summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* In http_connect() if the connect was actually successful break out of theclaudio2021-04-021-6/+17
| | | | | | for loop. Also in http_finish_connect() if the connect was successful cleanup the addrinfo struct. It is no longer needed. Found with deraadt@
* info gotten via getnameinfo in http_connect() is not used anymore, it isderaadt2021-04-021-7/+1
| | | | | old debugging gunk ok claudio
* Two cases of BRE involving counts and backrefs that go wrong andotto2021-04-021-1/+16
| | | | | similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
* Include the default cert.pem file path in tls_load_file error message.claudio2021-04-021-2/+2
| | | | Should help for -portable where sometimes the cert.pem is missing.
* Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi2021-04-021-2/+6
| | | | ok jsing@ tb@
* Don't leak the uri of a delta with duplicate serial.tb2021-04-021-1/+3
| | | | ok claudio deraadt
* swap rname and mname in debug output, and handle the USE_CD flageric2021-04-021-3/+4
| | | | from Boudewijn Dijkstra
* configyyrename.h is no longer needed with the switch to flex -P c_.florian2021-04-021-124/+0
| | | | | This was also removed upstream. OK sthen
* Implement ZONEMD (RFC8976), based on DS (ds_43.c)florian2021-04-023-2/+124
| | | | OK sthen
* if cipher list is not specified for a relay action, use the globaleric2021-04-021-3/+6
| | | | | | cipher list if defined. otherwise fallback to libtls default. ok millert@
* fix sentence structure;jmc2021-04-021-3/+3
|
* tweak previous;jmc2021-04-021-3/+4
|
* fix typo + some whitespacetb2021-04-021-5/+5
|
* Fix Dale's email addresstb2021-04-024-8/+8
| | | | ok drahn
* syncderaadt2021-04-026-21/+21
|
* don't put ptys onto the ramdisk mediaderaadt2021-04-026-14/+7
| | | | from miod
* Indent struct members like everywhere else.tb2021-04-021-6/+6
|
* Document ioctl(2)'s for vmm(4). OK kn@.dv2021-04-021-2/+43
|
* Update manpage about RRDPjob2021-04-011-4/+10
| | | | OK claudio@
* update currency exchange rates;jmc2021-04-011-39/+39
|
* sort options list;jmc2021-04-011-6/+6
|
* spellingderaadt2021-04-011-2/+2
|
* Sort usage: rR -> Rrtb2021-04-011-2/+2
|
* RRDP is currently off by default.claudio2021-04-011-1/+2
|
* Tweak log_debug() verbiage to reduce repetitive infokrw2021-04-011-21/+44
| | | | | (ACK/NAK), add details (DISCOVER/REQUEST) and provide before/after info for SSID/LLADDR/MTU changes.
* Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) supportclaudio2021-04-0110-450/+3252
| | | | | | | | | | | | | | | | in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@
* For the snprintf range check demo, add a (size_t) cast in the right placederaadt2021-04-011-3/+3
| | | | which will satisfy the toughest compiler options
* Also immediately accept the *first* OFFER if it matches the requested address,krw2021-04-011-2/+5
| | | | | rather than waiting for select_timeout to expire before accepting the same OFFER.
* Clean up nonexistent/unused properties handlingkn2021-04-011-12/+1
| | | | | | | | | | Never used since import and probably just ported over from NetBSD as-is; "design-capacity" does not exist in the device tree binding. "monitor-interval-ms" defaults to 250ms as per binding and could be used in the sensor_task_register() call, but our framework only supports whole seconds and there's no advantage over our current fixed poll interval of 5s. OK patrick
* Remove extraneous call of vm_getbyvmid during pause eventdv2021-04-011-2/+1
| | | | The vm is already being assigned by a call in the if-condition.
