summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* sort options list;jmc2021-04-011-6/+6
|
* spellingderaadt2021-04-011-2/+2
|
* Sort usage: rR -> Rrtb2021-04-011-2/+2
|
* RRDP is currently off by default.claudio2021-04-011-1/+2
|
* Tweak log_debug() verbiage to reduce repetitive infokrw2021-04-011-21/+44
| | | | | (ACK/NAK), add details (DISCOVER/REQUEST) and provide before/after info for SSID/LLADDR/MTU changes.
* Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) supportclaudio2021-04-0110-450/+3252
| | | | | | | | | | | | | | | | in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@
* For the snprintf range check demo, add a (size_t) cast in the right placederaadt2021-04-011-3/+3
| | | | which will satisfy the toughest compiler options
* Also immediately accept the *first* OFFER if it matches the requested address,krw2021-04-011-2/+5
| | | | | rather than waiting for select_timeout to expire before accepting the same OFFER.
* Clean up nonexistent/unused properties handlingkn2021-04-011-12/+1
| | | | | | | | | | Never used since import and probably just ported over from NetBSD as-is; "design-capacity" does not exist in the device tree binding. "monitor-interval-ms" defaults to 250ms as per binding and could be used in the sensor_task_register() call, but our framework only supports whole seconds and there's no advantage over our current fixed poll interval of 5s. OK patrick
* Remove extraneous call of vm_getbyvmid during pause eventdv2021-04-011-2/+1
| | | | The vm is already being assigned by a call in the if-condition.
* Abate superfluous lines from remote serversjob2021-04-011-1/+2
| | | | OK claudio@
* Compare the pointer variable explicitly with NULL in if conditioninoguchi2021-04-011-18/+17
|
* Hardcode meaningful alert level, track apm's battery state betterkn2021-04-011-23/+7
| | | | | | | | | | | | | | | | | | | | The current code looks for the nonexistent "cellwise,alert-level" property and falls back to zero as threshold (like the original NetBSD code). It also updates the CONFIG register with that very threshold to let the hardware set a bit and thus alert us when it has been reached. Since our sensor framework is designed to poll every N seconds and this driver does not actually look at whether the hardware alerted, neither using a default threshold of zero nor updating the hardware with it makes sense. Remove the alert level code and simply map >50%, >25% and <=25% of remaining battery life to apm(4)'s "high", "low" and "critical" battery state respectively; this matches exactly what acpibat(4) does and provides more meaningful sensor readings without relying on nonexistent device tree bindings. Feedback OK patrick
* merge NSD 4.3.6rc1sthen2021-04-0138-653/+995
|
* import NSD 4.3.6rc1, tested by me and florian@sthen2021-04-012-15/+34
|
* Push kernel lock down to umb_rtrequest().mvs2021-04-011-1/+3
| | | | | | | | | | | | | | | We are going to unlock PF_ROUTE sockets. This means `if_rtrequest' handler will be performed without kernel lock. umb_rtrequest() calls umb_send_inet_proposal() which touches kernel lock protected `ipv{4,6}dns' array. Also umb_rtrequest() is the only handler which requires kernel lock to be held. So push the lock down to umb_rtrequest() instead of grab it around `if_rtrequest' call. This hunk was commited separately for decreases PF_ROUTE sockets unlocking diff. ok gerhard@ deraadt@
* Make build_crls() behave like build_chain(). If there is not auth dataclaudio2021-04-011-9/+12
| | | | | | just NULL the STACK_OF() pointer since libcrypto calls can handle that. Update comments to be more accurate. With and OK tb@
* Do a better job at cleaning up. Remove empty directories, scan not only theclaudio2021-04-012-47/+78
| | | | | | known repositories but also clean up no longer known repositories. With this rpki-client keeps its cache nice and shiny. With and OK job@
* Add encoding.c to the various build targetsclaudio2021-04-011-6/+8
|
* Change search-again with vi keys to work like actual vi(1), also somenicm2021-04-011-51/+162
| | | | other fixes. From Aaron Jensen with help from Anindya Mukherjee.
