| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
The subclass arrays have to be empty.
OK deraadt@
|
| | |
|
| |
|
|
|
| |
RRDP will add a bunch more checks so this makes even more sense.
With and OK tb@
|
| |
|
|
| |
user know. EACCESS is currently accounted for, but nothing else.
|
| |
|
|
|
| |
be used by the RRDP code as well.
OK tb@
|
| |
|
|
| |
okay tb@
|
| |
|
|
|
|
|
| |
This results, e.g., in allowing the first item of a read-only array to
be overwritten, as found by Jordan Geoghegan.
okay tb@
|
| | |
|
| |
|
|
| |
OK dlg@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of the pki entries in the configuration file.
The set of certificates for a tls listener must be defined explicitly by
using the pki listener option multiple times.
ok tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
respect literal line breaks. This has the unwanted side effect of
rendering the authors section using a monospace font over at
man.openbsd.org. Instead use br macros to force line breaks.
With help from and ok jmc@
|
| | |
|
| | |
|
| |
|
|
| |
tested on amd64 and sparc64.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
this applies the tricks with addresses from veb and etherbridge
code to the normal ethernet input processing. it basically loads
the destination address from the packet and the interface ethernet
address into uint64_ts for comparison.
tested by hrvoje popovski and chris cappuccio
tested here on amd64, arm64, and sparc64
ok claudio@ jmatthew@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
obviously reduces the overhead of IOVA allocation, but instead you have the
problem of doubly mapped pages, and making sure a page is only unmapped once
the last user is gone. My initial attempt, modeled after apldart(4), calls
the allocator for each segment. Unfortunately this introduces a performance
penalty which reduces performance from around 700 Mbit/s to about 20 Mbit/s,
or even less, in a simple single stream tcpbench scenario. Most mbufs from
userland seem to have at least 3 segments. Calculating the needed IOVA space
upfront reduces this penalty. IOVA allocation overhead could be reduced once
and for all if it is possible to reserve IOVA during bus_dmamap_create(9), as
it is only called upon creation and basically never for each DMA cycle. This
needs some more thought.
With this we now put the pressure on the PTED pools instead. Additionally, but
not part of this diff, percpu pools for the PTEDs seem to reduce the overhead
for that single stream tcpbench scenario to 0.3%. Right now this means we're
hitting a different bottleneck, not related to the IOMMU. The next bottleneck
will be discovered once forwarding is unlocked. Though it should be possible
to benchmark the current implementation, and different designs, using a cycles
counter.
With IOVA allocation it's not easily possible to correlate memory passed to
bus_dmamem_map(9) with memory passed to bus_dmamap_load(9). So far my code
try to use the same cachability attributes as the kenrel uses for its userland
mappings. For the devices we support, there seems to be no need so far. If
this ever gives us any trouble in the feature, I'll have a look and fix it.
While drivers should call bus_dmamap_unload(9) before bus_dmamap_destroy(9),
the API explicitly states that bus_dmamap_destroy(9) should unload the map
if it is still loaded. Hence we need to do exactly that. I actually have
found one network driver which behaves that way, and the developer intends
to change the network driver's behaviour.
|
| |
|
|
|
|
|
| |
or which regions need to be reserved. As it turns out, a region we should
not map is the PCIe address space. Making a PCIe device try to do DMA to
an address in PCIe address space will obviously not make its way to SMMU
and host memory. We'll probably have to add an API for that.
|
| | |
|
| |
|
|
| |
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
Thank you Apple (not)!
Add an initial attempt to support such systems. This isn't good enough
since the kernel will hang once you create more than 127 processes.
But it makes things work reasonably well until you reach that limit
which is good enough to build things on the machine itself.
ok patrick@
|
| |
|
|
| |
ok patrick@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok claudio
|
| | |
|
| |
|
|
|
| |
This avoids errors that can arise when multiple cores update the
variable at the same time.
|
| |
|
|
| |
everything. Oups.
|
| |
|
|
|
|
| |
trust anchor. rpki-client will then use the https:// URL first and fall
back to rsync if the https request failed.
OK job@ tb@
|
| | |
|
| |
|
|
|
|
|
| |
Just use 'err(1, NULL);' there is no need to include the type of function
that failed since it is still impossible to locate the right call.
Just use a debugger in that case.
OK tb@ deraadt@
|
| | |
|
| | |
|
| |
|
|
|
| |
the proc_xyz() function at least in two occastions and it is not that
trivial to realize what goes wrong.
|
| |
|
|
|
| |
exit(rc);
/* NOTREACHED */
|
| |
|
|
|
|
|
| |
too many servers out there fail to properly close the TLS session which
results in unneccessary warnings like
TLS close: EOF without close notify
Result of a discussion with job@ and tb@
|
| |
|
|
|
|
|
|
| |
be used to fetch TA certs and later on for RRDP. Kind of unreached for now
since the default TAL files don't include https URI.
The http client is fully asynchronous and can handle multiple downloads at
the same time. This code was based on the http client in ftp(1).
OK tb@, job@
|
| |
|
|
|
| |
net/route.h pulls this is as a side-effect.
OK krw@
|
| |
|
|
| |
as noticed by jsg@
|
| | |
|
| |
|
|
| |
No actual code change (checked with cmp)
|
| |
|
|
|
|
| |
This makes appear some redundant & racy checks.
ok semarie@
|
jan
claudio
lum
zhuk
jsg
eric
yasuoka
anton
dlg
patrick
tobhe
kettenis
jmc
visa
tb
espie
mpi