVE_FSEEKO +/* Define to 1 if you have the `fsync' function. */ +#undef HAVE_FSYNC + /* Whether getaddrinfo is available */ #undef HAVE_GETADDRINFO @@ -205,6 +212,9 @@ /* Define to 1 if you have the <iphlpapi.h> header file. */ #undef HAVE_IPHLPAPI_H +/* Define to 1 if you have the `isblank' function. */ +#undef HAVE_ISBLANK + /* Define to 1 if you have the `kill' function. */ #undef HAVE_KILL @@ -232,6 +242,9 @@ /* Define to 1 if you have the <netinet/in.h> header file. */ #undef HAVE_NETINET_IN_H +/* Use libnettle for crypto */ +#undef HAVE_NETTLE + /* Use libnss for crypto */ #undef HAVE_NSS @@ -535,6 +548,9 @@ /* The size of `time_t', as computed by sizeof. */ #undef SIZEOF_TIME_T +/* define if (v)snprintf does not return length needed, (but length used) */ +#undef SNPRINTF_RET_BROKEN + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS @@ -848,15 +864,13 @@ #define MAXHOSTNAMELEN 256 #endif - -#ifndef HAVE_SNPRINTF +#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) #define snprintf snprintf_unbound #define vsnprintf vsnprintf_unbound #include <stdarg.h> int snprintf (char *str, size_t count, const char *fmt, ...); int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF */ - +#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ #ifndef HAVE_INET_PTON #define inet_pton inet_pton_unbound @@ -952,6 +966,11 @@ int memcmp(const void *x, const void *y, size_t n); char *ctime_r(const time_t *timep, char *buf); #endif +#ifndef HAVE_ISBLANK +#define isblank unbound_isblank +int isblank(int c); +#endif + #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) #define strptime unbound_strptime struct tm; diff --git a/contrib/unbound/configure b/contrib/unbound/configure index 7b0a7e6..acfb107 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.5. +# Generated by GNU Autoconf 2.69 for unbound 1.5.7. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.5' -PACKAGE_STRING='unbound 1.5.5' +PACKAGE_VERSION='1.5.7' +PACKAGE_STRING='unbound 1.5.7' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -661,6 +661,7 @@ CHECKLOCK_OBJ staticexe UNBOUND_EVENT_UNINSTALL UNBOUND_EVENT_INSTALL +SSLLIB HAVE_SSL CONFIG_DATE NETBSD_LINTFLAGS @@ -823,6 +824,7 @@ with_solaris_threads with_pyunbound with_pythonmodule with_nss +with_nettle with_ssl enable_sha2 enable_gost @@ -1391,7 +1393,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.5 to adapt to many kinds of systems. +\`configure' configures unbound 1.5.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1456,7 +1458,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.5:";; + short | recursive ) echo "Configuration of unbound 1.5.7:";; esac cat <<\_ACEOF @@ -1534,6 +1536,7 @@ Optional Packages: --with-pythonmodule build Python module, or --without-pythonmodule to disable script engine. (default=no) --with-nss=path use libnss instead of openssl, installed at path. + --with-nettle=path use libnettle as crypto library, installed at path. --with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr) @@ -1635,7 +1638,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.5 +unbound configure 1.5.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2344,7 +2347,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.5, which was +It was created by unbound $as_me 1.5.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2696,11 +2699,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=5 -UNBOUND_VERSION_MICRO=5 +UNBOUND_VERSION_MICRO=7 LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=10 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2745,6 +2748,8 @@ LIBUNBOUND_AGE=3 # 1.5.3 had 5:6:3 # 1.5.4 had 5:7:3 # 1.5.5 had 5:8:3 +# 1.5.6 had 5:9:3 +# 1.5.7 had 5:10:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -16406,13 +16411,44 @@ $as_echo "#define HAVE_NSS 1" >>confdefs.h CPPFLAGS="-I/usr/include/nspr4 $CPPFLAGS" fi LIBS="$LIBS -lnss3 -lnspr4" + SSLLIB="" + + +fi + + +# libnettle +USE_NETTLE="no" + +# Check whether --with-nettle was given. +if test "${with_nettle+set}" = set; then : + withval=$with_nettle; + USE_NETTLE="yes" + +$as_echo "#define HAVE_NETTLE 1" >>confdefs.h + + if test "$withval" != "" -a "$withval" != "yes"; then + CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" + LDFLAGS="$LDFLAGS -L$withval/lib" + + if test "x$enable_rpath" = xyes; then + if echo "$withval/lib" | grep "^/" >/dev/null; then + RUNTIME_PATH="$RUNTIME_PATH -R$withval/lib" + fi + fi + + else + CPPFLAGS="$CPPFLAGS -I/usr/include/nettle" + fi + LIBS="$LIBS -lhogweed -lnettle -lgmp" + SSLLIB="" fi # openssl -if test $USE_NSS = "no"; then +if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then # Check whether --with-ssl was given. @@ -16581,67 +16617,6 @@ rm -f core conftest.err conftest.$ac_objext \ fi - # openssl engine functionality needs dlopen(). - BAKLIBS="$LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 -$as_echo_n "checking for library containing dlopen... " >&6; } -if ${ac_cv_search_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dlopen=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dlopen+:} false; then : - break -fi -done -if ${ac_cv_search_dlopen+:} false; then : - -else - ac_cv_search_dlopen=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 -$as_echo "$ac_cv_search_dlopen" >&6; } -ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - if test "$LIBS" != "$BAKLIBS"; then - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - fi fi for ac_header in openssl/ssl.h do : @@ -16779,6 +16754,7 @@ fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext +SSLLIB="-lssl" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5 $as_echo_n "checking for LibreSSL... " >&6; } if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then @@ -16976,6 +16952,7 @@ _ACEOF fi + # Check whether --enable-sha2 was given. if test "${enable_sha2+set}" = set; then : enableval=$enable_sha2; @@ -16999,7 +16976,7 @@ if test "${enable_gost+set}" = set; then : fi use_gost="no" -if test $USE_NSS = "no"; then +if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then case "$enable_gost" in no) ;; @@ -17152,7 +17129,7 @@ case "$enable_ecdsa" in no) ;; *) - if test $USE_NSS = "no"; then + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then ac_fn_c_check_func "$LINENO" "ECDSA_sign" "ac_cv_func_ECDSA_sign" if test "x$ac_cv_func_ECDSA_sign" = xyes; then : @@ -17643,6 +17620,20 @@ fi done +ac_fn_c_check_decl "$LINENO" "XML_StopParser" "ac_cv_have_decl_XML_StopParser" "$ac_includes_default +#include <expat.h> + +" +if test "x$ac_cv_have_decl_XML_StopParser" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_XML_STOPPARSER $ac_have_decl +_ACEOF + # set static linking if requested @@ -18100,7 +18091,7 @@ if test "$ac_res" != no; then : fi -for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent +for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18221,6 +18212,48 @@ esac fi +# test if snprintf return the proper length +if test "x$ac_cv_func_snprintf" = xyes; then + if test c${cross_compiling} = cno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for correct snprintf return value" >&5 +$as_echo_n "checking for correct snprintf return value... " >&6; } + if test "$cross_compiling" = yes; then : + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default + +int main(void) { return !(snprintf(NULL, 0, "test") == 4); } + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define SNPRINTF_RET_BROKEN /**/" >>confdefs.h + + case " $LIBOBJS " in + *" snprintf.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" + ;; +esac + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" if test "x$ac_cv_func_strlcat" = xyes; then : $as_echo "#define HAVE_STRLCAT 1" >>confdefs.h @@ -18277,6 +18310,20 @@ esac fi +ac_fn_c_check_func "$LINENO" "isblank" "ac_cv_func_isblank" +if test "x$ac_cv_func_isblank" = xyes; then : + $as_echo "#define HAVE_ISBLANK 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" isblank.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS isblank.$ac_objext" + ;; +esac + +fi + + LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" @@ -19017,7 +19064,7 @@ _ACEOF -version=1.5.5 +version=1.5.7 date=`date +'%b %e, %Y'` @@ -19532,7 +19579,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.5, which was +This file was extended by unbound $as_me 1.5.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19598,7 +19645,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.5 +unbound config.status 1.5.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index 871ea7c..13d8304 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[5]) +m4_define([VERSION_MICRO],[7]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=10 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -62,6 +62,8 @@ LIBUNBOUND_AGE=3 # 1.5.3 had 5:6:3 # 1.5.4 had 5:7:3 # 1.5.5 had 5:8:3 +# 1.5.6 had 5:9:3 +# 1.5.7 had 5:10:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -561,13 +563,34 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], CPPFLAGS="-I/usr/include/nspr4 $CPPFLAGS" fi LIBS="$LIBS -lnss3 -lnspr4" + SSLLIB="" + ] +) + +# libnettle +USE_NETTLE="no" +AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path], + [use libnettle as crypto library, installed at path.]), + [ + USE_NETTLE="yes" + AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto]) + if test "$withval" != "" -a "$withval" != "yes"; then + CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" + LDFLAGS="$LDFLAGS -L$withval/lib" + ACX_RUNTIME_PATH_ADD([$withval/lib]) + else + CPPFLAGS="$CPPFLAGS -I/usr/include/nettle" + fi + LIBS="$LIBS -lhogweed -lnettle -lgmp" + SSLLIB="" ] ) # openssl -if test $USE_NSS = "no"; then +if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then ACX_WITH_SSL ACX_LIB_SSL +SSLLIB="-lssl" AC_MSG_CHECKING([for LibreSSL]) if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then AC_MSG_RESULT([yes]) @@ -602,6 +625,7 @@ AC_INCLUDES_DEFAULT #include <openssl/evp.h> ]) fi +AC_SUBST(SSLLIB) AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) @@ -713,7 +737,7 @@ AC_MSG_RESULT($ac_cv_c_gost_works) AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support])) use_gost="no" -if test $USE_NSS = "no"; then +if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then case "$enable_gost" in no) ;; @@ -727,7 +751,7 @@ case "$enable_gost" in fi ;; esac -fi dnl !USE_NSS +fi dnl !USE_NSS && !USE_NETTLE AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support])) use_ecdsa="no" @@ -735,7 +759,7 @@ case "$enable_ecdsa" in no) ;; *) - if test $USE_NSS = "no"; then + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])]) AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])]) AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT @@ -881,6 +905,9 @@ if test x_$found_libexpat != x_yes; then AC_ERROR([Could not find libexpat, expat.h]) fi AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT +#include <expat.h> +]) # set static linking if requested AC_SUBST(staticexe) @@ -985,7 +1012,7 @@ AC_INCLUDES_DEFAULT #endif ]) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) @@ -997,10 +1024,25 @@ AC_REPLACE_FUNCS(inet_aton) AC_REPLACE_FUNCS(inet_pton) AC_REPLACE_FUNCS(inet_ntop) AC_REPLACE_FUNCS(snprintf) +# test if snprintf return the proper length +if test "x$ac_cv_func_snprintf" = xyes; then + if test c${cross_compiling} = cno; then + AC_MSG_CHECKING([for correct snprintf return value]) + AC_RUN_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT +[[ +int main(void) { return !(snprintf(NULL, 0, "test") == 4); } +]])], [AC_MSG_RESULT(yes)], [ + AC_MSG_RESULT(no) + AC_DEFINE([SNPRINTF_RET_BROKEN], [], [define if (v)snprintf does not return length needed, (but length used)]) + AC_LIBOBJ(snprintf) + ]) + fi +fi AC_REPLACE_FUNCS(strlcat) AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) AC_REPLACE_FUNCS(gmtime_r) +AC_REPLACE_FUNCS(isblank) dnl without CTIME, ARC4-functions and without reallocarray. LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) @@ -1235,7 +1277,13 @@ AHX_CONFIG_FORMAT_ATTRIBUTE AHX_CONFIG_UNUSED_ATTRIBUTE AHX_CONFIG_FSEEKO AHX_CONFIG_MAXHOSTNAMELEN -AHX_CONFIG_SNPRINTF(unbound) +#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) +#define snprintf snprintf_unbound +#define vsnprintf vsnprintf_unbound +#include <stdarg.h> +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); +#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ AHX_CONFIG_INET_PTON(unbound) AHX_CONFIG_INET_NTOP(unbound) AHX_CONFIG_INET_ATON(unbound) @@ -1258,6 +1306,11 @@ AHX_MEMCMP_BROKEN(unbound) char *ctime_r(const time_t *timep, char *buf); #endif +#ifndef HAVE_ISBLANK +#define isblank unbound_isblank +int isblank(int c); +#endif + #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) #define strptime unbound_strptime struct tm; diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c index c16e4e5..d533e08 100644 --- a/contrib/unbound/daemon/remote.c +++ b/contrib/unbound/daemon/remote.c @@ -208,12 +208,14 @@ daemon_remote_create(struct config_file* cfg) return NULL; } /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); daemon_remote_delete(rc); return NULL; } - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); daemon_remote_delete(rc); return NULL; diff --git a/contrib/unbound/daemon/unbound.c b/contrib/unbound/daemon/unbound.c index 8e07c38..0ceee53 100644 --- a/contrib/unbound/daemon/unbound.c +++ b/contrib/unbound/daemon/unbound.c @@ -180,6 +180,8 @@ static void usage() SSLeay_version(SSLEAY_VERSION) #elif defined(HAVE_NSS) NSS_GetVersion() +#elif defined(HAVE_NETTLE) + "nettle" #endif ); printf("linked modules:"); @@ -450,6 +452,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* endpwent below, in case we need pwd for setusercontext */ } #endif +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg); +#endif /* init syslog (as root) if needed, before daemonize, otherwise * a fork error could not be printed since daemonize closed stderr.*/ diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c index 79aec4d..c90a659 100644 --- a/contrib/unbound/daemon/worker.c +++ b/contrib/unbound/daemon/worker.c @@ -866,11 +866,16 @@ worker_handle_request(struct comm_point* c, void* arg, int error, goto send_reply; } if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) { + struct edns_data reply_edns; verbose(VERB_ALGO, "worker parse edns: formerror."); log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - sldns_buffer_rewind(c->buffer); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); + memset(&reply_edns, 0, sizeof(reply_edns)); + reply_edns.edns_present = 1; + reply_edns.udp_size = EDNS_ADVERTISED_SIZE; LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); + error_encode(c->buffer, ret, &qinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } diff --git a/contrib/unbound/dns64/dns64.c b/contrib/unbound/dns64/dns64.c index 63cc808..0de3f66 100644 --- a/contrib/unbound/dns64/dns64.c +++ b/contrib/unbound/dns64/dns64.c @@ -618,8 +618,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, dd->rr_ttl = (time_t*)&dd->rr_data[dd->count]; for(i = 0; i < fd->count; ++i) { if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0 - || fd->rr_data[i][1] != 4) + || fd->rr_data[i][1] != 4) { + *dd_out = NULL; return; + } dd->rr_len[i] = 18; dd->rr_data[i] = (uint8_t*)&dd->rr_ttl[dd->count] + 18*i; @@ -638,6 +640,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, */ if(!dk) { log_err("no key"); + *dd_out = NULL; return; } @@ -646,6 +649,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, if(!dk->rk.dname) { log_err("out of memory"); + *dd_out = NULL; return; } diff --git a/contrib/unbound/dnstap/dnstap.proto b/contrib/unbound/dnstap/dnstap.proto index 3504d99e..32871f4 100644 --- a/contrib/unbound/dnstap/dnstap.proto +++ b/contrib/unbound/dnstap/dnstap.proto @@ -105,7 +105,7 @@ message Message { enum Type { // AUTH_QUERY is a DNS query message received from a resolver by an - // authoritative name server, from the perspective of the authorative + // authoritative name server, from the perspective of the authoritative // name server. AUTH_QUERY = 1; diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog index 3f3b245..6824b1d 100644 --- a/contrib/unbound/doc/Changelog +++ b/contrib/unbound/doc/Changelog @@ -1,3 +1,121 @@ +8 December 2015: Wouter + - Fixup 724 for unbound-control. + +7 December 2015: Ralph + - Do not minimise forwarded requests. + +4 December 2015: Wouter + - Removed unneeded whitespace from example.conf. + +3 December 2015: Ralph + - (after rc1 tag) + - Committed fix to qname minimisation and unit test case for it. + +3 December 2015: Wouter + - iana portlist update. + - 1.5.7rc1 prerelease tag. + +2 December 2015: Wouter + - Fixup 724: Fix PCA prompt for unbound-service-install.exe. + re-enable stdout printout. + - For 724: Add Changelog to windows binary dist. + +1 December 2015: Ralph + - Qname minimisation review fixes + +1 December 2015: Wouter + - Fixup 724 fix for fname_after_chroot() calls. + - Remove stdout printout for unbound-service-install.exe + - .gitignore for git users. + +30 November 2015: Ralph + - Implemented qname minimisation + +30 November 2015: Wouter + - Fix for #724: conf syntax to read files from run dir (on Windows). + +25 November 2015: Wouter + - Fix for #720, fix unbound-control-setup windows batch file. + +24 November 2015: Wouter + - Fix #720: add windows scripts to zip bundle. + - iana portlist update. + +20 November 2015: Wouter + - Added assert on rrset cache correctness. + - Fix that malformed EDNS query gets a response without malformed EDNS. + +18 November 2015: Wouter + - newer acx_nlnetlabs.m4. + - spelling fixes from Igor Sobrado Delgado. + +17 November 2015: Wouter + - Fix #594. libunbound: optionally use libnettle for crypto. + Contributed by Luca Bruno. Added --with-nettle for use with + --with-libunbound-only. + - refactor nsec3 hash implementation to be more library-portable. + - iana portlist update. + - Fixup DER encoded DSA signatures for libnettle. + +16 November 2015: Wouter + - Fix for lenient accept of reverse order DNAME and CNAME. + +6 November 2015: Wouter + - Change example.conf: ftp.internic.net to https://www.internic.net + +5 November 2015: Wouter + - ACX_SSL_CHECKS no longer adds -ldl needlessly. + +3 November 2015: Wouter + - Fix #718: Fix unbound-control-setup with support for env + without HEREDOC bash support. + +29 October 2015: Wouter + - patch from Doug Hogan for SSL_OP_NO_SSLvx options. + - Fix #716: nodata proof with empty non-terminals and wildcards. + +28 October 2015: Wouter + - Fix checklock testcode for linux threads on exit. + +27 October 2015: Wouter + - isblank() compat implementation. + - detect libexpat without xml_StopParser function. + - portability fixes. + - portability, replace snprintf if return value broken. + +23 October 2015: Wouter + - Fix #714: Document config to block private-address for IPv4 + mapped IPv6 addresses. + +22 October 2015: Wouter + - Fix #712: unbound-anchor appears to not fsync root.key. + +20 October 2015: Wouter + - 1.5.6 release. + - trunk tracks development of 1.5.7. + +15 October 2015: Wouter + - Fix segfault in the dns64 module in the formaterror error path. + - Fix sldns_wire2str_rdata_scan for malformed RRs. + - tag for 1.5.6rc1 release. + +14 October 2015: Wouter + - ANY responses include DNAME records if present, as per Evan Hunt's + remark in dnsop. + - Fix manpage to suggest using SIGTERM to terminate the server. + +9 October 2015: Wouter + - Default for ssl-port is port 853, the temporary port assignment + for secure domain name system traffic. + If you used to rely on the older default of port 443, you have + to put a clause in unbound.conf for that. The new value is likely + going to be the standardised port number for this traffic. + - iana portlist update. + +6 October 2015: Wouter + - 1.5.5 release. + - trunk tracks the development of 1.5.6. + 28 September 2015: Wouter - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution failures. @@ -731,7 +849,7 @@ existence in 4592. NSEC empty non-terminals exist and thus the RCODE should have been NOERROR. If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and the security status - of the reponse is also considered secure. + of the response is also considered secure. 14 February 2014: Wouter - Works on Minix (3.2.1). @@ -1503,7 +1621,7 @@ - Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. - Fix warnings with gcc 4.6 in compat/inet_ntop.c. - Fix warning unused in compat/strptime.c. - - Fix malloc detection and double defintion. + - Fix malloc detection and double definition. 2 December 2011: Wouter - configure generated with autoconf 2.68. @@ -4948,7 +5066,7 @@ - Advertise builtin select libevent alternative when no libevent is found. - signit can generate NSEC3 hashes, for generating tests. - - multiple nsec3 paramaters in message test. + - multiple nsec3 parameters in message test. - too high nsec3 iterations becomes insecure test. 21 September 2007: Wouter @@ -5019,7 +5137,7 @@ - testbound can replay a TCP query (set MATCH TCP in the QUERY). - DS and noDS referral validation test. - if you configure many trust anchors, parent trust anchors can - securely deny existance of child trust anchors, if validated. + securely deny existence of child trust anchors, if validated. - not all *.name NSECs are present because a wildcard was matched, and *.name NSECs can prove nodata for empty nonterminals. Also, for wildcard name NSECs, check they are not from the parent @@ -5326,7 +5444,7 @@ 17 July 2007: Wouter - forward zone options in config file. - - forward per zone in iterator. takes precendence over stubs. + - forward per zone in iterator. takes precedence over stubs. - fixup commithooks. - removed forward-to and forward-to-port features, subsumed by new forward zones. @@ -5427,7 +5545,7 @@ ldns and libevent are linked statically. Default is off. - make install and make uninstall. Works with static-exe and without. installation of unbound binary and manual pages. - - alignement problem fix on solaris 64. + - alignment problem fix on solaris 64. - fixup address in case of TCP error. 12 June 2007: Wouter @@ -5510,7 +5628,7 @@ - removed FLAG_CD from message and rrset caches. This was useful for an agnostic forwarder, but not for a sophisticated (trust value per rrset enabled) cache. - - iterator reponse typing. + - iterator response typing. - iterator cname handle. - iterator prime start. - subquery work. @@ -5530,7 +5648,7 @@ - Acknowledge use of unbound-java code in iterator. Nicer readme. - services/cache/dns.c DNS Cache. Hybrid cache uses msgcache and rrset cache from module environment. - - packed rrset key has type and class as easily accessable struct + - packed rrset key has type and class as easily accessible struct members. They are still kept in network format for fast msg encode. - dns cache find_delegation routine. - iterator main functions setup. @@ -5614,7 +5732,7 @@ - EDNS read from query, used to make reply smaller. - advertised edns value constants. - EDNS BADVERS response, if asked for too high edns version. - - EDNS extended error reponses once the EDNS record from the query + - EDNS extended error responses once the EDNS record from the query has successfully been parsed. 4 May 2007: Wouter diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README index c8bddcc..8235ea2 100644 --- a/contrib/unbound/doc/README +++ b/contrib/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.5.5 +README for Unbound 1.5.7 Copyright 2007 NLnet Labs http://unbound.net diff --git a/contrib/unbound/doc/example.conf b/contrib/unbound/doc/example.conf index 87bbebe..11c3ba9 100644 --- a/contrib/unbound/doc/example.conf +++ b/contrib/unbound/doc/example.conf @@ -1,14 +1,14 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.5. +# See unbound.conf(5) man page, version 1.5.7. # # this is a comment. #Use this to include other text into the file. #include: "otherfile.conf" -# The server clause sets the main parameters. +# The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. @@ -40,7 +40,7 @@ server: # interface: 2001:DB8::5 # enable this feature to copy the source address of queries to reply. - # Socket options are not supported on all platforms. experimental. + # Socket options are not supported on all platforms. experimental. # interface-automatic: no # port to answer queries from @@ -84,10 +84,10 @@ server: # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option). # 0 is system default. Use 4m to handle spikes on very busy servers. # so-sndbuf: 0 - + # use SO_REUSEPORT to distribute queries over threads. # so-reuseport: no - + # use IP_TRANSPARENT so the interface: addresses can be non-local # and you can config non-existing IPs that are going to work later on # ip-transparent: no @@ -105,7 +105,7 @@ server: # msg-buffer-size: 65552 # the amount of memory to use for the message cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # msg-cache-size: 4m # the number of slabs to use for the message cache. @@ -118,12 +118,12 @@ server: # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 - + # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 # the amount of memory to use for the RRset cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m # the number of slabs to use for the RRset cache. @@ -145,7 +145,7 @@ server: # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 - + # minimum wait time for responses, increase if uplink is long. In msec. # infra-cache-min-rtt: 50 @@ -195,8 +195,8 @@ server: # # If chroot is enabled, you should pass the configfile (from the # commandline) as a full path from the original root. After the - # chroot has been performed the now defunct portion of the config - # file path is removed to be able to reread the config after a reload. + # chroot has been performed the now defunct portion of the config + # file path is removed to be able to reread the config after a reload. # # All other file paths (working dir, logfile, roothints, and # key files) can be specified in several ways: @@ -205,7 +205,7 @@ server: # o as an absolute path relative to the original root. # In the last case the path is adjusted to remove the unused portion. # - # The pid file can be absolute and outside of the chroot, it is + # The pid file can be absolute and outside of the chroot, it is # written just prior to performing the chroot and dropping permissions. # # Additionally, unbound may need to access /dev/random (for entropy). @@ -219,22 +219,22 @@ server: # If you give "" no privileges are dropped. # username: "unbound" - # the working directory. The relative files in this config are + # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory # is not changed. # directory: "/var/unbound" - # the log file, "" means log to stderr. + # the log file, "" means log to stderr. # Use of this option sets use-syslog to "no". # logfile: "" - # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to + # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to # log to, with identity "unbound". If yes, it overrides the logfile. - # use-syslog: yes + # use-syslog: yes # print UTC timestamp in ascii to logfile, default is epoch in seconds. # log-time-ascii: no - + # print one line with time, IP, name, type, class for every query. # log-queries: no @@ -242,7 +242,7 @@ server: # pidfile: "/var/unbound/unbound.pid" # file to read root hints from. - # get one from ftp://FTP.INTERNIC.NET/domain/named.cache + # get one from https://www.internic.net/domain/named.cache # root-hints: "" # enable to not answer id.server and hostname.bind queries. @@ -258,8 +258,8 @@ server: # version: "" # the target fetch policy. - # series of integers describing the policy per dependency depth. - # The number of values in the list determines the maximum dependency + # series of integers describing the policy per dependency depth. + # The number of values in the list determines the maximum dependency # depth the recursor will pursue before giving up. Each integer means: # -1 : fetch all targets opportunistically, # 0: fetch on demand, @@ -267,17 +267,17 @@ server: # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" - # Harden against very small EDNS buffer sizes. + # Harden against very small EDNS buffer sizes. # harden-short-bufsize: no # Harden against unseemly large queries. # harden-large-queries: no - # Harden against out of zone rrsets, to avoid spoofing attempts. + # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes # Harden against receiving dnssec-stripped data. If you turn it - # off, failing to validate dnskey data for a trustanchor will + # off, failing to validate dnskey data for a trustanchor will # trigger insecure mode for that zone (like without a trustanchor). # Default on, which insists on dnssec data for trust-anchored zones. # harden-dnssec-stripped: yes @@ -287,7 +287,7 @@ server: # Harden the referral path by performing additional queries for # infrastructure data. Validates the replies (if possible). - # Default off, because the lookups burden the server. Experimental + # Default off, because the lookups burden the server. Experimental # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # harden-referral-path: no @@ -296,18 +296,23 @@ server: # to validate the zone. # harden-algo-downgrade: no + # Sent minimum amount of information to upstream servers to enhance + # privacy. Only sent minimum required labels of the QNAME and set QTYPE + # to NS when possible. + # qname-minimisation: no + # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no - + # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. # caps-whitelist: "licdn.com" - # Enforce privacy of these addresses. Strips them away from answers. - # It may cause DNSSEC validation to additionally mark it as bogus. - # Protects against 'DNS Rebinding' (uses browser as network proxy). - # Only 'private-domain' and 'local-data' names are allowed to have + # Enforce privacy of these addresses. Strips them away from answers. + # It may cause DNSSEC validation to additionally mark it as bogus. + # Protects against 'DNS Rebinding' (uses browser as network proxy). + # Only 'private-domain' and 'local-data' names are allowed to have # these private addresses. No default. # private-address: 10.0.0.0/8 # private-address: 172.16.0.0/12 @@ -315,6 +320,7 @@ server: # private-address: 169.254.0.0/16 # private-address: fd00::/8 # private-address: fe80::/10 + # private-address: ::ffff:0:0/96 # Allow the domain (and its subdomains) to contain private addresses. # local-data statements are allowed to contain private addresses too. @@ -373,7 +379,7 @@ server: # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. # trust-anchor-file: "" - + # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. # Note this gets out of date, use auto-trust-anchor-file please. @@ -383,7 +389,7 @@ server: # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. Like trust-anchor-file - # but has a different file format. Format is BIND-9 style format, + # but has a different file format. Format is BIND-9 style format, # the trusted-keys { name flag proto algo "key"; }; clauses are read. # you need external update procedures to track changes in keys. # trusted-keys-file: "" @@ -408,7 +414,7 @@ server: # Should additional section of secure message also be kept clean of # unsecure data. Useful to shield the users of this validator from - # potential bogus data in the additional section. All unsigned data + # potential bogus data in the additional section. All unsigned data # in the additional section is removed from secure messages. # val-clean-additional: yes @@ -433,7 +439,7 @@ server: # A message with an NSEC3 with larger count is marked insecure. # List in ascending order the keysize and count values. # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" - + # instruct the auto-trust-anchor-file probing to add anchors after ttl. # add-holddown: 2592000 # 30 days @@ -448,7 +454,7 @@ server: # permit-small-holddown: no # the amount of memory to use for the key cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m # the number of slabs to use for the key cache. @@ -457,7 +463,7 @@ server: # key-cache-slabs: 4 # the amount of memory to use for the negative cache (used for DLV). - # plain value in bytes or you can append k, m or G. default is "1Mb". + # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m # By default, for a number of zones a small default 'nothing here' @@ -501,7 +507,7 @@ server: # local-zone: "b.e.f.ip6.arpa." nodefault # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault # And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa. - + # if unbound is running service for the local host then it is useful # to perform lan-wide lookups to the upstream, and unblock the # long list of local-zones above. If this unbound is a dns server @@ -512,7 +518,7 @@ server: # a number of locally served zones can be configured. # local-zone: <zone> <type> # local-data: "<resource record string>" - # o deny serves local data (if any), else, drops queries. + # o deny serves local data (if any), else, drops queries. # o refuse serves local data (if any), else, replies with error. # o static serves local data, else, nxdomain or nodata answer. # o transparent gives local data, but resolves normally for other names @@ -525,7 +531,7 @@ server: # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones # the default content is omitted, or you can omit it with 'nodefault'. - # + # # If you configure local-data without specifying local-zone, by # default a transparent local-zone is created for the data. # @@ -552,7 +558,7 @@ server: # default is "" (disabled). requires restart to take effect. # ssl-service-key: "path/to/privatekeyfile.key" # ssl-service-pem: "path/to/publiccertfile.pem" - # ssl-port: 443 + # ssl-port: 853 # request upstream over SSL (with plain DNS inside the SSL stream). # Default is no. Can be turned on and off with unbound-control. @@ -571,7 +577,7 @@ server: # ratelimit-size: 4m # ratelimit cache slabs, reduces lock contention if equal to cpucount. # ratelimit-slabs: 4 - + # 0 blocks when ratelimited, otherwise let 1/xth traffic through # ratelimit-factor: 10 @@ -590,7 +596,7 @@ python: # Script file to load # python-script: "/var/unbound/ubmodule-tst.py" -# Remote control config section. +# Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. @@ -621,9 +627,9 @@ remote-control: # control-cert-file: "/var/unbound/unbound_control.pem" # Stub zones. -# Create entries like below, to make all queries for 'example.com' and -# 'example.org' go to the given list of nameservers. list zero or more -# nameservers by hostname or by ipaddress. If you set stub-prime to yes, +# Create entries like below, to make all queries for 'example.com' and +# 'example.org' go to the given list of nameservers. list zero or more +# nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. # Consider adding domain-insecure: name and local-zone: name nodefault diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in index 399aa80..ff90e3b 100644 --- a/contrib/unbound/doc/example.conf.in +++ b/contrib/unbound/doc/example.conf.in @@ -1,14 +1,14 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.5. +# See unbound.conf(5) man page, version 1.5.7. # # this is a comment. #Use this to include other text into the file. #include: "otherfile.conf" -# The server clause sets the main parameters. +# The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. @@ -40,7 +40,7 @@ server: # interface: 2001:DB8::5 # enable this feature to copy the source address of queries to reply. - # Socket