| Commit message (Collapse) | Author | Files | Lines |
|---|
|
OK millert@
|
|
Makes previously explicit checking less verbose.
OK millert@
|
|
One case uses the explicit range from the code and the other was
inferred from reading the usage.
OK millert@
|
|
I missed the verbose pattern that it used for error checking the first
time around.
OK millert@
|
|
Prefer error reporting is to silent clipping.
OK millert@
|
|
|
|
OK millert@
|
|
defined, as was previously the case.
OK kettenis@
|
|
Clean up things a bit, adding documentation about the source of the
information about these instructions.
From miod@
|
|
both the export check and the address family check should be done as
early as possible since these peers will not need any kind of updates
to happen. Also remove the non-standard ORIGINATOR_ID check.
With this up_test_update() becomes a simple true/false function which
makes the rest of the code a bit simpler.
OK benno@
|
|
correctly by socket splicing. They generate an ELOOP error.
|
|
error, a broadcast mbuf will stay in the socket buffer forever.
This is bad as multiple mbufs can use up all the space. Better
report ELOOP, dissolve splicing, and let userland handle it.
OK anton@
|
|
packets were resent through simplex broadcast delivery and socket
splicing. Although there is an M_LOOP check in somove(9), it did
not take effect. if_input_local() cleared the M_BCAST and M_MCAST
flags with m_resethdr().
As if_input_local() is used for broadcast and multicast delivery,
it was a mistake to delete them. Keep the M_BCAST and M_MCAST mbuf
flags when packets are reinjected into the network stack.
Reported-by: syzbot+a43ace363f1b663238f8@syzkaller.appspotmail.com
OK anton@; discussed with claudio@
|
|
Suggested by martijn@, ok claudio@
|
|
mode. On modern processors (POWER8 and later) there is no performance
penalty for this as long as exceptions are disabled in the FPSCR (which
is the default). This way we don't have to implement an
architecture-dependent system call to set the mode, as it can only be done
by the kernel.
With help from gkoehler@
ok gkoehler@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
more fine grained MaxStartups limits. Man page help jmc@, feedback &
ok djm@
|
|
them for per-source maxstartups limiting. Supplement with some additional
functions from djm's flowtools that we'll also need. ok djm@ (as part of
a larger diff).
|
|
From schwarze, who explains:
* Even though i wrote the original version of our documentation
for this function, i now think the design of this function is so
atrocious that it is better to call out the main limitations
up front (server side only and silent truncation) rather than
first giving the impression that it achieves something it
actually doesn't and then later try to row back in a piece-meal
manner.
* Using a .Bl list for failure conditions in the RETURN VALUES
section is no doubt unusual, but the conditions are so numerous
and some of them are so surprising that i think it makes sense
in this case. If a function is badly designed and has surprising
properties, precision and clarity in the description are even
more important than usual, and conciseness is better sacrificed.
* Adding .Xr SSL_get_ciphers 3 seems helpful.
ok beck inoguchi jsing tb
|
|
As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server
some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due
to missing support for SSL_get_shared_ciphers(). This fixes the parts
related to shared ciphers.
ok beck inoguchi jsing
|
|
SSL_get_shared_ciphers() has been quite broken forever (see BUGS).
What's maybe even worse than those bugs is that it only ever returned
the string representing the client's ciphers which happen to fit into
buf. That's kind of odd, given its name.
This commit brings it in line with OpenSSL's version which changed
behavior almost three years ago.
reviewed and stupid bug caught by schwarze
ok beck inoguchi jsing
commit a216df599a6076147c27acea6c976fb11f505b1a
Author: Matt Caswell <matt@openssl.org>
Date: Fri Apr 27 11:20:52 2018 +0100
Fix SSL_get_shared_ciphers()
The function SSL_get_shared_ciphers() is supposed to return
ciphers shared by the client and the server. However it only
ever returned the client ciphers.
Fixes #5317
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6113)
|
|
ok florian@ tb@
|
|
Feedback by Olivier Cherrier, Hiltjo Posthuma, Mischa
OK benno@
|
|
Prior to calling the callback, ensure that the current (invalid and likely
incomplete) chain is set on the xsc. Some things (like auto chain) depend
on this functionality.
ok beck@
|
|
x509_vfy and have an xsc. There's no point in finding more chains since that
API can not return them, and all we do is trigger buggy callbacks in
calling software.
ok jsing@
|
|
'error' anymore.
|
|
|
|
bridge(4) drops packets coming from somewhere else that have a
source MAC address that's owned by one of the interfaces that's a
member of the bridge. because this check was done with bridge_ourether,
it included the addresses of active carp interfaces hanging off
these member interfaces. this meant if the local machine is the
carp master while another machine is trying to preempt it by sending
hellos, the packets from the other machine were dropped because the
local one is already the master.
carp roles are supposed to move around a l2 network, so another
host sending a packet with a carp mac address is actually normal
and necessary.
found by and fix tested by stsp@
ok stsp@ claudio@
|
|
|
|
what Linux does. Let vmalloc() use km_alloc(9) instead of malloc(9) and
let kvmalloc() only use malloc(9) for small (less than a page) allocations
and atomic allocations. This should reduce the pressure on the
"interrupt-safe" map.
ok jsg@
|
|
Revision 1.21 removed the volatile from the cgi_inflight global but
accept_reserve() was not updated to match. OK florian@
|
|
From Pierre Emeriaud, thanks!
Feeback jmc
OK dlg
|
|
Previously, this code was passing string constants to functions that did
not declare their parameters as const. After this patch, the functions now
declare that they do not modify these arguments, making it safe to pass
string constants. Fixes -Wincompatible-pointer-types-discards-qualifiers.
From Adam Barth <abarth google com>
ok millert
|
|
require more than 768M to build itself.
|
|
With input from jmc@
|
|
|
|
This prevents unwanted spinning with interrupts disabled.
At the moment, this code is only invoked through klist_invalidate()
and the callers should already hold the kernel lock. Also, one could
argue that in MP-unsafe contexts klist_lock() should only assert for
the kernel lock.
|
|
On sparc64, initmsgbuf() is invoked before curcpu() is usable
on the boot processor. Consequently, it is unsafe to use mutexes
during the message buffer initialization. Avoid such use by skipping
log_mtx when appending a newline from initmsgbuf().
Use mbp instead of msgbufp as the buffer argument to the putchar routine
for consistency.
Bug reported and fix suggested by miod@
|
|
|
|
The use of kqueue as backend has introduced a significant regression
in the performance of select(2), so go back to using the original code.
Some additional management overhead is to be expected when using kqueue.
However, the overhead of the current implementation is too high.
Reported by bluhm@ on bugs@
|
|
queue element around once it is sent to the parser process. Instead just
keep a count of pending entities and make the parser send back the entity
type instead of the id (since this is the only field needed to figure out
what to do).
OK job@
|
|
if the user tries to search again with an empty prompt. This matches
emacs behaviour more closely.
|
|
data between processes. This completely decouples the write side.
rpki-client can't really use the imsg framework but it can use the ibuf
bits wich imsg is built on.
OK benno@ job@
|
gnezdo
fcambus
kettenis
claudio
bluhm
rob
jmc
jasper
tb
dtucker
visa
otto
denis
jsing
beck
aoyama
dlg
millert
kn
naddy
espie
nicm