summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix previous: create() got inadvertently moved after parse_config(),schwarze2019-05-311-3/+3
| | | | | | which effectively caused the config file to be ignored. So move parse_config() back after create(). OK deraadt@
* Add support for SNI with new "tls keypair" option to load additional certs.reyk2019-05-315-31/+83
| | | | | | Tested by many (thanks!) Feedback & OK rob@
* Move the relay keys/certs into a separate global list and look them up by id.reyk2019-05-316-143/+274
| | | | | | | | Moving the certs out of the relay struct will help to add multiple SNI certs. Tested by many users (thanks!) Feedback & OK rob@
* Deimos is Cortex-A77.kettenis2019-05-311-4/+4
|
* Revert my "Repair the 'ifconfig mode' command" commit.stsp2019-05-312-57/+26
| | | | | The "recursion in end_scan()" problem is apparently still present in the committed version of the diff (reported by krw@).
* Allow % strings that are all numbers or %s, and fix a double free. Bothnicm2019-05-312-6/+9
| | | | reported by George Nachman, GitHub issues 1765 and 1766.
* remove duplicate page tablejsg2019-05-312-37/+0
| | | | a holdover from when the allocation wasn't done in ttm
* similar to note recently added to bgpd.conf(5), mention in docs forsthen2019-05-311-2/+9
| | | | | "bgpctl reload" that ipsec/md5sig and "export none/default-route" only take effect when the session is reset. sounds good to claudio
* Add MSI-X support.kettenis2019-05-311-30/+40
| | | | ok patrick@
* Add MSI-X support.kettenis2019-05-311-29/+39
| | | | ok patrick@
* Exit the attribute loop early if there are no unknown attributes leftclaudio2019-05-312-4/+10
| | | | | | and the loop passed all attributes known by bgpd. Saves about 80% of time in up_generate_attr(). OK phessler@
* add tests for the "new" tying bugs. first one on the way, second oneespie2019-05-311-7/+48
| | | | | | to be fixed soonish (also fix bluhm's gore... Make sure .PHONY targets are accurate)
* Also check the type of a network statement when looking for duplicates.claudio2019-05-311-2/+3
| | | | | Fixes adding network 0.0.0.0/0 after network inet static. OK phessler@ benno@
* Add MSI-X support for acpipci(4). This splits out some generic code intokettenis2019-05-314-33/+134
| | | | | | | a new pci_machdep.c file such that it can be re-used by other arm64 PCI host bridge drivers in the future. ok patrick@
* Rename struct plimit field p_refcnt to pl_refcnt to avoid confusionvisa2019-05-314-10/+10
| | | | | | | with the fields of struct proc. Make pl_refcnt unsigned for upcoming atomic updating. OK deraadt@ guenther@
* fix ssh-keysign fd handling problem introduced in r1.304 caused by a typodjm2019-05-311-2/+2
| | | | (STDIN_FILENO vs STDERR_FILENO)
* Use two 32-bit writes instead of a single 64-bit write to write thekettenis2019-05-301-2/+3
| | | | | | | | | message address into an MSI-X table entry. The RTL8168/RTL8111 hardware does not respond to 64-bit access (reads return all-ones, writes are ignored) and the PCI specification documents separate 32-bit "DWORD" fields for message address and message upper address. ok mlarkin@, jmatthew@
* Fix definitions of PCI_MSIX_MAU32 and add a define for the MSI-X functionkettenis2019-05-301-2/+3
| | | | | | mask bit. ok mlarkin@, jmatthew@
* Remove a leftover abort and some fixes from cppcheck.nicm2019-05-305-11/+10
|
* A test for W|X ^ syscall prevention, which is difficult to incorporatederaadt2019-05-302-0/+36
| | | | | properly into regress, because the wxneeded binary must be executed from a wxallowed filesystem..
* Use proper algorithm for median computation; use fabs() for computingotto2019-05-302-22/+21
| | | | | | an absolute value and fix poll loop to first generate messages and then compute poll flags the write cases. This makes the timeout workaround for constraints unneeded. ok reyk@ tb@
* Fix the initialization of bp before calling vfs_getcwd_commonbeck2019-05-301-3/+3
| | | | | | | It is bad style to make a pointer point outside the object so correct this to simply point to the last byte up front. ok deraadt@
* __realpath(2) appears to have improved, so re-enable the code thatderaadt2019-05-301-3/+136
| | | | | checks userland-parsing vs kernel parsing, we are hoping to spot another bug..
