Matthew Dillon [Sat, 16 Mar 2024 23:53:22 +0000 (16:53 -0700)]
sys/vfs/fuse: Some mmap related fixes, issues with sshfs and FUSE_FORGET
* Only issue FUSE_FSYNC when there is a file-handle associated with
the fuse_node.
* Be sure to flush the VM object on inactive before releasing the
file handle (fixes issues with mmap()).
* Don't issue FUSE_FORGET for now, it seems to confuse sshfs so either
I'm doing something wrong or ... don't know.
Matthew Dillon [Sat, 16 Mar 2024 21:44:21 +0000 (14:44 -0700)]
sys/vfs/fuse: Fix a ton more stuff
* Remove all the fuse_dent code. It is no longer needed.
* Remove signal mask wrappers. tsleep() isn't passing PCATCH so
signals are basically ignored.
* Add missing required FUSE_RELEASE operations (paired with CREATE/OPEN)
* Add missing required FUSE_FORGET operations (paired with LOOKUPs).
"." and ".." are not recorded by userland and do not need to be
forgotten (will confuse userland if they are).
* No reply is expected from FUSE_FORGET RPCs, add infrastructure to
handle this case.
* Index fuse_node's by their inode number, which greatly improves
hardlink handling.
* Properly store the file-handle for CREATE operations so we can
release it later (fixes some dangling .fuse_hidden* files).
* Flush the vnode and issue a FUSE_RELEASE when removing a file,
including in the rename-over-file case, if the file is no longer
open. Otherwise cached vnodes that have not yet been reclaimed
will interfere with the removal and cause the fuse userland to
create a .fuse_hidden* file.
NOTE: RELEASE operations still need a bit of work. The v_opencount
test in the file removal path is not sufficient, but we had
to close RELEASEs there for the general case to avoid many
annoying cases where .fuse_hidden* files are created.
Matthew Dillon [Fri, 15 Mar 2024 06:26:40 +0000 (23:26 -0700)]
sys/vfs/fuse: Fix a ton of stuff and get writes working
* Recode all the file I/O. Use the buffer cache properly, create a
backend for BIO strategy calls. mmap() should work properly now.
write() should also now work properly.
* For the moment issue vfinalize() when the opencount == 0 to force
the DFly kernel to dispose of inactive vnodes once all references
(including mmap references) are gone.
* Recode the filehandle (fh) tracking. File handles are assigned
in fuse_vop_open() and instead of being released in fuse_vop_close()
(which completely blows up mmap() operations), we now release
file handles in fuse_vop_inactive().
Remove the fh side allocation. The fh is now positively stored in
the fuse_node.
* Properly zero data structures allocated via the objcache.
* Implement the new syncer thread / syncer scan API for fsync
operations.
* Implement asynchronous I/O in the frontend (the backend helper thread
is currently still synchronous).
* Rejigger how attributes are handled when the file size changes.
It is still a bit of a mess but it is better than before. The
basic problem is that the file attribute info in userland does
not update the file size field until we flush the BIOs related
to an append.
* Not yet fixed: hard link related issues (duplicate fuse_node inodes
are allocated).
nlink tracking was a mess. Adjust fuse_node->nlink to only track
the allocated directory entries on the kernel side. Do not try
to update it against attribute nlink counts. We always report
thte attribute nlink counts... the fuse_node->nlink only tracks
local directory entries for the moment.
* Fix a use-after-free situation that can develop with the root vnode
for the fuse filesystem.
* Properly disconnect fnp->pfnp linkages and move connection and
disconnection to fuse_dent_attach() and fuse_dent_detach().
* Improve atomicy in fuse_node_vn().
* Implement advisory locks locally on the kernel side.
* Not yet fixed: Multiple fuse_node's can have the same inode because
we are not yet indexing them by inode number.
Tomohiro Kusumi [Thu, 14 Mar 2024 02:50:45 +0000 (19:50 -0700)]
sys/vfs/fuse: Re-disable from build
The potential NULL deref fix in
df8dfe6e4994f81f7a8a3cf7c5fbdce4451ac41b
is unrelated to enabling FUSE.
See
5812c3cc7f8e910251a2cf4e78242f0b11a5fb4d
and
bd699eeae3b09e46383d416a578ffbf2640e0285 for details.
Kyle Butt [Wed, 13 Mar 2024 20:04:32 +0000 (14:04 -0600)]
Fix null dereference bug in fuse and re-enable it.
There was a null dereference bug in fuse if the subtype was null.
subtype is supposed to be optional, as demonstrated by the code, so test
it for null before copying it in from userspace.
Remove the redundant memcpy which appears to have been missed when the
code was changed to memset/copyinstr.
Aaron LI [Tue, 12 Mar 2024 04:19:40 +0000 (12:19 +0800)]
less(1): Fix the installation name of 'lesspipe.sh'
Don't change the installation name, as the exact name of 'lesspipe.sh'
is used in 'zless.sh'.