options are not supported on all platforms. experimental. + # Socket options are not supported on all platforms. experimental. # interface-automatic: no # port to answer queries from @@ -84,10 +84,10 @@ server: # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option). # 0 is system default. Use 4m to handle spikes on very busy servers. # so-sndbuf: 0 - + # use SO_REUSEPORT to distribute queries over threads. # so-reuseport: no - + # use IP_TRANSPARENT so the interface: addresses can be non-local # and you can config non-existing IPs that are going to work later on # ip-transparent: no @@ -105,7 +105,7 @@ server: # msg-buffer-size: 65552 # the amount of memory to use for the message cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # msg-cache-size: 4m # the number of slabs to use for the message cache. @@ -118,12 +118,12 @@ server: # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 - + # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 # the amount of memory to use for the RRset cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m # the number of slabs to use for the RRset cache. @@ -145,7 +145,7 @@ server: # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 - + # minimum wait time for responses, increase if uplink is long. In msec. # infra-cache-min-rtt: 50 @@ -195,8 +195,8 @@ server: # # If chroot is enabled, you should pass the configfile (from the # commandline) as a full path from the original root. After the - # chroot has been performed the now defunct portion of the config - # file path is removed to be able to reread the config after a reload. + # chroot has been performed the now defunct portion of the config + # file path is removed to be able to reread the config after a reload. # # All other file paths (working dir, logfile, roothints, and # key files) can be specified in several ways: @@ -205,7 +205,7 @@ server: # o as an absolute path relative to the original root. # In the last case the path is adjusted to remove the unused portion. # - # The pid file can be absolute and outside of the chroot, it is + # The pid file can be absolute and outside of the chroot, it is # written just prior to performing the chroot and dropping permissions. # # Additionally, unbound may need to access /dev/random (for entropy). @@ -219,22 +219,22 @@ server: # If you give "" no privileges are dropped. # username: "@UNBOUND_USERNAME@" - # the working directory. The relative files in this config are + # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory # is not changed. # directory: "@UNBOUND_RUN_DIR@" - # the log file, "" means log to stderr. + # the log file, "" means log to stderr. # Use of this option sets use-syslog to "no". # logfile: "" - # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to + # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to # log to, with identity "unbound". If yes, it overrides the logfile. - # use-syslog: yes + # use-syslog: yes # print UTC timestamp in ascii to logfile, default is epoch in seconds. # log-time-ascii: no - + # print one line with time, IP, name, type, class for every query. # log-queries: no @@ -242,7 +242,7 @@ server: # pidfile: "@UNBOUND_PIDFILE@" # file to read root hints from. - # get one from ftp://FTP.INTERNIC.NET/domain/named.cache + # get one from https://www.internic.net/domain/named.cache # root-hints: "" # enable to not answer id.server and hostname.bind queries. @@ -258,8 +258,8 @@ server: # version: "" # the target fetch policy. - # series of integers describing the policy per dependency depth. - # The number of values in the list determines the maximum dependency + # series of integers describing the policy per dependency depth. + # The number of values in the list determines the maximum dependency # depth the recursor will pursue before giving up. Each integer means: # -1 : fetch all targets opportunistically, # 0: fetch on demand, @@ -267,17 +267,17 @@ server: # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" - # Harden against very small EDNS buffer sizes. + # Harden against very small EDNS buffer sizes. # harden-short-bufsize: no # Harden against unseemly large queries. # harden-large-queries: no - # Harden against out of zone rrsets, to avoid spoofing attempts. + # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes # Harden against receiving dnssec-stripped data. If you turn it - # off, failing to validate dnskey data for a trustanchor will + # off, failing to validate dnskey data for a trustanchor will # trigger insecure mode for that zone (like without a trustanchor). # Default on, which insists on dnssec data for trust-anchored zones. # harden-dnssec-stripped: yes @@ -287,7 +287,7 @@ server: # Harden the referral path by performing additional queries for # infrastructure data. Validates the replies (if possible). - # Default off, because the lookups burden the server. Experimental + # Default off, because the lookups burden the server. Experimental # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # harden-referral-path: no @@ -296,18 +296,23 @@ server: # to validate the zone. # harden-algo-downgrade: no + # Sent minimum amount of information to upstream servers to enhance + # privacy. Only sent minimum required labels of the QNAME and set QTYPE + # to NS when possible. + # qname-minimisation: no + # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no - + # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. # caps-whitelist: "licdn.com" - # Enforce privacy of these addresses. Strips them away from answers. - # It may cause DNSSEC validation to additionally mark it as bogus. - # Protects against 'DNS Rebinding' (uses browser as network proxy). - # Only 'private-domain' and 'local-data' names are allowed to have + # Enforce privacy of these addresses. Strips them away from answers. + # It may cause DNSSEC validation to additionally mark it as bogus. + # Protects against 'DNS Rebinding' (uses browser as network proxy). + # Only 'private-domain' and 'local-data' names are allowed to have # these private addresses. No default. # private-address: 10.0.0.0/8 # private-address: 172.16.0.0/12 @@ -315,6 +320,7 @@ server: # private-address: 169.254.0.0/16 # private-address: fd00::/8 # private-address: fe80::/10 + # private-address: ::ffff:0:0/96 # Allow the domain (and its subdomains) to contain private addresses. # local-data statements are allowed to contain private addresses too. @@ -373,7 +379,7 @@ server: # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. # trust-anchor-file: "" - + # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. # Note this gets out of date, use auto-trust-anchor-file please. @@ -383,7 +389,7 @@ server: # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. Like trust-anchor-file - # but has a different file format. Format is BIND-9 style format, + # but has a different file format. Format is BIND-9 style format, # the trusted-keys { name flag proto algo "key"; }; clauses are read. # you need external update procedures to track changes in keys. # trusted-keys-file: "" @@ -408,7 +414,7 @@ server: # Should additional section of secure message also be kept clean of # unsecure data. Useful to shield the users of this validator from - # potential bogus data in the additional section. All unsigned data + # potential bogus data in the additional section. All unsigned data # in the additional section is removed from secure messages. # val-clean-additional: yes @@ -433,7 +439,7 @@ server: # A message with an NSEC3 with larger count is marked insecure. # List in ascending order the keysize and count values. # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" - + # instruct the auto-trust-anchor-file probing to add anchors after ttl. # add-holddown: 2592000 # 30 days @@ -448,7 +454,7 @@ server: # permit-small-holddown: no # the amount of memory to use for the key cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m # the number of slabs to use for the key cache. @@ -457,7 +463,7 @@ server: # key-cache-slabs: 4 # the amount of memory to use for the negative cache (used for DLV). - # plain value in bytes or you can append k, m or G. default is "1Mb". + # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m # By default, for a number of zones a small default 'nothing here' @@ -501,7 +507,7 @@ server: # local-zone: "b.e.f.ip6.arpa." nodefault # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault # And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa. - + # if unbound is running service for the local host then it is useful # to perform lan-wide lookups to the upstream, and unblock the # long list of local-zones above. If this unbound is a dns server @@ -512,7 +518,7 @@ server: # a number of locally served zones can be configured. # local-zone: <zone> <type> # local-data: "<resource record string>" - # o deny serves local data (if any), else, drops queries. + # o deny serves local data (if any), else, drops queries. # o refuse serves local data (if any), else, replies with error. # o static serves local data, else, nxdomain or nodata answer. # o transparent gives local data, but resolves normally for other names @@ -525,7 +531,7 @@ server: # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones # the default content is omitted, or you can omit it with 'nodefault'. - # + # # If you configure local-data without specifying local-zone, by # default a transparent local-zone is created for the data. # @@ -552,7 +558,7 @@ server: # default is "" (disabled). requires restart to take effect. # ssl-service-key: "path/to/privatekeyfile.key" # ssl-service-pem: "path/to/publiccertfile.pem" - # ssl-port: 443 + # ssl-port: 853 # request upstream over SSL (with plain DNS inside the SSL stream). # Default is no. Can be turned on and off with unbound-control. @@ -571,7 +577,7 @@ server: # ratelimit-size: 4m # ratelimit cache slabs, reduces lock contention if equal to cpucount. # ratelimit-slabs: 4 - + # 0 blocks when ratelimited, otherwise let 1/xth traffic through # ratelimit-factor: 10 @@ -590,7 +596,7 @@ python: # Script file to load # python-script: "@UNBOUND_SHARE_DIR@/ubmodule-tst.py" -# Remote control config section. +# Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. @@ -621,9 +627,9 @@ remote-control: # control-cert-file: "@UNBOUND_RUN_DIR@/unbound_control.pem" # Stub zones. -# Create entries like below, to make all queries for 'example.com' and -# 'example.org' go to the given list of nameservers. list zero or more -# nameservers by hostname or by ipaddress. If you set stub-prime to yes, +# Create entries like below, to make all queries for 'example.com' and +# 'example.org' go to the given list of nameservers. list zero or more +# nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. # Consider adding domain-insecure: name and local-zone: name nodefault diff --git a/contrib/unbound/doc/libunbound.3 b/contrib/unbound/doc/libunbound.3 index 9ef367f..d299330 100644 --- a/contrib/unbound/doc/libunbound.3 +++ b/contrib/unbound/doc/libunbound.3 @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "libunbound" "3" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.5 functions. +\- Unbound DNS validating resolver 1.5.7 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in index 9ef367f..d299330 100644 --- a/contrib/unbound/doc/libunbound.3.in +++ b/contrib/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "libunbound" "3" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.5 functions. +\- Unbound DNS validating resolver 1.5.7 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/contrib/unbound/doc/unbound-anchor.8 b/contrib/unbound/doc/unbound-anchor.8 index 7fbb0a7..5200d18 100644 --- a/contrib/unbound/doc/unbound-anchor.8 +++ b/contrib/unbound/doc/unbound-anchor.8 @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-anchor" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in index e89be5b..e5e6364 100644 --- a/contrib/unbound/doc/unbound-anchor.8.in +++ b/contrib/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-anchor" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/contrib/unbound/doc/unbound-checkconf.8 b/contrib/unbound/doc/unbound-checkconf.8 index eaa406b..19ecb1e 100644 --- a/contrib/unbound/doc/unbound-checkconf.8 +++ b/contrib/unbound/doc/unbound-checkconf.8 @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-checkconf" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in index 234a04a..2d3c4ae 100644 --- a/contrib/unbound/doc/unbound-checkconf.8.in +++ b/contrib/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-checkconf" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/contrib/unbound/doc/unbound-control.8 b/contrib/unbound/doc/unbound-control.8 index 5de37cf..e1fa36ab 100644 --- a/contrib/unbound/doc/unbound-control.8 +++ b/contrib/unbound/doc/unbound-control.8 @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-control" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -169,7 +169,7 @@ therefore not flushed. The option must end with a ':' and whitespace must be between the option and the value. Some values may not have an effect if set this way, the new values are not written to the config file, not all options are supported. This is different from the set_option call -in libunbound, where all values work because unbound has not been inited. +in libunbound, where all values work because unbound has not been initialized. .IP The values that work are: statistics\-interval, statistics\-cumulative, do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries, diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in index eefd207..57742ae 100644 --- a/contrib/unbound/doc/unbound-control.8.in +++ b/contrib/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-control" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -169,7 +169,7 @@ therefore not flushed. The option must end with a ':' and whitespace must be between the option and the value. Some values may not have an effect if set this way, the new values are not written to the config file, not all options are supported. This is different from the set_option call -in libunbound, where all values work because unbound has not been inited. +in libunbound, where all values work because unbound has not been initialized. .IP The values that work are: statistics\-interval, statistics\-cumulative, do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries, diff --git a/contrib/unbound/doc/unbound-host.1 b/contrib/unbound/doc/unbound-host.1 index d600ee6..70b697f 100644 --- a/contrib/unbound/doc/unbound-host.1 +++ b/contrib/unbound/doc/unbound-host.1 @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound\-host" "1" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in index a4742d7..eeb25f0 100644 --- a/contrib/unbound/doc/unbound-host.1.in +++ b/contrib/unbound/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound\-host" "1" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/contrib/unbound/doc/unbound.8 b/contrib/unbound/doc/unbound.8 index 3935e61..86fcb59 100644 --- a/contrib/unbound/doc/unbound.8 +++ b/contrib/unbound/doc/unbound.8 @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.5. +\- Unbound DNS validating resolver 1.5.7. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in index df9baa0..ed139a7 100644 --- a/contrib/unbound/doc/unbound.8.in +++ b/contrib/unbound/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound" "8" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.5. +\- Unbound DNS validating resolver 1.5.7. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/contrib/unbound/doc/unbound.conf.5 b/contrib/unbound/doc/unbound.conf.5 index bd5ef40..16155de 100644 --- a/contrib/unbound/doc/unbound.conf.5 +++ b/contrib/unbound/doc/unbound.conf.5 @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound.conf" "5" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -362,7 +362,7 @@ The public key certificate pem file for the ssl service. Default is "", turned off. .TP .B ssl\-port: \fI<number> -The port number on which to provide TCP SSL service, default 443, only +The port number on which to provide TCP SSL service, default 853, only interfaces configured with that port number as @number get the SSL service. .TP .B do\-daemonize: \fI<yes or no> @@ -444,6 +444,8 @@ requires privileges, then a reload will fail; a restart is needed. .TP .B directory: \fI<directory> Sets the working directory for the program. Default is "/var/unbound". +On Windows the string "%EXECUTABLE%" tries to change to the directory +that unbound.exe resides in. .TP .B logfile: \fI<filename> If "" is given, logging goes to stderr, or nowhere once daemonized. @@ -481,7 +483,7 @@ kill \-HUP `cat /var/unbound/unbound.pid` .fi triggers a reload, .nf -kill \-QUIT `cat /var/unbound/unbound.pid` +kill \-TERM `cat /var/unbound/unbound.pid` .fi gracefully terminates. .TP @@ -585,23 +587,30 @@ queries. For domains that do not support 0x20 and also fail with fallback because they keep sending different answers, like some load balancers. Can be given multiple times, for different domains. .TP +.B qname\-minimisation: \fI<yes or no> +Send minimum amount of information to upstream servers to enhance privacy. +Only sent minimum required labels of the QNAME and set QTYPE to NS when +possible. Best effort approach, full QNAME and original QTYPE will be sent when +upstream replies with a RCODE other than NOERROR. Default is off. +.TP .B private\-address: \fI<IP address or subnet> Give IPv4 of IPv6 addresses or classless subnets. These are addresses -on your private network, and are not allowed to be returned for public -internet names. Any occurence of such addresses are removed from -DNS answers. Additionally, the DNSSEC validator may mark the answers -bogus. This protects against so\-called DNS Rebinding, where a user browser -is turned into a network proxy, allowing remote access through the browser -to other parts of your private network. Some names can be allowed to -contain your private addresses, by default all the \fBlocal\-data\fR -that you configured is allowed to, and you can specify additional -names using \fBprivate\-domain\fR. No private addresses are enabled -by default. We consider to enable this for the RFC1918 private IP -address space by default in later releases. That would enable private -addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 -fd00::/8 and fe80::/10, since the RFC standards say these addresses -should not be visible on the public internet. Turning on 127.0.0.0/8 -would hinder many spamblocklists as they use that. +on your private network, and are not allowed to be returned for +public internet names. Any occurrence of such addresses are removed +from DNS answers. Additionally, the DNSSEC validator may mark the +answers bogus. This protects against so\-called DNS Rebinding, where +a user browser is turned into a network proxy, allowing remote access +through the browser to other parts of your private network. Some names +can be allowed to contain your private addresses, by default all the +\fBlocal\-data\fR that you configured is allowed to, and you can specify +additional names using \fBprivate\-domain\fR. No private addresses are +enabled by default. We consider to enable this for the RFC1918 private +IP address space by default in later releases. That would enable private +addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 +fd00::/8 and fe80::/10, since the RFC standards say these addresses +should not be visible on the public internet. Turning on 127.0.0.0/8 +would hinder many spamblocklists as they use that. Adding ::ffff:0:0/96 +stops IPv4-mapped IPv6 addresses from bypassing the filter. .TP .B private\-domain: \fI<domain name> Allow this domain, and all its subdomains to contain private addresses. @@ -746,7 +755,7 @@ Instruct the validator to remove data from the additional section of secure messages that are not signed properly. Messages that are insecure, bogus, indeterminate or unchecked are not affected. Default is yes. Use this setting to protect the users that rely on this validator for authentication from -protentially bad data in the additional section. +potentially bad data in the additional section. .TP .B val\-log\-level: \fI<number> Have the validator print validation failures to the log. Regardless of @@ -1033,7 +1042,7 @@ If set to 0, all queries are dropped for domains where the limit is exceeded. If set to another value, 1 in that number is allowed through to complete. Default is 10, allowing 1/10 traffic to flow normally. This can make ordinary queries complete (if repeatedly queried for), -and enter the cache, whilst also mitigiting the traffic flow by the +and enter the cache, whilst also mitigating the traffic flow by the factor given. .TP 5 .B ratelimit\-for\-domain: \fI<domain> <number qps> diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in index 42653a5..51f7c4e 100644 --- a/contrib/unbound/doc/unbound.conf.5.in +++ b/contrib/unbound/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound.conf" "5" "Dec 10, 2015" "NLnet Labs" "unbound 1.5.7" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -362,7 +362,7 @@ The public key certificate pem file for the ssl service. Default is "", turned off. .TP .B ssl\-port: \fI<number> -The port number on which to provide TCP SSL service, default 443, only +The port number on which to provide TCP SSL service, default 853, only interfaces configured with that port number as @number get the SSL service. .TP .B do\-daemonize: \fI<yes or no> @@ -444,6 +444,8 @@ requires privileges, then a reload will fail; a restart is needed. .TP .B directory: \fI<directory> Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@". +On Windows the string "%EXECUTABLE%" tries to change to the directory +that unbound.exe resides in. .TP .B logfile: \fI<filename> If "" is given, logging goes to stderr, or nowhere once daemonized. @@ -585,23 +587,30 @@ queries. For domains that do not support 0x20 and also fail with fallback because they keep sending different answers, like some load balancers. Can be given multiple times, for different domains. .TP +.B qname\-minimisation: \fI<yes or no> +Send minimum amount of information to upstream servers to enhance privacy. +Only sent minimum required labels of the QNAME and set QTYPE to NS when +possible. Best effort approach, full QNAME and original QTYPE will be sent when +upstream replies with a RCODE other than NOERROR. Default is off. +.TP .B private\-address: \fI<IP address or subnet> Give IPv4 of IPv6 addresses or classless subnets. These are addresses -on your private network, and are not allowed to be returned for public -internet names. Any occurence of such addresses are removed from -DNS answers. Additionally, the DNSSEC validator may mark the answers -bogus. This protects against so\-called DNS Rebinding, where a user browser -is turned into a network proxy, allowing remote access through the browser -to other parts of your private network. Some names can be allowed to -contain your private addresses, by default all the \fBlocal\-data\fR -that you configured is allowed to, and you can specify additional -names using \fBprivate\-domain\fR. No private addresses are enabled -by default. We consider to enable this for the RFC1918 private IP -address space by default in later releases. That would enable private -addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 -fd00::/8 and fe80::/10, since the RFC standards say these addresses -should not be visible on the public internet. Turning on 127.0.0.0/8 -would hinder many spamblocklists as they use that. +on your private network, and are not allowed to be returned for +public internet names. Any occurrence of such addresses are removed +from DNS answers. Additionally, the DNSSEC validator may mark the +answers bogus. This protects against so\-called DNS Rebinding, where +a user browser is turned into a network proxy, allowing remote access +through the browser to other parts of your private network. Some names +can be allowed to contain your private addresses, by default all the +\fBlocal\-data\fR that you configured is allowed to, and you can specify +additional names using \fBprivate\-domain\fR. No private addresses are +enabled by default. We consider to enable this for the RFC1918 private +IP address space by default in later releases. That would enable private +addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 +fd00::/8 and fe80::/10, since the RFC standards say these addresses +should not be visible on the public internet. Turning on 127.0.0.0/8 +would hinder many spamblocklists as they use that. Adding ::ffff:0:0/96 +stops IPv4-mapped IPv6 addresses from bypassing the filter. .TP .B private\-domain: \fI<domain name> Allow this domain, and all its subdomains to contain private addresses. @@ -746,7 +755,7 @@ Instruct the validator to remove data from the additional section of secure messages that are not signed properly. Messages that are insecure, bogus, indeterminate or unchecked are not affected. Default is yes. Use this setting to protect the users that rely on this validator for authentication from -protentially bad data in the additional section. +potentially bad data in the additional section. .TP .B val\-log\-level: \fI<number> Have the validator print validation failures to the log. Regardless of @@ -1033,7 +1042,7 @@ If set to 0, all queries are dropped for domains where the limit is exceeded. If set to another value, 1 in that number is allowed through to complete. Default is 10, allowing 1/10 traffic to flow normally. This can make ordinary queries complete (if repeatedly queried for), -and enter the cache, whilst also mitigiting the traffic flow by the +and enter the cache, whilst also mitigating the traffic flow by the factor given. .TP 5 .B ratelimit\-for\-domain: \fI<domain> <number qps> diff --git a/contrib/unbound/iterator/iter_scrub.c b/contrib/unbound/iterator/iter_scrub.c index cc05867..8a3fc17 100644 --- a/contrib/unbound/iterator/iter_scrub.c +++ b/contrib/unbound/iterator/iter_scrub.c @@ -405,7 +405,43 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, /* Follow the CNAME chain. */ if(rrset->type == LDNS_RR_TYPE_CNAME) { + struct rrset_parse* nx = rrset->rrset_all_next; uint8_t* oldsname = sname; + /* see if the next one is a DNAME, if so, swap them */ + if(nx && nx->section == LDNS_SECTION_ANSWER && + nx->type == LDNS_RR_TYPE_DNAME && + nx->rr_count == 1 && + pkt_strict_sub(pkt, sname, nx->dname)) { + /* there is a DNAME after this CNAME, it + * is in the ANSWER section, and the DNAME + * applies to the name we cover */ + /* check if the alias of the DNAME equals + * this CNAME */ + uint8_t alias[LDNS_MAX_DOMAINLEN+1]; + size_t aliaslen = 0; + uint8_t* t = NULL; + size_t tlen = 0; + if(synth_cname(sname, snamelen, nx, alias, + &aliaslen, pkt) && + parse_get_cname_target(rrset, &t, &tlen) && + dname_pkt_compare(pkt, alias, t) == 0) { + /* the synthesized CNAME equals the + * current CNAME. This CNAME is the + * one that the DNAME creates, and this + * CNAME is better capitalised */ + verbose(VERB_ALGO, "normalize: re-order of DNAME and its CNAME"); + if(prev) prev->rrset_all_next = nx; + else msg->rrset_first = nx; + if(nx->rrset_all_next == NULL) + msg->rrset_last = rrset; + rrset->rrset_all_next = + nx->rrset_all_next; + nx->rrset_all_next = rrset; + prev = nx; + } + } + + /* move to next name in CNAME chain */ if(!parse_get_cname_target(rrset, &sname, &snamelen)) return 0; prev = rrset; @@ -638,7 +674,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, * children of the originating zone. The idea here is that, * as far as we know, the server that we contacted is ONLY * authoritative for the originating zone. It, of course, MAY - * be authoriative for any other zones, and of course, MAY + * be authoritative for any other zones, and of course, MAY * NOT be authoritative for some subdomains of the originating * zone. */ prev = NULL; diff --git a/contrib/unbound/iterator/iter_utils.c b/contrib/unbound/iterator/iter_utils.c index bc94ef6..58e62fb 100644 --- a/contrib/unbound/iterator/iter_utils.c +++ b/contrib/unbound/iterator/iter_utils.c @@ -255,7 +255,7 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, return -1; /* server is lame */ else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) /* server is unresponsive, - * we used to return TOP_TIMOUT, but fairly useless, + * we used to return TOP_TIMEOUT, but fairly useless, * because if == TOP_TIMEOUT is dropped because * blacklisted later, instead, remove it here, so * other choices (that are not blacklisted) can be @@ -306,7 +306,7 @@ iter_fill_rtt(struct iter_env* iter_env, struct module_env* env, return got_it; } -/** filter the addres list, putting best targets at front, +/** filter the address list, putting best targets at front, * returns number of best targets (or 0, no suitable targets) */ static int iter_filter_order(struct iter_env* iter_env, struct module_env* env, diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c index 96918fa..b1bf902 100644 --- a/contrib/unbound/iterator/iterator.c +++ b/contrib/unbound/iterator/iterator.c @@ -64,6 +64,7 @@ #include "util/random.h" #include "sldns/rrdef.h" #include "sldns/wire2str.h" +#include "sldns/str2wire.h" #include "sldns/parseutil.h" #include "sldns/sbuffer.h" @@ -81,6 +82,21 @@ iter_init(struct module_env* env, int id) log_err("iterator: could not apply configuration settings."); return 0; } + if(env->cfg->qname_minimisation) { + uint8_t dname[LDNS_MAX_DOMAINLEN+1]; + size_t len = sizeof(dname); + if(sldns_str2wire_dname_buf("ip6.arpa.", dname, &len) != 0) { + log_err("ip6.arpa. parse error"); + return 0; + } + iter_env->ip6arpa_dname = (uint8_t*)malloc(len); + if(!iter_env->ip6arpa_dname) { + log_err("malloc failure"); + return 0; + } + memcpy(iter_env->ip6arpa_dname, dname, len); + } + return 1; } @@ -101,6 +117,7 @@ iter_deinit(struct module_env* env, int id) if(!env || !env->modinfo[id]) return; iter_env = (struct iter_env*)env->modinfo[id]; + free(iter_env->ip6arpa_dname); free(iter_env->target_fetch_policy); priv_delete(iter_env->priv); donotq_delete(iter_env->donotq); @@ -145,6 +162,12 @@ iter_new(struct module_qstate* qstate, int id) /* Start with the (current) qname. */ iq->qchase = qstate->qinfo; outbound_list_init(&iq->outlist); + if (qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; + else + iq->minimisation_state = DONOT_MINIMISE_STATE; + + memset(&iq->qinfo_out, 0, sizeof(struct query_info)); return 1; } @@ -176,7 +199,7 @@ next_state(struct iter_qstate* iq, enum iter_state nextstate) /** * Transition an event to its final state. Final states always either return * a result up the module chain, or reactivate a dependent event. Which - * final state to transtion to is set in the module state for the event when + * final state to transition to is set in the module state for the event when * it was created, and depends on the original purpose of the event. * * The response is stored in the qstate->buf buffer. @@ -506,7 +529,7 @@ target_count_increase(struct iter_qstate* iq, int num) /** * Generate a subrequest. * Generate a local request event. Local events are tied to this module, and - * have a correponding (first tier) event that is waiting for this event to + * have a corresponding (first tier) event that is waiting for this event to * resolve to continue. * * @param qname The query name for this request. @@ -590,6 +613,11 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, subiq->qchase = subq->qinfo; subiq->chase_flags = subq->query_flags; subiq->refetch_glue = 0; + if(qstate->env->cfg->qname_minimisation) + subiq->minimisation_state = INIT_MINIMISE_STATE; + else + subiq->minimisation_state = DONOT_MINIMISE_STATE; + memset(&subiq->qinfo_out, 0, sizeof(struct query_info)); } return 1; } @@ -1042,6 +1070,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, iq->query_restart_count++; iq->sent_count = 0; sock_list_insert(&qstate->reply_origin, NULL, 0, qstate->region); + if(qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; return next_state(iq, INIT_REQUEST_STATE); } @@ -1062,6 +1092,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } iq->refetch_glue = 0; + iq->minimisation_state = DONOT_MINIMISE_STATE; /* the request has been forwarded. * forwarded requests need to be immediately sent to the * next state, QUERYTARGETS. */ @@ -1599,6 +1630,8 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, iq->refetch_glue = 1; iq->query_restart_count++; iq->sent_count = 0; + if(qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; return next_state(iq, INIT_REQUEST_STATE); } } @@ -1975,9 +2008,78 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } } + if(iq->minimisation_state == INIT_MINIMISE_STATE) { + /* (Re)set qinfo_out to (new) delegation point, except + * when qinfo_out is already a subdomain of dp. This happens + * when resolving ip6.arpa dnames. */ + if(!