diff options
91 files changed, 3449 insertions, 674 deletions
@@ -10,6 +10,11 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +1349a733cf28: + Add a driver supporting a new storage controller interface, + Universal Flash Storage Host Controller Interface, supporting + version 4.1 and earlier, via ufshci(4). + f1f230439fa4: FreeBSD now implements the inotify(2) family of system calls. diff --git a/krb5/lib/crypto/Makefile b/krb5/lib/crypto/Makefile index 5087a2fb559b..5efe53d12aa8 100644 --- a/krb5/lib/crypto/Makefile +++ b/krb5/lib/crypto/Makefile @@ -17,6 +17,7 @@ LIB= k5crypto # SHLIB_MAJOR= 3 LDFLAGS=-Wl,--no-undefined LIBADD= com_err krb5support crypto +VERSION_MAP= ${.CURDIR}/version.map # XXX The following doesn't work. Even though the pathnames are the same # XXX we need to use the alternative .include statements. diff --git a/krb5/lib/crypto/version.map b/krb5/lib/crypto/version.map new file mode 100644 index 000000000000..bd4c2c1cd23f --- /dev/null +++ b/krb5/lib/crypto/version.map @@ -0,0 +1,108 @@ +KRB5_CRYPTO_1.0 { + global: + krb5_c_make_random_key; + krb5_c_encrypt_length; + krb5_process_key; + krb5_string_to_cksumtype; + krb5_c_valid_enctype; + krb5_c_valid_cksumtype; + krb5_string_to_key; + krb5_c_encrypt_iov; + krb5_c_checksum_length; + is_keyed_cksum; + krb5_c_padding_length; + is_coll_proof_cksum; + krb5_init_random_key; + krb5_c_string_to_key_with_params; + krb5_c_random_make_octets; + krb5_c_random_os_entropy; + krb5_c_decrypt; + krb5_c_crypto_length; + krb5_c_block_size; + krb5_cksumtype_to_string; + krb5_c_keyed_checksum_types; + krb5_c_is_keyed_cksum; + krb5_c_crypto_length_iov; + valid_cksumtype; + krb5_c_random_seed; + krb5_c_random_to_key; + krb5_verify_checksum; + krb5_c_free_state; + krb5_c_verify_checksum; + krb5_c_random_add_entropy; + krb5_c_decrypt_iov; + krb5_c_make_checksum; + krb5_checksum_size; + krb5_free_cksumtypes; + krb5_finish_key; + krb5_encrypt_size; + krb5_c_keylengths; + krb5_c_prf; + krb5_encrypt; + krb5_string_to_enctype; + krb5_c_is_coll_proof_cksum; + krb5_c_init_state; + krb5_eblock_enctype; + krb5_decrypt; + krb5_c_encrypt; + krb5_c_enctype_compare; + krb5_c_verify_checksum_iov; + valid_enctype; + krb5_enctype_to_string; + krb5_enctype_to_name; + krb5_c_make_checksum_iov; + krb5_calculate_checksum; + krb5_c_string_to_key; + krb5_use_enctype; + krb5_random_key; + krb5_finish_random_key; + krb5_c_prf_length; + krb5int_c_mandatory_cksumtype; + krb5_c_fx_cf2_simple; + krb5int_c_weak_enctype; + krb5_encrypt_data; + krb5int_c_copy_keyblock; + krb5int_c_copy_keyblock_contents; + krb5int_c_free_keyblock_contents; + krb5int_c_free_keyblock; + krb5int_c_init_keyblock; + krb5int_hash_md4; + krb5int_hash_md5; + krb5int_hash_sha256; + krb5int_hash_sha384; + krb5int_enc_arcfour; + krb5int_hmac; + krb5_k_create_key; + krb5_k_decrypt; + krb5_k_decrypt_iov; + krb5_k_encrypt; + krb5_k_encrypt_iov; + krb5_k_free_key; + krb5_k_key_enctype; + krb5_k_key_keyblock; + krb5_k_make_checksum; + krb5_k_make_checksum_iov; + krb5_k_prf; + krb5_k_reference_key; + krb5_k_verify_checksum; + krb5_k_verify_checksum_iov; + krb5int_aes_encrypt; + krb5int_aes_decrypt; + krb5int_enc_des3; + krb5int_arcfour_gsscrypt; + krb5int_camellia_encrypt; + krb5int_cmac_checksum; + krb5int_enc_aes128; + krb5int_enc_aes256; + krb5int_enc_camellia128; + krb5int_enc_camellia256; + krb5int_derive_key; + krb5int_derive_random; + k5_sha256; + krb5int_nfold; + k5_allow_weak_pbkdf2iter; + krb5_c_prfplus; + krb5_c_derive_prfplus; + k5_enctype_to_ssf; + krb5int_c_deprecated_enctype; +}; diff --git a/krb5/lib/gssapi/Makefile b/krb5/lib/gssapi/Makefile index 51ed6f162d65..569452cfb538 100644 --- a/krb5/lib/gssapi/Makefile +++ b/krb5/lib/gssapi/Makefile @@ -17,6 +17,7 @@ LIB= gssapi_krb5 # SHLIB_MAJOR= 2 LDFLAGS=-Wl,--no-undefined LIBADD= krb5 k5crypto com_err krb5profile krb5support +VERSION_MAP= ${.CURDIR}/version.map # This is a contcatonation of: # crypto/krb5/src/lib/gssapi/libgssapi_krb5.exports diff --git a/krb5/lib/gssapi/version.map b/krb5/lib/gssapi/version.map new file mode 100644 index 000000000000..afdfe9a0a83a --- /dev/null +++ b/krb5/lib/gssapi/version.map @@ -0,0 +1,172 @@ +KRB5_GSSAPI_1.0 { + global: + GSS_C_ATTR_LOCAL_LOGIN_USER; + GSS_C_INQ_NEGOEX_KEY; + GSS_C_INQ_NEGOEX_VERIFY_KEY; + GSS_C_INQ_SSPI_SESSION_KEY; + GSS_C_MA_AUTH_INIT; + GSS_C_MA_AUTH_INIT_ANON; + GSS_C_MA_AUTH_INIT_INIT; + GSS_C_MA_AUTH_TARG; + GSS_C_MA_AUTH_TARG_ANON; + GSS_C_MA_AUTH_TARG_INIT; + GSS_C_MA_CBINDINGS; + GSS_C_MA_COMPRESS; + GSS_C_MA_CONF_PROT; + GSS_C_MA_CTX_TRANS; + GSS_C_MA_DELEG_CRED; + GSS_C_MA_DEPRECATED; + GSS_C_MA_INTEG_PROT; + GSS_C_MA_ITOK_FRAMED; + GSS_C_MA_MECH_COMPOSITE; + GSS_C_MA_MECH_CONCRETE; + GSS_C_MA_MECH_GLUE; + GSS_C_MA_MECH_NEGO; + GSS_C_MA_MECH_PSEUDO; + GSS_C_MA_MIC; + GSS_C_MA_NEGOEX_AND_SPNEGO; + GSS_C_MA_NOT_DFLT_MECH; + GSS_C_MA_NOT_MECH; + GSS_C_MA_OOS_DET; + GSS_C_MA_PFS; + GSS_C_MA_PROT_READY; + GSS_C_MA_REPLAY_DET; + GSS_C_MA_WRAP; + GSS_C_NT_ANONYMOUS; + GSS_C_NT_COMPOSITE_EXPORT; + GSS_C_NT_EXPORT_NAME; + GSS_C_NT_HOSTBASED_SERVICE; + GSS_C_NT_HOSTBASED_SERVICE_X; + GSS_C_NT_MACHINE_UID_NAME; + GSS_C_NT_STRING_UID_NAME; + GSS_C_NT_USER_NAME; + GSS_C_SEC_CONTEXT_SASL_SSF; + GSS_KRB5_CRED_NO_CI_FLAGS_X; + GSS_KRB5_GET_CRED_IMPERSONATOR; + GSS_KRB5_NT_ENTERPRISE_NAME; + GSS_KRB5_NT_PRINCIPAL_NAME; + GSS_KRB5_NT_X509_CERT; + gss_accept_sec_context; + gss_acquire_cred; + gss_acquire_cred_from; + gss_acquire_cred_impersonate_name; + gss_acquire_cred_with_password; + gss_add_buffer_set_member; + gss_add_cred; + gss_add_cred_from; + gss_add_cred_impersonate_name; + gss_add_cred_with_password; + gss_add_oid_set_member; + gss_authorize_localname; + gss_canonicalize_name; + gss_compare_name; + gss_complete_auth_token; + gss_context_time; + gss_create_empty_buffer_set; + gss_create_empty_oid_set; + gss_decapsulate_token; + gss_delete_name_attribute; + gss_delete_sec_context; + gss_display_mech_attr; + gss_display_name; + gss_display_name_ext; + gss_display_status; + gss_duplicate_name; + gss_encapsulate_token; + gss_export_cred; + gss_export_name; + gss_export_name_composite; + gss_export_sec_context; + gss_get_mic; + gss_get_mic_iov; + gss_get_mic_iov_length; + gss_get_name_attribute; + gss_import_cred; + gss_import_name; + gss_import_sec_context; + gss_indicate_mechs; + gss_indicate_mechs_by_attrs; + gss_init_sec_context; + gss_inquire_attrs_for_mech; + gss_inquire_context; + gss_inquire_cred; + gss_inquire_cred_by_mech; + gss_inquire_cred_by_oid; + gss_inquire_mech_for_saslname; + gss_inquire_mechs_for_name; + gss_inquire_name; + gss_inquire_names_for_mech; + gss_inquire_saslname_for_mech; + gss_inquire_sec_context_by_oid; + gss_krb5_ccache_name; + gss_krb5_copy_ccache; + gss_krb5_export_lucid_sec_context; + gss_krb5_free_lucid_sec_context; + gss_krb5_get_tkt_flags; + gss_krb5_import_cred; + gss_krb5_set_allowable_enctypes; + gss_krb5_set_cred_rcache; + gss_krb5int_make_seal_token_v3; + gss_krb5int_unseal_token_v3; + gss_localname; + gss_map_name_to_any; + gss_mech_iakerb; + gss_mech_krb5; + gss_mech_krb5_old; + gss_mech_krb5_wrong; + gss_mech_set_krb5; + gss_mech_set_krb5_both; + gss_mech_set_krb5_old; + gss_nt_exported_name; + gss_nt_krb5_name; + gss_nt_krb5_principal; + gss_nt_machine_uid_name; + gss_nt_service_name; + gss_nt_service_name_v2; + gss_nt_string_uid_name; + gss_nt_user_name; + gss_oid_equal; + gss_oid_to_str; + gss_pname_to_uid; + gss_process_context_token; + gss_pseudo_random; + gss_release_any_name_mapping; + gss_release_buffer; + gss_release_buffer_set; + gss_release_cred; + gss_release_iov_buffer; + gss_release_name; + gss_release_oid; + gss_release_oid_set; + gss_seal; + gss_set_cred_option; + gss_set_name_attribute; + gss_set_neg_mechs; + gss_set_sec_context_option; + gss_sign; + gss_store_cred; + gss_store_cred_into; + gss_str_to_oid; + gss_test_oid_set_member; + gss_unseal; + gss_unwrap; + gss_unwrap_aead; + gss_unwrap_iov; + gss_userok; + gss_verify; + gss_verify_mic; + gss_verify_mic_iov; + gss_wrap; + gss_wrap_aead; + gss_wrap_iov; + gss_wrap_iov_length; + gss_wrap_size_limit; + gssint_g_seqstate_init; + gsskrb5_extract_authtime_from_sec_context; + gsskrb5_extract_authz_data_from_sec_context; + gssspi_mech_invoke; + gssspi_set_cred_option; + krb5_gss_dbg_client_expcreds; + krb5_gss_register_acceptor_identity; + krb5_gss_use_kdc_context; +}; diff --git a/krb5/lib/kadm5clnt/Makefile b/krb5/lib/kadm5clnt/Makefile index ddb9b0e9fec5..c9f199bdaea3 100644 --- a/krb5/lib/kadm5clnt/Makefile +++ b/krb5/lib/kadm5clnt/Makefile @@ -17,6 +17,7 @@ LIB= kadm5clnt_mit # SHLIB_MAJOR= 12 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile gssrpc gssapi_krb5 krb5 k5crypto krb5support com_err +VERSION_MAP= ${.CURDIR}/version.map SRCS= alt_prof.c \ chpass_util.c \ diff --git a/krb5/lib/kadm5clnt/version.map b/krb5/lib/kadm5clnt/version.map new file mode 100644 index 000000000000..9743c7cf6140 --- /dev/null +++ b/krb5/lib/kadm5clnt/version.map @@ -0,0 +1,118 @@ +KRB5_KADM5_CLNT_1.0 { + global: + _kadm5_check_handle; + _kadm5_chpass_principal_util; + kadm5_chpass_principal; + kadm5_chpass_principal_3; + kadm5_chpass_principal_util; + kadm5_create_policy; + kadm5_create_principal; + kadm5_create_principal_3; + kadm5_decrypt_key; + kadm5_delete_policy; + kadm5_delete_principal; + kadm5_destroy; + kadm5_flush; + kadm5_free_config_params; + kadm5_free_kadm5_key_data; + kadm5_free_key_data; + kadm5_free_name_list; + kadm5_free_policy_ent; + kadm5_free_principal_ent; + kadm5_free_strings; + kadm5_get_admin_service_name; + kadm5_get_config_params; + kadm5_get_policies; + kadm5_get_policy; + kadm5_get_principal; + kadm5_get_principal_keys; + kadm5_get_principals; + kadm5_get_privs; + kadm5_get_strings; + kadm5_init; + kadm5_init_anonymous; + kadm5_init_krb5_context; + kadm5_init_with_creds; + kadm5_init_with_password; + kadm5_init_with_skey; + kadm5_lock; + kadm5_modify_policy; + kadm5_modify_principal; + kadm5_purgekeys; + kadm5_randkey_principal; + kadm5_randkey_principal_3; + kadm5_rename_principal; + kadm5_set_string; + kadm5_setkey_principal; + kadm5_setkey_principal_3; + kadm5_setkey_principal_4; + kadm5_unlock; + krb5_aprof_get_boolean; + krb5_aprof_get_deltat; + krb5_aprof_get_int32; + krb5_aprof_get_string; + krb5_aprof_getvals; + krb5_flagnum_to_string; + krb5_flagspec_to_mask; + krb5_flags_to_strings; + krb5_free_key_data_contents; + krb5_keysalt_is_present; + krb5_keysalt_iterate; + krb5_klog_close; + krb5_klog_init; + krb5_klog_reopen; + krb5_klog_set_context; + krb5_klog_syslog; + krb5_string_to_keysalts; + xdr_chpass3_arg; + xdr_chpass_arg; + xdr_chrand3_arg; + xdr_chrand_arg; + xdr_chrand_ret; + xdr_cpol_arg; + xdr_cprinc3_arg; + xdr_cprinc_arg; + xdr_dpol_arg; + xdr_dprinc_arg; + xdr_generic_ret; + xdr_getpkeys_arg; + xdr_getpkeys_ret; + xdr_getprivs_ret; + xdr_gpol_arg; + xdr_gpol_ret; + xdr_gpols_arg; + xdr_gpols_ret; + xdr_gprinc_arg; + xdr_gprinc_ret; + xdr_gprincs_arg; + xdr_gprincs_ret; + xdr_kadm5_key_data; + xdr_kadm5_policy_ent_rec; + xdr_kadm5_principal_ent_rec; + xdr_kadm5_ret_t; + xdr_krb5_deltat; + xdr_krb5_enctype; + xdr_krb5_flags; + xdr_krb5_int16; + xdr_krb5_key_data_nocontents; + xdr_krb5_key_salt_tuple; + xdr_krb5_keyblock; + xdr_krb5_kvno; + xdr_krb5_octet; + xdr_krb5_principal; + xdr_krb5_salttype; + xdr_krb5_timestamp; + xdr_krb5_tl_data; + xdr_krb5_ui_2; + xdr_krb5_ui_4; + xdr_mpol_arg; + xdr_mprinc_arg; + xdr_nullstring; + xdr_nulltype; + xdr_rprinc_arg; + xdr_setkey3_arg; + xdr_setkey4_arg; + xdr_setkey_arg; + xdr_ui_4; + kadm5_init_iprop; +}; diff --git a/krb5/lib/kadm5srv/Makefile b/krb5/lib/kadm5srv/Makefile index f716dfcdaedc..90a2180d496a 100644 --- a/krb5/lib/kadm5srv/Makefile +++ b/krb5/lib/kadm5srv/Makefile @@ -17,6 +17,7 @@ LIB= kadm5srv_mit # SHLIB_MAJOR= 12 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile gssrpc gssapi_krb5 kdb5 krb5 k5crypto krb5support com_err +VERSION_MAP= ${.CURDIR}/version.map INCSDIR= ${INCLUDEDIR}/kadm5 diff --git a/krb5/lib/kadm5srv/version.map b/krb5/lib/kadm5srv/version.map new file mode 100644 index 000000000000..a0e9da6daef2 --- /dev/null +++ b/krb5/lib/kadm5srv/version.map @@ -0,0 +1,137 @@ +KRB5_KADM5_SRV_1.0 { + global: + _kadm5_check_handle; + _kadm5_chpass_principal_util; + hist_princ; + kadm5_chpass_principal; + kadm5_chpass_principal_3; + kadm5_chpass_principal_util; + kadm5_create_policy; + kadm5_create_principal; + kadm5_create_principal_3; + kadm5_decrypt_key; + kadm5_delete_policy; + kadm5_delete_principal; + kadm5_destroy; + kadm5_flush; + kadm5_free_config_params; + kadm5_free_kadm5_key_data; + kadm5_free_key_data; + kadm5_free_name_list; + kadm5_free_policy_ent; + kadm5_free_principal_ent; + kadm5_free_strings; + kadm5_get_config_params; + kadm5_get_policies; + kadm5_get_policy; + kadm5_get_principal; + kadm5_get_principal_keys; + kadm5_get_principals; + kadm5_get_privs; + kadm5_get_strings; + kadm5_init; + kadm5_init_anonymous; + kadm5_init_krb5_context; + kadm5_init_with_creds; + kadm5_init_with_password; + kadm5_init_with_skey; + kadm5_lock; + kadm5_modify_policy; + kadm5_modify_principal; + kadm5_purgekeys; + kadm5_randkey_principal; + kadm5_randkey_principal_3; + kadm5_rename_principal; + kadm5_set_string; + kadm5_setkey_principal; + kadm5_setkey_principal_3; + kadm5_setkey_principal_4; + kadm5_unlock; + kdb_delete_entry; + kdb_free_entry; + kdb_init_hist; + kdb_init_master; + kdb_iter_entry; + kdb_put_entry; + krb5_aprof_get_boolean; + krb5_aprof_get_deltat; + krb5_aprof_get_int32; + krb5_aprof_get_string; + krb5_aprof_get_string_all; + krb5_aprof_getvals; + krb5_copy_key_data_contents; + krb5_flagnum_to_string; + krb5_flagspec_to_mask; + krb5_flags_to_strings; + krb5_free_key_data_contents; + krb5_keysalt_is_present; + krb5_keysalt_iterate; + krb5_klog_close; + krb5_klog_init; + krb5_klog_reopen; + krb5_klog_set_context; + krb5_klog_syslog; + krb5_string_to_keysalts; + master_db; + master_princ; + osa_free_princ_ent; + passwd_check; + xdr_chpass3_arg; + xdr_chpass_arg; + xdr_chrand3_arg; + xdr_chrand_arg; + xdr_chrand_ret; + xdr_cpol_arg; + xdr_cprinc3_arg; + xdr_cprinc_arg; + xdr_dpol_arg; + xdr_dprinc_arg; + xdr_generic_ret; + xdr_getpkeys_arg; + xdr_getpkeys_ret; + xdr_getprivs_ret; + xdr_gpol_arg; + xdr_gpol_ret; + xdr_gpols_arg; + xdr_gpols_ret; + xdr_gprinc_arg; + xdr_gprinc_ret; + xdr_gprincs_arg; + xdr_gprincs_ret; + xdr_gstrings_arg; + xdr_gstrings_ret; + xdr_kadm5_policy_ent_rec; + xdr_kadm5_principal_ent_rec; + xdr_kadm5_ret_t; + xdr_krb5_deltat; + xdr_krb5_enctype; + xdr_krb5_flags; + xdr_krb5_int16; + xdr_krb5_key_data; + xdr_krb5_key_data_nocontents; + xdr_krb5_key_salt_tuple; + xdr_krb5_keyblock; + xdr_krb5_kvno; + xdr_krb5_octet; + xdr_krb5_principal; + xdr_krb5_salttype; + xdr_krb5_string_attr; + xdr_krb5_timestamp; + xdr_krb5_tl_data; + xdr_krb5_ui_2; + xdr_krb5_ui_4; + xdr_mpol_arg; + xdr_mprinc_arg; + xdr_nullstring; + xdr_nulltype; + xdr_osa_princ_ent_rec; + xdr_osa_pw_hist_ent; + xdr_purgekeys_arg; + xdr_rprinc_arg; + xdr_setkey3_arg; + xdr_setkey4_arg; + xdr_setkey_arg; + xdr_sstring_arg; + xdr_ui_4; + kadm5_init_iprop; +}; diff --git a/krb5/lib/kdb/Makefile b/krb5/lib/kdb/Makefile index ac7f058a7f11..57fe32e39347 100644 --- a/krb5/lib/kdb/Makefile +++ b/krb5/lib/kdb/Makefile @@ -17,6 +17,7 @@ LIB= kdb5 # SHLIB_MAJOR= 10 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile gssrpc krb5 k5crypto com_err krb5support gssapi_krb5 +VERSION_MAP= ${.CURDIR}/version.map SRCS= decrypt_key.c \ encrypt_key.c \ diff --git a/krb5/lib/kdb/version.map b/krb5/lib/kdb/version.map new file mode 100644 index 000000000000..9522af1e9edd --- /dev/null +++ b/krb5/lib/kdb/version.map @@ -0,0 +1,111 @@ +KRB5_KDB5_1.0 { + global: + krb5_db_setup_lib_handle; + krb5_db_open; + krb5_db_inited; + krb5_db_alloc; + krb5_db_free; + krb5_db_allowed_to_delegate_from; + krb5_db_audit_as_req; + krb5_db_check_allowed_to_delegate; + krb5_db_get_s4u_x509_principal; + krb5_db_check_policy_as; + krb5_db_check_policy_tgs; + krb5_db_check_transited_realms; + krb5_db_create; + krb5_db_delete_principal; + krb5_db_destroy; + krb5_db_fetch_mkey; + krb5_db_fetch_mkey_list; + krb5_db_fini; + krb5_db_free_principal; + krb5_db_get_age; + krb5_db_get_key_data_kvno; + krb5_db_get_context; + krb5_db_get_principal; + krb5_db_issue_pac; + krb5_db_iterate; + krb5_db_lock; + krb5_db_mkey_list_alias; + krb5_db_put_principal; + krb5_db_refresh_config; + krb5_db_rename_principal; + krb5_db_set_context; + krb5_db_setup_mkey_name; + krb5_db_unlock; + krb5_db_store_master_key; + krb5_db_store_master_key_list; + krb5_dbe_apw; + krb5_dbe_ark; + krb5_dbe_cpw; + krb5_dbe_create_key_data; + krb5_dbe_crk; + krb5_dbe_find_act_mkey; + krb5_dbe_fetch_act_key_list; + krb5_dbe_find_enctype; + krb5_dbe_find_mkey; + krb5_dbe_free_actkvno_list; + krb5_dbe_free_key_data_contents; + krb5_dbe_free_mkey_aux_list; + krb5_dbe_free_key_list; + krb5_dbe_free_string; + krb5_dbe_free_strings; + krb5_dbe_get_mkvno; + krb5_dbe_get_string; + krb5_dbe_get_strings; + krb5_dbe_compute_salt; + krb5_dbe_lookup_last_admin_unlock; + krb5_dbe_lookup_last_pwd_change; + krb5_dbe_lookup_actkvno; + krb5_dbe_lookup_mkey_aux; + krb5_dbe_lookup_mkvno; + krb5_dbe_lookup_mod_princ_data; + krb5_dbe_lookup_tl_data; + krb5_dbe_search_enctype; + krb5_dbe_set_string; + krb5_dbe_specialize_salt; + krb5_dbe_update_actkvno; + krb5_dbe_update_last_admin_unlock; + krb5_dbe_update_last_pwd_change; + krb5_dbe_update_mkey_aux; + krb5_dbe_update_mkvno; + krb5_dbe_update_mod_princ_data; + krb5_dbe_update_tl_data; + krb5_db_update_tl_data; + krb5_dbe_def_encrypt_key_data; + krb5_dbe_def_decrypt_key_data; + krb5_dbe_decrypt_key_data; + krb5_dbe_encrypt_key_data; + krb5_kt_kdb_ops; + krb5_ktkdb_close; + krb5_ktkdb_get_entry; + krb5_ktkdb_resolve; + krb5_ktkdb_set_context; + krb5_mkey_pwd_prompt1; + krb5_mkey_pwd_prompt2; + krb5_db_create_policy; + krb5_db_get_policy; + krb5_db_put_policy; + krb5_db_iter_policy; + krb5_db_delete_policy; + krb5_db_free_policy; + krb5_def_store_mkey_list; + krb5_db_promote; + krb5_db_register_keytab; + ulog_add_update; + ulog_init_header; + ulog_map; + ulog_set_role; + ulog_free_entries; + xdr_kdb_last_t; + xdr_kdb_incr_result_t; + xdr_kdb_fullresync_result_t; + ulog_fini; + ulog_get_entries; + ulog_get_last; + ulog_get_sno_status; + ulog_replay; + ulog_set_last; + xdr_kdb_incr_update_t; + krb5_dbe_sort_key_data; +}; diff --git a/krb5/lib/krad/Makefile b/krb5/lib/krad/Makefile index 4b18af482207..28751d9bf9b6 100644 --- a/krb5/lib/krad/Makefile +++ b/krb5/lib/krad/Makefile @@ -17,6 +17,7 @@ LIB= krad # SHLIB_MAJOR= 0 LDFLAGS=-Wl,--no-undefined LIBADD= krb5 k5crypto com_err krb5profile krb5support verto +VERSION_MAP= ${.CURDIR}/version.map SRCS= attr.c \ attrset.c \ diff --git a/krb5/lib/krad/version.map b/krb5/lib/krad/version.map new file mode 100644 index 000000000000..7e058d9bd494 --- /dev/null +++ b/krb5/lib/krad/version.map @@ -0,0 +1,26 @@ +KRB5_KRAD_1.0 { + global: + krad_code_name2num; + krad_code_num2name; + krad_attr_name2num; + krad_attr_num2name; + krad_attrset_new; + krad_attrset_copy; + krad_attrset_free; + krad_attrset_add; + krad_attrset_add_number; + krad_attrset_del; + krad_attrset_get; + krad_packet_bytes_needed; + krad_packet_free; + krad_packet_new_request; + krad_packet_new_response; + krad_packet_decode_request; + krad_packet_decode_response; + krad_packet_encode; + krad_packet_get_code; + krad_packet_get_attr; + krad_client_new; + krad_client_free; + krad_client_send; +}; diff --git a/krb5/lib/krb5/Makefile b/krb5/lib/krb5/Makefile index bf90c7fc80f7..76f40a3174cc 100644 --- a/krb5/lib/krb5/Makefile +++ b/krb5/lib/krb5/Makefile @@ -17,6 +17,7 @@ LIB= krb5 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile k5crypto com_err krb5support # SHLIB_MAJOR= 3 +VERSION_MAP= ${.CURDIR}/version.map SRCS= krb5_libinit.c diff --git a/krb5/lib/krb5/version.map b/krb5/lib/krb5/version.map new file mode 100644 index 000000000000..3f37ce0dce31 --- /dev/null +++ b/krb5/lib/krb5/version.map @@ -0,0 +1,617 @@ +KRB5_KRB5_1.0 { + global: + _krb5_conf_boolean; + decode_krb5_ad_kdcissued; + decode_krb5_ap_rep; + decode_krb5_ap_rep_enc_part; + decode_krb5_ap_req; + decode_krb5_as_rep; + decode_krb5_as_req; + decode_krb5_authdata; + decode_krb5_authenticator; + decode_krb5_cammac; + decode_krb5_cred; + decode_krb5_enc_cred_part; + decode_krb5_enc_data; + decode_krb5_enc_kdc_rep_part; + decode_krb5_enc_priv_part; + decode_krb5_enc_sam_response_enc_2; + decode_krb5_enc_tkt_part; + decode_krb5_encryption_key; + decode_krb5_error; + decode_krb5_etype_info; + decode_krb5_etype_info2; + decode_krb5_fast_req; + decode_krb5_fast_response; + decode_krb5_iakerb_finished; + decode_krb5_iakerb_header; + decode_krb5_kdc_req_body; + decode_krb5_otp_tokeninfo; + decode_krb5_kkdcp_message; + decode_krb5_pa_enc_ts; + decode_krb5_pa_for_user; + decode_krb5_pa_fx_fast_reply; + decode_krb5_pa_fx_fast_request; + decode_krb5_pa_otp_challenge; + decode_krb5_pa_otp_req; + decode_krb5_pa_otp_enc_req; + decode_krb5_pa_pac_options; + decode_krb5_pa_pac_req; + decode_krb5_pa_s4u_x509_user; + decode_krb5_pa_spake; + decode_krb5_padata_sequence; + decode_krb5_priv; + decode_krb5_safe; + decode_krb5_sam_challenge_2; + decode_krb5_sam_challenge_2_body; + decode_krb5_sam_response_2; + decode_krb5_secure_cookie; + decode_krb5_setpw_req; + decode_krb5_spake_factor; + decode_krb5_tgs_rep; + decode_krb5_tgs_req; + decode_krb5_ticket; + decode_krb5_typed_data; + decode_utf8_strings; + encode_krb5_ad_kdcissued; + encode_krb5_ap_rep; + encode_krb5_ap_rep_enc_part; + encode_krb5_ap_req; + encode_krb5_as_rep; + encode_krb5_as_req; + encode_krb5_authdata; + encode_krb5_authenticator; + encode_krb5_cammac; + encode_krb5_checksum; + encode_krb5_cred; + encode_krb5_enc_cred_part; + encode_krb5_enc_data; + encode_krb5_enc_kdc_rep_part; + encode_krb5_enc_priv_part; + encode_krb5_enc_sam_response_enc_2; + encode_krb5_enc_tkt_part; + encode_krb5_encryption_key; + encode_krb5_error; + encode_krb5_etype_info; + encode_krb5_etype_info2; + encode_krb5_fast_response; + encode_krb5_iakerb_finished; + encode_krb5_iakerb_header; + encode_krb5_kdc_req_body; + encode_krb5_otp_tokeninfo; + encode_krb5_kkdcp_message; + encode_krb5_pa_enc_ts; + encode_krb5_pa_for_user; + encode_krb5_pa_fx_fast_reply; + encode_krb5_pa_otp_challenge; + encode_krb5_pa_otp_req; + encode_krb5_pa_otp_enc_req; + encode_krb5_pa_pac_options; + encode_krb5_pa_s4u_x509_user; + encode_krb5_pa_spake; + encode_krb5_padata_sequence; + encode_krb5_pkinit_supp_pub_info; + encode_krb5_priv; + encode_krb5_s4u_userid; + encode_krb5_safe; + encode_krb5_sam_challenge_2; + encode_krb5_sam_challenge_2_body; + encode_krb5_sam_response_2; + encode_krb5_secure_cookie; + encode_krb5_sp80056a_other_info; + encode_krb5_spake_factor; + encode_krb5_tgs_rep; + encode_krb5_tgs_req; + encode_krb5_ticket; + encode_krb5_typed_data; + encode_utf8_strings; + k5_add_empty_pa_data; + k5_add_pa_data_element; + k5_add_pa_data_from_data; + k5_alloc_pa_data; + k5_authind_decode; + k5_build_conf_principals; + k5_cc_store_primary_cred; + k5_ccselect_free_context; + k5_change_error_message_code; + k5_etypes_contains; + k5_expand_path_tokens; + k5_expand_path_tokens_extra; + k5_externalize_auth_context; + k5_externalize_authdata; + k5_externalize_authdata_context; + k5_externalize_context; + k5_externalize_keyblock; + k5_externalize_principal; + k5_free_algorithm_identifier; + k5_free_cammac; + k5_free_data_ptr_list; + k5_free_otp_tokeninfo; + k5_free_kkdcp_message; + k5_free_pa_data_element; + k5_free_pa_otp_challenge; + k5_free_pa_otp_req; + k5_free_secure_cookie; + k5_free_pa_spake; + k5_free_serverlist; + k5_free_spake_factor; + k5_hostrealm_free_context; + k5_init_trace; + k5_internalize_auth_context; + k5_internalize_authdata; + k5_internalize_authdata_context; + k5_internalize_context; + k5_internalize_keyblock; + k5_internalize_principal; + k5_is_string_numeric; + k5_kt_get_principal; + k5_kt_have_match; + k5_localauth_free_context; + k5_locate_kdc; + k5_marshal_cred; + k5_marshal_princ; + k5_os_free_context; + k5_os_init_context; + k5_parse_host_string; + k5_plugin_free_modules; + k5_plugin_load; + k5_plugin_load_all; + k5_plugin_register; + k5_plugin_register_dyn; + k5_rc_close; + k5_rc_get_name; + k5_rc_resolve; + k5_rc_store; + k5_size_auth_context; + k5_size_authdata; + k5_size_authdata_context; + k5_size_context; + k5_size_keyblock; + k5_size_principal; + k5_sname_compare; + k5_unmarshal_cred; + k5_unmarshal_princ; + k5_unwrap_cammac_svc; + k5_zapfree_pa_data; + krb524_convert_creds_kdc; + krb524_init_ets; + krb5_425_conv_principal; + krb5_524_conv_principal; + krb5_524_convert_creds; + krb5_address_compare; + krb5_address_order; + krb5_address_search; + krb5_allow_weak_crypto; + krb5_aname_to_localname; + krb5_anonymous_principal; + krb5_anonymous_realm; + krb5_appdefault_boolean; + krb5_appdefault_string; + krb5_auth_con_free; + krb5_auth_con_genaddrs; + krb5_auth_con_get_checksum_func; + krb5_auth_con_get_authdata_context; + krb5_auth_con_getaddrs; + krb5_auth_con_getauthenticator; + krb5_auth_con_getflags; + krb5_auth_con_getivector; + krb5_auth_con_getkey; + krb5_auth_con_getkey_k; + krb5_auth_con_getlocalseqnumber; + krb5_auth_con_getlocalsubkey; + krb5_auth_con_getpermetypes; + krb5_auth_con_getrcache; + krb5_auth_con_getrecvsubkey; + krb5_auth_con_getrecvsubkey_k; + krb5_auth_con_getremoteseqnumber; + krb5_auth_con_getremotesubkey; + krb5_auth_con_getsendsubkey; + krb5_auth_con_getsendsubkey_k; + krb5_auth_con_init; + krb5_auth_con_initivector; + krb5_auth_con_set_authdata_context; + krb5_auth_con_set_checksum_func; + krb5_auth_con_set_req_cksumtype; + krb5_auth_con_set_safe_cksumtype; + krb5_auth_con_setaddrs; + krb5_auth_con_setflags; + krb5_auth_con_setivector; + krb5_auth_con_setpermetypes; + krb5_auth_con_setports; + krb5_auth_con_setrcache; + krb5_auth_con_setrecvsubkey; + krb5_auth_con_setrecvsubkey_k; + krb5_auth_con_setsendsubkey; + krb5_auth_con_setsendsubkey_k; + krb5_auth_con_setuseruserkey; + krb5_authdata_context_copy; + krb5_authdata_context_free; + krb5_authdata_context_init; + krb5_authdata_delete_attribute; + krb5_authdata_get_attribute_types; + krb5_authdata_get_attribute; + krb5_authdata_set_attribute; + krb5_authdata_export_attributes; + krb5_authdata_export_authdata; + krb5_authdata_export_internal; + krb5_authdata_free_internal; + krb5_authdata_import_attributes; + krb5_build_principal; + krb5_build_principal_alloc_va; + krb5_build_principal_ext; + krb5_build_principal_va; + krb5_cc_cache_match; + krb5_cc_close; + krb5_cc_copy_creds; + krb5_cc_default; + krb5_cc_default_name; + krb5_cc_destroy; + krb5_cc_dfl_ops; + krb5_cc_dup; + krb5_cc_end_seq_get; + krb5_cc_file_ops; + krb5_cc_gen_new; + krb5_cc_get_config; + krb5_cc_get_full_name; + krb5_cc_get_name; + krb5_cc_get_principal; + krb5_cc_get_type; + krb5_cc_move; + krb5_cc_initialize; + krb5_cc_new_unique; + krb5_cc_next_cred; + krb5_cc_register; + krb5_cc_remove_cred; + krb5_cc_resolve; + krb5_cc_retrieve_cred; + krb5_cc_select; + krb5_cc_set_config; + krb5_cc_set_default_name; + krb5_cc_set_flags; + krb5_cc_start_seq_get; + krb5_cc_store_cred; + krb5_cc_support_switch; + krb5_cc_switch; + krb5_cccol_cursor_free; + krb5_cccol_cursor_new; + krb5_cccol_cursor_next; + krb5_cccol_have_content; + krb5_change_cache; + krb5_change_password; + krb5_check_clockskew; + krb5_check_transited_list; + krb5_chpw_message; + krb5_chpw_result_code_string; + krb5_clear_error_message; + krb5_copy_addr; + krb5_copy_addresses; + krb5_copy_authdata; + krb5_copy_authenticator; + krb5_copy_checksum; + krb5_copy_context; + krb5_copy_creds; + krb5_copy_data; + krb5_copy_error_message; + krb5_copy_keyblock; + krb5_copy_keyblock_contents; + krb5_copy_principal; + krb5_copy_ticket; + krb5_crypto_us_timeofday; + krb5_decode_authdata_container; + krb5_decode_ticket; + krb5_decrypt_tkt_part; + krb5_deltat_to_string; + krb5_encode_authdata_container; + krb5_encode_kdc_rep; + krb5_encrypt_helper; + krb5_encrypt_tkt_part; + krb5_expand_hostname; + krb5_fcc_ops; + krb5_find_authdata; + krb5_free_ad_kdcissued; + krb5_free_address; + krb5_free_addresses; + krb5_free_ap_rep; + krb5_free_ap_rep_enc_part; + krb5_free_ap_req; + krb5_free_authdata; + krb5_free_authenticator; + krb5_free_authenticator_contents; + krb5_free_checksum; + krb5_free_checksum_contents; + krb5_free_config_files; + krb5_free_context; + krb5_free_cred; + krb5_free_cred_contents; + krb5_free_cred_enc_part; + krb5_free_creds; + krb5_free_data; + krb5_free_data_contents; + krb5_free_default_realm; + krb5_free_enc_data; + krb5_free_enc_kdc_rep_part; + krb5_free_enc_sam_response_enc_2; + krb5_free_enc_sam_response_enc_2_contents; + krb5_free_enc_tkt_part; + krb5_free_enctypes; + krb5_free_error; + krb5_free_error_message; + krb5_free_etype_info; + krb5_free_fast_armored_req; + krb5_free_fast_req; + krb5_free_fast_response; + krb5_free_host_realm; + krb5_free_iakerb_finished; + krb5_free_iakerb_header; + krb5_free_kdc_rep; + krb5_free_kdc_req; + krb5_free_keyblock; + krb5_free_keyblock_contents; + krb5_free_keytab_entry_contents; + krb5_free_last_req; + krb5_free_octet_data; + krb5_free_pa_data; + krb5_free_pa_enc_ts; + krb5_free_pa_for_user; + krb5_free_pa_pac_req; + krb5_free_pa_s4u_x509_user; + krb5_free_principal; + krb5_free_priv; + krb5_free_priv_enc_part; + krb5_free_realm_tree; + krb5_free_safe; + krb5_free_sam_challenge_2; + krb5_free_sam_challenge_2_body; + krb5_free_sam_challenge_2_body_contents; + krb5_free_sam_challenge_2_contents; + krb5_free_sam_response_2; + krb5_free_sam_response_2_contents; + krb5_free_string; + krb5_free_tgt_creds; + krb5_free_ticket; + krb5_free_tickets; + krb5_free_tkt_authent; + krb5_free_unparsed_name; + krb5_fwd_tgt_creds; + krb5_gen_portaddr; + krb5_gen_replay_name; + krb5_generate_seq_number; + krb5_generate_subkey; + krb5_get_cred_via_tkt; + krb5_get_credentials; + krb5_get_credentials_for_proxy; + krb5_get_credentials_for_user; + krb5_get_credentials_renew; + krb5_get_credentials_validate; + krb5_get_default_config_files; + krb5_get_default_in_tkt_ktypes; + krb5_get_default_realm; + krb5_get_error_message; + krb5_get_etype_info; + krb5_get_fallback_host_realm; + krb5_get_host_realm; + krb5_get_in_tkt_with_keytab; + krb5_get_in_tkt_with_password; + krb5_get_in_tkt_with_skey; + krb5_get_init_creds_keytab; + krb5_get_init_creds_opt_alloc; + krb5_get_init_creds_opt_free; + krb5_get_init_creds_opt_free_pa; + krb5_get_init_creds_opt_get_fast_flags; + krb5_get_init_creds_opt_get_pa; + krb5_get_init_creds_opt_init; + krb5_get_init_creds_opt_set_address_list; + krb5_get_init_creds_opt_set_anonymous; + krb5_get_init_creds_opt_set_canonicalize; + krb5_get_init_creds_opt_set_change_password_prompt; + krb5_get_init_creds_opt_set_etype_list; + krb5_get_init_creds_opt_set_expire_callback; + krb5_get_init_creds_opt_set_fast_ccache; + krb5_get_init_creds_opt_set_fast_ccache_name; + krb5_get_init_creds_opt_set_fast_flags; + krb5_get_init_creds_opt_set_forwardable; + krb5_get_init_creds_opt_set_in_ccache; + krb5_get_init_creds_opt_set_out_ccache; + krb5_get_init_creds_opt_set_pa; + krb5_get_init_creds_opt_set_pac_request; + krb5_get_init_creds_opt_set_preauth_list; + krb5_get_init_creds_opt_set_proxiable; + krb5_get_init_creds_opt_set_renew_life; + krb5_get_init_creds_opt_set_responder; + krb5_get_init_creds_opt_set_salt; + krb5_get_init_creds_opt_set_tkt_life; + krb5_get_init_creds_password; + krb5_get_notification_message; + krb5_get_permitted_enctypes; + krb5_get_profile; + krb5_get_prompt_types; + krb5_get_realm_domain; + krb5_get_renewed_creds; + krb5_get_server_rcache; + krb5_get_tgs_ktypes; + krb5_get_time_offsets; + krb5_get_validated_creds; + krb5_init_context; + krb5_init_context_profile; + krb5_init_creds_free; + krb5_init_creds_get; + krb5_init_creds_get_creds; + krb5_init_creds_get_error; + krb5_init_creds_get_times; + krb5_init_creds_init; + krb5_init_creds_set_keytab; + krb5_init_creds_set_password; + krb5_init_creds_set_service; + krb5_init_creds_step; + krb5_init_keyblock; + krb5_init_secure_context; + krb5_is_config_principal; + krb5_is_permitted_enctype; + krb5_is_referral_realm; + krb5_is_thread_safe; + krb5_kdc_rep_decrypt_proc; + krb5_kdc_sign_ticket; + krb5_kdc_verify_ticket; + krb5_kt_add_entry; + krb5_kt_client_default; + krb5_kt_close; + krb5_kt_default; + krb5_kt_default_name; + krb5_kt_dfl_ops; + krb5_kt_dup; + krb5_kt_end_seq_get; + krb5_kt_free_entry; + krb5_kt_get_entry; + krb5_kt_get_name; + krb5_kt_get_type; + krb5_kt_have_content; + krb5_kt_next_entry; + krb5_kt_read_service_key; + krb5_kt_register; + krb5_kt_remove_entry; + krb5_kt_resolve; + krb5_kt_start_seq_get; + krb5_ktf_ops; + krb5_ktf_writable_ops; + krb5_kuserok; + krb5_lock_file; + krb5_make_authdata_kdc_issued; + krb5_make_full_ipaddr; + krb5_make_fulladdr; + krb5_marshal_credentials; + krb5_mcc_ops; + krb5_merge_authdata; + krb5_mk_1cred; + krb5_mk_error; + krb5_mk_ncred; + krb5_mk_priv; + krb5_mk_rep; + krb5_mk_rep_dce; + krb5_mk_req; + krb5_mk_req_extended; + krb5_mk_safe; + krb5_net_read; + krb5_net_write; + krb5_os_localaddr; + krb5_overridekeyname; + krb5_pac_add_buffer; + krb5_pac_free; + krb5_pac_get_buffer; + krb5_pac_get_types; + krb5_pac_init; + krb5_pac_parse; + krb5_pac_sign; + krb5_pac_sign_ext; + krb5_pac_verify; + krb5_pac_verify_ext; + krb5_pac_get_client_info; + krb5_parse_name; + krb5_parse_name_flags; + krb5_prepend_error_message; + krb5_principal2salt; + krb5_principal2salt_norealm; + krb5_principal_compare; + krb5_principal_compare_any_realm; + krb5_principal_compare_flags; + krb5_prompter_posix; + krb5_rc_default; + krb5_rc_destroy; + krb5_rc_get_lifespan; + krb5_rc_initialize; + krb5_rd_cred; + krb5_rd_error; + krb5_rd_priv; + krb5_rd_rep; + krb5_rd_rep_dce; + krb5_rd_req; + krb5_rd_req_decoded; + krb5_rd_req_decoded_anyflag; + krb5_rd_safe; + krb5_read_message; + krb5_read_password; + krb5_realm_compare; + krb5_recvauth; + krb5_recvauth_version; + krb5_responder_get_challenge; + krb5_responder_list_questions; + krb5_responder_set_answer; + krb5_responder_otp_get_challenge; + krb5_responder_otp_set_answer; + krb5_responder_otp_challenge_free; + krb5_responder_pkinit_get_challenge; + krb5_responder_pkinit_set_answer; + krb5_responder_pkinit_challenge_free; + krb5_salttype_to_string; + krb5_sendauth; + krb5_sendto_kdc; + krb5_ser_pack_bytes; + krb5_ser_pack_int32; + krb5_ser_pack_int64; + krb5_ser_unpack_bytes; + krb5_ser_unpack_int32; + krb5_ser_unpack_int64; + krb5_server_decrypt_ticket_keytab; + krb5_set_config_files; + krb5_set_debugging_time; + krb5_set_default_realm; + krb5_set_default_tgs_enctypes; + krb5_set_default_tgs_ktypes; + krb5_set_error_message; + krb5_set_password; + krb5_set_password_using_ccache; + krb5_set_principal_realm; + krb5_set_real_time; + krb5_set_kdc_send_hook; + krb5_set_kdc_recv_hook; + krb5_set_time_offsets; + krb5_set_trace_callback; + krb5_set_trace_filename; + krb5_sname_match; + krb5_sname_to_principal; + krb5_string_to_deltat; + krb5_string_to_salttype; + krb5_string_to_timestamp; + krb5int_tgtname; + krb5_tkt_creds_free; + krb5_tkt_creds_get; + krb5_tkt_creds_get_creds; + krb5_tkt_creds_get_times; + krb5_tkt_creds_init; + krb5_tkt_creds_step; + krb5_timeofday; + krb5_timestamp_to_sfstring; + krb5_timestamp_to_string; + krb5_unlock_file; + krb5_unmarshal_credentials; + krb5_unpack_full_ipaddr; + krb5_unparse_name; + krb5_unparse_name_ext; + krb5_unparse_name_flags; + krb5_unparse_name_flags_ext; + krb5_us_timeofday; + krb5_use_natural_time; + krb5_verify_authdata_kdc_issued; + krb5_verify_init_creds; + krb5_verify_init_creds_opt_init; + krb5_verify_init_creds_opt_set_ap_req_nofail; + krb5_vprepend_error_message; + krb5_vset_error_message; + krb5_vwrap_error_message; + krb5_walk_realm_tree; + krb5_wrap_error_message; + krb5_write_message; + krb5int_accessor; + krb5int_cc_default; + krb5int_cleanup_library; + krb5int_copy_data_contents; + krb5int_copy_data_contents_add0; + krb5int_find_pa_data; + krb5int_foreach_localaddr; + krb5int_free_data_list; + krb5int_get_authdata_containee_types; + krb5int_init_context_kdc; + krb5int_initialize_library; + krb5int_parse_enctype_list; + krb5int_random_string; + krb5int_trace; +}; diff --git a/krb5/lib/rpc/Makefile b/krb5/lib/rpc/Makefile index 13499b184d30..f6dfd014ca3c 100644 --- a/krb5/lib/rpc/Makefile +++ b/krb5/lib/rpc/Makefile @@ -17,6 +17,7 @@ LIB= gssrpc # SHLIB_MAJOR= 4 LDFLAGS=-Wl,--no-undefined LIBADD= gssapi_krb5 krb5 k5crypto com_err krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= auth_gss.c \ auth_gssapi.c \ diff --git a/krb5/lib/rpc/version.map b/krb5/lib/rpc/version.map new file mode 100644 index 000000000000..4a5052b71536 --- /dev/null +++ b/krb5/lib/rpc/version.map @@ -0,0 +1,147 @@ +KRB5_RPC_1.0 { + global: + gssrpc_auth_debug_gss; + gssrpc_auth_debug_gssapi; + gssrpc_auth_gssapi_create; + gssrpc_auth_gssapi_create_default; + gssrpc_auth_gssapi_display_status; + gssrpc_auth_gssapi_seal_seq; + gssrpc_auth_gssapi_unseal_seq; + gssrpc_auth_gssapi_unwrap_data; + gssrpc_auth_gssapi_wrap_data; + gssrpc_authgss_create; + gssrpc_authgss_create_default; + gssrpc_authgss_get_private_data; + gssrpc_authgss_service; + gssrpc_authnone_create; + gssrpc_authunix_create; + gssrpc_authunix_create_default; + gssrpc_bindresvport; + gssrpc_bindresvport_sa; + gssrpc_callrpc; + gssrpc_clnt_broadcast; + gssrpc_clnt_create; + gssrpc_clnt_pcreateerror; + gssrpc_clnt_perrno; + gssrpc_clnt_perror; + gssrpc_clnt_spcreateerror; + gssrpc_clnt_sperrno; + gssrpc_clnt_sperror; + gssrpc_clntraw_create; + gssrpc_clnttcp_create; + gssrpc_clntudp_bufcreate; + gssrpc_clntudp_create; + gssrpc_get_myaddress; + gssrpc_getrpcport; + gssrpc_log_debug; + gssrpc_log_hexdump; + gssrpc_log_status; + gssrpc_misc_debug_gss; + gssrpc_misc_debug_gssapi; + gssrpc_pmap_getmaps; + gssrpc_pmap_getport; + gssrpc_pmap_rmtcall; + gssrpc_pmap_set; + gssrpc_pmap_unset; + gssrpc_registerrpc; + gssrpc_rpc_createrr; + gssrpc_svc_auth_gss_ops; + gssrpc_svc_auth_gssapi_ops; + gssrpc_svc_auth_none; + gssrpc_svc_auth_none_ops; + gssrpc_svc_debug_gss; + gssrpc_svc_debug_gssapi; + gssrpc_svc_fdset; + gssrpc_svc_fdset_init; + gssrpc_svc_getreq; + gssrpc_svc_getreqset; + gssrpc_svc_maxfd; + gssrpc_svc_register; + gssrpc_svc_run; + gssrpc_svc_sendreply; + gssrpc_svc_unregister; + gssrpc_svcauth_gss_get_principal; + gssrpc_svcauth_gss_set_log_badauth_func; + gssrpc_svcauth_gss_set_log_badauth2_func; + gssrpc_svcauth_gss_set_log_badverf_func; + gssrpc_svcauth_gss_set_log_miscerr_func; + gssrpc_svcauth_gss_set_svc_name; + gssrpc_svcauth_gssapi_set_log_badauth_func; + gssrpc_svcauth_gssapi_set_log_badauth2_func; + gssrpc_svcauth_gssapi_set_log_badverf_func; + gssrpc_svcauth_gssapi_set_log_miscerr_func; + gssrpc_svcauth_gssapi_set_names; + gssrpc_svcauth_gssapi_unset_names; + gssrpc_svcerr_auth; + gssrpc_svcerr_decode; + gssrpc_svcerr_noproc; + gssrpc_svcerr_noprog; + gssrpc_svcerr_progvers; + gssrpc_svcerr_systemerr; + gssrpc_svcerr_weakauth; + gssrpc_svcfd_create; + gssrpc_svcraw_create; + gssrpc_svctcp_create; + gssrpc_svcudp_bufcreate; + gssrpc_svcudp_create; + gssrpc_svcudp_enablecache; + gssrpc_xdr_accepted_reply; + gssrpc_xdr_array; + gssrpc_xdr_authgssapi_creds; + gssrpc_xdr_authgssapi_init_arg; + gssrpc_xdr_authgssapi_init_res; + gssrpc_xdr_authunix_parms; + gssrpc_xdr_bool; + gssrpc_xdr_bytes; + gssrpc_xdr_callhdr; + gssrpc_xdr_callmsg; + gssrpc_xdr_char; + gssrpc_xdr_des_block; + gssrpc_xdr_enum; + gssrpc_xdr_free; + gssrpc_xdr_gss_buf; + gssrpc_xdr_int; + gssrpc_xdr_int32; + gssrpc_xdr_long; + gssrpc_xdr_netobj; + gssrpc_xdr_opaque; + gssrpc_xdr_opaque_auth; + gssrpc_xdr_pmap; + gssrpc_xdr_pmaplist; + gssrpc_xdr_pointer; + gssrpc_xdr_reference; + gssrpc_xdr_rejected_reply; + gssrpc_xdr_replymsg; + gssrpc_xdr_rmtcall_args; + gssrpc_xdr_rmtcallres; + gssrpc_xdr_rpc_gss_buf; + gssrpc_xdr_rpc_gss_cred; + gssrpc_xdr_rpc_gss_data; + gssrpc_xdr_rpc_gss_init_args; + gssrpc_xdr_rpc_gss_init_res; + gssrpc_xdr_rpc_gss_unwrap_data; + gssrpc_xdr_rpc_gss_wrap_data; + gssrpc_xdr_short; + gssrpc_xdr_sizeof; + gssrpc_xdr_string; + gssrpc_xdr_u_char; + gssrpc_xdr_u_int; + gssrpc_xdr_u_int32; + gssrpc_xdr_u_long; + gssrpc_xdr_u_short; + gssrpc_xdr_union; + gssrpc_xdr_vector; + gssrpc_xdr_void; + gssrpc_xdr_wrapstring; + gssrpc_xdralloc_create; + gssrpc_xdralloc_getdata; + gssrpc_xdralloc_release; + gssrpc_xdrmem_create; + gssrpc_xdrrec_create; + gssrpc_xdrrec_endofrecord; + gssrpc_xdrrec_eof; + gssrpc_xdrrec_skiprecord; + gssrpc_xdrstdio_create; + gssrpc_xprt_register; + gssrpc_xprt_unregister; +}; diff --git a/krb5/plugins/audit/Makefile b/krb5/plugins/audit/Makefile index 507cde261300..eb615a3b89f4 100644 --- a/krb5/plugins/audit/Makefile +++ b/krb5/plugins/audit/Makefile @@ -16,6 +16,7 @@ PACKAGE= krb5 LIB= kdc_j_encode LIBDIR= ${PLUGINSDIR}/audit LDFLAGS=-Wl,--no-undefined +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/audit diff --git a/krb5/plugins/audit/version.map b/krb5/plugins/audit/version.map new file mode 100644 index 000000000000..b6d3368df002 --- /dev/null +++ b/krb5/plugins/audit/version.map @@ -0,0 +1,10 @@ +KRB5_AUDIT_1.0 { + global: + kau_j_kdc_stop; + kau_j_kdc_start; + kau_j_as_req; + kau_j_tgs_req; + kau_j_tgs_s4u2self; + kau_j_tgs_s4u2proxy; + kau_j_tgs_u2u; +}; diff --git a/krb5/plugins/k5tls/Makefile b/krb5/plugins/k5tls/Makefile index 8af5efb06b80..790794d4744c 100644 --- a/krb5/plugins/k5tls/Makefile +++ b/krb5/plugins/k5tls/Makefile @@ -18,6 +18,7 @@ SHLIBDIR= ${LIBDIR} LIB= k5tls LDFLAGS=-Wl,--no-undefined LIBADD= krb5 krb5profile krb5support ssl crypto k5crypto com_err sys +VERSION_MAP= ${.CURDIR}/version.map SRCS= notls.c \ openssl.c diff --git a/krb5/plugins/k5tls/version.map b/krb5/plugins/k5tls/version.map new file mode 100644 index 000000000000..802628aaaf63 --- /dev/null +++ b/krb5/plugins/k5tls/version.map @@ -0,0 +1,4 @@ +KRB5_K5TLS_1.0 { + global: + tls_k5tls_initvt; +}; diff --git a/krb5/plugins/kdb/db2/Makefile b/krb5/plugins/kdb/db2/Makefile index 7526283f37be..a91bea73677b 100644 --- a/krb5/plugins/kdb/db2/Makefile +++ b/krb5/plugins/kdb/db2/Makefile @@ -18,6 +18,7 @@ SHLIBDIR= ${LIBDIR} LIB= db2 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krb5 com_err k5crypto kadm5srv_mit kdb5 gssrpc gssapi_krb5 krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= \ adb_openclose.c \ diff --git a/krb5/plugins/kdb/db2/version.map b/krb5/plugins/kdb/db2/version.map new file mode 100644 index 000000000000..aa524e506fb8 --- /dev/null +++ b/krb5/plugins/kdb/db2/version.map @@ -0,0 +1,109 @@ +KRB5_DB2_1.0 { + global: + __default_hash; + __kdb2_add_bigpage; + __kdb2_add_ovflpage; + __kdb2_addel; + __kdb2_big_delete; + __kdb2_big_insert; + __kdb2_big_keydata; + __kdb2_big_return; + __kdb2_bt_close; + __kdb2_bt_cmp; + __kdb2_bt_defcmp; + __kdb2_bt_defpfx; + __kdb2_bt_deleaf; + __kdb2_bt_delete; + __kdb2_bt_dmpage; + __kdb2_bt_dnpage; + __kdb2_bt_dpage; + __kdb2_bt_dump; + __kdb2_bt_fd; + __kdb2_bt_free; + __kdb2_bt_get; + __kdb2_bt_new; + __kdb2_bt_open; + __kdb2_bt_pgin; + __kdb2_bt_pgout; + __kdb2_bt_put; + __kdb2_bt_relink; + __kdb2_bt_ret; + __kdb2_bt_search; + __kdb2_bt_seq; + __kdb2_bt_setcur; + __kdb2_bt_split; + __kdb2_bt_stat; + __kdb2_bt_sync; + __kdb2_call_hash; + __kdb2_cursor_creat; + __kdb2_dbpanic; + __kdb2_delete_page; + __kdb2_delpair; + __kdb2_expand_table; + __kdb2_find_bigpair; + __kdb2_free_ovflpage; + __kdb2_get_bigkey; + __kdb2_get_item; + __kdb2_get_item_done; + __kdb2_get_item_first; + __kdb2_get_item_next; + __kdb2_get_item_reset; + __kdb2_get_page; + __kdb2_hash_open; + __kdb2_ibitmap; + __kdb2_log2; + __kdb2_new_page; + __kdb2_ovfl_delete; + __kdb2_ovfl_get; + __kdb2_ovfl_put; + __kdb2_pgin_routine; + __kdb2_pgout_routine; + __kdb2_put_page; + __kdb2_rec_close; + __kdb2_rec_delete; + __kdb2_rec_dleaf; + __kdb2_rec_fd; + __kdb2_rec_fmap; + __kdb2_rec_fpipe; + __kdb2_rec_get; + __kdb2_rec_iput; + __kdb2_rec_open; + __kdb2_rec_put; + __kdb2_rec_ret; + __kdb2_rec_search; + __kdb2_rec_seq; + __kdb2_rec_sync; + __kdb2_rec_vmap; + __kdb2_rec_vpipe; + __kdb2_split_page; + kdb2_dbm_clearerr; + kdb2_dbm_close; + kdb2_dbm_delete; + kdb2_dbm_dirfno; + kdb2_dbm_error; + kdb2_dbm_fetch; + kdb2_dbm_firstkey; + kdb2_dbm_nextkey; + kdb2_dbm_open; + kdb2_dbm_store; + kdb2_dbminit; + kdb2_dbopen; + kdb2_delete; + kdb2_fetch; + kdb2_firstkey; + kdb2_hcreate; + kdb2_hdestroy; + kdb2_hsearch; + kdb2_mpool_close; + kdb2_mpool_delete; + kdb2_mpool_filter; + kdb2_mpool_get; + kdb2_mpool_new; + kdb2_mpool_open; + kdb2_mpool_put; + kdb2_mpool_stat; + kdb2_mpool_sync; + kdb2_nextkey; + kdb2_store; + kdb_function_table; +}; diff --git a/krb5/plugins/preauth/otp/Makefile b/krb5/plugins/preauth/otp/Makefile index 9222f9785a80..724d8df16230 100644 --- a/krb5/plugins/preauth/otp/Makefile +++ b/krb5/plugins/preauth/otp/Makefile @@ -17,6 +17,7 @@ LIB= otp LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krad verto krb5 k5crypto com_err krb5support m +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/otp diff --git a/krb5/plugins/preauth/otp/version.map b/krb5/plugins/preauth/otp/version.map new file mode 100644 index 000000000000..9d2ee5ea7213 --- /dev/null +++ b/krb5/plugins/preauth/otp/version.map @@ -0,0 +1,4 @@ +KRB5_PREAUTH_OTP { + global: + kdcpreauth_otp_initvt; +}; diff --git a/krb5/plugins/preauth/pkinit/Makefile b/krb5/plugins/preauth/pkinit/Makefile index f2a76d1e33da..600b02b02346 100644 --- a/krb5/plugins/preauth/pkinit/Makefile +++ b/krb5/plugins/preauth/pkinit/Makefile @@ -17,6 +17,7 @@ LIB= pkinit LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krb5 com_err k5crypto crypto krb5support +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/pkinit diff --git a/krb5/plugins/preauth/pkinit/version.map b/krb5/plugins/preauth/pkinit/version.map new file mode 100644 index 000000000000..39a9f81f83ef --- /dev/null +++ b/krb5/plugins/preauth/pkinit/version.map @@ -0,0 +1,5 @@ +KRB5_PREAUTH_PKINIT_1.0 { + global: + clpreauth_pkinit_initvt; + kdcpreauth_pkinit_initvt; +}; diff --git a/krb5/plugins/preauth/spake/Makefile b/krb5/plugins/preauth/spake/Makefile index a5d9179f8adc..62d8a5aa9574 100644 --- a/krb5/plugins/preauth/spake/Makefile +++ b/krb5/plugins/preauth/spake/Makefile @@ -17,6 +17,7 @@ LIB= spake LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krb5 k5crypto com_err krb5support crypto sys +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/spake diff --git a/krb5/plugins/preauth/spake/version.map b/krb5/plugins/preauth/spake/version.map new file mode 100644 index 000000000000..7763f289c80d --- /dev/null +++ b/krb5/plugins/preauth/spake/version.map @@ -0,0 +1,5 @@ +KRB5_PLUGINS_SPAKE_1.0 { + global: + clpreauth_spake_initvt; + kdcpreauth_spake_initvt; +}; diff --git a/krb5/plugins/preauth/test/Makefile b/krb5/plugins/preauth/test/Makefile index 71b7200b2039..411868e9a1d1 100644 --- a/krb5/plugins/preauth/test/Makefile +++ b/krb5/plugins/preauth/test/Makefile @@ -17,6 +17,7 @@ LIB= test LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5 k5crypto com_err krb5support +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/test diff --git a/krb5/plugins/preauth/test/version.map b/krb5/plugins/preauth/test/version.map new file mode 100644 index 000000000000..e27e14869833 --- /dev/null +++ b/krb5/plugins/preauth/test/version.map @@ -0,0 +1,5 @@ +KRB5_PREAUTH_TEST_1.0 { + global: + clpreauth_test_initvt; + kdcpreauth_test_initvt; +}; diff --git a/krb5/util/et/Makefile b/krb5/util/et/Makefile index 4457cd199801..16b700fb5d1f 100644 --- a/krb5/util/et/Makefile +++ b/krb5/util/et/Makefile @@ -18,6 +18,7 @@ LIB= com_err LDFLAGS=-Wl,--no-undefined INCSDIR=${INCLUDEDIR} LIBADD= krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= com_err.c \ diff --git a/krb5/util/et/version.map b/krb5/util/et/version.map new file mode 100644 index 000000000000..be846b139ebc --- /dev/null +++ b/krb5/util/et/version.map @@ -0,0 +1,12 @@ +KRB5_ET_1.0 { + global: + add_error_table; + com_err; + com_err_va; + error_message; + error_table_name; + error_table_name_r; + remove_error_table; + reset_com_err_hook; + set_com_err_hook; +}; diff --git a/krb5/util/profile/Makefile b/krb5/util/profile/Makefile index 24e06e8c5024..72ef3176ab5d 100644 --- a/krb5/util/profile/Makefile +++ b/krb5/util/profile/Makefile @@ -15,6 +15,7 @@ PACKAGE= krb5 LIB= krb5profile LIBADD= com_err krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= prof_file.c \ prof_get.c \ diff --git a/krb5/util/profile/version.map b/krb5/util/profile/version.map new file mode 100644 index 000000000000..d7fd0059983d --- /dev/null +++ b/krb5/util/profile/version.map @@ -0,0 +1,33 @@ +KRB5_PROFILE_1.0 { + global: + et_prof_error_table; + initialize_prof_error_table; + profile_abandon; + profile_add_relation; + profile_clear_relation; + profile_flush; + profile_free_list; + profile_get_boolean; + profile_get_integer; + profile_get_relation_names; + profile_get_string; + profile_get_subsection_names; + profile_get_values; + profile_init; + profile_init_flags; + profile_init_path; + profile_init_vtable; + profile_iterator; + profile_iterator_create; + profile_iterator_free; + profile_release; + profile_release_string; + profile_rename_section; + profile_ser_externalize; + profile_ser_internalize; + profile_ser_size; + profile_update_relation; + profile_flush_to_file; + profile_flush_to_buffer; + profile_free_buffer; +}; diff --git a/krb5/util/support/Makefile b/krb5/util/support/Makefile index 9ba1b8169d8e..25ef7faf74ee 100644 --- a/krb5/util/support/Makefile +++ b/krb5/util/support/Makefile @@ -16,6 +16,7 @@ PACKAGE= krb5-lib LIB= krb5support # SHLIB_MAJOR= 0 LDFLAGS=-Wl,--no-undefined +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/util/support diff --git a/krb5/util/support/version.map b/krb5/util/support/version.map new file mode 100644 index 000000000000..f4de213d33d9 --- /dev/null +++ b/krb5/util/support/version.map @@ -0,0 +1,102 @@ +KRB5_SUPPORT_1.0 { + global: + k5_base64_decode; + k5_base64_encode; + k5_bcmp; + k5_buf_init_fixed; + k5_buf_init_dynamic; + k5_buf_init_dynamic_zap; + k5_buf_add; + k5_buf_add_len; + k5_buf_add_fmt; + k5_buf_add_vfmt; + k5_buf_cstring; + k5_buf_get_space; + k5_buf_truncate; + k5_buf_status; + k5_buf_free; + k5_set_error; + k5_vset_error; + k5_get_error; + k5_free_error; + k5_clear_error; + k5_set_error_info_callout_fn; + k5_hashtab_add; + k5_hashtab_create; + k5_hashtab_free; + k5_hashtab_get; + k5_hashtab_remove; + k5_hex_decode; + k5_hex_encode; + k5_json_array_add; + k5_json_array_create; + k5_json_array_fmt; + k5_json_array_get; + k5_json_array_length; + k5_json_array_set; + k5_json_bool_create; + k5_json_bool_value; + k5_json_decode; + k5_json_encode; + k5_json_get_tid; + k5_json_null_create; + k5_json_null_create_val; + k5_json_number_create; + k5_json_number_value; + k5_json_object_count; + k5_json_object_create; + k5_json_object_get; + k5_json_object_iterate; + k5_json_object_set; + k5_json_release; + k5_json_retain; + k5_json_string_create; + k5_json_string_create_base64; + k5_json_string_create_len; + k5_json_string_unbase64; + k5_json_string_utf8; + k5_os_mutex_init; + k5_os_mutex_destroy; + k5_os_mutex_lock; + k5_os_mutex_unlock; + k5_once; + k5_path_isabs; + k5_path_join; + k5_path_split; + k5_siphash24; + k5_strerror_r; + k5_utf8_to_utf16le; + k5_utf16le_to_utf8; + k5_dir_filenames; + k5_free_filenames; + krb5int_key_register; + krb5int_key_delete; + krb5int_getspecific; + krb5int_setspecific; + krb5int_getaddrinfo; + krb5int_freeaddrinfo; + krb5int_gai_strerror; + krb5int_getnameinfo; + krb5int_in6addr_any; + krb5int_pthread_loaded; + krb5int_open_plugin; + krb5int_close_plugin; + krb5int_get_plugin_data; + krb5int_get_plugin_func; + krb5int_open_plugin_dirs; + krb5int_close_plugin_dirs; + krb5int_get_plugin_dir_data; + krb5int_get_plugin_dir_func; + krb5int_free_plugin_dir_data; + krb5int_free_plugin_dir_func; + krb5int_mutex_alloc; + krb5int_mutex_free; + krb5int_mutex_lock; + krb5int_mutex_unlock; + krb5int_gmt_mktime; + krb5int_ucs4_to_utf8; + krb5int_utf8_to_ucs4; + krb5int_utf8_lentab; + krb5int_utf8_mintab; + krb5int_zap; +}; diff --git a/krb5/util/verto/Makefile b/krb5/util/verto/Makefile index 57367e5284e0..18faddb3a09e 100644 --- a/krb5/util/verto/Makefile +++ b/krb5/util/verto/Makefile @@ -15,6 +15,7 @@ PACKAGE= krb5 LIB= verto # SHLIB_MAJOR= 0 +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/util/verto diff --git a/krb5/util/verto/libverto.exports b/krb5/util/verto/libverto.exports new file mode 100644 index 000000000000..3745d5014653 --- /dev/null +++ b/krb5/util/verto/libverto.exports @@ -0,0 +1,33 @@ +verto_add_child +verto_add_idle +verto_add_io +verto_add_signal +verto_add_timeout +verto_break +verto_cleanup +verto_convert_module +verto_default +verto_del +verto_fire +verto_free +verto_get_ctx +verto_get_fd +verto_get_fd_state +verto_get_flags +verto_get_interval +verto_get_private +verto_get_proc +verto_get_proc_status +verto_get_signal +verto_get_supported_types +verto_get_type +verto_new +verto_reinitialize +verto_run +verto_run_once +verto_set_allocator +verto_set_default +verto_set_fd_state +verto_set_flags +verto_set_private +verto_set_proc_status diff --git a/krb5/util/verto/version.map b/krb5/util/verto/version.map new file mode 100644 index 000000000000..5fc734e25d3a --- /dev/null +++ b/krb5/util/verto/version.map @@ -0,0 +1,36 @@ +KRB5_VERTO_1.0 { + global: + verto_add_child; + verto_add_idle; + verto_add_io; + verto_add_signal; + verto_add_timeout; + verto_break; + verto_cleanup; + verto_convert_module; + verto_default; + verto_del; + verto_fire; + verto_free; + verto_get_ctx; + verto_get_fd; + verto_get_fd_state; + verto_get_flags; + verto_get_interval; + verto_get_private; + verto_get_proc; + verto_get_proc_status; + verto_get_signal; + verto_get_supported_types; + verto_get_type; + verto_new; + verto_reinitialize; + verto_run; + verto_run_once; + verto_set_allocator; + verto_set_default; + verto_set_fd_state; + verto_set_flags; + verto_set_private; + verto_set_proc_status; +}; diff --git a/lib/libc/string/memchr.3 b/lib/libc/string/memchr.3 index f5d1fe5d5c7f..65617a117371 100644 --- a/lib/libc/string/memchr.3 +++ b/lib/libc/string/memchr.3 @@ -52,7 +52,10 @@ locates the first occurrence of (converted to an .Vt "unsigned char" ) in string -.Fa b . +.Fa b , +limited to at most +.Fa len +characters. .Pp The .Fn memrchr @@ -61,15 +64,18 @@ function behaves like except that it locates the last occurrence of .Fa c in string -.Fa b . +.Fa b , +limited to the first +.Fa len +characters. .Sh RETURN VALUES The .Fn memchr and .Fn memrchr -functions -return a pointer to the byte located, -or NULL if no such byte exists within +functions return a pointer to the byte located, or +.Dv NULL +if no such byte exists within .Fa len bytes. .Sh SEE ALSO diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index e4123fe02211..d8e60075e103 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -3348,6 +3348,11 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct pfr_table *filter, return (e.error); } +static struct snl_attr_parser ap_clr_addrs[] = { + { .type = PF_T_NBR_DELETED, .off = 0, .cb = snl_attr_get_uint64 }, +}; +SNL_DECLARE_PARSER(clr_addrs_parser, struct genlmsghdr, snl_f_p_empty, ap_clr_addrs); + int pfctl_clear_addrs(struct pfctl_handle *h, const struct pfr_table *filter, int *ndel, int flags) @@ -3380,7 +3385,7 @@ pfctl_clear_addrs(struct pfctl_handle *h, const struct pfr_table *filter, return (ENXIO); while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { - if (!snl_parse_nlmsg(&h->ss, hdr, &tstats_clr_parser, &del)) + if (!snl_parse_nlmsg(&h->ss, hdr, &clr_addrs_parser, &del)) continue; if (ndel) *ndel = (uint32_t)del; diff --git a/release/tools/oci-image-static.conf b/release/tools/oci-image-static.conf index 753a03af653b..8e642d9defce 100644 --- a/release/tools/oci-image-static.conf +++ b/release/tools/oci-image-static.conf @@ -14,7 +14,7 @@ oci_image_build() { mtree -deU -p $m/usr -f ${srcdir}/etc/mtree/BSD.usr.dist > /dev/null mtree -deU -p $m/usr/include -f ${srcdir}/etc/mtree/BSD.include.dist > /dev/null mtree -deU -p $m/usr/lib -f ${srcdir}/etc/mtree/BSD.debug.dist > /dev/null - install_packages ${abi} ${workdir} FreeBSD-caroot FreeBSD-zoneinfo + install_packages ${abi} ${workdir} FreeBSD-zoneinfo cp ${srcdir}/etc/master.passwd $m/etc pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $? cp ${srcdir}/etc/group $m/etc || return $? @@ -22,7 +22,10 @@ oci_image_build() { # working directory to OBJDIR/release cp ../etc/termcap/termcap.small $m/etc/termcap.small || return $? cp ../etc/termcap/termcap.small $m/usr/share/misc/termcap || return $? - env DESTDIR=$m /usr/sbin/certctl rehash + env DESTDIR=$m \ + TRUSTPATH=${srcdir}/secure/caroot/trusted \ + UNTRUSTPATH=${srcdir}/secure/caroot/untrusted \ + certctl -c rehash # Generate a suitable repo config for pkgbase case ${branch} in CURRENT|STABLE|BETA*) diff --git a/sbin/devd/devd.cc b/sbin/devd/devd.cc index 6705dcc0158e..1ff405244cde 100644 --- a/sbin/devd/devd.cc +++ b/sbin/devd/devd.cc @@ -1111,6 +1111,14 @@ event_loop(void) err(1, "select"); } else if (rv == 0) check_clients(); + /* + * Aside from the socket type, both sockets use the same + * protocol, so we can process clients the same way. + */ + if (FD_ISSET(stream_fd, &fds)) + new_client(stream_fd, SOCK_STREAM); + if (FD_ISSET(seqpacket_fd, &fds)) + new_client(seqpacket_fd, SOCK_SEQPACKET); if (FD_ISSET(fd, &fds)) { rv = read(fd, buffer, sizeof(buffer) - 1); if (rv > 0) { @@ -1139,14 +1147,6 @@ event_loop(void) break; } } - if (FD_ISSET(stream_fd, &fds)) - new_client(stream_fd, SOCK_STREAM); - /* - * Aside from the socket type, both sockets use the same - * protocol, so we can process clients the same way. - */ - if (FD_ISSET(seqpacket_fd, &fds)) - new_client(seqpacket_fd, SOCK_SEQPACKET); } cfg.remove_pidfile(); close(seqpacket_fd); diff --git a/sbin/recoverdisk/recoverdisk.1 b/sbin/recoverdisk/recoverdisk.1 index 2999ac6ec409..9f1deb4c0c23 100644 --- a/sbin/recoverdisk/recoverdisk.1 +++ b/sbin/recoverdisk/recoverdisk.1 @@ -27,7 +27,7 @@ .Os .Sh NAME .Nm recoverdisk -.Nd recover data from hard disk or optical media +.Nd recover data from disk-like devices. .Sh SYNOPSIS .Nm .Op Fl b Ar bigsize @@ -41,79 +41,101 @@ .Sh DESCRIPTION The .Nm -utility reads data from the +utility reads all data from the .Ar source -file until all blocks could be successfully read. +and retries read operations until they succeed. If .Ar destination -was specified all data is being written to that file. -It starts reading in multiples of the sector size. -Whenever a block fails, it is put to the end of the working queue and will be -read again, possibly with a smaller read size. +is specified all data read be written there. .Pp -By default it uses block sizes of roughly 1 MB, 32kB, and the native -sector size (usually 512 bytes). -These figures are adjusted slightly, for devices whose sectorsize is not a -power of 2, e.g., audio CDs with a sector size of 2352 bytes. +The internal work-list can be saved and loaded so that +.Nm +sessions can be resumed, for instance when a marginal +source hard-disk shuts down. +.Pp +The work-list is initialized with a single item which covers the entire +.Ar source +and +.Nm +always chips away at the first item on the work-list. + +When a read succeeds, that part of the current chunk is eliminated +from the work-list. + +When a read fails, that part of the item is appended to the worklist +as a separate item, and will be retried in due order. +If +.Ar destination +is specified, the corresponding range is filled with '_UNREAD_'. +.Pp +The first pass attempts to read everything in "big-size" chunks, +the second pass reads in "medium-size" chunks and third and subsequent +passes read in "small-size" chunks. This three stage process is +an attempt to optimize the case where only a few bad blocks exist +on +.Ar source . +If too many read-errors are encountered, +.Nm +will fall back to smaller sizes sooner. +.Pp +The three sizes default to 128kB (or less if the sector size does +not divide 128kB cleanly, for instance audio CD media), and the +reported +.Dv DIOCGSTRIPESIZE +and +.Dv DIOCGSECTORSIZE +respectively. .Pp The options are as follows: .Bl -tag -width indent .It Fl b Ar bigsize -The size of reads attempted first. -The middle pass is roughly the logarithmic average of the bigsize and -the sectorsize. -.It Fl r Ar readlist -Read the list of blocks and block sizes to read from the specified file. -.It Fl s Ar interval -How often we should update the writelist file while things go OK. -The default is 60 and the unit is "progress messages" so if things -go well, this is the same as once per minute. +The size of reads attempted in first pass. +.It Fl m Ar mediumsize +The size of reads attempted in second pass. +.It Fl s Ar smallsize +The size of reads attempted in third and subsequent passes. +.It Fl r Ar work-list-file +Read the work-list from a file. +.It Fl w Ar work-list-file +Write the work-list to a file when a read succeed, but at most once +every minute. +.It Fl l Ar log-file +Each successful read is logged with timestamp, offset and length. +.It Fl t Ar totalsize +How many bytes should be recovered. The default is what +.Dv DIOCGMEDIASIZE +reports for character and block devices or +.Dv st_size +if +.Ar source +is a regular file. +.It Fl p Ar pause +.Xr sleep 3 +this long whenever a read fails. This makes the +.Ar source +device look less sick to the operating system. .It Fl u Ar pattern -By default blocks which encounter read errors will be filled with -the pattern +By default blocks which cannot be read are filled with the pattern .Ql _UNREAD_ -in the output file. -This option can be -used to specify another pattern. -Nothing gets written if the string is empty. +in the output file. This option can be used to specify a different +pattern. If the pattern is the empty string, nothing is written. .It Fl v -Enables nicer status report using ANSI escapes and UTF-8. -.It Fl w Ar writelist -Write the list of remaining blocks to read to the specified file if -.Nm -is aborted via -.Dv SIGINT . +Produce a detailed progress report with ANSI escapes and UTF-8. .El .Pp -The -.Fl r -and -.Fl w -options can be specified together. -Especially, they can point to the same file, which will be updated on abort. -.Sh OUTPUT -The .Nm -utility -prints several columns, detailing the progress -.Bl -tag -width remaining -.It Va start -Starting offset of the current block. -.It Va size -Read size of the current block. -.It Va len -Length of the current block. -.It Va state -Is increased for every failed read. -.It Va done -Number of bytes already read. -.It Va remaining -Number of bytes remaining. -.It Va "% done" -Percent complete. -.El +can be aborted with +.Dv SIGINT , +but with a sick +.Ar source +it may take up to several minutes before the current read operation +returns from the kernel. +.Pp .Sh EXAMPLES .Bd -literal +# check if all sectors can be read on a USB stick: +recoverdisk /dev/da0 + # recover data from failing hard drive ada3 recoverdisk /dev/ada3 /data/disk.img @@ -129,10 +151,72 @@ recoverdisk -r worklist -w worklist /dev/cd0 /data/cd.iso # recover a single file from the unreadable media recoverdisk /cdrom/file.avi file.avi -# If the disk hangs the system on read-errors try: -recoverdisk -b 0 /dev/ada3 /somewhere - .Ed +.Sh PRACTICAL ADVICE +In Datamuseum.dk +.Nm +has been used to recover all sorts of data-media for two decades, +here are some things we have learned: +.Bl -bullet +.It +Interacting with failing hardware has a tendency to crash machines, +so it is always a good idea to use the +.Fl -w work-list-file +so that it is possible to continue. +.It +When attempting to recover hard to read data from failing hard disks, +it pays to pamper the drive as much as possible: +.It +It is generally best to keep the drive in it's usual physical orientation, +but it can also help to try other orientations. +.It +Insulate the drive from external vibrations. +.It +Keep the drive cool with a fan. +.It +If possible, power the drive from a laboratory power supply. +.It +Do not loose patience: Let +.Nm +run as long as possible. +.It +(S)ATA controllers do not handle failing disks well, if this +is a problem, use a USB-(S)ATA adapter instead. +.It +The +.Nm +source code is deliberately written to be easily portable to +older versions of +.Fx +and to other operating systems. +.It +If you need to read ST-506, RLL or ESDI drives +.Fx 3.5.1 +is a good compromise. +.It +Sometimes forcing the disk to step between reads helps. +Since +.Nm +process the work-list in the order it is read, this +can be accomplished by sorting the work-list with +something like: +.Dl % sort +0.5 +.It +By default the +.Xr CAM +layer will retry failing read operations, but that +will get stuck on the bad sectors for long time +and delay recovering what actually can be read from +a rapidly failing drive. +In that situation, set the appropriate +.Dl kern.cam.*.retry_count +sysctl to zero. +.It +For floppies and un-zoned hard disks (ST-506 to +early IDE) set +.Fl b Ar bigsize +to the size of a track. +.El .Sh SEE ALSO .Xr dd 1 , .Xr ada 4 , @@ -143,7 +227,8 @@ recoverdisk -b 0 /dev/ada3 /somewhere The .Nm utility first appeared in -.Fx 7.0 . +.Fx 7.0 +because Somebodyâ„¢ forgot to make a backup copy. .Sh AUTHORS .An -nosplit The original implementation was done by @@ -151,34 +236,29 @@ The original implementation was done by with minor improvements from .An Ulrich Sp\(:orlein Aq Mt uqs@FreeBSD.org . .Pp -This manual page was written by +This manual page was originally written by .An Ulrich Sp\(:orlein . .Sh BUGS -Reading from media where the sectorsize is not a power of 2 will make all -1 MB reads fail. -This is due to the DMA reads being split up into blocks of at most 128kB. -These reads then fail if the sectorsize is not a divisor of 128kB. -When reading a full raw audio CD, this leads to roughly 700 error messages -flying by. -This is harmless and can be avoided by setting -.Fl b -to no more than 128kB. +If a failing device causes the machine to crash, there is +a risk that a chunk might have been successfully read +and removed from the work-list, but not yet flushed to +the +.Ar destination . .Pp .Nm -needs to know about read errors as fast as possible, i.e., retries by lower -layers will usually slow down the operation. -When using -.Xr cam 4 -attached drives, you may want to set kern.cam.XX.retry_count to zero, e.g.: -.Bd -literal -# sysctl kern.cam.ada.retry_count=0 -# sysctl kern.cam.cd.retry_count=0 -# sysctl kern.cam.da.retry_count=0 -.Ed -.\".Pp -.\"When reading from optical media, a bug in the GEOM framework will -.\"prevent it from seeing that the media has been removed. -.\"The device can still be opened, but all reads will fail. -.\"This is usually harmless, but will send -.\".Nm -.