Aaron LI [Tue, 12 Mar 2024 04:14:45 +0000 (12:14 +0800)]
contrib/less: Fix rendering issue with mandoc
In addition, fix the markup issue `.less` to be `.B less`.
See also:
- https://github.com/gwsw/less/pull/427
- https://github.com/gwsw/less/pull/490
Aaron LI [Mon, 11 Mar 2024 15:14:56 +0000 (23:14 +0800)]
less(1): Regenerate defines.h and update Makefiles
- Regenerate 'defines.h' as described in 'README.DRAGONFLY'.
- Update the Makefiles for less(1), lessecho(1) and lesskey(1).
- Install the lessecho.1 man page.
Aaron LI [Mon, 11 Mar 2024 15:10:57 +0000 (23:10 +0800)]
contrib/less: Fix edit.c for building
edit.c: In function 'close_pipe':
edit.c:307:14: error: 'SIGPIPE' undeclared (first use in this function); did you mean 'SI_TIMER'?
if (sig != SIGPIPE || ch_length() != NULL_POSITION)
^~~~~~~
SI_TIMER
Aaron LI [Mon, 11 Mar 2024 15:09:26 +0000 (23:09 +0800)]
contrib/less: Update READMEs
Aaron LI [Mon, 11 Mar 2024 13:47:16 +0000 (21:47 +0800)]
Merge branch 'vendor/LESS'
Aaron LI [Mon, 11 Mar 2024 13:42:27 +0000 (21:42 +0800)]
vendor/less: upgrade from 608 to 643
Security fix: CVE-2022-46663 (version <= 608)
- https://github.com/gwsw/less/commit/
a78e1351113cef564d790a730d657a321624d79c
- https://nvd.nist.gov/vuln/detail/CVE-2022-46663
- https://bugs.dragonflybsd.org/issues/3360
See the NEWS file for the list of changes.
Aaron LI [Wed, 6 Mar 2024 06:02:33 +0000 (14:02 +0800)]
sockstat(1): Fix and improve output formatting
The main issue with the old formatting was that the FD column was
limited to 2 characters, so there would be no space between FD and PROTO
columns.
Increase the FD column to 5 characters, and increase the PID column to
6 characters. In addition, refactor the output formatting code to clean
up the mess.
While there, clean up the code a bit to save some type castings.
Aaron LI [Thu, 7 Mar 2024 14:58:26 +0000 (22:58 +0800)]
procfs(5): Update man page for the previous change
Ricardo Branco [Tue, 5 Mar 2024 21:44:51 +0000 (22:44 +0100)]
procfs(5): Add '/proc/self/exe' symlink support
* Add the /proc/self symlink that's the same as /proc/curproc.
* Add the /proc/<pid>/exe entry that's the same as /proc/<pid>/file.
The '/proc/self/exe' symlink has been already landed in NetBSD and
FreeBSD [0]. It could simplify some patches to ports that look for this
symlink.
[0] https://github.com/freebsd/freebsd-src/pull/976
GitHub PR: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/22
Ricardo Branco [Mon, 4 Mar 2024 16:41:56 +0000 (17:41 +0100)]
gzip(1): Set file flags after setting file times
Only set the source file flags on the target file after the timestamp
has been set; otherwise setting the timestamp will fail if the flags
don't permit it (i.e., uchg).
To reproduce the issue:
$ /usr/bin/touch /tmp/foo
$ /bin/chflags uchg /tmp/foo
$ /usr/bin/gzip -v /tmp/foo
gzip: couldn't utimes: /tmp/foo.gz: Operation not permitted
GitHub PR: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/21
See also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=120208
Ricardo Branco [Sun, 3 Mar 2024 22:11:15 +0000 (23:11 +0100)]
hexdump(1): Ignore zero st_size to work on pseudo-filesystems
hexdump(1) was not able to skip on files residing on pseudo-filesystems,
for example: hexdump -s1 /proc/$$/status
GitHub PR: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/20
Ricardo Branco [Sun, 3 Mar 2024 22:06:00 +0000 (23:06 +0100)]
wc(1): Ignore zero st_size to work on pseudo-filesystems
Without this fix, 'wc -c' was failing on pseudo-filesystems, for example:
wc -c /proc/$$/status
GitHub PR: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/19
Aaron LI [Tue, 5 Mar 2024 14:39:06 +0000 (22:39 +0800)]
md5(1): Further cleanup the code a bit
No functional changes.
Aaron LI [Tue, 5 Mar 2024 14:30:12 +0000 (22:30 +0800)]
md5(1): Improve the previous commit
Improve digestbig() to further check for read() errors and return NULL
in that case.
Add a comment to explain why can't use file size (st_size).