* Abate superfluous lines from remote serversjob2021-04-011-1/+2
| | | | OK claudio@
* Compare the pointer variable explicitly with NULL in if conditioninoguchi2021-04-011-18/+17
|
* Hardcode meaningful alert level, track apm's battery state betterkn2021-04-011-23/+7
| | | | | | | | | | | | | | | | | | | | The current code looks for the nonexistent "cellwise,alert-level" property and falls back to zero as threshold (like the original NetBSD code). It also updates the CONFIG register with that very threshold to let the hardware set a bit and thus alert us when it has been reached. Since our sensor framework is designed to poll every N seconds and this driver does not actually look at whether the hardware alerted, neither using a default threshold of zero nor updating the hardware with it makes sense. Remove the alert level code and simply map >50%, >25% and <=25% of remaining battery life to apm(4)'s "high", "low" and "critical" battery state respectively; this matches exactly what acpibat(4) does and provides more meaningful sensor readings without relying on nonexistent device tree bindings. Feedback OK patrick
* merge NSD 4.3.6rc1sthen2021-04-0138-653/+995
|
* import NSD 4.3.6rc1, tested by me and florian@sthen2021-04-012-15/+34
|
* Push kernel lock down to umb_rtrequest().mvs2021-04-011-1/+3
| | | | | | | | | | | | | | | We are going to unlock PF_ROUTE sockets. This means `if_rtrequest' handler will be performed without kernel lock. umb_rtrequest() calls umb_send_inet_proposal() which touches kernel lock protected `ipv{4,6}dns' array. Also umb_rtrequest() is the only handler which requires kernel lock to be held. So push the lock down to umb_rtrequest() instead of grab it around `if_rtrequest' call. This hunk was commited separately for decreases PF_ROUTE sockets unlocking diff. ok gerhard@ deraadt@
* Make build_crls() behave like build_chain(). If there is not auth dataclaudio2021-04-011-9/+12
| | | | | | just NULL the STACK_OF() pointer since libcrypto calls can handle that. Update comments to be more accurate. With and OK tb@
* Do a better job at cleaning up. Remove empty directories, scan not only theclaudio2021-04-012-47/+78
| | | | | | known repositories but also clean up no longer known repositories. With this rpki-client keeps its cache nice and shiny. With and OK job@
* Add encoding.c to the various build targetsclaudio2021-04-011-6/+8
|
* Change search-again with vi keys to work like actual vi(1), also somenicm2021-04-011-51/+162
| | | | other fixes. From Aaron Jensen with help from Anindya Mukherjee.
* Move base64 and hex encoding functions into their own place.claudio2021-04-015-68/+103
| | | | OK tb@
* Missing commas, from Vipul Kumar.nicm2021-04-011-4/+4
|
* Use new limits@openssh.com protocol extension to let the client selectdjm2021-03-313-18/+115
| | | | | | | | | | | good limits based on what the server supports. Split the download and upload buffer sizes to allow them to be chosen independently. In practice (and assuming upgraded sftp/sftp-server at each end), this increases the download buffer 32->64KiB and the upload buffer 32->255KiB. Patches from Mike Frysinger; ok dtucker@
* cannot effectively test posix-rename extension after changes indjm2021-03-311-8/+10
| | | | feature advertisment.
* do not advertise protocol extensions that have been disallowed bydjm2021-03-311-33/+53
| | | | the command-line options (e.g. -p/-P/-R); ok dtucker@
* Set 'select_timeout' to 'now' when an OFFER is received for the IP addresskrw2021-03-311-1/+2
| | | | | | | | | requested in the DISCOVER. i.e. immediately accept the OFFER rather than waiting for select_timeout to expire before accepting the same OFFER. A corner case since select-timeout is 0 by default.
* Add two missing checks for strdup() returning NULL.krw2021-03-311-1/+5
|
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* add --no-motd to SYNOPSIS;jmc2021-03-311-1/+2
|
* Add option to suppress the Message of the Dayjob2021-03-314-8/+17
| | | | Fine deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.