\"into an infinite loop. +calls +.Xr fdatasync 3 +on the destination before writing the work-list to a +temporary file, and calls it again on the temporary +file before renaming it to the specified +.Fl w Ar work-file-list +filename. +But even then things dont always work out. +.Pp +.Nm +should have an option for reconstructing the work-list +from the +.Ar destination +by enumerating the +.Fl u Ar pattern +filled ranges. diff --git a/sbin/recoverdisk/recoverdisk.c b/sbin/recoverdisk/recoverdisk.c index 446266c36d50..e1b283e54a93 100644 --- a/sbin/recoverdisk/recoverdisk.c +++ b/sbin/recoverdisk/recoverdisk.c @@ -8,6 +8,7 @@ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- */ + #include <sys/param.h> #include <sys/queue.h> #include <sys/disk.h> @@ -27,18 +28,10 @@ #include <time.h> #include <unistd.h> -/* Safe printf into a fixed-size buffer */ -#define bprintf(buf, fmt, ...) \ - do { \ - int ibprintf; \ - ibprintf = snprintf(buf, sizeof buf, fmt, __VA_ARGS__); \ - assert(ibprintf >= 0 && ibprintf < (int)sizeof buf); \ - } while (0) - struct lump { - off_t start; - off_t len; - int state; + uint64_t start; + uint64_t len; + unsigned pass; TAILQ_ENTRY(lump) list; }; @@ -46,25 +39,32 @@ struct period { time_t t0; time_t t1; char str[20]; - off_t bytes_read; + uint64_t bytes_read; TAILQ_ENTRY(period) list; }; TAILQ_HEAD(period_head, period); static volatile sig_atomic_t aborting = 0; static int verbose = 0; -static size_t bigsize = 1024 * 1024; -static size_t medsize; -static size_t minsize = 512; -static off_t tot_size; -static off_t done_size; +static uint64_t big_read; +static uint64_t medium_read; +static uint64_t small_read; +static uint64_t total_size; +static uint64_t done_size; static char *input; -static char *wworklist = NULL; -static char *rworklist = NULL; +static char *write_worklist_file = NULL; +static char *read_worklist_file = NULL; static const char *unreadable_pattern = "_UNREAD_"; -static const int write_errors_are_fatal = 1; -static int fdr, fdw; - +static int write_errors_are_fatal = 1; +static int read_fd, write_fd; +static FILE *log_file = NULL; +static char *work_buf; +static char *pattern_buf; +static double error_pause; + +static unsigned nlumps; +static double n_reads, n_good_reads; +static time_t t_first; static TAILQ_HEAD(, lump) lumps = TAILQ_HEAD_INITIALIZER(lumps); static struct period_head minute = TAILQ_HEAD_INITIALIZER(minute); static struct period_head quarter = TAILQ_HEAD_INITIALIZER(quarter); @@ -74,7 +74,8 @@ static struct period_head day = TAILQ_HEAD_INITIALIZER(quarter); /**********************************************************************/ static void -report_good_read2(time_t now, size_t bytes, struct period_head *ph, time_t dt) +account_good_read_period(time_t now, uint64_t bytes, + struct period_head *ph, time_t dt) { struct period *pp; const char *fmt; @@ -82,7 +83,7 @@ report_good_read2(time_t now, size_t bytes, struct period_head *ph, time_t dt) pp = TAILQ_FIRST(ph); if (pp == NULL || pp->t1 < now) { - pp = calloc(1, sizeof(*pp)); + pp = calloc(1UL, sizeof(*pp)); assert(pp != NULL); pp->t0 = (now / dt) * dt; pp->t1 = (now / dt + 1) * dt; @@ -98,13 +99,13 @@ report_good_read2(time_t now, size_t bytes, struct period_head *ph, time_t dt) } static void -report_good_read(time_t now, size_t bytes) +account_good_read(time_t now, uint64_t bytes) { - report_good_read2(now, bytes, &minute, 60L); - report_good_read2(now, bytes, &quarter, 900L); - report_good_read2(now, bytes, &hour, 3600L); - report_good_read2(now, bytes, &day, 86400L); + account_good_read_period(now, bytes, &minute, 60L); + account_good_read_period(now, bytes, &quarter, 900L); + account_good_read_period(now, bytes, &hour, 3600L); + account_good_read_period(now, bytes, &day, 86400L); } static void @@ -114,20 +115,18 @@ report_one_period(const char *period, struct period_head *ph) int n; n = 0; - printf("%s \xe2\x94\x82", period); + printf("%s ", period); TAILQ_FOREACH(pp, ph, list) { - if (n == 3) { + if (++n == 4) { TAILQ_REMOVE(ph, pp, list); free(pp); break; } - if (n++) - printf(" \xe2\x94\x82"); - printf(" %s %14jd", pp->str, pp->bytes_read); + printf("\xe2\x94\x82 %s %14ju ", + pp->str, (uintmax_t)pp->bytes_read); } for (; n < 3; n++) { - printf(" \xe2\x94\x82"); - printf(" %5s %14s", "", ""); + printf("\xe2\x94\x82 %5s %14s ", "", ""); } printf("\x1b[K\n"); } @@ -146,27 +145,23 @@ report_periods(void) static void set_verbose(void) { - struct winsize wsz; - if (!isatty(STDIN_FILENO) || ioctl(STDIN_FILENO, TIOCGWINSZ, &wsz)) - return; verbose = 1; } static void -report_header(int eol) +report_header(const char *term) { - printf("%13s %7s %13s %5s %13s %13s %9s", + printf("%13s %7s %13s %5s %13s %13s %9s%s", "start", "size", "block-len", "pass", "done", "remaining", - "% done"); - if (eol) - printf("\x1b[K"); - putchar('\n'); + "% done", + term + ); } #define REPORTWID 79 @@ -186,20 +181,20 @@ report_hline(const char *how) printf("\x1b[K\n"); } -static off_t hist[REPORTWID]; -static off_t last_done = -1; +static uint64_t hist[REPORTWID]; +static uint64_t prev_done = ~0UL; static void -report_histogram(const struct lump *lp) +report_histogram(uint64_t start) { - off_t j, bucket, fp, fe, k, now; + uint64_t j, bucket, fp, fe, k, now; double a; struct lump *lp2; - bucket = tot_size / REPORTWID; - if (tot_size > bucket * REPORTWID) + bucket = total_size / REPORTWID; + if (total_size > bucket * REPORTWID) bucket += 1; - if (done_size != last_done) { + if (done_size != prev_done) { memset(hist, 0, sizeof hist); TAILQ_FOREACH(lp2, &lumps, list) { fp = lp2->start; @@ -213,9 +208,9 @@ report_histogram(const struct lump *lp) fp += k; } } - last_done = done_size; + prev_done = done_size; } - now = lp->start / bucket; + now = start / bucket; for (j = 0; j < REPORTWID; j++) { a = round(8 * (double)hist[j] / bucket); assert (a >= 0 && a < 9); @@ -228,7 +223,7 @@ report_histogram(const struct lump *lp) } else { putchar(0xe2); putchar(0x96); - putchar(0x80 + (int)a); + putchar(0x80 + (char)a); } if (j == now) printf("\x1b[0m"); @@ -237,34 +232,40 @@ report_histogram(const struct lump *lp) } static void -report(const struct lump *lp, size_t sz) +report(uint64_t sz) { struct winsize wsz; + const struct lump *lp = TAILQ_FIRST(&lumps); int j; - - assert(lp != NULL); + unsigned pass = 0; + uintmax_t start = 0, length = 0; + time_t t_now = time(NULL); + + if (lp != NULL) { + pass = lp->pass; + start = lp->start; + length = lp->len; + } if (verbose) { printf("\x1b[H%s\x1b[K\n", input); - report_header(1); - } else { - putchar('\r'); + report_header("\x1b[K\n"); } - printf("%13jd %7zu %13jd %5d %13jd %13jd %9.4f", - (intmax_t)lp->start, - sz, - (intmax_t)lp->len, - lp->state, - (intmax_t)done_size, - (intmax_t)(tot_size - done_size), - 100*(double)done_size/(double)tot_size + printf("%13ju %7ju %13ju %5u %13ju %13ju %9.4f", + start, + (uintmax_t)sz, + length, + pass, + (uintmax_t)done_size, + (uintmax_t)(total_size - done_size), + 100*(double)done_size/(double)total_size ); if (verbose) { printf("\x1b[K\n"); report_hline(NULL); - report_histogram(lp); + report_histogram(start); if (TAILQ_EMPTY(&minute)) { report_hline(NULL); } else { @@ -272,27 +273,36 @@ report(const struct lump *lp, size_t sz) report_periods(); report_hline("\xe2\x94\xb4"); } + printf("Missing: %u", nlumps); + printf(" Success: %.0f/%.0f =", n_good_reads, n_reads); + printf(" %.4f%%", 100 * n_good_reads / n_reads); + printf(" Duration: %.3fs", (t_now - t_first) / n_reads); + printf("\x1b[K\n"); + report_hline(NULL); j = ioctl(STDIN_FILENO, TIOCGWINSZ, &wsz); if (!j) printf("\x1b[%d;1H", wsz.ws_row); + } else { + printf("\n"); } - fflush(stdout); } /**********************************************************************/ static void -new_lump(off_t start, off_t len, int state) +new_lump(uint64_t start, uint64_t len, unsigned pass) { struct lump *lp; + assert(len > 0); lp = malloc(sizeof *lp); if (lp == NULL) err(1, "Malloc failed"); lp->start = start; lp->len = len; - lp->state = state; + lp->pass = pass; TAILQ_INSERT_TAIL(&lumps, lp, list); + nlumps += 1; } /********************************************************************** @@ -306,98 +316,100 @@ save_worklist(void) struct lump *llp; char buf[PATH_MAX]; - if (fdw >= 0 && fdatasync(fdw)) + if (write_fd >= 0 && fdatasync(write_fd)) err(1, "Write error, probably disk full"); - if (wworklist != NULL) { - bprintf(buf, "%s.tmp", wworklist); - (void)fprintf(stderr, "\nSaving worklist ..."); - (void)fflush(stderr); + if (write_worklist_file != NULL) { + snprintf(buf, sizeof(buf), "%s.tmp", write_worklist_file); + fprintf(stderr, "\nSaving worklist ..."); file = fopen(buf, "w"); if (file == NULL) err(1, "Error opening file %s", buf); - TAILQ_FOREACH(llp, &lumps, list) - fprintf(file, "%jd %jd %d\n", - (intmax_t)llp->start, (intmax_t)llp->len, - llp->state); - (void)fflush(file); + TAILQ_FOREACH(llp, &lumps, list) { + assert (llp->len > 0); + fprintf(file, "%ju %ju %u\n", + (uintmax_t)llp->start, + (uintmax_t)llp->len, + llp->pass); + } + fflush(file); if (ferror(file) || fdatasync(fileno(file)) || fclose(file)) err(1, "Error writing file %s", buf); - if (rename(buf, wworklist)) - err(1, "Error renaming %s to %s", buf, wworklist); - (void)fprintf(stderr, " done.\n"); + if (rename(buf, write_worklist_file)) + err(1, "Error renaming %s to %s", + buf, write_worklist_file); + fprintf(stderr, " done.\n"); } } /* Read the worklist if -r was given */ -static off_t -read_worklist(off_t t) +static uint64_t +read_worklist(void) { - off_t s, l, d; - int state, lines; + uintmax_t start, length; + uint64_t missing = 0; + unsigned pass, lines; FILE *file; - (void)fprintf(stderr, "Reading worklist ..."); - (void)fflush(stderr); - file = fopen(rworklist, "r"); + fprintf(stderr, "Reading worklist ..."); + file = fopen(read_worklist_file, "r"); if (file == NULL) - err(1, "Error opening file %s", rworklist); + err(1, "Error opening file %s", read_worklist_file); lines = 0; - d = t; for (;;) { ++lines; - if (3 != fscanf(file, "%jd %jd %d\n", &s, &l, &state)) { + if (3 != fscanf(file, "%ju %ju %u\n", &start, &length, &pass)) { if (!feof(file)) - err(1, "Error parsing file %s at line %d", - rworklist, lines); + err(1, "Error parsing file %s at line %u", + read_worklist_file, lines); else break; } - new_lump(s, l, state); - d -= l; + if (length > 0) { + new_lump(start, length, pass); + missing += length; + } } if (fclose(file)) - err(1, "Error closing file %s", rworklist); - (void)fprintf(stderr, " done.\n"); + err(1, "Error closing file %s", read_worklist_file); + fprintf(stderr, " done.\n"); /* - * Return the number of bytes already read - * (at least not in worklist). + * Return the number of bytes outstanding */ - return (d); + return (missing); } /**********************************************************************/ static void -write_buf(int fd, const void *buf, ssize_t len, off_t where) +write_buf(int fd, const void *buf, uint64_t length, uint64_t where) { - ssize_t i; + int64_t i; - i = pwrite(fd, buf, len, where); - if (i == len) + i = pwrite(fd, buf, length, (off_t)where); + if (i > 0 && (uint64_t)i == length) return; - printf("\nWrite error at %jd/%zu\n\t%s\n", - where, i, strerror(errno)); + printf("\nWrite error at %ju/%ju: %jd (%s)\n", + (uintmax_t)where, + (uintmax_t)length, + (intmax_t)i, strerror(errno)); save_worklist(); if (write_errors_are_fatal) exit(3); } static void -fill_buf(char *buf, ssize_t len, const char *pattern) +fill_buf(char *buf, int64_t len, const char *pattern) { - ssize_t sz = strlen(pattern); - ssize_t i, j; + int64_t sz = strlen(pattern); + int64_t i; for (i = 0; i < len; i += sz) { - j = len - i; - if (j > sz) - j = sz; - memcpy(buf + i, pattern, j); + memcpy(buf + i, pattern, MIN(len - i, sz)); } } @@ -406,45 +418,334 @@ fill_buf(char *buf, ssize_t len, const char *pattern) static void usage(void) { - (void)fprintf(stderr, "usage: recoverdisk [-b bigsize] [-r readlist] " + fprintf(stderr, "usage: recoverdisk [-b big_read] [-r readlist] " "[-s interval] [-w writelist] source [destination]\n"); /* XXX update */ exit(1); } static void -sighandler(__unused int sig) +sighandler(int sig) { + (void)sig; aborting = 1; } +/**********************************************************************/ + +static int64_t +attempt_one_lump(time_t t_now) +{ + struct lump *lp; + uint64_t sz; + int64_t retval; + int error; + + lp = TAILQ_FIRST(&lumps); + if (lp == NULL) + return(0); + + if (lp->pass == 0) { + sz = MIN(lp->len, big_read); + } else if (lp->pass == 1) { + sz = MIN(lp->len, medium_read); + } else { + sz = MIN(lp->len, small_read); + } + + assert(sz != 0); + + n_reads += 1; + retval = pread(read_fd, work_buf, sz, lp->start); + +#if 0 /* enable this when testing */ + if (!(random() & 0xf)) { + retval = -1; + errno = EIO; + usleep(20000); + } else { + usleep(2000); + } +#endif + + error = errno; + if (retval > 0) { + n_good_reads += 1; + sz = retval; + done_size += sz; + if (write_fd >= 0) { + write_buf(write_fd, work_buf, sz, lp->start); + } + if (log_file != NULL) { + fprintf(log_file, "%jd %ju %ju\n", + (intmax_t)t_now, + (uintmax_t)lp->start, + (uintmax_t)sz + ); + fflush(log_file); + } + } else { + printf("%14ju %7ju read error %d: (%s)", + (uintmax_t)lp->start, + (uintmax_t)sz, error, strerror(error)); + if (error_pause > 1) { + printf(" (Pausing %g s)", error_pause); + } + printf("\n"); + + if (write_fd >= 0 && pattern_buf != NULL) { + write_buf(write_fd, pattern_buf, sz, lp->start); + } + new_lump(lp->start, sz, lp->pass + 1); + retval = -sz; + } + lp->start += sz; + lp->len -= sz; + if (lp->len == 0) { + TAILQ_REMOVE(&lumps, lp, list); + nlumps -= 1; + free(lp); + } + errno = error; + return (retval); +} + + +/**********************************************************************/ + +static void +determine_total_size(void) +{ + struct stat sb; + int error; + + if (total_size != 0) + return; + + error = fstat(read_fd, &sb); + if (error < 0) + err(1, "fstat failed"); + + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { +#ifdef DIOCGMEDIASIZE + off_t mediasize; + error = ioctl(read_fd, DIOCGMEDIASIZE, &mediasize); + if (error == 0 && mediasize > 0) { + total_size = mediasize; + printf("# Got total_size from DIOCGMEDIASIZE: %ju\n", + (uintmax_t)total_size); + return; + } +#endif + } else if (S_ISREG(sb.st_mode) && sb.st_size > 0) { + total_size = sb.st_size; + printf("# Got total_size from stat(2): %ju\n", + (uintmax_t)total_size); + return; + } else { + errx(1, "Input must be device or regular file"); + } + fprintf(stderr, "Specify total size with -t option\n"); + exit(1); +} + +static void +determine_read_sizes(void) +{ + int error; + u_int sectorsize; + off_t stripesize; + + determine_total_size(); + +#ifdef DIOCGSECTORSIZE + if (small_read == 0) { + error = ioctl(read_fd, DIOCGSECTORSIZE, §orsize); + if (error >= 0 && sectorsize > 0) { + small_read = sectorsize; + printf("# Got small_read from DIOCGSECTORSIZE: %ju\n", + (uintmax_t)small_read + ); + } + } +#endif + + if (small_read == 0) { + printf("Assuming 512 for small_read\n"); + small_read = 512; + } + + if (medium_read && (medium_read % small_read)) { + errx(1, + "medium_read (%ju) is not a multiple of small_read (%ju)\n", + (uintmax_t)medium_read, (uintmax_t)small_read + ); + } + + if (big_read != 0 && (big_read % small_read)) { + errx(1, + "big_read (%ju) is not a multiple of small_read (%ju)\n", + (uintmax_t)big_read, (uintmax_t)small_read + ); + } + +#ifdef DIOCGSTRIPESIZE + if (medium_read == 0) { + error = ioctl(read_fd, DIOCGSTRIPESIZE, &stripesize); + if (error < 0 || stripesize < 0) { + // nope + } else if ((uint64_t)stripesize < small_read) { + // nope + } else if (stripesize % small_read) { + // nope + } else if (0 < stripesize && stripesize < (128<<10)) { + medium_read = stripesize; + printf("# Got medium_read from DIOCGSTRIPESIZE: %ju\n", + (uintmax_t)medium_read + ); + } + } +#endif +#if defined(DIOCGFWSECTORS) && defined(DIOCGFWHEADS) + if (medium_read == 0) { + u_int fwsectors = 0, fwheads = 0; + error = ioctl(read_fd, DIOCGFWSECTORS, &fwsectors); + if (error) + fwsectors = 0; + error = ioctl(read_fd, DIOCGFWHEADS, &fwheads); + if (error) + fwheads = 0; + if (fwsectors && fwheads) { + medium_read = fwsectors * fwheads * small_read; + printf( + "# Got medium_read from DIOCGFW{SECTORS,HEADS}: %ju\n", + (uintmax_t)medium_read + ); + } + } +#endif + + if (big_read == 0 && medium_read != 0) { + if (medium_read > (64<<10)) { + big_read = medium_read; + } else { + big_read = 128 << 10; + big_read -= big_read % medium_read; + } + printf("# Got big_read from medium_read: %ju\n", + (uintmax_t)big_read + ); + } + + if (big_read == 0) { + big_read = 128 << 10; + printf("# Defaulting big_read to %ju\n", + (uintmax_t)big_read + ); + } + + if (medium_read == 0) { + /* + * We do not want to go directly to single sectors, but + * we also dont want to waste time doing multi-sector + * reads with high failure probability. + */ + uint64_t h = big_read; + uint64_t l = small_read; + while (h > l) { + h >>= 2; + l <<= 1; + } + medium_read = h; + printf("# Got medium_read from small_read & big_read: %ju\n", + (uintmax_t)medium_read + ); + } + fprintf(stderr, + "# Bigsize = %ju, medium_read = %ju, small_read = %ju\n", + (uintmax_t)big_read, (uintmax_t)medium_read, (uintmax_t)small_read); + +} + + +/**********************************************************************/ + +static void +monitor_read_sizes(uint64_t failed_size) +{ + + if (failed_size == big_read && medium_read != small_read) { + if (n_reads < n_good_reads + 3) + return; + fprintf( + stderr, + "Too many failures for big reads." + " (%.0f bad of %.0f)" + " Shifting to medium_reads.\n", + n_reads - n_good_reads, n_reads + ); + big_read = medium_read; + medium_read = small_read; + return; + } + + if (failed_size > small_read) { + if (n_reads < n_good_reads + 100) + return; + fprintf( + stderr, + "Too many failures." + " (%.0f bad of %.0f)" + " Shifting to small_reads.\n", + n_reads - n_good_reads, n_reads + ); + big_read = small_read; + medium_read = small_read; + return; + } +} + +/**********************************************************************/ + int main(int argc, char * const argv[]) { int ch; - size_t sz, j; + int64_t sz; int error; - char *buf; - u_int sectorsize; - off_t stripesize; - time_t t1, t2; - struct stat sb; - u_int n, snapshot = 60; - static struct lump *lp; + time_t t_now, t_report, t_save; + unsigned snapshot = 60, unsaved; + setbuf(stdout, NULL); + setbuf(stderr, NULL); - while ((ch = getopt(argc, argv, "b:r:w:s:u:v")) != -1) { + while ((ch = getopt(argc, argv, "b:l:p:m:r:w:s:t:u:v")) != -1) { switch (ch) { case 'b': - bigsize = strtoul(optarg, NULL, 0); + big_read = strtoul(optarg, NULL, 0); + break; + case 'l': + log_file = fopen(optarg, "a"); + if (log_file == NULL) { + err(1, "Could not open logfile for append"); + } + break; + case 'p': + error_pause = strtod(optarg, NULL); + break; + case 'm': + medium_read = strtoul(optarg, NULL, 0); break; case 'r': - rworklist = strdup(optarg); - if (rworklist == NULL) + read_worklist_file = strdup(optarg); + if (read_worklist_file == NULL) err(1, "Cannot allocate enough memory"); break; case 's': - snapshot = strtoul(optarg, NULL, 0); + small_read = strtoul(optarg, NULL, 0); + break; + case 't': + total_size = strtoul(optarg, NULL, 0); break; case 'u': unreadable_pattern = optarg; @@ -453,8 +754,8 @@ main(int argc, char * const argv[]) set_verbose(); break; case 'w': - wworklist = strdup(optarg); - if (wworklist == NULL) + write_worklist_file = strdup(optarg); + if (write_worklist_file == NULL) err(1, "Cannot allocate enough memory"); break; default: @@ -469,149 +770,106 @@ main(int argc, char * const argv[]) usage(); input = argv[0]; - fdr = open(argv[0], O_RDONLY); - if (fdr < 0) + read_fd = open(argv[0], O_RDONLY); + if (read_fd < 0) err(1, "Cannot open read descriptor %s", argv[0]); - error = fstat(fdr, &sb); - if (error < 0) - err(1, "fstat failed"); - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - error = ioctl(fdr, DIOCGSECTORSIZE, §orsize); - if (error < 0) - err(1, "DIOCGSECTORSIZE failed"); - - error = ioctl(fdr, DIOCGSTRIPESIZE, &stripesize); - if (error == 0 && stripesize < sectorsize) - sectorsize = stripesize; + determine_read_sizes(); - minsize = sectorsize; - bigsize = rounddown(bigsize, sectorsize); + work_buf = malloc(big_read); + assert (work_buf != NULL); - error = ioctl(fdr, DIOCGMEDIASIZE, &tot_size); - if (error < 0) - err(1, "DIOCGMEDIASIZE failed"); + if (argc > 1) { + write_fd = open(argv[1], O_WRONLY | O_CREAT, DEFFILEMODE); + if (write_fd < 0) + err(1, "Cannot open write descriptor %s", argv[1]); + if (ftruncate(write_fd, (off_t)total_size) < 0) + err(1, "Cannot truncate output %s to %ju bytes", + argv[1], (uintmax_t)total_size); } else { - tot_size = sb.st_size; + write_fd = -1; } - if (bigsize < minsize) - bigsize = minsize; - - for (ch = 0; (bigsize >> ch) > minsize; ch++) - continue; - medsize = bigsize >> (ch / 2); - medsize = rounddown(medsize, minsize); - - fprintf(stderr, "Bigsize = %zu, medsize = %zu, minsize = %zu\n", - bigsize, medsize, minsize); - - buf = malloc(bigsize); - if (buf == NULL) - err(1, "Cannot allocate %zu bytes buffer", bigsize); + if (strlen(unreadable_pattern)) { + pattern_buf = malloc(big_read); + assert(pattern_buf != NULL); + fill_buf(pattern_buf, big_read, unreadable_pattern); + } - if (argc > 1) { - fdw = open(argv[1], O_WRONLY | O_CREAT, DEFFILEMODE); - if (fdw < 0) - err(1, "Cannot open write descriptor %s", argv[1]); - if (ftruncate(fdw, tot_size) < 0) - err(1, "Cannot truncate output %s to %jd bytes", - argv[1], (intmax_t)tot_size); - } else - fdw = -1; - - if (rworklist != NULL) { - done_size = read_worklist(tot_size); + if (read_worklist_file != NULL) { + done_size = total_size - read_worklist(); } else { - new_lump(0, tot_size, 0); + new_lump(0UL, total_size, 0UL); done_size = 0; } - if (wworklist != NULL) + if (write_worklist_file != NULL) signal(SIGINT, sighandler); - t1 = time(NULL); sz = 0; if (!verbose) - report_header(0); + report_header("\n"); else printf("\x1b[2J"); - n = 0; - for (;;) { - lp = TAILQ_FIRST(&lumps); - if (lp == NULL) - break; - while (lp->len > 0) { - if (lp->state == 0) - sz = MIN(lp->len, (off_t)bigsize); - else if (lp->state == 1) - sz = MIN(lp->len, (off_t)medsize); - else - sz = MIN(lp->len, (off_t)minsize); - assert(sz != 0); - - t2 = time(NULL); - if (t1 != t2 || lp->len < (off_t)bigsize) { - t1 = t2; - if (++n == snapshot) { - save_worklist(); - n = 0; - } - report(lp, sz); - } + t_first = time(NULL); + t_report = t_first; + t_save = t_first; + unsaved = 0; + while (!aborting) { + t_now = time(NULL); + sz = attempt_one_lump(t_now); + error = errno; - j = pread(fdr, buf, sz, lp->start); -#if 0 -if (!