summaryrefslogtreecommitdiffstats
path: root/sbin (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Tweak log_debug() verbiage to reduce repetitive infokrw2021-04-011-21/+44
| | | | | (ACK/NAK), add details (DISCOVER/REQUEST) and provide before/after info for SSID/LLADDR/MTU changes.
* Also immediately accept the *first* OFFER if it matches the requested address,krw2021-04-011-2/+5
| | | | | rather than waiting for select_timeout to expire before accepting the same OFFER.
* Set 'select_timeout' to 'now' when an OFFER is received for the IP addresskrw2021-03-311-1/+2
| | | | | | | | | requested in the DISCOVER. i.e. immediately accept the OFFER rather than waiting for select_timeout to expire before accepting the same OFFER. A corner case since select-timeout is 0 by default.
* Add two missing checks for strdup() returning NULL.krw2021-03-311-1/+5
|
* Fix some debug output when running in foreground.krw2021-03-311-4/+8
| | | | | | Call tick_msg() at startup so it knows if the link is up. Don't emit 'link timeout expired' messages after the link has been up.
* Now that the real time and monotonic time streams don'tkrw2021-03-283-22/+22
| | | | | | | cross flip CLOCK_REALTIME to CLOCK_MONOTONIC. Suggested by cheloha@, millert@, otto@ at various stages in the time_t -> timespec conversion.
* Convert remaining timers (lease renew, rebind, expiry) tokrw2021-03-282-54/+60
| | | | | | | | timespec values. Translate from the epoch values in leases to timespec values in one place. Final step to allow CLOCK_REALTIME -> CLOCK_MONOTONIC time accounting for the active lease.
* If we want to configure default routes over multiple interfaces weflorian2021-03-271-4/+19
| | | | | | | | need to provide the address of the interface behind which the default router is in case they are on the same subnet otherwise the kernel can't figure out which route we are talking about This happens for example when your wifi and wired networks are bridged. Pointed out by claudio some time ago.
* Sync correct ROUNDUP() from net/route.ctobhe2021-03-251-3/+2
|
* More timespec conversions. Less 'seconds' arithmetic.krw2021-03-242-58/+75
|
* Don't send DELETE notify if IKE SA is replaced because oftobhe2021-03-231-2/+2
| | | | | | | 'enforcesingleikesa'. Fixes an interop problem with strongswan if make-before-break is enabled. ok patrick@
* BOOTP has a minimum packet length of 300 bytes. Since DHCP isflorian2021-03-221-2/+10
| | | | | | | | | interoperable with BOOTP we should also send packets that have a minimum size of 300. I haven't seen a DHCP server that actually enforces this except the one in vmd(8), but it doesn't cost us much and prevents hair pulling later on when we find one in the wild. OK deraadt
* Avoid overflow by writing x = (y * 7) / 8 as x = y - (y / 8); ok florianotto2021-03-221-2/+2
|
* The tag comes after iface in iked.conf(5).tobhe2021-03-211-4/+4
|
* Use new terminology of RFC 8981 and (mechanically) replace "privacy"florian2021-03-215-43/+44
| | | | with "temporary".
* Don't warn that we can't form a temporary address when a routerflorian2021-03-211-5/+6
| | | | | | | deprecates a prefix by sending a pltime of 0, this is normal. Continue warning when the pltime is smaller than 5 as this is almost certainly a configuration error. Found the hard way by & OK otto.
* RFC 8981 allows the configuration of only temporary IPv6 addresses.florian2021-03-201-3/+6
| | | | | | | | Keep "temporary" the default when setting inet6 autoconf but make it possible to disable the "autoconf" flag but keep "temporary" enabled. The normal usecase to only have temporary autoconf addresses would be "inet6 temporary" in hostname.if OK kn
* RFC 8981 allows the configuration of only temporary IPv6 addresses.florian2021-03-203-8/+21
| | | | | | Track autoconf and temporary flag individually to be able to support this. OK kn
* Fix SMALL build when done from sbin/slaacdkn2021-03-204-7/+15
| | | | | | | distrib/special/slaccd is the actual SMALL user but having it build from here is useful, too; in fact, it showed some more unused variables under SMALL. OK florian
* Edit wireguard for concision. Remove some background covered by wg(4).procter2021-03-191-85/+74
| | | | | | Swap -wgpeerall and wgpeer in synopsis to ease parsing. "I'm good" - Matt Dunwoodie. "just commit" - jmc suggestions and ok sthen@
* Fix function name in warningkn2021-03-191-2/+2
|
* RTM_IFINFO is providing the mac address now, no need to go throughflorian2021-03-191-44/+16
| | | | | | getifaddrs on every route message. This also allows us to drop the route pledge since we only need to fetch the interface state with getifaddrs on startup.
