Manuel Bouyer | 19 Dec 17:03 2014

powerd(8) radio_button event; wpi(4) implementation

as described in a previous thread ("wpi0: radio is disabled by hardware
switch"), in order to get userland notifications when the wifi switch
is turned on or off (e.g. to start/stop wpa_supplicant), I implemented
a new sysmon_pswitch(9) switch type, PSWITCH_TYPE_RADIO. I also
changed wpi(4) so that it would report button "pressed" and "released"
events (which would be better described as "on" and "off" but
this is what sysmon_pswitch(9) knows for buttons).

With the attached patch (against netbsd-7, but -current should'nt be much
different), and an extra radio_button script in /etc/powerd/scripts/,
wpa_suplicant is automatically started when I turn the radio button
on, and stopped when I turn the radio button off (the driver takes care of
taking the interface down itself).

Does anyone object to this change ?


Manuel Bouyer <bouyer <at>>
     NetBSD: 26 ans d'experience feront toujours la difference
Index: share/man/man9/sysmon_pswitch.9
RCS file: /cvsroot/src/share/man/man9/sysmon_pswitch.9,v
retrieving revision 1.5
diff -u -p -u -r1.5 sysmon_pswitch.9
--- share/man/man9/sysmon_pswitch.9	18 Mar 2014 18:20:40 -0000	1.5
+++ share/man/man9/sysmon_pswitch.9	19 Dec 2014 15:48:22 -0000
(Continue reading)

Patrick Welche | 13 Dec 16:59 2014

MKINET6=no fixes

I found the following patch to be necessary when trying to compile
-current/amd64 with MKINET6=no.

One issue is that it isn't obvious to me where the boundary between
MKINET6 and USE_INET6 is.  e.g., after compiling route with
MKINET6=no, would expect to see

Protocol Family 24:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
af 24: Q00.00.00.0 (24) Q00.00.00.00. UGR         -        -      -  lo0
af 24: Q00.00.00.0 (24) Q00.00.00.00. UGR         -        -      -  lo0

or just have that part omitted?

Makes enough sense to commit?


Index: external/apache2/mDNSResponder/dist/mDNSPosix/mDNSPosix.c
RCS file: /cvsroot/src/external/apache2/mDNSResponder/dist/mDNSPosix/mDNSPosix.c,v
retrieving revision 1.6
diff -u -r1.6 mDNSPosix.c
--- external/apache2/mDNSResponder/dist/mDNSPosix/mDNSPosix.c	31 Mar 2014 23:26:30 -0000	1.6
+++ external/apache2/mDNSResponder/dist/mDNSPosix/mDNSPosix.c	13 Dec 2014 14:47:24 -0000
 <at>  <at>  -718,7 +718,7  <at>  <at> 
 				err = setsockopt(*sktPtr, IPPROTO_IPV6, IPV6_RECVPKTINFO, &kOn, sizeof(kOn));
(Continue reading)

Roy Marples | 11 Dec 04:14 2014


dhcpcd polls SIOCGNBRINFO_IN6 every second for every IPv6 router it 
knows about to test neighbour reach-ability.
This isn't exactly optimal, hello battery drain.

Attached is a patch to add RTM_NEWNEIGH so that userland can react to 
Neighbour Discovery changes, similar to the Linux equivalent.
It's designed to be protocol agnostic, (ie could be used for ARP as 
Currently, it only raises RTM_NEWNEIGH on IPv6 neighbour state and flag 
(is it a router?) changes.
There is little point in generating RTM_DELNEIGH or RTM_GETNEIGH as 
Linux does because our current
implementation sends equivalent messages via RTM_DELETE or RTM_CHANGE.

I have a patch for dhcpcd to use this (attached as well, needs my latest 
fossil trunk, -current is too old).
The end result is that on NetBSD there are no longer any polls for state 
- the kernel notifies every event change.
The only elephants left in the room are drivers that don't set IFF_UP 
before LINK_STATE_UPi (hi sk(4)) and drivers which could set link state 
but don't bother to (hi ppp(4)).

Comments, as always, are welcome.

Attachment (rtm_newneigh.diff): text/x-diff, 8153 bytes
Attachment (dhcpcd-bsd-newneigh.diff): text/x-diff, 3096 bytes
D'Arcy J.M. Cain | 10 Dec 06:15 2014

npf vs. pf

I have been having issues with pf.  See "pf add not working" in
netbsd-users for details.  Basically I have created a persistent table
and dynamically add and delete to/from it based on my intrusion
system.  Everything seems to work but even with IPs in the table as
shown by pfctl it seems that people still get through.  Something weird
is going on.  I wonder if it is pf itself.

I asked if npf would have a good shot at fixing this issue but no one
has replied to that question.  Anyone here have any thoughts on that?
Is npf stable enough to consider replacing pf on a production server?



D'Arcy J.M. Cain <darcy <at>> IM:darcy <at> Vex.Net

Manuel Bouyer | 2 Dec 12:19 2014

wpi0: radio is disabled by hardware switch

on a laptop with a  wpi interface, dcpcd brings automatically the interface
up, which leads to an endless stream of "wpi0: radio is disabled by hardware
switch" on console when the radio is turned off.