Ricardo Branco [Sun, 3 Mar 2024 22:00:59 +0000 (23:00 +0100)]
md5(1): Fix to calculate correct checksum on pseudo filesystems
The file size (st_size) on pseudo filesystems can be zero and
meaningless, so ignore it and read until EOF to get the whole contents.
Now md5(1) is able to calculate the correct checksums for files on
pseudo filesystems, like /proc.
Aaron LI [Tue, 5 Mar 2024 13:52:00 +0000 (21:52 +0800)]
md5(1): Minor code tweaks and style cleanups
No functional changes.
Aaron LI [Mon, 4 Mar 2024 06:08:10 +0000 (14:08 +0800)]
ping(8): Add check for negative wait timeout
Meanwhile, fix the error message.
Aaron LI [Mon, 4 Mar 2024 04:08:27 +0000 (12:08 +0800)]
ping(8): Relax the interval restriction for normal users
The ping interval was restricted to be >= 1 second for normal users to
prevent from performing DoS attacks. This restriction was added by
Matt Dillon in 1998 during the BEST days [0]. It has become less
meaningful now. Following the Linux behavior, relax the interval to be
>= 2 milliseconds for normal users.
In addition, add a check for negative interval numbers.
[0] https://github.com/freebsd/freebsd-src/commit/
526f06b278d9252add168aa18b60242c08771165
Discussed-with: dillon
Aaron LI [Mon, 4 Mar 2024 03:42:48 +0000 (11:42 +0800)]
ping(8): Allow normal users to specify larger packets
Before this change, only super-user could specify a packet size larger
than the default 56 bytes. This restriction was added by Matt Dillon in
1998 during the BEST days [0].
Nowadays, it doesn't make much sense to limit the packet size. In
addition, this restriction doesn't exist in ping6(8) and on NetBSD,
OpenBSD and Linux.
And one more interesting thing, UMS [1] uses this feature to estimate
the client's bandwidth to optimize the streaming experience.
[0] https://github.com/freebsd/freebsd-src/commit/
526f06b278d9252add168aa18b60242c08771165
[1] UMS: https://github.com/UniversalMediaServer/UniversalMediaServer
Discussed-with: dillon
Aaron LI [Wed, 28 Feb 2024 15:57:34 +0000 (23:57 +0800)]
wg: Add comment for noise_remote_index() in handling cookie replies
noise_remote_index() will lookup the index for both remote and keypair
entries. Add a comment to explain why this double lookup is necessary.
Credit: Jason A. Donenfeld
Aaron LI [Sun, 3 Mar 2024 08:20:20 +0000 (16:20 +0800)]
wg: Disable auto link-local configuration and DAD
They're useless for this virtual interface.
Actually, this code presents in the FreeBSD version but was removed
during the porting; now add it back.
Aaron LI [Sun, 3 Mar 2024 08:18:03 +0000 (16:18 +0800)]
stf(4): Set ND6 flags to disable auto link-local and DAD
Clear the 'ND6_IFF_AUTO_LINKLOCAL' flag and set the 'ND6_IFF_NO_DAD'
flag for the stf(4) interface after if_attach(). In this way, the
quirks in in6_ifattach() is removed.
Aaron LI [Sun, 3 Mar 2024 08:11:19 +0000 (16:11 +0800)]
netinet6: Improve in6if_do_dad() by checking IFF_MULTICAST
DAD requires multicast support.
Obtained from FreeBSD.
Aaron LI [Sun, 3 Mar 2024 08:10:04 +0000 (16:10 +0800)]
<sys/param.h>: Bump __DragonFly_version for the netinet6 changes
Aaron LI [Sun, 3 Mar 2024 07:57:05 +0000 (15:57 +0800)]
netinet6: Improve flexibility of receiving Router Advertisement
Convert the sysctl 'net.inet6.ip6.accept_rtadv' to be the default value
of the per-interface flag 'ND6_IFF_ACCEPT_RTADV', making it no longer a
global knob. Now the receiving RA is allowed if ip6_forwarding==0 *and*
'ND6_IFF_ACCEPT_RTADV' is set on that interface.
ndp(8) already supports to toggle the 'ND6_IFF_ACCEPT_RTADV' flag via
the 'accept_rtadv' option.
Derived from FreeBSD.
Aaron LI [Sat, 2 Mar 2024 16:04:34 +0000 (00:04 +0800)]
netinet6: Add per-interface flag ND6_IFF_NO_DAD flag to disable DAD
An interface that has no link-local address should also have DAD
disabled. So this flag is generally set for an interface that has the
ND6_IFF_AUTO_LINKLOCAL flag cleared.
Derived from FreeBSD.
Aaron LI [Sat, 2 Mar 2024 15:59:12 +0000 (23:59 +0800)]
netinet6: Improve handling of auto link-local address configuration
Add a new per-interface flag 'ND6_IFF_AUTO_LINKLOCAL' and convert the
sysctl 'net.inet6.ip6.auto_linklocal' to be the default value of this
new per-interface flag. This allows to fine control the automatic
link-local address configuration on a per-interface basis.