(iq->qinfo_out.qname_len + && dname_subdomain_c(iq->qchase.qname, + iq->qinfo_out.qname) + && dname_subdomain_c(iq->qinfo_out.qname, + iq->dp->name))) { + iq->qinfo_out.qname = iq->dp->name; + iq->qinfo_out.qname_len = iq->dp->namelen; + iq->qinfo_out.qtype = LDNS_RR_TYPE_NS; + iq->qinfo_out.qclass = iq->qchase.qclass; + } + + iq->minimisation_state = MINIMISE_STATE; + } + if(iq->minimisation_state == MINIMISE_STATE) { + int labdiff = dname_count_labels(iq->qchase.qname) - + dname_count_labels(iq->qinfo_out.qname); + + iq->qinfo_out.qname = iq->qchase.qname; + iq->qinfo_out.qname_len = iq->qchase.qname_len; + + /* Special treatment for ip6.arpa lookups. + * Reverse IPv6 dname has 34 labels, increment the IP part + * (usually first 32 labels) by 8 labels (7 more than the + * default 1 label increment). */ + if(labdiff <= 32 && + dname_subdomain_c(iq->qchase.qname, ie->ip6arpa_dname)) { + labdiff -= 7; + /* Small chance of zone cut after first label. Stop + * minimising */ + if(labdiff <= 1) + labdiff = 0; + } + + if(labdiff > 1) { + verbose(VERB_QUERY, "removing %d labels", labdiff-1); + dname_remove_labels(&iq->qinfo_out.qname, + &iq->qinfo_out.qname_len, + labdiff-1); + } + if(labdiff < 1 || + (labdiff < 2 && iq->qchase.qtype == LDNS_RR_TYPE_DS)) + /* Stop minimising this query, resolve "as usual" */ + iq->minimisation_state = DONOT_MINIMISE_STATE; + else { + struct dns_msg* msg = dns_cache_lookup(qstate->env, + iq->qinfo_out.qname, iq->qinfo_out.qname_len, + iq->qinfo_out.qtype, iq->qinfo_out.qclass, + qstate->query_flags, qstate->region, + qstate->env->scratch); + if(msg && msg->rep->an_numrrsets == 0 + && FLAGS_GET_RCODE(msg->rep->flags) == + LDNS_RCODE_NOERROR) + /* no need to send query if it is already + * cached as NOERROR/NODATA */ + return 1; + } + + } + if(iq->minimisation_state == SKIP_MINIMISE_STATE) + /* Do not increment qname, continue incrementing next + * iteration */ + iq->minimisation_state = MINIMISE_STATE; + if(iq->minimisation_state == DONOT_MINIMISE_STATE) + iq->qinfo_out = iq->qchase; + /* We have a valid target. */ if(verbosity >= VERB_QUERY) { - log_query_info(VERB_QUERY, "sending query:", &iq->qchase); + log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out); log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, &target->addr, target->addrlen); verbose(VERB_ALGO, "dnssec status: %s%s", @@ -1986,8 +2088,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query)); outq = (*qstate->env->send_query)( - iq->qchase.qname, iq->qchase.qname_len, - iq->qchase.qtype, iq->qchase.qclass, + iq->qinfo_out.qname, iq->qinfo_out.qname_len, + iq->qinfo_out.qtype, iq->qinfo_out.qclass, iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), EDNS_DO|BIT_CD, iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( ie, iq), &target->addr, target->addrlen, iq->dp->name, @@ -2042,6 +2144,9 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, enum response_type type; iq->num_current_queries--; if(iq->response == NULL) { + /* Don't increment qname when QNAME minimisation is enabled */ + if (qstate->env->cfg->qname_minimisation) + iq->minimisation_state = SKIP_MINIMISE_STATE; iq->chase_to_rd = 0; iq->dnssec_lame_query = 0; verbose(VERB_ALGO, "query response was timeout"); @@ -2142,6 +2247,15 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); + if(iq->minimisation_state != DONOT_MINIMISE_STATE) { + /* Best effort qname-minimisation. + * Stop minimising and send full query when RCODE + * is not NOERROR */ + if(FLAGS_GET_RCODE(iq->response->rep->flags) != + LDNS_RCODE_NOERROR) + iq->minimisation_state = DONOT_MINIMISE_STATE; + return next_state(iq, QUERYTARGETS_STATE); + } return final_state(iq); } else if(type == RESPONSE_TYPE_REFERRAL) { /* REFERRAL type responses get a reset of the @@ -2201,6 +2315,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, * point to the referral. */ iq->deleg_msg = iq->response; iq->dp = delegpt_from_message(iq->response, qstate->region); + if (qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; if(!iq->dp) return error_response(qstate, id, LDNS_RCODE_SERVFAIL); if(!cache_fill_missing(qstate->env, iq->qchase.qclass, @@ -2280,6 +2396,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* set the current request's qname to the new value. */ iq->qchase.qname = sname; iq->qchase.qname_len = snamelen; + if (qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; /* Clear the query state, since this is a query restart. */ iq->deleg_msg = NULL; iq->dp = NULL; @@ -2353,6 +2471,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* LAME, THROWAWAY and "unknown" all end up here. * Recycle to the QUERYTARGETS state to hopefully try a * different target. */ + if (qstate->env->cfg->qname_minimisation) + iq->minimisation_state = DONOT_MINIMISE_STATE; return next_state(iq, QUERYTARGETS_STATE); } @@ -2968,7 +3088,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, prs->flags &= ~BIT_CD; /* normalize and sanitize: easy to delete items from linked lists */ - if(!scrub_message(pkt, prs, &iq->qchase, iq->dp->name, + if(!scrub_message(pkt, prs, &iq->qinfo_out, iq->dp->name, qstate->env->scratch, qstate->env, ie)) { /* if 0x20 enabled, start fallback, but we have no message */ if(event == module_event_capsfail && !iq->caps_fallback) { diff --git a/contrib/unbound/iterator/iterator.h b/contrib/unbound/iterator/iterator.h index 9cf53b2..b7aa82e 100644 --- a/contrib/unbound/iterator/iterator.h +++ b/contrib/unbound/iterator/iterator.h @@ -112,6 +112,32 @@ struct iter_env { * array of max_dependency_depth+1 size. */ int* target_fetch_policy; + + /** ip6.arpa dname in wireformat, used for qname-minimisation */ + uint8_t* ip6arpa_dname; +}; + +/** + * QNAME minimisation state + */ +enum minimisation_state { + /** + * (Re)start minimisation. Outgoing QNAME should be set to dp->name. + * State entered on new query or after following refferal or CNAME. + */ + INIT_MINIMISE_STATE = 0, + /** + * QNAME minimisataion ongoing. Increase QNAME on every iteration. + */ + MINIMISE_STATE, + /** + * Don't increment QNAME this iteration + */ + SKIP_MINIMISE_STATE, + /** + * Send out full QNAME + original QTYPE + */ + DONOT_MINIMISE_STATE, }; /** @@ -322,6 +348,15 @@ struct iter_qstate { /** list of pending queries to authoritative servers. */ struct outbound_list outlist; + + /** QNAME minimisation state */ + enum minimisation_state minimisation_state; + + /** + * The query info that is sent upstream. Will be a subset of qchase + * when qname minimisation is enabled. + */ + struct query_info qinfo_out; }; /** diff --git a/contrib/unbound/libunbound/libunbound.c b/contrib/unbound/libunbound/libunbound.c index 7c2509b..17f50e8 100644 --- a/contrib/unbound/libunbound/libunbound.c +++ b/contrib/unbound/libunbound/libunbound.c @@ -68,6 +68,9 @@ #ifdef HAVE_SYS_WAIT_H #include <sys/wait.h> #endif +#ifdef HAVE_TIME_H +#include <time.h> +#endif #if defined(UB_ON_WINDOWS) && defined (HAVE_WINDOWS_H) #include <windows.h> diff --git a/contrib/unbound/libunbound/python/Makefile b/contrib/unbound/libunbound/python/Makefile index 01b0577..9a98ef5 100644 --- a/contrib/unbound/libunbound/python/Makefile +++ b/contrib/unbound/libunbound/python/Makefile @@ -36,7 +36,7 @@ help: @echo "Please use \`make <target>' where <target> is one of" @echo " testenv to make test environment and run bash " - @echo " usefull in case you don't want to install unbound but want to test examples" + @echo " useful in case you don't want to install unbound but want to test examples" @echo " doc to make documentation" @echo " clean clean all" diff --git a/contrib/unbound/libunbound/python/doc/install.rst b/contrib/unbound/libunbound/python/doc/install.rst index f638ed1..a073a5c 100644 --- a/contrib/unbound/libunbound/python/doc/install.rst +++ b/contrib/unbound/libunbound/python/doc/install.rst @@ -22,7 +22,7 @@ You need GNU make to compile sources; SWIG and Python devel libraries to compile **Testing** -If the compilation is successfull, you can test the python LDNS extension module by:: +If the compilation is successful, you can test the python LDNS extension module by:: > cd contrib/python > make testenv diff --git a/contrib/unbound/libunbound/python/doc/modules/unbound.rst b/contrib/unbound/libunbound/python/doc/modules/unbound.rst index 21f4a12..77e4cd1 100644 --- a/contrib/unbound/libunbound/python/doc/modules/unbound.rst +++ b/contrib/unbound/libunbound/python/doc/modules/unbound.rst @@ -42,7 +42,7 @@ Class ub_result False, if validation failed or domain queried has no security info. It is possible to get a result with no data (havedata is false), - and secure is true. This means that the non-existance of the data + and secure is true. This means that the non-existence of the data was cryptographically proven (with signatures). .. attribute:: bogus diff --git a/contrib/unbound/libunbound/python/examples/dnssec-valid.py b/contrib/unbound/libunbound/python/examples/dnssec-valid.py index 386f4c2..c5517ef 100644 --- a/contrib/unbound/libunbound/python/examples/dnssec-valid.py +++ b/contrib/unbound/libunbound/python/examples/dnssec-valid.py @@ -44,7 +44,7 @@ ctx.debugout(fw) ctx.debuglevel(2) if os.path.isfile("keys"): - ctx.add_ta_file("keys") #read public keys for DNSSEC verificatio + ctx.add_ta_file("keys") #read public keys for DNSSEC verification status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) if status == 0 and result.havedata: diff --git a/contrib/unbound/libunbound/python/libunbound.i b/contrib/unbound/libunbound/python/libunbound.i index 3c0e45b..50a9b67 100644 --- a/contrib/unbound/libunbound/python/libunbound.i +++ b/contrib/unbound/libunbound/python/libunbound.i @@ -1,5 +1,5 @@ /* - * libounbound.i: pyUnbound module (libunbound wrapper for Python) + * libunbound.i: pyUnbound module (libunbound wrapper for Python) * * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) @@ -455,7 +455,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104'] #_UB_CTX_METHODS# def zone_print(self): - """Print local zones using debougout""" + """Print local zones using debugout""" _unbound.ub_ctx_print_local_zones(self) def zone_add(self,zonename,zonetype): diff --git a/contrib/unbound/ltmain.sh b/contrib/unbound/ltmain.sh index 63ae69d..6fdf4ba 100755 --- a/contrib/unbound/ltmain.sh +++ b/contrib/unbound/ltmain.sh @@ -4394,7 +4394,7 @@ EOF { /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX namespace, but it is not one of the ones we know about and - have already dealt with, above (inluding dump-script), then + have already dealt with, above (including dump-script), then report an error. Otherwise, targets might begin to believe they are allowed to use options in the LTWRAPPER_OPTION_PREFIX namespace. The first time any user complains about this, we'll diff --git a/contrib/unbound/services/cache/dns.c b/contrib/unbound/services/cache/dns.c index ba81afd..e14e636 100644 --- a/contrib/unbound/services/cache/dns.c +++ b/contrib/unbound/services/cache/dns.c @@ -656,8 +656,9 @@ fill_any(struct module_env* env, time_t now = *env->now; struct dns_msg* msg = NULL; uint16_t lookup[] = {LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, - LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, 0}; - int i, num=5; /* number of RR types to look up */ + LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, + LDNS_RR_TYPE_DNAME, 0}; + int i, num=6; /* number of RR types to look up */ log_assert(lookup[num] == 0); for(i=0; i<num; i++) { diff --git a/contrib/unbound/services/cache/rrset.c b/contrib/unbound/services/cache/rrset.c index 2c85529..2f6a1b5 100644 --- a/contrib/unbound/services/cache/rrset.c +++ b/contrib/unbound/services/cache/rrset.c @@ -190,6 +190,7 @@ rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, uint16_t rrset_type = ntohs(k->rk.type); int equal = 0; log_assert(ref->id != 0 && k->id != 0); + log_assert(k->rk.dname != NULL); /* looks up item with a readlock - no editing! */ if((e=slabhash_lookup(&r->table, h, k, 0)) != 0) { /* return id and key as they will be used in the cache diff --git a/contrib/unbound/sldns/parseutil.h b/contrib/unbound/sldns/parseutil.h index dfa1c2a..c5238bc 100644 --- a/contrib/unbound/sldns/parseutil.h +++ b/contrib/unbound/sldns/parseutil.h @@ -56,13 +56,13 @@ time_t sldns_mktime_from_utc(const struct tm *tm); /** * The function interprets time as the number of seconds since epoch - * with respect to now using serial arithmitics (rfc1982). + * with respect to now using serial arithmetics (rfc1982). * That number of seconds is then converted to broken-out time information. * This is especially usefull when converting the inception and expiration * fields of RRSIG records. * * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) - * to be intepreted as a serial arithmitics number relative to now. + * to be intepreted as a serial arithmetics number relative to now. * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) * to which the time value is compared to determine the final value. * \param[out] result the struct with the broken-out time information diff --git a/contrib/unbound/sldns/wire2str.c b/contrib/unbound/sldns/wire2str.c index cec3bc7..5cbd78e 100644 --- a/contrib/unbound/sldns/wire2str.c +++ b/contrib/unbound/sldns/wire2str.c @@ -697,6 +697,9 @@ int sldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s, } w += n; } + if(*dlen != 0) { + goto failed; + } return w; } diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c index 92bfa84..81bb896 100644 --- a/contrib/unbound/smallapp/unbound-anchor.c +++ b/contrib/unbound/smallapp/unbound-anchor.c @@ -95,7 +95,7 @@ * signed yet; avoids attacks on system clock). The * last-successful-RFC5011-probe (if available) has to be more than 30 days * in the past (otherwise, RFC5011 should have worked). This keeps - * unneccesary https traffic down. If the main certificate is expired, it + * unnecessary https traffic down. If the main certificate is expired, it * fails. * * The dates on the keys in the xml are checked (uses the libexpat xml @@ -1520,7 +1520,11 @@ xml_entitydeclhandler(void *userData, const XML_Char *ATTR_UNUSED(publicId), const XML_Char *ATTR_UNUSED(notationName)) { +#if HAVE_DECL_XML_STOPPARSER (void)XML_StopParser((XML_Parser)userData, XML_FALSE); +#else + (void)userData; +#endif } /** @@ -1828,6 +1832,12 @@ write_unsigned_root(const char* root_anchor_file) root_anchor_file); if(verb && errno != 0) printf("%s\n", strerror(errno)); } + fflush(out); +#ifdef HAVE_FSYNC + fsync(fileno(out)); +#else + FlushFileBuffers((HANDLE)_fileno(out)); +#endif fclose(out); } @@ -1854,6 +1864,12 @@ write_root_anchor(const char* root_anchor_file, BIO* ds) root_anchor_file); if(verb && errno != 0) printf("%s\n", strerror(errno)); } + fflush(out); +#ifdef HAVE_FSYNC + fsync(fileno(out)); +#else + FlushFileBuffers((HANDLE)_fileno(out)); +#endif fclose(out); } diff --git a/contrib/unbound/smallapp/unbound-checkconf.c b/contrib/unbound/smallapp/unbound-checkconf.c index 0524ede..ec07713 100644 --- a/contrib/unbound/smallapp/unbound-checkconf.c +++ b/contrib/unbound/smallapp/unbound-checkconf.c @@ -335,7 +335,9 @@ morechecks(struct config_file* cfg, const char* fname) if(cfg->edns_buffer_size > cfg->msg_buffer_size) fatal_exit("edns-buffer-size larger than msg-buffer-size, " "answers will not fit in processing buffer"); - +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg); +#endif if(cfg->chrootdir && cfg->chrootdir[0] && cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/') fatal_exit("chootdir %s has trailing slash '/' please remove.", diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh b/contrib/unbound/smallapp/unbound-control-setup.sh index 816b4f5..28690b3 100755 --- a/contrib/unbound/smallapp/unbound-control-setup.sh +++ b/contrib/unbound/smallapp/unbound-control-setup.sh @@ -107,16 +107,15 @@ else fi # create self-signed cert for server -cat >request.cfg <<EOF -[req] -default_bits=$BITS -default_md=$HASH -prompt=no -distinguished_name=req_distinguished_name - -[req_distinguished_name] -commonName=$SERVERNAME -EOF +echo "[req]\n" > request.cfg +echo "default_bits=$BITS\n" >> request.cfg +echo "default_md=$HASH\n" >> request.cfg +echo "prompt=no\n" >> request.cfg +echo "distinguished_name=req_distinguished_name\n" >> request.cfg +echo "\n" >> request.cfg +echo "[req_distinguished_name]\n" >> request.cfg +echo "commonName=$SERVERNAME\n" >> request.cfg + test -f request.cfg || error "could not create request.cfg" echo "create $SVR_BASE.pem (self signed certificate)" @@ -125,16 +124,15 @@ openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem" # create client request and sign it, piped -cat >request.cfg <<EOF -[req] -default_bits=$BITS -default_md=$HASH -prompt=no -distinguished_name=req_distinguished_name - -[req_distinguished_name] -commonName=$CLIENTNAME -EOF +echo "[req]\n" > request.cfg +echo "default_bits=$BITS\n" >> request.cfg +echo "default_md=$HASH\n" >> request.cfg +echo "prompt=no\n" >> request.cfg +echo "distinguished_name=req_distinguished_name\n" >> request.cfg +echo "\n" >> request.cfg +echo "[req_distinguished_name]\n" >> request.cfg +echo "commonName=$CLIENTNAME" >> request.cfg + test -f request.cfg || error "could not create request.cfg" echo "create $CTL_BASE.pem (signed client certificate)" diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh.in b/contrib/unbound/smallapp/unbound-control-setup.sh.in index 682ab26..f99d7bc 100755 --- a/contrib/unbound/smallapp/unbound-control-setup.sh.in +++ b/contrib/unbound/smallapp/unbound-control-setup.sh.in @@ -107,16 +107,15 @@ else fi # create self-signed cert for server -cat >request.cfg <<EOF -[req] -default_bits=$BITS -default_md=$HASH -prompt=no -distinguished_name=req_distinguished_name - -[req_distinguished_name] -commonName=$SERVERNAME -EOF +echo "[req]\n" > request.cfg +echo "default_bits=$BITS\n" >> request.cfg +echo "default_md=$HASH\n" >> request.cfg +echo "prompt=no\n" >> request.cfg +echo "distinguished_name=req_distinguished_name\n" >> request.cfg +echo "\n" >> request.cfg +echo "[req_distinguished_name]\n" >> request.cfg +echo "commonName=$SERVERNAME\n" >> request.cfg + test -f request.cfg || error "could not create request.cfg" echo "create $SVR_BASE.pem (self signed certificate)" @@ -125,16 +124,15 @@ openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem" # create client request and sign it, piped -cat >request.cfg <<EOF -[req] -default_bits=$BITS -default_md=$HASH -prompt=no -distinguished_name=req_distinguished_name - -[req_distinguished_name] -commonName=$CLIENTNAME -EOF +echo "[req]\n" > request.cfg +echo "default_bits=$BITS\n" >> request.cfg +echo "default_md=$HASH\n" >> request.cfg +echo "prompt=no\n" >> request.cfg +echo "distinguished_name=req_distinguished_name\n" >> request.cfg +echo "\n" >> request.cfg +echo "[req_distinguished_name]\n" >> request.cfg +echo "commonName=$CLIENTNAME" >> request.cfg + test -f request.cfg || error "could not create request.cfg" echo "create $CTL_BASE.pem (signed client certificate)" diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c index 571b4d0..fac73b0 100644 --- a/contrib/unbound/smallapp/unbound-control.c +++ b/contrib/unbound/smallapp/unbound-control.c @@ -156,10 +156,12 @@ setup_ctx(struct config_file* cfg) ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2) ssl_err("could not set SSL_OP_NO_SSLv2"); if(cfg->remote_control_use_cert) { - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3) ssl_err("could not set SSL_OP_NO_SSLv3"); if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) || !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) @@ -361,6 +363,9 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[]) fatal_exit("could not read config file"); if(!cfg->remote_control_enable) log_warn("control-enable is 'no' in the config file."); +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg); +#endif ctx = setup_ctx(cfg); /* contact server */ diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c index 062d12d..6354e99 100644 --- a/contrib/unbound/util/config_file.c +++ b/contrib/unbound/util/config_file.c @@ -100,7 +100,7 @@ config_create(void) cfg->tcp_upstream = 0; cfg->ssl_service_key = NULL; cfg->ssl_service_pem = NULL; - cfg->ssl_port = 443; + cfg->ssl_port = 853; cfg->ssl_upstream = 0; cfg->use_syslog = 1; cfg->log_time_ascii = 0; @@ -240,6 +240,7 @@ config_create(void) cfg->ratelimit_for_domain = NULL; cfg->ratelimit_below_domain = NULL; cfg->ratelimit_factor = 10; + cfg->qname_minimisation = 0; return cfg; error_exit: config_delete(cfg); @@ -473,6 +474,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_MEMSIZE("ratelimit-size:", ratelimit_size) else S_POW2("ratelimit-slabs:", ratelimit_slabs) else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor) + else S_YNO("qname-minimisation:", qname_minimisation) /* val_sig_skew_min and max are copied into val_env during init, * so this does not update val_env with set_option */ else if(strcmp(opt, "val-sig-skew-min:") == 0) @@ -747,6 +749,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "ratelimit-factor", ratelimit_factor) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) + else O_YNO(opt, "qname-minimisation", qname_minimisation) /* not here: * outgoing-permit, outgoing-avoid - have list of ports * local-zone - zones and nodefault variables @@ -1555,6 +1558,28 @@ w_lookup_reg_str(const char* key, const char* name) } return result; } + +void w_config_adjust_directory(struct config_file* cfg) +{ + if(cfg->directory && cfg->directory[0]) { + TCHAR dirbuf[2*MAX_PATH+4]; + if(strcmp(cfg->directory, "%EXECUTABLE%") == 0) { + /* get executable path, and if that contains + * directories, snip off the filename part */ + dirbuf[0] = 0; + if(!GetModuleFileName(NULL, dirbuf, MAX_PATH)) + log_err("could not GetModuleFileName"); + if(strrchr(dirbuf, '\\')) { + (strrchr(dirbuf, '\\'))[0] = 0; + } else log_err("GetModuleFileName had no path"); + if(dirbuf[0]) { + /* adjust directory for later lookups to work*/ + free(cfg->directory); + cfg->directory = memdup(dirbuf, strlen(dirbuf)+1); + } + } + } +} #endif /* UB_ON_WINDOWS */ void errinf(struct module_qstate* qstate, const char* str) diff --git a/contrib/unbound/util/config_file.h b/contrib/unbound/util/config_file.h index 99b15e0..8fa163e 100644 --- a/contrib/unbound/util/config_file.h +++ b/contrib/unbound/util/config_file.h @@ -283,7 +283,7 @@ struct config_file { struct config_str2list* local_zones; /** local zones nodefault list */ struct config_strlist* local_zones_nodefault; - /** local data RRs configged */ + /** local data RRs configured */ struct config_strlist* local_data; /** unblock lan zones (reverse lookups for 10/8 and so on) */ int unblock_lan_zones; @@ -364,6 +364,8 @@ struct config_file { struct config_str2list* ratelimit_below_domain; /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ int ratelimit_factor; + /** minimise outgoing QNAME and hide original QTYPE if possible */ + int qname_minimisation; }; /** from cfg username, after daemonise setup performed */ @@ -739,6 +741,9 @@ void ub_c_error_msg(const char* fmt, ...) ATTR_FORMAT(printf, 1, 2); * exist on an error (logged with log_err) was encountered. */ char* w_lookup_reg_str(const char* key, const char* name); + +/** Modify directory in options for module file name */ +void w_config_adjust_directory(struct config_file* cfg); #endif /* UB_ON_WINDOWS */ #endif /* UTIL_CONFIG_FILE_H */ diff --git a/contrib/unbound/util/configlexer.lex b/contrib/unbound/util/configlexer.lex index 1aea22e..a368066 100644 --- a/contrib/unbound/util/configlexer.lex +++ b/contrib/unbound/util/configlexer.lex @@ -207,6 +207,7 @@ SQANY [^\'\n\r\\]|\\. /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", ub_c_text)); /* ignore */ } server{COLON} { YDVAR(0, VAR_SERVER) } +qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) } num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } port{COLON} { YDVAR(1, VAR_PORT) } diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y index d6db3c8..abc0bb0 100644 --- a/contrib/unbound/util/configparser.y +++ b/contrib/unbound/util/configparser.y @@ -122,6 +122,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN +%token VAR_QNAME_MINIMISATION %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -186,7 +187,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_ratelimit_size | server_ratelimit_for_domain | server_ratelimit_below_domain | server_ratelimit_factor | server_caps_whitelist | server_cache_max_negative_ttl | - server_permit_small_holddown + server_permit_small_holddown | server_qname_minimisation ; stubstart: VAR_STUB_ZONE { @@ -1318,6 +1319,16 @@ server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG free($2); } ; +server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG + { + OUTYY(("P(server_qname_minimisation:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->qname_minimisation = + (strcmp($2, "yes")==0); + free($2); + } + ; stub_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); diff --git a/contrib/unbound/util/iana_ports.inc b/contrib/unbound/util/iana_ports.inc index 64edf0b..b09a9ad 100644 --- a/contrib/unbound/util/iana_ports.inc +++ b/contrib/unbound/util/iana_ports.inc @@ -660,6 +660,7 @@ 833, 847, 848, +853, 860, 861, 862, @@ -3842,6 +3843,7 @@ 4406, 4412, 4413, +4416, 4425, 4426, 4430, @@ -4572,6 +4574,7 @@ 7070, 7071, 7080, +7088, 7095, 7099, 7100, @@ -5383,6 +5386,7 @@ 38203, 39681, 40000, +40023, 40841, 40842, 40843, diff --git a/contrib/unbound/util/locks.c b/contrib/unbound/util/locks.c index 509895d..adfb6c0 100644 --- a/contrib/unbound/util/locks.c +++ b/contrib/unbound/util/locks.c @@ -232,7 +232,7 @@ void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg) 0, /* default flags, run immediately */ NULL); /* do not store thread identifier anywhere */ #else - /* the begintheadex routine setups for the C lib; aligns stack */ + /* the beginthreadex routine setups for the C lib; aligns stack */ *thr=(ub_thread_t)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL); #endif if(*thr == NULL) { diff --git a/contrib/unbound/util/net_help.c b/contrib/unbound/util/net_help.c index 07605b1..eb03cd0 100644 --- a/contrib/unbound/util/net_help.c +++ b/contrib/unbound/util/net_help.c @@ -619,12 +619,14 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) return NULL; } /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); SSL_CTX_free(ctx); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); SSL_CTX_free(ctx); return NULL; @@ -690,12 +692,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem) log_crypto_err("could not allocate SSL_CTX pointer"); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) { + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2) { log_crypto_err("could not set SSL_OP_NO_SSLv2"); SSL_CTX_free(ctx); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) { + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3) { log_crypto_err("could not set SSL_OP_NO_SSLv3"); SSL_CTX_free(ctx); return NULL; diff --git a/contrib/unbound/util/random.c b/contrib/unbound/util/random.c index 71f0ba5..684464e 100644 --- a/contrib/unbound/util/random.c +++ b/contrib/unbound/util/random.c @@ -68,6 +68,8 @@ /* nss3 */ #include "secport.h" #include "pk11pub.h" +#elif defined(HAVE_NETTLE) +#include "yarrow.h" #endif /** @@ -76,7 +78,7 @@ */ #define MAX_VALUE 0x7fffffff -#ifndef HAVE_NSS +#if defined(HAVE_SSL) void ub_systemseed(unsigned int ATTR_UNUSED(seed)) { @@ -110,7 +112,7 @@ ub_random_max(struct ub_randstate* state, long int x) return (long)arc4random_uniform((uint32_t)x); } -#else +#elif defined(HAVE_NSS) /* not much to remember for NSS since we use its pk11_random, placeholder */ struct ub_randstate { @@ -144,6 +146,72 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state)) return x & MAX_VALUE; } +#elif defined(HAVE_NETTLE) + +/** + * libnettle implements a Yarrow-256 generator (SHA256 + AES), + * and we have to ensure it is seeded before use. + */ +struct ub_randstate { + struct yarrow256_ctx ctx; + int seeded; +}; + +void ub_systemseed(unsigned int ATTR_UNUSED(seed)) +{ +/** + * We seed on init and not here, as we need the ctx to re-seed. + * This also means that re-seeding is not supported. + */ + log_err("Re-seeding not supported, generator untouched"); +} + +struct ub_randstate* ub_initstate(unsigned int seed, + struct ub_randstate* ATTR_UNUSED(from)) +{ + struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); + uint8_t buf[YARROW256_SEED_FILE_SIZE]; + if(!s) { + log_err("malloc failure in random init"); + return NULL; + } + /* Setup Yarrow context */ + yarrow256_init(&s->ctx, 0, NULL); + + if(getentropy(buf, sizeof(buf)) != -1) { + /* got entropy */ + yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); + s->seeded = yarrow256_is_seeded(&s->ctx); + } else { + /* Stretch the uint32 input seed and feed it to Yarrow */ + uint32_t v = seed; + size_t i; + for(i=0; i < (YARROW256_SEED_FILE_SIZE/sizeof(seed)); i++) { + memmove(buf+i*sizeof(seed), &v, sizeof(seed)); + v = v*seed + (uint32_t)i; + } + yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); + s->seeded = yarrow256_is_seeded(&s->ctx); + } + + return s; +} + +long int ub_random(struct ub_randstate* s) +{ + /* random 31 bit value. */ + long int x = 0; + if (!s || !s->seeded) { + log_err("Couldn't generate randomness, Yarrow-256 generator not yet seeded"); + } else { + yarrow256_random(&s->ctx, sizeof(x), (uint8_t *)&x); + } + return x & MAX_VALUE; +} +#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ + + +#if defined(HAVE_NSS) || defined(HAVE_NETTLE) long int ub_random_max(struct ub_randstate* state, long int x) { @@ -155,7 +223,7 @@ ub_random_max(struct ub_randstate* state, long int x) v = ub_random(state); return (v % x); } -#endif /* HAVE_NSS */ +#endif /* HAVE_NSS or HAVE_NETTLE */ void ub_randfree(struct ub_randstate* s) diff --git a/contrib/unbound/util/rbtree.c b/contrib/unbound/util/rbtree.c index a898f13..ee5446f 100644 --- a/contrib/unbound/util/rbtree.c +++ b/contrib/unbound/util/rbtree.c @@ -68,7 +68,7 @@ static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node); static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent); /* - * Creates a new red black tree, intializes and returns a pointer to it. + * Creates a new red black tree, initializes and returns a pointer to it. * * Return NULL on failure. * diff --git a/contrib/unbound/util/rtt.h b/contrib/unbound/util/rtt.h index d6da986..07e65ee 100644 --- a/contrib/unbound/util/rtt.h +++ b/contrib/unbound/util/rtt.h @@ -96,7 +96,7 @@ int rtt_notimeout(const struct rtt_info* rtt); void rtt_update(struct rtt_info* rtt, int ms); /** - * Update the statistics with a new timout expired observation. + * Update the statistics with a new timeout expired observation. * @param rtt: round trip statistics structure. * @param orig: original rtt time given for the query that timed out. * Used to calculate the maximum responsible backed off time that diff --git a/contrib/unbound/util/storage/lookup3.c b/contrib/unbound/util/storage/lookup3.c index de28858..ddcb56e 100644 --- a/contrib/unbound/util/storage/lookup3.c +++ b/contrib/unbound/util/storage/lookup3.c @@ -356,7 +356,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) * rest of the string. Every machine with memory protection I've seen * does it on word boundaries, so is OK with this. But VALGRIND will * still catch it and complain. The masking trick does make the hash - * noticably faster for short strings (like English words). + * noticeably faster for short strings (like English words). */ #ifndef VALGRIND @@ -544,7 +544,7 @@ void hashlittle2( * rest of the string. Every machine with memory protection I've seen * does it on word boundaries, so is OK with this. But VALGRIND will * still catch it and complain. The masking trick does make the hash - * noticably faster for short strings (like English words). + * noticeably faster for short strings (like English words). */ #ifndef VALGRIND @@ -725,7 +725,7 @@ uint32_t hashbig( const void *key, size_t length, uint32_t initval) * rest of the string. Every machine with memory protection I've seen * does it on word boundaries, so is OK with this. But VALGRIND will * still catch it and complain. The masking trick does make the hash - * noticably faster for short strings (like English words). + * noticeably faster for short strings (like English words). */ #ifndef VALGRIND @@ -858,7 +858,7 @@ void driver2() { for (j=0; j<8; ++j) /*------------------------ for each input bit, */ { - for (m=1; m<8; ++m) /*------------ for serveral possible initvals, */ + for (m=1; m<8; ++m) /*------------ for several possible initvals, */ { for (l=0; l<HASHSTATE; ++l) e[l]=f[l]=g[l]=h[l]=x[l]=y[l]=~((uint32_t)0); diff --git a/contrib/unbound/util/tube.h b/contrib/unbound/util/tube.h index 9ec50af..6cc6050 100644 --- a/contrib/unbound/util/tube.h +++ b/contrib/unbound/util/tube.h @@ -83,7 +83,7 @@ struct tube { /** background write queue, commpoint to write results back */ struct comm_point* res_com; - /** are we curently writing a result, 0 if not, else bytecount into + /** are we currently writing a result, 0 if not, else bytecount into * the res_list first entry. */ size_t res_write; /** list of outstanding results to be written back */ diff --git a/contrib/unbound/util/winsock_event.h b/contrib/unbound/util/winsock_event.h index f642657..d386a69 100644 --- a/contrib/unbound/util/winsock_event.h +++ b/contrib/unbound/util/winsock_event.h @@ -201,7 +201,7 @@ struct event { int stick_events; /** true if this event is a signaling WSAEvent by the user. - * User created and user closed WSAEvent. Only signaled/unsigneled, + * User created and user closed WSAEvent. Only signaled/unsignaled, * no read/write/distinctions needed. */ int is_signal; /** used during callbacks to see which events were just checked */ diff --git a/contrib/unbound/validator/autotrust.c b/contrib/unbound/validator/autotrust.c index e63b086..f8c9c8c 100644 --- a/contrib/unbound/validator/autotrust.c +++ b/contrib/unbound/validator/autotrust.c @@ -1195,6 +1195,14 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) fatal_exit("could not completely write: %s", fname); return; } + if(fflush(out) != 0) + log_err("could not fflush(%s): %s", fname, strerror(errno)); +#ifdef HAVE_FSYNC + if(fsync(fileno(out)) != 0) + log_err("could not fsync(%s): %s", fname, strerror(errno)); +#else + FlushFileBuffers((HANDLE)_fileno(out)); +#endif if(fclose(out) != 0) { fatal_exit("could not complete write: %s: %s", fname, strerror(errno)); @@ -2162,7 +2170,7 @@ int autr_process_prime(struct module_env* env, struct val_env* ve, if(!verify_dnskey(env, ve, tp, dnskey_rrset)) { verbose(VERB_ALGO, "autotrust: dnskey did not verify."); /* only increase failure count if this is not the first prime, - * this means there was a previous succesful probe */ + * this means there was a previous successful probe */ if(tp->autr->last_success) { tp->autr->query_failed += 1; autr_write_file(env, tp); diff --git a/contrib/unbound/validator/val_neg.c b/contrib/unbound/validator/val_neg.c index b1ff8d9..ab31f48 100644 --- a/contrib/unbound/validator/val_neg.c +++ b/contrib/unbound/validator/val_neg.c @@ -38,7 +38,7 @@ * * This file contains helper functions for the validator module. * The functions help with aggressive negative caching. - * This creates new denials of existance, and proofs for absence of types + * This creates new denials of existence, and proofs for absence of types * from cached NSEC records. */ #include "config.h" diff --git a/contrib/unbound/validator/val_neg.h b/contrib/unbound/validator/val_neg.h index 967d1a7..bf3a247 100644 --- a/contrib/unbound/validator/val_neg.h +++ b/contrib/unbound/validator/val_neg.h @@ -38,7 +38,7 @@ * * This file contains helper functions for the validator module. * The functions help with aggressive negative caching. - * This creates new denials of existance, and proofs for absence of types + * This creates new denials of existence, and proofs for absence of types * from cached NSEC records. */ diff --git a/contrib/unbound/validator/val_nsec.c b/contrib/unbound/validator/val_nsec.c index bdfe3c8..f104a34 100644 --- a/contrib/unbound/validator/val_nsec.c +++ b/contrib/unbound/validator/val_nsec.c @@ -1,5 +1,5 @@ /* - * validator/val_nsec.c - validator NSEC denial of existance functions. + * validator/val_nsec.c - validator NSEC denial of existence functions. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -38,7 +38,7 @@ * * This file contains helper functions for the validator module. * The functions help with NSEC checking, the different NSEC proofs - * for denial of existance, and proofs for presence of types. + * for denial of existence, and proofs for presence of types. */ #include "config.h" #include "validator/val_nsec.h" @@ -279,7 +279,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, return sec_status_insecure; } - /* NSEC proof did not conlusively point to DS or no DS */ + /* NSEC proof did not conclusively point to DS or no DS */ return sec_status_unchecked; } @@ -340,6 +340,28 @@ int nsec_proves_nodata(struct ub_packed_rrset_key* nsec, *wc = ce; return 1; } + } else { + /* See if the next owner name covers a wildcard + * empty non-terminal. */ + while (dname_strict_subdomain_c(nm, nsec->rk.dname)) { + /* wildcard does not apply if qname below + * the name that exists under the '*' */ + if (dname_subdomain_c(qinfo->qname, nm)) + break; + /* but if it is a wildcard and qname is below + * it, then the wildcard applies. The wildcard + * is an empty nonterminal. nodata proven. */ + if (dname_is_wild(nm)) { + size_t ce_len = ln; + uint8_t* ce = nm; + dname_remove_label(&ce, &ce_len); + if(dname_strict_subdomain_c(qinfo->qname, ce)) { + *wc = ce; + return 1; + } + } + dname_remove_label(&nm, &ln); + } } /* Otherwise, this NSEC does not prove ENT and is not a diff --git a/contrib/unbound/validator/val_nsec.h b/contrib/unbound/validator/val_nsec.h index f680d08..c031c9a 100644 --- a/contrib/unbound/validator/val_nsec.h +++ b/contrib/unbound/validator/val_nsec.h @@ -1,5 +1,5 @@ /* - * validator/val_nsec.h - validator NSEC denial of existance functions. + * validator/val_nsec.h - validator NSEC denial of existence functions. