| Commit message (Collapse) | Author | Files | Lines |
|---|
|
While here check address family for 'temporary' option, only inet6 is
allowed.
OK kn
|
|
Tested by:
iwn 6200: stsp
iwn 6205: cwen, Jeremy O'Brien
iwn 6300: okan
|
|
Tested by:
iwm 7260: florian
iwm 7265: TronDD, Aaron Miller, stsp
iwm 8260: bket
iwm 8265: matthieu, tracey, naddy, Dave Voutila, jcs, Mathieu Kerjouan,
Matthias Schmidt, stsp
iwm 9260: matthieu, phessler, Darren VanBuren
iwm 9560: Uwe Werler
|
|
Written by Christian Ehrhardt and myself, based on ieee80211_mira.c
but with significant changes.
The main difference is that RA does not attempt to precisely measure
actual throughput but simply deducts a loss percentage from the
theoretical throughput which can be achieved by a given MCS.
Unlike MiRa, RA does not use timeouts to trigger probing.
Probing is triggered only by changes in measured throughput.
Unlike MiRA, RA doesn't care whether a frame was part of an A-MPDU.
RA simply collects statistics for individual subframes. This makes reporting
very easy for drivers and seems to work well enough in practice.
Another difference is that drivers can report multi-rate retries properly
via ieee80211_ra_add_stats_ht(mcs, total, fail) which can be called
several times before ieee80211_ra_choose() selects a new Tx rate.
There is no reason any issues could not be fixed in ieee8011_mira.c but
I felt it was a good moment to burn the house down and start over.
And since this code diverges from how MiRA is described in the research
paper applying the "MiRA" label becomes inappropriate.
|
|
suggested by jsing
|
|
ok jsing
|
|
x509_internal.h defines caps on the number of name constraints and
other names (such as subjectAltNames) that we want to allocate per
cert chain. These limits are checked too late. In a particularly
silly cert that jan found on ugos.ugm.ac.id 443, we ended up
allocating six times 2048 x509_constraint_name structures before
deciding that these are more than 512.
Fix this by adding a names_max member to x509_constraints_names which
is set on allocation against which each addition of a name is checked.
cluebat/ok jsing
ok inoguchi on earlier version
|
|
improvements:
- Enlarge vertical line for consistency with other small sizes (5x8 version)
- Add full support for the Latin-1 Supplement Unicode block (6x12 version)
|
|
ok mpi@
|
|
With dhcpleased(8) in base, netstart(8) and ifconfig(8) understand both
"autoconf" and "inet autoconf" lines in hostname.if(5) files to signal the
new daemon.
The installer however currently has only dhclient(8), hence manual upgrades
with "[inet] autoconf" instead of "dhcp" in hostname.if files would fail to
establish IPv4 connectivity.
Make install.sub's netstart clone treat autoconf lines like old fashioned
dhcp lines such users^Wearly testers of the new approach don't get stuck in
nyetwork land.
Note that this is only relevant for manual upgrades; installation always
creates working hostname.if files and automated upgrades with sysupgrade(8)
do not care about network/hostname.if files.
Idea from deraadt
OK deraadt krw ajacoutot
|
|
|
|
single_thread_set() is modified to explicitly indicated when waiting until
sibling threads are parked is required. This is obviously not required if
a traced thread is switching away from a CPU after handling a STOP signal.
ok claudio@
|
|
rather than sending it and then immediately undoing it with cnorm. Also
turn it off when the cursor shape is changed like xterm.
|
|
|
|
|
|
|
|
"moduli" file containing the groups for DH-GEX. This will allow us to
run tests against arbitrary moduli files without having to install them.
ok djm@
|
|
library calls; bz3273 ok dtucker@
|
|
Fixes a portability issue. From Benjamin Baier
|
|
Specifically, the following quiz.db line
foo:\
bar
was parsed into "foo:bar\n", which made it impossible to answer correctly.
Bug reported and inital fix from Alex Karle, partially reworked by
yours truly, further input from millert@
|
|
|
|
"privacy extensions" to "temporary address extensions"
Change ifconfig(8) to output temporary after temporary addresses and
add "temporary" option which is an alias for autoconfprivacy for now.
Also make AUTOCONF6TEMP a positiv flag that is set by default.
Previously the negative flag "INET6_NOPRIVACY" was set when privacy
addresses were disabled. This makes the flags output less ugly and
will allow us to disable autoconf addresses while having temporary
addresses enabled in the future.
More work is needed in slaacd.
input benno, jmc, deraadt
previous verison OK benno
OK jmc, kn
|
|
Pledge is not possible due to the ioctls, but as apmd hoists both the
control socket and apm device early at startup and only ever possibly
executes scripts under /etc/apm/, hiding the rest of the filesystem
becomes easy.
Technically, only "x" is required to traverse the directory and run
scripts, but apmd carefully access(2) each script, which requires
the read bit regardless of the permission bits being tested.
OK mestre
|
|
Now that we store our maximum TLS version at the start of the handshake,
we can check against that directly.
ok inoguchi@ tb@
|
|
AUTOCONF6 flag is already set.
This is likely a leftover from when we sent router solicitations from
the kernel. This was a way to trigger sending a solicitation from
userland.
OK kn
|
|
ok florian claudio
|
|
are exceeded.
Feedback from otto@, cheloha@
|
|
|
|
The repo structs are reallocated during runtime and so the back pointers to
the head element of the TAILQ get corrupted.
Noticed by tb@
|
|
instead of running pkg_add which may block due to its locking mechanism.
Precise file to check for suggested by sthen
ok kn deraadt on previous version
|
|
|
|
ok patrick@
|
|
with dlg
|
|
All text is copied from other already existing sections, i.e. link flag
handling from TPMR and the rest from BIDGE.
Contrary to BRIDGE, add a synopsis for VEB such that there's a simple
overwiew, especially since veb(4) currently does not explain *how* to use
the described features.
NB: While TPMR and VEB use the same wording for link flags, their semantics
are different, i.e. both different flags and swapped polarity for those
flags.
Feedback jmc dlg
OK dlg
|
|
"good idea" sthen
|
|
just drop the entity queue element.
OK benno@ tb@
|
|
Simplifies the code a fair bit.
OK tb@
|
|
hardware which include a common parent block in their device trees and
only enable the components that were actually implemented, as seen on
e.g. the NanoPi R4S.
|
|
hardware which include a common parent block in their device trees and
only enable the components that were actually implemented, as seen on
e.g. the NanoPi R4S.
ok kettenis@
|
|
|
|
|
|
|
|
so escape it;
|
|
instead of only the available space. From Magnus Gross in GitHub issue 2578.
|
|
|
|
reduce size. Allows a clang 11 amd64 release to complete without
overflowing the floppy image.
ok kettenis@ deraadt@
|
|
caused by the reference handling change from December.
ok kettenis@ patrick@
|
|
From Josh Rickmar.
|
|
These are not in a printable format, hence printing them as string is
wrong. Additionally, aml_searchrel()/aml_searchname() expect the name
to be passed in a printable format as well. Passing a nameref can lead
to an out-of-bounds read, and the comparison can fail. Hence make sure
that namerefs are passed to aml_getname() first, which returns printable
strings. Note that aml_getname() uses a static buffer, so there are a
few restrictions how the string can be used.
ok kettenis@
|
|
From gotroyb127, OK tb@
|
florian
stsp
tb
fcambus
jsg
kn
mpi
nicm
jmc
dtucker
djm
millert
naddy
jsing
deraadt
krw
claudio
kettenis
patrick
tobhe