Update ndp(8) to support to toggle the 'ND6_IFF_AUTO_LINKLOCAL' flag by
adding the 'auto_linklocal' option.
Document the 'IPV6CTL_AUTO_LINKLOCAL' option in the inet6(4) man page.
Derived from FreeBSD.
Aaron LI [Sat, 2 Mar 2024 12:33:56 +0000 (20:33 +0800)]
netstat(1): Increase column width of interface name
Given that the interface can be renamed, the interface name may be
generally longer, so increase the column width of interface name by 2
characters (from 6 to 8).
Referred to FreeBSD.
Aaron LI [Fri, 1 Mar 2024 05:35:38 +0000 (13:35 +0800)]
netinet6: Remove nonexistent IFT_DUMMY from in6if_do_dad()
Meanwhile, fix typos in the comment.
Aaron LI [Sun, 3 Mar 2024 08:30:56 +0000 (16:30 +0800)]
<sys/mbuf.h>: Remove the obsolete 'm_pkthdr.loop_cnt' field
It was missed from commit
b44c913f6ebc2ff5523e1bf83880522a3bded4fe.
Tomohiro Kusumi [Fri, 1 Mar 2024 08:26:47 +0000 (00:26 -0800)]
usr.sbin/makefs/msdos: Fix broken extra-directory case
Same fix as
d541bdf518b24b3f6deb5a62fab0ca6492be4470 for HAMMER2.
Aaron LI [Wed, 28 Feb 2024 14:50:43 +0000 (22:50 +0800)]
net: Reimplement packet loop detection based on mbuf tags
The original naive implementation based on mbuf 'm_pkthdr.loop_cnt' was
flawed:
* There were likely some code paths that allocated mbufs failed to
initialize the 'loop_cnt' to be zero. This caused unwanted packet
drops in gif(4), as reported by Kyle Butt (iteratee).
* The 'loop_cnt' was system-wide and thus cannot distinguish between the
nesting of specific drivers. For example, it would break an actually
valid setup that makes use of both gif(4) and gre(4).
As a result, follow the FreeBSD's way and reimplement the packet loop
detection based on mbuf tags. Each driver is allocated a unique mbuf
tag cookie, and thus a unique mbuf tag will be created to track the
nesting level of each driver.
The if_tunnel_check_nesting() was derived from FreeBSD but I changed it
to use only one mbuf tag for each cookie (i.e., driver). Although it
can no longer directly detect that a packet loops through the same
interface, it would still be prevented as that would lead to infinite
recursions.
Update gif(4), gre(4) and wg(4) to use the new loop detection facility.
Bump __DragonFly_version as well.
Reported-by: Kyle Butt (iteratee)
Aaron LI [Tue, 20 Feb 2024 17:21:07 +0000 (01:21 +0800)]
wg: Update wg_handshake() to increase 'ierrors' on error
Meanwhile, add a comment for 'pkt->p_mbuf' update after m_pullup().
Aaron LI [Tue, 20 Feb 2024 14:47:40 +0000 (22:47 +0800)]
wg: Improve error handling in wg_output()
- Don't send ICMP error if the packet looped, avoiding infinite loops.
- Move the packet loop detection upper to optimize the logic a bit.
- Integrate xmit_err() into wg_output() to simplify the error handling.
- Just increase 'oerrors' and don't use 'oqdrops', which doesn't really
make more sense here.
Aaron LI [Wed, 28 Feb 2024 05:00:51 +0000 (13:00 +0800)]
awk(1): Raise WARNS to 5 for internal 'maketab' tool
Aaron LI [Wed, 28 Feb 2024 05:00:29 +0000 (13:00 +0800)]
contrib/awk: Update README.DELETED
Aaron LI [Wed, 28 Feb 2024 02:47:43 +0000 (10:47 +0800)]
Merge branch 'vendor/AWK'
Aaron LI [Wed, 28 Feb 2024 01:11:54 +0000 (09:11 +0800)]
vendor/awk: upgrade from
20220912 to
20240122
This version is described in "The Awk Programming Language", Second
Edition, by Al Aho, Brian Kernighan, and Peter Weinberger
(Addison-Wesley, 2024, ISBN-13 978-
0138269722, ISBN-10
0138269726).
Features:
- support UTF-8 input
- support CSV (comma-separated values) input
Fixes:
- see FIXES and FIXES.1e
- see commit history at: https://github.com/onetrueawk/awk/commits/master
Aaron LI [Tue, 27 Feb 2024 15:11:18 +0000 (23:11 +0800)]
rc.d: Rewrite motd to clean it up
No functional change.
Aaron LI [Tue, 27 Feb 2024 13:59:40 +0000 (21:59 +0800)]
rc.d: Fix eval bug in routed script
The 'eval' command would fail when 'router_flags' had space or other
special character in it. Fix it.