(random() & 0xf)) { - j = -1; - errno = EIO; -} -#endif - if (j == sz) { - done_size += sz; - if (fdw >= 0) - write_buf(fdw, buf, sz, lp->start); - lp->start += sz; - lp->len -= sz; - if (verbose && lp->state > 2) - report_good_read(t2, sz); - continue; - } - error = errno; - - printf("%jd %zu %d read error (%s)\n", - lp->start, sz, lp->state, strerror(error)); - if (verbose) - report(lp, sz); - if (fdw >= 0 && strlen(unreadable_pattern)) { - fill_buf(buf, sz, unreadable_pattern); - write_buf(fdw, buf, sz, lp->start); + if (sz == 0) { + break; + } + + if (sz > 0) { + unsaved += 1; + } + if (unsaved && (t_save + snapshot) < t_now) { + save_worklist(); + unsaved = 0; + t_save = t_now; + if (!verbose) { + report_header("\n"); + t_report = t_now; } - new_lump(lp->start, sz, lp->state + 1); - lp->start += sz; - lp->len -= sz; - if (error == EINVAL) { - printf("Try with -b 131072 or lower ?\n"); - aborting = 1; - break; + } + if (sz > 0) { + if (verbose) { + account_good_read(t_now, sz); } - if (error == ENXIO) { - printf("Input device probably detached...\n"); - aborting = 1; - break; + if (t_report != t_now) { + report(sz); + t_report = t_now; } + continue; } - if (aborting) - save_worklist(); - if (aborting || !TAILQ_NEXT(lp, list)) - report(lp, sz); - if (aborting) + + monitor_read_sizes(-sz); + + if (error == EINVAL) { + printf("Try with -b 131072 or lower ?\n"); + aborting = 1; break; - assert(lp->len == 0); - TAILQ_REMOVE(&lumps, lp, list); - free(lp); + } + if (error == ENXIO) { + printf("Input device probably detached...\n"); + aborting = 1; + break; + } + report(-sz); + t_report = t_now; + if (error_pause > 0) { + usleep((unsigned long)(1e6 * error_pause)); + } } + save_worklist(); + free(work_buf); + if (pattern_buf != NULL) + free(pattern_buf); printf("%s", aborting ? "Aborted\n" : "Completed\n"); - free(buf); - return (0); + report(0UL); + return (0); // XXX } diff --git a/share/examples/oci/Containerfile.pkg b/share/examples/oci/Containerfile.pkg index 074c470affc9..f6699c79af71 100644 --- a/share/examples/oci/Containerfile.pkg +++ b/share/examples/oci/Containerfile.pkg @@ -6,7 +6,7 @@ ARG version=14.snap # Select freebsd-runtime as our starting point. -FROM localhost/freebsd-runtime:${version} +FROM ghcr.io/freebsd/freebsd-runtime:${version} # A list of package(s) to install ARG packages @@ -15,7 +15,10 @@ ARG packages # use for downloading pkg since the freebsd-runtime image has both FreeBSD and # FreeBSD-base pkg repo configs installed and FreeBSD-base does not contain the # pkg package. -RUN env ASSUME_ALWAYS_YES=yes pkg bootstrap -r FreeBSD && pkg update +# +# Set IGNORE_OSVERSION to allow building e.g. FreeBSD-14 images on +# FreeBSD-15 hosts. +RUN pkg bootstrap -y -r FreeBSD && pkg -o IGNORE_OSVERSION=yes update -f # Install some package(s). RUN pkg install -y ${packages} diff --git a/share/termcap/termcap b/share/termcap/termcap index 46b89d0b3ddf..44704653045d 100644 --- a/share/termcap/termcap +++ b/share/termcap/termcap @@ -4705,14 +4705,14 @@ xterm-termite|VTE-based terminal:\ :ti=\E[?1049h:ts=\E]2;:u6=\E[%i%d;%dR:u7=\E[6n:ue=\E[24m:\ :up=\E[A:us=\E[4m:ve=\E[?25h:vi=\E[?25l: -# Termcap for st terminal taken from the st-0.8 sources -st|simpleterm:\ +# Termcap for st terminal taken from the st-0.9.2 sources +st-mono|simpleterm monocolor:\ :am:hs:mi:ms:xn:\ :co#80:it#8:li#24:\ :AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:DO=\E[%dB:IC=\E[%d@:\ :K1=\E[1~:K2=\EOu:K3=\E[5~:K4=\E[4~:K5=\E[6~:LE=\E[%dD:\ - :RI=\E[%dC:SF=\E[%dS:UP=\E[%dA:ae=\E(B:al=\E[L:as=\E(0:\ - :bl=^G:bt=\E[Z:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\ + :RI=\E[%dC:SF=\E[%dS:SR=\E[%dT:UP=\E[%dA:ae=\E(B:al=\E[L:\ + :as=\E(0:bl=^G:bt=\E[Z:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\ :cm=\E[%i%d;%dH:cr=\r:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:\ :dl=\E[M:do=\n:ec=\E[%dX:ei=\E[4l:fs=^G:ho=\E[H:im=\E[4h:\ :is=\E[4l\E>\E[?1034l:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:\ @@ -4725,6 +4725,14 @@ st|simpleterm:\ :ue=\E[24m:up=\E[A:us=\E[4m:vb=\E[?5h\E[?5l:\ :ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?25h: +st|simpleterm:\ + :Co#8:\ + :AB=\E[4%dm:AF=\E[3%dm:\ + :..Sb=\E[4%?%p1%{1}%=%t4%e%p1%{3}%=%t6%e%p1%{4}%=%t1%e%p1%{6}%=%t3%e%p1%d%;m:\ + :..Sf=\E[3%?%p1%{1}%=%t4%e%p1%{3}%=%t6%e%p1%{4}%=%t1%e%p1%{6}%=%t3%e%p1%d%;m:\ + :..sa=%?%p9%t\E(0%e\E(B%;\E[0%?%p6%t;1%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;%?%p7%t;8%;m:\ + :tc=st-mono: + st-256color|simpleterm with 256 colors:\ :cc:\ :Co#256:pa#32767:\ @@ -4742,6 +4750,12 @@ st-meta-256color|simpleterm with meta key and 256 colors:\ :is=\E[4l\E>\E[?1034h:mm=\E[?1034h:mo=\E[?1034l:\ :rs=\E[4l\E>\E[?1034h:tc=st-256color: +st-bs|simpleterm with backspace as backspace:\ + :kD=\177:kb=^H:tc=st: + +st-bs-256color|simpleterm with backspace as backspace and 256colors:\ + :kD=\177:kb=^H:tc=st-256color: + # From version 0.13.3 xterm-kitty|KovId's TTY:\ diff --git a/stand/fdt/fdt_loader_cmd.c b/stand/fdt/fdt_loader_cmd.c index 226812a5d2a6..161c2435c410 100644 --- a/stand/fdt/fdt_loader_cmd.c +++ b/stand/fdt/fdt_loader_cmd.c @@ -1240,13 +1240,6 @@ fdt_cmd_ls(int argc, char *argv[]) return (CMD_OK); } -static __inline int -isprint(int c) -{ - - return (c >= ' ' && c <= 0x7e); -} - static int fdt_isprint(const void *data, int len, int *count) { diff --git a/stand/i386/libi386/Makefile b/stand/i386/libi386/Makefile index 038557c6a826..7205d3a61988 100644 --- a/stand/i386/libi386/Makefile +++ b/stand/i386/libi386/Makefile @@ -7,6 +7,7 @@ SRCS+= bio.c SRCS+= biosacpi.c SRCS+= biosdisk.c SRCS+= biosmem.c +SRCS+= biosmemdisk.c SRCS+= biospci.c SRCS+= biospnp.c SRCS+= biossmap.c diff --git a/stand/i386/libi386/biosmemdisk.c b/stand/i386/libi386/biosmemdisk.c new file mode 100644 index 000000000000..208ae289950a --- /dev/null +++ b/stand/i386/libi386/biosmemdisk.c @@ -0,0 +1,140 @@ +/*- + * Copyright (c) 2020 Richard Russo <russor@ruka.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +/* + * Source of information: https://repo.or.cz/syslinux.git + * + * Implements the MEMDISK protocol from syslinux, found in doc/memdisk.txt + * (search MEMDISK info structure). Since we validate the pointer to the mBFT, a + * minimum version of 3.85 is needed. Note: All this could be done in the + * kernel, since we don't have hooks to use this inside the boot loader. The + * details of these structures can be found in memdisk/memdisk.inc (search + * for mBFT). + * + * The kernel could just grab the mBFT table, but instead relies on us finding + * it and setting the right env variables. + */ +#include <stand.h> +#include <machine/stdarg.h> +#include <bootstrap.h> +#include <btxv86.h> +#include "libi386.h" + +#include "platform/acfreebsd.h" +#include "acconfig.h" +#define ACPI_SYSTEM_XFACE +#include "actypes.h" +#include "actbl.h" + +struct memdisk_info { + uint32_t mdi_13h_hook_ptr; /* not included in mdi_length! */ + uint16_t mdi_length; + uint8_t mdi_minor; + uint8_t mdi_major; + uint32_t mdi_disk_ptr; + uint32_t mdi_disk_sectors; + uint32_t mdi_far_ptr_cmdline; + uint32_t mdi_old_int13h; + uint32_t mdi_old_int15h; + uint16_t mdi_dos_mem_before; + uint8_t mdi_boot_loader_id; + uint8_t mdi_sector_size; /* Code below assumes this is last */ +} __attribute__((packed)); + +struct safe_13h_hook { + char sh_jmp[3]; + char sh_id[8]; + char sh_vendor[8]; + uint16_t sh_next_offset; + uint16_t sh_next_segment; + uint32_t sh_flags; + uint32_t sh_mbft; +} __attribute__((packed)); + +/* + * Maximum length of INT 13 entries we'll chase. Real disks are on this list, + * potentially, so we may have to look through them to find the memdisk. + */ +#define MEMDISK_MAX 32 + +/* + * Scan for MEMDISK virtual block devices + */ +void +biosmemdisk_detect(void) +{ + char line[80], scratch[80]; + int hook = 0, count = 0, sector_size; + uint16_t segment, offset; + struct safe_13h_hook *probe; + ACPI_TABLE_HEADER *mbft; + uint8_t *cp, sum; + struct memdisk_info *mdi; + + /* + * Walk through the int13 handler linked list, looking for possible + * MEMDISKs. + * + * The max is arbitrary to ensure termination. + */ + offset = *(uint16_t *)PTOV(0x13 * 4); + segment = *(uint16_t *)PTOV(0x13 * 4 + 2); + while (hook < MEMDISK_MAX && !(segment == 0 && offset == 0)) { + /* + * Walk the linked list, making sure each node has the right + * signature and only looking at MEMDISK nodes. + */ + probe = (struct safe_13h_hook *)PTOV(segment * 16 + offset); + if (memcmp(probe->sh_id, "$INT13SF", sizeof(probe->sh_id)) != 0) { + printf("Found int 13h unsafe hook at %p (%x:%x)\n", + probe, segment, offset); + break; + } + if (memcmp(probe->sh_vendor, "MEMDISK ", sizeof(probe->sh_vendor)) != 0) + goto end_of_loop; + + /* + * If it is a memdisk, make sure the mBFT signature is correct + * and its checksum is right. + */ + mbft = (ACPI_TABLE_HEADER *)PTOV(probe->sh_mbft); + if (memcmp(mbft->Signature, "mBFT", sizeof(mbft->Signature)) != 0) + goto end_of_loop; + sum = 0; + cp = (uint8_t *)mbft; + for (int idx = 0; idx < mbft->Length; ++idx) + sum += *(cp + idx); + if (sum != 0) + goto end_of_loop; + + /* + * The memdisk info follows the ACPI_TABLE_HEADER in the mBFT + * section. If the sector size is present and non-zero use it + * otherwise assume 512. + */ + mdi = (struct memdisk_info *)PTOV(probe->sh_mbft + sizeof(*mbft)); + sector_size = 512; + if (mdi->mdi_length + sizeof(mdi->mdi_13h_hook_ptr) >= sizeof(*mdi) && + mdi->mdi_sector_size != 0) + sector_size = 1 << mdi->mdi_sector_size; + + printf("memdisk %d.%d disk at %#x (%d sectors = %d bytes)\n", + mdi->mdi_major, mdi->mdi_minor, mdi->mdi_disk_ptr, + mdi->mdi_disk_sectors, mdi->mdi_disk_sectors * sector_size); + + snprintf(line, sizeof(line), "hint.md.%d.physaddr", count); + snprintf(scratch, sizeof(scratch), "0x%08x", mdi->mdi_disk_ptr); + setenv(line, scratch, 1); + snprintf(line, sizeof(line), "hint.md.%d.len", count); + snprintf(scratch, sizeof(scratch), "%d", mdi->mdi_disk_sectors * sector_size); + setenv(line, scratch, 1); + count++; +end_of_loop: + hook++; + offset = probe->sh_next_offset; + segment = probe->sh_next_segment; + } +} diff --git a/stand/i386/libi386/libi386.h b/stand/i386/libi386/libi386.h index d456ef58d7c2..caf565dd0656 100644 --- a/stand/i386/libi386/libi386.h +++ b/stand/i386/libi386/libi386.h @@ -149,3 +149,5 @@ int bi_load64(char *args, vm_offset_t *modulep, vm_offset_t *kernend, int add_smap); void pxe_enable(void *pxeinfo); + +void biosmemdisk_detect(void); diff --git a/stand/i386/loader/main.c b/stand/i386/loader/main.c index a7dfb2dde762..fd95cf5243cf 100644 --- a/stand/i386/loader/main.c +++ b/stand/i386/loader/main.c @@ -251,6 +251,9 @@ main(void) initial_bootinfo->bi_extmem = bios_extmem / 1024; } + /* detect MEMDISK virtual disks */ + biosmemdisk_detect(); + /* detect SMBIOS for future reference */ smbios_detect(NULL); diff --git a/stand/libsa/hexdump.c b/stand/libsa/hexdump.c index 83fd5e277f1b..cce6e323c2cb 100644 --- a/stand/libsa/hexdump.c +++ b/stand/libsa/hexdump.c @@ -61,7 +61,7 @@ hexdump(caddr_t region, size_t len) for (x = 0; x < 16; x++) { if ((line + x) < (region + len)) { c = *(uint8_t *)(line + x); - if ((c < ' ') || (c > '~')) /* !isprint(c) */ + if (!isprint(c)) c = '.'; emit("%c", c); } else { diff --git a/stand/libsa/stand.h b/stand/libsa/stand.h index 8b7d93074ef2..0e99d8778fa6 100644 --- a/stand/libsa/stand.h +++ b/stand/libsa/stand.h @@ -275,6 +275,11 @@ static __inline int ispunct(int c) (c >= '[' && c <= '`') || (c >= '{' && c <= '~'); } +static __inline int isprint(int c) +{ + return (c >= ' ') && (c <= '~'); +} + static __inline int toupper(int c) { return islower(c) ? c - 'a' + 'A' : c; diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c index cd8ab58a07ab..d1d80afccdc7 100644 --- a/sys/amd64/amd64/pmap.c +++ b/sys/amd64/amd64/pmap.c @@ -481,6 +481,8 @@ vm_paddr_t KERNend; /* and the end */ struct kva_layout_s kva_layout = { .kva_min = KV4ADDR(PML4PML4I, 0, 0, 0), + .kva_max = KV4ADDR(NPML4EPG - 1, NPDPEPG - 1, + NPDEPG - 1, NPTEPG - 1), .dmap_low = KV4ADDR(DMPML4I, 0, 0, 0), .dmap_high = KV4ADDR(DMPML4I + NDMPML4E, 0, 0, 0), .lm_low = KV4ADDR(LMSPML4I, 0, 0, 0), @@ -489,10 +491,20 @@ struct kva_layout_s kva_layout = { .km_high = KV4ADDR(KPML4BASE + NKPML4E - 1, NPDPEPG - 1, NPDEPG - 1, NPTEPG - 1), .rec_pt = KV4ADDR(PML4PML4I, 0, 0, 0), + .kasan_shadow_low = KV4ADDR(KASANPML4I, 0, 0, 0), + .kasan_shadow_high = KV4ADDR(KASANPML4I + NKASANPML4E, 0, 0, 0), + .kmsan_shadow_low = KV4ADDR(KMSANSHADPML4I, 0, 0, 0), + .kmsan_shadow_high = KV4ADDR(KMSANSHADPML4I + NKMSANSHADPML4E, + 0, 0, 0), + .kmsan_origin_low = KV4ADDR(KMSANORIGPML4I, 0, 0, 0), + .kmsan_origin_high = KV4ADDR(KMSANORIGPML4I + NKMSANORIGPML4E, + 0, 0, 0), }; struct kva_layout_s kva_layout_la57 = { .kva_min = KV5ADDR(NPML5EPG / 2, 0, 0, 0, 0), /* == rec_pt */ + .kva_max = KV5ADDR(NPML5EPG - 1, NPML4EPG - 1, NPDPEPG - 1, + NPDEPG - 1, NPTEPG - 1), .dmap_low = KV5ADDR(DMPML5I, 0, 0, 0, 0), .dmap_high = KV5ADDR(DMPML5I + NDMPML5E, 0, 0, 0, 0), .lm_low = KV5ADDR(LMSPML5I, 0, 0, 0, 0), @@ -501,6 +513,14 @@ struct kva_layout_s kva_layout_la57 = { .km_high = KV4ADDR(KPML4BASE + NKPML4E - 1, NPDPEPG - 1, NPDEPG - 1, NPTEPG - 1), .rec_pt = KV5ADDR(PML5PML5I, 0, 0, 0, 0), + .kasan_shadow_low = KV4ADDR(KASANPML4I, 0, 0, 0), + .kasan_shadow_high = KV4ADDR(KASANPML4I + NKASANPML4E, 0, 0, 0), + .kmsan_shadow_low = KV4ADDR(KMSANSHADPML4I, 0, 0, 0), + .kmsan_shadow_high = KV4ADDR(KMSANSHADPML4I + NKMSANSHADPML4E, + 0, 0, 0), + .kmsan_origin_low = KV4ADDR(KMSANORIGPML4I, 0, 0, 0), + .kmsan_origin_high = KV4ADDR(KMSANORIGPML4I + NKMSANORIGPML4E, + 0, 0, 0), }; /* @@ -2003,7 +2023,7 @@ create_pagetables(vm_paddr_t *firstaddr) */ p5_p[i] = KPML5phys | X86_PG_RW | X86_PG_A | X86_PG_M | X86_PG_V | pg_nx; - } else if (i >= DMPML5I && i < DMPML5I + NDMPML5E) { + } else if (i >= DMPML5I && i < DMPML5I + ndmpml4phys) { /* Connect DMAP pml4 pages to PML5. */ p5_p[i] = (DMPML4phys + ptoa(i - DMPML5I)) | X86_PG_RW | X86_PG_V | pg_nx; @@ -11880,9 +11900,7 @@ sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range, mode, range->pdpes, range->pdes, range->ptes); /* Reset to sentinel value. */ - range->sva = la57 ? KV5ADDR(NPML5EPG - 1, NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1) : KV4ADDR(NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1); + range->sva = kva_layout.kva_max; } /* @@ -11923,12 +11941,18 @@ sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va, */ static void sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range, - vm_offset_t va, pml4_entry_t pml4e, pdp_entry_t pdpe, pd_entry_t pde, - pt_entry_t pte) + vm_offset_t va, pml5_entry_t pml5e, pml4_entry_t pml4e, pdp_entry_t pdpe, + pd_entry_t pde, pt_entry_t pte) { pt_entry_t attrs; - attrs = pml4e & (X86_PG_RW | X86_PG_U | pg_nx); + if (la57) { + attrs = pml5e & (X86_PG_RW | X86_PG_U | pg_nx); + attrs |= pml4e & pg_nx; + attrs &= pg_nx | (pml4e & (X86_PG_RW | X86_PG_U)); + } else { + attrs = pml4e & (X86_PG_RW | X86_PG_U | pg_nx); + } attrs |= pdpe & pg_nx; attrs &= pg_nx | (pdpe & (X86_PG_RW | X86_PG_U)); @@ -11961,13 +11985,15 @@ sysctl_kmaps(SYSCTL_HANDLER_ARGS) { struct pmap_kernel_map_range range; struct sbuf sbuf, *sb; + pml5_entry_t pml5e; pml4_entry_t pml4e; pdp_entry_t *pdp, pdpe; pd_entry_t *pd, pde; pt_entry_t *pt, pte; vm_offset_t sva; vm_paddr_t pa; - int error, i, j, k, l; + int error, j, k, l; + bool first; error = sysctl_wire_old_buffer(req, 0); if (error != 0) @@ -11976,9 +12002,8 @@ sysctl_kmaps(SYSCTL_HANDLER_ARGS) sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req); /* Sentinel value. */ - range.sva = la57 ? KV5ADDR(NPML5EPG - 1, NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1) : KV4ADDR(NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1); + range.sva = kva_layout.kva_max; + pml5e = 0; /* no UB for la48 */ /* * Iterate over the kernel page tables without holding the kernel pmap @@ -11987,44 +12012,50 @@ sysctl_kmaps(SYSCTL_HANDLER_ARGS) * Within the large map, ensure that PDP and PD page addresses are * valid before descending. */ - for (sva = 0, i = pmap_pml4e_index(sva); i < NPML4EPG; i++) { - switch (i) { - case PML4PML4I: - if (!la57) - sbuf_printf(sb, "\nRecursive map:\n"); - break; - case DMPML4I: - if (!la57) - sbuf_printf(sb, "\nDirect map:\n"); - break; + for (first = true, sva = 0; sva != 0 || first; first = false) { + if (sva == kva_layout.rec_pt) + sbuf_printf(sb, "\nRecursive map:\n"); + else if (sva == kva_layout.dmap_low) + sbuf_printf(sb, "\nDirect map:\n"); #ifdef KASAN - case KASANPML4I: + else if (sva == kva_layout.kasan_shadow_low) sbuf_printf(sb, "\nKASAN shadow map:\n"); - break; #endif #ifdef KMSAN - case KMSANSHADPML4I: + else if (sva == kva_layout.kmsan_shadow_low) sbuf_printf(sb, "\nKMSAN shadow map:\n"); - break; - case KMSANORIGPML4I: + else if (sva == kva_layout.kmsan_origin_low) sbuf_printf(sb, "\nKMSAN origin map:\n"); - break; #endif - case KPML4BASE: + else if (sva == kva_layout.km_low) sbuf_printf(sb, "\nKernel map:\n"); - break; - case LMSPML4I: - if (!la57) - sbuf_printf(sb, "\nLarge map:\n"); - break; - } + else if (sva == kva_layout.lm_low) + sbuf_printf(sb, "\nLarge map:\n"); /* Convert to canonical form. */ - if (sva == 1ul << 47) - sva |= -1ul << 48; + if (la57) { + if (sva == 1ul << 56) { + sva |= -1ul << 57; + continue; + } + } else { + if (sva == 1ul << 47) { + sva |= -1ul << 48; + continue; + } + } restart: - pml4e = kernel_pml4[i]; + if (la57) { + pml5e = *pmap_pml5e(kernel_pmap, sva); + if ((pml5e & X86_PG_V) == 0) { + sva = rounddown2(sva, NBPML5); + sysctl_kmaps_dump(sb, &range, sva); + sva += NBPML5; + continue; + } + } + pml4e = *pmap_pml4e(kernel_pmap, sva); if ((pml4e & X86_PG_V) == 0) { sva = rounddown2(sva, NBPML4); sysctl_kmaps_dump(sb, &range, sva); @@ -12045,8 +12076,8 @@ restart: pa = pdpe & PG_FRAME; if ((pdpe & PG_PS) != 0) { sva = rounddown2(sva, NBPDP); - sysctl_kmaps_check(sb, &range, sva, pml4e, pdpe, - 0, 0); + sysctl_kmaps_check(sb, &range, sva, pml5e, + pml4e, pdpe, 0, 0); range.pdpes++; sva += NBPDP; continue; @@ -12058,6 +12089,7 @@ restart: * freed. Validate the next-level address * before descending. */ + sva += NBPDP; goto restart; } pd = (pd_entry_t *)PHYS_TO_DMAP(pa); @@ -12074,7 +12106,7 @@ restart: if ((pde & PG_PS) != 0) { sva = rounddown2(sva, NBPDR); sysctl_kmaps_check(sb, &range, sva, - pml4e, pdpe, pde, 0); + pml5e, pml4e, pdpe, pde, 0); range.pdes++; sva += NBPDR; continue; @@ -12086,6 +12118,7 @@ restart: * may be freed. Validate the * next-level address before descending. */ + sva += NBPDR; goto restart; } pt = (pt_entry_t *)PHYS_TO_DMAP(pa); @@ -12099,7 +12132,7 @@ restart: continue; } sysctl_kmaps_check(sb, &range, sva, - pml4e, pdpe, pde, pte); + pml5e, pml4e, pdpe, pde, pte); range.ptes++; } } diff --git a/sys/amd64/include/pmap.h b/sys/amd64/include/pmap.h index a0ca97f2d5a0..e2f97442c10f 100644 --- a/sys/amd64/include/pmap.h +++ b/sys/amd64/include/pmap.h @@ -557,6 +557,7 @@ pmap_pml5e_index(vm_offset_t va) struct kva_layout_s { vm_offset_t kva_min; + vm_offset_t kva_max; vm_offset_t dmap_low; /* DMAP_MIN_ADDRESS */ vm_offset_t dmap_high; /* DMAP_MAX_ADDRESS */ vm_offset_t lm_low; /* LARGEMAP_MIN_ADDRESS */ @@ -564,6 +565,12 @@ struct kva_layout_s { vm_offset_t km_low; /* VM_MIN_KERNEL_ADDRESS */ vm_offset_t km_high; /* VM_MAX_KERNEL_ADDRESS */ vm_offset_t rec_pt; + vm_offset_t kasan_shadow_low; /* KASAN_MIN_ADDRESS */ + vm_offset_t kasan_shadow_high; /* KASAN_MAX_ADDRESS */ + vm_offset_t kmsan_shadow_low; /* KMSAN_SHAD_MIN_ADDRESS */ + vm_offset_t kmsan_shadow_high; /* KMSAN_SHAD_MAX_ADDRESS */ + vm_offset_t kmsan_origin_low; /* KMSAN_ORIG_MIN_ADDRESS */ + vm_offset_t kmsan_origin_high; /* KMSAN_ORIG_MAX_ADDRESS */ }; extern struct kva_layout_s kva_layout; diff --git a/sys/amd64/include/vmparam.h b/sys/amd64/include/vmparam.h index ef352e776af6..d2ac3c6648b2 100644 --- a/sys/amd64/include/vmparam.h +++ b/sys/amd64/include/vmparam.h @@ -200,16 +200,14 @@ #define VM_MIN_KERNEL_ADDRESS kva_layout.km_low #define VM_MAX_KERNEL_ADDRESS kva_layout.km_high -#define KASAN_MIN_ADDRESS KV4ADDR(KASANPML4I, 0, 0, 0) -#define KASAN_MAX_ADDRESS KV4ADDR(KASANPML4I + NKASANPML4E, 0, 0, 0) +#define KASAN_MIN_ADDRESS (kva_layout.kasan_shadow_low) +#define KASAN_MAX_ADDRESS (kva_layout.kasan_shadow_high) -#define KMSAN_SHAD_MIN_ADDRESS KV4ADDR(KMSANSHADPML4I, 0, 0, 0) -#define KMSAN_SHAD_MAX_ADDRESS KV4ADDR(KMSANSHADPML4I + NKMSANSHADPML4E, \ - 0, 0, 0) +#define KMSAN_SHAD_MIN_ADDRESS (kva_layout.kmsan_shadow_low) +#define KMSAN_SHAD_MAX_ADDRESS (kva_layout.kmsan_shadow_high) -#define KMSAN_ORIG_MIN_ADDRESS KV4ADDR(KMSANORIGPML4I, 0, 0, 0) -#define KMSAN_ORIG_MAX_ADDRESS KV4ADDR(KMSANORIGPML4I + NKMSANORIGPML4E, \ - 0, 0, 0) +#define KMSAN_ORIG_MIN_ADDRESS (kva_layout.kmsan_origin_low) +#define KMSAN_ORIG_MAX_ADDRESS (kva_layout.kmsan_origin_high) /* * Formally kernel mapping starts at KERNBASE, but kernel linker diff --git a/sys/arm/allwinner/aw_mmc.c b/sys/arm/allwinner/aw_mmc.c index 6bebf5e5fb5e..a8add957dc74 100644 --- a/sys/arm/allwinner/aw_mmc.c +++ b/sys/arm/allwinner/aw_mmc.c @@ -84,21 +84,26 @@ struct aw_mmc_conf { uint32_t dma_xferlen; + uint32_t dma_desc_shift; bool mask_data0; bool can_calibrate; bool new_timing; + bool zero_is_skip; }; static const struct aw_mmc_conf a10_mmc_conf = { .dma_xferlen = 0x2000, + .dma_desc_shift = 0, }; static const struct aw_mmc_conf a13_mmc_conf = { .dma_xferlen = 0x10000, + .dma_desc_shift = 0, }; static const struct aw_mmc_conf a64_mmc_conf = { .dma_xferlen = 0x10000, + .dma_desc_shift = 0, .mask_data0 = true, .can_calibrate = true, .new_timing = true, @@ -106,13 +111,24 @@ static const struct aw_mmc_conf a64_mmc_conf = { static const struct aw_mmc_conf a64_emmc_conf = { .dma_xferlen = 0x2000, + .dma_desc_shift = 0, .can_calibrate = true, }; +static const struct aw_mmc_conf d1_mmc_conf = { + .dma_xferlen = 