* namei() generate KTR_NAMEI record input filenames, but getcwd(2) andderaadt2019-05-302-2/+11
| | | | | | realpath(2) have output filenames. Generate additional KTR_NAMEI records upon success. ok millert beck
* use copyoutstr, instead of fragile range math; ok beckderaadt2019-05-301-7/+5
|
* Correct call to vfs_getcwd_common from within __realpathbeck2019-05-301-15/+15
| | | | | | | | I borrowed an example usage from __getcwd poorly to begin with and then there was some other strangeness in there. diagnosed with deraadt. ok deraadt@
* No longer need to reduce line number by one.nicm2019-05-301-3/+3
|
* php5 -> php, php5 has left the ports tree.jca2019-05-301-3/+3
| | | | from Jesper Wallin
* I had hoped that non-xenl terminals had died out, at least in fairlynicm2019-05-302-4/+15
| | | | | modern OSs, but no - DragonFly BSD's console returns to haunt us. Fix it at least somewhat. GitHub issue 1763.
* Mellanox support tells me that according to an internal datasheet, legacyjmatthew2019-05-301-4/+7
| | | | interrupts are not supported, leaving us with just MSI-X for mcx(4).
* wrap some long lines, except in bits I'll probably have to rewrite soonjmatthew2019-05-301-102/+189
|
* Change vmctl(8) syntax: command options before the disk/name/id argument.reyk2019-05-292-49/+33
| | | | | | | | | | | | | | | vmctl had a CLI-style syntax (bgpctl-style) for a short time but I changed it back to a more suitable getopt syntax. I replaced the CLI tokens to getopts flags but didn't consider swapping the order of command options and arguments to be more UNIX-like again ("vmctl create disk.img size 10G" simply became "vmctl create disk.img -s 10G"). This changes "create", "start", and "stop" commands to the commonly expected syntax like "vmctl create -s 10G disk.img". Requested by many OK mlarkin@ kn@ solene@
* Use VIS_CSTYLE for the arguments and add the missing escapes it cannicm2019-05-294-7/+22
| | | | generate to the parser.
* Fix a bunch of typos in various man pages.fcambus2019-05-295-16/+17
|
* The line number needs to be updated only after the \n is processed bynicm2019-05-292-11/+28
| | | | | the parser, so store a flag and update it next time around. Also each new line needs its own shared data.
* If a DBS resolve was done with the Checking Disabled flag, re-resolveotto2019-05-293-4/+39
| | | | with once the clock is synced. ok deraadt@ florian@
* Relax parsing of TLS key share extensions on the server.jsing2019-05-291-5/+2
| | | | | | | | | | | The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@
* Do not send an SNI extension when resuming a session that contains a serverjsing2019-05-291-1/+4
| | | | | | | | name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
* The past is fuzzy, but it appears during development of __getcwd, *retvalderaadt2019-05-291-2/+1
| | | | | | was used to return the length of the path, when the actual return value is 0. This would cause confusing results in ktrace. Diagnosed with beck since __realpath() picked up the same odd behaviour
* Add some more relative path testsbeck2019-05-291-1/+11
|
* There are some bugs in __realpath(2) -- it isn't quite ready so disablederaadt2019-05-291-136/+3
| | | | calling it until those are fixed.
* Fix the check if a relay has been specified twicereyk2019-05-291-14/+17
| | | | | | | | Relays cannot have the same name or listen address. If a listen address is specified multiple times, the parser expands the configuration into multiple relays automatically. OK rob@
* Move relay_load_*() functions into relayd.creyk2019-05-294-108/+108
| | | | | | | | | | | Pass the *env as an explicit argument instead of using the global pointer: The relay_load_certfiles() function is called early before the *env is set up. This does not change anything in the current code as *env is not used by anything in the function (not even ssl_load_key() that is taking it as an argument) but it will be needed by upcoming changes for SNI. Ok rob@
* Document the few neighbor options that need a reset (bgpctl nei X clear)claudio2019-05-291-2/+8
| | | | | to be picked up after a reload. With and OK jmc@, sthen@
* Support \ooo escapes, from Avi Halachmi.nicm2019-05-292-6/+32
|
* After fixing the pfkey code a bit lets retry with a bit less workarounds.claudio2019-05-291-9/+20
| | | | | In my testing the regress test is failing maybe once in 50 tries. Lets see how bluhm@'s infrastructure is behaving.
* Lets reload the config and check again, just in case where reload gets broken.claudio2019-05-291-1/+13
|
* Rework pfkey handling a bit. The old remove then add way of inserting md5sigclaudio2019-05-293-79/+128
| | | | | | | | | hit a race frequently where a session ended up with no key/SPI in the kernel. Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE the code is adding a new one then removing the old one. Also make sure keys are correctly cleared when peers are deconfigured. May not be perfect but a lot better than what was there before. Tested by and OK sthen@
* Make the standard output messages of both methods of changing a keylum2019-05-291-5/+16
| | | | | pair's comments (using -c and -C) more applicable to both methods. ok and suggestions djm@ dtucker@
* Repair the 'ifconfig mode' command.stsp2019-05-292-26/+57
| | | | | | | | | The 'mode' command is supposed to force a wireless interface into 11a/b/g/n media mode. This stopped working some time ago, probably during my work on background scanning. Problem spotted by mlarkin@ who noticed that interfaces were using 11g mode while forced to 11b mode. ok phessler, jmatthew
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.