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -38,7 +38,7 @@ * * This file contains helper functions for the validator module. * The functions help with NSEC checking, the different NSEC proofs - * for denial of existance, and proofs for presence of types. + * for denial of existence, and proofs for presence of types. */ #ifndef VALIDATOR_VAL_NSEC_H @@ -54,7 +54,7 @@ struct key_entry_key; /** * Check DS absence. * There is a NODATA reply to a DS that needs checking. - * NSECs can prove this is not a delegation point, or sucessfully prove + * NSECs can prove this is not a delegation point, or successfully prove * that there is no DS. Or this fails. * * @param env: module env for rrsig verification routines. diff --git a/contrib/unbound/validator/val_nsec3.c b/contrib/unbound/validator/val_nsec3.c index 80ca4d0..22867d1 100644 --- a/contrib/unbound/validator/val_nsec3.c +++ b/contrib/unbound/validator/val_nsec3.c @@ -1,5 +1,5 @@ /* - * validator/val_nsec3.c - validator NSEC3 denial of existance functions. + * validator/val_nsec3.c - validator NSEC3 denial of existence functions. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -38,18 +38,12 @@ * * This file contains helper functions for the validator module. * The functions help with NSEC3 checking, the different NSEC3 proofs - * for denial of existance, and proofs for presence of types. + * for denial of existence, and proofs for presence of types. */ #include "config.h" #include <ctype.h> -#ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" -#endif -#ifdef HAVE_NSS -/* nss3 */ -#include "sechash.h" -#endif #include "validator/val_nsec3.h" +#include "validator/val_secalgo.h" #include "validator/validator.h" #include "validator/val_kentry.h" #include "services/cache/rrset.h" @@ -370,8 +364,8 @@ filter_next(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) /** * Start iterating over NSEC3 records. * @param filter: the filter structure, must have been filter_init-ed. - * @param rrsetnum: can be undefined on call, inited. - * @param rrnum: can be undefined on call, inited. + * @param rrsetnum: can be undefined on call, initialised. + * @param rrnum: can be undefined on call, initialised. * @return first rrset of an NSEC3, together with rrnum this points to * the first RR to examine. Is NULL on empty list. */ @@ -545,46 +539,24 @@ nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, query_dname_tolower(sldns_buffer_begin(buf)); sldns_buffer_write(buf, salt, saltlen); sldns_buffer_flip(buf); - switch(algo) { -#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS) - case NSEC3_HASH_SHA1: -#ifdef HAVE_SSL - hash_len = SHA_DIGEST_LENGTH; -#else - hash_len = SHA1_LENGTH; -#endif - if(hash_len > max) - return 0; -# ifdef HAVE_SSL - (void)SHA1((unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf), - (unsigned char*)res); -# else - (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res, - (unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf)); -# endif - for(i=0; i<iter; i++) { - sldns_buffer_clear(buf); - sldns_buffer_write(buf, res, hash_len); - sldns_buffer_write(buf, salt, saltlen); - sldns_buffer_flip(buf); -# ifdef HAVE_SSL - (void)SHA1( - (unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf), - (unsigned char*)res); -# else - (void)HASH_HashBuf(HASH_AlgSHA1, - (unsigned char*)res, - (unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf)); -# endif - } - break; -#endif /* HAVE_EVP_SHA1 or NSS */ - default: - log_err("nsec3 hash of unknown algo %d", algo); + hash_len = nsec3_hash_algo_size_supported(algo); + if(hash_len == 0) { + log_err("nsec3 hash of unknown algo %d", algo); + return 0; + } + if(hash_len > max) + return 0; + if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf), + sldns_buffer_limit(buf), (unsigned char*)res)) + return 0; + for(i=0; i<iter; i++) { + sldns_buffer_clear(buf); + sldns_buffer_write(buf, res, hash_len); + sldns_buffer_write(buf, salt, saltlen); + sldns_buffer_flip(buf); + if(!secalgo_nsec3_hash(algo, + (unsigned char*)sldns_buffer_begin(buf), + sldns_buffer_limit(buf), (unsigned char*)res)) return 0; } return hash_len; @@ -607,50 +579,24 @@ nsec3_calc_hash(struct regional* region, sldns_buffer* buf, query_dname_tolower(sldns_buffer_begin(buf)); sldns_buffer_write(buf, salt, saltlen); sldns_buffer_flip(buf); - switch(algo) { -#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS) - case NSEC3_HASH_SHA1: -#ifdef HAVE_SSL - c->hash_len = SHA_DIGEST_LENGTH; -#else - c->hash_len = SHA1_LENGTH; -#endif - c->hash = (uint8_t*)regional_alloc(region, - c->hash_len); - if(!c->hash) - return 0; -# ifdef HAVE_SSL - (void)SHA1((unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf), - (unsigned char*)c->hash); -# else - (void)HASH_HashBuf(HASH_AlgSHA1, - (unsigned char*)c->hash, - (unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf)); -# endif - for(i=0; i<iter; i++) { - sldns_buffer_clear(buf); - sldns_buffer_write(buf, c->hash, c->hash_len); - sldns_buffer_write(buf, salt, saltlen); - sldns_buffer_flip(buf); -# ifdef HAVE_SSL - (void)SHA1( - (unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf), - (unsigned char*)c->hash); -# else - (void)HASH_HashBuf(HASH_AlgSHA1, - (unsigned char*)c->hash, - (unsigned char*)sldns_buffer_begin(buf), - (unsigned long)sldns_buffer_limit(buf)); -# endif - } - break; -#endif /* HAVE_EVP_SHA1 or NSS */ - default: - log_err("nsec3 hash of unknown algo %d", algo); - return -1; + c->hash_len = nsec3_hash_algo_size_supported(algo); + if(c->hash_len == 0) { + log_err("nsec3 hash of unknown algo %d", algo); + return -1; + } + c->hash = (uint8_t*)regional_alloc(region, c->hash_len); + if(!c->hash) + return 0; + (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf), + sldns_buffer_limit(buf), (unsigned char*)c->hash); + for(i=0; i<iter; i++) { + sldns_buffer_clear(buf); + sldns_buffer_write(buf, c->hash, c->hash_len); + sldns_buffer_write(buf, salt, saltlen); + sldns_buffer_flip(buf); + (void)secalgo_nsec3_hash(algo, + (unsigned char*)sldns_buffer_begin(buf), + sldns_buffer_limit(buf), (unsigned char*)c->hash); } return 1; } diff --git a/contrib/unbound/validator/val_nsec3.h b/contrib/unbound/validator/val_nsec3.h index d619d67..69ba78d 100644 --- a/contrib/unbound/validator/val_nsec3.h +++ b/contrib/unbound/validator/val_nsec3.h @@ -1,5 +1,5 @@ /* - * validator/val_nsec3.h - validator NSEC3 denial of existance functions. + * validator/val_nsec3.h - validator NSEC3 denial of existence functions. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -38,7 +38,7 @@ * * This file contains helper functions for the validator module. * The functions help with NSEC3 checking, the different NSEC3 proofs - * for denial of existance, and proofs for presence of types. + * for denial of existence, and proofs for presence of types. * * NSEC3 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 @@ -256,7 +256,7 @@ int nsec3_hash_cmp(const void* c1, const void* c2); * Used internally by the nsec3 proof functions in this file. * published to enable unit testing of hash algorithms and cache. * - * @param table: the cache table. Must be inited at start. + * @param table: the cache table. Must be initialised at start. * @param region: scratch region to use for allocation. * This region holds the tree, if you wipe the region, reinit the tree. * @param buf: temporary buffer. diff --git a/contrib/unbound/validator/val_secalgo.c b/contrib/unbound/validator/val_secalgo.c index 8ed403d..7c8d7b2 100644 --- a/contrib/unbound/validator/val_secalgo.c +++ b/contrib/unbound/validator/val_secalgo.c @@ -44,12 +44,13 @@ /* packed_rrset on top to define enum types (forced by c99 standard) */ #include "util/data/packed_rrset.h" #include "validator/val_secalgo.h" +#include "validator/val_nsec3.h" #include "util/log.h" #include "sldns/rrdef.h" #include "sldns/keyraw.h" #include "sldns/sbuffer.h" -#if !defined(HAVE_SSL) && !defined(HAVE_NSS) +#if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE) #error "Need crypto library to do digital signature cryptography" #endif @@ -71,10 +72,36 @@ #include <openssl/engine.h> #endif +/* return size of digest if supported, or 0 otherwise */ +size_t +nsec3_hash_algo_size_supported(int id) +{ + switch(id) { + case NSEC3_HASH_SHA1: + return SHA_DIGEST_LENGTH; + default: + return 0; + } +} + +/* perform nsec3 hash. return false on failure */ +int +secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, + unsigned char* res) +{ + switch(algo) { + case NSEC3_HASH_SHA1: + (void)SHA1(buf, len, res); + return 1; + default: + return 0; + } +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. - * @return size in bytes of digest, or 0 if not supported. + * @return size in bytes of digest, or 0 if not supported. */ size_t ds_digest_size_supported(int algo) @@ -565,6 +592,32 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, /* nspr4 */ #include "prerror.h" +/* return size of digest if supported, or 0 otherwise */ +size_t +nsec3_hash_algo_size_supported(int id) +{ + switch(id) { + case NSEC3_HASH_SHA1: + return SHA1_LENGTH; + default: + return 0; + } +} + +/* perform nsec3 hash. return false on failure */ +int +secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, + unsigned char* res) +{ + switch(algo) { + case NSEC3_HASH_SHA1: + (void)HASH_HashBuf(HASH_AlgSHA1, res, buf, (unsigned long)len); + return 1; + default: + return 0; + } +} + size_t ds_digest_size_supported(int algo) { @@ -1069,5 +1122,466 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, return sec_status_bogus; } +#elif defined(HAVE_NETTLE) + +#include "sha.h" +#include "bignum.h" +#include "macros.h" +#include "rsa.h" +#include "dsa.h" +#include "asn1.h" +#ifdef USE_ECDSA +#include "ecdsa.h" +#include "ecc-curve.h" +#endif + +static int +_digest_nettle(int algo, uint8_t* buf, size_t len, + unsigned char* res) +{ + switch(algo) { + case SHA1_DIGEST_SIZE: + { + struct sha1_ctx ctx; + sha1_init(&ctx); + sha1_update(&ctx, len, buf); + sha1_digest(&ctx, SHA1_DIGEST_SIZE, res); + return 1; + } + case SHA256_DIGEST_SIZE: + { + struct sha256_ctx ctx; + sha256_init(&ctx); + sha256_update(&ctx, len, buf); + sha256_digest(&ctx, SHA256_DIGEST_SIZE, res); + return 1; + } + case SHA384_DIGEST_SIZE: + { + struct sha384_ctx ctx; + sha384_init(&ctx); + sha384_update(&ctx, len, buf); + sha384_digest(&ctx, SHA384_DIGEST_SIZE, res); + return 1; + } + case SHA512_DIGEST_SIZE: + { + struct sha512_ctx ctx; + sha512_init(&ctx); + sha512_update(&ctx, len, buf); + sha512_digest(&ctx, SHA512_DIGEST_SIZE, res); + return 1; + } + default: + break; + } + return 0; +} + +/* return size of digest if supported, or 0 otherwise */ +size_t +nsec3_hash_algo_size_supported(int id) +{ + switch(id) { + case NSEC3_HASH_SHA1: + return SHA1_DIGEST_SIZE; + default: + return 0; + } +} + +/* perform nsec3 hash. return false on failure */ +int +secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, + unsigned char* res) +{ + switch(algo) { + case NSEC3_HASH_SHA1: + return _digest_nettle(SHA1_DIGEST_SIZE, (uint8_t*)buf, len, + res); + default: + return 0; + } +} + +/** + * Return size of DS digest according to its hash algorithm. + * @param algo: DS digest algo. + * @return size in bytes of digest, or 0 if not supported. + */ +size_t +ds_digest_size_supported(int algo) +{ + switch(algo) { + case LDNS_SHA1: + return SHA1_DIGEST_SIZE; +#ifdef USE_SHA2 + case LDNS_SHA256: + return SHA256_DIGEST_SIZE; +#endif +#ifdef USE_ECDSA + case LDNS_SHA384: + return SHA384_DIGEST_SIZE; +#endif + /* GOST not supported */ + case LDNS_HASH_GOST: + default: + break; + } + return 0; +} + +int +secalgo_ds_digest(int algo, unsigned char* buf, size_t len, + unsigned char* res) +{ + switch(algo) { + case LDNS_SHA1: + return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res); +#if defined(USE_SHA2) + case LDNS_SHA256: + return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res); +#endif +#ifdef USE_ECDSA + case LDNS_SHA384: + return _digest_nettle(SHA384_DIGEST_SIZE, buf, len, res); + +#endif + case LDNS_HASH_GOST: + default: + verbose(VERB_QUERY, "unknown DS digest algorithm %d", + algo); + break; + } + return 0; +} + +int +dnskey_algo_id_is_supported(int id) +{ + /* uses libnettle */ + switch(id) { + case LDNS_DSA: + case LDNS_DSA_NSEC3: + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_RSASHA256: + case LDNS_RSASHA512: +#endif +#ifdef USE_ECDSA + case LDNS_ECDSAP256SHA256: + case LDNS_ECDSAP384SHA384: +#endif + return 1; + case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ + case LDNS_ECC_GOST: + default: + return 0; + } +} + +static char * +_verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock, + unsigned int sigblock_len, unsigned char* key, unsigned int keylen) +{ + uint8_t digest[SHA1_DIGEST_SIZE]; + uint8_t key_t; + int res = 0; + size_t offset; + struct dsa_public_key pubkey; + struct dsa_signature signature; + unsigned int expected_len; + + /* Extract DSA signature from the record */ + nettle_dsa_signature_init(&signature); + /* Signature length: 41 bytes - RFC 2536 sec. 3 */ + if(sigblock_len == 41) { + if(key[0] != sigblock[0]) + return "invalid T value in DSA signature or pubkey"; + nettle_mpz_set_str_256_u(signature.r, 20, sigblock+1); + nettle_mpz_set_str_256_u(signature.s, 20, sigblock+1+20); + } else { + /* DER encoded, decode the ASN1 notated R and S bignums */ + /* SEQUENCE { r INTEGER, s INTEGER } */ + struct asn1_der_iterator i, seq; + if(asn1_der_iterator_first(&i, sigblock_len, + (uint8_t*)sigblock) != ASN1_ITERATOR_CONSTRUCTED + || i.type != ASN1_SEQUENCE) + return "malformed DER encoded DSA signature"; + /* decode this element of i using the seq iterator */ + if(asn1_der_decode_constructed(&i, &seq) != + ASN1_ITERATOR_PRIMITIVE || seq.type != ASN1_INTEGER) + return "malformed DER encoded DSA signature"; + if(!asn1_der_get_bignum(&seq, signature.r, 20*8)) + return "malformed DER encoded DSA signature"; + if(asn1_der_iterator_next(&seq) != ASN1_ITERATOR_PRIMITIVE + || seq.type != ASN1_INTEGER) + return "malformed DER encoded DSA signature"; + if(!asn1_der_get_bignum(&seq, signature.s, 20*8)) + return "malformed DER encoded DSA signature"; + if(asn1_der_iterator_next(&i) != ASN1_ITERATOR_END) + return "malformed DER encoded DSA signature"; + } + + /* Validate T values constraints - RFC 2536 sec. 2 & sec. 3 */ + key_t = key[0]; + if (key_t > 8) { + return "invalid T value in DSA pubkey"; + } + + /* Pubkey minimum length: 21 bytes - RFC 2536 sec. 2 */ + if (keylen < 21) { + return "DSA pubkey too short"; + } + + expected_len = 1 + /* T */ + 20 + /* Q */ + (64 + key_t*8) + /* P */ + (64 + key_t*8) + /* G */ + (64 + key_t*8); /* Y */ + if (keylen != expected_len ) { + return "invalid DSA pubkey length"; + } + + /* Extract DSA pubkey from the record */ + nettle_dsa_public_key_init(&pubkey); + offset = 1; + nettle_mpz_set_str_256_u(pubkey.q, 20, key+offset); + offset += 20; + nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t*8), key+offset); + offset += (64 + key_t*8); + nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t*8), key+offset); + offset += (64 + key_t*8); + nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t*8), key+offset); + + /* Digest content of "buf" and verify its DSA signature in "sigblock"*/ + res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); + res &= dsa_sha1_verify_digest(&pubkey, digest, &signature); + + /* Clear and return */ + nettle_dsa_signature_clear(&signature); + nettle_dsa_public_key_clear(&pubkey); + if (!res) + return "DSA signature verification failed"; + else + return NULL; +} + +static char * +_verify_nettle_rsa(sldns_buffer* buf, unsigned int digest_size, char* sigblock, + unsigned int sigblock_len, uint8_t* key, unsigned int keylen) +{ + uint16_t exp_len = 0; + size_t exp_offset = 0, mod_offset = 0; + struct rsa_public_key pubkey; + mpz_t signature; + int res = 0; + + /* RSA pubkey parsing as per RFC 3110 sec. 2 */ + if( keylen <= 1) { + return "null RSA key"; + } + if (key[0] != 0) { + /* 1-byte length */ + exp_len = key[0]; + exp_offset = 1; + } else { + /* 1-byte NUL + 2-bytes exponent length */ + if (keylen < 3) { + return "incorrect RSA key length"; + } + exp_len = READ_UINT16(key+1); + if (exp_len == 0) + return "null RSA exponent length"; + exp_offset = 3; + } + /* Check that we are not over-running input length */ + if (keylen < exp_offset + exp_len + 1) { + return "RSA key content shorter than expected"; + } + mod_offset = exp_offset + exp_len; + nettle_rsa_public_key_init(&pubkey); + pubkey.size = keylen - mod_offset; + nettle_mpz_set_str_256_u(pubkey.e, exp_len, &key[exp_offset]); + nettle_mpz_set_str_256_u(pubkey.n, pubkey.size, &key[mod_offset]); + + /* Digest content of "buf" and verify its RSA signature in "sigblock"*/ + nettle_mpz_init_set_str_256_u(signature, sigblock_len, (uint8_t*)sigblock); + switch (digest_size) { + case SHA1_DIGEST_SIZE: + { + uint8_t digest[SHA1_DIGEST_SIZE]; + res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); + res &= rsa_sha1_verify_digest(&pubkey, digest, signature); + break; + } + case SHA256_DIGEST_SIZE: + { + uint8_t digest[SHA256_DIGEST_SIZE]; + res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); + res &= rsa_sha256_verify_digest(&pubkey, digest, signature); + break; + } + case SHA512_DIGEST_SIZE: + { + uint8_t digest[SHA512_DIGEST_SIZE]; + res = _digest_nettle(SHA512_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); + res &= rsa_sha512_verify_digest(&pubkey, digest, signature); + break; + } + default: + break; + } + + /* Clear and return */ + nettle_rsa_public_key_clear(&pubkey); + mpz_clear(signature); + if (!res) { + return "RSA signature verification failed"; + } else { + return NULL; + } +} + +#ifdef USE_ECDSA +static char * +_verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* sigblock, + unsigned int sigblock_len, unsigned char* key, unsigned int keylen) +{ + int res = 0; + struct ecc_point pubkey; + struct dsa_signature signature; + + /* Always matched strength, as per RFC 6605 sec. 1 */ + if (sigblock_len != 2*digest_size || keylen != 2*digest_size) { + return "wrong ECDSA signature length"; + } + + /* Parse ECDSA signature as per RFC 6605 sec. 4 */ + nettle_dsa_signature_init(&signature); + switch (digest_size) { + case SHA256_DIGEST_SIZE: + { + uint8_t digest[SHA256_DIGEST_SIZE]; + mpz_t x, y; + nettle_ecc_point_init(&pubkey, &nettle_secp_256r1); + nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key); + nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE); + nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock); + nettle_mpz_set_str_256_u(signature.s, SHA256_DIGEST_SIZE, sigblock+SHA256_DIGEST_SIZE); + res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); + res &= nettle_ecc_point_set(&pubkey, x, y); + res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature); + mpz_clear(x); + mpz_clear(y); + break; + } + case SHA384_DIGEST_SIZE: + { + uint8_t digest[SHA384_DIGEST_SIZE]; + mpz_t x, y; + nettle_ecc_point_init(&pubkey, &nettle_secp_384r1); + nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key); + nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE); + nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock); + nettle_mpz_set_str_256_u(signature.s, SHA384_DIGEST_SIZE, sigblock+SHA384_DIGEST_SIZE); + res = _digest_nettle(SHA384_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); + res &= nettle_ecc_point_set(&pubkey, x, y); + res &= nettle_ecdsa_verify (&pubkey, SHA384_DIGEST_SIZE, digest, &signature); + mpz_clear(x); + mpz_clear(y); + nettle_ecc_point_clear(&pubkey); + break; + } + default: + return "unknown ECDSA algorithm"; + } + + /* Clear and return */ + nettle_dsa_signature_clear(&signature); + if (!res) + return "ECDSA signature verification failed"; + else + return NULL; +} +#endif + +/** + * Check a canonical sig+rrset and signature against a dnskey + * @param buf: buffer with data to verify, the first rrsig part and the + * canonicalized rrset. + * @param algo: DNSKEY algorithm. + * @param sigblock: signature rdata field from RRSIG + * @param sigblock_len: length of sigblock data. + * @param key: public key data from DNSKEY RR. + * @param keylen: length of keydata. + * @param reason: bogus reason in more detail. + * @return secure if verification succeeded, bogus on crypto failure, + * unchecked on format errors and alloc failures. + */ +enum sec_status +verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, + unsigned int sigblock_len, unsigned char* key, unsigned int keylen, + char** reason) +{ + unsigned int digest_size = 0; + + if (sigblock_len == 0 || keylen == 0) { + *reason = "null signature"; + return sec_status_bogus; + } + + switch(algo) { + case LDNS_DSA: + case LDNS_DSA_NSEC3: + *reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen); + if (*reason != NULL) + return sec_status_bogus; + else + return sec_status_secure; + + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: + digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); +#ifdef USE_SHA2 + case LDNS_RSASHA256: + digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + case LDNS_RSASHA512: + digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE); + +#endif + *reason = _verify_nettle_rsa(buf, digest_size, (char*)sigblock, + sigblock_len, key, keylen); + if (*reason != NULL) + return sec_status_bogus; + else + return sec_status_secure; + +#ifdef USE_ECDSA + case LDNS_ECDSAP256SHA256: + digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + case LDNS_ECDSAP384SHA384: + digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE); + *reason = _verify_nettle_ecdsa(buf, digest_size, sigblock, + sigblock_len, key, keylen); + if (*reason != NULL) + return sec_status_bogus; + else + return sec_status_secure; +#endif + case LDNS_RSAMD5: + case LDNS_ECC_GOST: + default: + *reason = "unable to verify signature, unknown algorithm"; + return sec_status_bogus; + } +} -#endif /* HAVE_SSL or HAVE_NSS */ +#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ diff --git a/contrib/unbound/validator/val_secalgo.h b/contrib/unbound/validator/val_secalgo.h index 085fbc5..589f1f1 100644 --- a/contrib/unbound/validator/val_secalgo.h +++ b/contrib/unbound/validator/val_secalgo.h @@ -44,6 +44,21 @@ #define VALIDATOR_VAL_SECALGO_H struct sldns_buffer; +/** Return size of nsec3 hash algorithm, 0 if not supported */ +size_t nsec3_hash_algo_size_supported(int id); + +/** + * Hash a single hash call of an NSEC3 hash algorithm. + * Iterations and salt are done by the caller. + * @param algo: nsec3 hash algorithm. + * @param buf: the buffer to digest + * @param len: length of buffer to digest. + * @param res: result stored here (must have sufficient space). + * @return false on failure. +*/ +int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, + unsigned char* res); + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/contrib/unbound/validator/val_sigcrypt.c b/contrib/unbound/validator/val_sigcrypt.c index a2f1265..1dd07b4 100644 --- a/contrib/unbound/validator/val_sigcrypt.c +++ b/contrib/unbound/validator/val_sigcrypt.c @@ -57,7 +57,7 @@ #include "sldns/wire2str.h" #include <ctype.h> -#if !defined(HAVE_SSL) && !defined(HAVE_NSS) +#if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE) #error "Need crypto library to do digital signature cryptography" #endif diff --git a/contrib/unbound/validator/val_utils.h b/contrib/unbound/validator/val_utils.h index cdb8769..051824a 100644 --- a/contrib/unbound/validator/val_utils.h +++ b/contrib/unbound/validator/val_utils.h @@ -391,7 +391,7 @@ int val_favorite_ds_algo(struct ub_packed_rrset_key* ds_rrset); * Find DS denial message in cache. Saves new qstate allocation and allows * the validator to use partial content which is not enough to construct a * message for network (or user) consumption. Without SOA for example, - * which is a common occurence in the unbound code since the referrals contain + * which is a common occurrence in the unbound code since the referrals contain * NSEC/NSEC3 rrs without the SOA element, thus do not allow synthesis of a * full negative reply, but do allow synthesis of sufficient proof. * @param env: query env with caches and time. diff --git a/contrib/unbound/validator/validator.c b/contrib/unbound/validator/validator.c index f8b429e..db4383b 100644 --- a/contrib/unbound/validator/validator.c +++ b/contrib/unbound/validator/validator.c @@ -749,7 +749,7 @@ validate_nodata_response(struct module_env* env, struct val_env* ve, /* Since we are here, there must be nothing in the ANSWER section to * validate. */ /* (Note: CNAME/DNAME responses will not directly get here -- - * instead, they are chased down into indiviual CNAME validations, + * instead, they are chased down into individual CNAME validations, * and at the end of the cname chain a POSITIVE, or CNAME_NOANSWER * validation.) */ @@ -1597,7 +1597,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) target_key_name) != 0) { /* check if there is a cache entry : pick up an NSEC if * there is no DS, check if that NSEC has DS-bit unset, and - * thus can disprove the secure delagation we seek. + * thus can disprove the secure delegation we seek. * We can then use that NSEC even in the absence of a SOA * record that would be required by the iterator to supply * a completely protocol-correct response. @@ -1829,7 +1829,7 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, * @return true if there is no DLV. * false: processing is finished for the validator operate(). * This function may exit in three ways: - * o no DLV (agressive cache), so insecure. (true) + * o no DLV (aggressive cache), so insecure. (true) * o error - stop processing (false) * o DLV lookup was started, stop processing (false) */ diff --git a/include/resolv.h b/include/resolv.h index f372f94..e3d4fd1 100644 --- a/include/resolv.h +++ b/include/resolv.h @@ -57,7 +57,6 @@ #include <sys/types.h> #include <sys/cdefs.h> #include <sys/socket.h> -#include <sys/timespec.h> #include <stdio.h> #include <arpa/nameser.h> @@ -177,8 +176,7 @@ struct __res_state { int res_h_errno; /*%< last one set for this context */ int _vcsock; /*%< PRIVATE: for res_send VC i/o */ u_int _flags; /*%< PRIVATE: see below */ - u_short reload_period; /*%< seconds between stat(resolv.conf)*/ - u_short _pad; /*%< make _u 64 bit aligned */ + u_int _pad; /*%< make _u 64 bit aligned */ union { /* On an 32-bit arch this means 512b total. */ char pad[72 - 4*sizeof (int) - 3*sizeof (void *)]; @@ -190,8 +188,6 @@ struct __res_state { } _ext; } _u; u_char *_rnd; /*%< PRIVATE: random state */ - struct timespec conf_mtim; /*%< mod time of loaded resolv.conf */ - time_t conf_stat; /*%< time of last stat(resolv.conf) */ }; typedef struct __res_state *res_state; diff --git a/lib/Makefile b/lib/Makefile index e1ee9a9..de0acb3 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -98,6 +98,7 @@ SUBDIR= ${SUBDIR_ORDERED} \ libstand \ libstdbuf \ libstdthreads \ + libsysdecode \ libtacplus \ ${_libtelnet} \ ${_libthr} \ diff --git a/lib/lib80211/lib80211.3 b/lib/lib80211/lib80211.3 index 46022b5..9986ce0 100644 --- a/lib/lib80211/lib80211.3 +++ b/lib/lib80211/lib80211.3 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 24, 2015 +.Dd December 15, 2015 .Dt 80211 3 .Os .Sh NAME @@ -87,14 +87,14 @@ The .Fn lib80211_regdomain_findbysku and .Fn lib80211_regdomain_findbyname -functions lookup a regulatory domain entry by SKU enum and SKU name +functions look up a regulatory domain entry by SKU enum and SKU name respectively. .Pp The .Fn lib80211_country_findbycc and .Fn lib80211_country_findbyname -functions lookup a country information entry by ISO country enum and +functions look up a country information entry by ISO country enum and ISO country code string respectively. .Sh RETURN VALUES The @@ -104,11 +104,12 @@ The .Fn lib80211_regdomain_findbyname , .Fn lib80211_country_findbycc , .Fn lib80211_country_findbyname -return NULL upon error. - +return +.Dv NULL +upon error. .Sh SEE ALSO -.Xr ifconfig 8 , -.Xr net80211 4 +.Xr net80211 4 , +.Xr ifconfig 8 .Sh HISTORY The .Nm lib80211 diff --git a/lib/libc/resolv/res_init.c b/lib/libc/resolv/res_init.c index 087e6a8..8832342 100644 --- a/lib/libc/resolv/res_init.c +++ b/lib/libc/resolv/res_init.c @@ -116,7 +116,9 @@ __FBSDID("$FreeBSD$"); /*% Options. Should all be left alone. */ #define RESOLVSORT -#define DEBUG +#ifndef DEBUG +#define DEBUG +#endif #ifdef SOLARIS2 #include <sys/systeminfo.h> @@ -228,7 +230,6 @@ __res_vinit(res_state statp, int preinit) { statp->pfcode = 0; statp->_vcsock = -1; statp->_flags = 0; - statp->reload_period = 2; statp->qhook = NULL; statp->rhook = NULL; statp->_u._ext.nscount = 0; @@ -238,6 +239,7 @@ __res_vinit(res_state statp, int preinit) { statp->_u._ext.ext->nsaddrs[0].sin = statp->nsaddr; strcpy(statp->_u._ext.ext->nsuffix, "ip6.arpa"); strcpy(statp->_u._ext.ext->nsuffix2, "ip6.int"); + statp->_u._ext.ext->reload_period = 2; } else { /* * Historically res_init() rarely, if at all, failed. @@ -326,17 +328,13 @@ __res_vinit(res_state statp, int preinit) { struct stat sb; struct timespec now; - if (_fstat(fileno(fp), &sb) == 0) { - statp->conf_mtim = sb.st_mtim; - if (clock_gettime(CLOCK_MONOTONIC_FAST, &now) == 0) { - statp->conf_stat = now.tv_sec; - } else { - statp->conf_stat = 0; + if (statp->_u._ext.ext != NULL) { + if (_fstat(fileno(fp), &sb) == 0) { + statp->_u._ext.ext->conf_mtim = sb.st_mtim; + if (clock_gettime(CLOCK_MONOTONIC_FAST, &now) == 0) { + statp->_u._ext.ext->conf_stat = now.tv_sec; + } } - } else { - statp->conf_mtim.tv_sec = 0; - statp->conf_mtim.tv_nsec = 0; - statp->conf_stat = 0; } /* read the config file */ @@ -599,9 +597,7 @@ res_setoptions(res_state statp, const char *options, const char *source) { const char *cp = options; int i; -#ifndef _LIBC struct __res_state_ext *ext = statp->_u._ext.ext; -#endif #ifdef DEBUG if (statp->options & RES_DEBUG) @@ -686,8 +682,10 @@ res_setoptions(res_state statp, const char *options, const char *source) statp->options |= RES_NOCHECKNAME; } else if (!strncmp(cp, "reload-period:", sizeof("reload-period:") - 1)) { - statp->reload_period = (u_short) - atoi(cp + sizeof("reload-period:") - 1); + if (ext != NULL) { + ext->reload_period = (u_short) + atoi(cp + sizeof("reload-period:") - 1); + } } #ifdef RES_USE_EDNS0 else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) { diff --git a/lib/libc/resolv/res_mkquery.c b/lib/libc/resolv/res_mkquery.c index b60d8f5..0d45e34 100644 --- a/lib/libc/resolv/res_mkquery.c +++ b/lib/libc/resolv/res_mkquery.c @@ -83,7 +83,9 @@ __FBSDID("$FreeBSD$"); #include "port_after.h" /* Options. Leave them on. */ -#define DEBUG +#ifndef DEBUG +#define DEBUG +#endif extern const char *_res_opcodes[]; diff --git a/lib/libc/resolv/res_mkupdate.c b/lib/libc/resolv/res_mkupdate.c index d4981a5..c076c1e5 100644 --- a/lib/libc/resolv/res_mkupdate.c +++ b/lib/libc/resolv/res_mkupdate.c @@ -54,7 +54,9 @@ __FBSDID("$FreeBSD$"); #include "port_after.h" /* Options. Leave them on. */ -#define DEBUG +#ifndef DEBUG +#define DEBUG +#endif #define MAXPORT 1024 static int getnum_str(u_char **, u_char *); diff --git a/lib/libc/resolv/res_private.h b/lib/libc/resolv/res_private.h index 4e98157..a986e95 100644 --- a/lib/libc/resolv/res_private.h +++ b/lib/libc/resolv/res_private.h @@ -1,3 +1,5 @@ +/* $FreeBSD$ */ + #ifndef res_private_h #define res_private_h @@ -12,6 +14,9 @@ struct __res_state_ext { } sort_list[MAXRESOLVSORT]; char nsuffix[64]; char nsuffix2[64]; + struct timespec conf_mtim; /* mod time of loaded resolv.conf */ + time_t conf_stat; /* time of last stat(resolv.conf) */ + u_short reload_period; /* seconds between stat(resolv.conf) */ }; extern int diff --git a/lib/libc/resolv/res_query.c b/lib/libc/resolv/res_query.c index 4ae97f6..5992edd 100644 --- a/lib/libc/resolv/res_query.c +++ b/lib/libc/resolv/res_query.c @@ -88,7 +88,9 @@ __FBSDID("$FreeBSD$"); #include "port_after.h" /* Options. Leave them on. */ -#define DEBUG +#ifndef DEBUG +#define DEBUG +#endif #if PACKETSZ > 1024 #define MAXPACKET PACKETSZ diff --git a/lib/libc/resolv/res_send.c b/lib/libc/resolv/res_send.c index 5690491..c127c3b 100644 --- a/lib/libc/resolv/res_send.c +++ b/lib/libc/resolv/res_send.c @@ -119,7 +119,9 @@ __FBSDID("$FreeBSD$"); #include "un-namespace.h" /* Options. Leave them on. */ -#define DEBUG +#ifndef DEBUG +#define DEBUG +#endif #include "res_debug.h" #include "res_private.h" diff --git a/lib/libc/resolv/res_state.c b/lib/libc/resolv/res_state.c index 87643422..6d31d92 100644 --- a/lib/libc/resolv/res_state.c +++ b/lib/libc/resolv/res_state.c @@ -37,6 +37,8 @@ #include "reentrant.h" #include "un-namespace.h" +#include "res_private.h" + #undef _res struct __res_state _res; @@ -66,20 +68,26 @@ res_check_reload(res_state statp) { struct timespec now; struct stat sb; + struct __res_state_ext *ext; + + if ((statp->options & RES_INIT) == 0) { + return (statp); + } - if ((statp->options & RES_INIT) == 0 || statp->reload_period == 0) { + ext = statp->_u._ext.ext; + if (ext == NULL || ext->reload_period == 0) { return (statp); } if (clock_gettime(CLOCK_MONOTONIC_FAST, &now) != 0 || - (now.tv_sec - statp->conf_stat) < statp->reload_period) { + (now.tv_sec - ext->conf_stat) < ext->reload_period) { return (statp); } - statp->conf_stat = now.tv_sec; + ext->conf_stat = now.tv_sec; if (stat(_PATH_RESCONF, &sb) == 0 && - (sb.st_mtim.tv_sec != statp->conf_mtim.tv_sec || - sb.st_mtim.tv_nsec != statp->conf_mtim.tv_nsec)) { + (sb.st_mtim.tv_sec != ext->conf_mtim.tv_sec || + sb.st_mtim.tv_nsec != ext->conf_mtim.tv_nsec)) { statp->options &= ~RES_INIT; } diff --git a/lib/libc/sys/brk.2 b/lib/libc/sys/brk.2 index 31dea32..0a529ee 100644 --- a/lib/libc/sys/brk.2 +++ b/lib/libc/sys/brk.2 @@ -28,7 +28,7 @@ .\" @(#)brk.2 8.4 (Berkeley) 5/1/95 .\" $FreeBSD$ .\" -.Dd July 12, 1999 +.Dd December 15, 2015 .Dt BRK 2 .Os .Sh NAME @@ -38,7 +38,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft int .Fn brk "const void *addr" diff --git a/lib/libc/sys/getgid.2 b/lib/libc/sys/getgid.2 index b03040b..5bd2a94 100644 --- a/lib/libc/sys/getgid.2 +++ b/lib/libc/sys/getgid.2 @@ -28,7 +28,7 @@ .\" @(#)getgid.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd December 15, 2015 .Dt GETGID 2 .Os .Sh NAME @@ -38,7 +38,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft gid_t .Fn getgid void diff --git a/lib/libc/sys/getpid.2 b/lib/libc/sys/getpid.2 index aefa770..ab69f71 100644 --- a/lib/libc/sys/getpid.2 +++ b/lib/libc/sys/getpid.2 @@ -28,7 +28,7 @@ .\" @(#)getpid.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd November 2, 2006 +.Dd December 15, 2015 .Dt GETPID 2 .Os .Sh NAME @@ -38,7 +38,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft pid_t .Fn getpid void diff --git a/lib/libc/sys/getuid.2 b/lib/libc/sys/getuid.2 index eae0b23..4145356 100644 --- a/lib/libc/sys/getuid.2 +++ b/lib/libc/sys/getuid.2 @@ -28,7 +28,7 @@ .\" @(#)getuid.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd December 15, 2015 .Dt GETUID 2 .Os .Sh NAME @@ -39,7 +39,6 @@ .Lb libc .Sh SYNOPSIS .In unistd.h -.In sys/types.h .Ft uid_t .Fn getuid void .Ft uid_t diff --git a/lib/libc/sys/read.2 b/lib/libc/sys/read.2 index e99665f..a0a7be8 100644 --- a/lib/libc/sys/read.2 +++ b/lib/libc/sys/read.2 @@ -28,7 +28,7 @@ .\" @(#)read.2 8.4 (Berkeley) 2/26/94 .\" $FreeBSD$ .\" -.Dd September 11, 2013 +.Dd December 15, 2015 .Dt READ 2 .Os .Sh NAME @@ -40,7 +40,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft ssize_t .Fn read "int fd" "void *buf" "size_t nbytes" diff --git a/lib/libc/sys/setuid.2 b/lib/libc/sys/setuid.2 index 54d89bc..949d936 100644 --- a/lib/libc/sys/setuid.2 +++ b/lib/libc/sys/setuid.2 @@ -28,7 +28,7 @@ .