0x1000, + .dma_desc_shift = 2, + .mask_data0 = true, + .can_calibrate = true, + .new_timing = true, + .zero_is_skip = true, +}; + static struct ofw_compat_data compat_data[] = { {"allwinner,sun4i-a10-mmc", (uintptr_t)&a10_mmc_conf}, {"allwinner,sun5i-a13-mmc", (uintptr_t)&a13_mmc_conf}, {"allwinner,sun7i-a20-mmc", (uintptr_t)&a13_mmc_conf}, + {"allwinner,sun20i-d1-mmc", (uintptr_t)&d1_mmc_conf}, {"allwinner,sun50i-a64-mmc", (uintptr_t)&a64_mmc_conf}, {"allwinner,sun50i-a64-emmc", (uintptr_t)&a64_emmc_conf}, {NULL, 0} @@ -607,16 +623,18 @@ aw_dma_cb(void *arg, bus_dma_segment_t *segs, int nsegs, int err) dma_desc = sc->aw_dma_desc; for (i = 0; i < nsegs; i++) { - if (segs[i].ds_len == sc->aw_mmc_conf->dma_xferlen) + if ((segs[i].ds_len == sc->aw_mmc_conf->dma_xferlen) && + !sc->aw_mmc_conf->zero_is_skip) dma_desc[i].buf_size = 0; /* Size of 0 indicate max len */ else dma_desc[i].buf_size = segs[i].ds_len; - dma_desc[i].buf_addr = segs[i].ds_addr; + dma_desc[i].buf_addr = segs[i].ds_addr >> + sc->aw_mmc_conf->dma_desc_shift; dma_desc[i].config = AW_MMC_DMA_CONFIG_CH | - AW_MMC_DMA_CONFIG_OWN | AW_MMC_DMA_CONFIG_DIC; - - dma_desc[i].next = sc->aw_dma_desc_phys + - ((i + 1) * sizeof(struct aw_mmc_dma_desc)); + AW_MMC_DMA_CONFIG_OWN | AW_MMC_DMA_CONFIG_DIC; + dma_desc[i].next = (sc->aw_dma_desc_phys + + (i + 1) * sizeof(struct aw_mmc_dma_desc)) >> + sc->aw_mmc_conf->dma_desc_shift; } dma_desc[0].config |= AW_MMC_DMA_CONFIG_FD; @@ -678,7 +696,8 @@ aw_mmc_prepare_dma(struct aw_mmc_softc *sc) AW_MMC_WRITE_4(sc, AW_MMC_IDIE, val); /* Set DMA descritptor list address */ - AW_MMC_WRITE_4(sc, AW_MMC_DLBA, sc->aw_dma_desc_phys); + AW_MMC_WRITE_4(sc, AW_MMC_DLBA, sc->aw_dma_desc_phys >> + sc->aw_mmc_conf->dma_desc_shift); /* FIFO trigger level */ AW_MMC_WRITE_4(sc, AW_MMC_FWLR, AW_MMC_DMA_FTRGLEVEL); diff --git a/sys/dev/drm2/drm_fb_helper.c b/sys/dev/drm2/drm_fb_helper.c index f67cc9f60d02..1f4abd255690 100644 --- a/sys/dev/drm2/drm_fb_helper.c +++ b/sys/dev/drm2/drm_fb_helper.c @@ -51,7 +51,7 @@ struct vt_kms_softc { struct task fb_mode_task; }; -/* Call restore out of vt(9) locks. */ +/* Call restore out of vt(4) locks. */ static void vt_restore_fbdev_mode(void *arg, int pending) { diff --git a/sys/dev/md/md.c b/sys/dev/md/md.c index 29dc0c880e3a..ec1664fac701 100644 --- a/sys/dev/md/md.c +++ b/sys/dev/md/md.c @@ -89,6 +89,8 @@ #include <sys/unistd.h> #include <sys/vnode.h> #include <sys/disk.h> +#include <sys/param.h> +#include <sys/bus.h> #include <geom/geom.h> #include <geom/geom_int.h> @@ -2082,8 +2084,10 @@ g_md_init(struct g_class *mp __unused) { caddr_t mod; u_char *ptr, *name, *type; + u_char scratch[40]; unsigned len; int i; + vm_offset_t paddr; /* figure out log2(NINDIR) */ for (i = NINDIR, nshift = -1; i; nshift++) @@ -2123,6 +2127,25 @@ g_md_init(struct g_class *mp __unused) sx_xunlock(&md_sx); } } + + /* + * Load up to 32 pre-loaded disks + */ + for (int i = 0; i < 32; i++) { + if (resource_long_value("md", i, "physaddr", + (long *) &paddr) != 0 || + resource_int_value("md", i, "len", &len) != 0) + break; + ptr = (char *)pmap_map(NULL, paddr, paddr + len, VM_PROT_READ); + if (ptr != NULL && len != 0) { + sprintf(scratch, "preload%d 0x%016jx", i, + (uintmax_t)paddr); + sx_xlock(&md_sx); + md_preloaded(ptr, len, scratch); + sx_xunlock(&md_sx); + } + } + status_dev = make_dev(&mdctl_cdevsw, INT_MAX, UID_ROOT, GID_WHEEL, 0600, MDCTL_NAME); g_topology_lock(); diff --git a/sys/dev/vt/hw/vga/vt_vga.c b/sys/dev/vt/hw/vga/vt_vga.c index 64039575c0ad..675c0573bd7e 100644 --- a/sys/dev/vt/hw/vga/vt_vga.c +++ b/sys/dev/vt/hw/vga/vt_vga.c @@ -1347,7 +1347,7 @@ vga_postswitch(struct vt_device *vd) /* Reinit VGA mode, to restore view after app which change mode. */ vga_initialize(vd, (vd->vd_flags & VDF_TEXTMODE)); - /* Ask vt(9) to update chars on visible area. */ + /* Ask vt(4) to update chars on visible area. */ vd->vd_flags |= VDF_INVALID; } diff --git a/sys/dev/vt/vt_core.c b/sys/dev/vt/vt_core.c index b0f58b38a6f1..b51ef6766de4 100644 --- a/sys/dev/vt/vt_core.c +++ b/sys/dev/vt/vt_core.c @@ -125,10 +125,10 @@ static const struct terminal_class vt_termclass = { (vw)->vw_number) static SYSCTL_NODE(_kern, OID_AUTO, vt, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, - "vt(9) parameters"); + "vt(4) parameters"); static VT_SYSCTL_INT(enable_altgr, 1, "Enable AltGr key (Do not assume R.Alt as Alt)"); static VT_SYSCTL_INT(enable_bell, 0, "Enable bell"); -static VT_SYSCTL_INT(debug, 0, "vt(9) debug level"); +static VT_SYSCTL_INT(debug, 0, "vt(4) debug level"); static VT_SYSCTL_INT(deadtimer, 15, "Time to wait busy process in VT_PROCESS mode"); static VT_SYSCTL_INT(suspendswitch, 1, "Switch to VT0 before suspend"); diff --git a/sys/geom/concat/g_concat.c b/sys/geom/concat/g_concat.c index 2b1cb575cac8..2173a84c7acf 100644 --- a/sys/geom/concat/g_concat.c +++ b/sys/geom/concat/g_concat.c @@ -590,6 +590,7 @@ g_concat_add_disk(struct g_concat_softc *sc, struct g_provider *pp, u_int no) strcmp(md.md_name, sc->sc_name) != 0 || md.md_id != sc->sc_id) { G_CONCAT_DEBUG(0, "Metadata on %s changed.", pp->name); + error = EINVAL; goto fail; } diff --git a/sys/geom/geom_subr.c b/sys/geom/geom_subr.c index 41cc115225f9..aba4bf7c44c4 100644 --- a/sys/geom/geom_subr.c +++ b/sys/geom/geom_subr.c @@ -381,8 +381,8 @@ g_new_geomf(struct g_class *mp, const char *fmt, ...) sbuf_vprintf(sb, fmt, ap); va_end(ap); sbuf_finish(sb); - gp = g_malloc(sizeof *gp, M_WAITOK | M_ZERO); - gp->name = g_malloc(sbuf_len(sb) + 1, M_WAITOK | M_ZERO); + gp = g_malloc(sizeof *gp + sbuf_len(sb) + 1, M_WAITOK | M_ZERO); + gp->name = (char *)(gp + 1); gp->class = mp; gp->rank = 1; LIST_INIT(&gp->consumer); @@ -420,7 +420,6 @@ g_destroy_geom(struct g_geom *gp) g_cancel_event(gp); LIST_REMOVE(gp, geom); TAILQ_REMOVE(&geoms, gp, geoms); - g_free(gp->name); g_free(gp); } diff --git a/sys/geom/virstor/g_virstor.c b/sys/geom/virstor/g_virstor.c index b8cf32875660..73bd9f73055a 100644 --- a/sys/geom/virstor/g_virstor.c +++ b/sys/geom/virstor/g_virstor.c @@ -589,7 +589,7 @@ virstor_ctl_remove(struct gctl_req *req, struct g_class *cp) M_GVIRSTOR, M_WAITOK | M_ZERO); bcopy(sc->components, newcomp, found * sizeof(*sc->components)); bcopy(&sc->components[found + 1], newcomp + found, - found * sizeof(*sc->components)); + (sc->n_components - (found + 1)) * sizeof(*sc->components)); if ((sc->components[j].flags & VIRSTOR_PROVIDER_ALLOCATED) != 0) { LOG_MSG(LVL_ERROR, "Allocated provider %s cannot be " "removed from %s", diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 7bdbc565f4ca..6755997fd1f0 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -341,6 +341,7 @@ ovpn_nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *sa) size_t len; const void *addr = nvlist_get_binary(nvl, "address", &len); in->sin_family = af; + in->sin_len = sizeof(*in); if (len != sizeof(in->sin_addr)) return (EINVAL); @@ -355,6 +356,7 @@ ovpn_nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *sa) size_t len; const void *addr = nvlist_get_binary(nvl, "address", &len); in6->sin6_family = af; + in6->sin6_len = sizeof(*in6); if (len != sizeof(in6->sin6_addr)) return (EINVAL); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 452a8eb4024b..d55afe750869 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -331,6 +331,14 @@ MALLOC_DECLARE(M_PF_RULE_ITEM); SDT_PROVIDER_DECLARE(pf); SDT_PROBE_DECLARE(pf, , test, reason_set); +SDT_PROBE_DECLARE(pf, , log, log); + +#define DPFPRINTF(n, fmt, x...) \ + do { \ + SDT_PROBE2(pf, , log, log, (n), fmt); \ + if (V_pf_status.debug >= (n)) \ + printf(fmt "\n", ##x); \ + } while (0) struct pfi_dynaddr { TAILQ_ENTRY(pfi_dynaddr) entry; @@ -1676,6 +1684,9 @@ struct pf_pdesc { u_int32_t fragoff; /* fragment header offset */ u_int32_t jumbolen; /* length from v6 jumbo header */ u_int32_t badopts; /* v4 options or v6 routing headers */ +#define PF_OPT_OTHER 0x0001 +#define PF_OPT_JUMBO 0x0002 +#define PF_OPT_ROUTER_ALERT 0x0004 u_int16_t *ip_sum; u_int16_t flags; /* Let SCRUB trigger behavior in diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 923633d76df7..c129c8c49921 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -196,7 +196,7 @@ SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "Firewall"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass, CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_one_pass), 0, - "Only do a single pass through ipfw when using dummynet(4)"); + "Only do a single pass through ipfw when using dummynet(4), ipfw_nat or other divert(4)-like interfaces"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(autoinc_step), 0, "Rule number auto-increment step"); diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 4e03584b8f85..ee10a997c977 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -110,8 +110,6 @@ #include <netpfil/pf/pfsync_nv.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - struct pfsync_bucket; struct pfsync_softc; @@ -597,9 +595,9 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) if ((rpool_first == NULL) || (TAILQ_NEXT(rpool_first, entries) != NULL)) { DPFPRINTF(PF_DEBUG_MISC, - ("%s: can't recover routing information " - "because of empty or bad redirection pool\n", - __func__)); + "%s: can't recover routing information " + "because of empty or bad redirection pool", + __func__); return ((flags & PFSYNC_SI_IOCTL) ? EINVAL : 0); } rt = r->rt; @@ -610,8 +608,8 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) * give up on recovering. */ DPFPRINTF(PF_DEBUG_MISC, - ("%s: can't recover routing information " - "because of different ruleset\n", __func__)); + "%s: can't recover routing information " + "because of different ruleset", __func__); return ((flags & PFSYNC_SI_IOCTL) ? EINVAL : 0); } break; @@ -624,8 +622,8 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) rt_kif = pfi_kkif_find(sp->pfs_1400.rt_ifname); if (rt_kif == NULL) { DPFPRINTF(PF_DEBUG_MISC, - ("%s: unknown route interface: %s\n", - __func__, sp->pfs_1400.rt_ifname)); + "%s: unknown route interface: %s", + __func__, sp->pfs_1400.rt_ifname); return ((flags & PFSYNC_SI_IOCTL) ? EINVAL : 0); } rt = sp->pfs_1400.rt; diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 009f7e4d78b1..c669be47b063 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -119,8 +119,6 @@ #include <machine/in_cksum.h> #include <security/mac/mac_framework.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - SDT_PROVIDER_DEFINE(pf); SDT_PROBE_DEFINE2(pf, , test, reason_set, "int", "int"); SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *", @@ -161,6 +159,7 @@ SDT_PROBE_DEFINE2(pf, eth, test_rule, match, "int", "struct pf_keth_rule *"); SDT_PROBE_DEFINE2(pf, eth, test_rule, final_match, "int", "struct pf_keth_rule *"); SDT_PROBE_DEFINE2(pf, purge, state, rowcount, "int", "size_t"); +SDT_PROBE_DEFINE2(pf, , log, log, "int", "const char *"); /* * Global variables @@ -375,6 +374,8 @@ static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t, int, u_int16_t); static int pf_check_proto_cksum(struct mbuf *, int, int, u_int8_t, sa_family_t); +static int pf_walk_option(struct pf_pdesc *, struct ip *, + int, int, u_short *); static int pf_walk_header(struct pf_pdesc *, struct ip *, u_short *); #ifdef INET6 static int pf_walk_option6(struct pf_pdesc *, struct ip6_hdr *, @@ -4615,8 +4616,8 @@ pf_match_rcvif(struct mbuf *m, struct pf_krule *r) if (kif == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: kif == NULL, @%d via %s\n", __func__, r->nr, - r->rcv_ifname)); + "%s: kif == NULL, @%d via %s", __func__, r->nr, + r->rcv_ifname); return (0); } @@ -5242,8 +5243,8 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) if (__predict_false(m->m_len < sizeof(struct ether_header)) && (m = *m0 = m_pullup(*m0, sizeof(struct ether_header))) == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m_len < sizeof(struct ether_header)" - ", pullup failed\n", __func__)); + "%s: m_len < sizeof(struct ether_header)" + ", pullup failed", __func__); return (PF_DROP); } e = mtod(m, struct ether_header *); @@ -6168,8 +6169,8 @@ pf_create_state(struct pf_krule *r, struct pf_test_ctx *ctx, &s->src, &s->dst, &ctx->rewrite)) { /* This really shouldn't happen!!! */ DPFPRINTF(PF_DEBUG_URGENT, - ("%s: tcp normalize failed on first " - "pkt\n", __func__)); + "%s: tcp normalize failed on first " + "pkt", __func__); goto csfailed; } } else if (pd->proto == IPPROTO_SCTP) { @@ -7965,8 +7966,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, ipoff2, &h2, sizeof(h2), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(ip)\n")); + "pf: ICMP error message too short " + "(ip)"); return (PF_DROP); } /* @@ -7996,8 +7997,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, ipoff2, &h2_6, sizeof(h2_6), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(ip6)\n")); + "pf: ICMP error message too short " + "(ip6)"); return (PF_DROP); } pd2.off = ipoff2; @@ -8049,8 +8050,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, th, 8, NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(tcp)\n")); + "pf: ICMP error message too short " + "(tcp)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.tcp.th_sum; @@ -8244,8 +8245,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, uh, sizeof(*uh), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(udp)\n")); + "pf: ICMP error message too short " + "(udp)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.udp.uh_sum; @@ -8376,8 +8377,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (! pf_pull_hdr(pd->m, pd2.off, sh, sizeof(*sh), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(sctp)\n")); + "pf: ICMP error message too short " + "(sctp)"); return (PF_DROP); } pd2.pcksum = &pd2.sctp_dummy_sum; @@ -8407,8 +8408,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (src->scrub->pfss_v_tag != sh->v_tag) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message has incorrect " - "SCTP v_tag\n")); + "pf: ICMP error message has incorrect " + "SCTP v_tag"); return (PF_DROP); } @@ -8531,8 +8532,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, iih, ICMP_MINLEN, NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short i" - "(icmp)\n")); + "pf: ICMP error message too short i" + "(icmp)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.icmp.icmp_cksum; @@ -8651,8 +8652,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, iih, sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(icmp6)\n")); + "pf: ICMP error message too short " + "(icmp6)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.icmp6.icmp6_cksum; @@ -9082,7 +9083,7 @@ pf_route(struct pf_krule *r, struct ifnet *oifp, } if (m0->m_len < sizeof(struct ip)) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m0->m_len < sizeof(struct ip)\n", __func__)); + "%s: m0->m_len < sizeof(struct ip)", __func__); SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; } @@ -9387,8 +9388,8 @@ pf_route6(struct pf_krule *r, struct ifnet *oifp, } if (m0->m_len < sizeof(struct ip6_hdr)) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m0->m_len < sizeof(struct ip6_hdr)\n", - __func__)); + "%s: m0->m_len < sizeof(struct ip6_hdr)", + __func__); SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; } @@ -9683,7 +9684,7 @@ pf_test_eth(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, if (kif == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: kif == NULL, if_xname %s\n", __func__, ifp->if_xname)); + "%s: kif == NULL, if_xname %s", __func__, ifp->if_xname); return (PF_DROP); } if (kif->pfik_flags & PFI_IFLAG_SKIP) @@ -9798,6 +9799,62 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate *s, } static int +pf_walk_option(struct pf_pdesc *pd, struct ip *h, int off, int end, + u_short *reason) +{ + uint8_t type, length, opts[15 * 4 - sizeof(struct ip)]; + + /* IP header in payload of ICMP packet may be too short */ + if (pd->m->m_pkthdr.len < end) { + DPFPRINTF(PF_DEBUG_MISC, "IP option too short"); + REASON_SET(reason, PFRES_SHORT); + return (PF_DROP); + } + + MPASS(end - off <= sizeof(opts)); + m_copydata(pd->m, off, end - off, opts); + end -= off; + off = 0; + + while (off < end) { + type = opts[off]; + if (type == IPOPT_EOL) + break; + if (type == IPOPT_NOP) { + off++; + continue; + } + if (off + 2 > end) { + DPFPRINTF(PF_DEBUG_MISC, "IP length opt"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + length = opts[off + 1]; + if (length < 2) { + DPFPRINTF(PF_DEBUG_MISC, "IP short opt"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + if (off + length > end) { + DPFPRINTF(PF_DEBUG_MISC, "IP long opt"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + switch (type) { + case IPOPT_RA: + pd->badopts |= PF_OPT_ROUTER_ALERT; + break; + default: + pd->badopts |= PF_OPT_OTHER; + break; + } + off += length; + } + + return (PF_PASS); +} + +static int pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) { struct ah ext; @@ -9809,11 +9866,28 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) REASON_SET(reason, PFRES_SHORT); return (PF_DROP); } - if (hlen != sizeof(struct ip)) - pd->badopts++; + if (hlen != sizeof(struct ip)) { + if (pf_walk_option(pd, h, pd->off + sizeof(struct ip), + pd->off + hlen, reason) != PF_PASS) + return (PF_DROP); + /* header options which contain only padding is fishy */ + if (pd->badopts == 0) + pd->badopts |= PF_OPT_OTHER; + } end = pd->off + ntohs(h->ip_len); pd->off += hlen; pd->proto = h->ip_p; + /* IGMP packets have router alert options, allow them */ + if (pd->proto == IPPROTO_IGMP) { + /* According to RFC 1112 ttl must be set to 1. */ + if ((h->ip_ttl != 1) || + !IN_MULTICAST(ntohl(h->ip_dst.s_addr))) { + DPFPRINTF(PF_DEBUG_MISC, "Invalid IGMP"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + pd->badopts &= ~PF_OPT_ROUTER_ALERT; + } /* stop walking over non initial fragments */ if ((h->ip_off & htons(IP_OFFMASK)) != 0) return (PF_PASS); @@ -9826,7 +9900,7 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) return (PF_PASS); if (!pf_pull_hdr(pd->m, pd->off, &ext, sizeof(ext), NULL, reason, AF_INET)) { - DPFPRINTF(PF_DEBUG_MISC, ("IP short exthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IP short exthdr"); return (PF_DROP); } pd->off += (ext.ah_len + 2) * 4; @@ -9836,7 +9910,7 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) return (PF_PASS); } } - DPFPRINTF(PF_DEBUG_MISC, ("IPv4 nested authentication header limit")); + DPFPRINTF(PF_DEBUG_MISC, "IPv4 nested authentication header limit"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9852,7 +9926,7 @@ pf_walk_option6(struct pf_pdesc *pd, struct ip6_hdr *h, int off, int end, while (off < end) { if (!pf_pull_hdr(pd->m, off, &opt.ip6o_type, sizeof(opt.ip6o_type), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short opt type")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short opt type"); return (PF_DROP); } if (opt.ip6o_type == IP6OPT_PAD1) { @@ -9861,41 +9935,48 @@ pf_walk_option6(struct pf_pdesc *pd, struct ip6_hdr *h, int off, int end, } if (!pf_pull_hdr(pd->m, off, &opt, sizeof(opt), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short opt")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short opt"); return (PF_DROP); } if (off + sizeof(opt) + opt.ip6o_len > end) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 long opt")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 long opt"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } switch (opt.ip6o_type) { + case IP6OPT_PADN: + break; case IP6OPT_JUMBO: + pd->badopts |= PF_OPT_JUMBO; if (pd->jumbolen != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 multiple jumbo")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 multiple jumbo"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } if (ntohs(h->ip6_plen) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 bad jumbo plen")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 bad jumbo plen"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } if (!pf_pull_hdr(pd->m, off, &jumbo, sizeof(jumbo), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short jumbo")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short jumbo"); return (PF_DROP); } memcpy(&pd->jumbolen, jumbo.ip6oj_jumbo_len, sizeof(pd->jumbolen)); pd->jumbolen = ntohl(pd->jumbolen); if (pd->jumbolen < IPV6_MAXPACKET) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short jumbolen")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short jumbolen"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } break; + case IP6OPT_ROUTER_ALERT: + pd->badopts |= PF_OPT_ROUTER_ALERT; + break; default: + pd->badopts |= PF_OPT_OTHER; break; } off += sizeof(opt) + opt.ip6o_len; @@ -9909,6 +9990,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) { struct ip6_frag frag; struct ip6_ext ext; + struct icmp6_hdr icmp6; struct ip6_rthdr rthdr; uint32_t end; int hdr_cnt, fraghdr_cnt = 0, rthdr_cnt = 0; @@ -9920,27 +10002,40 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) for (hdr_cnt = 0; hdr_cnt < PF_HDR_LIMIT; hdr_cnt++) { switch (pd->proto) { case IPPROTO_ROUTING: - case IPPROTO_HOPOPTS: case IPPROTO_DSTOPTS: - pd->badopts++; + pd->badopts |= PF_OPT_OTHER; + break; + case IPPROTO_HOPOPTS: + if (!pf_pull_hdr(pd->m, pd->off, &ext, sizeof(ext), + NULL, reason, AF_INET6)) { + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short exthdr"); + return (PF_DROP); + } + if (pf_walk_option6(pd, h, pd->off + sizeof(ext), + pd->off + (ext.ip6e_len + 1) * 8, + reason) != PF_PASS) + return (PF_DROP); + /* option header which contains only padding is fishy */ + if (pd->badopts == 0) + pd->badopts |= PF_OPT_OTHER; break; } switch (pd->proto) { case IPPROTO_FRAGMENT: if (fraghdr_cnt++) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 multiple fragment")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 multiple fragment"); REASON_SET(reason, PFRES_FRAG); return (PF_DROP); } /* jumbo payload packets cannot be fragmented */ if (pd->jumbolen != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 fragmented jumbo")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 fragmented jumbo"); REASON_SET(reason, PFRES_FRAG); return (PF_DROP); } if (!pf_pull_hdr(pd->m, pd->off, &frag, sizeof(frag), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short fragment")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short fragment"); return (PF_DROP); } /* stop walking over non initial fragments */ @@ -9956,7 +10051,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) break; case IPPROTO_ROUTING: if (rthdr_cnt++) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 multiple rthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 multiple rthdr"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9968,11 +10063,11 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) } if (!pf_pull_hdr(pd->m, pd->off, &rthdr, sizeof(rthdr), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short rthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short rthdr"); return (PF_DROP); } if (rthdr.ip6r_type == IPV6_RTHDR_TYPE_0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 rthdr0")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 rthdr0"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9980,7 +10075,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) case IPPROTO_HOPOPTS: /* RFC2460 4.1: Hop-by-Hop only after IPv6 header */ if (pd->proto == IPPROTO_HOPOPTS && hdr_cnt > 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 hopopts not first")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 hopopts not first"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9989,7 +10084,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) case IPPROTO_DSTOPTS: if (!pf_pull_hdr(pd->m, pd->off, &ext, sizeof(ext), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short exthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short exthdr"); return (PF_DROP); } /* fragments may be short */ @@ -10001,18 +10096,11 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) /* reassembly needs the ext header before the frag */ if (pd->fragoff == 0) pd->extoff = pd->off; - if (pd->proto == IPPROTO_HOPOPTS && pd->fragoff == 0) { - if (pf_walk_option6(pd, h, - pd->off + sizeof(ext), - pd->off + (ext.ip6e_len + 1) * 8, reason) - != PF_PASS) - return (PF_DROP); - if (ntohs(h->ip6_plen) == 0 && pd->jumbolen != 0) { - DPFPRINTF(PF_DEBUG_MISC, - ("IPv6 missing jumbo")); - REASON_SET(reason, PFRES_IPOPTIONS); - return (PF_DROP); - } + if (pd->proto == IPPROTO_HOPOPTS && pd->fragoff == 0 && + ntohs(h->ip6_plen) == 0 && pd->jumbolen != 0) { + DPFPRINTF(PF_DEBUG_MISC, "IPv6 missing jumbo"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); } if (pd->proto == IPPROTO_AH) pd->off += (ext.ip6e_len + 2) * 4; @@ -10020,10 +10108,45 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) pd->off += (ext.ip6e_len + 1) * 8; pd->proto = ext.ip6e_nxt; break; + case IPPROTO_ICMPV6: + /* fragments may be short, ignore inner header then */ + if (pd->fragoff != 0 && end < pd->off + sizeof(icmp6)) { + pd->off = pd->fragoff; + pd->proto = IPPROTO_FRAGMENT; + return (PF_PASS); + } + if (!pf_pull_hdr(pd->m, pd->off, &icmp6, sizeof(icmp6), + NULL, reason, AF_INET6)) { + DPFPRINTF(PF_DEBUG_MISC, + "IPv6 short icmp6hdr"); + return (PF_DROP); + } + /* ICMP multicast packets have router alert options */ + switch (icmp6.icmp6_type) { + case MLD_LISTENER_QUERY: + case MLD_LISTENER_REPORT: + case MLD_LISTENER_DONE: + case MLDV2_LISTENER_REPORT: + /* + * According to RFC 2710 all MLD messages are + * sent with hop-limit (ttl) set to 1, and link + * local source address. If either one is + * missing then MLD message is invalid and + * should be discarded. + */ + if ((h->ip6_hlim != 1) || + !IN6_IS_ADDR_LINKLOCAL(&h->ip6_src)) { + DPFPRINTF(PF_DEBUG_MISC, "Invalid MLD"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + pd->badopts &= ~PF_OPT_ROUTER_ALERT; + break; + } + return (PF_PASS); case IPPROTO_TCP: case IPPROTO_UDP: case IPPROTO_SCTP: - case IPPROTO_ICMPV6: /* fragments may be short, ignore inner header then */ if (pd->fragoff != 0 && end < pd->off + (pd->proto == IPPROTO_TCP ? sizeof(struct tcphdr) : @@ -10038,7 +10161,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) return (PF_PASS); } } - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 nested extension header limit")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 nested extension header limit"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -10083,8 +10206,15 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, if (__predict_false((*m0)->m_len < sizeof(struct ip)) && (pd->m = *m0 = m_pullup(*m0, sizeof(struct ip))) == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m_len < sizeof(struct ip), pullup failed\n", - __func__)); + "%s: m_len < sizeof(struct ip), pullup failed", + __func__); + *action = PF_DROP; + REASON_SET(reason, PFRES_SHORT); + return (-1); + } + + h = mtod(pd->m, struct ip *); + if (pd->m->m_pkthdr.len < ntohs(h->ip_len)) { *action = PF_DROP; REASON_SET(reason, PFRES_SHORT); return (-1); @@ -10097,13 +10227,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, return (-1); } *m0 = pd->m; - h = mtod(pd->m, struct ip *); - if (pd->m->m_pkthdr.len < ntohs(h->ip_len)) { - *action = PF_DROP; - REASON_SET(reason, PFRES_SHORT); - return (-1); - } if (pf_walk_header(pd, h, reason) != PF_PASS) { *action = PF_DROP; @@ -10133,8 +10257,8 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, if (__predict_false((*m0)->m_len < sizeof(struct ip6_hdr)) && (pd->m = *m0 = m_pullup(*m0, sizeof(struct ip6_hdr))) == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m_len < sizeof(struct ip6_hdr)" - ", pullup failed\n", __func__)); + "%s: m_len < sizeof(struct ip6_hdr)" + ", pullup failed", __func__); *action = PF_DROP; REASON_SET(reason, PFRES_SHORT); return (-1); @@ -10148,6 +10272,15 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, return (-1); } + /* + * we do not support jumbogram. if we keep going, zero ip6_plen + * will do something bad, so drop the packet for now. + */ + if (htons(h->ip6_plen) == 0) { + *action = PF_DROP; + return (-1); + } + if (pf_walk_header6(pd, h, reason) != PF_PASS) { *action = PF_DROP; return (-1); @@ -10167,15 +10300,6 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, pd->virtual_proto = (pd->fragoff != 0) ? PF_VPROTO_FRAGMENT : pd->proto; - /* - * we do not support jumbogram. if we keep going, zero ip6_plen - * will do something bad, so drop the packet for now. - */ - if (htons(h->ip6_plen) == 0) { - *action = PF_DROP; - return (-1); - } - /* We do IP header normalization and packet reassembly here */ if (pf_normalize_ip6(pd->fragoff, reason, pd) != PF_PASS) { @@ -10494,8 +10618,8 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0 if (__predict_false(kif == NULL)) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: kif == NULL, if_xname %s\n", - __func__, ifp->if_xname)); + "%s: kif == NULL, if_xname %s", + __func__, ifp->if_xname); return (PF_DROP); } if (kif->pfik_flags & PFI_IFLAG_SKIP) { @@ -10699,14 +10823,14 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0 action = PF_DROP; REASON_SET(&reason, PFRES_NORM); DPFPRINTF(PF_DEBUG_MISC, - ("dropping IPv6 packet with ICMPv4 payload")); + "dropping IPv6 packet with ICMPv4 payload"); break; } if (pd.virtual_proto == IPPROTO_ICMPV6 && af != AF_INET6) { action = PF_DROP; REASON_SET(&reason, PFRES_NORM); DPFPRINTF(PF_DEBUG_MISC, - ("pf: dropping IPv4 packet with ICMPv6 payload\n")); + "pf: dropping IPv4 packet with ICMPv6 payload"); break; } action = pf_test_state_icmp(&s, &pd, &reason); @@ -10732,12 +10856,12 @@ done: if (s) memcpy(&pd.act, &s->act, sizeof(s->act)); - if (action == PF_PASS && pd.badopts && !pd.act.allow_opts) { + if (action == PF_PASS && pd.badopts != 0 && !pd.act.allow_opts) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: dropping packet with dangerous headers\n")); + "pf: dropping packet with dangerous headers"); } if (pd.act.max_pkt_size && pd.act.max_pkt_size && @@ -10746,7 +10870,7 @@ done: REASON_SET(&reason, PFRES_NORM); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: dropping overly long packet\n")); + "pf: dropping overly long packet"); } if (s) { @@ -10778,7 +10902,7 @@ done: REASON_SET(&reason, PFRES_MEMORY); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: failed to allocate 802.1q mtag\n")); + "pf: failed to allocate 802.1q mtag"); } } @@ -10835,7 +10959,7 @@ done: REASON_SET(&reason, PFRES_MEMORY); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: failed to allocate tag\n")); + "pf: failed to allocate tag"); } else { pd.pf_mtag->flags |= PF_MTAG_FLAG_FASTFWD_OURS_PRESENT; @@ -10852,7 +10976,7 @@ done: REASON_SET(&reason, PFRES_MEMORY); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: failed to allocate divert tag\n")); + "pf: failed to allocate divert tag"); } } /* XXX: Anybody working on it?! */ diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 5c69c395c5fc..ea9f7fe441c6 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -217,8 +217,6 @@ static u_int16_t tagname2tag(struct pf_tagset *, const char *); static u_int16_t pf_tagname2tag(const char *); static void tag_unref(struct pf_tagset *, u_int16_t); -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - struct cdev *pf_dev; /* @@ -2143,14 +2141,14 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, ERROUT(EINVAL); if (ticket != ruleset->rules[rs_num].inactive.ticket) { DPFPRINTF(PF_DEBUG_MISC, - ("ticket: %d != [%d]%d\n", ticket, rs_num, - ruleset->rules[rs_num].inactive.ticket)); + "ticket: %d != [%d]%d", ticket, rs_num, + ruleset->rules[rs_num].inactive.ticket); ERROUT(EBUSY); } if (pool_ticket != V_ticket_pabuf) { DPFPRINTF(PF_DEBUG_MISC, - ("pool_ticket: %d != %d\n", pool_ticket, - V_ticket_pabuf)); + "pool_ticket: %d != %d", pool_ticket, + V_ticket_pabuf); ERROUT(EBUSY); } /* @@ -2469,7 +2467,7 @@ pf_start(void) V_pf_status.since = time_uptime; new_unrhdr64(&V_pf_stateid, time_second); - DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n")); + DPFPRINTF(PF_DEBUG_MISC, "pf: started"); } sx_xunlock(&V_pf_ioctl_lock); @@ -2489,7 +2487,7 @@ pf_stop(void) dehook_pf(); dehook_pf_eth(); V_pf_status.since = time_uptime; - DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n")); + DPFPRINTF(PF_DEBUG_MISC, "pf: stopped"); } sx_xunlock(&V_pf_ioctl_lock); @@ -3264,9 +3262,9 @@ DIOCGETETHRULE_error: if (nvlist_get_number(nvl, "ticket") != ruleset->inactive.ticket) { DPFPRINTF(PF_DEBUG_MISC, - ("ticket: %d != %d\n", + "ticket: %d != %d", (u_int32_t)nvlist_get_number(nvl, "ticket"), - ruleset->inactive.ticket)); + ruleset->inactive.ticket); ERROUT(EBUSY); } @@ -4340,7 +4338,7 @@ DIOCGETSTATESV2_full: if (error == 0) V_pf_altq_running = 1; PF_RULES_WUNLOCK(); - DPFPRINTF(PF_DEBUG_MISC, ("altq: started\n")); + DPFPRINTF(PF_DEBUG_MISC, "altq: started"); break; } @@ -4359,7 +4357,7 @@ DIOCGETSTATESV2_full: if (error == 0) V_pf_altq_running = 0; PF_RULES_WUNLOCK(); - DPFPRINTF(PF_DEBUG_MISC, ("altq: stopped\n")); + DPFPRINTF(PF_DEBUG_MISC, "altq: stopped"); break; } @@ -6457,9 +6455,9 @@ shutdown_pf(void) for (rs_num = 0; rs_num < PF_RULESET_MAX; ++rs_num) { if ((error = pf_begin_rules(&t[rs_num], rs_num, anchor->path)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: " - "anchor.path=%s rs_num=%d\n", - __func__, anchor->path, rs_num)); + DPFPRINTF(PF_DEBUG_MISC, "%s: " + "anchor.path=%s rs_num=%d", + __func__, anchor->path, rs_num); goto error; /* XXX: rollback? */ } } @@ -6481,9 +6479,9 @@ shutdown_pf(void) eth_anchor->refcnt = 1; if ((error = pf_begin_eth(&t[0], eth_anchor->path)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: eth " - "anchor.path=%s\n", __func__, - eth_anchor->path)); + DPFPRINTF(PF_DEBUG_MISC, "%s: eth " + "anchor.path=%s", __func__, + eth_anchor->path); goto error; } error = pf_commit_eth(t[0], eth_anchor->path); @@ -6492,27 +6490,27 @@ shutdown_pf(void) if ((error = pf_begin_rules(&t[0], PF_RULESET_SCRUB, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: SCRUB\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: SCRUB", __func__); break; } if ((error = pf_begin_rules(&t[1], PF_RULESET_FILTER, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: FILTER\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: FILTER", __func__); break; /* XXX: rollback? */ } if ((error = pf_begin_rules(&t[2], PF_RULESET_NAT, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: NAT\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: NAT", __func__); break; /* XXX: rollback? */ } if ((error = pf_begin_rules(&t[3], PF_RULESET_BINAT, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: BINAT\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: BINAT", __func__); break; /* XXX: rollback? */ } if ((error = pf_begin_rules(&t[4], PF_RULESET_RDR, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: RDR\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: RDR", __func__); break; /* XXX: rollback? */ } @@ -6531,7 +6529,7 @@ shutdown_pf(void) break; if ((error = pf_begin_eth(&t[0], &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: eth\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: eth", __func__); break; } error = pf_commit_eth(t[0], &nn); @@ -6539,7 +6537,7 @@ shutdown_pf(void) #ifdef ALTQ if ((error = pf_begin_altq(&t[0])) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: ALTQ\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: ALTQ", __func__); break; } pf_commit_altq(t[0]); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index 9c7863bb301e..ea0d6facf695 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -71,8 +71,6 @@ #define V_pf_rdr_srcport_rewrite_tries VNET(pf_rdr_srcport_rewrite_tries) VNET_DEFINE_STATIC(int, pf_rdr_srcport_rewrite_tries) = 16; -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - static uint64_t pf_hash(struct pf_addr *, struct pf_addr *, struct pf_poolhashkey *, sa_family_t); struct pf_krule *pf_match_translation(int, struct pf_test_ctx *); @@ -904,19 +902,19 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r, if (pf_get_mape_sport(pd, r, naddr, nportp, &ctx->udp_mapping, rpool)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: MAP-E port allocation (%u/%u/%u)" - " failed\n", + "pf: MAP-E port allocation (%u/%u/%u)" + " failed", rpool->mape.offset, rpool->mape.psidlen, - rpool->mape.psid)); + rpool->mape.psid); reason = PFRES_MAPFAILED; goto notrans; } } else if (pf_get_sport(pd, r, naddr, nportp, low, high, rpool, &ctx->udp_mapping, PF_SN_NAT)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: NAT proxy port allocation (%u-%u) failed\n", - rpool->proxy_port[0], rpool->proxy_port[1])); + "pf: NAT proxy port allocation (%u-%u) failed", + rpool->proxy_port[0], rpool->proxy_port[1]); reason = PFRES_MAPFAILED; goto notrans; } @@ -1085,13 +1083,13 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r, * the state may be reused if the TCP state is terminal. */ DPFPRINTF(PF_DEBUG_MISC, - ("pf: RDR source port allocation failed\n")); + "pf: RDR source port allocation failed"); break; out: DPFPRINTF(PF_DEBUG_MISC, - ("pf: RDR source port allocation %u->%u\n", - ntohs(pd->nsport), ntohs(ctx->nk->port[0]))); + "pf: RDR source port allocation %u->%u", + ntohs(pd->nsport), ntohs(ctx->nk->port[0])); break; } default: @@ -1140,8 +1138,8 @@ pf_get_transaddr_af(struct pf_krule *r, struct pf_pdesc *pd) if (pf_get_sport(pd, r, &nsaddr, &nport, r->nat.proxy_port[0], r->nat.proxy_port[1], &r->nat, NULL, PF_SN_NAT)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: af-to NAT proxy port allocation (%u-%u) failed", - r->nat.proxy_port[0], r->nat.proxy_port[1])); + "pf: af-to NAT proxy port allocation (%u-%u) failed", + r->nat.proxy_port[0], r->nat.proxy_port[1]); return (-1); } diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 369292ca365e..8cea9557633c 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -160,13 +160,6 @@ static int pf_reassemble6(struct mbuf **, struct ip6_frag *, uint16_t, uint16_t, u_short *); #endif /* INET6 */ -#define DPFPRINTF(x) do { \ - if (V_pf_status.debug >= PF_DEBUG_MISC) { \ - printf("%s: ", __func__); \ - printf x ; \ - } \ -} while(0) - #ifdef INET static void pf_ip2key(struct ip *ip, struct pf_frnode *key) @@ -262,7 +255,8 @@ pf_purge_fragments(uint32_t expire) if (frag->fr_timeout > expire) break; - DPFPRINTF(("expiring %d(%p)\n", frag->fr_id, frag)); + DPFPRINTF(PF_DEBUG_MISC, "expiring %d(%p)", + frag->fr_id, frag); pf_free_fragment(frag); } @@ -281,7 +275,7 @@ pf_flush_fragments(void) PF_FRAG_ASSERT(); goal = uma_zone_get_cur(V_pf_frent_z) * 9 / 10; - DPFPRINTF(("trying to free %d frag entriess\n", goal)); + DPFPRINTF(PF_DEBUG_MISC, "trying to free %d frag entriess", goal); while (goal < uma_zone_get_cur(V_pf_frent_z)) { frag = TAILQ_LAST(&V_pf_fragqueue, pf_fragqueue); if (frag) @@ -573,26 +567,30 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, /* No empty fragments. */ if (frent->fe_len == 0) { - DPFPRINTF(("bad fragment: len 0\n")); + DPFPRINTF(PF_DEBUG_MISC, "bad fragment: len 0"); goto bad_fragment; } /* All fragments are 8 byte aligned. */ if (frent->fe_mff && (frent->fe_len & 0x7)) { - DPFPRINTF(("bad fragment: mff and len %d\n", frent->fe_len)); + DPFPRINTF(PF_DEBUG_MISC, "bad fragment: mff and len %d", + frent->fe_len); goto bad_fragment; } /* Respect maximum length, IP_MAXPACKET == IPV6_MAXPACKET. */ if (frent->fe_off + frent->fe_len > IP_MAXPACKET) { - DPFPRINTF(("bad fragment: max packet %d\n", - frent->fe_off + frent->fe_len)); + DPFPRINTF(PF_DEBUG_MISC, "bad fragment: max packet %d", + frent->fe_off + frent->fe_len); goto bad_fragment; } - DPFPRINTF((key->fn_af == AF_INET ? - "reass frag %d @ %d-%d\n" : "reass frag %#08x @ %d-%d\n", - id, frent->fe_off, frent->fe_off + frent->fe_len)); + if (key->fn_af == AF_INET) + DPFPRINTF(PF_DEBUG_MISC, "reass frag %d @ %d-%d\n", + id, frent->fe_off, frent->fe_off + frent->fe_len); + else + DPFPRINTF(PF_DEBUG_MISC, "reass frag %#08x @ %d-%d", + id, frent->fe_off, frent->fe_off + frent->fe_len); /* Fully buffer all of the fragments in this fragment queue. */ frag = pf_find_fragment(key, id); @@ -690,10 +688,10 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, precut = prev->fe_off + prev->fe_len - frent->fe_off; if (precut >= frent->fe_len) { - DPFPRINTF(("new frag overlapped\n")); + DPFPRINTF(PF_DEBUG_MISC, "new frag overlapped"); goto drop_fragment; } - DPFPRINTF(("frag head overlap %d\n", precut)); + DPFPRINTF(PF_DEBUG_MISC, "frag head overlap %d", precut); m_adj(frent->fe_m, precut); frent->fe_off += precut; frent->fe_len -= precut; @@ -705,7 +703,8 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, aftercut = frent->fe_off + frent->fe_len - after->fe_off; if (aftercut < after->fe_len) { - DPFPRINTF(("frag tail overlap %d", aftercut)); + DPFPRINTF(PF_DEBUG_MISC, "frag tail overlap %d", + aftercut); m_adj(after->fe_m, aftercut); /* Fragment may switch queue as fe_off changes */ pf_frent_remove(frag, after); @@ -713,7 +712,8 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, after->fe_len -= aftercut; /* Insert into correct queue */ if (pf_frent_insert(frag, after, prev)) { - DPFPRINTF(("fragment requeue limit exceeded")); + DPFPRINTF(PF_DEBUG_MISC, + "fragment requeue limit exceeded"); m_freem(after->fe_m); uma_zfree(V_pf_frent_z, after); /* There is not way to recover */ @@ -723,7 +723,7 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, } /* This fragment is completely overlapped, lose it. */ - DPFPRINTF(("old frag overlapped\n")); + DPFPRINTF(PF_DEBUG_MISC, "old frag overlapped"); next = TAILQ_NEXT(after, fr_next); pf_frent_remove(frag, after); m_freem(after->fe_m); @@ -732,7 +732,7 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, /* If part of the queue gets too long, there is not way to recover. */ if (pf_frent_insert(frag, frent, prev)) { - DPFPRINTF(("fragment queue limit exceeded\n")); + DPFPRINTF(PF_DEBUG_MISC, "fragment queue limit exceeded"); goto bad_fragment; } @@ -748,7 +748,7 @@ free_fragment: * fragment, the entire datagram (and any constituent fragments) MUST * be silently discarded. */ - DPFPRINTF(("flush overlapping fragments\n")); + DPFPRINTF(PF_DEBUG_MISC, "flush overlapping fragments"); pf_free_fragment(frag); bad_fragment: @@ -826,7 +826,8 @@ pf_reassemble(struct mbuf **m0, u_short *reason) m = *m0 = NULL; if (frag->fr_holes) { - DPFPRINTF(("frag %d, holes %d\n", frag->fr_id, frag->fr_holes)); + DPFPRINTF(PF_DEBUG_MISC, "frag %d, holes %d", + frag->fr_id, frag->fr_holes); return (PF_PASS); /* drop because *m0 is NULL, no error */ } @@ -872,14 +873,14 @@ pf_reassemble(struct mbuf **m0, u_short *reason) ip->ip_off &= ~(IP_MF|IP_OFFMASK); if (hdrlen + total > IP_MAXPACKET) { - DPFPRINTF(("drop: too big: %d\n", total)); + DPFPRINTF(PF_DEBUG_MISC, "drop: too big: %d", total); ip->ip_len = 0; REASON_SET(reason, PFRES_SHORT); /* PF_DROP requires a valid mbuf *m0 in pf_test() */ return (PF_DROP); } - DPFPRINTF(("complete: %p(%d)\n", m, ntohs(ip->ip_len))); + DPFPRINTF(PF_DEBUG_MISC, "complete: %p(%d)", m, ntohs(ip->ip_len)); return (PF_PASS); } #endif /* INET */ @@ -931,8 +932,8 @@ pf_reassemble6(struct mbuf **m0, struct ip6_frag *fraghdr, m = *m0 = NULL; if (frag->fr_holes) { - DPFPRINTF(("frag %d, holes %d\n", frag->fr_id, - frag->fr_holes)); + DPFPRINTF(PF_DEBUG_MISC, "frag %d, holes %d", frag->fr_id, + frag->fr_holes); PF_FRAG_UNLOCK(); return (PF_PASS); /* Drop because *m0 is NULL, no error. */ } @@ -993,14 +994,15 @@ pf_reassemble6(struct mbuf **m0, struct ip6_frag *fraghdr, ip6->ip6_nxt = proto; if (hdrlen - sizeof(struct ip6_hdr) + total > IPV6_MAXPACKET) { - DPFPRINTF(("drop: too big: %d\n", total)); + DPFPRINTF(PF_DEBUG_MISC, "drop: too big: %d", total); ip6->ip6_plen = 0; REASON_SET(reason, PFRES_SHORT); /* PF_DROP requires a valid mbuf *m0 in pf_test6(). */ return (PF_DROP); } - DPFPRINTF(("complete: %p(%d)\n", m, ntohs(ip6->ip6_plen))); + DPFPRINTF(PF_DEBUG_MISC, "complete: %p(%d)", m, + ntohs(ip6->ip6_plen)); return (PF_PASS); fail: @@ -1090,7 +1092,7 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag, action = PF_PASS; } else { /* Drop expects an mbuf to free. */ - DPFPRINTF(("refragment error %d\n", error)); + DPFPRINTF(PF_DEBUG_MISC, "refragment error %d", error); action = PF_DROP; } for (; m; m = t) { @@ -1230,7 +1232,7 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) * no-df above, fine. Otherwise drop it. */ if (h->ip_off & htons(IP_DF)) { - DPFPRINTF(("IP_DF\n")); + DPFPRINTF(PF_DEBUG_MISC, "IP_DF"); goto bad; } @@ -1238,13 +1240,13 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) /* All fragments are 8 byte aligned */ if (mff && (ip_len & 0x7)) { - DPFPRINTF(("mff and %d\n", ip_len)); + DPFPRINTF(PF_DEBUG_MISC, "mff and %d", ip_len); goto bad; } /* Respect