Age | Commit message (Collapse) | Author |
|
Instead, use a tagged list and the canonical .Ic macro
as it is natural for such purposes.
While here, also delete heaps of needless escaping.
|
|
that a new one will be installed (i.e., base*.tgz was selected).
'makes sense' deraadt
|
|
with the OID for SM2 signing with SM3.
From Daniel Wyatt
|
|
head argument of *, \-, or \(bu as <ul> rather than as <dl>,
using a bit of heuristics.
Basic idea suggested by Dagfinn Ilmari Mannsaker <ilmari at github>
in https://github.com/Debian/debiman/issues/67 and independently by
<Pali dot Rohar at gmail dot com> on <discuss at mandoc dot bsd dot lv>.
|
|
breaks config reload.
We cannot simply unveil the config file since it might appear after startup
and the config file syntax allows to include other files.
This is a problem with all the other parse.y based privsep'ed daemons
as well.
pledge("rpath") has to be enough for now.
|
|
ok mlarkin@
|
|
of such devices can exhaust the kernel stack due to wsmux_do_open() being
recursive. While here, serialize the operation of stacking a wsmux device.
Joint effort with and ok visa@
|
|
imsg.hdr.len to shorten and simplify code.
correction and OK florian@
|
|
imsg.hdr.len to shorten and simplify code.
OK florian@
|
|
we know that the last non-link TRB has been written and we can look at
the flags to set the chain bit in the link TRB. Since we will now toggle
the cycle bit on the first TRB of a ring, set it on the ring reset.
Tested by jcs@, jsg@ and visa@
"commit it" jcs@
|
|
|
|
ld(1) would try to free uninitialized memory when used with -r -b binary
<fontfile> by ports/textproc/mupdf. Perform the same bfd type check
as bfd_elf_match_symbols_in_sections(). Fix found the hard way,
cheese and wine sponsor: miod. Almost identical fix already present
upstream.
Also set the freed pointer to NULL, just in case.
ok tb@ sthen@
|
|
tweak and OK millert@
|
|
|
|
a call to the flawed function step_char(-1), using the standard
function mbtowc(3) instead.
Merge in in_ansi_esc_seq(), simplifying the code, and make the
related functions is_ansi_end() and is_ascii_char() static because
they are used in line.c only.
OK nicm@, and no opposition when shown on tech@
|
|
I blatantly missed the argc/argv adjustments after getopt(3), resulting in
valid commands like `vmctl create a -s 1G' to fail.
Noticed by ajacoutot the hard way.
OK ajacoutot jca
|
|
as recommended for accessibility by the HTML 5 standard.
Triggered by a similar, but slightly different suggestion
from Laura Morales <lauretas at mail dot com>.
|
|
OK mlarkin
|
|
em had rxr, but didn't use a timeout cos it claimed to generate an
RX overflow interrupt when packets fell off slots in the ring. turns
out that's a lie on at least one chip, so add the timeout like other
drivers.
this was hit by mlarkin@, who had nfs and bufs steal all the packets
and memory for packets from em, which didn't recover after the
memory had been released back to the system.
|
|
call if_rxr_livelocked if ifiq_input says to slow down
|
|
present network to the list of announcements. Until now this leaked non-dynamic
objects on config reload.
Noticed and reported by florian@
Looks good benno@
|
|
Consider the mere presence of HTCAP IEs as indicator of 11n support,
rather than checking advertised Rx MCS. Fixes some devices being
misclassified as 11a/g, causing HT protection to be enabled even
though it is not needed.
Use CTS-to-self frames for HT protection instead of RTS/CTS.
These changes make my athn(4) AR9280 hostap perform much better.
ok phessler@
|
|
ok phessler@
|
|
the obj directory. Previously this was solved by keeping the libunbound
file name (to be able to keep in sync with upstream) and prefixing
the source filename of colliding .o files in unwind with uw_.
However, these files are shared through out our tree (namely parse.y,
log.c and log.h) and we try to keep them in sync.
Move files back to their original name and instead symlink colliding source
files in libunbound to unique filenames by prefixing them with the directory
they live in:
obj/sldns_parse.c -> /usr/src/sbin/unwind/libunbound/sldns/parse.c
obj/util_log.c -> /usr/src/sbin/unwind/libunbound/util/log.c
Idea to use symlinks deraadt@ via jsg@
OK benno
|
|
We now update the chip with values for SIFS interval and ACK/RTS/CTS
timeout when configuration changes occur, like Linux ath9k does.
