| Age | Commit message (Collapse) | Author |
|---|
|
initialization. Also don't check request authenticator for other than
Accounting-Request.
|
|
|
|
|
|
Authorization Extensions"(DAE) are supported.
feedback markus stu
ok tobhe
|
|
The pipex code in gre_send() matches more or less what udp_send()
does. This has been MP safe for a long time. rip_send() is already
called with PR_MPSOCKET.
OK mvs@
|
|
in ip6_forward.c.
|
|
Forwarding IPv6 packets is slower than IPv4. Reason is that m_copym()
is done for every packet. Just in case we may have to send an ICMP6
packet, ip6_forward() creates a mbuf copy. After that mbuf cluster
is read only, so for the ethernet header another mbuf is allocated.
pf NAT and RDR ignores readonly clusters, so it also modifies the
potential ICMP6 packet.
IPv4 ip_forward() avoids all these problems by copying the leading
68 bytes of the original packets onto the stack. More is not need
for ICMP. IPv6 RFC 4443 2.4. (c) requires up to 1232 bytes in the
ICMP6 packet. This cannot be copied to the stack.
The reason for the difference in the standard seems to be that the
ICMP6 packet has to contain the full header chain. If we have a
simple TCP, UDP or ESP packet without chain, do a shortcut and just
preserve the header for the ICMP6 packet.
Small packets already use stack memory, large packets need extra
mbuf allocation. Now truncate ICMP6 packet to a reasonable length
if the original packets has a final protocol header directly after
the IPv6 header. List of suitable protocols contains TCP, UDP, ESP
as they cover the common cases and anything behind the header should
not be needed for path MTU discovery.
OK deraadt@ florian@ mvs@
|
|
It broke resume from hibernate. :(
|
|
|
|
All incpb locking has been converted to socket receive buffer mutex.
Per PCB mutex inp_mtx is not needed anymore. Also delete PRU related
locking functions. A flag PR_MPSOCKET indicates whether protocol
functions support parallel access with per socket rw-lock.
TCP is the only protocol that is not MP capable from the socket
layer and needs exclusive netlock.
OK mvs@
|
|
This makes signal handler safe on OpenBSD.
To avoid overflows the accuracy is scaled. Above 10 minutes run time
we only care about second accuracy. Between 1 seconds and 10 minutes
we use millisecond accuracy.
Below one second we use nanoseconds, but those numbers are probably
meaningless.
Signal handler problem pointed out by deraadt
OK deraadt, millert, tb
|
|
Of allowing you to pass in a NID directly, instead of a trust_id,
and have it work, as long as the trust_id's and the NID's did not
overlap.
This screwball behaviour was depended upon by the OCSP code that
called X509_check_trust with the NID, instead of the trust id, so
let's fix that.
We also rename the confusingly named X509_TRUST_DEFAULT to
X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill
this to remove the confusingly named static functions.
This will shortly be follwed up by making this function private,
so we have not bothered to fix the amazingly obtuse man page
as it will be taken behind the barn at that time.
ok tb@
|
|
udp_send() and following udp{,6}_output() do not append packets to
`so_snd' socket buffer. This mean the sosend() and sosplice() sending
paths are dummy pru_send() and there is no problems to simultaneously
run them on the same socket.
Push shared solock() deep down to sesend() and take it only around
pru_send(), but keep somove() running unedr exclusive solock(). Since
sosend() doesn't modify `so_snd' the unlocked `so_snd' space checks
within somove() are safe. Corresponding `sb_state' and `sb_flags'
modifications are protected by `sb_mtx' mutex(9).
Tested and OK bluhm.
|
|
|
|
some log messages.
|
|
The XXX comment in here is now outdated. Our behaviour matches boringssl
in that passing in a 0 trust gets the default behavior, which is to
trust the certificate only if it has EKU any, or is self signed.
Remove the goofy unused nid argument to "trust_compat" and rename it to
what it really does, instead of some bizzare abstraction to something
simple so the code need not change if we ever change our mind on what
"compat" is for X.509, which will probably only happen when we are back
to identifying things by something more sensible like recognizable grunts
and smells.
ok jsing@
|
|
memory. This removes memory allocation from the resume-side of
device activation.
ok deraadt@
|
|
ok dv@
|
|
the signal handler was calling a big function which is shared between
multiple contexts -- that hides the rule that this big function has
signal safe requirements (which it fails). now, the signal handler
contains all the code, and everyone else calls the signal handler function
as a regular function, from their (normal) contexts.
the signal handler context is the most strict, so this pattern is better.
ok florian
|
|
When we get bumped to userland and the fault is already handled,
don't log anything. It's way too chatty and helps nobody trying to
debug things.
|
|
|
|
bridge(4) has weird interactions with traffic crossing the bridge.