* Document "-tunneldomain" and "-mplslabel", complete MPLS synopsiskn2021-03-181-5/+9
| | | | OK claudio
* Split off init_ifaces from update_iface. init_ifaces discovers theflorian2021-03-171-76/+152
| | | | | | | | | | | | | | | | | | | | | | state of the machine on startup using ioctl(2) and getifaddrs(3). We can then update this state with information provided by route messages. We still need getifaddrs(3) to check if the layer 2 address has changed. This simplifies error handling (what should we do if ioctl(2) fails?), reduces kernel round trips (no need to ask the kernel again for information RTM_IFINFO provided already) and prevents a theoretical race between RTM_IFINFO and getaddrinfo(3). In a fast link state UP -> DOWN -> UP transition RTM_IFINFO informs us that the link went down but we were not using this information but rather looked at getifaddrs(3) information which might see the link as already up again. We would then do nothing while we should try to get a new lease. By storing all interface information in the frontend process we can skip imsgs to the engine process if we get an RTM_IFINFO without relevant changes for us.
* Add 'grp31' alias for curve25519 as documented in iked.conf(5).tobhe2021-03-161-1/+2
|
* Nuke unused time_t variable.krw2021-03-161-5/+2
|
* Move setifrtlabel() and *keepalive() prototypes out of SMALLkn2021-03-161-4/+4
| | | | | | | | | Those commands are not supported under SMALL; unless I overlooked others, this should be the last bit to declare all prototypes correctly wrt. SMALL (the overall unsorted order of both prototypes and commands makes this hard to spot). No object change, with and without SMALL.
* sync to unbound 1.13.1; heavy lifting by sthenflorian2021-03-1636-2951/+3596
|
* Don't (try to) deconfigure an interface that was never configured.florian2021-03-161-1/+4
|
* We can't learn anything interesting from RTM_NEWADDR, stop handlingflorian2021-03-162-11/+3
| | | | it.
* We makes sure that a dh group is required if the local proposaltobhe2021-03-151-3/+13
| | | | | | | | contains an explicit group transform. Override requiredh if one of the local options is 'none' so that a proposal with no DH group and on with explicit group 'none' result in a match. ok patrick@
* Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in grouptobhe2021-03-151-3/+7
| | | | | | | | | 'none' (disabling PFS). Fixes a bug when the initiator sends a KE payload but the negotiation results in DH group "none". For other DH group mismatches we send an INVALID_KE notify, for 'none' we can just ignore the KE payload. ok patrick@
* Log errors with log level info and SPI.tobhe2021-03-141-12/+17
|
* Since we are doing getifaddrs() anyway we can get the rdomain out offlorian2021-03-141-49/+33
| | | | | AF_LINK and skip one ioctl. OK benno
* Remove "deletetunnel" (deprecated with 6.4)kn2021-03-131-3/+1
| | | | OK deraadt
* Move all rdomain bits under SMALLkn2021-03-131-4/+6
| | | | | | | "[-]rdomain" commands are ignored under SMALL but their prototypes, the global and therefore dead print logic are still in. OK deraadt
* Move MPLS related function prototypes under SMALLkn2021-03-131-16/+16
| | | | OK deraadt
* INET6_NOPRIVACY is called AUTOCONF6TEMP now, missed during rename.florian2021-03-121-2/+2
|
* Add deprecation warning for autoconfprivacy.florian2021-03-121-5/+27
| | | | | | While here check address family for 'temporary' option, only inet6 is allowed. OK kn
* fix a double space and a macro error;jmc2021-03-111-3/+3
|
* When RFC 8981 obsoleted RFC 4941 the terminology changed fromflorian2021-03-113-15/+18
| | | | | | | | | | | | | | | | | | | "privacy extensions" to "temporary address extensions" Change ifconfig(8) to output temporary after temporary addresses and add "temporary" option which is an alias for autoconfprivacy for now. Also make AUTOCONF6TEMP a positiv flag that is set by default. Previously the negative flag "INET6_NOPRIVACY" was set when privacy addresses were disabled. This makes the flags output less ugly and will allow us to disable autoconf addresses while having temporary addresses enabled in the future. More work is needed in slaacd. input benno, jmc, deraadt previous verison OK benno OK jmc, kn
* Use timespec timers to determine when select-timeout and timeout intervalskrw2021-03-112-14/+35
| | | | | | are exceeded. Feedback from otto@, cheloha@
* Remove unhelpful sentence from TPMRkn2021-03-111-3/+1
| | | | with dlg
* Document veb(4)kn2021-03-111-2/+99
| | | | | | | | | | | | | | | | All text is copied from other already existing sections, i.e. link flag handling from TPMR and the rest from BIDGE. Contrary to BRIDGE, add a synopsis for VEB such that there's a simple overwiew, especially since veb(4) currently does not explain *how* to use the described features. NB: While TPMR and VEB use the same wording for link flags, their semantics are different, i.e. both different flags and swapped polarity for those flags. Feedback jmc dlg OK dlg
* Also log transforms on IKE SA rekey.tobhe2021-03-091-3/+10
|
* Zap stray Xrkn2021-03-091-2/+1
|
* Fix TRUNK synopsis alignmentkn2021-03-091-2/+6
|
* Replace time_t startup_time with struct timespec link_timeout.krw2021-03-093-12/+19
| | | | Feedback from otto@
* Do not adjust (uhm.. zero) the swap 'b' partition size if physmem isderaadt2021-03-091-2/+2
| | | | | | zero (should not happen, but did), because the auto-allocate code will put a filesystem on that partition. ok otto kurt
* dhclient relationship with "inet autoconf" is incorrect, it activatedderaadt2021-03-081-5/+5
| | | | dhcpleased.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.