Tested by myself, juanfra@, jmc@ on AR9280 and AR9271.
|
|
ok pd, kn, deraadt
|
|
|
|
|
|
previously ifiq_input uses the traditional backpressure or defense
mechanism and counts packets to decide when to shed load by dropping.
currently it ends up waiting for 10240 packets to get queued on the
stack before it would decide to drop packets. this may be ok for
some machines, but for a lot this was too much.
this diff reworks how ifiqs measure how busy the stack is by
introducing an ifiq_pressure counter that is incremented when
ifiq_input is called, and cleared when ifiq_process calls the network
stack to process the queue. if ifiq_input is called multiple times
before ifiq_process in a net taskq runs, ifiq_pressure goes up, and
ifiq_input uses a high value to decide the stack is busy and it
should drop.
i was hoping there would be no performance impact from this change,
but hrvoje popovski notes a slight bump in forwarding performance.
my own testing shows that the ifiq input list length grows to a
fraction of the 10240 it used to get to, which means the maximum
burst of packets through the stack is smoothed out a bit. instead
of big lists of packets followed by big periods of drops, we get
relatively small bursts of packets with smaller gaps where we drop.
the follow-on from this is to make drivers implementing rx ring
moderation to use the return value of ifiq_input to scale the ring
allocation down, allowing the hardware to drop packets so software
doesnt have to.
|
|
messages. Previously it would be difficult to tell which direction
it was talking about
|
|
1. Recently-forked child processes will briefly remain listening to
listen_socks. If the main server sshd process completes its restart
via execv() before these sockets are closed by the child processes
then it can fail to listen at the desired addresses/ports and/or
fail to restart.
2. When a SIGHUP is received, there may be forked child processes that
are awaiting their reexecution state. If the main server sshd
process restarts before passing this state, these child processes
will yield errors and use a fallback path of reading the current
sshd_config from the filesystem rather than use the one that sshd
was started with.
To fix both of these cases, we reuse the startup_pipes that are shared
between the main server sshd and forked children. Previously this was
used solely to implement tracking of pre-auth child processes for
MaxStartups, but this extends the messaging over these pipes to include
a child->parent message that the parent process is safe to restart. This
message is sent from the child after it has completed its preliminaries:
closing listen_socks and receiving its reexec state.
bz#2953, reported by Michal Koutný; ok markus@ dtucker@
|
|
RSA keys only (since we support ECDSA now and might support others in
the future). Inspired by Jakub Jelen via bz#2974
|
|
print PKCS11Provider instead of obsolete SmartcardDevice in config dump.
bz#2974 ok dtucker@
|
|
different fields. Use the background init progress when that's the active
task.
lack of progress data noticed by deraadt@
tested on SAS2208 and SAS3508
ok dlg@
|
|
MAP_CONCEAL'd memory is not written to disk in the event of a core dump.
It may grow other qualities in the future.
Wanted by libressl, probably useful elsewhere, too.
Prompted by deraadt@, concept from deraadt@/kettenis@. With input from
deraadt@, cjeker@, kettenis@, otto@, bcook@, matthew@, guenther@, djm@,
and tedu@.
ok otto@ deraadt@
|
|
passed by pf or cause a panic in pf.
fix from sashan@; OK bluhm@ claudio@
bug found by Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv
|
|
In non-SSL_MODE_ENABLE_PARTIAL_WRITE mode we have to write out all the
things and only return success once all of the data has been sent.
ok inoguchi@ tb@
|
|
If the TLS handshake has not been completed, automatically complete the
handshake as part of the read/write call, implementing the current
SSL_read()/SSL_write() behaviour.
Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT
back up to the caller, since some applications appear to incorrectly call
SSL_read() or SSL_write(), rather than repeating the previous call. This
can lead to attempts to read data that does not exist, since the
WANT_POLLIN was actually triggered as part of the handshake.
ok inoguchi@ tb@
|
|
Set the SSL state to SSL_ST_CONNECT during the TLSv1.3 handshake and to
SSL_ST_OK once the handshake completes, since some applications currently
rely on this information to function correctly.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
ok tb@
|
|
as a single <dl> list rather than opening a new list for each item;
feature suggested by Pali dot Rohar at gmail dot com.
|
|
on behalf of gilles@
|
|
mpe doesnt need ether as a depend while im here.
|
|
ok claudio@
|
|
This is basically mpw(4), but it carries IP directly instead of
Ethernet. On the wire it can look the same as what IP over MPLS
looks like, but because it is a pseudowire you can configure a
control word or the FAT label to improve load balancing. It can
be used to quickly set up an IP tunnel over an MPLS fabric
without the need to configure bgpd and mpe(4) interfaces.
Because It implements the same pwe3 ioctls that mpw(4) uses ifconfig
already supports configuration of mpip(4) interfaces. ldpd will
grow support for this in the near future.
This is not hooked up to the build yet
discussed with claduio@ at ak219
ok claudio@
|
|
redirected to /dev/null; ok djm@
|
|
rather than always using RTS for HT protection.
|
|
|
|
helped us on a loaded hackathon wifi network. In 11n mode we are now
using a heuristic for this. Disable RTS threshold for all other modes
again because it can do more harm than good in many situations.
This change may increase Tx throughput in 11a/g modes, though results depend
on the driver. Some drivers, e.g. urtwn(4), keep using RTS regardless for
unknown reasons and may need to be fixed separately. And we will keep using
RTS if the AP enables 11g protection while 11b clients are around.
|