Meanwhile, update the 'eval' command in route6d script to use the same
format for consistency, although it was correct.
Aaron LI [Tue, 27 Feb 2024 13:56:48 +0000 (21:56 +0800)]
rc.d: Clean up and tweak dependencies
- Don't use real entries in the dummy scripts; instead, use the dummy
entries in the real rc scripts. This makes the dummy entries clean.
- Use dummy entries instead of one/multiple real entries (such as 'root')
wherever appropriate.
- Use 'REQUIRE' instead of 'BEFORE' wherever appropriate, which makes it
clearer to understand.
- Simplify and clean up various dependencies; remove unnecessary
requires.
- Tweak dependencies of some scripts to make the startup order more
sensible. For example, make 'hostname' and 'ip6addrctl' run a bit
later, after 'FILESYSTEMS' but before 'NETWORKING'.
Referred to FreeBSD for some changes.
Aaron LI [Tue, 27 Feb 2024 04:04:58 +0000 (12:04 +0800)]
rc.d: Make ldconfig, netoptions and rtsold run earlier
- Make 'ldconfig' before SERVERS
- Make 'netoptions' and 'rtsold' before NETWORKING
The new ordering should make more sense.
Referred to FreeBSD.
Aaron LI [Tue, 27 Feb 2024 01:54:49 +0000 (09:54 +0800)]
rc.d: Various style and whitespace cleanups
No functional changes.
Aaron LI [Mon, 26 Feb 2024 10:07:14 +0000 (18:07 +0800)]
rc.d: Make autofs(5) scripts run earlier
This allows some daemons to access automounted shares.
Obtained-from: FreeBSD
Aaron LI [Fri, 23 Feb 2024 05:52:52 +0000 (13:52 +0800)]
rc.d: Add FILESYSTEMS dummy dependency
This dummy dependency ensures that root and other critical local file
systems are mounted. One of the intentions to add this dummy dependency
is to fix the warnings caused by some ports' rc script wrongly dependent
on this script.
Update the rc.8 man page; meanwhile, tweak the description of other
dummy dependencies a bit.
Updating existing rc scripts to make use of FILESYSTEMS is coming in
another commit.
Obtained-from: FreeBSD
Shingy Shabooya [Wed, 21 Feb 2024 14:52:41 +0000 (21:52 +0700)]
Added support for Realtek E2600 (Killer Ethernet Adapter E2600).
Aaron LI [Wed, 21 Feb 2024 05:16:17 +0000 (13:16 +0800)]
rc.d/wg: Simplify the quote() in the awk script
Aaron LI [Wed, 21 Feb 2024 05:10:22 +0000 (13:10 +0800)]
rc.d/wg: Fix issue in parsing a config file of no peers
A config file may have only the [interface] section but no [peer]
sections.
Aaron LI [Tue, 20 Feb 2024 15:56:59 +0000 (23:56 +0800)]
rc.d/wg: Fix the mistake of the 'wg_config_dir' variable
Remove the local 'WG_CONFIG_DIR' variable that was used during the
development. Use the 'wg_config_dir' variable loaded from 'rc.conf'
instead.
Aaron LI [Tue, 20 Feb 2024 13:51:24 +0000 (21:51 +0800)]
crypto: Move blake2s_hmac() to its only user wg_noise.c
The blake2s_hmac() is simply an ad-hoc HMAC implementation using the
BLAKE2s hash algorithm. It's not generic; a proper solution is to
implement the HMAC construction that supports any hash algorithms.
Therefore, it's better to move blake2s_hmac() to wg_noise.c as
noise_hmac().
See also: https://git.zx2c4.com/wireguard-freebsd/commit/?id=
5c5832279855722b939a381b9a291dc5ca2ee52e
Aaron LI [Tue, 20 Feb 2024 13:41:10 +0000 (21:41 +0800)]
ifconfig(8): Minor cleanups to ifwg.c
Meanwhile, fix a minor typo in the error message of '-wgpka' command.
Aaron LI [Wed, 14 Feb 2024 15:17:04 +0000 (23:17 +0800)]
wg: Write rc(8) script to easily manage wg(4) interfaces
This "wg" rc(8) script is somewhat similar to the "wg-quick" tool on
Linux/FreeBSD. It can be used to quickly start/stop the wg(4)
interfaces according to the wg.conf(5) configuration files in the
"/etc/wireguard" directory.
The syntax of wg.conf(5) configuration file is very similar to that
of "wg-quick" but with necessary changes and minor additions. See
wg.conf(5) for details.
On the one hand, the new "wg_enable" and "wg_interfaces" variables in
"/etc/rc.conf" can be used to auto-configure the wg(4) interfaces during
the system startup. See rc.conf(5) for more details.
On the other hand, this "wg" script can be manually called from the
command-line to start/stop the wg(4) interfaces.
Thanks to swildner for reviewing the man page.