Missing change after updating the faq pointed out by ajacoutot
OK dv
|
|
codepoint, so convert extended keys properly. From Stanislav Kljuhhin.
|
|
ok beck kettenis, earlier versions jmc
|
|
shared argument. This fixes a race condition where a message could overwrite
rtkep->msg of a previously scheduled task resulting in a refcounting error later
on causing the screen to stay dark after waking up from suspend.
ok kettenis@
|
|
|
|
|
|
Instead rename the **ext in this file to **out_ext, freeing up ext in
X509_EXTENSION_create_by_OBJ()
Appeases some jsing grumbling on review
|
|
x -> out_ext, sk -> exts
requested by jsing on review
|
|
requested by jsing on review
|
|
This is a silly API, but there are worse.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
Only trigger a duplicate error if a valid filepath is revisted. It is
possible that a bad CA references somebody else's files and if that
happens first it would block the valid access.
To make this work, pass the ok flag to filepath_add() and only set the
talmask bit if the file was ok. Since we need to do the duplicate check
before processing the entity introduce filepath_valid() which checks
if the path is in the tree and has its talmask bit set.
In repo_move_valid() handle conflicts more gracefully. When both a valid
and temporary file are present assume that one of the files was never ok
(talmask == 0) and silently remove that file from the filepath tree.
OK tb@
|
|
Remove unnecessary ret parameter and freeing of obj (which looks like
a double free or freeing of unallocated memory but actually isn't due
to various magic flags). Also make this const correct.
ok jsing
|
|
The places in packet processing where ip_forwarding is evaluated
have been consolidated. The remaining pieces in pf test, ip input,
and icmp input do not need consistent information. If the integer
value is changed by another CPU, it is harmless.
The sysctl syscall sets the value atomically, so add atomic read
in network processing and remove the net lock in sysctl IPCTL_FORWARDING.
OK claudio@ mvs@
|
|
This is another brilliancy straight out of muppet labs. Overeager and
misguided sprinkling of NULL checks, going through the trademark poor
code review, made this have semantics not matching what almost every
other function with this signature would be doing in OpenSSL land.
This is a long standing mistake we can't fix without introducing
portability traps, but at least annotate it. Simplify the elaborate
dance steps and make this resemble actual code.
ok jsing
|
|
We need to pass this to filepath_add so lets use a better name.
OK tb@
|
|
Drop unnecessary checks that are part of the stack API.
ok jsing
|
|
Plus, replace a manual check with a call to X509_EXTENSION_get_critical().
ok jsing
|
|
Like most of its siblings, this function can be simplified significantly
by making proper use of the API that is being built. Drop unnecessary NULL
checks and other weirdness and add some const correctness.
ok jsing
|
|
Based on a diff from Hector Martin for Asahi Linux.
ok patrick@, tobhe@
|
|
|
|
This was noticed by syzkiller and analyzed in isolaiton by mbuhl@
and visa@ two years ago. As the kernel has become more unlocked it
has started to appear more and was being hit regularly by jsing@
on the Go builder.
The problem was during reclaim of a inode the corresponding vnode
could be picked up by a vget() by another thread while the inode
was being cleared out in the ufs_inactive routine and the thread running
ufs_inactive slept for i/o. When raced the vnode would then not have
zero use count and would not be cleared out on exit from ufs_inactive
with a dead/invalid vnode being used.
While this could get "fixed" by checking for the race happening
and trying again in the inactive routine, or by adding "yet another
visible vnode locking flag" we choose to add a vdoom() api for the
moment that allows the caller to block future attempts to grab this
vnode until it is cleared out fully with vclean.
Teste by jsing@ on the Go builder and seems to solve the issue.
ok kettenis@, claudio@
|
|
|
|
remove the re-arming in the handler. Better than using siginterrupt(),
and avoids the errno saving requirement in the handler also.
ok guenther millert
|
|
different asm stanzas to produce strong aliases.
This unbreaks libssl on hppa after the recent switch to LIBRESSL_NAMESPACE.
|
|
From Alex Deucher
1ba66b121100862fc208848264821a788a79317f in linux-6.6.y/6.6.39
05d9e24ddb15160164ba6e917a88c00907dc2434 in mainline linux
|
|
From John Schoenick
33de7c47a19ab1165ee2404f197de4f7e4848f23 in linux-6.6.y/6.6.39
26746ed40bb0e4ebe2b2bd61c04eaaa54e263c14 in mainline linux
|
|
From Alex Deucher
004b7fe6ca8c709e8431b400c3082040b80e59cf in linux-6.6.y/6.6.39
d0417264437a8fa05f894cabba5a26715b32d78e in mainline linux
|
