| Age | Commit message (Collapse) | Author |
|---|
|
ok deraadt
|
|
|
|
|
|
Also clarify various constructs by using commonly understood names like
'expr' and 'vargs'.
|
|
the user to 'rpki-client user' and the homedir to /nonexistent since it is
not required for operation of rpki-client.
OK deraadt@
|
|
|
|
Morocco springs forward on 2020-05-31, not 2020-05-24.
Canada's Yukon advanced to -07 year-round on 2020-03-08.
America/Nuuk renamed from America/Godthab.
|
|
feedback and OK espie@, and OK jmc@ on an earlier version
|
|
add an example of toggling a switch as suggested by ratchov@,
and simplify and clarify the wording in the EXAMPLES section.
OK ratchov@
|
|
disagrees with the section number given in the .Dt or .TH macro;
feature suggested and patch tested by jmc@
|
|
ok millert@
|
|
Fixes possible crashes if the contol device fails, while the audio
device continues to work.
|
|
|
|
|
|
The tzcode package marked it dprecated in the late 1980ies
but it is universally supported and here to stay.
Triggered by a question from Rodrigo <hruodr at gmail dot com> on misc@.
William Ahern <william at 25thandclement dot com> listed a number of
sound arguments why it shouldn't be considered deprecated, in
particular that there is no better alternative, in particular none
that is thread-safe.
While here, fix the non-standard section name "NOTES", add the
missing STANDARDS section and provide additional information in the
HISTORY section, based on inspection of C89, C11, POSIX 2008, UNIX
v4 and v5 at TUHS, Tahoe and Reno at the CSRG archives, amd the
SunOS 3.5 and 4.0 manuals on bitsavers.
Reasearch on tzcode and SunOS history done by millert@.
OK millert@ on an earlier version of this patch,
and deraadt@ agrees with the general direction.
|
|
|
|
Actual gpio support (possibly including gpio(4) support) will come later.
ok jsg@
|
|
Tested by Hrvoje Popovski.
|
|
CID 1492713
OK deraadt@ jmatthew@
|
|
from jjelen at redhat.com.
|
|
in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com,
ok djm@
|
|
ok kettenis@
|
|
ok kettenis@
|
|
while here, combine two Ar lines into one;
|
|
|
|
|
|
It can be configured per policy with the new 'rdomain' option
(see iked.conf(5)).
Only the unencrypted (inner) rdomain has to be configured, the
encrypted rdomain is always the one the responsible iked instance
is running in.
The configured rdomain must exist before iked activates the IPsec SAs,
otherwise pfkey will return an error.
ok markus@, patrick@
|
|
ok markus@, patrick@
|
|
|
|
bindings still hasn't resulted in an upstream commit in Linux,
accept the ext_osc attribute if ext_osc exists without a value,
or if it has a value greater zero. This improves compatibility
with various device trees.
|
|
encryption or decryption. This allows us to keep plaintext and encrypted
network traffic seperated and reduces the attack surface for network
sidechannel attacks.
The only way to reach the inner rdomain from outside is by successful
decryption and integrity verification through the responsible Security
Association (SA).
The only way for internal traffic to get out is getting encrypted and
moved through the outgoing SA.
Multiple plaintext rdomains can share the same encrypted rdomain while
the unencrypted packets are still kept seperate.
The encrypted and unencrypted rdomains can have different default routes.
The rdomains can be configured with the new SADB_X_EXT_RDOMAIN pfkey
extension. Each SA (tdb) gets a new attribute 'tdb_rdomain_post'.
If this differs from 'tdb_rdomain' then the packet is moved to
'tdb_rdomain_post' afer IPsec processing.
Flows and outgoing IPsec SAs are installed in the plaintext rdomain,
incoming IPsec SAs are installed in the encrypted rdomain.
IPCOMP SAs are always installed in the plaintext rdomain.
They can be viewed with 'route -T X exec ipsecctl -sa' where X is the
rdomain ID.
As the kernel does not create encX devices automatically when creating
rdomains they have to be added by hand with ifconfig for IPsec to work
in non-default rdomains.
discussed with chris@ and kn@
ok markus@, patrick@
|
|
This is useful to know which CPU recorded a given event.
While here document 'retval' and comment out 'ustack' until we have a
way to capture userland stacks.
|
|
|
|
no more need for separate v4/v6 groups. ok claudio@
|
|
|
|
an IPv4 and IPv6 local-address on a group and the neighbors bind to the
right local-address. Also implement 'no local-address' to reset a previously
set local address back to zero. This should help with IBGP and multihop
session config and hopefully reduce repetition in bgpd configs.
OK sthen@ benno@
|
|
the classless-[ms-]static-routes options in dhcpd.conf.
Brings dhcpd.conf CIDR parsing in line with dhclient.conf,
dhcp-options(5) and the command lines of various utilities.
Inconsistency noted and fix tested by Freda Bundchen. Thanks!
|
|
the i.MX8MQ variant and sit in the same places.
|
|
Keys are still strings representing the output value.
The following example is now possible to count the number of "on CPU"
events ordered by thread ID and executable name:
# btrace -e 'tracepoint:sched:on__cpu { @[tid, comm] = count() }'
^C
@[138836, idle0]: 830941
@[161307, sshd]: 716476
@[482901, softnet]: 582008
@[104443, systqmp]: 405749
@[269230, update]: 396133
@[326533, softclock]: 316926
@[61040, sshd]: 177201
@[453567, reaper]: 119676
@[446052, ksh]: 85675
@[26270, syslogd]: 66625
@[504699, sshd]: 52958
@[446052, sshd]: 32207
@[44046, tset]: 13333
@[162960, zerothread]: 101
@[313046, ntpd]: 1
|
|
joint work with jmc, thanks
|
|
ok job@
|
|
From Jack Zhang
044a884072b4313554d910b792f46c3e1f0099a5 in linux 4.19.y/4.19.118
3148a6a0ef3cf93570f30a477292768f7eb5d3c3 in mainline linux
|
|
change flags used to detect a feature.
|
|
|
|
Prompted by a question from schwarze@
ok deraadt@, schwarze@, visa@
|
|
ok and tweaks jmc
|
|
adding formats onto the queue item.
|
|
ok jsg kettenis, testing by kmos also
|
|
patch from Raf Czlonka <rczlonka at gmail dot com>
|
|
|