\" @(#)setuid.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd September 13, 2015 +.Dd December 15, 2015 .Dt SETUID 2 .Os .Sh NAME @@ -40,7 +40,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft int .Fn setuid "uid_t uid" diff --git a/lib/libc/sys/utrace.2 b/lib/libc/sys/utrace.2 index 345c1fd..9f48ca9 100644 --- a/lib/libc/sys/utrace.2 +++ b/lib/libc/sys/utrace.2 @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 5, 2015 +.Dd December 11, 2015 .Dt UTRACE 2 .Os .Sh NAME @@ -71,7 +71,8 @@ support .Xr kdump 1 , .Xr ktrace 1 , .Xr ktrace 2 , -.Xr truss 1 +.Xr truss 1 , +.Xr sysdecode_utrace 3 .Sh HISTORY The .Fn utrace diff --git a/lib/libc/sys/write.2 b/lib/libc/sys/write.2 index a06e7c9..0bfe565 100644 --- a/lib/libc/sys/write.2 +++ b/lib/libc/sys/write.2 @@ -28,7 +28,7 @@ .\" @(#)write.2 8.5 (Berkeley) 4/2/94 .\" $FreeBSD$ .\" -.Dd September 11, 2013 +.Dd December 15, 2015 .Dt WRITE 2 .Os .Sh NAME @@ -40,7 +40,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft ssize_t .Fn write "int fd" "const void *buf" "size_t nbytes" diff --git a/lib/libstand/Makefile b/lib/libstand/Makefile index a038087..44d5834 100644 --- a/lib/libstand/Makefile +++ b/lib/libstand/Makefile @@ -39,8 +39,8 @@ SRCS+= ntoh.c .PATH: ${LIBC_SRC}/string SRCS+= bcmp.c bcopy.c bzero.c ffs.c memccpy.c memchr.c memcmp.c memcpy.c \ memmove.c memset.c qdivrem.c strcat.c strchr.c strcmp.c strcpy.c \ - strcspn.c strlen.c strncat.c strncmp.c strncpy.c strpbrk.c \ - strrchr.c strsep.c strspn.c strstr.c strtok.c swab.c + strcspn.c strlcat.c strlcpy.c strlen.c strncat.c strncmp.c strncpy.c \ + strpbrk.c strrchr.c strsep.c strspn.c strstr.c strtok.c swab.c .if ${MACHINE_CPUARCH} == "arm" .PATH: ${LIBC_SRC}/arm/gen diff --git a/lib/libsysdecode/Makefile b/lib/libsysdecode/Makefile new file mode 100644 index 0000000..8eb7908 --- /dev/null +++ b/lib/libsysdecode/Makefile @@ -0,0 +1,13 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +LIB= sysdecode + +SRCS= utrace.c +INCS= sysdecode.h + +MAN+= sysdecode.3 \ + sysdecode_utrace.3 + +.include <bsd.lib.mk> diff --git a/lib/libsysdecode/sysdecode.3 b/lib/libsysdecode/sysdecode.3 new file mode 100644 index 0000000..fd1677d --- /dev/null +++ b/lib/libsysdecode/sysdecode.3 @@ -0,0 +1,47 @@ +.\" +.\" Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd December 10, 2015 +.Dt SYSDECODE 3 +.Os +.Sh NAME +.Nm sysdecode +.Nd system argument decoding library +.Sh LIBRARY +.Lb libsysdecode +.Sh DESCRIPTION +The +.Nm +library includes several functions that provide descriptive names of +values associated with system calls. +.Sh SEE ALSO +.Xr sysdecode_utrace 3 +.Sh HISTORY +The +.Nm +library first appeared in +.Fx 11.0 . diff --git a/lib/libsysdecode/sysdecode.h b/lib/libsysdecode/sysdecode.h new file mode 100644 index 0000000..10feee1 --- /dev/null +++ b/lib/libsysdecode/sysdecode.h @@ -0,0 +1,34 @@ +/*- + * Copyright (c) 2015 John H. Baldwin <jhb@FreeBSD.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef __SYSDECODE_H__ +#define __SYSDECODE_H__ + +int sysdecode_utrace(FILE *_fp, void *_buf, size_t _len); + +#endif /* !__SYSDECODE_H__ */ diff --git a/lib/libsysdecode/sysdecode_utrace.3 b/lib/libsysdecode/sysdecode_utrace.3 new file mode 100644 index 0000000..8bf2e85 --- /dev/null +++ b/lib/libsysdecode/sysdecode_utrace.3 @@ -0,0 +1,73 @@ +.\" +.\" Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd December 11, 2015 +.Dt sysdecode_utrace 3 +.Os +.Sh NAME +.Nm sysdecode_utrace +.Nd produce text description of a utrace record +.Sh LIBRARY +.Lb libsysdecode +.Sh SYNOPSIS +.Ft int +.Fn sysdecode_utrace "FILE *fp" "void *buf" "size_t len" "int decimal" +.Sh DESCRIPTION +The +.Fn sysdecode_utrace +function outputs a textual representation of a +.Xr utrace 2 +record identified by +.Fa buf +and +.Fa len +to the output stream +.Fa fp . +.Pp +The function only outputs a representation for certain types of records. +If a record is recognized, +the function outputs the description and returns a non-zero value. +If the record is not recognized, +the function does not output anything and returns zero. +The +.Fn sysdecode_utrace +function currently recognizes +.Xr utrace 2 +records generated by +.Xr malloc 3 +and +.Xr rtld 1 . +.Sh RETURN VALUES +The +.Fn sysdecode_utrace +function returns a non-zero value if it recognizes a +.Xr utrace 2 +record; +otherwise it returns zero. +.Sh SEE ALSO +.Xr utrace 2 , +.Xr sysdecode 3 diff --git a/usr.bin/kdump/utrace.c b/lib/libsysdecode/utrace.c index e719365..6a25139 100644 --- a/usr.bin/kdump/utrace.c +++ b/lib/libsysdecode/utrace.c @@ -34,8 +34,7 @@ __FBSDID("$FreeBSD$"); #include <dlfcn.h> #include <stdio.h> #include <strings.h> - -int kdump_print_utrace(FILE *, void *, size_t, int); +#include <sysdecode.h> #define UTRACE_DLOPEN_START 1 #define UTRACE_DLOPEN_STOP 2 @@ -60,11 +59,10 @@ struct utrace_rtld { char name[MAXPATHLEN]; }; -static void -print_utrace_rtld(FILE *fp, void *p, size_t len, int decimal) +static int +print_utrace_rtld(FILE *fp, void *p) { struct utrace_rtld *ut = p; - unsigned char *cp; void *parent; int mode; @@ -136,16 +134,9 @@ print_utrace_rtld(FILE *fp, void *p, size_t len, int decimal) ut->name); break; default: - cp = p; - cp += 4; - len -= 4; - fprintf(fp, "RTLD: %zu ", len); - while (len--) - if (decimal) - fprintf(fp, " %d", *cp++); - else - fprintf(fp, " %02x", *cp++); + return (0); } + return (1); } struct utrace_malloc { @@ -170,12 +161,11 @@ print_utrace_malloc(FILE *fp, void *p) } int -kdump_print_utrace(FILE *fp, void *p, size_t len, int decimal) +sysdecode_utrace(FILE *fp, void *p, size_t len) { - if (len >= 8 && bcmp(p, "RTLD", 4) == 0) { - print_utrace_rtld(fp, p, len, decimal); - return (1); + if (len == sizeof(struct utrace_rtld) && bcmp(p, "RTLD", 4) == 0) { + return (print_utrace_rtld(fp, p)); } if (len == sizeof(struct utrace_malloc)) { diff --git a/sbin/reboot/reboot.8 b/sbin/reboot/reboot.8 index ac3bd47..c95333c 100644 --- a/sbin/reboot/reboot.8 +++ b/sbin/reboot/reboot.8 @@ -28,7 +28,7 @@ .\" @(#)reboot.8 8.1 (Berkeley) 6/9/93 .\" $FreeBSD$ .\" -.Dd May 22, 2015 +.Dd Dec 12, 2015 .Dt REBOOT 8 .Os .Sh NAME @@ -39,16 +39,16 @@ .Nd stopping and restarting the system .Sh SYNOPSIS .Nm halt -.Op Fl lnpq +.Op Fl lNnpq .Op Fl k Ar kernel .Nm -.Op Fl dlnpqr +.Op Fl dlNnpqr .Op Fl k Ar kernel .Nm fasthalt -.Op Fl lnpq +.Op Fl lNnpq .Op Fl k Ar kernel .Nm fastboot -.Op Fl dlnpq +.Op Fl dlNnpq .Op Fl k Ar kernel .Sh DESCRIPTION The @@ -94,6 +94,16 @@ that call or .Nm halt and log this themselves. +.It Fl N +The file system cache is not flushed during the initial process clean-up, +however the kernel level +.Xr reboot 2 +is still processed with a sync. +This option can be useful for performing a +.Dq best-effort +reboot when devices might be unavailable. +This can happen when devices have been disconnected, such as with +.Xr iscsi 4 . .It Fl n The file system cache is not flushed. This option should probably not be used. diff --git a/sbin/reboot/reboot.c b/sbin/reboot/reboot.c index fdef7d5..eaaa5b5 100644 --- a/sbin/reboot/reboot.c +++ b/sbin/reboot/reboot.c @@ -67,7 +67,7 @@ main(int argc, char *argv[]) { struct utmpx utx; const struct passwd *pw; - int ch, howto, i, fd, lflag, nflag, qflag, sverrno; + int ch, howto, i, fd, lflag, nflag, qflag, sverrno, Nflag; u_int pageins; const char *user, *kernel = NULL; @@ -77,7 +77,7 @@ main(int argc, char *argv[]) } else howto = 0; lflag = nflag = qflag = 0; - while ((ch = getopt(argc, argv, "dk:lnpqr")) != -1) + while ((ch = getopt(argc, argv, "dk:lNnpqr")) != -1) switch(ch) { case 'd': howto |= RB_DUMP; @@ -92,6 +92,10 @@ main(int argc, char *argv[]) nflag = 1; howto |= RB_NOSYNC; break; + case 'N': + nflag = 1; + Nflag = 1; + break; case 'p': howto |= RB_POWEROFF; break; @@ -110,6 +114,8 @@ main(int argc, char *argv[]) if ((howto & (RB_DUMP | RB_HALT)) == (RB_DUMP | RB_HALT)) errx(1, "cannot dump (-d) when halting; must reboot instead"); + if (Nflag && (howto & RB_NOSYNC) != 0) + errx(1, "-N cannot be used with -n"); if ((howto & RB_REROOT) != 0 && howto != RB_REROOT) errx(1, "-r cannot be used with -d, -n, or -p"); if (geteuid()) { diff --git a/share/man/man4/aesni.4 b/share/man/man4/aesni.4 index 3a8e101..07706e7 100644 --- a/share/man/man4/aesni.4 +++ b/share/man/man4/aesni.4 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 6, 2010 +.Dd December 14, 2015 .Dt AESNI 4 .Os .Sh NAME @@ -36,6 +36,7 @@ place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" +.Cd "device cryptodev" .Cd "device aesni" .Ed .Pp diff --git a/share/man/man4/blackhole.4 b/share/man/man4/blackhole.4 index f662ec3..0bd7d03 100644 --- a/share/man/man4/blackhole.4 +++ b/share/man/man4/blackhole.4 @@ -87,8 +87,8 @@ MIBs first appeared in .Fx 4.0 . .Pp -The SCTP -.Nm +The SCTP +.Nm MIB first appeared in .Fx 9.1 . .Sh AUTHORS diff --git a/share/man/man4/crypto.4 b/share/man/man4/crypto.4 index a488d9c..31edb7f 100644 --- a/share/man/man4/crypto.4 +++ b/share/man/man4/crypto.4 @@ -60,7 +60,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 12, 2014 +.Dd December 15, 2015 .Dt CRYPTO 4 .Os .Sh NAME @@ -79,7 +79,7 @@ The .Nm driver gives user-mode applications access to hardware-accelerated cryptographic transforms, as implemented by the -.Xr opencrypto 9 +.Xr crypto 9 in-kernel interface. .Pp The @@ -99,9 +99,6 @@ variables, .Ic kern.userasymcrypto and .Ic kern.cryptodevallowsoft . -See -.Xr sysctl 7 -for additional details. .Pp The .Nm diff --git a/share/man/man4/dtrace_io.4 b/share/man/man4/dtrace_io.4 index dea6221..ed5c56f 100644 --- a/share/man/man4/dtrace_io.4 +++ b/share/man/man4/dtrace_io.4 @@ -91,8 +91,8 @@ io:::start END { - printf("%10s %20s %10s %15s\n", "DEVICE", "APP", "PID", "BYTES"); - printa("%10s %20s %10d %15@d\n", @); + printf("%10s %20s %10s %15s\\n", "DEVICE", "APP", "PID", "BYTES"); + printa("%10s %20s %10d %15@d\\n", @); } .Ed .Sh COMPATIBILITY diff --git a/share/man/man4/dtrace_ip.4 b/share/man/man4/dtrace_ip.4 index 164114e..9879d9a 100644 --- a/share/man/man4/dtrace_ip.4 +++ b/share/man/man4/dtrace_ip.4 @@ -239,7 +239,7 @@ by the kernel: dtrace:::BEGIN { - printf(" %10s %30s %-30s %8s %6s\n", "DELTA(us)", "SOURCE", + printf(" %10s %30s %-30s %8s %6s\\n", "DELTA(us)", "SOURCE", "DEST", "INT", "BYTES"); last = timestamp; } @@ -247,7 +247,7 @@ dtrace:::BEGIN ip:::send { this->elapsed = (timestamp - last) / 1000; - printf(" %10d %30s -> %-30s %8s %6d\n", this->elapsed, + printf(" %10d %30s -> %-30s %8s %6d\\n", this->elapsed, args[2]->ip_saddr, args[2]->ip_daddr, args[3]->if_name, args[2]->ip_plength); last = timestamp; @@ -256,7 +256,7 @@ ip:::send ip:::receive { this->elapsed = (timestamp - last) / 1000; - printf(" %10d %30s <- %-30s %8s %6d\n", this->elapsed, + printf(" %10d %30s <- %-30s %8s %6d\\n", this->elapsed, args[2]->ip_daddr, args[2]->ip_saddr, args[3]->if_name, args[2]->ip_plength); last = timestamp; diff --git a/share/man/man4/dtrace_tcp.4 b/share/man/man4/dtrace_tcp.4 index f499ae4..d7ab30c 100644 --- a/share/man/man4/dtrace_tcp.4 +++ b/share/man/man4/dtrace_tcp.4 @@ -300,7 +300,7 @@ The following script logs TCP segments in real time: dtrace:::BEGIN { - printf(" %3s %15s:%-5s %15s:%-5s %6s %s\n", "CPU", + printf(" %3s %15s:%-5s %15s:%-5s %6s %s\\n", "CPU", "LADDR", "LPORT", "RADDR", "RPORT", "BYTES", "FLAGS"); } @@ -317,7 +317,7 @@ tcp:::send printf("%s", args[4]->tcp_flags & TH_ACK ? "ACK|" : ""); printf("%s", args[4]->tcp_flags & TH_URG ? "URG|" : ""); printf("%s", args[4]->tcp_flags == 0 ? "null " : ""); - printf("\b)\n"); + printf("\b)\\n"); } tcp:::receive @@ -333,7 +333,7 @@ tcp:::receive printf("%s", args[4]->tcp_flags & TH_ACK ? "ACK|" : ""); printf("%s", args[4]->tcp_flags & TH_URG ? "URG|" : ""); printf("%s", args[4]->tcp_flags == 0 ? "null " : ""); - printf("\b)\n"); + printf("\b)\\n"); } .Ed The following script logs TCP connection state changes as they occur: @@ -345,14 +345,14 @@ int last[int]; dtrace:::BEGIN { - printf(" %12s %-20s %-20s %s\n", + printf(" %12s %-20s %-20s %s\\n", "DELTA(us)", "OLD", "NEW", "TIMESTAMP"); } tcp:::state-change { this->elapsed = (timestamp - last[args[1]->cs_cid]) / 1000; - printf(" %12d %-20s -> %-20s %d\n", this->elapsed, + printf(" %12d %-20s -> %-20s %d\\n", this->elapsed, tcp_state_string[args[5]->tcps_state], tcp_state_string[args[3]->tcps_state], timestamp); last[args[1]->cs_cid] = timestamp; @@ -361,7 +361,7 @@ tcp:::state-change tcp:::state-change /last[args[1]->cs_cid] == 0/ { - printf(" %12s %-20s -> %-20s %d\n", "-", + printf(" %12s %-20s -> %-20s %d\\n", "-", tcp_state_string[args[5]->tcps_state], tcp_state_string[args[3]->tcps_state], timestamp); last[args[1]->cs_cid] = timestamp; diff --git a/share/man/man4/dtrace_udp.4 b/share/man/man4/dtrace_udp.4 index e39cc75..40df6b6 100644 --- a/share/man/man4/dtrace_udp.4 +++ b/share/man/man4/dtrace_udp.4 @@ -151,7 +151,7 @@ by the kernel: dtrace:::BEGIN { - printf(" %10s %36s %-36s %6s\n", "DELTA(us)", "SOURCE", + printf(" %10s %36s %-36s %6s\\n", "DELTA(us)", "SOURCE", "DEST", "BYTES"); last = timestamp; } @@ -161,7 +161,7 @@ udp:::send this->elapsed = (timestamp - last) / 1000; self->dest = strjoin(strjoin(args[2]->ip_daddr, ":"), lltostr(args[4]->udp_dport)); - printf(" %10d %30s:%-5d -> %-36s %6d\n", this->elapsed, + printf(" %10d %30s:%-5d -> %-36s %6d\\n", this->elapsed, args[2]->ip_saddr, args[4]->udp_sport, self->dest, args[4]->udp_length); last = timestamp; @@ -172,7 +172,7 @@ udp:::receive this->elapsed = (timestamp - last) / 1000; self->dest = strjoin(strjoin(args[2]->ip_saddr, ":"), lltostr(args[4]->udp_sport)); - printf(" %10d %30s:%-5d <- %-36s %6d\n", this->elapsed, + printf(" %10d %30s:%-5d <- %-36s %6d\\n", this->elapsed, args[2]->ip_daddr, args[4]->udp_dport, self->dest, args[4]->udp_length); last = timestamp; diff --git a/share/man/man4/ioat.4 b/share/man/man4/ioat.4 index add6495..7ba7768 100644 --- a/share/man/man4/ioat.4 +++ b/share/man/man4/ioat.4 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 9, 2015 +.Dd December 14, 2015 .Dt IOAT 4 .Os .Sh NAME @@ -63,6 +63,10 @@ In .Fn ioat_get_dmaengine "uint32_t channel_index" .Ft void .Fn ioat_put_dmaengine "bus_dmaengine_t dmaengine" +.Ft int +.Fn ioat_set_interrupt_coalesce "bus_dmaengine_t dmaengine" "uint16_t delay" +.Ft uint16_t +.Fn ioat_get_max_coalesce_period "bus_dmaengine_t dmaengine" .Ft void .Fn ioat_acquire "bus_dmaengine_t dmaengine" .Ft void @@ -129,6 +133,20 @@ flag. For example, a user might submit multiple operations to the same channel and only enable an interrupt and callback for the last operation. .Pp +The hardware can delay and coalesce interrupts on a given channel for a +configurable period of time, in microseconds. +This may be desired to reduce the processing and interrupt overhead per +descriptor, especially for workflows consisting of many small operations. +Software can control this on a per-channel basis with the +.Fn ioat_set_interrupt_coalesce +API. +The +.Fn ioat_get_max_coalesce_period +API can be used to determine the maximum coalescing period supported by the +hardware, in microseconds. +Current platforms support up to a 16.383 millisecond coalescing period. +Optimal configuration will vary by workflow and desired operation latency. +.Pp All operations are safe to use in a non-blocking context with the .Ar DMA_NO_WAIT flag. @@ -188,7 +206,7 @@ unload. For an example of usage, see .Pa src/sys/dev/ioat/ioat_test.c . .Sh FILES -.Bl -tag -compat +.Bl -tag .It Pa /dev/ioat_test test device for .Xr ioatcontrol 8 diff --git a/share/man/man4/mlx5en.4 b/share/man/man4/mlx5en.4 index e1b2b6d..4da591c 100644 --- a/share/man/man4/mlx5en.4 +++ b/share/man/man4/mlx5en.4 @@ -25,7 +25,7 @@ .\" $FreeBSD$ .\" .Dd December 3, 2015 -.Dt mlx5en 4 +.Dt MLX5EN 4 .Os .Sh NAME .Nm mlx5en diff --git a/share/man/man4/netmap.4 b/share/man/man4/netmap.4 index d051620..4d4ed32 100644 --- a/share/man/man4/netmap.4 +++ b/share/man/man4/netmap.4 @@ -27,16 +27,16 @@ .\" .\" $FreeBSD$ .\" -.Dd February 13, 2014 +.Dd December 14, 2015 .Dt NETMAP 4 .Os .Sh NAME .Nm netmap .Nd a framework for fast packet I/O -.br +.Pp .Nm VALE .Nd a fast VirtuAl Local Ethernet using the netmap API -.br +.Pp .Nm netmap pipes .Nd a shared memory packet transport channel .Sh SYNOPSIS @@ -45,8 +45,9 @@ .Nm is a framework for extremely fast and efficient packet I/O for both userspace and kernel clients. -It runs on FreeBSD and Linux, -and includes +It runs on +.Fx +and Linux, and includes .Nm VALE , a very fast and modular in-kernel software switch/dataplane, and @@ -54,7 +55,8 @@ and a shared memory packet transport channel. All these are accessed interchangeably with the same API. .Pp -.Nm , VALE +.Nm , +.Nm VALE and .Nm netmap pipes are at least one order of magnitude faster than @@ -78,13 +80,14 @@ providing high speed packet I/O between processes, virtual machines, NICs and the host stack. .Pp .Nm -suports both non-blocking I/O through -.Xr ioctls() , +supports both non-blocking I/O through +.Xr ioctl 2 , synchronization and blocking I/O through a file descriptor and standard OS mechanisms such as .Xr select 2 , .Xr poll 2 , .Xr epoll 2 , +and .Xr kqueue 2 . .Nm VALE and @@ -131,7 +134,7 @@ All NICs operating in .Nm mode use the same memory region, accessible to all processes who own -.Nm /dev/netmap +.Pa /dev/netmap file descriptors bound to NICs. Independent .Nm VALE @@ -184,7 +187,7 @@ and the number, size and location of all the data structures, which can be accessed by mmapping the memory .Dl char *mem = mmap(0, arg.nr_memsize, fd); .Pp -Non blocking I/O is done with special +Non-blocking I/O is done with special .Xr ioctl 2 .Xr select 2 and @@ -210,10 +213,11 @@ and returns the NIC to normal mode (reconnecting the data path to the host stack), or destroys the virtual port. .Sh DATA STRUCTURES The data structures in the mmapped memory region are detailed in -.Xr sys/net/netmap.h , +.In sys/net/netmap.h , which is the ultimate reference for the .Nm -API. The main structures and fields are indicated below: +API. +The main structures and fields are indicated below: .Bl -tag -width XXX .It Dv struct netmap_if (one per interface) .Bd -literal @@ -242,7 +246,9 @@ to be used as temporary storage for packets. contains the index of the first of these free rings, which are connected in a list (the first uint32_t of each buffer being the index of the next buffer in the list). -A 0 indicates the end of the list. +A +.Dv 0 +indicates the end of the list. .It Dv struct netmap_ring (one per ring) .Bd -literal struct netmap_ring { @@ -262,8 +268,8 @@ struct netmap_ring { .Ed .Pp Implements transmit and receive rings, with read/write -pointers, metadata and and an array of -.Pa slots +pointers, metadata and an array of +.Em slots describing the buffers. .It Dv struct netmap_slot (one per buffer) .Bd -literal @@ -286,10 +292,11 @@ The offset of the in the mmapped region is indicated by the .Pa nr_offset field in the structure returned by -.Pa NIOCREGIF . +.Dv NIOCREGIF . From there, all other objects are reachable through relative references (offsets or indexes). -Macros and functions in <net/netmap_user.h> +Macros and functions in +.In net/netmap_user.h help converting them into actual pointers: .Pp .Dl struct netmap_if *nifp = NETMAP_IF(mem, arg.nr_offset); @@ -322,7 +329,9 @@ passes .Va tail is the first slot reserved to the kernel. .Pp -Slot indexes MUST only move forward; +Slot indexes +.Em must +only move forward; for convenience, the function .Dl nm_ring_next(ring, index) returns the next index modulo the ring size. @@ -385,7 +394,10 @@ Below is an example of the evolution of a TX ring: TX [..........aaaaaaaaaaa........] .Ed .Pp -select() and poll() wlll block if there is no space in the ring, i.e. +.Fn select +and +.Fn poll +will block if there is no space in the ring, i.e. .Dl ring->cur == ring->tail and return when new slots have become available. .Pp @@ -448,7 +460,10 @@ One packet is fully contained in a single buffer. The following flags affect slot and buffer processing: .Bl -tag -width XXX .It NS_BUF_CHANGED -it MUST be used when the buf_idx in the slot is changed. +.Em must +be used when the +.Va buf_idx +in the slot is changed. This can be used to implement zero-copy forwarding, see .Sx ZERO-COPY FORWARDING . @@ -457,19 +472,20 @@ reports when this buffer has been transmitted. Normally, .Nm notifies transmit completions in batches, hence signals -can be delayed indefinitely. This flag helps detecting -when packets have been send and a file descriptor can be closed. +can be delayed indefinitely. +This flag helps detect +when packets have been sent and a file descriptor can be closed. .It NS_FORWARD When a ring is in 'transparent' mode (see .Sx TRANSPARENT MODE ) , -packets marked with this flags are forwarded to the other endpoint +packets marked with this flag are forwarded to the other endpoint at the next system call, thus restoring (in a selective way) the connection between a NIC and the host stack. .It NS_NO_LEARN -tells the forwarding code that the SRC MAC address for this +tells the forwarding code that the source MAC address for this packet must not be used in the learning bridge code. .It NS_INDIRECT -indicates that the packet's payload is in a user-supplied buffer, +indicates that the packet's payload is in a user-supplied buffer whose user virtual address is in the 'ptr' field of the slot. The size can reach 65535 bytes. .br @@ -502,7 +518,8 @@ Slots with a value greater than 1 also have NS_MOREFRAG set. .Sh IOCTLS .Nm uses two ioctls (NIOCTXSYNC, NIOCRXSYNC) -for non-blocking I/O. They take no argument. +for non-blocking I/O. +They take no argument. Two more ioctls (NIOCGINFO, NIOCREGIF) are used to query and configure ports, with the following argument: .Bd -literal @@ -514,7 +531,7 @@ struct nmreq { uint32_t nr_tx_slots; /* (i/o) slots in tx rings */ uint32_t nr_rx_slots; /* (i/o) slots in rx rings */ uint16_t nr_tx_rings; /* (i/o) number of tx rings */ - uint16_t nr_rx_rings; /* (i/o) number of tx rings */ + uint16_t nr_rx_rings; /* (i/o) number of rx rings */ uint16_t nr_ringid; /* (i/o) ring(s) we care about */ uint16_t nr_cmd; /* (i) special command */ uint16_t nr_arg1; /* (i/o) extra arguments */ @@ -540,7 +557,8 @@ interface is actually put in netmap mode. .It Pa nr_memsize indicates the size of the .Nm -memory region. NICs in +memory region. +NICs in .Nm mode all share the same memory region, whereas @@ -559,7 +577,8 @@ using interface-specific functions (e.g. .It Dv NIOCREGIF binds the port named in .Va nr_name -to the file descriptor. For a physical device this also switches it into +to the file descriptor. +For a physical device this also switches it into .Nm mode, disconnecting it from the host stack. @@ -615,9 +634,11 @@ the slave side of the netmap pipe whose identifier (i) is in .Pa nr_ringid . .Pp The identifier of a pipe must be thought as part of the pipe name, -and does not need to be sequential. On return the pipe +and does not need to be sequential. +On return the pipe will only have a single ring pair with index 0, -irrespective of the value of i. +irrespective of the value of +.Va i. .El .Pp By default, a @@ -667,13 +688,22 @@ are supported too. .Pp Packets in transmit rings are normally pushed out (and buffers reclaimed) even without -requesting write events. Passing the NETMAP_NO_TX_POLL flag to +requesting write events. +Passing the +.Dv NETMAP_NO_TX_POLL +flag to .Em NIOCREGIF disables this feature. By default, receive rings are processed only if read -events are requested. Passing the NETMAP_DO_RX_POLL flag to +events are requested. +Passing the +.Dv NETMAP_DO_RX_POLL +flag to .Em NIOCREGIF updates receive rings even without read events. -Note that on epoll and kqueue, NETMAP_NO_TX_POLL and NETMAP_DO_RX_POLL +Note that on epoll and kqueue, +.Dv NETMAP_NO_TX_POLL +and +.Dv NETMAP_DO_RX_POLL only have an effect when some event is posted for the file descriptor. .Sh LIBRARIES The @@ -681,12 +711,13 @@ The API is supposed to be used directly, both because of its simplicity and for efficient integration with applications. .Pp -For conveniency, the -.Va <net/netmap_user.h> +For convenience, the +.In net/netmap_user.h header provides a few macros and functions to ease creating a file descriptor and doing I/O with a .Nm -port. These are loosely modeled after the +port. +These are loosely modeled after the .Xr pcap 3 API, to ease porting of libpcap-based applications to .Nm . @@ -760,7 +791,8 @@ On Linux .Pp NICs without native support can still be used in .Nm -mode through emulation. Performance is inferior to native netmap +mode through emulation. +Performance is inferior to native netmap mode but still significantly higher than sockets, and approaching that of in-kernel solutions such as Linux's .Xr pktgen . @@ -806,7 +838,8 @@ Verbose kernel messages .It Va dev.netmap.if_num: 100 .It Va dev.netmap.if_size: 1024 Sizes and number of objects (netmap_if, netmap_ring, buffers) -for the global memory region. The only parameter worth modifying is +for the global memory region. +The only parameter worth modifying is .Va dev.netmap.buf_num as it impacts the total amount of memory used by netmap. .It Va dev.netmap.buf_curr_num: 0 @@ -819,7 +852,8 @@ Actual values in use. .It Va dev.netmap.bridge_batch: 1024 Batch size used when moving packets across a .Nm VALE -switch. Values above 64 generally guarantee good +switch. +Values above 64 generally guarantee good performance. .El .Sh SYSTEM CALLS @@ -850,12 +884,14 @@ may be of use. comes with a few programs that can be used for testing or simple applications. See the -.Va examples/ +.Pa examples/ directory in .Nm distributions, or -.Va tools/tools/netmap/ -directory in FreeBSD distributions. +.Pa tools/tools/netmap/ +directory in +.Fx +distributions. .Pp .Xr pkt-gen is a general purpose traffic source/sink. @@ -875,7 +911,8 @@ rates, and use multiple send/receive threads and cores. .Xr bridge is another test program which interconnects two .Nm -ports. It can be used for transparent forwarding between +ports. +It can be used for transparent forwarding between interfaces, as in .Dl bridge -i ix0 -i ix1 or even connect the NIC to the host stack using netmap @@ -942,7 +979,8 @@ void receiver(void) .Ss ZERO-COPY FORWARDING Since physical interfaces share the same memory region, it is possible to do packet forwarding between ports -swapping buffers. The buffer from the transmit ring is used +swapping buffers. +The buffer from the transmit ring is used to replenish the receive ring: .Bd -literal -compact uint32_t tmp; @@ -1014,6 +1052,7 @@ and further extended with help from .An Matteo Landi , .An Gaetano Catalli , .An Giuseppe Lettieri , +and .An Vincenzo Maffione . .Pp .Nm @@ -1026,7 +1065,8 @@ No matter how fast the CPU and OS are, achieving line rate on 10G and faster interfaces requires hardware with sufficient performance. Several NICs are unable to sustain line rate with -small packet sizes. Insufficient PCIe or memory bandwidth +small packet sizes. +Insufficient PCIe or memory bandwidth can also cause reduced performance. .Pp Another frequent reason for low performance is the use @@ -1034,7 +1074,6 @@ of flow control on the link: a slow receiver can limit the transmit speed. Be sure to disable flow control when running high speed experiments. -.Pp .Ss SPECIAL NIC FEATURES .Nm is orthogonal to some NIC features such as @@ -1054,6 +1093,6 @@ and filtering of incoming traffic. features such as .Em checksum offloading , TCP segmentation offloading , .Em encryption , VLAN encapsulation/decapsulation , -etc. . +etc. When using netmap to exchange packets with the host stack, make sure to disable these features. diff --git a/share/man/man4/pass.4 b/share/man/man4/pass.4 index 140e7df..618b643 100644 --- a/share/man/man4/pass.4 +++ b/share/man/man4/pass.4 @@ -102,7 +102,7 @@ Queue a CCB to the driver to be executed asynchronously. The caller may use .Xr select 2 , -.Xr poll 2 +.Xr poll 2 or .Xr kevent 2 to receive notification when the CCB has completed. @@ -120,11 +120,11 @@ Although the .Dv CAMIOQUEUE ioctl is not defined to take an argument, it does require a pointer to a union ccb. -It is not defined to take an argument to avoid an extra malloc and copy -inside the generic +It is not defined to take an argument to avoid an extra malloc and copy +inside the generic .Xr ioctl 2 handler. -.pp +.Pp The completed CCB will be returned via the .Dv CAMIOGET ioctl. @@ -171,7 +171,7 @@ ioctl if the driver fails to copy data to the user process or if there are no completed CCBs available to retrieve. If no CCBs are available to retrieve, -errno will be set to +errno will be set to .Dv ENOENT . .Pp All other errors will be reported as standard CAM CCB status errors. @@ -180,14 +180,14 @@ Although the .Dv CAMIOGET ioctl is not defined to take an argument, it does require a pointer to a union ccb. -It is not defined to take an argument to avoid an extra malloc and copy -inside the generic +It is not defined to take an argument to avoid an extra malloc and copy +inside the generic .Xr ioctl 2 handler. .Pp The pass driver will report via .Xr select 2 , -.Xr poll 2 +.Xr poll 2 or .Xr kevent 2 when a CCB has completed. diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index e4f2208..4994aab 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,7 +1,7 @@ .\" DO NOT EDIT-- this file is automatically generated. -.\" from FreeBSD: head/tools/build/options/makeman 291414 2015-11-28 00:41:37Z ume +.\" from FreeBSD: head/tools/build/options/makeman 292283 2015-12-15 18:42:30Z bdrewery .\" $FreeBSD$ -.Dd December 8, 2015 +.Dd December 15, 2015 .Dt SRC.CONF 5 .Os .Sh NAME @@ -72,11 +72,14 @@ for the build can be controlled via the variable, which defaults to .Pa /etc/src-env.conf . Some examples that may only be set in this file are -.Va MAKEOBJDIRPREFIX , .Va WITH_DIRDEPS_BUILD , and .Va WITH_META_MODE as they are environment-only variables. +Note that +.Va MAKEOBJDIRPREFIX +may be set here only when using +.Va WITH_DIRDEPS_BUILD . .Pp The values of variables are ignored regardless of their setting; even if they would be set to diff --git a/share/mk/bsd.libnames.mk b/share/mk/bsd.libnames.mk index 596aa0a..d22f99a 100644 --- a/share/mk/bsd.libnames.mk +++ b/share/mk/bsd.libnames.mk @@ -134,6 +134,7 @@ LIBSSP_NONSHARED?= ${DESTDIR}${LIBDIR}/libssp_nonshared.a LIBSTAND?= ${DESTDIR}${LIBDIR}/libstand.a LIBSTDCPLUSPLUS?= ${DESTDIR}${LIBDIR}/libstdc++.a LIBSTDTHREADS?= ${DESTDIR}${LIBDIR}/libstdthreads.a +LIBSYSDECODE?= ${DESTDIR}${LIBDIR}/libsysdecode.a LIBTACPLUS?= ${DESTDIR}${LIBDIR}/libtacplus.a LIBTERMCAP?= ${DESTDIR}${LIBDIR}/libtermcap.a LIBTERMCAPW?= ${DESTDIR}${LIBDIR}/libtermcapw.a diff --git a/share/mk/bsd.snmpmod.mk b/share/mk/bsd.snmpmod.mk index 552f936..ccd57b7 100644 --- a/share/mk/bsd.snmpmod.mk +++ b/share/mk/bsd.snmpmod.mk @@ -16,12 +16,12 @@ ${MOD}_tree.c ${MOD}_tree.h: ${MOD}_tree.def ${EXTRAMIBDEFS} .if defined(DEFS) FILESGROUPS+= DEFS -DEFSDIR= ${SHAREDIR}/snmp/defs +DEFSDIR?= ${SHAREDIR}/snmp/defs .endif .if defined(BMIBS) FILESGROUPS+= BMIBS -BMIBSDIR= ${SHAREDIR}/snmp/mibs +BMIBSDIR?= ${SHAREDIR}/snmp/mibs .endif .include <bsd.lib.mk> diff --git a/share/mk/local.dirdeps.mk b/share/mk/local.dirdeps.mk index 3e08830..ae2c00a6 100644 --- a/share/mk/local.dirdeps.mk +++ b/share/mk/local.dirdeps.mk @@ -129,20 +129,37 @@ DIRDEPS+= lib/msun .if !empty(SRCS:M*.y) DIRDEPS+= usr.bin/yacc.host .endif +# Gather PROGS dependencies +.if !empty(PROGS) +_PROGS_LIBADD= +_PROGS_DPADD= +.for _prog in ${PROGS} +.if !empty(LIBADD.${_prog}) +_PROGS_LIBADD+= ${LIBADD.${_prog}} +.endif +.if !empty(DPADD.${_prog}) +_PROGS_DPADD+= ${DPADD.${_prog}} +.endif +.endfor +.endif # !empty(PROGS) .if !empty(DPADD) # Taken from meta.autodep.mk (where it only does something with # BUILD_AT_LEVEL0, which we don't use). # This only works for DPADD with full OBJ/SRC paths, which is mostly just # _INTERNALLIBS. -_DP_DIRDEPS+= \ - ${DPADD:M${OBJTOP}*:H:tA:C,${OBJTOP}[^/]*/,,:N.:O:u} \ - ${DPADD:M${OBJROOT}*:N${OBJTOP}*:N${STAGE_ROOT}/*:H:S,${OBJROOT},,:C,^([^/]+)/(.*),\2.\1,:S,${HOST_TARGET}$,host,:N.*:O:u} +_DPADD= ${DPADD} ${_PROGS_DPADD} +_DP_DIRDEPS= \ + ${_DPADD:O:u:M${OBJTOP}*:H:N.:tA:C,${OBJTOP}[^/]*/,,:N.:O:u} \ + ${_DPADD:O:u:M${OBJROOT}*:N${OBJTOP}*:N${STAGE_ROOT}/*:H:S,${OBJROOT},,:C,^([^/]+)/(.*),\2.\1,:S,${HOST_TARGET}$,host,:N.*:O:u} # Resolve the paths to RELDIRs +.if !empty(_DP_DIRDEPS) DIRDEPS+= ${_DP_DIRDEPS:C,^,${SRCTOP}/,:tA:C,^${SRCTOP}/,,} .endif +.endif # !empty(DPADD) .if !empty(LIBADD) # Also handle LIBADD for non-internal libraries. -.for _lib in ${LIBADD} +_ALL_LIBADD= ${LIBADD} ${_PROGS_LIBADD} +.for _lib in ${_ALL_LIBADD:O:u} _lib${_lib}reldir= ${LIB${_lib:tu}DIR:C,${OBJTOP}/,,} .if defined(LIB${_lib:tu}DIR) && ${DIRDEPS:M${_lib${_lib}reldir}} == "" && \ exists(${SRCTOP}/${_lib${_lib}reldir}) diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index c77cefa..28c2368 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -148,7 +148,9 @@ _LIBRARIES= \ ssp_nonshared \ stdthreads \ supcplusplus \ + sysdecode \ tacplus \ + termcap \ termcapw \ ufs \ ugidfw \ @@ -346,8 +348,9 @@ DPADD_atf_cxx+= ${DPADD_atf_c} LDADD_atf_cxx+= ${LDADD_atf_c} # Detect LDADD/DPADD that should be LIBADD, before modifying LDADD here. +_BADLDADD= .for _l in ${LDADD:M-l*:N-l*/*:C,^-l,,} -.if ${_LIBRARIES:M${_l}} +.if ${_LIBRARIES:M${_l}} && !