Is there a way to get status and notifications (other than watching dmesg) 
of the radio hardware switch, in order to e.g. enable or disable
wpa_supplicant and dhcpcd on the interface when the switch is used to turn
the radio on or off ?


Manuel Bouyer <bouyer <at>>
     NetBSD: 26 ans d'experience feront toujours la difference

Christos Zoulas | 1 Dec 17:04 2014

sockaddr printing functions


We have a hodgepodge set of functions that print sockaddr_* and I wanted
to try to clean that up:

	1. consistent api
	2. don't use static storage
	3. testable from userland (with unit tests added)

For each socket type we have:

	int xx_print(char *buf, size_t len, const struct xxaddr *);

	int sxx_snprintf(char *buf, size_t len, void *sa, const char *fmt, ...);
	for xx  [ "in" "in6" "at" "un" "dl" ]
	[the dl portion is slightly different, and the un portion I have
	 not included in the patch]

There are also constants that describe the max string length that xx_print
	UNIX_ADDRSTRLEN (should we add this?)

The code is in:
(Continue reading)

Martin Husemann | 28 Nov 15:04 2014

mpls broken again

Some recent changes (no idea which) broke the MPLS regression tests:

PING ( 64 data bytes
72 bytes from icmp_seq=2 ttl=255 time=12.450469 ms

---- PING Statistics----
3 packets transmitted, 1 packets received, 66.7% packet loss
round-trip min/avg/max/stddev = 12.450469/12.450469/12.450469/0.000000 ms

Haven't we seen this before? Crash when trying to answer the first packet
or something?


Robert Swindells | 20 Oct 23:06 2014


What is the recommended way to replace rtsol(8) ?

I have read the man page.

My /etc/rc.conf contains the following:

dhcpcd_flags="-B6 --nodhcp6 rtk0"

At boot, dhcpcd prints that it has received the RA but then blocks,
prints an error that it has timed out and overwrites the
/etc/resolv.conf file with an empty one.

It doesn't set the IPv6 address of the interface.

Robert Swindells

Mouse | 20 Oct 20:15 2014 deprecated??

I just now had occasion to look at lo(4), for the first time in I don't
know how long.

All three versions I have on hand - 1.4T, 4.0.1, and 5.2 - have a BUGS
section saying

     Previous versions of the system enabled the loopback interface automati-
     cally, using a nonstandard Internet address (127.1).  Use of that address
     is now discouraged; a reserved host address for the local network should
     be used instead.

This is the first I've heard of 127.1, a very old syntax for,
being nonstandard for loopback use or of its being deprecated, and,
indeed, the startup scripts for each of those three versions are
hardwired to bring lo0 up as

Anyone have any idea what's behind that paragraph?

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse <at>
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Roy Marples | 12 Oct 22:30 2014

Remove ability for userland to toggle IPv6 tentative address flag

Hi List

Can anyone think of a use case for allowing userland to toggle the 
IN6_IFF_TENTATIVE flag for IPv6 addresses?

I can't.

The way it's presently implemented can cause a problem as well when the same 
address is added twice, because the logic is thus:

Add IPv6 address without tentative flag
Kernel checks if it's a new address, if so sets tentative flag and starts DAD 
after a random delay.
Add the same IPv6 address without tentative flag again while DAD is still 
Kernel sees it's the same address, so blindly updates the flags which clears 
IN6_IFF_TENTATIVE. This then confuses the DAD process. I've seen it not notify 
userland of the flag being cleared whilst others have reported invalid 
duplicate addresses being reported.

So, can you think of a valid use case for allowing userland to toggle the 
tentative flag? Note that setting it doesn't actually start DAD, just makes 
the address unuseable.

Attached is the patch to remove the ability for userland to toggle 

Comments as always are welcome

(Continue reading)

Dennis Ferguson | 11 Oct 01:57 2014

Route lookup library

I have a library implementing a longest match prefix
lookup (i.e. a route lookup) which might be useful
and which I'd like people to look at if anyone is
interested.  The library is intended to be useful both
in the kernel and as a user space library with the code
as-is by virtue of the fact that it does memory allocations
using functions provided by the user.  The library has
only a few other dependencies on the external environment,
it is mostly self-contained data structure builder and
parser code.  It should be available here:

The library implements a fairly modern route lookup data
structure.  Its memory usage is O(N), that is a reasonably
constant number of bytes per route installed in the
structure.  As for the value of that constant, there is
a memory-versus-performance tradeoff made by letting the
user tell it how aggressive it should be.  The default
schedule used makes the internal memory usage more or less
the same as the current kernel radix trie, though I like the
effect of the alternative schedule which grows internal
memory to maybe 30% larger than that.

The structure is a tree but the average complexity of a lookup
scales at better than O(log(N)).  I can't tell you how much better.
I once convinced myself that if the algorithm were solely constrained
by the O(N) memory consumption it would scale as something
like O(log(log(N))) on average, but additional constraints
placed on it to make incremental updates efficient have likely
(Continue reading)