Aaron LI [Wed, 14 Feb 2024 15:20:23 +0000 (23:20 +0800)]
rc.conf.5: Reorder "rc_conf_files" to group "rc_*" variables
Aaron LI [Thu, 8 Feb 2024 16:45:09 +0000 (00:45 +0800)]
wg: Change cpu_sfence() to release store + acquire load pair
Although DragonFly is currently x86-only and this is actually
unnecessary, update to use the store+load pairs for better
portability.
Aaron LI [Thu, 8 Feb 2024 16:25:25 +0000 (00:25 +0800)]
wg: Convert BPF_MTAP_AF() macro to inline function wg_bpf_ptap()
Aaron LI [Thu, 8 Feb 2024 09:41:16 +0000 (17:41 +0800)]
wg: Add RXCSUM support to avoid unnecessary checksum validation
The packet that is about to be delivered in is authentic as ensured by
the AEAD tag, so we can tell the networking stack that this packet has
valid checksums and thus is unnecessary to check again.
Therefore, implement RXCSUM support for the wg interface, and update the
ioctl() to support to enable/disable this feature.
Meanwhile, move the mbuf flags clearance code just before the delivery,
i.e., netisr_queue() and wg_send().
Aaron LI [Thu, 8 Feb 2024 03:19:03 +0000 (11:19 +0800)]
wg: Track noise_{local,remote,keypair} allocations to detect leaks
Use lists to track the allocations of noise_{local,remote,keypair}
structs, and then assert that all of them have been freed upon the
module deinitialization.
Enclose the code within 'INVARIANTS' macro, so that it can be just
ignored when performance is important.
Aaron LI [Wed, 7 Feb 2024 14:25:49 +0000 (22:25 +0800)]
wg: Some code cleanups, minor improvements and comment updates
- Clean up some code logics to make the conditional flow and error
handling more smooth.
- Add and update various comments to make the code more understandable.
A large fraction of the comments are derived from the WireGuard code
in Linux/OpenBSD, and from commit messages.
Aaron LI [Wed, 7 Feb 2024 14:02:40 +0000 (22:02 +0800)]
wg: Minor improvements to wg_ioctl_set()
- Skip allowed IPs removal for a new peer.
- Try and send staged packets if the interface is UP.
Referred to the Linux version of WireGuard.
Aaron LI [Wed, 7 Feb 2024 13:56:46 +0000 (21:56 +0800)]
wg: Improve noise_keypair_received_with()
- Optimize the check flow by directly returning if the keypair is of an
initiator.
- Add a brief function description and another comment.
Aaron LI [Wed, 7 Feb 2024 13:06:45 +0000 (21:06 +0800)]
wg: Refactor noise_keep_key_fresh_{send,recv}() functions
These two functions were derived from the Linux version where called
keep_key_fresh() in {send,receive}.c. However, they behaved differently
from their Linux version; i.e., they only checked whether the keypair
needed a refresh but didn't actually perform the refreshing. So their
name was actually misleading.
Refactor these two functions and combine them into a single function
called noise_keypair_should_refresh(), with an extra parameter to
distinguish between the sending and receiving cases.
Aaron LI [Mon, 5 Feb 2024 16:13:15 +0000 (00:13 +0800)]
wg: Refactor cookie functions to make cookie_{checker,maker} opaque
- Rename cookie_{checker,maker}_init() to cookie_{checker,maker}_alloc(),
in symmetry with cookie_{checker,maker}_free().
- Make cookie_{checker,maker} structs opaque, and move them from
wg_cookie.h to wg_cookie.c.
- Update if_wg.c and selftest code accordingly.
Aaron LI [Sat, 3 Feb 2024 14:33:08 +0000 (22:33 +0800)]
wg: Refactor and improve determine_af_and_pullup() and xmit_err()
Meanwhile, clean up and improve wg_output(); simplifying the error
handling a lot.
Aaron LI [Sat, 3 Feb 2024 11:21:32 +0000 (19:21 +0800)]
wg: Cleanup static function prototypes in if_wg.c
- Group the static function prototypes.
- Remove unnecessary prototypes.
- Style cleanups.
Aaron LI [Sat, 3 Feb 2024 06:49:35 +0000 (14:49 +0800)]
wg: Improve wg_clone_destroy() and wg_down()
- Move the cancellation of tasks from wg_clone_destroy() to wg_down(),
which is actually more appropriate.
- Just call wg_down() in wg_clone_destroy() to reduce duplicate code.
- No need to call if_purgeaddrs_nolink(), as it will be called by
if_detach().
- Detach and free the interface before destroying the aip radix trees,
in order to avoid possible panics.
Aaron LI [Sat, 3 Feb 2024 05:28:53 +0000 (13:28 +0800)]
wg: Simplify socket so_lock scope and init/uninit
Move the init/uninit of the so_lock to wg_socket_init() and
wg_socket_uninit() respectively, making its scope more clear.