${_PRIVATELIBS:M${_l}} _BADLDADD+= ${_l} .endif .endfor @@ -516,6 +519,8 @@ _BADLIBADD+= ${_l} (!defined(_DP_${LIB}) || ${LIBADD:O:u} != ${_DP_${LIB}:O:u}) .error ${.CURDIR}: Missing or incorrect _DP_${LIB} entry in ${_this:T}. Should match LIBADD for ${LIB} ('${LIBADD}' vs '${_DP_${LIB}}') .endif +# Note that OBJTOP is not yet defined here but for the purpose of the check +# it is fine as it resolves to the SRC directory. .if !defined(LIB${LIB:tu}DIR) || !exists(${SRCTOP}/${LIB${LIB:tu}DIR:S,^${OBJTOP}/,,}) .error ${.CURDIR}: Missing or incorrect value for LIB${LIB:tu}DIR in ${_this:T}: ${LIB${LIB:tu}DIR:S,^${OBJTOP}/,,} .endif diff --git a/sys/arm/allwinner/a10_mmc.c b/sys/arm/allwinner/a10_mmc.c index c728e3b..eee1621 100644 --- a/sys/arm/allwinner/a10_mmc.c +++ b/sys/arm/allwinner/a10_mmc.c @@ -883,3 +883,4 @@ static driver_t a10_mmc_driver = { }; DRIVER_MODULE(a10_mmc, simplebus, a10_mmc_driver, a10_mmc_devclass, 0, 0); +DRIVER_MODULE(mmc, a10_mmc, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/amlogic/aml8726/aml8726_mmc.c b/sys/arm/amlogic/aml8726/aml8726_mmc.c index 7d1ef4e..a7cc9c1 100644 --- a/sys/arm/amlogic/aml8726/aml8726_mmc.c +++ b/sys/arm/amlogic/aml8726/aml8726_mmc.c @@ -1098,3 +1098,4 @@ static devclass_t aml8726_mmc_devclass; DRIVER_MODULE(aml8726_mmc, simplebus, aml8726_mmc_driver, aml8726_mmc_devclass, 0, 0); MODULE_DEPEND(aml8726_mmc, aml8726_gpio, 1, 1, 1); +DRIVER_MODULE(mmc, aml8726_mmc, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/amlogic/aml8726/aml8726_sdxc-m8.c b/sys/arm/amlogic/aml8726/aml8726_sdxc-m8.c index a1bb274..fc6a66e 100644 --- a/sys/arm/amlogic/aml8726/aml8726_sdxc-m8.c +++ b/sys/arm/amlogic/aml8726/aml8726_sdxc-m8.c @@ -1377,3 +1377,4 @@ static devclass_t aml8726_sdxc_devclass; DRIVER_MODULE(aml8726_sdxc, simplebus, aml8726_sdxc_driver, aml8726_sdxc_devclass, 0, 0); MODULE_DEPEND(aml8726_sdxc, aml8726_gpio, 1, 1, 1); +DRIVER_MODULE(mmc, aml8726_sdxc, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/arm/pmap-v6-new.c b/sys/arm/arm/pmap-v6-new.c index 2196f91..4e58cf6 100644 --- a/sys/arm/arm/pmap-v6-new.c +++ b/sys/arm/arm/pmap-v6-new.c @@ -1380,14 +1380,6 @@ pmap_tlb_flush_range(pmap_t pmap, vm_offset_t sva, vm_size_t size) tlb_flush_range(sva, size); } -PMAP_INLINE void -pmap_tlb_flush_ng(pmap_t pmap) -{ - - if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active)) - tlb_flush_all_ng(); -} - /* * Abuse the pte2 nodes for unmapped kva to thread a kva freelist through. * Requirements: @@ -2508,8 +2500,13 @@ pmap_unwire_pt2pg(pmap_t pmap, vm_offset_t va, vm_page_t m) KASSERT(m->md.pt2_wirecount[i] == 0, ("%s: pmap %p PT2 %u (PG %p) wired", __func__, pmap, i, m)); opte1 = pte1_load(pte1p); - if (pte1_is_link(opte1)) + if (pte1_is_link(opte1)) { pte1_clear(pte1p); + /* + * Flush intermediate TLB cache. + */ + pmap_tlb_flush(pmap, (m->pindex + i) << PTE1_SHIFT); + } #ifdef INVARIANTS else KASSERT((opte1 == 0) || pte1_is_section(opte1), @@ -2743,7 +2740,6 @@ pmap_pv_reclaim(pmap_t locked_pmap) TAILQ_REMOVE(&pv_chunks, pc, pc_lru); if (pmap != pc->pc_pmap) { if (pmap != NULL) { - pmap_tlb_flush_ng(pmap); if (pmap != locked_pmap) PMAP_UNLOCK(pmap); } @@ -2781,8 +2777,7 @@ pmap_pv_reclaim(pmap_t locked_pmap) KASSERT(tpte2 != 0, ("pmap_pv_reclaim: pmap %p va %#x zero pte", pmap, va)); - if (pte2_is_global(tpte2)) - tlb_flush(va); + pmap_tlb_flush(pmap, va); m = PHYS_TO_VM_PAGE(pte2_pa(tpte2)); if (pte2_is_dirty(tpte2)) vm_page_dirty(m); @@ -2840,7 +2835,6 @@ pmap_pv_reclaim(pmap_t locked_pmap) out: TAILQ_CONCAT(&pv_chunks, &newtail, pc_lru); if (pmap != NULL) { - pmap_tlb_flush_ng(pmap); if (pmap != locked_pmap) PMAP_UNLOCK(pmap); } @@ -3370,18 +3364,16 @@ pmap_remove_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t sva, KASSERT((sva & PTE1_OFFSET) == 0, ("%s: sva is not 1mpage aligned", __func__)); + /* + * Clear and invalidate the mapping. It should occupy one and only TLB + * entry. So, pmap_tlb_flush() called with aligned address should be + * sufficient. + */ opte1 = pte1_load_clear(pte1p); + pmap_tlb_flush(pmap, sva); + if (pte1_is_wired(opte1)) pmap->pm_stats.wired_count -= PTE1_SIZE / PAGE_SIZE; - - /* - * If the mapping was global, invalidate it even if given pmap - * is not active (kernel_pmap is active always). The mapping should - * occupy one and only TLB entry. So, pmap_tlb_flush() called - * with aligned address should be sufficient. - */ - if (pte1_is_global(opte1)) - tlb_flush(sva); pmap->pm_stats.resident_count -= PTE1_SIZE / PAGE_SIZE; if (pte1_is_managed(opte1)) { pvh = pa_to_pvh(pte1_pa(opte1)); @@ -3465,7 +3457,6 @@ pmap_demote_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t va) VM_ALLOC_NORMAL | VM_ALLOC_WIRED)) == NULL) { SLIST_INIT(&free); pmap_remove_pte1(pmap, pte1p, pte1_trunc(va), &free); - pmap_tlb_flush(pmap, pte1_trunc(va)); pmap_free_zero_pages(&free); CTR3(KTR_PMAP, "%s: failure for va %#x in pmap %p", __func__, va, pmap); @@ -3851,17 +3842,15 @@ pmap_remove_pte2(pmap_t pmap, pt2_entry_t *pte2p, vm_offset_t va, rw_assert(&pvh_global_lock, RA_WLOCKED); PMAP_LOCK_ASSERT(pmap, MA_OWNED); + /* Clear and invalidate the mapping. */ opte2 = pte2_load_clear(pte2p); + pmap_tlb_flush(pmap, va); + KASSERT(pte2_is_valid(opte2), ("%s: pmap %p va %#x not link pte2 %#x", __func__, pmap, va, opte2)); + if (opte2 & PTE2_W) pmap->pm_stats.wired_count -= 1; - /* - * If the mapping was global, invalidate it even if given pmap - * is not active (kernel_pmap is active always). - */ - if (pte2_is_global(opte2)) - tlb_flush(va); pmap->pm_stats.resident_count -= 1; if (pte2_is_managed(opte2)) { m = PHYS_TO_VM_PAGE(pte2_pa(opte2)); @@ -3890,7 +3879,6 @@ pmap_remove_page(pmap_t pmap, vm_offset_t va, struct spglist *free) !pte2_is_valid(pte2_load(pte2p))) return; pmap_remove_pte2(pmap, pte2p, va, free); - pmap_tlb_flush(pmap, va); } /* @@ -3906,7 +3894,6 @@ pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva) pt1_entry_t *pte1p, pte1; pt2_entry_t *pte2p, pte2; struct spglist free; - int anyvalid; /* * Perform an unsynchronized read. This is, however, safe. @@ -3914,7 +3901,6 @@ pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva) if (pmap->pm_stats.resident_count == 0) return; - anyvalid = 0; SLIST_INIT(&free); rw_wlock(&pvh_global_lock); @@ -3959,12 +3945,6 @@ pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva) * demote the mapping and fall through. */ if (sva + PTE1_SIZE == nextva && eva >= nextva) { - /* - * The TLB entry for global mapping is - * invalidated by pmap_remove_pte1(). - */ - if (!pte1_is_global(pte1)) - anyvalid = 1; pmap_remove_pte1(pmap, pte1p, sva, &free); continue; } else if (!pmap_demote_pte1(pmap, pte1p, sva)) { @@ -3995,21 +3975,12 @@ pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva) pte2 = pte2_load(pte2p); if (!pte2_is_valid(pte2)) continue; - - /* - * The TLB entry for global mapping is invalidated - * by pmap_remove_pte2(). - */ - if (!pte2_is_global(pte2)) - anyvalid = 1; if (pmap_remove_pte2(pmap, pte2p, sva, &free)) break; } } out: sched_unpin(); - if (anyvalid) - pmap_tlb_flush_ng(pmap); rw_wunlock(&pvh_global_lock); PMAP_UNLOCK(pmap); pmap_free_zero_pages(&free); @@ -4065,6 +4036,7 @@ small_mappings: "a 1mpage in page %p's pv list", __func__, m)); pte2p = pmap_pte2_quick(pmap, pv->pv_va); opte2 = pte2_load_clear(pte2p); + pmap_tlb_flush(pmap, pv->pv_va); KASSERT(pte2_is_valid(opte2), ("%s: pmap %p va %x zero pte2", __func__, pmap, pv->pv_va)); if (pte2_is_wired(opte2)) @@ -4078,7 +4050,6 @@ small_mappings: if (pte2_is_dirty(opte2)) vm_page_dirty(m); pmap_unuse_pt2(pmap, pv->pv_va, &free); - pmap_tlb_flush(pmap, pv->pv_va); TAILQ_REMOVE(&m->md.pv_list, pv, pv_next); free_pv_entry(pmap, pv); PMAP_UNLOCK(pmap); @@ -4254,8 +4225,8 @@ pmap_remove_pages(pmap_t pmap) free_pv_chunk(pc); } } + tlb_flush_all_ng_local(); sched_unpin(); - pmap_tlb_flush_ng(pmap); rw_wunlock(&pvh_global_lock); PMAP_UNLOCK(pmap); pmap_free_zero_pages(&free); @@ -4597,19 +4568,17 @@ pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object, /* * Do the things to protect a 1mpage in a process. */ -static boolean_t +static void pmap_protect_pte1(pmap_t pmap, pt1_entry_t *pte1p, vm_offset_t sva, vm_prot_t prot) { pt1_entry_t npte1, opte1; vm_offset_t eva, va; vm_page_t m; - boolean_t anychanged; PMAP_LOCK_ASSERT(pmap, MA_OWNED); KASSERT((sva & PTE1_OFFSET) == 0, ("%s: sva is not 1mpage aligned", __func__)); - anychanged = FALSE; retry: opte1 = npte1 = pte1_load(pte1p); if (pte1_is_managed(opte1)) { @@ -4633,12 +4602,8 @@ retry: if (npte1 != opte1) { if (!pte1_cmpset(pte1p, opte1, npte1)) goto retry; - if (pte1_is_global(opte1)) - tlb_flush(sva); - else - anychanged = TRUE; + pmap_tlb_flush(pmap, sva); } - return (anychanged); } /* @@ -4648,7 +4613,7 @@ retry: void pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot) { - boolean_t anychanged, pv_lists_locked; + boolean_t pv_lists_locked; vm_offset_t nextva; pt1_entry_t *pte1p, pte1; pt2_entry_t *pte2p, opte2, npte2; @@ -4671,7 +4636,6 @@ resume: rw_wlock(&pvh_global_lock); sched_pin(); } - anychanged = FALSE; PMAP_LOCK(pmap); for (; sva < eva; sva = nextva) { @@ -4698,19 +4662,12 @@ resume: * demote the mapping and fall through. */ if (sva + PTE1_SIZE == nextva && eva >= nextva) { - /* - * The TLB entry for global mapping is - * invalidated by pmap_protect_pte1(). - */ - if (pmap_protect_pte1(pmap, pte1p, sva, prot)) - anychanged = TRUE; + pmap_protect_pte1(pmap, pte1p, sva, prot); continue; } else { if (!pv_lists_locked) { pv_lists_locked = TRUE; if (!rw_try_wlock(&pvh_global_lock)) { - if (anychanged) - pmap_tlb_flush_ng(pmap); PMAP_UNLOCK(pmap); goto resume; } @@ -4773,16 +4730,10 @@ retry: if (!pte2_cmpset(pte2p, opte2, npte2)) goto retry; - - if (pte2_is_global(opte2)) - tlb_flush(sva); - else - anychanged = TRUE; + pmap_tlb_flush(pmap, sva); } } } - if (anychanged) - pmap_tlb_flush_ng(pmap); if (pv_lists_locked) { sched_unpin(); rw_wunlock(&pvh_global_lock); @@ -5289,7 +5240,7 @@ pmap_advise(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, int advice) pt2_entry_t *pte2p, pte2; vm_offset_t pdnxt; vm_page_t m; - boolean_t anychanged, pv_lists_locked; + boolean_t pv_lists_locked; if (advice != MADV_DONTNEED && advice != MADV_FREE) return; @@ -5301,7 +5252,6 @@ resume: rw_wlock(&pvh_global_lock); sched_pin(); } - anychanged = FALSE; PMAP_LOCK(pmap); for (; sva < eva; sva = pdnxt) { pdnxt = pte1_trunc(sva + PTE1_SIZE); @@ -5317,8 +5267,6 @@ resume: if (!pv_lists_locked) { pv_lists_locked = TRUE; if (!rw_try_wlock(&pvh_global_lock)) { - if (anychanged) - pmap_tlb_flush_ng(pmap); PMAP_UNLOCK(pmap); goto resume; } @@ -5343,7 +5291,6 @@ resume: KASSERT(pte2_is_valid(pte2_load(pte2p)), ("%s: invalid PTE2", __func__)); pmap_remove_pte2(pmap, pte2p, sva, NULL); - anychanged = TRUE; } } if (pdnxt > eva) @@ -5369,14 +5316,9 @@ resume: pte2_clear_bit(pte2p, PTE2_A); else continue; - if (pte2_is_global(pte2)) - tlb_flush(sva); - else - anychanged = TRUE; + pmap_tlb_flush(pmap, sva); } } - if (anychanged) - pmap_tlb_flush_ng(pmap); if (pv_lists_locked) { sched_unpin(); rw_wunlock(&pvh_global_lock); diff --git a/sys/arm/arm/trap.c b/sys/arm/arm/trap.c index 9660286..e43ec8e 100644 --- a/sys/arm/arm/trap.c +++ b/sys/arm/arm/trap.c @@ -109,6 +109,8 @@ __FBSDID("$FreeBSD$"); #include <sys/dtrace_bsd.h> #endif +#define ReadWord(a) (*((volatile unsigned int *)(a))) + extern char fusubailout[]; #ifdef DEBUG diff --git a/sys/arm/at91/at91_mci.c b/sys/arm/at91/at91_mci.c index 5d426cf..8e55e02 100644 --- a/sys/arm/at91/at91_mci.c +++ b/sys/arm/at91/at91_mci.c @@ -1412,3 +1412,4 @@ DRIVER_MODULE(at91_mci, simplebus, at91_mci_driver, at91_mci_devclass, NULL, DRIVER_MODULE(at91_mci, atmelarm, at91_mci_driver, at91_mci_devclass, NULL, NULL); #endif +DRIVER_MODULE(mmc, at91_mci, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/broadcom/bcm2835/bcm2835_sdhci.c b/sys/arm/broadcom/bcm2835/bcm2835_sdhci.c index ace3d74..e5c7ad5 100644 --- a/sys/arm/broadcom/bcm2835/bcm2835_sdhci.c +++ b/sys/arm/broadcom/bcm2835/bcm2835_sdhci.c @@ -675,3 +675,4 @@ static driver_t bcm_sdhci_driver = { DRIVER_MODULE(sdhci_bcm, simplebus, bcm_sdhci_driver, bcm_sdhci_devclass, 0, 0); MODULE_DEPEND(sdhci_bcm, sdhci, 1, 1, 1); +DRIVER_MODULE(mmc, sdhci_bcm, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/conf/NOTES b/sys/arm/conf/NOTES index 238cc1b..63912e1 100644 --- a/sys/arm/conf/NOTES +++ b/sys/arm/conf/NOTES @@ -58,6 +58,7 @@ nooptions SMP nooptions MAXCPU nooptions COMPAT_FREEBSD4 +nooption PPC_PROBE_CHIPSET nodevice fdc nodevice sym diff --git a/sys/arm/freescale/imx/imx_sdhci.c b/sys/arm/freescale/imx/imx_sdhci.c index 290a031..6acc86e 100644 --- a/sys/arm/freescale/imx/imx_sdhci.c +++ b/sys/arm/freescale/imx/imx_sdhci.c @@ -827,4 +827,4 @@ static driver_t imx_sdhci_driver = { DRIVER_MODULE(sdhci_imx, simplebus, imx_sdhci_driver, imx_sdhci_devclass, 0, 0); MODULE_DEPEND(sdhci_imx, sdhci, 1, 1, 1); - +DRIVER_MODULE(mmc, sdhci_imx, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/include/cpufunc.h b/sys/arm/include/cpufunc.h index e8ba3b2..8bbb1dd 100644 --- a/sys/arm/include/cpufunc.h +++ b/sys/arm/include/cpufunc.h @@ -49,7 +49,6 @@ #include <sys/types.h> #include <machine/armreg.h> #include <machine/cpuconf.h> -#include <machine/katelib.h> /* For in[bwl] and out[bwl] */ static __inline void breakpoint(void) diff --git a/sys/arm/include/katelib.h b/sys/arm/include/katelib.h deleted file mode 100644 index 472585a..0000000 --- a/sys/arm/include/katelib.h +++ /dev/null @@ -1,103 +0,0 @@ -/* $NetBSD: katelib.h,v 1.3 2001/11/23 19:21:48 thorpej Exp $ */ - -/*- - * Copyright (c) 1994-1996 Mark Brinicombe. - * Copyright (c) 1994 Brini. - * All rights reserved. - * - * This code is derived from software written for Brini by Mark Brinicombe - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Brini. - * 4. The name of the company nor the name of the author may be used to - * endorse or promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * RiscBSD kernel project - * - * katelib.h - * - * Prototypes for machine specific functions. Most of these - * could be inlined. - * - * This should not really be a separate header file. Eventually I will merge - * this into other header files once I have decided where the declarations - * should go. - * - * Created : 18/09/94 - * - * Based on kate/katelib/prototypes.h - * - * $FreeBSD$ - */ - -/* - * USE OF THIS FILE IS DEPRECATED - */ - -#ifndef _MACHINE_KATELIB_H_ -#define _MACHINE_KATELIB_H_ -#include <sys/types.h> -#include <machine/cpufunc.h> - -#ifdef _KERNEL - -/* Assembly modules */ - -/* In blockio.S */ -#include <machine/blockio.h> - -/* Macros for reading and writing words, shorts, bytes */ - -#define WriteWord(a, b) \ -*((volatile unsigned int *)(a)) = (b) - -#define ReadWord(a) \ -(*((volatile unsigned int *)(a))) - -#define WriteShort(a, b) \ -*((volatile unsigned int *)(a)) = ((b) | ((b) << 16)) - -#define ReadShort(a) \ -((*((volatile unsigned int *)(a))) & 0xffff) - -#define WriteByte(a, b) \ -*((volatile unsigned char *)(a)) = (b) - -#define ReadByte(a) \ -(*((volatile unsigned char *)(a))) - -/* Define in/out macros */ - -#define inb(port) ReadByte((port)) -#define outb(port, byte) WriteByte((port), (byte)) -#define inw(port) ReadShort((port)) -#define outw(port, word) WriteShort((port), (word)) -#define inl(port) ReadWord((port)) -#define outl(port, lword) WriteWord((port), (lword)) - -#endif - -#endif /* !_MACHINE_KATELIB_H_ */ -/* End of katelib.h */ diff --git a/sys/arm/include/pmap-v6.h b/sys/arm/include/pmap-v6.h index d2ea3bb..2b254f0 100644 --- a/sys/arm/include/pmap-v6.h +++ b/sys/arm/include/pmap-v6.h @@ -196,7 +196,6 @@ void pmap_set_pcb_pagedir(pmap_t , struct pcb *); void pmap_tlb_flush(pmap_t , vm_offset_t ); void pmap_tlb_flush_range(pmap_t , vm_offset_t , vm_size_t ); -void pmap_tlb_flush_ng(pmap_t ); void pmap_dcache_wb_range(vm_paddr_t , vm_size_t , vm_memattr_t ); diff --git a/sys/arm/lpc/lpc_mmc.c b/sys/arm/lpc/lpc_mmc.c index 5dc6722..ad3b6aa 100644 --- a/sys/arm/lpc/lpc_mmc.c +++ b/sys/arm/lpc/lpc_mmc.c @@ -775,3 +775,4 @@ static driver_t lpc_mmc_driver = { }; DRIVER_MODULE(lpcmmc, simplebus, lpc_mmc_driver, lpc_mmc_devclass, 0, 0); +DRIVER_MODULE(mmc, lpcmmc, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm/ti/ti_sdhci.c b/sys/arm/ti/ti_sdhci.c index bc0880d..6c310b6 100644 --- a/sys/arm/ti/ti_sdhci.c +++ b/sys/arm/ti/ti_sdhci.c @@ -721,3 +721,4 @@ static driver_t ti_sdhci_driver = { DRIVER_MODULE(sdhci_ti, simplebus, ti_sdhci_driver, ti_sdhci_devclass, 0, 0); MODULE_DEPEND(sdhci_ti, sdhci, 1, 1, 1); +DRIVER_MODULE(mmc, sdhci_ti, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/arm64/arm64/exception.S b/sys/arm64/arm64/exception.S index 9ca9685..c5a358b 100644 --- a/sys/arm64/arm64/exception.S +++ b/sys/arm64/arm64/exception.S @@ -90,15 +90,19 @@ __FBSDID("$FreeBSD$"); ldp x14, x15, [sp, #(TF_X + 14 * 8)] ldp x16, x17, [sp, #(TF_X + 16 * 8)] .if \el == 0 + /* + * We only restore the callee saved registers when returning to + * userland as they may have been updated by a system call or signal. + */ ldp x18, x19, [sp, #(TF_X + 18 * 8)] -.else - ldr x19, [sp, #(TF_X + 19 * 8)] -.endif ldp x20, x21, [sp, #(TF_X + 20 * 8)] ldp x22, x23, [sp, #(TF_X + 22 * 8)] ldp x24, x25, [sp, #(TF_X + 24 * 8)] ldp x26, x27, [sp, #(TF_X + 26 * 8)] ldp x28, x29, [sp, #(TF_X + 28 * 8)] +.else + ldr x29, [sp, #(TF_X + 29 * 8)] +.endif .if \el == 0 add sp, sp, #(TF_SIZE + 16) .else diff --git a/sys/arm64/arm64/gic.c b/sys/arm64/arm64/gic.c index 7ac88f3..812f64e 100644 --- a/sys/arm64/arm64/gic.c +++ b/sys/arm64/arm64/gic.c @@ -432,6 +432,39 @@ gicv2m_alloc_msix(device_t dev, device_t pci_dev, int *pirq) } static int +gicv2m_alloc_msi(device_t dev, device_t pci_dev, int count, int *irqs) +{ + struct arm_gic_softc *psc; + struct gicv2m_softc *sc; + uint32_t reg; + int i, irq; + + psc = device_get_softc(device_get_parent(dev)); + sc = device_get_softc(dev); + + mtx_lock(&sc->sc_mutex); + KASSERT(sc->sc_spi_offset + count <= sc->sc_spi_count, + ("No free SPIs for %d MSI interrupts", count)); + + /* Find an unused interrupt */ + for (i = 0; i < count; i++) { + irq = sc->sc_spi_start + sc->sc_spi_offset; + sc->sc_spi_offset++; + + /* Interrupts need to be edge triggered, set this */ + reg = gic_d_read_4(psc, GICD_ICFGR(irq >> 4)); + reg |= (GICD_ICFGR_TRIG_EDGE | GICD_ICFGR_POL_HIGH) << + ((irq & 0xf) * 2); + gic_d_write_4(psc, GICD_ICFGR(irq >> 4), reg); + + irqs[i] = irq; + } + mtx_unlock(&sc->sc_mutex); + + return (0); +} + +static int gicv2m_map_msi(device_t dev, device_t pci_dev, int irq, uint64_t *addr, uint32_t *data) { @@ -448,8 +481,9 @@ static device_method_t arm_gicv2m_methods[] = { DEVMETHOD(device_probe, gicv2m_probe), DEVMETHOD(device_attach, gicv2m_attach), - /* MSI-X */ + /* MSI/MSI-X */ DEVMETHOD(pic_alloc_msix, gicv2m_alloc_msix), + DEVMETHOD(pic_alloc_msi, gicv2m_alloc_msi), DEVMETHOD(pic_map_msi, gicv2m_map_msi), { 0, 0 } diff --git a/sys/boot/uboot/common/main.c b/sys/boot/uboot/common/main.c index 28cbbd5..3071426 100644 --- a/sys/boot/uboot/common/main.c +++ b/sys/boot/uboot/common/main.c @@ -573,17 +573,41 @@ enum ubenv_action { static void handle_uboot_env_var(enum ubenv_action action, const char * var) { - const char * val; - char ubv[128]; + char ldvar[128]; + const char *val; + char *wrk; + int len; + + /* + * On an import with the variable name formatted as ldname=ubname, + * import the uboot variable ubname into the loader variable ldname, + * otherwise the historical behavior is to import to uboot.ubname. + */ + if (action == UBENV_IMPORT) { + len = strcspn(var, "="); + if (var[len] == 0) { + strcpy(ldvar, "uboot."); + strncat(ldvar, var, sizeof(ldvar) - 7); + } else { + len = MIN(len, sizeof(ldvar) - 1); + strncpy(ldvar, var, len); + ldvar[len] = 0; + var = &var[len + 1]; + } + } /* * If the user prepended "uboot." (which is how they usually see these * names) strip it off as a convenience. */ if (strncmp(var, "uboot.", 6) == 0) { - snprintf(ubv, sizeof(ubv), "%s", &var[6]); - var = ubv; + var = &var[6]; } + + /* If ldvar is malformed or there's no variable name left, punt. */ + if (ldvar[0] == 0 || var[0] == 0) + return; + val = ub_env_get(var); if (action == UBENV_SHOW) { if (val == NULL) @@ -592,8 +616,7 @@ handle_uboot_env_var(enum ubenv_action action, const char * var) printf("uboot.%s=%s\n", var, val); } else if (action == UBENV_IMPORT) { if (val != NULL) { - snprintf(ubv, sizeof(ubv), "uboot.%s", var); - setenv(ubv, val, 1); + setenv(ldvar, val, 1); } } } diff --git a/sys/conf/options b/sys/conf/options index bbe692f..65932b8 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -112,6 +112,7 @@ GEOM_LINUX_LVM opt_geom.h GEOM_MAP opt_geom.h GEOM_MBR opt_geom.h GEOM_MIRROR opt_geom.h +GEOM_MOUNTVER opt_geom.h GEOM_MULTIPATH opt_geom.h GEOM_NOP opt_geom.h GEOM_PART_APM opt_geom.h diff --git a/sys/dev/atkbdc/psm.c b/sys/dev/atkbdc/psm.c index b034ef7..0103baf 100644 --- a/sys/dev/atkbdc/psm.c +++ b/sys/dev/atkbdc/psm.c @@ -2841,6 +2841,7 @@ proc_synaptics(struct psm_softc *sc, packetbuf_t *pb, mousestatus_t *ms, int two_finger_scroll; int len, weight_prev_x, weight_prev_y; int div_max_x, div_max_y, div_x, div_y; + int exiting_scroll; /* Read sysctl. */ /* XXX Verify values? */ @@ -2867,6 +2868,8 @@ proc_synaptics(struct psm_softc *sc, packetbuf_t *pb, mousestatus_t *ms, vscroll_ver_area = sc->syninfo.vscroll_ver_area; two_finger_scroll = sc->syninfo.two_finger_scroll; + exiting_scroll = 0; + /* Palm detection. */ if (!( ((sc->synhw.capMultiFinger || @@ -3068,8 +3071,10 @@ proc_synaptics(struct psm_softc *sc, packetbuf_t *pb, mousestatus_t *ms, * Reset two finger scrolling when the number of fingers * is different from two. */ - if (two_finger_scroll && w != 0) + if (two_finger_scroll && w != 0 && synaction->in_vscroll != 0) { synaction->in_vscroll = 0; + exiting_scroll = 1; + } VLOG(5, (LOG_DEBUG, "synaptics: virtual scrolling: %s " @@ -3177,6 +3182,10 @@ proc_synaptics(struct psm_softc *sc, packetbuf_t *pb, mousestatus_t *ms, /* The pointer is not moved. */ *x = *y = 0; } else { + /* On exit the x/y pos may jump, ignore this */ + if (exiting_scroll) + *x = *y = 0; + VLOG(3, (LOG_DEBUG, "synaptics: [%d, %d] -> [%d, %d]\n", dx, dy, *x, *y)); } diff --git a/sys/dev/etherswitch/arswitch/arswitch_9340.c b/sys/dev/etherswitch/arswitch/arswitch_9340.c index 4de76e2..7754335 100644 --- a/sys/dev/etherswitch/arswitch/arswitch_9340.c +++ b/sys/dev/etherswitch/arswitch/arswitch_9340.c @@ -154,10 +154,10 @@ ar9340_hw_global_setup(struct arswitch_softc *sc) arswitch_modifyreg(sc->sc_dev, AR934X_REG_OPER_MODE1, AR934X_REG_OPER_MODE1_PHY4_MII_EN, AR934X_REG_OPER_MODE1_PHY4_MII_EN); - sc->info.es_nports = 4; + sc->info.es_nports = 5; } else { device_printf(sc->sc_dev, "%s: PHY4 - Local\n", __func__); - sc->info.es_nports = 5; + sc->info.es_nports = 6; } /* Settle time */ diff --git a/sys/dev/hyperv/utilities/hv_kvp.c b/sys/dev/hyperv/utilities/hv_kvp.c index 4598510..58d565c4 100644 --- a/sys/dev/hyperv/utilities/hv_kvp.c +++ b/sys/dev/hyperv/utilities/hv_kvp.c @@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$"); #include <sys/reboot.h> #include <sys/lock.h> #include <sys/taskqueue.h> +#include <sys/selinfo.h> #include <sys/sysctl.h> #include <sys/poll.h> #include <sys/proc.h> @@ -114,6 +115,8 @@ static struct cdev *hv_kvp_dev; static struct hv_kvp_msg *hv_kvp_dev_buf; struct proc *daemon_task; +static struct selinfo hv_kvp_selinfo; + /* * Global state to track and synchronize multiple * KVP transaction requests from the host. @@ -628,6 +631,9 @@ hv_kvp_send_msg_to_daemon(void) /* Send the msg to user via function deamon_read - setting sema */ sema_post(&kvp_globals.dev_sema); + + /* We should wake up the daemon, in case it's doing poll() */ + selwakeup(&hv_kvp_selinfo); } @@ -940,7 +946,7 @@ hv_kvp_dev_daemon_write(struct cdev *dev __unused, struct uio *uio, int ioflag _ * for daemon to read. */ static int -hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td __unused) +hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td) { int revents = 0; @@ -953,6 +959,9 @@ hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td */ if (kvp_globals.daemon_busy == true) revents = POLLIN; + else + selrecord(td, &hv_kvp_selinfo); + mtx_unlock(&kvp_globals.pending_mutex); return (revents); diff --git a/sys/dev/ioat/ioat.c b/sys/dev/ioat/ioat.c index c5ad746..12a6fe4 100644 --- a/sys/dev/ioat/ioat.c +++ b/sys/dev/ioat/ioat.c @@ -404,6 +404,11 @@ ioat3_attach(device_t device) xfercap = ioat_read_xfercap(ioat); ioat->max_xfer_size = 1 << xfercap; + ioat->intrdelay_supported = (ioat_read_2(ioat, IOAT_INTRDELAY_OFFSET) & + IOAT_INTRDELAY_SUPPORTED) != 0; + if (ioat->intrdelay_supported) + ioat->intrdelay_max = IOAT_INTRDELAY_US_MASK; + /* TODO: need to check DCA here if we ever do XOR/PQ */ mtx_init(&ioat->submit_lock, "ioat_submit", NULL, MTX_DEF); @@ -588,6 +593,7 @@ ioat_interrupt_handler(void *arg) { struct ioat_softc *ioat = arg; + ioat->stats.interrupts++; ioat_process_events(ioat); } @@ -649,6 +655,8 @@ ioat_process_events(struct ioat_softc *ioat) ioat_timer_callback, ioat); } + ioat->stats.descriptors_processed += completed; + out: ioat_write_chanctrl(ioat, IOAT_CHANCTRL_RUN); mtx_unlock(&ioat->cleanup_lock); @@ -659,6 +667,8 @@ out: if (!is_ioat_halted(comp_update)) return; + ioat->stats.channel_halts++; + /* * Fatal programming error on this DMA channel. Flush any outstanding * work with error status and restart the engine. @@ -670,6 +680,7 @@ out: chanerr = ioat_read_4(ioat, IOAT_CHANERR_OFFSET); ioat_halted_debug(ioat, chanerr); + ioat->stats.last_halt_chanerr = chanerr; while (ioat_get_active(ioat) > 0) { desc = ioat_get_ring_entry(ioat, ioat->tail); @@ -682,6 +693,8 @@ out: ioat_putn_locked(ioat, 1, IOAT_ACTIVE_DESCR_REF); ioat->tail++; + ioat->stats.descriptors_processed++; + ioat->stats.descriptors_error++; } /* Clear error status */ @@ -722,6 +735,32 @@ ioat_put_dmaengine(bus_dmaengine_t dmaengine) ioat_put(ioat, IOAT_DMAENGINE_REF); } +int +ioat_set_interrupt_coalesce(bus_dmaengine_t dmaengine, uint16_t delay) +{ + struct ioat_softc *ioat; + + ioat = to_ioat_softc(dmaengine); + if (!ioat->intrdelay_supported) + return (ENODEV); + if (delay > ioat->intrdelay_max) + return (ERANGE); + + ioat_write_2(ioat, IOAT_INTRDELAY_OFFSET, delay); + ioat->cached_intrdelay = + ioat_read_2(ioat, IOAT_INTRDELAY_OFFSET) & IOAT_INTRDELAY_US_MASK; + return (0); +} + +uint16_t +ioat_get_max_coalesce_period(bus_dmaengine_t dmaengine) +{ + struct ioat_softc *ioat; + + ioat = to_ioat_softc(dmaengine); + return (ioat->intrdelay_max); +} + void ioat_acquire(bus_dmaengine_t dmaengine) { @@ -1363,6 +1402,8 @@ ioat_submit_single(struct ioat_softc *ioat) callout_reset(&ioat->timer, IOAT_INTR_TIMO, ioat_timer_callback, ioat); } + + ioat->stats.descriptors_submitted++; } static int @@ -1518,6 +1559,36 @@ sysctl_handle_chansts(SYSCTL_HANDLER_ARGS) } static int +sysctl_handle_dpi(SYSCTL_HANDLER_ARGS) +{ + struct ioat_softc *ioat; + struct sbuf sb; +#define PRECISION "1" + const uintmax_t factor = 10; + uintmax_t rate; + int error; + + ioat = arg1; + sbuf_new_for_sysctl(&sb, NULL, 16, req); + + if (ioat->stats.interrupts == 0) { + sbuf_printf(&sb, "NaN"); + goto out; + } + rate = ioat->stats.descriptors_processed * factor / + ioat->stats.interrupts; + sbuf_printf(&sb, "%ju.%." PRECISION "ju", rate / factor, + rate % factor); +#undef PRECISION +out: + error = sbuf_finish(&sb); + sbuf_delete(&sb); + if (error != 0 || req->newptr == NULL) + return (error); + return (EINVAL); +} + +static int sysctl_handle_error(SYSCTL_HANDLER_ARGS) { struct ioat_descriptor *desc; @@ -1587,9 +1658,9 @@ dump_descriptor(void *hw_desc) static void ioat_setup_sysctl(device_t device) { - struct sysctl_oid_list *par; + struct sysctl_oid_list *par, *statpar, *state, *hammer; struct sysctl_ctx_list *ctx; - struct sysctl_oid *tree; + struct sysctl_oid *tree, *tmp; struct ioat_softc *ioat; ioat = DEVICE2SOFTC(device); @@ -1601,37 +1672,82 @@ ioat_setup_sysctl(device_t device) &ioat->version, 0, "HW version (0xMM form)"); SYSCTL_ADD_UINT(ctx, par, OID_AUTO, "max_xfer_size", CTLFLAG_RD, &ioat->max_xfer_size, 0, "HW maximum transfer size"); + SYSCTL_ADD_INT(ctx, par, OID_AUTO, "intrdelay_supported", CTLFLAG_RD, + &ioat->intrdelay_supported, 0, "Is INTRDELAY supported"); + SYSCTL_ADD_U16(ctx, par, OID_AUTO, "intrdelay_max", CTLFLAG_RD, + &ioat->intrdelay_max, 0, + "Maximum configurable INTRDELAY on this channel (microseconds)"); + + tmp = SYSCTL_ADD_NODE(ctx, par, OID_AUTO, "state", CTLFLAG_RD, NULL, + "IOAT channel internal state"); + state = SYSCTL_CHILDREN(tmp); - SYSCTL_ADD_UINT(ctx, par, OID_AUTO, "ring_size_order", CTLFLAG_RD, + SYSCTL_ADD_UINT(ctx, state, OID_AUTO, "ring_size_order", CTLFLAG_RD, &ioat->ring_size_order, 0, "SW descriptor ring size order"); - SYSCTL_ADD_UINT(ctx, par, OID_AUTO, "head", CTLFLAG_RD, &ioat->head, 0, - "SW descriptor head pointer index"); - SYSCTL_ADD_UINT(ctx, par, OID_AUTO, "tail", CTLFLAG_RD, &ioat->tail, 0, - "SW descriptor tail pointer index"); - SYSCTL_ADD_UINT(ctx, par, OID_AUTO, "hw_head", CTLFLAG_RD, + SYSCTL_ADD_UINT(ctx, state, OID_AUTO, "head", CTLFLAG_RD, &ioat->head, + 0, "SW descriptor head pointer index"); + SYSCTL_ADD_UINT(ctx, state, OID_AUTO, "tail", CTLFLAG_RD, &ioat->tail, + 0, "SW descriptor tail pointer index"); + SYSCTL_ADD_UINT(ctx, state, OID_AUTO, "hw_head", CTLFLAG_RD, &ioat->hw_head, 0, "HW DMACOUNT"); - SYSCTL_ADD_UQUAD(ctx, par, OID_AUTO, "last_completion", CTLFLAG_RD, + SYSCTL_ADD_UQUAD(ctx, state, OID_AUTO, "last_completion", CTLFLAG_RD, ioat->comp_update, "HW addr of last completion"); - SYSCTL_ADD_INT(ctx, par, OID_AUTO, "is_resize_pending", CTLFLAG_RD, + SYSCTL_ADD_INT(ctx, state, OID_AUTO, "is_resize_pending", CTLFLAG_RD, &ioat->is_resize_pending, 0, "resize pending"); - SYSCTL_ADD_INT(ctx, par, OID_AUTO, "is_completion_pending", CTLFLAG_RD, - &ioat->is_completion_pending, 0, "completion pending"); - SYSCTL_ADD_INT(ctx, par, OID_AUTO, "is_reset_pending", CTLFLAG_RD, + SYSCTL_ADD_INT(ctx, state, OID_AUTO, "is_completion_pending", + CTLFLAG_RD, &ioat->is_completion_pending, 0, "completion pending"); + SYSCTL_ADD_INT(ctx, state, OID_AUTO, "is_reset_pending", CTLFLAG_RD, &ioat->is_reset_pending, 0, "reset pending"); - SYSCTL_ADD_INT(ctx, par, OID_AUTO, "is_channel_running", CTLFLAG_RD, + SYSCTL_ADD_INT(ctx, state, OID_AUTO, "is_channel_running", CTLFLAG_RD, &ioat->is_channel_running, 0, "channel running"); - SYSCTL_ADD_PROC(ctx, par, OID_AUTO, "force_hw_reset", + SYSCTL_ADD_PROC(ctx, state, OID_AUTO, "chansts", + CTLTYPE_STRING | CTLFLAG_RD, ioat, 0, sysctl_handle_chansts, "A", + "String of the channel status"); + + SYSCTL_ADD_U16(ctx, state, OID_AUTO, "intrdelay", CTLFLAG_RD, + &ioat->cached_intrdelay, 0, + "Current INTRDELAY on this channel (cached, microseconds)"); + + tmp = SYSCTL_ADD_NODE(ctx, par, OID_AUTO, "hammer", CTLFLAG_RD, NULL, + "Big hammers (mostly for testing)"); + hammer = SYSCTL_CHILDREN(tmp); + + SYSCTL_ADD_PROC(ctx, hammer, OID_AUTO, "force_hw_reset", CTLTYPE_INT | CTLFLAG_RW, ioat, 0, sysctl_handle_reset, "I", "Set to non-zero to reset the hardware"); - SYSCTL_ADD_PROC(ctx, par, OID_AUTO, "force_hw_error", + SYSCTL_ADD_PROC(ctx, hammer, OID_AUTO, "force_hw_error", CTLTYPE_INT | CTLFLAG_RW, ioat, 0, sysctl_handle_error, "I", "Set to non-zero to inject a recoverable hardware error"); - SYSCTL_ADD_PROC(ctx, par, OID_AUTO, "chansts", - CTLTYPE_STRING | CTLFLAG_RD, ioat, 0, sysctl_handle_chansts, "A", - "String of the channel status"); + + tmp = SYSCTL_ADD_NODE(ctx, par, OID_AUTO, "stats", CTLFLAG_RD, NULL, + "IOAT channel statistics"); + statpar = SYSCTL_CHILDREN(tmp); + + SYSCTL_ADD_UQUAD(ctx, statpar, OID_AUTO, "interrupts", CTLFLAG_RW, + &ioat->stats.interrupts, + "Number of interrupts processed on this channel"); + SYSCTL_ADD_UQUAD(ctx, statpar, OID_AUTO, "descriptors", CTLFLAG_RW, + &ioat->stats.descriptors_processed, + "Number of descriptors processed on this channel"); + SYSCTL_ADD_UQUAD(ctx, statpar, OID_AUTO, "submitted", CTLFLAG_RW, + &ioat->stats.descriptors_submitted, + "Number of descriptors submitted to this channel"); + SYSCTL_ADD_UQUAD(ctx, statpar, OID_AUTO, "errored", CTLFLAG_RW, + &ioat->stats.descriptors_error, + "Number of descriptors failed by channel errors"); + SYSCTL_ADD_U32(ctx, statpar, OID_AUTO, "halts", CTLFLAG_RW, + &ioat->stats.channel_halts, 0, + "Number of times the channel has halted"); + SYSCTL_ADD_U32(ctx, statpar, OID_AUTO, "last_halt_chanerr", CTLFLAG_RW, + &ioat->stats.last_halt_chanerr, 0, + "The raw CHANERR when the channel was last halted"); + + SYSCTL_ADD_PROC(ctx, statpar, OID_AUTO, "desc_per_interrupt", + CTLTYPE_STRING | CTLFLAG_RD, ioat, 0, sysctl_handle_dpi, "A", + "Descriptors per interrupt"); } static inline struct ioat_softc * diff --git a/sys/dev/ioat/ioat.h b/sys/dev/ioat/ioat.h index 8174ce8..5c64af1 100644 --- a/sys/dev/ioat/ioat.h +++ b/sys/dev/ioat/ioat.h @@ -61,6 +61,28 @@ bus_dmaengine_t ioat_get_dmaengine(uint32_t channel_index); void ioat_put_dmaengine(bus_dmaengine_t dmaengine); /* + * Set interrupt coalescing on a DMA channel. + * + * The argument is in microseconds. A zero value disables coalescing. Any + * other value delays interrupt generation for N microseconds to provide + * opportunity to coalesce multiple operations into a single interrupt. + * + * Returns an error status, or zero on success. + * + * - ERANGE if the given value exceeds the delay supported by the hardware. + * (All current hardware supports a maximum of 0x3fff microseconds delay.) + * - ENODEV if the hardware does not support interrupt coalescing. + */ +int ioat_set_interrupt_coalesce(bus_dmaengine_t dmaengine, uint16_t delay); + +/* + * Return the maximum supported coalescing period, for use in + * ioat_set_interrupt_coalesce(). If the hardware does not support coalescing, + * returns zero. + */ +uint16_t ioat_get_max_coalesce_period(bus_dmaengine_t dmaengine); + +/* * Acquire must be called before issuing an operation to perform. Release is * called after. Multiple operations can be issued within the context of one * acquire and release diff --git a/sys/dev/ioat/ioat_hw.h b/sys/dev/ioat/ioat_hw.h index 43c78ca..1aeee2d 100644 --- a/sys/dev/ioat/ioat_hw.h +++ b/sys/dev/ioat/ioat_hw.h @@ -50,6 +50,10 @@ __FBSDID("$FreeBSD$"); #define IOAT_VER_3_3 0x33 #define IOAT_INTRDELAY_OFFSET 0x0C +#define IOAT_INTRDELAY_SUPPORTED (1 << 15) +/* Reserved. (1 << 14) */ +/* [13:0] is the coalesce period, in microseconds. */ +#define IOAT_INTRDELAY_US_MASK ((1 << 14) - 1) #define IOAT_CS_STATUS_OFFSET 0x0E diff --git a/sys/dev/ioat/ioat_internal.h b/sys/dev/ioat/ioat_internal.h index 9a00877..1b24851 100644 --- a/sys/dev/ioat/ioat_internal.h +++ b/sys/dev/ioat/ioat_internal.h @@ -373,6 +373,8 @@ struct ioat_softc { struct resource *pci_resource; uint32_t max_xfer_size; uint32_t capabilities; + uint16_t intrdelay_max; + uint16_t cached_intrdelay; struct resource *res; int rid; @@ -393,6 +395,7 @@ struct ioat_softc { boolean_t is_completion_pending; boolean_t is_reset_pending; boolean_t is_channel_running; + boolean_t intrdelay_supported; uint32_t head; uint32_t tail; @@ -407,6 +410,16 @@ struct ioat_softc { #ifdef INVARIANTS volatile uint32_t refkinds[IOAT_NUM_REF_KINDS]; #endif + + struct { + uint64_t interrupts; + uint64_t descriptors_processed; + uint64_t descriptors_error; + uint64_t descriptors_submitted; + + uint32_t channel_halts; + uint32_t last_halt_chanerr; + } stats; }; void ioat_test_attach(void); diff --git a/sys/dev/ioat/ioat_test.c b/sys/dev/ioat/ioat_test.c index f39786e..ee014c0 100644 --- a/sys/dev/ioat/ioat_test.c +++ b/sys/dev/ioat/ioat_test.c @@ -337,10 +337,11 @@ ioat_test_submit_1_tx(struct ioat_test *test, bus_dmaengine_t dma) static void ioat_dma_test(void *arg) { + struct ioat_softc *ioat; struct ioat_test *test; bus_dmaengine_t dmaengine; uint32_t loops; - int index, rc, start, end; + int index, rc, start, end, error; test = arg; memset(__DEVOLATILE(void *, test->status), 0, sizeof(test->status)); @@ -393,9 +394,10 @@ ioat_dma_test(void *arg) test->status[IOAT_TEST_NO_DMA_ENGINE]++; return; } + ioat = to_ioat_softc(dmaengine); if (test->testkind == IOAT_TEST_FILL && - (to_ioat_softc(dmaengine)->capabilities & IOAT_DMACAP_BFILL) == 0) + (ioat->capabilities & IOAT_DMACAP_BFILL) == 0) { ioat_test_log(0, "Hardware doesn't support block fill, aborting test\n"); @@ -403,6 +405,25 @@ ioat_dma_test(void *arg) goto out; } + if (test->coalesce_period > ioat->intrdelay_max) { + ioat_test_log(0, + "Hardware doesn't support intrdelay of %u us.