summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-09-11Document rtref(9).Martin Pieuchot
2015-09-11Rewrite in6_selectroute() to no longer return an ifp.Martin Pieuchot
The returned "struct rtentry" is either the cached one or the one passed in options. ok claudio@
2015-09-11make srp use refcnts so it can use refcnt_finalize instead ofDavid Gwynne
sleep_setup/sleep_finish.
2015-09-11avoid gratuitious use of the low-level .br requestIngo Schwarze
2015-09-11if_put() after if_get for ip_output. This became suddenly super trivial.Claudio Jeker
OK dlg@
2015-09-11use refcnts for the device reference counts as an example of howDavid Gwynne
refcnt(9) can be used.
2015-09-11introduce a wrapper around reference counts called refcnt.David Gwynne
its basically atomic inc/dec, but it includes magical sleep code in refcnt_finalise that is better written once than many times. refcnt_finalise sleeps until all references are released and does so with sleep_setup and sleep_finalize, which is fairly subtle. putting this in now so i we can get on with work in the stack, a proper discussion about visibility and how available intrinsics should be in the kernel can happen after next week. with help from guenther@ ok guenther@ deraadt@ mpi@
2015-09-11Since immediate_abort is modified by a signal handler it must beTodd C. Miller
volatile sig_atomic_t.
2015-09-11the parser doesn't accept "inet" here; pointed out by Denis Fondras on miscStuart Henderson
2015-09-11delete bogus escaping from ellipsis to forestall cargo cult effectsIngo Schwarze
2015-09-11There is no need to do the route lookups twice just because of IPSec.Claudio Jeker
Merge the two blocks into one that is executed before the IPSec tdb lookup. OK mpi@ which had a sent out a similar diff around 3 years ago.
2015-09-11Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of aJoel Sing
ssl3_ prefix. ok beck@
2015-09-11fix unchecked mallocs - coverity 130454 and 130455Bob Beck
ok jsing@
2015-09-11Merge the remnants of s3_enc.c into t1_enc.c.Joel Sing
ok beck@
2015-09-11Hoist all the GPT header checks into gpt_chk_header(). Tweak remainingKenneth R Westerback
logic a bit so that an invalid primary header/partition entries table does not cause readgptlabel() to exit before the secondary header is tried.
2015-09-11Build actual boot code with -D_STANDALONE so that we do not include userlandMiod Vallat
headers by mistake.
2015-09-11Nuke ssl_set_peer_cert_type().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl_bad_method().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_default_timeout().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl_replace_hash().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_cbc_remove_padding().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_alert_code().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().Joel Sing
We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
2015-09-11Nuke ssl3_final_finish_mac().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_change_cipher_state().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_generate_master_secret().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_setup_key_block() and ssl3_generate_key_block().Joel Sing
ok "flensing knife"
2015-09-11Introduce rtref(9) use it in rtable_lookup() before returning a routeMartin Pieuchot
entry. ok bluhm@, claudio@
2015-09-11Nuke n_ssl3_mac().Joel Sing
ok "flensing knife"
2015-09-11Nuke ssl3_enc().Joel Sing
ok "flensing knife"
2015-09-11Nuke SSLv3_enc_data.Joel Sing
ok "flensing knife"
2015-09-11Shuffle the code in ssl3_send_finished() to make it more logical/readable.Joel Sing
ok beck@
2015-09-11Replace dtls1_send_finished() with ssl3_send_finished() - they're nowJoel Sing
both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
2015-09-11style(9), fix comments, wrap long lines and tweak whitespace.Joel Sing
2015-09-11syncTheo de Raadt
2015-09-11In `ifconfig media` output, stop advertising media with fixed dataStefan Sperling
rates on wireless interfaces. They are not needed by mere mortals. ok phessler miod kettenis deraadt mpi
2015-09-11Convert dtls1_send_finished() and ssl3_send_finished() toJoel Sing
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish(). ok beck@
2015-09-11fter fixing poll(2) semantics in dynamic TCP buffer size update,Alexander Bluhm
making netcat non-blocking and fixing ip6_forward() ICMP6 checksum, this test can be made more aggressive. Delete the path MTU route before sending TCP streams through the pf firewall. This checks that PMTU discovery works with outgoing interface MTU and router MTU. Test IPv4 and IPv6 protocols ICMP echo, UDP, TCP with pf nat-to, rdr-to, af-to, route-to, reply-to. Some af-to cases seem to be broken.
