summaryrefslogtreecommitdiffstats
path: root/sbin (follow)
Commit message (Collapse)AuthorAgeFilesLines
* use (undocumented) base64 code in libc instead of libcrypto.dlg2020-06-222-11/+10
| | | | | | naddy gave me a pointer in the right direction ok millert@ deraadt@ looks good to matt dunwoodie
* various minor tweaks;jmc2020-06-211-7/+7
|
* wgpip -> wgendpoint. ok dlg@matthieu2020-06-211-3/+3
|
* teach ifconfig about wireguard.dlg2020-06-213-6/+452
| | | | | | | | | | | | | | note that this links ifconfig with libcrypto to get at base64 encoding and decoding routines. im looking at an alternative way to do that, so hopefully this is temporary. secondly, note that all the wireguard stuff is under ifndef SMALL, so the special build of ifconfig for install media does include wireguard support, and also does not need libcrypto. from Matt Dunwoodie and Jason A. Donenfeld ok deraadt@
* With filesystem having many cylinder groups and many inodes per cg theotto2020-06-2011-110/+128
| | | | | | | ncg * ipg calcualtion can overflow if signed types are used. Move to uint32_t for the relevant values. Aligned with FreeBSD changes. Also make sure newfs refuses to create an fs with more that 2^32-1 inodes. ok millert@
* Fix handling of short EAP-MSCHAP messages.tobhe2020-06-181-14/+25
| | | | ok patrick@
* Fix length check in ca_getreq().tobhe2020-06-171-5/+14
| | | | ok patrick@
* Log errors with log_info and SPI prepended.tobhe2020-06-151-9/+15
|
* Move AUTH_REQUEST SA state change from parser to IKE_AUTH exchange handler.tobhe2020-06-092-11/+12
| | | | ok patrick@
* Add default proposals for AES-GCM ciphers in IKE and ESP.tobhe2020-06-051-59/+184
| | | | ok patrick@
* Simplify logic in add_route(), eliminating pointless code duplication andkrw2020-06-031-59/+32
| | | | | | improving clarity. No intentional functional change.
* Pass sockaddr instead of sockaddr_storage to sa_address.tobhe2020-06-033-14/+16
| | | | ok patrick@
* Don't leak authmsg.tobhe2020-06-021-1/+3
| | | | ok patrick@
* Fix "comparison of integers of different signs" warning.tobhe2020-06-011-3/+3
| | | | ok patrick@
* Indentation style(9).tobhe2020-05-301-11/+11
|
* dev/rndvar.h no longer has statistical interfaces (removed during variousderaadt2020-05-291-2/+1
| | | | | | conversion steps). it only contains kernel prototypes for 4 interfaces, all of which legitimately belong in sys/systm.h, which are already included by all enqueue_randomness() users.
* Move duplicate SA negotiation code to ikev2_sa_negotiate_common().tobhe2020-05-281-88/+40
| | | | ok patrick@
* A few stray 'ifa' overloadings.krw2020-05-282-6/+6
|
* Make generation numbers unsigned and fill them using a random numberotto2020-05-282-11/+11
| | | | | | | from the range [1..UINT_MAX] initially. On inode re-use increment and on wrap refill from the range [1..UINT_MAX-1] to avoid assigning UINT_MAX (the original value). Zero still means uninitialized. ok millert@
* Reduce 'ifa' overloading by renaming some parameters 'address'.krw2020-05-281-9/+9
|
* Reduce 'ifa' overloading by renaming proposal field from 'ifa' tokrw2020-05-283-10/+10
| | | | 'address'.
* Wrap some overly long lines.krw2020-05-263-8/+15
|
* Nuke a superflous local array in release_lease().krw2020-05-261-4/+3
|
* Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe2020-05-268-86/+367
| | | | | | | | | They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
* Do not log "startup" to syslog.florian2020-05-252-6/+2
| | | | | | | | | | | | slaacd and unwind start very early in the boot process and syslog is not fully available yet so these messages tend to get lost. But they are also not particularly useful. Prompted by a report by Jason Mader on bugs@ OK deraadt, claudio, bluhm Note that this code has been copied around to all our privsep daemons and also lives in usr.sbin. Leave it alone there because multiple people said they find it useful for those daemons.
* Rename various parameters and variables to eliminate misleadingkrw2020-05-211-39/+38
| | | | allusions to 'rtstatic'.