\n", + (unsigned)test->coalesce_period); + test->status[IOAT_TEST_INVALID_INPUT]++; + goto out; + } + error = ioat_set_interrupt_coalesce(dmaengine, test->coalesce_period); + if (error == ENODEV && test->coalesce_period == 0) + error = 0; + if (error != 0) { + ioat_test_log(0, "ioat_set_interrupt_coalesce: %d\n", error); + test->status[IOAT_TEST_INVALID_INPUT]++; + goto out; + } + + if (test->zero_stats) + memset(&ioat->stats, 0, sizeof(ioat->stats)); + if (test->testkind == IOAT_TEST_RAW_DMA) { if (test->raw_is_virtual) { test->raw_vtarget = (void *)test->raw_target; diff --git a/sys/dev/ioat/ioat_test.h b/sys/dev/ioat/ioat_test.h index 4306b3b..8ef521c 100644 --- a/sys/dev/ioat/ioat_test.h +++ b/sys/dev/ioat/ioat_test.h @@ -75,6 +75,10 @@ struct ioat_test { bool raw_write; bool raw_is_virtual; + bool zero_stats; + /* Configure coalesce period */ + uint16_t coalesce_period; + /* Internal usage -- not test inputs */ TAILQ_HEAD(, test_transaction) free_q; TAILQ_HEAD(, test_transaction) pend_q; diff --git a/sys/dev/isp/isp_pci.c b/sys/dev/isp/isp_pci.c index 9bc9653..d30f6cb 100644 --- a/sys/dev/isp/isp_pci.c +++ b/sys/dev/isp/isp_pci.c @@ -373,11 +373,14 @@ struct isp_pcisoftc { ispsoftc_t pci_isp; device_t pci_dev; struct resource * regs; + struct resource * regs1; struct resource * regs2; void * irq; int iqd; int rtp; int rgd; + int rtp1; + int rgd1; int rtp2; int rgd2; void * ih; @@ -829,6 +832,10 @@ isp_pci_attach(device_t dev) pcs->rgd = PCIR_BAR(0); pcs->regs = bus_alloc_resource_any(dev, pcs->rtp, &pcs->rgd, RF_ACTIVE); + pcs->rtp1 = SYS_RES_MEMORY; + pcs->rgd1 = PCIR_BAR(2); + pcs->regs1 = bus_alloc_resource_any(dev, pcs->rtp1, &pcs->rgd1, + RF_ACTIVE); pcs->rtp2 = SYS_RES_MEMORY; pcs->rgd2 = PCIR_BAR(4); pcs->regs2 = bus_alloc_resource_any(dev, pcs->rtp2, &pcs->rgd2, @@ -936,20 +943,28 @@ isp_pci_attach(device_t dev) data &= ~1; pci_write_config(dev, PCIR_ROMADDR, data, 4); - /* - * Do MSI - * - * NB: MSI-X needs to be disabled for the 2432 (PCI-Express) - */ - if (IS_24XX(isp) || IS_2322(isp)) { - pcs->msicount = pci_msi_count(dev); - if (pcs->msicount > 1) { - pcs->msicount = 1; + if (IS_26XX(isp)) { + /* 26XX chips support only MSI-X, so start from them. */ + pcs->msicount = imin(pci_msix_count(dev), 1); + if (pcs->msicount > 0 && + (i = pci_alloc_msix(dev, &pcs->msicount)) == 0) { + pcs->iqd = 1; + } else { + pcs->msicount = 0; } - if (pci_alloc_msi(dev, &pcs->msicount) == 0) { + } + if (pcs->msicount == 0 && (IS_24XX(isp) || IS_2322(isp))) { + /* + * Older chips support both MSI and MSI-X, but I have + * feeling that older firmware may not support MSI-X, + * but we have no way to check the firmware flag here. + */ + pcs->msicount = imin(pci_msi_count(dev), 1); + if (pcs->msicount > 0 && + pci_alloc_msi(dev, &pcs->msicount) == 0) { pcs->iqd = 1; } else { - pcs->iqd = 0; + pcs->msicount = 0; } } pcs->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &pcs->iqd, RF_ACTIVE | RF_SHAREABLE); @@ -1006,6 +1021,8 @@ bad: } if (pcs->regs) (void) bus_release_resource(dev, pcs->rtp, pcs->rgd, pcs->regs); + if (pcs->regs1) + (void) bus_release_resource(dev, pcs->rtp1, pcs->rgd1, pcs->regs1); if (pcs->regs2) (void) bus_release_resource(dev, pcs->rtp2, pcs->rgd2, pcs->regs2); if (pcs->pci_isp.isp_param) { @@ -1046,6 +1063,8 @@ isp_pci_detach(device_t dev) pci_release_msi(dev); } (void) bus_release_resource(dev, pcs->rtp, pcs->rgd, pcs->regs); + if (pcs->regs1) + (void) bus_release_resource(dev, pcs->rtp1, pcs->rgd1, pcs->regs1); if (pcs->regs2) (void) bus_release_resource(dev, pcs->rtp2, pcs->rgd2, pcs->regs2); /* diff --git a/sys/dev/mmc/bridge.h b/sys/dev/mmc/bridge.h index bd61c15..a26c31e 100644 --- a/sys/dev/mmc/bridge.h +++ b/sys/dev/mmc/bridge.h @@ -54,6 +54,8 @@ #ifndef DEV_MMC_BRIDGE_H #define DEV_MMC_BRIDGE_H +#include <sys/bus.h> + /* * This file defines interfaces for the mmc bridge. The names chosen * are similar to or the same as the names used in Linux to allow for @@ -135,4 +137,7 @@ struct mmc_host { struct mmc_ios ios; /* Current state of the host */ }; +extern driver_t mmc_driver; +extern devclass_t mmc_devclass; + #endif /* DEV_MMC_BRIDGE_H */ diff --git a/sys/dev/mmc/host/dwmmc.c b/sys/dev/mmc/host/dwmmc.c index a80c8f6..5dc0626 100644 --- a/sys/dev/mmc/host/dwmmc.c +++ b/sys/dev/mmc/host/dwmmc.c @@ -1177,4 +1177,4 @@ static devclass_t dwmmc_devclass; DRIVER_MODULE(dwmmc, simplebus, dwmmc_driver, dwmmc_devclass, 0, 0); DRIVER_MODULE(dwmmc, ofwbus, dwmmc_driver, dwmmc_devclass, 0, 0); - +DRIVER_MODULE(mmc, dwmmc, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/dev/mmc/mmc.c b/sys/dev/mmc/mmc.c index bbd72bb..eb76256 100644 --- a/sys/dev/mmc/mmc.c +++ b/sys/dev/mmc/mmc.c @@ -1805,22 +1805,9 @@ static device_method_t mmc_methods[] = { DEVMETHOD_END }; -static driver_t mmc_driver = { +driver_t mmc_driver = { "mmc", mmc_methods, sizeof(struct mmc_softc), }; -static devclass_t mmc_devclass; - -DRIVER_MODULE(mmc, a10_mmc, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, aml8726_mmc, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, aml8726_sdxc, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, at91_mci, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, sdhci_bcm, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, sdhci_fdt, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, sdhci_fsl, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, sdhci_imx, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, sdhci_pci, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, sdhci_ti, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, ti_mmchs, mmc_driver, mmc_devclass, NULL, NULL); -DRIVER_MODULE(mmc, dwmmc, mmc_driver, mmc_devclass, NULL, NULL); +devclass_t mmc_devclass; diff --git a/sys/dev/mpr/mpr_sas_lsi.c b/sys/dev/mpr/mpr_sas_lsi.c index 7d6ef70..b2ffe96 100644 --- a/sys/dev/mpr/mpr_sas_lsi.c +++ b/sys/dev/mpr/mpr_sas_lsi.c @@ -885,7 +885,13 @@ mprsas_get_sas_address_for_sata_disk(struct mpr_softc *sc, ioc_status = le16toh(mpi_reply.IOCStatus) & MPI2_IOCSTATUS_MASK; sas_status = mpi_reply.SASStatus; - if (ioc_status != MPI2_IOCSTATUS_SUCCESS) { + switch (ioc_status) { + case MPI2_IOCSTATUS_SUCCESS: + break; + case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR: + /* No sense sleeping. this error won't get better */ + break; + default: if (sc->spinup_wait_time > 0) { mpr_dprint(sc, MPR_INFO, "Sleeping %d seconds " "after SATA ID error to wait for spinup\n", @@ -894,8 +900,10 @@ mprsas_get_sas_address_for_sata_disk(struct mpr_softc *sc, "mprid", sc->spinup_wait_time * hz); } } - } while (((rc && (rc != EWOULDBLOCK)) || ioc_status || sas_status) && - (try_count < 5)); + } while (((rc && (rc != EWOULDBLOCK)) || + (ioc_status && + (ioc_status != MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR)) + || sas_status) && (try_count < 5)); if (rc == 0 && !ioc_status && !sas_status) { mpr_dprint(sc, MPR_MAPPING, "%s: got SATA identify " diff --git a/sys/dev/mps/mps_sas_lsi.c b/sys/dev/mps/mps_sas_lsi.c index 434663a..268383a 100644 --- a/sys/dev/mps/mps_sas_lsi.c +++ b/sys/dev/mps/mps_sas_lsi.c @@ -794,7 +794,13 @@ mpssas_get_sas_address_for_sata_disk(struct mps_softc *sc, ioc_status = le16toh(mpi_reply.IOCStatus) & MPI2_IOCSTATUS_MASK; sas_status = mpi_reply.SASStatus; - if (ioc_status != MPI2_IOCSTATUS_SUCCESS) { + switch (ioc_status) { + case MPI2_IOCSTATUS_SUCCESS: + break; + case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR: + /* No sense sleeping. this error won't get better */ + break; + default: if (sc->spinup_wait_time > 0) { mps_dprint(sc, MPS_INFO, "Sleeping %d seconds " "after SATA ID error to wait for spinup\n", @@ -803,8 +809,10 @@ mpssas_get_sas_address_for_sata_disk(struct mps_softc *sc, "mpsid", sc->spinup_wait_time * hz); } } - } while (((rc && (rc != EWOULDBLOCK)) || ioc_status || sas_status) && - (try_count < 5)); + } while (((rc && (rc != EWOULDBLOCK)) || + (ioc_status && + (ioc_status != MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR)) + || sas_status) && (try_count < 5)); if (rc == 0 && !ioc_status && !sas_status) { mps_dprint(sc, MPS_MAPPING, "%s: got SATA identify " diff --git a/sys/dev/pci/pci_host_generic.c b/sys/dev/pci/pci_host_generic.c index 04dc8d3..e4260e0 100644 --- a/sys/dev/pci/pci_host_generic.c +++ b/sys/dev/pci/pci_host_generic.c @@ -43,12 +43,15 @@ __FBSDID("$FreeBSD$"); #include <sys/endian.h> #include <sys/cpuset.h> #include <sys/rwlock.h> + #include <dev/ofw/openfirm.h> #include <dev/ofw/ofw_bus.h> #include <dev/ofw/ofw_bus_subr.h> +#include <dev/ofw/ofw_pci.h> #include <dev/pci/pcivar.h> #include <dev/pci/pcireg.h> #include <dev/pci/pcib_private.h> + #include <machine/cpu.h> #include <machine/bus.h> #include <machine/intr.h> @@ -75,8 +78,6 @@ __FBSDID("$FreeBSD$"); #define MIN_RANGES_TUPLES 2 #define PCI_IO_WINDOW_OFFSET 0x1000 -#define PCI_IRQ_START 32 -#define PCI_IRQ_END (PCI_IRQ_START + 4) #define SPACE_CODE_SHIFT 24 #define SPACE_CODE_MASK 0x3 @@ -98,7 +99,6 @@ struct generic_pcie_softc { int nranges; struct rman mem_rman; struct rman io_rman; - struct rman irq_rman; struct resource *res; struct resource *res1; int ecam; @@ -106,6 +106,7 @@ struct generic_pcie_softc { bus_space_handle_t bsh; device_t dev; bus_space_handle_t ioh; + struct ofw_bus_iinfo pci_iinfo; }; /* Forward prototypes */ @@ -216,14 +217,9 @@ generic_pcie_attach(device_t dev) } } - /* TODO: get IRQ numbers from FDT */ - sc->irq_rman.rm_type = RMAN_ARRAY; - sc->irq_rman.rm_descr = "Generic PCIe IRQs"; - if (rman_init(&sc->irq_rman) != 0 || - rman_manage_region(&sc->irq_rman, PCI_IRQ_START, - PCI_IRQ_END) != 0) { - panic("Generic PCI: failed to set up IRQ rman"); - } + ofw_bus_setup_iinfo(ofw_bus_get_node(dev), &sc->pci_iinfo, + sizeof(cell_t)); + device_add_child(dev, "pci", -1); return (bus_generic_attach(dev)); @@ -341,10 +337,6 @@ generic_pcie_read_config(device_t dev, u_int bus, u_int slot, return (~0U); } - if (reg == PCIR_INTLINE) { - data += PCI_IRQ_START; - } - return (data); } @@ -390,6 +382,37 @@ generic_pcie_maxslots(device_t dev) } static int +generic_pcie_route_interrupt(device_t bus, device_t dev, int pin) +{ + struct generic_pcie_softc *sc; + struct ofw_pci_register reg; + uint32_t pintr, mintr[2]; + phandle_t iparent; + int intrcells; + + sc = device_get_softc(bus); + pintr = pin; + + bzero(®, sizeof(reg)); + reg.phys_hi = (pci_get_bus(dev) << OFW_PCI_PHYS_HI_BUSSHIFT) | + (pci_get_slot(dev) << OFW_PCI_PHYS_HI_DEVICESHIFT) | + (pci_get_function(dev) << OFW_PCI_PHYS_HI_FUNCTIONSHIFT); + + intrcells = ofw_bus_lookup_imap(ofw_bus_get_node(dev), + &sc->pci_iinfo, ®, sizeof(reg), &pintr, sizeof(pintr), + mintr, sizeof(mintr), &iparent); + if (intrcells) { + pintr = ofw_bus_map_intr(dev, iparent, intrcells, mintr); + return (pintr); + } + + device_printf(bus, "could not route pin %d for device %d.%d\n", + pin, pci_get_slot(dev), pci_get_function(dev)); + return (PCI_INVALID_IRQ); +} + + +static int generic_pcie_read_ivar(device_t dev, device_t child, int index, uintptr_t *result) { @@ -432,8 +455,6 @@ generic_pcie_rman(struct generic_pcie_softc *sc, int type) return (&sc->io_rman); case SYS_RES_MEMORY: return (&sc->mem_rman); - case SYS_RES_IRQ: - return (&sc->irq_rman); default: break; } @@ -606,9 +627,20 @@ static device_method_t generic_pcie_methods[] = { DEVMETHOD(bus_deactivate_resource, generic_pcie_deactivate_resource), DEVMETHOD(bus_setup_intr, bus_generic_setup_intr), DEVMETHOD(bus_teardown_intr, bus_generic_teardown_intr), + + /* pcib interface */ DEVMETHOD(pcib_maxslots, generic_pcie_maxslots), + DEVMETHOD(pcib_route_interrupt, generic_pcie_route_interrupt), DEVMETHOD(pcib_read_config, generic_pcie_read_config), DEVMETHOD(pcib_write_config, generic_pcie_write_config), +#if defined(__aarch64__) + DEVMETHOD(pcib_alloc_msi, arm_alloc_msi), + DEVMETHOD(pcib_release_msi, arm_release_msi), + DEVMETHOD(pcib_alloc_msix, arm_alloc_msix), + DEVMETHOD(pcib_release_msix, arm_release_msix), + DEVMETHOD(pcib_map_msi, arm_map_msi), +#endif + DEVMETHOD_END }; diff --git a/sys/dev/sdhci/sdhci_fdt.c b/sys/dev/sdhci/sdhci_fdt.c index b89bc61..e49eda8 100644 --- a/sys/dev/sdhci/sdhci_fdt.c +++ b/sys/dev/sdhci/sdhci_fdt.c @@ -307,3 +307,4 @@ static devclass_t sdhci_fdt_devclass; DRIVER_MODULE(sdhci_fdt, simplebus, sdhci_fdt_driver, sdhci_fdt_devclass, NULL, NULL); MODULE_DEPEND(sdhci_fdt, sdhci, 1, 1, 1); +DRIVER_MODULE(mmc, sdhci_fdt, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/dev/sdhci/sdhci_pci.c b/sys/dev/sdhci/sdhci_pci.c index b149bb6..21479bb 100644 --- a/sys/dev/sdhci/sdhci_pci.c +++ b/sys/dev/sdhci/sdhci_pci.c @@ -474,3 +474,4 @@ static devclass_t sdhci_pci_devclass; DRIVER_MODULE(sdhci_pci, pci, sdhci_pci_driver, sdhci_pci_devclass, NULL, NULL); MODULE_DEPEND(sdhci_pci, sdhci, 1, 1, 1); +DRIVER_MODULE(mmc, sdhci_pci, mmc_driver, mmc_devclass, NULL, NULL); diff --git a/sys/dev/usb/wlan/if_urtwn.c b/sys/dev/usb/wlan/if_urtwn.c index 4a967ee..6ca43c3 100644 --- a/sys/dev/usb/wlan/if_urtwn.c +++ b/sys/dev/usb/wlan/if_urtwn.c @@ -182,14 +182,15 @@ static struct ieee80211vap *urtwn_vap_create(struct ieee80211com *, const uint8_t [IEEE80211_ADDR_LEN], const uint8_t [IEEE80211_ADDR_LEN]); static void urtwn_vap_delete(struct ieee80211vap *); -static struct mbuf * urtwn_rx_frame(struct urtwn_softc *, uint8_t *, int, - int *); -static struct mbuf * urtwn_report_intr(struct usb_xfer *, struct urtwn_data *, - int *, int8_t *); -static struct mbuf * urtwn_rxeof(struct urtwn_softc *, uint8_t *, int, - int *, int8_t *); +static struct mbuf * urtwn_rx_copy_to_mbuf(struct urtwn_softc *, + struct r92c_rx_stat *, int); +static struct mbuf * urtwn_report_intr(struct usb_xfer *, + struct urtwn_data *); +static struct mbuf * urtwn_rxeof(struct urtwn_softc *, uint8_t *, int); static void urtwn_r88e_ratectl_tx_complete(struct urtwn_softc *, void *); +static struct ieee80211_node *urtwn_rx_frame(struct urtwn_softc *, + struct mbuf *, int8_t *); static void urtwn_txeof(struct urtwn_softc *, struct urtwn_data *, int); static int urtwn_alloc_list(struct urtwn_softc *, @@ -259,6 +260,7 @@ static int urtwn_key_delete(struct ieee80211vap *, static void urtwn_tsf_task_adhoc(void *, int); static void urtwn_tsf_sync_enable(struct urtwn_softc *, struct ieee80211vap *); +static void urtwn_get_tsf(struct urtwn_softc *, uint64_t *); static void urtwn_set_led(struct urtwn_softc *, int, int); static void urtwn_set_mode(struct urtwn_softc *, uint8_t); static void urtwn_ibss_recv_mgmt(struct ieee80211_node *, @@ -273,6 +275,10 @@ static int8_t urtwn_r88e_get_rssi(struct urtwn_softc *, int, void *); static int urtwn_tx_data(struct urtwn_softc *, struct ieee80211_node *, struct mbuf *, struct urtwn_data *); +static int urtwn_tx_raw(struct urtwn_softc *, + struct ieee80211_node *, struct mbuf *, + struct urtwn_data *, + const struct ieee80211_bpf_params *); static void urtwn_tx_start(struct urtwn_softc *, struct mbuf *, uint8_t, struct urtwn_data *); static int urtwn_transmit(struct ieee80211com *, struct mbuf *); @@ -714,16 +720,13 @@ urtwn_vap_delete(struct ieee80211vap *vap) } static struct mbuf * -urtwn_rx_frame(struct urtwn_softc *sc, uint8_t *buf, int pktlen, int *rssi_p) +urtwn_rx_copy_to_mbuf(struct urtwn_softc *sc, struct r92c_rx_stat *stat, + int totlen) { struct ieee80211com *ic = &sc->sc_ic; - struct ieee80211_frame *wh; struct mbuf *m; - struct r92c_rx_stat *stat; - uint32_t rxdw0, rxdw3; - uint8_t rate, cipher; - int8_t rssi = 0; - int infosz; + uint32_t rxdw0; + int pktlen; /* * don't pass packets to the ieee80211 framework if the driver isn't @@ -732,77 +735,49 @@ urtwn_rx_frame(struct urtwn_softc *sc, uint8_t *buf, int pktlen, int *rssi_p) if (!(sc->sc_flags & URTWN_RUNNING)) return (NULL); - stat = (struct r92c_rx_stat *)buf; rxdw0 = le32toh(stat->rxdw0); - rxdw3 = le32toh(stat->rxdw3); - if (rxdw0 & (R92C_RXDW0_CRCERR | R92C_RXDW0_ICVERR)) { /* * This should not happen since we setup our Rx filter * to not receive these frames. */ - counter_u64_add(ic->ic_ierrors, 1); - return (NULL); - } - if (pktlen < sizeof(struct ieee80211_frame_ack) || - pktlen > MCLBYTES) { - counter_u64_add(ic->ic_ierrors, 1); - return (NULL); + DPRINTFN(6, "RX flags error (%s)\n", + rxdw0 & R92C_RXDW0_CRCERR ? "CRC" : "ICV"); + goto fail; } - rate = MS(rxdw3, R92C_RXDW3_RATE); - cipher = MS(rxdw0, R92C_RXDW0_CIPHER); - infosz = MS(rxdw0, R92C_RXDW0_INFOSZ) * 8; + pktlen = MS(rxdw0, R92C_RXDW0_PKTLEN); + if (pktlen < sizeof(struct ieee80211_frame_ack)) { + DPRINTFN(6, "frame too short: %d\n", pktlen); + goto fail; + } - /* Get RSSI from PHY status descriptor if present. */ - if (infosz != 0 && (rxdw0 & R92C_RXDW0_PHYST)) { - if (sc->chip & URTWN_CHIP_88E) - rssi = urtwn_r88e_get_rssi(sc, rate, &stat[1]); - else - rssi = urtwn_get_rssi(sc, rate, &stat[1]); - /* Update our average RSSI. */ - urtwn_update_avgrssi(sc, rate, rssi); + if (__predict_false(totlen > MCLBYTES)) { + /* convert to m_getjcl if this happens */ + device_printf(sc->sc_dev, "%s: frame too long: %d (%d)\n", + __func__, pktlen, totlen); + goto fail; } m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); - if (m == NULL) { - device_printf(sc->sc_dev, "could not create RX mbuf\n"); - return (NULL); + if (__predict_false(m == NULL)) { + device_printf(sc->sc_dev, "%s: could not allocate RX mbuf\n", + __func__); + goto fail; } /* Finalize mbuf. */ - memcpy(mtod(m, uint8_t *), (uint8_t *)&stat[1] + infosz, pktlen); - m->m_pkthdr.len = m->m_len = pktlen; - wh = mtod(m, struct ieee80211_frame *); - - if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && - cipher != R92C_CAM_ALGO_NONE) { - m->m_flags |= M_WEP; - } - - if (ieee80211_radiotap_active(ic)) { - struct urtwn_rx_radiotap_header *tap = &sc->sc_rxtap; - - tap->wr_flags = 0; - /* Map HW rate index to 802.11 rate. */ - if (!(rxdw3 & R92C_RXDW3_HT)) { - tap->wr_rate = ridx2rate[rate]; - } else if (rate >= 12) { /* MCS0~15. */ - /* Bit 7 set means HT MCS instead of rate. */ - tap->wr_rate = 0x80 | (rate - 12); - } - tap->wr_dbm_antsignal = rssi; - tap->wr_dbm_antnoise = URTWN_NOISE_FLOOR; - } - - *rssi_p = rssi; - + memcpy(mtod(m, uint8_t *), (uint8_t *)stat, totlen); + m->m_pkthdr.len = m->m_len = totlen; + return (m); +fail: + counter_u64_add(ic->ic_ierrors, 1); + return (NULL); } static struct mbuf * -urtwn_report_intr(struct usb_xfer *xfer, struct urtwn_data *data, int *rssi, - int8_t *nf) +urtwn_report_intr(struct usb_xfer *xfer, struct urtwn_data *data) { struct urtwn_softc *sc = data->sc; struct ieee80211com *ic = &sc->sc_ic; @@ -825,7 +800,7 @@ urtwn_report_intr(struct usb_xfer *xfer, struct urtwn_data *data, int *rssi, switch (report_sel) { case R88E_RXDW3_RPT_RX: - return (urtwn_rxeof(sc, buf, len, rssi, nf)); + return (urtwn_rxeof(sc, buf, len)); case R88E_RXDW3_RPT_TX1: urtwn_r88e_ratectl_tx_complete(sc, &stat[1]); break; @@ -834,14 +809,13 @@ urtwn_report_intr(struct usb_xfer *xfer, struct urtwn_data *data, int *rssi, break; } } else - return (urtwn_rxeof(sc, buf, len, rssi, nf)); + return (urtwn_rxeof(sc, buf, len)); return (NULL); } static struct mbuf * -urtwn_rxeof(struct urtwn_softc *sc, uint8_t *buf, int len, int *rssi, - int8_t *nf) +urtwn_rxeof(struct urtwn_softc *sc, uint8_t *buf, int len) { struct r92c_rx_stat *stat; struct mbuf *m, *m0 = NULL, *prevm = NULL; @@ -871,7 +845,7 @@ urtwn_rxeof(struct urtwn_softc *sc, uint8_t *buf, int len, int *rssi, if (totlen > len) break; - m = urtwn_rx_frame(sc, buf, pktlen, rssi); + m = urtwn_rx_copy_to_mbuf(sc, stat, totlen); if (m0 == NULL) m0 = m; if (prevm == NULL) @@ -919,17 +893,86 @@ urtwn_r88e_ratectl_tx_complete(struct urtwn_softc *sc, void *arg) URTWN_NT_UNLOCK(sc); } +static struct ieee80211_node * +urtwn_rx_frame(struct urtwn_softc *sc, struct mbuf *m, int8_t *rssi_p) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211_frame_min *wh; + struct r92c_rx_stat *stat; + uint32_t rxdw0, rxdw3; + uint8_t rate, cipher; + int8_t rssi = URTWN_NOISE_FLOOR + 1; + int infosz; + + stat = mtod(m, struct r92c_rx_stat *); + rxdw0 = le32toh(stat->rxdw0); + rxdw3 = le32toh(stat->rxdw3); + + rate = MS(rxdw3, R92C_RXDW3_RATE); + cipher = MS(rxdw0, R92C_RXDW0_CIPHER); + infosz = MS(rxdw0, R92C_RXDW0_INFOSZ) * 8; + + /* Get RSSI from PHY status descriptor if present. */ + if (infosz != 0 && (rxdw0 & R92C_RXDW0_PHYST)) { + if (sc->chip & URTWN_CHIP_88E) + rssi = urtwn_r88e_get_rssi(sc, rate, &stat[1]); + else + rssi = urtwn_get_rssi(sc, rate, &stat[1]); + /* Update our average RSSI. */ + urtwn_update_avgrssi(sc, rate, rssi); + } + + if (ieee80211_radiotap_active(ic)) { + struct urtwn_rx_radiotap_header *tap = &sc->sc_rxtap; + + tap->wr_flags = 0; + + urtwn_get_tsf(sc, &tap->wr_tsft); + if (__predict_false(le32toh((uint32_t)tap->wr_tsft) < + le32toh(stat->rxdw5))) { + tap->wr_tsft = le32toh(tap->wr_tsft >> 32) - 1; + tap->wr_tsft = (uint64_t)htole32(tap->wr_tsft) << 32; + } else + tap->wr_tsft &= 0xffffffff00000000; + tap->wr_tsft += stat->rxdw5; + + /* Map HW rate index to 802.11 rate. */ + if (!(rxdw3 & R92C_RXDW3_HT)) { + tap->wr_rate = ridx2rate[rate]; + } else if (rate >= 12) { /* MCS0~15. */ + /* Bit 7 set means HT MCS instead of rate. */ + tap->wr_rate = 0x80 | (rate - 12); + } + tap->wr_dbm_antsignal = rssi; + tap->wr_dbm_antnoise = URTWN_NOISE_FLOOR; + } + + *rssi_p = rssi; + + /* Drop descriptor. */ + m_adj(m, sizeof(*stat) + infosz); + wh = mtod(m, struct ieee80211_frame_min *); + + if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && + cipher != R92C_CAM_ALGO_NONE) { + m->m_flags |= M_WEP; + } + + if (m->m_len >= sizeof(*wh)) + return (ieee80211_find_rxnode(ic, wh)); + + return (NULL); +} + static void urtwn_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) { struct urtwn_softc *sc = usbd_xfer_softc(xfer); struct ieee80211com *ic = &sc->sc_ic; - struct ieee80211_frame_min *wh; struct ieee80211_node *ni; struct mbuf *m = NULL, *next; struct urtwn_data *data; - int8_t nf; - int rssi = 1; + int8_t nf, rssi; URTWN_ASSERT_LOCKED(sc); @@ -939,7 +982,7 @@ urtwn_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) if (data == NULL) goto tr_setup; STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); - m = urtwn_report_intr(xfer, data, &rssi, &nf); + m = urtwn_report_intr(xfer, data); STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); /* FALLTHROUGH */ case USB_ST_SETUP: @@ -960,15 +1003,13 @@ tr_setup: * ieee80211_input() because here is at the end of a USB * callback and safe to unlock. */ - URTWN_UNLOCK(sc); while (m != NULL) { next = m->m_next; m->m_next = NULL; - wh = mtod(m, struct ieee80211_frame_min *); - if (m->m_len >= sizeof(*wh)) - ni = ieee80211_find_rxnode(ic, wh); - else - ni = NULL; + + ni = urtwn_rx_frame(sc, m, &rssi); + URTWN_UNLOCK(sc); + nf = URTWN_NOISE_FLOOR; if (ni != NULL) { (void)ieee80211_input(ni, m, rssi - nf, nf); @@ -977,9 +1018,10 @@ tr_setup: (void)ieee80211_input_all(ic, m, rssi - nf, nf); } + + URTWN_LOCK(sc); m = next; } - URTWN_LOCK(sc); break; default: /* needs it to the inactive queue due to a error. */ @@ -2110,6 +2152,12 @@ urtwn_tsf_sync_enable(struct urtwn_softc *sc, struct ieee80211vap *vap) } static void +urtwn_get_tsf(struct urtwn_softc *sc, uint64_t *buf) +{ + urtwn_read_region_1(sc, R92C_TSFTR, (uint8_t *)buf, sizeof(*buf)); +} + +static void urtwn_set_led(struct urtwn_softc *sc, int led, int on) { uint8_t reg; @@ -2162,7 +2210,6 @@ urtwn_ibss_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, (subtype == IEEE80211_FC0_SUBTYPE_BEACON || subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { ni_tstamp = le64toh(ni->ni_tstamp.tsf); -#ifdef D3831 URTWN_LOCK(sc); urtwn_get_tsf(sc, &curr_tstamp); URTWN_UNLOCK(sc); @@ -2170,10 +2217,6 @@ urtwn_ibss_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, if (ni_tstamp >= curr_tstamp) (void) ieee80211_ibss_merge(ni); -#else - (void) sc; - (void) curr_tstamp; -#endif } } @@ -2690,6 +2733,107 @@ urtwn_tx_data(struct urtwn_softc *sc, struct ieee80211_node *ni, return (0); } +static int +urtwn_tx_raw(struct urtwn_softc *sc, struct ieee80211_node *ni, + struct mbuf *m, struct urtwn_data *data, + const struct ieee80211_bpf_params *params) +{ + struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211_key *k = NULL; + struct ieee80211_frame *wh; + struct r92c_tx_desc *txd; + uint8_t cipher, ridx, type; + + /* Encrypt the frame if need be. */ + cipher = R92C_TXDW1_CIPHER_NONE; + if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { + /* Retrieve key for TX. */ + k = ieee80211_crypto_encap(ni, m); + if (k == NULL) + return (ENOBUFS); + + if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) { + switch (k->wk_cipher->ic_cipher) { + case IEEE80211_CIPHER_WEP: + case IEEE80211_CIPHER_TKIP: + cipher = R92C_TXDW1_CIPHER_RC4; + break; + case IEEE80211_CIPHER_AES_CCM: + cipher = R92C_TXDW1_CIPHER_AES; + break; + default: + device_printf(sc->sc_dev, + "%s: unknown cipher %d\n", + __func__, k->wk_cipher->ic_cipher); + return (EINVAL); + } + } + } + + wh = mtod(m, struct ieee80211_frame *); + type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; + + /* Fill Tx descriptor. */ + txd = (struct r92c_tx_desc *)data->buf; + memset(txd, 0, sizeof(*txd)); + + txd->txdw0 |= htole32( + SM(R92C_TXDW0_OFFSET, sizeof(*txd)) | + R92C_TXDW0_OWN | R92C_TXDW0_FSG | R92C_TXDW0_LSG); + if (IEEE80211_IS_MULTICAST(wh->i_addr1)) + txd->txdw0 |= htole32(R92C_TXDW0_BMCAST); + + if (params->ibp_flags & IEEE80211_BPF_RTS) + txd->txdw4 |= htole32(R92C_TXDW4_RTSEN); + if (params->ibp_flags & IEEE80211_BPF_CTS) + txd->txdw4 |= htole32(R92C_TXDW4_CTS2SELF); + if (txd->txdw4 & htole32(R92C_TXDW4_RTSEN | R92C_TXDW4_CTS2SELF)) { + txd->txdw4 |= htole32(R92C_TXDW4_HWRTSEN); + txd->txdw4 |= htole32(SM(R92C_TXDW4_RTSRATE, + URTWN_RIDX_OFDM24)); + } + + if (sc->chip & URTWN_CHIP_88E) + txd->txdw1 |= htole32(SM(R88E_TXDW1_MACID, URTWN_MACID_BC)); + else + txd->txdw1 |= htole32(SM(R92C_TXDW1_MACID, URTWN_MACID_BC)); + + txd->txdw1 |= htole32(SM(R92C_TXDW1_QSEL, R92C_TXDW1_QSEL_MGNT)); + txd->txdw1 |= htole32(SM(R92C_TXDW1_CIPHER, cipher)); + + /* Choose a TX rate index. */ + ridx = rate2ridx(params->ibp_rate0); + txd->txdw5 |= htole32(SM(R92C_TXDW5_DATARATE, ridx)); + txd->txdw5 |= htole32(0x0001ff00); + txd->txdw4 |= htole32(R92C_TXDW4_DRVRATE); + + if (!IEEE80211_QOS_HAS_SEQ(wh)) { + /* Use HW sequence numbering for non-QoS frames. */ + if (sc->chip & URTWN_CHIP_88E) + txd->txdseq = htole16(R88E_TXDSEQ_HWSEQ_EN); + else + txd->txdw4 |= htole32(R92C_TXDW4_HWSEQ_EN); + } else { + /* Set sequence number. */ + txd->txdseq = htole16(M_SEQNO_GET(m) % IEEE80211_SEQ_RANGE); + } + + if (ieee80211_radiotap_active_vap(vap)) { + struct urtwn_tx_radiotap_header *tap = &sc->sc_txtap; + + tap->wt_flags = 0; + if (k != NULL) + tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP; + ieee80211_radiotap_tx(vap, m); + } + + data->ni = ni; + + urtwn_tx_start(sc, m, type, data); + + return (0); +} + static void urtwn_tx_start(struct urtwn_softc *sc, struct mbuf *m, uint8_t type, struct urtwn_data *data) @@ -4592,7 +4736,20 @@ urtwn_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, goto end; } - if ((error = urtwn_tx_data(sc, ni, m, bf)) != 0) { + if (params == NULL) { + /* + * Legacy path; interpret frame contents to decide + * precisely how to send the frame. + */ + error = urtwn_tx_data(sc, ni, m, bf); + } else { + /* + * Caller supplied explicit parameters to use in + * sending the frame. + */ + error = urtwn_tx_raw(sc, ni, m, bf, params); + } + if (error != 0) { STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next); goto end; } diff --git a/sys/dev/usb/wlan/if_urtwnvar.h b/sys/dev/usb/wlan/if_urtwnvar.h index cbb94f9..8eb7fb6 100644 --- a/sys/dev/usb/wlan/if_urtwnvar.h +++ b/sys/dev/usb/wlan/if_urtwnvar.h @@ -33,6 +33,7 @@ struct urtwn_rx_radiotap_header { struct ieee80211_radiotap_header wr_ihdr; + uint64_t wr_tsft; uint8_t wr_flags; uint8_t wr_rate; uint16_t wr_chan_freq; @@ -42,7 +43,8 @@ struct urtwn_rx_radiotap_header { } __packed __aligned(8); #define URTWN_RX_RADIOTAP_PRESENT \ - (1 << IEEE80211_RADIOTAP_FLAGS | \ + (1 << IEEE80211_RADIOTAP_TSFT | \ + 1 << IEEE80211_RADIOTAP_FLAGS | \ 1 << IEEE80211_RADIOTAP_RATE | \ 1 << IEEE80211_RADIOTAP_CHANNEL | \ 1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL | \ @@ -168,7 +170,7 @@ struct urtwn_softc { int, uint8_t, uint32_t); int (*sc_power_on)(struct urtwn_softc *); - struct ieee80211_node *node_list[R88E_MACID_MAX]; + struct ieee80211_node *node_list[R88E_MACID_MAX + 1]; struct mtx nt_mtx; uint8_t board_type; diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index c8b541f..6189d8c 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -1580,11 +1580,14 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) #endif onamelen = namelen = 0; if (name != NULL) { - /* Give a default name of the jid. */ + /* Give a default name of the jid. Also allow the name to be + * explicitly the jid - but not any other number, and only in + * normal form (no leading zero/etc). + */ if (name[0] == '\0') snprintf(name = numbuf, sizeof(numbuf), "%d", jid); - else if (*namelc == '0' || (strtoul(namelc, &p, 10) != jid && - *p == '\0')) { + else if ((strtoul(namelc, &p, 10) != jid || + namelc[0] < '1' || namelc[0] > '9') && *p == '\0') { error = EINVAL; vfs_opterror(opts, "name cannot be numeric (unless it is the jid)"); diff --git a/sys/mips/atheros/apb.c b/sys/mips/atheros/apb.c index 2dc926f..adc3756 100644 --- a/sys/mips/atheros/apb.c +++ b/sys/mips/atheros/apb.c @@ -378,6 +378,8 @@ apb_filter(void *arg) } event = sc->sc_eventstab[irq]; + /* always count interrupts; spurious or otherwise */ + mips_intrcnt_inc(sc->sc_intr_counter[irq]); if (!event || TAILQ_EMPTY(&event->ie_handlers)) { if (irq == APB_INTR_PMC) { td = PCPU_GET(curthread); @@ -385,9 +387,6 @@ apb_filter(void *arg) if (pmc_intr) (*pmc_intr)(PCPU_GET(cpuid), tf); - - mips_intrcnt_inc(sc->sc_intr_counter[irq]); - continue; } /* Ignore timer interrupts */ @@ -397,7 +396,6 @@ apb_filter(void *arg) } intr_event_handle(event, PCPU_GET(curthread)->td_intr_frame); - mips_intrcnt_inc(sc->sc_intr_counter[irq]); } } diff --git a/sys/mips/atheros/if_arge.c b/sys/mips/atheros/if_arge.c index be38167..6a22f3f 100644 --- a/sys/mips/atheros/if_arge.c +++ b/sys/mips/atheros/if_arge.c @@ -885,6 +885,11 @@ arge_attach(device_t dev) /* * Don't do this for the MDIO bus case - it's already done * as part of the MDIO bus attachment. + * + * XXX TODO: if we don't do this, we don't ever release the MAC + * from reset and we can't use the port. Now, if we define ARGE_MDIO + * but we /don't/ define two MDIO busses, then we can't actually + * use both MACs. */ #if !defined(ARGE_MDIO) /* Initialize the MAC block */ diff --git a/sys/mips/atheros/qca953x_chip.c b/sys/mips/atheros/qca953x_chip.c index b6fe7ad..a262a9f 100644 --- a/sys/mips/atheros/qca953x_chip.c +++ b/sys/mips/atheros/qca953x_chip.c @@ -196,7 +196,7 @@ qca953x_chip_set_pll_ge(int unit, int speed, uint32_t pll) ATH_WRITE_REG(QCA953X_PLL_ETH_XMII_CONTROL_REG, pll); break; case 1: - ATH_WRITE_REG(QCA953X_PLL_ETH_SGMII_CONTROL_REG, pll); + /* nothing */ break; default: printf("%s: invalid PLL set for arge unit: %d\n", diff --git a/sys/net/if.c b/sys/net/if.c index b88c05e..177f356 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -126,7 +126,7 @@ SX_SYSINIT(ifdescr_sx, &ifdescr_sx, "ifnet descr"); void (*bridge_linkstate_p)(struct ifnet *ifp); void (*ng_ether_link_state_p)(struct ifnet *ifp, int state); -void (*lagg_linkstate_p)(struct ifnet *ifp, int state); +void (*lagg_linkstate_p)(struct ifnet *ifp); /* These are external hooks for CARP. */ void (*carp_linkstate_p)(struct ifnet *ifp); void (*carp_demote_adj_p)(int, char *); @@ -1984,6 +1984,8 @@ if_unroute(struct ifnet *ifp, int flag, int fam) if (ifp->if_carp) (*carp_linkstate_p)(ifp); + if (ifp->if_lagg) + (*lagg_linkstate_p)(ifp); rt_ifmsg(ifp); } @@ -2005,6 +2007,8 @@ if_route(struct ifnet *ifp, int flag, int fam) pfctlinput(PRC_IFUP, ifa->ifa_addr); if (ifp->if_carp) (*carp_linkstate_p)(ifp); + if (ifp->if_lagg) + (*lagg_linkstate_p)(ifp); rt_ifmsg(ifp); #ifdef INET6 in6_if_up(ifp); @@ -2019,17 +2023,27 @@ int (*vlan_tag_p)(struct ifnet *, uint16_t *); int (*vlan_setcookie_p)(struct ifnet *, void *); void *(*vlan_cookie_p)(struct ifnet *); +void +if_link_state_change(struct ifnet *ifp, int link_state) +{ + + return if_link_state_change_cond(ifp, link_state, 0); +} + /* * Handle a change in the interface link state. To avoid LORs * between driver lock and upper layer locks, as well as possible * recursions, we post event to taskqueue, and all job * is done in static do_link_state_change(). + * + * If the current link state matches link_state and force isn't + * specified no action is taken. */ void -if_link_state_change(struct ifnet *ifp, int link_state) +if_link_state_change_cond(struct ifnet *ifp, int link_state, int force) { - /* Return if state hasn't changed. */ - if (ifp->if_link_state == link_state) + + if (ifp->if_link_state == link_state && !force) return; ifp->if_link_state = link_state; @@ -2057,7 +2071,7 @@ do_link_state_change(void *arg, int pending) if (ifp->if_bridge) (*bridge_linkstate_p)(ifp); if (ifp->if_lagg) - (*lagg_linkstate_p)(ifp, link_state); + (*lagg_linkstate_p)(ifp); if (IS_DEFAULT_VNET(curvnet)) devctl_notify("IFNET", ifp->if_xname, diff --git a/sys/net/if_lagg.c b/sys/net/if_lagg.c index 730a044..6ca3f22 100644 --- a/sys/net/if_lagg.c +++ b/sys/net/if_lagg.c @@ -106,7 +106,7 @@ static int lagg_port_create(struct lagg_softc *, struct ifnet *); static int lagg_port_destroy(struct lagg_port *, int); static struct mbuf *lagg_input(struct ifnet *, struct mbuf *); static void lagg_linkstate(struct lagg_softc *); -static void lagg_port_state(struct ifnet *, int); +static void lagg_port_state(struct ifnet *); static int lagg_port_ioctl(struct ifnet *, u_long, caddr_t); static int lagg_port_output(struct ifnet *, struct mbuf *, const struct sockaddr *, struct route *); @@ -1774,7 +1774,12 @@ lagg_linkstate(struct lagg_softc *sc) break; } } - if_link_state_change(sc->sc_ifp, new_link); + + /* + * Force state change to ensure ifnet_link_event is generated allowing + * protocols to notify other nodes of potential address move. + */ + if_link_state_change_cond(sc->sc_ifp, new_link, 1); /* Update if_baudrate to reflect the max possible speed */ switch (sc->sc_proto) { @@ -1797,7 +1802,7 @@ lagg_linkstate(struct lagg_softc *sc) } static void -lagg_port_state(struct ifnet *ifp, int state) +lagg_port_state(struct ifnet *ifp) { struct lagg_port *lp = (struct lagg_port *)ifp->if_lagg; struct lagg_softc *sc = NULL; @@ -1813,7 +1818,7 @@ lagg_port_state(struct ifnet *ifp, int state) LAGG_WUNLOCK(sc); } -struct lagg_port * +static struct lagg_port * lagg_link_active(struct lagg_softc *sc, struct lagg_port *lp) { struct lagg_port *lp_next, *rval = NULL; diff --git a/sys/net/if_lagg.h b/sys/net/if_lagg.h index 195ac3a..ea59762 100644 --- a/sys/net/if_lagg.h +++ b/sys/net/if_lagg.h @@ -281,7 +281,7 @@ struct lagg_port { #define LAGG_UNLOCK_ASSERT(_sc) rm_assert(&(_sc)->sc_mtx, RA_UNLOCKED) extern struct mbuf *(*lagg_input_p)(struct ifnet *, struct mbuf *); -extern void (*lagg_linkstate_p)(struct ifnet *, int ); +extern void (*lagg_linkstate_p)(struct ifnet *); int lagg_enqueue(struct ifnet *, struct mbuf *); diff --git a/sys/net/if_var.h b/sys/net/if_var.h index 5911cec..2cbd76c 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -500,6 +500,7 @@ struct ifmultiaddr * void if_free(struct ifnet *); void if_initname(struct ifnet *, const char *, int); void if_link_state_change(struct ifnet *, int); +void if_link_state_change_cond(struct ifnet *, int, int); int if_printf(struct ifnet *, const char *, ...) __printflike(2, 3); void if_ref(struct ifnet *); void if_rele(struct ifnet *); diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 72c2a60..2214542 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -107,6 +107,7 @@ VNET_PCPUSTAT_SYSUNINIT(arpstat); #endif /* VIMAGE */ static VNET_DEFINE(int, arp_maxhold) = 1; +static VNET_DEFINE(int, arp_on_link) = 1; #define V_arpt_keep VNET(arpt_keep) #define V_arpt_down VNET(arpt_down) @@ -114,6 +115,7 @@ static VNET_DEFINE(int, arp_maxhold) = 1; #define V_arp_maxtries VNET(arp_maxtries) #define V_arp_proxyall VNET(arp_proxyall) #define V_arp_maxhold VNET(arp_maxhold) +#define V_arp_on_link VNET(arp_on_link) SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(arpt_keep), 0, @@ -136,6 +138,9 @@ SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_log_per_second, CTLFLAG_RW, &arp_maxpps, 0, "Maximum number of remotely triggered ARP messages that can be " "logged per second"); +SYSCTL_INT(_net_link_ether_inet, OID_AUTO, arp_on_link, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(arp_on_link), 0, + "Send gratuitous ARP's on interface link up events"); #define ARP_LOG(pri, ...) do { \ if (ppsratecheck(&arp_lastlog, &arp_curpps, arp_maxpps)) \ @@ -156,6 +161,7 @@ static void arp_mark_lle_reachable(struct llentry *la); static void arp_iflladdr(void *arg __unused, struct ifnet *ifp); static eventhandler_tag iflladdr_tag; +static eventhandler_tag ifnet_link_event_tag; static const struct netisr_handler arp_nh = { .nh_name = "arp", @@ -1176,43 +1182,96 @@ arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) if (ntohl(dst_in->sin_addr.s_addr) == INADDR_ANY) return; - arp_announce_ifaddr(ifp, dst_in->sin_addr, IF_LLADDR(ifp)); + arp_announce_addr(ifp, &dst_in->sin_addr, IF_LLADDR(ifp)); arp_add_ifa_lle(ifp, dst); } -void -arp_announce_ifaddr(struct ifnet *ifp, struct in_addr addr, u_char *enaddr) +void __noinline +arp_announce_addr(struct ifnet *ifp, const struct in_addr *addr, u_char *enaddr) { - if (ntohl(addr.s_addr) != INADDR_ANY) - arprequest(ifp, &addr, &addr, enaddr); + if (ntohl(addr->s_addr) != INADDR_ANY) + arprequest(ifp, addr, addr, enaddr); } /* - * Sends gratuitous ARPs for each ifaddr to notify other - * nodes about the address change. + * Send gratuitous ARPs for all interfaces addresses to notify other nodes of + * changes. + * + * This is a noop if the interface isn't up or has been flagged for no ARP. */ -static __noinline void -arp_handle_ifllchange(struct ifnet *ifp) +void __noinline +arp_announce(struct ifnet *ifp) { + int i, cnt, entries; + u_char *lladdr; struct ifaddr *ifa; + struct in_addr *addr, *head; + + if (!