Back in the 1980s it made sense to have the type information encoded in
the variable names. At the time when make was imported into the NetBSD
tree (1993-03-21), the functions did indeed not have prototypes, they
only had return types. The void type was already invented at that time.
Since the compiler could not verify the types of function parameters, it
made perfect sense to have each variable tell whether it was a pointer
or not.
Since ISO C90 this is no longer necessary since the compiler checks
this. The variable names can now focus on the application level and
their high-level meaning, expressing the relationship to other
variables instead of encoding redundant type information.
The name HTSIZE didn't provide any explanation for the value 191, and it
is obvious that this is a hash table size. Therefore giving the
constant a name didn't explain anything or make it less magic.
exceptions on QNaNs.
- alpha_fp_interpret(): Instructions are 32-bits wide, so don't use a
uint64_t to contain them.
- alpha_fp_complete(): Operations on NaNs trap on Alpha, but the exception
summary reports INV (invalid operation) rather than SWC (software
completion) in this case. So also interpret the instruction if INV
is set in the exception summary. This will emulate operations on
NaN and correctly suppress FP traps for QNaNs.
This fixes bin/55633, which was caused by:
-> Input string "nanotime" is passed to awk's internal is_number().
-> strtod() interprets as "nan" and returns QNaN as the result.
-> Result compared against HUGE_VAL, blows up because cmptle is called
with a NaN operand, and the hardware doesn't care that it's quiet.
The recovery mode timer is first issued by the callout and it schedule
the workqueue. The workqueue then reschedule the callout. It's hard to
stop both of them without race only with callout_stop() and workqueue_wait.
To solve this problem. add new "detaching" flag and use it.
The situation is almost the same as schedule_wqs_ok for the local_timer's
callout and workqueue, but the difference is that the local_timer isn't
required to run if the interface is not up. If it's not important to prevent
running timer while !IFF_UP, the flag can be integrated into one.
Summary: Access to a stable established session is still allowed via
psref; all other access to peer and session state is now serialized
by struct wg_peer::wgp_lock, with no dancing around a per-session
lock. This way, the handshake paths are locked, while the data
transmission paths are pserialized.
- Eliminate struct wg_session::wgs_lock.
- Eliminate wg_get_unstable_session -- access to the unstable session
is allowed only with struct wgp_peer::wgp_lock held.
- Push INIT_PASSIVE->ESTABLISHED transition down into a thread task.
- Push rekey down into a thread task.
- Allocate session indices only on transition from UNKNOWN and free
them only on transition back to UNKNOWN.
- Be a little more explicit about allowed state transitions, and
reject some nonsensical ones.
- Sprinkle assertions and comments.
- Reduce atomic r/m/w swap operations that can just as well be
store-release.
- Ensure all access to struct wg_peer::wgp_endpoint happens while
holding a psref.
- Simplify internalize/externalize logic and be more careful about
verifying it before printing anything.
Can't release the lock here, and can't sleep waiting for the callout
while we hold it without risking deadlock. But not waiting is fine;
after we transition out of WGS_STATE_UNKNOWN the timer has no effect.
1. wg_handle_msg_data frees m but the other wg_handle_msg_* just take
a pointer to the mbuf content and not m itself, so free m in those
cases.
2. Can't trivially prove that the pcq is empty by the time
wg_destroy_peer runs pcq_destroy, so let's explicitly purge it
just in case.
3. If wg_send_udp isn't doing udp_send or udp6_output, it still has
to free m in the !INET6 error branch for IPv6 packets.
4. After rumpuser_wg_send_peer or rumpuser_wg_send_user, we still
need to free the mbuf.
Doesn't actually make a difference -- wg_destroy_all_peers is only
used when we're destroying the wg instance altogether -- but let's
not leave rakes to step on.
Unclear why this was set; setting it seems to have required a kludge
in netinet/in.c that broke ipsec tunnels. Clearing it makes wg work
again after that kludge was reverted.
The successful cases can be easily tested in the .if conditions. Around
these conditions, there is enough space for explaining the test cases
and their purpose.
The failure cases have been left in the file for now since they still
produce unwanted characters in the output. These characters are not
produced when the parse error occurs in a conditional.
simonb