* Move base64 and hex encoding functions into their own place.claudio2021-04-015-68/+103
| | | | OK tb@
* Missing commas, from Vipul Kumar.nicm2021-04-011-4/+4
|
* Use new limits@openssh.com protocol extension to let the client selectdjm2021-03-313-18/+115
| | | | | | | | | | | good limits based on what the server supports. Split the download and upload buffer sizes to allow them to be chosen independently. In practice (and assuming upgraded sftp/sftp-server at each end), this increases the download buffer 32->64KiB and the upload buffer 32->255KiB. Patches from Mike Frysinger; ok dtucker@
* cannot effectively test posix-rename extension after changes indjm2021-03-311-8/+10
| | | | feature advertisment.
* do not advertise protocol extensions that have been disallowed bydjm2021-03-311-33/+53
| | | | the command-line options (e.g. -p/-P/-R); ok dtucker@
* Set 'select_timeout' to 'now' when an OFFER is received for the IP addresskrw2021-03-311-1/+2
| | | | | | | | | requested in the DISCOVER. i.e. immediately accept the OFFER rather than waiting for select_timeout to expire before accepting the same OFFER. A corner case since select-timeout is 0 by default.
* Add two missing checks for strdup() returning NULL.krw2021-03-311-1/+5
|
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* add --no-motd to SYNOPSIS;jmc2021-03-311-1/+2
|
* Add option to suppress the Message of the Dayjob2021-03-314-8/+17
| | | | Fine deraadt@
* tweak column widths of a .Bl -column tableschwarze2021-03-311-3/+4
| | | | | and avoid an over-long source line while here; OK martijn@ jmc@
* turn log_trace() into a macro to prevent evaluating the format stringeric2021-03-312-10/+9
| | | | | | parameters when tracing is not enabled. ok millert@
* Update for DTLSv1.2 support.tb2021-03-311-2/+4
|
* allow to specify tls protocols and ciphers on relay actionseric2021-03-314-10/+46
| | | | ok espie@ sthen@ tb@
* change the barrier so that fd's are always passed and received witheric2021-03-311-8/+10
| | | | | | the first byte of the imsg they belong to. idea, tweaks and ok claudio@
* Remove workarounds for SSL_is_dtls()tb2021-03-312-11/+2
| | | | Reminded by inoguchi jsing
* Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb2021-03-311-5/+1
|
* synctb2021-03-311-4/+4
|
* Bump minors after symbol additiontb2021-03-313-3/+3
|
* Expose various DTLSv1.2 specific functions and definestb2021-03-315-27/+8
| | | | ok bcook inoguchi jsing
* Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-311-18/+4
| | | | ok bcook inoguchi jsing
* Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-312-3/+3
| | | | ok bcook inoguchi jsing
* Document SSL_use_certificate_chain_file(3)tb2021-03-311-11/+3
| | | | ok bcook inoguchi jsing
* Expose SSL_use_certificate_chain_file(3)tb2021-03-312-3/+2
| | | | ok bcook inoguchi jsing
* Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb2021-03-311-1/+2
| | | | ok bcook inoguchi jsing
* Document EVP_PKEY_new_CMAC_key(3)tb2021-03-311-16/+4
| | | | ok bcook inoguchi jsing
* Provide EVP_PKEY_new_CMAC_key(3)tb2021-03-312-5/+2
| | | | ok bcook inoguchi jsing
* Set the process title for the rpki-client subprocesses so they can beclaudio2021-03-311-1/+4
| | | | | identified more easily. OK deraadt@
* Fix some debug output when running in foreground.krw2021-03-311-4/+8
| | | | | | Call tick_msg() at startup so it knows if the link is up. Don't emit 'link timeout expired' messages after the link has been up.
* Make ddb's dependency on libz explicit.visa2021-03-311-12/+12
| | | | OK deraadt@ mpi@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.