summaryrefslogtreecommitdiffstats
path: root/usr.sbin/rpki-client/rpki-client.8 (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-04-01spellingderaadt1-2/+2
2021-04-01Sort usage: rR -> Rrtb1-2/+2
2021-04-01RRDP is currently off by default.claudio1-1/+2
2021-04-01Tweak log_debug() verbiage to reduce repetitive infokrw1-21/+44
(ACK/NAK), add details (DISCOVER/REQUEST) and provide before/after info for SSID/LLADDR/MTU changes.
2021-04-01Initial commit of RRDP (The RPKI Repository Delta Protocol - RFC8182) supportclaudio10-450/+3252
in rpki-client. For now it is off by default. All XML processing is done in its own process with minimal pledge rights. It uses the already present https process to fetch the xml files and uses the master porcess to handle the file IO into the repositories. RRDP data is stored in the cache under ./rrdp/ and the first directory is the SHA256 hash of the notify URI. Fetching snapshots and deltas works to bring the cache up to date. If something goes wrong rpki-client will fall back to rsync. RRDP was implemented by Nils Fisher and integrated into rpki-client by myself. "Time to get it in" deraadt@
2021-04-01For the snprintf range check demo, add a (size_t) cast in the right placederaadt1-3/+3
which will satisfy the toughest compiler options
2021-04-01Also immediately accept the *first* OFFER if it matches the requested address,krw1-2/+5
rather than waiting for select_timeout to expire before accepting the same OFFER.
2021-04-01Clean up nonexistent/unused properties handlingkn1-12/+1
Never used since import and probably just ported over from NetBSD as-is; "design-capacity" does not exist in the device tree binding. "monitor-interval-ms" defaults to 250ms as per binding and could be used in the sensor_task_register() call, but our framework only supports whole seconds and there's no advantage over our current fixed poll interval of 5s. OK patrick
2021-04-01Remove extraneous call of vm_getbyvmid during pause eventdv1-2/+1
The vm is already being assigned by a call in the if-condition.
2021-04-01Abate superfluous lines from remote serversjob1-1/+2
OK claudio@
2021-04-01Compare the pointer variable explicitly with NULL in if conditioninoguchi1-18/+17
2021-04-01Hardcode meaningful alert level, track apm's battery state betterkn1-23/+7
The current code looks for the nonexistent "cellwise,alert-level" property and falls back to zero as threshold (like the original NetBSD code). It also updates the CONFIG register with that very threshold to let the hardware set a bit and thus alert us when it has been reached. Since our sensor framework is designed to poll every N seconds and this driver does not actually look at whether the hardware alerted, neither using a default threshold of zero nor updating the hardware with it makes sense. Remove the alert level code and simply map >50%, >25% and <=25% of remaining battery life to apm(4)'s "high", "low" and "critical" battery state respectively; this matches exactly what acpibat(4) does and provides more meaningful sensor readings without relying on nonexistent device tree bindings. Feedback OK patrick
2021-04-01merge NSD 4.3.6rc1sthen38-653/+995
2021-04-01import NSD 4.3.6rc1, tested by me and florian@sthen2-15/+34
2021-04-01Push kernel lock down to umb_rtrequest().mvs1-1/+3
We are going to unlock PF_ROUTE sockets. This means `if_rtrequest' handler will be performed without kernel lock. umb_rtrequest() calls umb_send_inet_proposal() which touches kernel lock protected `ipv{4,6}dns' array. Also umb_rtrequest() is the only handler which requires kernel lock to be held. So push the lock down to umb_rtrequest() instead of grab it around `if_rtrequest' call. This hunk was commited separately for decreases PF_ROUTE sockets unlocking diff. ok gerhard@ deraadt@
2021-04-01Make build_crls() behave like build_chain(). If there is not auth dataclaudio1-9/+12
just NULL the STACK_OF() pointer since libcrypto calls can handle that. Update comments to be more accurate. With and OK tb@
2021-04-01Do a better job at cleaning up. Remove empty directories, scan not only theclaudio2-47/+78
known repositories but also clean up no longer known repositories. With this rpki-client keeps its cache nice and shiny. With and OK job@
2021-04-01Add encoding.c to the various build targetsclaudio1-6/+8
2021-04-01Change search-again with vi keys to work like actual vi(1), also somenicm1-51/+162
other fixes. From Aaron Jensen with help from Anindya Mukherjee.