Aaron LI [Tue, 30 Jan 2024 15:49:50 +0000 (23:49 +0800)]
wg: Clean up noise_keypair_counter_check() a bit
Remove '++recv' together with the '+ 1' calculation, so the code nows
becomes more understandable, and the conditional of
'kp->kp_counter_recv >= REJECT_AFTER_MESSAGES' also becomes the same as
the one in noise_keypair_decrypt(); so it reduces the confusion between
them. The selftest is also passed. (Referred to OpenBSD)
In addition, add brief comments to describe the 'kp_counter_send' and
'kp_counter_recv'.
Aaron LI [Tue, 30 Jan 2024 15:12:58 +0000 (23:12 +0800)]
wg: Improve noise_keypair_counter_check() to return different errnos
Use different errnos (i.e., EINVAL, ESTALE, EEXIST) for different
failure cases in noise_keypair_counter_check(). Meanwhile, update the
selftest code to test this function more vigorously.
In addition, add function description and comments to help understand
it.
Aaron LI [Tue, 23 Jan 2024 15:50:18 +0000 (23:50 +0800)]
wg: Reorganize wg_packet and wg_queue functions
- Move the wg_packet and wg_queue functions to the beginning part, which
seems more appropriate.
- Remove the unnecessary function prototypes.
- Add a brief description about the various queues, especially about the
parallel and serial queues.
- Add several more comments to help understand the code.
No functional changes.
Aaron LI [Tue, 23 Jan 2024 15:45:55 +0000 (23:45 +0800)]
wg: Make peer ID start from 1 (instead of 0)
Use '++peer_counter' instead of 'peer_counter++' to generate the peer
ID, so make it start from 1.
Since 'peer_counter' is only used in wg_peer_create(), so move it into
this function. In addition, drop the unnecessary 'volatile' qualifier,
because it's accessed with the 'sc_lock' exclusively hold.
Aaron LI [Mon, 15 Jan 2024 14:44:22 +0000 (22:44 +0800)]
wg: Rename wg_softc_*() functions to wg_*_worker()
This makes the code more understandable.
Referred-to: OpenBSD
Aaron LI [Mon, 15 Jan 2024 14:34:32 +0000 (22:34 +0800)]
wg: Add and improve WG_PKT_* macros to help clean up the code
- Add WG_PKT_IS_INITIATION, WG_PKT_IS_RESPONSE, WG_PKT_IS_COOKIE,
and WG_PKT_IS_DATA macros.
- Extend the original WG_PKT_DATA_MINLEN macro to be
WG_PKT_ENCRYPTED_LEN(n).
Aaron LI [Mon, 15 Jan 2024 14:14:16 +0000 (22:14 +0800)]
wg: Clean up and improve wg_deliver_{in,out}() logic
- Refactor the code flow and avoid the 'goto' cases.
- Add 'oerrors' increment statement to wg_send(), pairing with the
existing 'opackets' and 'obytes' increments; this make the code more
clear.
- Assign 'mycpuid' to a local variable, avoiding repeated fetches within
the loop.
- Add comment about why to always trigger the keepalive timers.
Aaron LI [Mon, 15 Jan 2024 13:53:51 +0000 (21:53 +0800)]
wg: Optimize wg_peer_{get,set}_endpoint()
Similar to wg_peer_set_endpoint(), perform a comparion before really
coping the endpoint, saving unnecessary lockings.
In addition, add __predict_true() for the comparions.
Aaron LI [Fri, 9 Feb 2024 13:14:25 +0000 (21:14 +0800)]
wg: Fix panic of "user address access from kernel mode"
Well, it never happened on my development VirtualBox VM, but always
happened on my desktop. Fix it. Actually, I made this mistake when
porting the code from OpenBSD.
Aaron LI [Fri, 9 Feb 2024 09:39:30 +0000 (17:39 +0800)]
Bump copyright year
Aaron LI [Fri, 9 Feb 2024 09:36:29 +0000 (17:36 +0800)]
ifconfig(8): Minor code and style cleanups
No functional changes.
Aaron LI [Fri, 9 Feb 2024 09:35:45 +0000 (17:35 +0800)]
ifconfig(8): Change some 'int' variables to 'bool' whenever possible
I'd like to change 'doalias' as well, but it seems to require 3 states,
so leave it alone this moment.
Aaron LI [Fri, 9 Feb 2024 09:02:50 +0000 (17:02 +0800)]
ifconfig(8): Fix bug in interface address configuration
When the interface name had a length of >= 8, the address configuration
would fail with the ENXIO error, i.e., "no such interface".
This bug was made by me in commit c29ec76. It was caused by the
interface was truncated because the destination buffer size was wrongly
determined, as I was using sizeof() on a 'void *' pointer instead of the
actual interface name buffer.
Fix it by directly using IFNAMSIZ instead of sizeof().