2015-09-11Add PROTO_WRAP() for (almost) all the syscalls that libpthread doesn'tPhilip Guenther
override so that internal calls go direct ok deraadt@
2015-09-11Apply the link state change hook to RTF_LOCAL routes.Martin Pieuchot
Checking for rt_ifp is currently not enough because RTF_LOCAL routes still use a hack introduced in 1991 and have lo0ifp as rt_ifp pointer. So also check for rt_ifa->ifa_ifp in this case. ok claudio@
2015-09-11Convert _TM_ flags to TAME_ flags, collapsing the entire mappingTheo de Raadt
layer because the strings select the right options. Mechanical conversion. ok guenther
2015-09-11rtfree(9) accepts NULL now.Martin Pieuchot
2015-09-11typoTheo de Raadt
2015-09-11When pf modifies a TCP packet, it sets the M_TCP_CSUM_OUT flag inAlexander Bluhm
the mbuf packet header. If the packet and is later dropped in ip6_forward(), the TCP mbuf is copied and passed to icmp6_error(). IPv6 uses m_copym() and M_PREPEND() which preserve the packet header. The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an incorrect checksum. So reset the csum_flags when packets are generated by icmp6_reflect() or icmp6_redirect_output(). IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears the packet header, so the problem does not occur. But setting the csum_flags explicitly also makes sense for icmp_send(). Do not or M_ICMP_CSUM_OUT to a value that is 0 because of some function calls before. OK mpi@ lteo@
2015-09-11Move all prototypes of gpt helper functions to top of file. RenameKenneth R Westerback
get_fstype() to gpt_get_fstype() as it moves.
2015-09-11Bring back the expansion-into-.byte-sequences routines removed in r1.9, butMiod Vallat
only define them if not building for the "openbsd" flavour. This way, non-obfuscated output can still be generated for analysis, by using the "openbsd" flavour (which OpenBSD HEAD will do), and obfuscated output, compatible with older as(1), will be generated for other platforms. The portable version of LibreSSL can then use "openbsd-portable" as the flavour for OpenBSD/amd64 so that generated files can be compiled with OpenBSD 5.7 and other older versions stuck with as(1) 2.15.
2015-09-11When ARIN prepared for the IPv4-pocolypse, they put aside a /10 forPeter Hessler
**smaller than /24 allocations**. Our default ruleset will not allow those, even though they will be for various pieces of critical dual-stack infrastructure to help IPv6-only systems survive. This adds a default rule to allow those blocks. With it, I see the RIPE announced test blocks on our AMS-IX peers. ARIN announced this block and policy at, enjoy https://www.arin.net/announcements/2014/20140130.html OK benno@, claudio@, sthen@, florian@
2015-09-11Shuffle some variables around, add a couple, and eliminate hordesKenneth R Westerback
of repeated lehto32() and lehtoh64() in readgptlabel() to make code more readable.
2015-09-11Put the *method* data structures and functions in the same place.Joel Sing
We can also now nuke ssl23_get_method() since it is the same as tls1_get_method(). And the empty file can bite the dust. ok bcook@ miod@
2015-09-11Pass "openbsd" instead of "openbsd-elf" as the "flavour" to the perl assemblerMiod Vallat
machinery. OpenBSD has never been not ELF on amd64, and changing this will actually make -portable life slightly easier in the near future.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 18:53:24 +0000