2021-04-01Move base64 and hex encoding functions into their own place.claudio5-68/+103
OK tb@
2021-04-01Missing commas, from Vipul Kumar.nicm1-4/+4
2021-03-31Use new limits@openssh.com protocol extension to let the client selectdjm3-18/+115
good limits based on what the server supports. Split the download and upload buffer sizes to allow them to be chosen independently. In practice (and assuming upgraded sftp/sftp-server at each end), this increases the download buffer 32->64KiB and the upload buffer 32->255KiB. Patches from Mike Frysinger; ok dtucker@
2021-03-31cannot effectively test posix-rename extension after changes indjm1-8/+10
feature advertisment.
2021-03-31do not advertise protocol extensions that have been disallowed bydjm1-33/+53
the command-line options (e.g. -p/-P/-R); ok dtucker@
2021-03-31Set 'select_timeout' to 'now' when an OFFER is received for the IP addresskrw1-1/+2
requested in the DISCOVER. i.e. immediately accept the OFFER rather than waiting for select_timeout to expire before accepting the same OFFER. A corner case since select-timeout is 0 by default.
2021-03-31Add two missing checks for strdup() returning NULL.krw1-1/+5
2021-03-31one of the examples needs an -N (and explanation);jmc1-4/+7
diff from robert scheck discussed with and tweaked by sthen
2021-03-31add --no-motd to SYNOPSIS;jmc1-1/+2
2021-03-31Add option to suppress the Message of the Dayjob4-8/+17
Fine deraadt@
2021-03-31tweak column widths of a .Bl -column tableschwarze1-3/+4
and avoid an over-long source line while here; OK martijn@ jmc@
2021-03-31turn log_trace() into a macro to prevent evaluating the format stringeric2-10/+9
parameters when tracing is not enabled. ok millert@
2021-03-31Update for DTLSv1.2 support.tb1-2/+4
2021-03-31allow to specify tls protocols and ciphers on relay actionseric4-10/+46
ok espie@ sthen@ tb@
2021-03-31change the barrier so that fd's are always passed and received witheric1-8/+10
the first byte of the imsg they belong to. idea, tweaks and ok claudio@
2021-03-31Remove workarounds for SSL_is_dtls()tb2-11/+2
Reminded by inoguchi jsing
2021-03-31Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb1-5/+1
2021-03-31synctb1-4/+4
2021-03-31Bump minors after symbol additiontb3-3/+3
2021-03-31Expose various DTLSv1.2 specific functions and definestb5-27/+8
ok bcook inoguchi jsing
2021-03-31Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb1-18/+4
ok bcook inoguchi jsing
2021-03-31Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2-3/+3
ok bcook inoguchi jsing
2021-03-31Document SSL_use_certificate_chain_file(3)tb1-11/+3
ok bcook inoguchi jsing
2021-03-31Expose SSL_use_certificate_chain_file(3)tb2-3/+2
ok bcook inoguchi jsing
2021-03-31Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb1-1/+2
ok bcook inoguchi jsing
2021-03-31Document EVP_PKEY_new_CMAC_key(3)tb1-16/+4
ok bcook inoguchi jsing
2021-03-31Provide EVP_PKEY_new_CMAC_key(3)tb2-5/+2
ok bcook inoguchi jsing
2021-03-31Set the process title for the rpki-client subprocesses so they can beclaudio1-1/+4
identified more easily. OK deraadt@
2021-03-31Fix some debug output when running in foreground.krw1-4/+8
Call tick_msg() at startup so it knows if the link is up. Don't emit 'link timeout expired' messages after the link has been up.
2021-03-31Make ddb's dependency on libz explicit.visa1-12/+12
OK deraadt@ mpi@
2021-03-31syncsthen2-54/+54
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.