wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Files	Lines
2015-10-05	tame "stdio rpath" or tame "stdio" suffices for all of these programs.	deraadt	6	-14/+37
	fairly easy to audit by running nm and noticing nothing beyond base stdio except for fopen/freopen. Then review all callpaths to those functions, and place the tame() calls. ok sthen
2015-10-05	This can use tame "stdio rpath" from the top. If we are only working on	deraadt	1	-2/+8
	stdin, an additional tame "stdio" is easy. same diff from sthen
2015-10-05	tame "stdio rpath" works. (Someone could refactor the processing loop	deraadt	1	-1/+4
	to handle the stdin case without rpath, but it looks a bit invasive. ok sthen
2015-10-05	Simplify iwm(4) newstate task by only queuing one state transition	stsp	2	-53/+26
	at a time. The newstate task now always transitions to the most recently requested state, rather than hopping along with every request. This allows us get rid of the silly newstate generation counter, and we can now task_del() a pending transition when the interface goes down. While several issues with this driver remain, I believe this change does not introduce new problems. Tested by myself, jasper@, and zhuk@
2015-10-05	Factor LACP frame processing out to a separate task	mikeb	3	-7/+44
	This is slightly refactored version of the diff by jmatthew@ that makes use of a single per-trunk task but retains per-port mbuf queues. Running LACP frame processing in a task context allows a simple way to synchronize changes to the trunk ports and trunk itself performed from the ioctl, timeout and task contexts with a kernel lock. OK mpi
2015-10-05	Remove 'landisk' from the comment about NUMBOOT archs. Only one	krw	1	-2/+2
	NUMBOOT arch is left: Vax.
2015-10-05	fix some spelling messes.	sobrado	1	-4/+4

2015-10-05	typo.	sobrado	1	-3/+3

2015-10-05	Fix missing checks for truncation of long file names. Rather than	ratchov	1	-14/+28
	checking for truncation every time we touch the string, simply allocate a memory chunk large enough to store the full path.
2015-10-05	tame "stdio rpath" works fine, as long as we sidestep the demangling	deraadt	1	-1/+5
	process which involves fork+execve.... ok doug
2015-10-05	Since the dawn of time, this has contained freopen() for the tty path	deraadt	1	-2/+2
	with mode "w", as root, since "w" implies O_CREAT. That will create the raw file in /dev if it does not yet exist (due to a lie in utmp). It should use "r+", to open it for for O_RDWR only. Oh man this reminds me of 1988, how old is this bug? ok doug
2015-10-05	tame "stdio rpath" initially; if we find out the only file operated on	deraadt	1	-2/+8
	is stdin, then we can drop directly to tame "stdio" ok doug
2015-10-05	tame "stdio rpath wpath cpath fattr", because this creates new files,	deraadt	1	-0/+3
	fchmod's them, and possibly renames them. ok doug
2015-10-05	refactor, so we don't a C function in a .h file, yuck!	deraadt	3	-57/+27

2015-10-05	Fix ip_is_idle_packet() to parse packets properly.	yasuoka	1	-2/+4
	diff from Yuuichi Someya
2015-10-05	tame "stdio getpw" right at the top; this runs the whole gamut of	deraadt	1	-1/+4
	getpw/gr type functions allowed in that set. ok doug
2015-10-05	tame "stdio rpath" for the entire lifetime. newsyntax() could open a file	deraadt	1	-1/+5
	very early on, but next() can open one quite late. ok doug
2015-10-05	small KNF	deraadt	1	-3/+5

2015-10-05	tame "stdio rpath" early on, but if we discover only stdin is being	deraadt	1	-8/+16
	operated on switch to tame "stdio". Reformat a very ugly code block without braces to squeeze the tame calls in. ok doug
2015-10-05	use the normal -1 check for tame failure	deraadt	1	-3/+3