(ifp->if_flags & IFF_UP) || (ifp->if_flags & IFF_NOARP)) + return; + + entries = 8; + cnt = 0; + head = malloc(sizeof(*addr) * entries, M_TEMP, M_NOWAIT); + if (head == NULL) { + log(LOG_INFO, "arp_announce: malloc %d entries failed\n", + entries); + return; + } + /* Take a copy then process to avoid locking issues. */ + IF_ADDR_RLOCK(ifp); TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { - if (ifa->ifa_addr->sa_family == AF_INET) - arp_ifinit(ifp, ifa); + if (ifa->ifa_addr->sa_family != AF_INET) + continue; + + if (cnt == entries) { + addr = (struct in_addr *)realloc(head, sizeof(*addr) * + (entries + 8), M_TEMP, M_NOWAIT); + if (addr == NULL) { + log(LOG_INFO, "arp_announce: realloc to %d " + "entries failed\n", entries + 8); + /* Process what we have. */ + break; + } + entries += 8; + head = addr; + } + + addr = head + cnt; + bcopy(IFA_IN(ifa), addr, sizeof(*addr)); + cnt++; } + IF_ADDR_RUNLOCK(ifp); + + lladdr = IF_LLADDR(ifp); + for (i = 0; i < cnt; i++) { + arp_announce_addr(ifp, head + i, lladdr); + } + free(head, M_TEMP); +} + +/* + * A handler for interface linkstate change events. + */ +static void +arp_ifnet_link_event(void *arg __unused, struct ifnet *ifp, int linkstate) +{ + + if (linkstate == LINK_STATE_UP && V_arp_on_link) + arp_announce(ifp); } /* - * A handler for interface link layer address change event. + * A handler for interface link layer address change events. */ static __noinline void arp_iflladdr(void *arg __unused, struct ifnet *ifp) { - if ((ifp->if_flags & IFF_UP) != 0) - arp_handle_ifllchange(ifp); + arp_announce(ifp); } static void @@ -1220,8 +1279,12 @@ arp_init(void) { netisr_register(&arp_nh); - if (IS_DEFAULT_VNET(curvnet)) + + if (IS_DEFAULT_VNET(curvnet)) { iflladdr_tag = EVENTHANDLER_REGISTER(iflladdr_event, arp_iflladdr, NULL, EVENTHANDLER_PRI_ANY); + ifnet_link_event_tag = EVENTHANDLER_REGISTER(ifnet_link_event, + arp_ifnet_link_event, 0, EVENTHANDLER_PRI_ANY); + } } SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0); diff --git a/sys/netinet/if_ether.h b/sys/netinet/if_ether.h index 1583ca5..ce517e4 100644 --- a/sys/netinet/if_ether.h +++ b/sys/netinet/if_ether.h @@ -119,7 +119,8 @@ int arpresolve(struct ifnet *ifp, int is_gw, struct mbuf *m, void arprequest(struct ifnet *, const struct in_addr *, const struct in_addr *, u_char *); void arp_ifinit(struct ifnet *, struct ifaddr *); -void arp_announce_ifaddr(struct ifnet *, struct in_addr addr, u_char *); +void arp_announce(struct ifnet *); +void arp_announce_addr(struct ifnet *, const struct in_addr *addr, u_char *); #endif #endif diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index f21ddf4..10997306 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -129,6 +129,9 @@ extern struct rmlock in_ifaddr_lock; #define IN_IFADDR_WLOCK_ASSERT() rm_assert(&in_ifaddr_lock, RA_WLOCKED) #define IN_IFADDR_WUNLOCK() rm_wunlock(&in_ifaddr_lock) +#define IFA_IN(ifa) \ + (&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr) + /* * Macro for finding the internet address structure (in_ifaddr) * corresponding to one of our IP addresses (in_addr). diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index 7855af2..6989da2 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -1009,13 +1009,12 @@ static void carp_send_arp(struct carp_softc *sc) { struct ifaddr *ifa; - struct in_addr addr; CARP_FOREACH_IFA(sc, ifa) { if (ifa->ifa_addr->sa_family != AF_INET) continue; - addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr; - arp_announce_ifaddr(sc->sc_carpdev, addr, LLADDR(&sc->sc_addr)); + arp_announce_addr(sc->sc_carpdev, IFA_IN(ifa), + LLADDR(&sc->sc_addr)); } } @@ -1037,18 +1036,16 @@ carp_iamatch(struct ifaddr *ifa, uint8_t **enaddr) static void carp_send_na(struct carp_softc *sc) { - static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT; struct ifaddr *ifa; - struct in6_addr *in6; CARP_FOREACH_IFA(sc, ifa) { - if (ifa->ifa_addr->sa_family != AF_INET6) + if (ifa->ifa_addr->sa_family != AF_INET6 || + IFA_ND6_NA_UNSOLICITED_SKIP(ifa)) continue; - in6 = IFA_IN6(ifa); - nd6_na_output(sc->sc_carpdev, &mcast, in6, - ND_NA_FLAG_OVERRIDE, 1, NULL); - DELAY(1000); /* XXX */ + nd6_na_output_unsolicited_addr(sc->sc_carpdev, IFA_IN6(ifa), + IFA_ND6_NA_BASE_FLAGS(sc->sc_carpdev, ifa)); + nd6_na_unsolicited_addr_delay(ifa); } } diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 5c1563c..e815a96 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -114,7 +114,7 @@ VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix); #define V_icmp6_nodeinfo_oldmcprefix VNET(icmp6_nodeinfo_oldmcprefix) /* - * Definitions of some costant IP6 addresses. + * Definitions of some constant IP6 addresses. */ const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; @@ -2432,6 +2432,8 @@ in6_domifattach(struct ifnet *ifp) int in6_domifmtu(struct ifnet *ifp) { + if (ifp->if_afdata[AF_INET6] == NULL) + return ifp->if_mtu; return (IN6_LINKMTU(ifp)); } diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h index 007fd66..54fa1f5 100644 --- a/sys/netinet6/in6_var.h +++ b/sys/netinet6/in6_var.h @@ -399,6 +399,16 @@ struct in6_rrenumreq { #define IA6_SIN6(ia) (&((ia)->ia_addr)) #define IA6_DSTSIN6(ia) (&((ia)->ia_dstaddr)) #define IFA_IN6(x) (&((struct sockaddr_in6 *)((x)->ifa_addr))->sin6_addr) +#define IFA_IN6_FLAGS(ifa) ((struct in6_ifaddr *)ifa)->ia6_flags +#define IFA_ND6_NA_BASE_FLAGS(ifp, ifa) \ + (IFA_IN6_FLAGS(ifa) & IN6_IFF_ANYCAST ? 0 : ND_NA_FLAG_OVERRIDE) | \ + ((V_ip6_forwarding && !(ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && \ + V_ip6_norbit_raif)) ? ND_NA_FLAG_ROUTER : 0) +#define IFA_ND6_NA_UNSOLICITED_SKIP(ifa) \ + (IFA_IN6_FLAGS(ifa) & (IN6_IFF_DUPLICATED | IN6_IFF_DEPRECATED | \ + IN6_IFF_TENTATIVE)) != 0 +#define IN6_MAX_ANYCAST_DELAY_TIME_MS 1000000 +#define IN6_BROADCAST_DELAY_TIME_MS 1000 #define IFA_DSTIN6(x) (&((struct sockaddr_in6 *)((x)->ifa_dstaddr))->sin6_addr) #define IFPR_IN6(x) (&((struct sockaddr_in6 *)((x)->ifpr_prefix))->sin6_addr) diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index a79922b..d0bcc9d 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> #include <sys/callout.h> +#include <sys/random.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/socket.h> @@ -102,8 +103,12 @@ VNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper * layer hints */ static VNET_DEFINE(int, nd6_maxqueuelen) = 1; /* max pkts cached in unresolved * ND entries */ + +static VNET_DEFINE(int, nd6_on_link) = 1; /* Send unsolicited ND's on link up */ + #define V_nd6_maxndopt VNET(nd6_maxndopt) #define V_nd6_maxqueuelen VNET(nd6_maxqueuelen) +#define V_nd6_on_link VNET(nd6_on_link) #ifdef ND6_DEBUG VNET_DEFINE(int, nd6_debug) = 1; @@ -112,6 +117,7 @@ VNET_DEFINE(int, nd6_debug) = 0; #endif static eventhandler_tag lle_event_eh; +static eventhandler_tag ifnet_link_event_eh; /* for debugging? */ #if 0 @@ -196,6 +202,13 @@ nd6_lle_event(void *arg __unused, struct llentry *lle, int evt) type == RTM_ADD ? RTF_UP: 0), 0, RT_DEFAULT_FIB); } +static void +nd6_ifnet_link_event(void *arg __unused, struct ifnet *ifp, int linkstate) +{ + + if (linkstate == LINK_STATE_UP && V_nd6_on_link) + nd6_na_output_unsolicited(ifp); +} void nd6_init(void) { @@ -211,9 +224,12 @@ nd6_init(void) nd6_slowtimo, curvnet); nd6_dad_init(); - if (IS_DEFAULT_VNET(curvnet)) + if (IS_DEFAULT_VNET(curvnet)) { lle_event_eh = EVENTHANDLER_REGISTER(lle_event, nd6_lle_event, NULL, EVENTHANDLER_PRI_ANY); + ifnet_link_event_eh = EVENTHANDLER_REGISTER(ifnet_link_event, + nd6_ifnet_link_event, NULL, EVENTHANDLER_PRI_ANY); + } } #ifdef VIMAGE @@ -223,8 +239,10 @@ nd6_destroy() callout_drain(&V_nd6_slowtimo_ch); callout_drain(&V_nd6_timer_ch); - if (IS_DEFAULT_VNET(curvnet)) + if (IS_DEFAULT_VNET(curvnet)) { EVENTHANDLER_DEREGISTER(lle_event, lle_event_eh); + EVENTHANDLER_DEREGISTER(ifnet_link_event, ifnet_link_event_eh); + } } #endif @@ -285,6 +303,8 @@ nd6_ifdetach(struct nd_ifinfo *nd) void nd6_setmtu(struct ifnet *ifp) { + if (ifp->if_afdata[AF_INET6] == NULL) + return; nd6_setmtu0(ifp, ND_IFINFO(ifp)); } @@ -2455,13 +2475,18 @@ static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); SYSCTL_DECL(_net_inet6_icmp6); #endif SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, - CTLFLAG_RD, nd6_sysctl_drlist, ""); + CTLFLAG_RD, nd6_sysctl_drlist, "List default routers"); SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, - CTLFLAG_RD, nd6_sysctl_prlist, ""); + CTLFLAG_RD, nd6_sysctl_prlist, "List prefixes"); SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, ""); + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, + "Max packets cached in unresolved ND entries"); SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), ""); + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), + "Interface in seconds between garbage collection passes"); +SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_on_link, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(nd6_on_link), 0, + "Send unsolicited neighbor discovery on interface link up events"); static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index 8a0a56e..710a1ad 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -398,6 +398,10 @@ void nd6_init(void); #ifdef VIMAGE void nd6_destroy(void); #endif +void nd6_na_output_unsolicited(struct ifnet *); +void nd6_na_output_unsolicited_addr(struct ifnet *, const struct in6_addr *, + u_long); +int nd6_na_unsolicited_addr_delay(struct ifaddr *); struct nd_ifinfo *nd6_ifattach(struct ifnet *); void nd6_ifdetach(struct nd_ifinfo *); int nd6_is_addr_neighbor(const struct sockaddr_in6 *, struct ifnet *); diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index bf43fb6..0717e11 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -124,20 +124,16 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) struct in6_addr saddr6 = ip6->ip6_src; struct in6_addr daddr6 = ip6->ip6_dst; struct in6_addr taddr6; - struct in6_addr myaddr6; char *lladdr = NULL; struct ifaddr *ifa = NULL; + u_long flags; int lladdrlen = 0; - int anycast = 0, proxy = 0, tentative = 0; + int proxy = 0; int tlladdr; - int rflag; union nd_opts ndopts; struct sockaddr_dl proxydl; char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; - rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0; - if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif) - rflag = 0; #ifndef PULLDOWN_TEST IP6_EXTHDR_CHECK(m, off, icmp6len,); nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); @@ -229,10 +225,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) * In implementation, we add target link-layer address by default. * We do not add one in MUST NOT cases. */ - if (!IN6_IS_ADDR_MULTICAST(&daddr6)) - tlladdr = 0; - else - tlladdr = 1; + tlladdr = !IN6_IS_ADDR_MULTICAST(&daddr6); /* * Target address (taddr6) must be either: @@ -289,9 +282,6 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) */ goto freeit; } - myaddr6 = *IFA_IN6(ifa); - anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; - tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) goto freeit; @@ -303,7 +293,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) goto bad; } - if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { + if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &saddr6)) { nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n", ip6_sprintf(ip6bufs, &saddr6))); goto freeit; @@ -321,7 +311,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) * * The processing is defined in RFC 2462. */ - if (tentative) { + if (IFA_IN6_FLAGS(ifa) & IN6_IFF_TENTATIVE) { /* * If source address is unspecified address, it is for * duplicate address detection. @@ -335,6 +325,10 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) goto freeit; } + flags = IFA_ND6_NA_BASE_FLAGS(ifp, ifa); + if (proxy || !tlladdr) + flags &= ~ND_NA_FLAG_OVERRIDE; + /* * If the source address is unspecified address, entries must not * be created or updated. @@ -349,20 +343,16 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) in6_all = in6addr_linklocal_allnodes; if (in6_setscope(&in6_all, ifp, NULL) != 0) goto bad; - nd6_na_output_fib(ifp, &in6_all, &taddr6, - ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | - rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL, - M_GETFIB(m)); + nd6_na_output_fib(ifp, &in6_all, &taddr6, flags, tlladdr, + proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m)); goto freeit; } nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_NEIGHBOR_SOLICIT, 0); - nd6_na_output_fib(ifp, &saddr6, &taddr6, - ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | - rflag | ND_NA_FLAG_SOLICITED, tlladdr, - proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m)); + nd6_na_output_fib(ifp, &saddr6, &taddr6, flags | ND_NA_FLAG_SOLICITED, + tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m)); freeit: if (ifa != NULL) ifa_free(ifa); @@ -1597,3 +1587,110 @@ nd6_dad_na_input(struct ifaddr *ifa) nd6_dad_rele(dp); } } + +/* + * Send unsolicited neighbor advertisements for all interface addresses to + * notify other nodes of changes. + * + * This is a noop if the interface isn't up. + */ +void __noinline +nd6_na_output_unsolicited(struct ifnet *ifp) +{ + int i, cnt, entries; + struct ifaddr *ifa; + struct ann { + struct in6_addr addr; + u_long flags; + int delay; + } *ann1, *head; + + if (!(ifp->if_flags & IFF_UP)) + return; + + entries = 8; + cnt = 0; + head = malloc(sizeof(struct ann) * entries, M_TEMP, M_WAITOK); + + /* Take a copy then process to avoid locking issues. */ + IF_ADDR_RLOCK(ifp); + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { + if (ifa->ifa_addr->sa_family != AF_INET6 || + IFA_ND6_NA_UNSOLICITED_SKIP(ifa)) + continue; + + if (cnt == entries) { + ann1 = (struct ann*)realloc(head, sizeof(struct ann) * + (entries + 8), M_TEMP, M_NOWAIT); + if (ann1 == NULL) { + log(LOG_INFO, "nd6_announce: realloc to %d " + "entries failed\n", entries + 8); + /* Process what we have. */ + break; + } + entries += 8; + head = ann1; + } + + ann1 = head + cnt; + bcopy(IFA_IN6(ifa), &ann1->addr, sizeof(ann1->addr)); + ann1->flags = IFA_ND6_NA_BASE_FLAGS(ifp, ifa); + ann1->delay = nd6_na_unsolicited_addr_delay(ifa); + cnt++; + } + IF_ADDR_RUNLOCK(ifp); + + for (i = 0; i < cnt;) { + ann1 = head + i; + nd6_na_output_unsolicited_addr(ifp, &ann1->addr, ann1->flags); + i++; + if (i == cnt) + break; + DELAY(ann1->delay); + } + free(head, M_TEMP); +} + +/* + * Return the delay required for announcements of the address as per RFC 4861. + */ +int +nd6_na_unsolicited_addr_delay(struct ifaddr *ifa) +{ + + if (IFA_IN6_FLAGS(ifa) & IN6_IFF_ANYCAST) { + /* + * Random value between 0 and MAX_ANYCAST_DELAY_TIME + * as per section 7.2.7. + */ + return (random() % IN6_MAX_ANYCAST_DELAY_TIME_MS); + } + + /* Small delay as per section 7.2.6. */ + return (IN6_BROADCAST_DELAY_TIME_MS); +} + +/* + * Send an unsolicited neighbor advertisement for an address to notify other + * nodes of changes. + */ +void __noinline +nd6_na_output_unsolicited_addr(struct ifnet *ifp, const struct in6_addr *addr, + u_long flags) +{ + int error; + struct in6_addr mcast; + + mcast = in6addr_linklocal_allnodes; + if ((error = in6_setscope(&mcast, ifp, NULL)) != 0) { + /* + * This shouldn't by possible as the only error is for loopback + * address which we're not using. + */ + log(LOG_INFO, "in6_setscope: on mcast failed: %d\n", error); + return; + } + nd6_na_output(ifp, &mcast, addr, flags, 1, NULL); +} + + diff --git a/sys/netpfil/ipfw/ip_dn_io.c b/sys/netpfil/ipfw/ip_dn_io.c index a5c4e0f..e8319bb 100644 --- a/sys/netpfil/ipfw/ip_dn_io.c +++ b/sys/netpfil/ipfw/ip_dn_io.c @@ -711,8 +711,8 @@ dummynet_task(void *context, int pending) dn_drain_queue(); } - DN_BH_WUNLOCK(); dn_reschedule(); + DN_BH_WUNLOCK(); if (q.head != NULL) dummynet_send(q.head); CURVNET_RESTORE(); diff --git a/sys/netpfil/ipfw/ip_dummynet.c b/sys/netpfil/ipfw/ip_dummynet.c index 3ba110e..425afca 100644 --- a/sys/netpfil/ipfw/ip_dummynet.c +++ b/sys/netpfil/ipfw/ip_dummynet.c @@ -75,6 +75,7 @@ struct schk_new_arg { /*---- callout hooks. ----*/ static struct callout dn_timeout; +static int dn_gone; static struct task dn_task; static struct taskqueue *dn_tq = NULL; @@ -90,6 +91,8 @@ void dn_reschedule(void) { + if (dn_gone != 0) + return; callout_reset_sbt(&dn_timeout, tick_sbt, 0, dummynet, NULL, C_HARDCLOCK | C_DIRECT_EXEC); } @@ -2179,9 +2182,11 @@ ip_dn_init(void) static void ip_dn_destroy(int last) { - callout_drain(&dn_timeout); - DN_BH_WLOCK(); + /* ensure no more callouts are started */ + dn_gone = 1; + + /* check for last */ if (last) { ND("removing last instance\n"); ip_dn_ctl_ptr = NULL; @@ -2190,6 +2195,8 @@ ip_dn_destroy(int last) dummynet_flush(); DN_BH_WUNLOCK(); + + callout_drain(&dn_timeout); taskqueue_drain(dn_tq, &dn_task); taskqueue_free(dn_tq); diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 3a17c3c..750c812 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -2814,11 +2814,10 @@ vnet_ipfw_uninit(const void *unused) IPFW_UH_WLOCK(chain); IPFW_UH_WUNLOCK(chain); - IPFW_UH_WLOCK(chain); - IPFW_WLOCK(chain); ipfw_dyn_uninit(0); /* run the callout_drain */ - IPFW_WUNLOCK(chain); + + IPFW_UH_WLOCK(chain); reap = NULL; IPFW_WLOCK(chain); diff --git a/sys/powerpc/mpc85xx/fsl_sdhc.c b/sys/powerpc/mpc85xx/fsl_sdhc.c index 4f9ef87..174a8e6 100644 --- a/sys/powerpc/mpc85xx/fsl_sdhc.c +++ b/sys/powerpc/mpc85xx/fsl_sdhc.c @@ -125,6 +125,7 @@ static driver_t fsl_sdhc_driver = { static devclass_t fsl_sdhc_devclass; DRIVER_MODULE(sdhci_fsl, simplebus, fsl_sdhc_driver, fsl_sdhc_devclass, 0, 0); +DRIVER_MODULE(mmc, sdhci_fsl, mmc_driver, mmc_devclass, NULL, NULL); /***************************************************************************** diff --git a/sys/x86/x86/busdma_bounce.c b/sys/x86/x86/busdma_bounce.c index 78d04b9..6e9aa70 100644 --- a/sys/x86/x86/busdma_bounce.c +++ b/sys/x86/x86/busdma_bounce.c @@ -476,8 +476,7 @@ _bus_dmamap_count_phys(bus_dma_tag_t dmat, bus_dmamap_t map, vm_paddr_t buf, while (buflen != 0) { sgsize = MIN(buflen, dmat->common.maxsegsz); if (bus_dma_run_filter(&dmat->common, curaddr)) { - sgsize = MIN(sgsize, - PAGE_SIZE - (curaddr & PAGE_MASK)); + sgsize = MIN(PAGE_SIZE, sgsize); map->pagesneeded++; } curaddr += sgsize; @@ -517,8 +516,7 @@ _bus_dmamap_count_pages(bus_dma_tag_t dmat, bus_dmamap_t map, pmap_t pmap, else paddr = pmap_extract(pmap, vaddr); if (bus_dma_run_filter(&dmat->common, paddr) != 0) { - sg_len = roundup2(sg_len, - dmat->common.alignment); + sg_len = PAGE_SIZE; map->pagesneeded++; } vaddr += sg_len; @@ -554,9 +552,7 @@ _bus_dmamap_count_ma(bus_dma_tag_t dmat, bus_dmamap_t map, struct vm_page **ma, max_sgsize = MIN(buflen, dmat->common.maxsegsz); sg_len = MIN(sg_len, max_sgsize); if (bus_dma_run_filter(&dmat->common, paddr) != 0) { - sg_len = roundup2(sg_len, - dmat->common.alignment); - sg_len = MIN(sg_len, max_sgsize); + sg_len = MIN(PAGE_SIZE, max_sgsize); KASSERT((sg_len & (dmat->common.alignment - 1)) == 0, ("Segment size is not aligned")); map->pagesneeded++; @@ -652,7 +648,7 @@ bounce_bus_dmamap_load_phys(bus_dma_tag_t dmat, bus_dmamap_t map, int *segp) { bus_size_t sgsize; - bus_addr_t curaddr; + bus_addr_t curaddr, nextaddr; int error; if (map == NULL) @@ -676,9 +672,12 @@ bounce_bus_dmamap_load_phys(bus_dma_tag_t dmat, bus_dmamap_t map, if (((dmat->bounce_flags & BUS_DMA_COULD_BOUNCE) != 0) && map->pagesneeded != 0 && bus_dma_run_filter(&dmat->common, curaddr)) { - sgsize = MIN(sgsize, PAGE_SIZE - (curaddr & PAGE_MASK)); - curaddr = add_bounce_page(dmat, map, 0, curaddr, 0, - sgsize); + nextaddr = 0; + sgsize = MIN(PAGE_SIZE, sgsize); + if ((curaddr & PAGE_MASK) + sgsize > PAGE_SIZE) + nextaddr = roundup2(curaddr, PAGE_SIZE); + curaddr = add_bounce_page(dmat, map, 0, curaddr, + nextaddr, sgsize); } sgsize = _bus_dmamap_addseg(dmat, map, curaddr, sgsize, segs, segp); @@ -744,8 +743,7 @@ bounce_bus_dmamap_load_buffer(bus_dma_tag_t dmat, bus_dmamap_t map, void *buf, if (((dmat->bounce_flags & BUS_DMA_COULD_BOUNCE) != 0) && map->pagesneeded != 0 && bus_dma_run_filter(&dmat->common, curaddr)) { - sgsize = roundup2(sgsize, dmat->common.alignment); - sgsize = MIN(sgsize, max_sgsize); + sgsize = MIN(PAGE_SIZE, max_sgsize); curaddr = add_bounce_page(dmat, map, kvaddr, curaddr, 0, sgsize); } else { @@ -774,17 +772,6 @@ bounce_bus_dmamap_load_ma(bus_dma_tag_t dmat, bus_dmamap_t map, int error, page_index; bus_size_t sgsize, max_sgsize; - if (dmat->common.flags & BUS_DMA_KEEP_PG_OFFSET) { - /* - * If we have to keep the offset of each page this function - * is not suitable, switch back to bus_dmamap_load_ma_triv - * which is going to do the right thing in this case. - */ - error = bus_dmamap_load_ma_triv(dmat, map, ma, buflen, ma_offs, - flags, segs, segp); - return (error); - } - if (map == NULL) map = &nobounce_dmamap; @@ -811,10 +798,7 @@ bounce_bus_dmamap_load_ma(bus_dma_tag_t dmat, bus_dmamap_t map, if (((dmat->bounce_flags & BUS_DMA_COULD_BOUNCE) != 0) && map->pagesneeded != 0 && bus_dma_run_filter(&dmat->common, paddr)) { - sgsize = roundup2(sgsize, dmat->common.alignment); - sgsize = MIN(sgsize, max_sgsize); - KASSERT((sgsize & (dmat->common.alignment - 1)) == 0, - ("Segment size is not aligned")); + sgsize = MIN(PAGE_SIZE, max_sgsize); /* * Check if two pages of the user provided buffer * are used. @@ -1175,13 +1159,6 @@ add_bounce_page(bus_dma_tag_t dmat, bus_dmamap_t map, vm_offset_t vaddr, bz->active_bpages++; mtx_unlock(&bounce_lock); - if (dmat->common.flags & BUS_DMA_KEEP_PG_OFFSET) { - /* Page offset needs to be preserved. */ - bpage->vaddr |= addr1 & PAGE_MASK; - bpage->busaddr |= addr1 & PAGE_MASK; - KASSERT(addr2 == 0, - ("Trying to bounce multiple pages with BUS_DMA_KEEP_PG_OFFSET")); - } bpage->datavaddr = vaddr; bpage->datapage[0] = PHYS_TO_VM_PAGE(addr1); KASSERT((addr2 & PAGE_MASK) == 0, ("Second page is not aligned")); @@ -1201,15 +1178,6 @@ free_bounce_page(bus_dma_tag_t dmat, struct bounce_page *bpage) bz = dmat->bounce_zone; bpage->datavaddr = 0; bpage->datacount = 0; - if (dmat->common.flags & BUS_DMA_KEEP_PG_OFFSET) { - /* - * Reset the bounce page to start at offset 0. Other uses - * of this bounce page may need to store a full page of - * data and/or assume it starts on a page boundary. - */ - bpage->vaddr &= ~PAGE_MASK; - bpage->busaddr &= ~PAGE_MASK; - } mtx_lock(&bounce_lock); STAILQ_INSERT_HEAD(&bz->bounce_page_list, bpage, links); diff --git a/tools/build/options/makeman b/tools/build/options/makeman index acc0eb5..52f72ee 100755 --- a/tools/build/options/makeman +++ b/tools/build/options/makeman @@ -197,11 +197,14 @@ for the build can be controlled via the variable, which defaults to .Pa /etc/src-env.conf . Some examples that may only be set in this file are -.Va MAKEOBJDIRPREFIX , .Va WITH_DIRDEPS_BUILD , and .Va WITH_META_MODE as they are environment-only variables. +Note that +.Va MAKEOBJDIRPREFIX +may be set here only when using +.Va WITH_DIRDEPS_BUILD . .Pp The values of variables are ignored regardless of their setting; even if they would be set to diff --git a/tools/debugscripts/README b/tools/debugscripts/README index 2081531..a218368 100644 --- a/tools/debugscripts/README +++ b/tools/debugscripts/README @@ -14,8 +14,8 @@ perform kernel debugging, you would do: (kgdb) -This directory also contains a kgdb script that given a crash dump number -automatically extract the path to the kernel source, run gdb to extract -information about kernel modules loaded, and then rerun gdb loading the +This directory also contains a kgdb script that, given a crash dump number, +automatically extracts the path to the kernel source, runs gdb to extract +information about kernel modules loaded, and then reruns gdb loading the necessary symbols for the modules. You need to make sure you build the modules w/ debugging symbols separately to get things to work. diff --git a/tools/tools/ath/athratestats/Makefile b/tools/tools/ath/athratestats/Makefile index 938f0cb..b5397be 100644 --- a/tools/tools/ath/athratestats/Makefile +++ b/tools/tools/ath/athratestats/Makefile @@ -7,7 +7,7 @@ PROG= athratestats SRCS= main.c opt_ah.h ah_osdep.h -LIBADD+= curses +LIBADD+= ncurses CLEANFILES+= opt_ah.h ah_osdep.h diff --git a/tools/tools/ioat/ioatcontrol.8 b/tools/tools/ioat/ioatcontrol.8 index 002759f..9e156fd 100644 --- a/tools/tools/ioat/ioatcontrol.8 +++ b/tools/tools/ioat/ioatcontrol.8 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 9, 2015 +.Dd December 14, 2015 .Dt IOATCONTROL 8 .Os .Sh NAME @@ -33,10 +33,12 @@ .Xr ioat 4 .Sh SYNOPSIS .Nm +.Op Fl c Ar period .Op Fl E .Op Fl f .Op Fl m .Op Fl V +.Op Fl z .Ar channel_number .Ar num_txns .Ar [ bufsize @@ -44,9 +46,11 @@ .Ar [ duration ] ] ] .Nm .Fl r +.Op Fl c Ar period .Op Fl v .Op Fl V .Op Fl w +.Op Fl z .Ar channel_number .Ar address .Ar [ bufsize ] @@ -57,6 +61,8 @@ allows one to issue some number of test operations to the driver on a specific hardware channel. The arguments are as follows: .Bl -tag -width Ds +.It Fl c Ar period +Configure the channel's interrupt coalescing period, in microseconds. .It Fl E Test non-contiguous 8k copy. .It Fl f @@ -67,6 +73,8 @@ tests copy) Test memcpy instead of DMA. .It Fl V Verify copies/fills for accuracy +.It Fl z +Zero device statistics before running test. .El .Pp Alternatively one can use @@ -76,6 +84,8 @@ to issue DMA to or from a specific .Ar address . The arguments in "raw" mode are: .Bl -tag -width Ds +.It Fl c Ar period +As above. .It Fl v .Ar address is a kernel virtual address (by default, @@ -90,6 +100,8 @@ Write to the specified .Nm .Fl r reads) +.It Fl z +As above. .El .Pp .Nm diff --git a/tools/tools/ioat/ioatcontrol.c b/tools/tools/ioat/ioatcontrol.c index d40ae15..32decc7 100644 --- a/tools/tools/ioat/ioatcontrol.c +++ b/tools/tools/ioat/ioatcontrol.c @@ -48,10 +48,14 @@ static void usage(void) { - printf("Usage: %s [-E|-f|-m] [-V] <channel #> <txns> [<bufsize> " + printf("Usage: %s [-E|-f|-m] OPTIONS <channel #> <txns> [<bufsize> " "[<chain-len> [duration]]]\n", getprogname()); - printf(" %s -r [-vV] <channel #> <addr> [<bufsize>]\n", + printf(" %s -r [-v] OPTIONS <channel #> <addr> [<bufsize>]\n\n", getprogname()); + printf(" OPTIONS:\n"); + printf(" -c <period> - Enable interrupt coalescing (us)\n"); + printf(" -V - Enable verification\n"); + printf(" -z - Zero device stats before test\n"); exit(EX_USAGE); } @@ -103,8 +107,11 @@ main(int argc, char **argv) fflag = rflag = Eflag = mflag = false; modeflags = 0; - while ((ch = getopt(argc, argv, "EfmrvVw")) != -1) { + while ((ch = getopt(argc, argv, "c:EfmrvVwz")) != -1) { switch (ch) { + case 'c': + t.coalesce_period = atoi(optarg); + break; case 'E': Eflag = true; modeflags++; @@ -130,6 +137,9 @@ main(int argc, char **argv) case 'w': t.raw_write = true; break; + case 'z': + t.zero_stats = true; + break; default: usage(); } diff --git a/usr.bin/kdump/Makefile b/usr.bin/kdump/Makefile index 5048fdd..52c0a09 100644 --- a/usr.bin/kdump/Makefile +++ b/usr.bin/kdump/Makefile @@ -6,11 +6,12 @@ .PATH: ${.CURDIR}/../ktrace PROG= kdump -SRCS= kdump_subr.c kdump_subr.h kdump.c ioctl.c subr.c utrace.c +SRCS= kdump_subr.c kdump_subr.h kdump.c ioctl.c subr.c CFLAGS+= -I${.CURDIR}/../ktrace -I${.CURDIR} -I${.CURDIR}/../.. -I. +LIBADD= sysdecode .if ${MK_CASPER} != "no" -LIBADD= capsicum +LIBADD+= capsicum CFLAGS+=-DHAVE_LIBCAPSICUM .endif diff --git a/usr.bin/kdump/Makefile.depend b/usr.bin/kdump/Makefile.depend index e0397fe..f86656e 100644 --- a/usr.bin/kdump/Makefile.depend +++ b/usr.bin/kdump/Makefile.depend @@ -13,6 +13,7 @@ DIRDEPS = \ lib/libcapsicum \ lib/libcompiler_rt \ lib/libnv \ + lib/libsysdecode \ .include <dirdeps.mk> diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index 4804a81..8165bc7 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -83,6 +83,7 @@ extern int errno; #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sysdecode.h> #include <termios.h> #include <time.h> #include <unistd.h> @@ -116,7 +117,6 @@ void ktrfaultend(struct ktr_faultend *); void limitfd(int fd); void usage(void); void ioctlname(unsigned long, int); -int kdump_print_utrace(FILE *, void *, size_t, int); #define TIMESTAMP_NONE 0x0 #define TIMESTAMP_ABSOLUTE 0x1 @@ -1541,7 +1541,7 @@ ktruser(int len, void *p) { unsigned char *cp; - if (kdump_print_utrace(stdout, p, len, decimal)) { + if (sysdecode_utrace(stdout, p, len)) { printf("\n"); return; } diff --git a/usr.bin/truss/Makefile b/usr.bin/truss/Makefile index e784365..a300da1 100644 --- a/usr.bin/truss/Makefile +++ b/usr.bin/truss/Makefile @@ -4,8 +4,7 @@ NO_WERROR= PROG= truss SRCS= cloudabi.c ioctl.c main.c setup.c syscalls.c -.PATH: ${.CURDIR:H}/kdump -SRCS+= utrace.c +LIBADD= sysdecode CFLAGS+= -I${.CURDIR} -I. -I${.CURDIR}/../../sys CLEANFILES= ioctl.c diff --git a/usr.bin/truss/Makefile.depend.amd64 b/usr.bin/truss/Makefile.depend.amd64 index bf32fa4..ad9c8b3 100644 --- a/usr.bin/truss/Makefile.depend.amd64 +++ b/usr.bin/truss/Makefile.depend.amd64 @@ -11,6 +11,7 @@ DIRDEPS = \ lib/${CSU_DIR} \ lib/libc \ lib/libcompiler_rt \ + lib/libsysdecode \ .include <dirdeps.mk> diff --git a/usr.bin/truss/syscalls.c b/usr.bin/truss/syscalls.c index ec74de9..990403e6 100644 --- a/usr.bin/truss/syscalls.c +++ b/usr.bin/truss/syscalls.c @@ -65,6 +65,7 @@ __FBSDID("$FreeBSD$"); #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sysdecode.h> #include <time.h> #include <unistd.h> #include <vis.h> @@ -75,9 +76,6 @@ __FBSDID("$FreeBSD$"); #include "extern.h" #include "syscall.h" -/* usr.bin/kdump/utrace.c */ -int kdump_print_utrace(FILE *, void *, size_t, int); - /* 64-bit alignment on 32-bit platforms. */ #if !defined(__LP64__) && defined(__powerpc__) #define QUAD_ALIGN 1 @@ -1108,7 +1106,7 @@ print_utrace(FILE *fp, void *utrace_addr, size_t len) unsigned char *utrace_buffer; fprintf(fp, "{ "); - if (kdump_print_utrace(fp, utrace_addr, len, 0)) { + if (sysdecode_utrace(fp, utrace_addr, len)) { fprintf(fp, " }"); return; } diff --git a/usr.sbin/ctm/ctm/ctm.1 b/usr.sbin/ctm/ctm/ctm.1 index 3684b9f..6ba35c9 100644 --- a/usr.sbin/ctm/ctm/ctm.1 +++ b/usr.sbin/ctm/ctm/ctm.1 @@ -12,7 +12,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 25, 1995 +.Dd December 14, 2015 .Dt CTM 1 .Os .Sh NAME @@ -303,8 +303,19 @@ and .Fl V options. .Sh SEE ALSO +.Xr ctm_dequeue 1 , .Xr ctm_rmail 1 , +.Xr ctm_smail 1 , .Xr ctm 5 +.Rs +.%B "The FreeBSD Handbook" +.%T "Using CTM" +.%U http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/ctm.html +.Re +.Rs +.%T "Miscellaneous CTM on FreeBSD Resources" +.%U http://ctm.berklix.org +.Re .Sh HISTORY Initial trials were run during the work on .Fx 1.1.5 , diff --git a/usr.sbin/sesutil/sesutil.c b/usr.sbin/sesutil/sesutil.c index 5c96070..0f04c07 100644 --- a/usr.sbin/sesutil/sesutil.c +++ b/usr.sbin/sesutil/sesutil.c @@ -302,6 +302,7 @@ static int objmap(int argc, char **argv __unused) { struct sbuf *extra; + encioc_string_t stri; encioc_elm_devnames_t e_devname; encioc_elm_status_t e_status; encioc_elm_desc_t e_desc; @@ -310,6 +311,7 @@ objmap(int argc, char **argv __unused) int fd; unsigned int j, nobj; size_t i; + char str[32]; if (argc != 1) { usage(stderr, "map"); @@ -355,6 +357,15 @@ objmap(int argc, char **argv __unused) } printf("%s:\n", g.gl_pathv[i] + 5); + stri.bufsiz = sizeof(str); + stri.buf = &str[0]; + if (ioctl(fd, ENCIOC_GETENCNAME, (caddr_t) &stri) == 0) + printf("\tEnclosure Name: %s\n", stri.buf); + stri.bufsiz = sizeof(str); + stri.buf = &str[0]; + if (ioctl(fd, ENCIOC_GETENCID, (caddr_t) &stri) == 0) + printf("\tEnclosure ID: %s\n", stri.buf); + for (j = 0; j < nobj; j++) { /* Get the status of the element */ memset(&e_status, 0, sizeof(e_status)); diff --git a/usr.sbin/ypldap/aldap.c b/usr.sbin/ypldap/aldap.c index 03e5224..7062507 100644 --- a/usr.sbin/ypldap/aldap.c +++ b/usr.sbin/ypldap/aldap.c @@ -353,8 +353,7 @@ aldap_parse_page_control(struct ber_element *control, size_t len) void aldap_freepage(struct aldap_page_control *page) { - if (page->cookie) - free(page->cookie); + free(page->cookie); free(page); } diff --git a/usr.sbin/ypldap/ber.c b/usr.sbin/ypldap/ber.c index a2950dc..540df69 100644 --- a/usr.sbin/ypldap/ber.c +++ b/usr.sbin/ypldap/ber.c @@ -27,7 +27,6 @@ #include <err.h> /* XXX for debug output */ #include <stdio.h> /* XXX for debug output */ #include <string.h> -#include <strings.h> #include <unistd.h> #include <stdarg.h> @@ -1219,8 +1218,7 @@ ber_set_application(struct ber *b, unsigned long (*cb)(struct ber_element *)) void ber_free(struct ber *b) { - if (b->br_wbuf != NULL) - free (b->br_wbuf); + free(b->br_wbuf); } static ssize_t diff --git a/usr.sbin/ypldap/ldapclient.c b/usr.sbin/ypldap/ldapclient.c index 897ceb2..d522fb4 100644 --- a/usr.sbin/ypldap/ldapclient.c +++ b/usr.sbin/ypldap/ldapclient.c @@ -172,7 +172,7 @@ client_dispatch_dns(int fd, short events, void *p) fatalx("unknown event"); if (events & EV_READ) { - if ((n = imsg_read(ibuf)) == -1) + if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) fatal("imsg_read error"); if (n == 0) shut = 1; @@ -275,7 +275,7 @@ client_dispatch_parent(int fd, short events, void *p) fatalx("unknown event"); if (events & EV_READ) { - if ((n = imsg_read(ibuf)) == -1) + if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) fatal("imsg_read error"); if (n == 0) shut = 1; diff --git a/usr.sbin/ypldap/ypldap.c b/usr.sbin/ypldap/ypldap.c index ad7209a..7762270 100644 --- a/usr.sbin/ypldap/ypldap.c +++ b/usr.sbin/ypldap/ypldap.c @@ -361,7 +361,7 @@ main_dispatch_client(int fd, short events, void *p) fatalx("unknown event"); if (events & EV_READ) { - if ((n = imsg_read(ibuf)) == -1) + if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) fatal("imsg_read error"); if (n == 0) shut = 1; diff --git a/usr.sbin/ypldap/ypldap_dns.c b/usr.sbin/ypldap/ypldap_dns.c index 84836f1..507253c 100644 --- a/usr.sbin/ypldap/ypldap_dns.c +++ b/usr.sbin/ypldap/ypldap_dns.c @@ -140,7 +140,7 @@ dns_dispatch_imsg(int fd, short events, void *p) fatalx("unknown event"); if (events & EV_READ) { - if ((n = imsg_read(ibuf)) == -1) + if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) fatal("imsg_read error"); if (n == 0) shut = 1; |