* extract_classless_route() -> extract_route() as there is only the one routekrw2020-05-213-12/+14
| | | | extraction function.
* Rename route_in_rtstatic() to route_pos() to more clearly reflect itskrw2020-05-211-5/+5
| | | | current usage.
* Remove no longer necessary RTLEN.krw2020-05-202-6/+3
|
* Fix typo in comment.krw2020-05-201-2/+2
|
* Rename proposal{} fields rtstatic_len, rtsearch_len and rtdns_len tokrw2020-05-203-32/+32
| | | | | | | routes_len, domains_len, ns_len. Removes obsolete alignment with names of RTM_PROPOSAL fields and makes code easier to read. No intentional functional change.
* Replace fixed 128-byte fields for search domains, static routes andkrw2020-05-204-32/+47
| | | | | | | | | | | | domain name servers with variable sized uint8_t chunks. Allows larger lists of search domains and static routes while making common situations use much less memory. Original report of breaching the 128-byte limit for static routes from James Cook via misc@. Testing of various versions by Andreas Kusalananda.
* Eliminate imsg_propose{}, imsg_revoke{} and imsg_tell_unwind{} askrw2020-05-193-45/+27
| | | | | | | unnecessary wrappers, since they all contained a single field that could be used as is. Suggested by claudio@
* sync libunbound fixes from unbound, ok florian@sthen2020-05-199-72/+246
|
* Move back to FFS1 by default for MFS as suggested by millert@. OK otto@sthen2020-05-191-2/+2
|
* Copy ownership/permissions from the mountpoint to FFS2 MFS, as already donesthen2020-05-191-7/+13
| | | | | for FFS1 MFS. Problem reported by Mark Patruck and Andreas Kusalananda Kahari. ok otto@
* Make ffs2 the default for newfs; change all calls to create e.g. floppyotto2020-05-182-7/+6
| | | | | filesystems or ramdisks to use explicit -O 1; installer already does that. ok sthen@
* list example files in FILES with a short description: generally, "Examplejmc2020-05-161-4/+4
| | | | | | | configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
* Shuffle and tweak code in lease_as_proposal() to allocate the proposalkrw2020-05-151-59/+55
| | | | | | | | after the variable length data (static routes, search path, dns servers) sizes are deteremined. No intentional functional change. Allows potential change to variable length proposals.
* Fix domain-search option processing. Testing one value and then usingkrw2020-05-151-2/+2
| | | | | | a different value to limit memcpy() is a bad thing. Discovered & fix tested by Andreas Kahari. Thanks!
* Be more careful in extracting the uint16_t value of interface-mtu, andkrw2020-05-152-6/+7
| | | | | | | in printing the int field we store it in. i.e. '%d' not '%u. Discovered while tracking down breakage reported by Andreas Kahari on bugs@.
* pf(4): use CLOCK_BOOTTIME to get time_uptime(9) in userspacecheloha2020-05-151-2/+2
| | | | | | | | | | | | | | | | In pf(4), the pf_status.since timestamp is set with time_uptime(9). This is a low-res snapshot of nanouptime(9). nanouptime(9) is used to implement CLOCK_BOOTTIME for clock_gettime(2). It is not used to implement CLOCK_UPTIME, though. The names are misleading. Switch to CLOCK_BOOTTIME in places in userspace where we use pf_status.since so we are working with the right clock. Technically CLOCK_MONOTONIC is equivalent, but we shouldn't use that here. CLOCK_MONOTONIC is not necessarily the "time since boot": the standard says its absolute value is meaningless. ok patrick@ bluhm@
* Stricter return value checking for EVP_Cipher* calls.tobhe2020-05-143-31/+48
| | | | ok patrick@
* Massage merge_option_data() to be more careful when dealing with 'D'krw2020-05-143-17/+43
| | | | | | (domain search) and 't' (text) options. Enables append/prepend for the domain-search option by inserting blanks between the domains and ensures the presence of a terminating NUL when merging text.
* Remove unnecessary logging messages.tobhe2020-05-131-5/+2
|
* Repair 'domain-search' parsing broken in r1.191.krw2020-05-131-10/+11
|
* We don't count a terminating NUL in the length of option data.krw2020-05-132-5/+5
|
* Nuke a variable that is always set to 0.krw2020-05-131-4/+3
|
* No need to memcpy() into a string created by strdup().krw2020-05-131-3/+2
|
* Remove dead 'iked_flow' member 'flow_type'.tobhe2020-05-132-16/+5
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.