2015-10-05	use the normal -1 check for tame failure	deraadt	1	-2/+2

2015-10-05	tame "stdio rpath" is enough for the general case, which opens file	deraadt	1	-1/+6
	after file from argv. If it is discovered to be reading from stdin only, go to tame "stdio" ok doug
2015-10-05	Make sure dot is not set after tz - fixes incorrect handling, which allows	jsing	2	-4/+4
	20151005171301+1.09Z to be treated as a valid time. ok beck@
2015-10-05	tame "stdio rpath" works here. It may look like the stdin case can avoid	deraadt	1	-1/+4
	opening files, but no... a file could indicate nested import of another file, so rpath is needed. ok doug
2015-10-05	col can be locked down with tame "stdio", in case it is fed nasty input,	deraadt	1	-1/+4
	or if it has bugs. The previous commits by schwarze indicate the latter case was very true until recently... ok doug
2015-10-05	banner can be restricted to tame "stdio". if this program is put into a	deraadt	1	-1/+4
	foreign-data pipeline, and happens to contain a string handling bug, i do not want it being controlled to open a socket. ok doug
2015-10-05	tame "stdio rpath" works for all use cases of pwd(1). In part this	deraadt	1	-1/+4
	success could be because our getcwd() is backed by a system call, unlike historical practice. Didn't think it through competely, but this could burn someone else later, if they try to port this code to another system. Anyways, good enough for us. all cases tested by doug
2015-10-05	Remove disklabel -B support on landisk - superseded by MI installboot.	miod	1	-3/+2

2015-10-05	No need to create {sd,wd}boot links to xxboot anymore.	miod	1	-3/+1

2015-10-05	Use MI installboot instead of disklabel -B to put boot blocks on installation	miod	3	-13/+10
	media.
2015-10-05	Copy the stage2 file to / in md_installboot().	miod	1	-2/+14

2015-10-05	Oops. Missed file in fdisk commit.	krw	1	-2/+2

2015-10-05	Wrap <resolv.h> so that internal calls go direct	guenther	6	-7/+61
	ok millert@
2015-10-05	When the SIA state is declared for a given destination, reset the	renato	9	-26/+51
	adjacency with the unresponsive neighbor(s).
2015-10-05	Tweak man page to describe newly enhanced '-g' operation.	krw	1	-5/+13

2015-10-05	Enhance '-g' to create a default GPT label in addition to the protective	krw	6	-14/+236
	MBR. If '-b' is specified an EFI System partition of the requested size is created. All remaining space is put into an OpenBSD partition. Minimal enhancement necessary for upcoming UEFI install support. Committed first to flush out any unexpected impacts on 'normal' MBR operation and install media. ok deraadt@
2015-10-05	user land -> userland; from Rob Pierce	deraadt	1	-2/+2

2015-10-05	user land -> userland; from Rob Pierce	deraadt	3	-8/+8

2015-10-04	Ignore IPv4 TLVs in IPv6 instances and vice-versa.	renato	3	-24/+34

2015-10-04	Fix warnings and add safeguards to protect against corrupted data.	renato	11	-41/+45

2015-10-04	Add option to configure or disable the DUAL active timeout.	renato	5	-10/+35

2015-10-04	mention sendto(2) destination address restriction for "rw"	djm	1	-2/+7
	subset; ok deraadt, feedback & ok jmc
2015-10-04	tweak initial output a bit: do not show number of light sensors, just show if	jung	1	-3/+3
	some is found or not, also remove kbdled output as there is no (known) way to test if (not) available at all
2015-10-04	dmesg has two modes. The normal sysctl mode, and the -M/-N kvm searcher.	deraadt	1	-1/+7
	In both cases once the relevant setup is done, it can drop to tame "stdio".
2015-10-04	remove tame "proc". it is not useful, because the "ed" diffs require	deraadt	1	-2/+2
	fork+execve, and execve is not going to become available in this fashion. ed diffs should be handled using a built-in handler, and various folks have been discussing this behind the scenes.
2015-10-04	Move getcwd to a seperate area, with a hand-waving explanation for why	deraadt	1	-2/+7
	it is RPATH\|WPATH... nothing changes, just the new explanation.
2015-10-04	Also needs "rpath" for some circumstances.	deraadt	1	-2/+2

2015-10-04	add _eigrpd user/group	deraadt	3	-1/+4

2015-10-04	expr can use tame "stdio"	deraadt	1	-1/+5
	ok semarie
2015-10-04	ls can use tame "stdio rpath getpw". It does uid/gid lookups, using	deraadt	1	-1/+4
	the 4.4bsd libc caching varients called user_from_uid/group_from_uid, which are backed by getpw/getgr type functions. ok semarie