maximum length */ if (fragoff + ip_len > IP_MAXPACKET) { - DPFPRINTF(("max packet %d\n", fragoff + ip_len)); + DPFPRINTF(PF_DEBUG_MISC, "max packet %d", fragoff + ip_len); goto bad; } @@ -1256,7 +1258,8 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) /* Fully buffer all of the fragments * Might return a completely reassembled mbuf, or NULL */ PF_FRAG_LOCK(); - DPFPRINTF(("reass frag %d @ %d-%d\n", h->ip_id, fragoff, max)); + DPFPRINTF(PF_DEBUG_MISC, "reass frag %d @ %d-%d", + h->ip_id, fragoff, max); verdict = pf_reassemble(&pd->m, reason); PF_FRAG_UNLOCK(); @@ -1282,7 +1285,7 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) return (PF_PASS); bad: - DPFPRINTF(("dropping bad fragment\n")); + DPFPRINTF(PF_DEBUG_MISC, "dropping bad fragment"); REASON_SET(reason, PFRES_FRAG); drop: if (r != NULL && r->log) @@ -1711,7 +1714,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, (uptime.tv_sec - src->scrub->pfss_last.tv_sec > TS_MAX_IDLE || time_uptime - (state->creation / 1000) > TS_MAX_CONN)) { if (V_pf_status.debug >= PF_DEBUG_MISC) { - DPFPRINTF(("src idled out of PAWS\n")); + DPFPRINTF(PF_DEBUG_MISC, "src idled out of PAWS"); pf_print_state(state); printf("\n"); } @@ -1721,7 +1724,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, if (dst->scrub && (dst->scrub->pfss_flags & PFSS_PAWS) && uptime.tv_sec - dst->scrub->pfss_last.tv_sec > TS_MAX_IDLE) { if (V_pf_status.debug >= PF_DEBUG_MISC) { - DPFPRINTF(("dst idled out of PAWS\n")); + DPFPRINTF(PF_DEBUG_MISC, "dst idled out of PAWS"); pf_print_state(state); printf("\n"); } @@ -1826,22 +1829,22 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, * an old timestamp. */ - DPFPRINTF(("Timestamp failed %c%c%c%c\n", + DPFPRINTF(PF_DEBUG_MISC, "Timestamp failed %c%c%c%c", SEQ_LT(tsval, dst->scrub->pfss_tsecr) ? '0' : ' ', SEQ_GT(tsval, src->scrub->pfss_tsval + tsval_from_last) ? '1' : ' ', SEQ_GT(tsecr, dst->scrub->pfss_tsval) ? '2' : ' ', - SEQ_LT(tsecr, dst->scrub->pfss_tsval0)? '3' : ' ')); - DPFPRINTF((" tsval: %u tsecr: %u +ticks: %u " - "idle: %jus %lums\n", + SEQ_LT(tsecr, dst->scrub->pfss_tsval0)? '3' : ' '); + DPFPRINTF(PF_DEBUG_MISC, " tsval: %u tsecr: %u +ticks: " + "%u idle: %jus %lums", tsval, tsecr, tsval_from_last, (uintmax_t)delta_ts.tv_sec, - delta_ts.tv_usec / 1000)); - DPFPRINTF((" src->tsval: %u tsecr: %u\n", - src->scrub->pfss_tsval, src->scrub->pfss_tsecr)); - DPFPRINTF((" dst->tsval: %u tsecr: %u tsval0: %u" - "\n", dst->scrub->pfss_tsval, - dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0)); + delta_ts.tv_usec / 1000); + DPFPRINTF(PF_DEBUG_MISC, " src->tsval: %u tsecr: %u", + src->scrub->pfss_tsval, src->scrub->pfss_tsecr); + DPFPRINTF(PF_DEBUG_MISC, " dst->tsval: %u tsecr: %u " + "tsval0: %u", dst->scrub->pfss_tsval, + dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0); if (V_pf_status.debug >= PF_DEBUG_MISC) { pf_print_state(state); pf_print_flags(tcp_get_flags(th)); @@ -1891,8 +1894,8 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, * stack changed its RFC1323 behavior?!?! */ if (V_pf_status.debug >= PF_DEBUG_MISC) { - DPFPRINTF(("Did not receive expected RFC1323 " - "timestamp\n")); + DPFPRINTF(PF_DEBUG_MISC, "Did not receive expected " + "RFC1323 timestamp"); pf_print_state(state); pf_print_flags(tcp_get_flags(th)); printf("\n"); @@ -1919,9 +1922,9 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, if (V_pf_status.debug >= PF_DEBUG_MISC && dst->scrub && (dst->scrub->pfss_flags & PFSS_TIMESTAMP)) { /* Don't warn if other host rejected RFC1323 */ - DPFPRINTF(("Broken RFC1323 stack did not " - "timestamp data packet. Disabled PAWS " - "security.\n")); + DPFPRINTF(PF_DEBUG_MISC, "Broken RFC1323 stack did " + "not timestamp data packet. Disabled PAWS " + "security."); pf_print_state(state); pf_print_flags(tcp_get_flags(th)); printf("\n"); diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c index 3e00cc7c80a2..150626c5f3fb 100644 --- a/sys/netpfil/pf/pf_osfp.c +++ b/sys/netpfil/pf/pf_osfp.c @@ -40,9 +40,6 @@ #endif static MALLOC_DEFINE(M_PFOSFP, "pf_osfp", "pf(4) operating system fingerprints"); -#define DPFPRINTF(format, x...) \ - if (V_pf_status.debug >= PF_DEBUG_NOISY) \ - printf(format , ##x) SLIST_HEAD(pf_osfp_list, pf_os_fingerprint); VNET_DEFINE_STATIC(struct pf_osfp_list, pf_osfp_list) = @@ -189,8 +186,8 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st optlen = MAX(optlen, 1); /* paranoia */ } - DPFPRINTF("fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " - "(TS=%s,M=%s%d,W=%s%d)\n", + DPFPRINTF(PF_DEBUG_NOISY, "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " + "(TS=%s,M=%s%d,W=%s%d)", srcname, ntohs(tcp->th_sport), fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, @@ -219,7 +216,7 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) if (os == PF_OSFP_ANY) return (1); if (list == NULL) { - DPFPRINTF("osfp no match against %x\n", os); + DPFPRINTF(PF_DEBUG_NOISY, "osfp no match against %x", os); return (os == PF_OSFP_UNKNOWN); } PF_OSFP_UNPACK(os, os_class, os_version, os_subtype); @@ -228,13 +225,13 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) if ((os_class == PF_OSFP_ANY || en_class == os_class) && (os_version == PF_OSFP_ANY || en_version == os_version) && (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) { - DPFPRINTF("osfp matched %s %s %s %x==%x\n", + DPFPRINTF(PF_DEBUG_NOISY, "osfp matched %s %s %s %x==%x", entry->fp_class_nm, entry->fp_version_nm, entry->fp_subtype_nm, os, entry->fp_os); return (1); } } - DPFPRINTF("fingerprint 0x%x didn't match\n", os); + DPFPRINTF(PF_DEBUG_NOISY, "fingerprint 0x%x didn't match", os); return (0); } @@ -275,8 +272,8 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fpadd.fp_ttl = fpioc->fp_ttl; #if 0 /* XXX RYAN wants to fix logging */ - DPFPRINTF("adding osfp %s %s %s = %s%d:%d:%d:%s%d:0x%llx %d " - "(TS=%s,M=%s%d,W=%s%d) %x\n", + DPFPRINTF(PF_DEBUG_NOISY, "adding osfp %s %s %s =" + " %s%d:%d:%d:%s%d:0x%llx %d (TS=%s,M=%s%d,W=%s%d) %x", fpioc->fp_os.fp_class_nm, fpioc->fp_os.fp_version_nm, fpioc->fp_os.fp_subtype_nm, (fpadd.fp_flags & PF_OSFP_WSIZE_MOD) ? "%" : diff --git a/sys/netpfil/pf/pf_ruleset.c b/sys/netpfil/pf/pf_ruleset.c index 2e5165a9900c..43b51f2933f4 100644 --- a/sys/netpfil/pf/pf_ruleset.c +++ b/sys/netpfil/pf/pf_ruleset.c @@ -59,9 +59,6 @@ #error "Kernel only file. Please use sbin/pfctl/pf_ruleset.c instead." #endif -#define DPFPRINTF(format, x...) \ - if (V_pf_status.debug >= PF_DEBUG_NOISY) \ - printf(format , ##x) #define rs_malloc(x) malloc(x, M_TEMP, M_NOWAIT|M_ZERO) #define rs_free(x) free(x, M_TEMP) @@ -386,7 +383,8 @@ pf_kanchor_setup(struct pf_krule *r, const struct pf_kruleset *s, strlcpy(path, s->anchor->path, MAXPATHLEN); while (name[0] == '.' && name[1] == '.' && name[2] == '/') { if (!path[0]) { - DPFPRINTF("%s: .. beyond root\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: .. beyond root", + __func__); rs_free(path); return (1); } @@ -408,7 +406,7 @@ pf_kanchor_setup(struct pf_krule *r, const struct pf_kruleset *s, ruleset = pf_find_or_create_kruleset(path); rs_free(path); if (ruleset == NULL || ruleset == &pf_main_ruleset) { - DPFPRINTF("%s: ruleset\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: ruleset", __func__); return (1); } r->anchor = ruleset->anchor; @@ -690,7 +688,8 @@ pf_keth_anchor_setup(struct pf_keth_rule *r, const struct pf_keth_ruleset *s, strlcpy(path, s->anchor->path, MAXPATHLEN); while (name[0] == '.' && name[1] == '.' && name[2] == '/') { if (!path[0]) { - DPFPRINTF("%s: .. beyond root\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: .. beyond root", + __func__); rs_free(path); return (1); } @@ -712,7 +711,7 @@ pf_keth_anchor_setup(struct pf_keth_rule *r, const struct pf_keth_ruleset *s, ruleset = pf_find_or_create_keth_ruleset(path); rs_free(path); if (ruleset == NULL || ruleset->anchor == NULL) { - DPFPRINTF("%s: ruleset\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: ruleset", __func__); return (1); } r->anchor = ruleset->anchor; diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c index 66757fa4b756..4a935bc65767 100644 --- a/sys/netpfil/pf/pf_syncookies.c +++ b/sys/netpfil/pf/pf_syncookies.c @@ -88,8 +88,6 @@ #include <net/pfvar.h> #include <netpfil/pf/pf_nv.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - union pf_syncookie { uint8_t cookie; struct { @@ -281,7 +279,7 @@ pf_synflood_check(struct pf_pdesc *pd) pf_syncookie_rotate, curvnet); V_pf_status.syncookies_active = true; DPFPRINTF(LOG_WARNING, - ("synflood detected, enabling syncookies\n")); + "synflood detected, enabling syncookies"); // XXXTODO V_pf_status.lcounters[LCNT_SYNFLOODS]++; } @@ -367,7 +365,7 @@ pf_syncookie_rotate(void *arg) V_pf_status.syncookies_mode == PF_SYNCOOKIES_NEVER) ) { V_pf_status.syncookies_active = false; - DPFPRINTF(PF_DEBUG_MISC, ("syncookies disabled\n")); + DPFPRINTF(PF_DEBUG_MISC, "syncookies disabled"); } /* nothing in flight any more? delete keys and return */ diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c index 9c0151b7da2b..ecc185f89ad7 100644 --- a/sys/netpfil/pf/pf_table.c +++ b/sys/netpfil/pf/pf_table.c @@ -49,8 +49,6 @@ #include <net/vnet.h> #include <net/pfvar.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - #define ACCEPT_FLAGS(flags, oklist) \ do { \ if ((flags & ~(oklist)) & \ @@ -2189,7 +2187,7 @@ pfr_update_stats(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af, if ((ke == NULL || ke->pfrke_not) != notrule) { if (op_pass != PFR_OP_PASS) DPFPRINTF(PF_DEBUG_URGENT, - ("pfr_update_stats: assertion failed.\n")); + "pfr_update_stats: assertion failed."); op_pass = PFR_OP_XPASS; } pfr_kstate_counter_add(&kt->pfrkt_packets[dir_out][op_pass], 1); diff --git a/sys/riscv/allwinner/files.allwinner b/sys/riscv/allwinner/files.allwinner index 73fa9660e2d2..7a4ff6b9c62e 100644 --- a/sys/riscv/allwinner/files.allwinner +++ b/sys/riscv/allwinner/files.allwinner @@ -1,5 +1,6 @@ arm/allwinner/aw_gpio.c optional gpio aw_gpio fdt +arm/allwinner/aw_mmc.c optional mmc aw_mmc fdt | mmccam aw_mmc fdt arm/allwinner/aw_rtc.c optional aw_rtc fdt arm/allwinner/aw_syscon.c optional syscon arm/allwinner/aw_sid.c optional aw_sid nvmem diff --git a/sys/riscv/conf/std.allwinner b/sys/riscv/conf/std.allwinner index 2b1e0d4e09dc..34fe195b01ba 100644 --- a/sys/riscv/conf/std.allwinner +++ b/sys/riscv/conf/std.allwinner @@ -7,6 +7,7 @@ options SOC_ALLWINNER_D1 device aw_ccu # Allwinner clock controller device aw_gpio # Allwinner GPIO controller +device aw_mmc # Allwinner SD/MMC controller device aw_rtc # Allwinner Real-time Clock device aw_sid # Allwinner Secure ID EFUSE device aw_timer # Allwinner Timer diff --git a/tests/sys/cam/ctl/ctl.subr b/tests/sys/cam/ctl/ctl.subr index 5da441b806f0..6cc02d774bdb 100644 --- a/tests/sys/cam/ctl/ctl.subr +++ b/tests/sys/cam/ctl/ctl.subr @@ -25,15 +25,6 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -load_modules() { - if ! kldstat -q -m ctl; then - kldload ctl || atf_skip "could not load ctl kernel mod" - fi - if ! ctladm port -o on -p 0; then - atf_skip "could not enable the camsim frontend" - fi -} - find_device() { LUN=$1 diff --git a/tests/sys/fs/fusefs/Makefile b/tests/sys/fs/fusefs/Makefile index b11f11bdfa98..a21512798597 100644 --- a/tests/sys/fs/fusefs/Makefile +++ b/tests/sys/fs/fusefs/Makefile @@ -70,7 +70,8 @@ TEST_METADATA.nfs+= required_user="root" TEST_METADATA.ctl+= is_exclusive="true" TEST_METADATA.ctl+= required_user="root" -TEST_METADATA+= timeout=10 +TEST_METADATA+= timeout=10 +TEST_METADATA+= required_kmods="fusefs" FUSEFS= ${SRCTOP}/sys/fs/fuse # Suppress warnings that GCC generates for the libc++ and gtest headers. diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index 3adaef09ddbd..404d5adfb07a 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -58,6 +58,8 @@ ATF_TESTS_SH+= altq \ ATF_TESTS_PYTEST+= frag6.py ATF_TESTS_PYTEST+= header.py ATF_TESTS_PYTEST+= icmp.py +ATF_TESTS_PYTEST+= igmp.py +ATF_TESTS_PYTEST+= mld.py ATF_TESTS_PYTEST+= nat64.py ATF_TESTS_PYTEST+= nat66.py ATF_TESTS_PYTEST+= return.py diff --git a/tests/sys/netpfil/pf/icmp.py b/tests/sys/netpfil/pf/icmp.py index 59f2e8190b30..c5e945d60e99 100644 --- a/tests/sys/netpfil/pf/icmp.py +++ b/tests/sys/netpfil/pf/icmp.py @@ -136,8 +136,7 @@ class TestICMP(VnetTestTemplate): / sp.ICMP(type='echo-request') \ / sp.raw(bytes.fromhex('f0') * payload_size) - p = sp.sr1(packet, iface=self.vnet.iface_alias_map["if1"].name, - timeout=3) + p = sp.sr1(packet, timeout=3) p.show() ip = p.getlayer(sp.IP) @@ -176,6 +175,22 @@ class TestICMP(VnetTestTemplate): self.check_icmp_echo(sp, 1464) self.check_icmp_echo(sp, 1468) + @pytest.mark.require_user("root") + @pytest.mark.require_progs(["scapy"]) + def test_truncated_opts(self): + ToolsHelper.print_output("/sbin/route add default 192.0.2.1") + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + + packet = sp.IP(dst="198.51.100.2", flags="DF") \ + / sp.ICMP(type='dest-unreach', length=108) \ + / sp.IP(src="198.51.100.2", dst="192.0.2.2", len=1000, \ + ihl=(120 >> 2), options=[ \ + sp.IPOption_Security(length=100)]) + packet.show() + sp.sr1(packet, timeout=3) + class TestICMP_NAT(VnetTestTemplate): REQUIRED_MODULES = [ "pf" ] TOPOLOGY = { diff --git a/tests/sys/netpfil/pf/igmp.py b/tests/sys/netpfil/pf/igmp.py new file mode 100644 index 000000000000..b339a2825082 --- /dev/null +++ b/tests/sys/netpfil/pf/igmp.py @@ -0,0 +1,95 @@ +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2025 Rubicon Communications, LLC (Netgate) +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import pytest +from utils import DelayedSend +from atf_python.sys.net.tools import ToolsHelper +from atf_python.sys.net.vnet import VnetTestTemplate + +class TestIGMP(VnetTestTemplate): + REQUIRED_MODULES = [ "pf" ] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1"]}, + "if1": {"prefixes4": [("192.0.2.2/24", "192.0.2.1/24")]}, + } + + def vnet2_handler(self, vnet): + ifname = vnet.iface_alias_map["if1"].name + ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.pf_rules([ + "pass", + ]) + ToolsHelper.print_output("/sbin/pfctl -x loud") + ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname) + + def find_igmp_reply(self, pkt, ifname): + pkt.show() + s = DelayedSend(pkt) + + found = False + packets = self.sp.sniff(iface=ifname, timeout=5) + for r in packets: + r.show() + igmp = r.getlayer(self.sc.igmp.IGMP) + if not igmp: + continue + igmp.show() + if not igmp.gaddr == "230.0.0.1": + continue + found = True + return found + + @pytest.mark.require_user("root") + @pytest.mark.require_progs(["scapy"]) + def test_ip_opts(self): + """Verify that we allow IGMP packets with IP options""" + ifname = self.vnet.iface_alias_map["if1"].name + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + import scapy.contrib as sc + import scapy.contrib.igmp + self.sp = sp + self.sc = sc + + # We allow IGMP packets with the router alert option + pkt = sp.IP(dst="224.0.0.1%%%s" % ifname, ttl=1, + options=[sp.IPOption_Router_Alert()]) \ + / sc.igmp.IGMP(type=0x11, mrcode=1) + assert self.find_igmp_reply(pkt, ifname) + + # But not with other options + pkt = sp.IP(dst="224.0.0.1%%%s" % ifname, ttl=1, + options=[sp.IPOption_NOP()]) \ + / sc.igmp.IGMP(type=0x11, mrcode=1) + assert not self.find_igmp_reply(pkt, ifname) + + # Or with the wrong TTL + pkt = sp.IP(dst="224.0.0.1%%%s" % ifname, ttl=2, + options=[sp.IPOption_Router_Alert()]) \ + / sc.igmp.IGMP(type=0x11, mrcode=1) + assert not self.find_igmp_reply(pkt, ifname) diff --git a/tests/sys/netpfil/pf/mld.py b/tests/sys/netpfil/pf/mld.py new file mode 100644 index 000000000000..d118a34c8a7d --- /dev/null +++ b/tests/sys/netpfil/pf/mld.py @@ -0,0 +1,95 @@ +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2025 Rubicon Communications, LLC (Netgate) +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import pytest +from utils import DelayedSend +from atf_python.sys.net.tools import ToolsHelper +from atf_python.sys.net.vnet import VnetTestTemplate + +class TestMLD(VnetTestTemplate): + REQUIRED_MODULES = [ "pf" ] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1"]}, + "if1": {"prefixes6": [("2001:db8::2/64", "2001:db8::1/64")]}, + } + + def vnet2_handler(self, vnet): + ifname = vnet.iface_alias_map["if1"].name + #ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.pf_rules([ + "pass", + ]) + ToolsHelper.print_output("/sbin/pfctl -x loud") + #ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname) + + def find_mld_reply(self, pkt, ifname): + pkt.show() + s = DelayedSend(pkt) + + found = False + packets = self.sp.sniff(iface=ifname, timeout=5) + for r in packets: + r.show() + mld = r.getlayer(self.sp.ICMPv6MLReport2) + if not mld: + continue + mld.show() + found = True + return found + + @pytest.mark.require_user("root") + @pytest.mark.require_progs(["scapy"]) + def test_router_alert(self): + """Verify that we allow MLD packets with router alert extension header""" + ifname = self.vnet.iface_alias_map["if1"].name + #ToolsHelper.print_output("/sbin/ifconfig %s inet6 -ifdisable" % ifname) + ToolsHelper.print_output("/sbin/ifconfig") + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + import scapy.contrib as sc + import scapy.contrib.igmp + self.sp = sp + self.sc = sc + + # A correct MLD query gets a reply + pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ + / sp.RouterAlert(value=0) \ + / sp.ICMPv6MLQuery2() + assert self.find_mld_reply(pkt, ifname) + + # The wrong extension header does not + pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ + / sp.IPv6ExtHdrRouting() \ + / sp.ICMPv6MLQuery2() + assert not self.find_mld_reply(pkt, ifname) + + # Neither does an incorrect hop limit + pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \ + / sp.RouterAlert(value=0) \ + / sp.ICMPv6MLQuery2() + assert not self.find_mld_reply(pkt, ifname) diff --git a/tests/sys/netpfil/pf/table.sh b/tests/sys/netpfil/pf/table.sh index 78320375db7c..5e5fccdaca20 100644 --- a/tests/sys/netpfil/pf/table.sh +++ b/tests/sys/netpfil/pf/table.sh @@ -582,6 +582,34 @@ anchor_cleanup() pft_cleanup } +atf_test_case "flush" "cleanup" +flush_head() +{ + atf_set descr 'Test flushing addresses from tables' + atf_set require.user root +} + +flush_body() +{ + pft_init + + vnet_mkjail alcatraz + + atf_check -s exit:0 -e match:"1/1 addresses added." \ + jexec alcatraz pfctl -t foo -T add 1.2.3.4 + atf_check -s exit:0 -o match:" 1.2.3.4" \ + jexec alcatraz pfctl -t foo -T show + atf_check -s exit:0 -e match:"1 addresses deleted." \ + jexec alcatraz pfctl -t foo -T flush + atf_check -s exit:0 -o not-match:"1.2.3.4" \ + jexec alcatraz pfctl -t foo -T show +} + +flush_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4_counters" @@ -596,4 +624,5 @@ atf_init_test_cases() atf_add_test_case "pr259689" atf_add_test_case "precreate" atf_add_test_case "anchor" + atf_add_test_case "flush" } diff --git a/usr.sbin/bhyve/pci_xhci.c b/usr.sbin/bhyve/pci_xhci.c index 5b21361f2823..29001755cbbf 100644 --- a/usr.sbin/bhyve/pci_xhci.c +++ b/usr.sbin/bhyve/pci_xhci.c @@ -2588,7 +2588,7 @@ pci_xhci_reset_port(struct pci_xhci_softc *sc, int portn, int warm) if (dev) { port->portsc &= ~(XHCI_PS_PLS_MASK | XHCI_PS_PR | XHCI_PS_PRC); port->portsc |= XHCI_PS_PED | - XHCI_PS_SPEED_SET(dev->dev_ue->ue_usbspeed); + XHCI_PS_SPEED_SET(dev->hci.hci_speed); if (warm && dev->dev_ue->ue_usbver == 3) { port->portsc |= XHCI_PS_WRC; @@ -2622,11 +2622,11 @@ pci_xhci_init_port(struct pci_xhci_softc *sc, int portn) if (dev->dev_ue->ue_usbver == 2) { port->portsc |= XHCI_PS_PLS_SET(UPS_PORT_LS_POLL) | - XHCI_PS_SPEED_SET(dev->dev_ue->ue_usbspeed); + XHCI_PS_SPEED_SET(dev->hci.hci_speed); } else { port->portsc |= XHCI_PS_PLS_SET(UPS_PORT_LS_U0) | - XHCI_PS_PED | /* enabled */ - XHCI_PS_SPEED_SET(dev->dev_ue->ue_usbspeed); + XHCI_PS_PED | /* enabled */ + XHCI_PS_SPEED_SET(dev->hci.hci_speed); } DPRINTF(("Init port %d 0x%x", portn, port->portsc)); @@ -2833,6 +2833,7 @@ pci_xhci_parse_devices(struct pci_xhci_softc *sc, nvlist_t *nvl) dev->hci.hci_sc = dev; dev->hci.hci_intr = pci_xhci_dev_intr; dev->hci.hci_event = pci_xhci_dev_event; + dev->hci.hci_speed = USB_SPEED_MAX; if (ue->ue_usbver == 2) { if (usb2_port == sc->usb2_port_start + @@ -2863,6 +2864,8 @@ pci_xhci_parse_devices(struct pci_xhci_softc *sc, nvlist_t *nvl) dev->dev_ue = ue; dev->dev_sc = devsc; + if (dev->hci.hci_speed == USB_SPEED_MAX) + dev->hci.hci_speed = ue->ue_usbspeed; XHCI_SLOTDEV_PTR(sc, slot) = dev; ndevices++; diff --git a/usr.sbin/bhyve/usb_emul.h b/usr.sbin/bhyve/usb_emul.h index 8e0afcb2878b..85dedfeacd3b 100644 --- a/usr.sbin/bhyve/usb_emul.h +++ b/usr.sbin/bhyve/usb_emul.h @@ -85,6 +85,7 @@ struct usb_hci { /* controller managed fields */ int hci_address; int hci_port; + int hci_speed; }; /* diff --git a/usr.sbin/efitable/efitable.8 b/usr.sbin/efitable/efitable.8 index 4d174b7d9514..52949abcb853 100644 --- a/usr.sbin/efitable/efitable.8 +++ b/usr.sbin/efitable/efitable.8 @@ -1,4 +1,6 @@ .\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" .\" Copyright (c) 2021 3mdeb Embedded Systems Consulting <contact@3mdeb.com> .\" .\" Redistribution and use in source and binary forms, with or without @@ -27,7 +29,7 @@ .Os .Sh NAME .Nm efitable -.Nd Dump UEFI tables +.Nd dump UEFI tables .Sh SYNOPSIS .Nm .Op Fl u Ar uuid | Fl t Ar name @@ -39,7 +41,7 @@ This program prints data from tables. .Pp The following options are available: -.Bl -tag -width 20m +.Bl -tag -width "-t name | --table name" .It Fl -libxo Generate output via .Xr libxo 3 @@ -47,7 +49,7 @@ in a selection of different human and machine readable formats. See .Xr xo_options 7 for details on command line arguments. -.It Fl t Ar name Fl -table Ar name +.It Fl t Ar name | Fl -table Ar name Specify the name of the table to print. Currently supported tables: .Pp @@ -59,10 +61,9 @@ EFI Memory Attributes Table .It Cm prop EFI Properties Table .El -.It Fl u Ar uuid Fl -uuid Ar uuid +.It Fl u Ar uuid | Fl -uuid Ar uuid Specify the UUID of the table to print. .El -.Pp .Sh HISTORY The .Nm diff --git a/usr.sbin/getfmac/getfmac.8 b/usr.sbin/getfmac/getfmac.8 index eb930e0044f9..6176bfa09271 100644 --- a/usr.sbin/getfmac/getfmac.8 +++ b/usr.sbin/getfmac/getfmac.8 @@ -51,5 +51,8 @@ specified files. .Xr mac 3 , .Xr mac_get_file 3 , .Xr mac 4 , +.Xr maclabel 7 , +.Xr getpmac 8 , .Xr setfmac 8 , +.Xr setpmac 8 , .Xr mac 9 |