Aaron LI [Sat, 3 Feb 2024 05:04:11 +0000 (13:04 +0800)]
wg: Flush v4 routes for v6 randomized test to reduce the test time
The validation method uses a simple list to store all the routes in a
sorted way so that it can be looked up and verify the lookup results
of the radix tree. The list method can be really slow when there are
many routes, so the randomized test can take ~80 minutes on my test box.
Separate the v4 and v6 tests to significantly reduce the test time (e.g.,
from ~80 minutes to ~15 minutes).
Aaron LI [Sat, 27 Jan 2024 15:03:20 +0000 (23:03 +0800)]
wg: Update makefile with (commented) selftest defines
Aaron LI [Sat, 27 Jan 2024 14:59:31 +0000 (22:59 +0800)]
wg: Refactor selftest allowedips.c
- Refactor multiple functions and macros to make the implementation read
better.
- Fix some memory free issues upon errors; e.g., kfree() panics if the
given pointer is NULL.
- Add progress reports for the randomized test as it can take really
long time (e.g., ~80 minutes on my test box).
- Various improvements and style cleanups.
Aaron LI [Fri, 26 Jan 2024 09:05:58 +0000 (17:05 +0800)]
wg: Port selftest allowedips.c
Aaron LI [Thu, 25 Jan 2024 01:30:15 +0000 (09:30 +0800)]
wg: Style cleanups and minor updates to selftest cookie.c and counter.c
- Style cleanups to make them consistent.
- Add '#undef' to cleanup defines.
- Add MIT license contents to file headers.
- Tweak 'for' loops in noise_counter_selftest() to make them more clear.
- Rename 'rl' to be 'rl_test'; rename 'MESSAGE_LEN' to be
'T_MESSAGE_LEN'.
- Remove unnecessary '[0 ... INITIATIONS_BURSTABLE - 1]' initialization
designator, and thus save one GNU extension.
Aaron LI [Wed, 24 Jan 2024 13:30:59 +0000 (21:30 +0800)]
wg: Port selftest cookie.c and counter.c
Note that 'int sleep_time' would overflow in calculating the tsleep()
timeout ticks, so change it to 'uint64_t' type.
Aaron LI [Tue, 23 Jan 2024 15:55:34 +0000 (23:55 +0800)]
wg: Import selftest code from wireguard-freebsd
URL: https://git.zx2c4.com/wireguard-freebsd/
Files:
- src/selftest/allowedips.c
- src/selftest/cookie.c
- src/selftest/counter.c
Aaron LI [Tue, 16 Jan 2024 07:28:55 +0000 (15:28 +0800)]
kernel: Add the 'wg' option and list it in LINT64
Aaron LI [Tue, 16 Jan 2024 07:27:53 +0000 (15:27 +0800)]
wg: Hook to the build system
Aaron LI [Thu, 18 Jan 2024 01:20:48 +0000 (09:20 +0800)]
wg: Adapt the man page to match our version
Aaron LI [Tue, 16 Jan 2024 02:00:15 +0000 (10:00 +0800)]
wg: Rewrite the module Makefile
Aaron LI [Thu, 8 Feb 2024 06:06:19 +0000 (14:06 +0800)]
wg: Prevent wg_{cookie,noise}.h from including by userland
Since our build system currently would install all headers (i.e., '*.h')
in 'sys/net/wg' directory, but actually only the 'if_wg.h' is required
by userland, i.e., ifconfig(8). So add the '_KERNEL' guard to prevent
the other two headers from including by userland.
Nonetheless, the build system should be improved in the future.
Aaron LI [Wed, 7 Feb 2024 14:14:04 +0000 (22:14 +0800)]
wg: Reset the obsolete version number to 1
The version number meant the snapshot date of the wireguard-freebsd [0],
but it's obsolete now, because there is no more active development
there. In addition, this port has been diverged a lot from the FreeBSD
version. So just reset the version number to 1 for simplicity.
[0] wireguard-freebsd: https://git.zx2c4.com/wireguard-freebsd
Aaron LI [Tue, 16 Jan 2024 12:27:35 +0000 (20:27 +0800)]
wg: Fix noise_remote_alloc() to acquire 'l_identity_lock' lock
The 'l_identity_lock' lock must be acquired to access 'l_has_identity'
and 'l_private' members; i.e., noise_precompute_ss() must be called with
the 'l_identity_lock' locked. So fix noise_remote_alloc() to acquire
the lock before calling noise_precompute_ss(). Meanwhile, add an
assertion to the latter to assert the required lock is held.
Aaron LI [Mon, 15 Jan 2024 13:48:18 +0000 (21:48 +0800)]
wg: Fix bug in calculate_padding()
The calculation for 'pkt->p_mtu == 0' case was wrong, but it didn't
cause actual harm because currently only keepalive packets have
'p_mtu = 0' but also have a zero length.
Fix the calculation and add a comment about the keepalive packets.