| Age | Commit message (Collapse) | Author |
|---|
|
everywhere.
OK benno@
|
|
ok markus@
|
|
PR#250, ok jmc@
|
|
initial sizes were from arm64
|
|
initial sizes were from arm64
|
|
Previously sshd's SIGCHLD handler would wake up select() by writing a
byte to notify_pipe. We can remove this by blocking SIGCHLD, checking
for child terminations then passing the original signal mask through
to pselect. This ensures that the pselect will immediately wake up if
a child terminates between wait()ing on them and the pselect.
In -portable, for platforms that do not have pselect the kludge is still
there but is hidden behind a pselect interface.
Based on other changes for bz#2158, ok djm@
|
|
|
|
defines because we need it now
from https://reviews.llvm.org/D91784
ok mlarkin kettenis
|
|
The pointer `itp' doesn't serve any purpose here, remove it.
Since we're changing these lines, we may as well rename `it' to `itv'
to match the existing `oitv'.
Thread: https://marc.info/?l=openbsd-tech&m=162380665115598&w=2
ok millert@
|
|
ok hackroom
tested by plenty
|
|
licence mere mortals can understand the terms of); will be connected to the
build on an arch-by-arch basis.
Testsuites and generated files have been intentionnaly omitted from this import.
Peer pressure and ok from at least drahn@ pirofti@ deraadt@
|
|
remove -DSEEALSO, as suggested by millert
ok millert
|
|
|
|
MEV - Minden-Tahoe airport, Minden, Nevada, USA
CXP - Carson airport, Carson City, Nevada, USA
TKF - Truckee Tahoe airport, California, USA
I have landed at all three.
|
|
ok deraadt@ drahn@
|
|
switch statement. This way common code is referenced only once.
OK sthen@
|
|
are processed in the Adj-RIB-Out this is no longer needed since the passed
in pointer is still referenced and is not allowed to be freed.
Adjust the mrt code similar to how up_generate_attr() uses aspath_deflate().
OK sthen@
|
|
ok patrick@
|
|
because it included two extra bytes (copy-paste error from graceful restart).
|
|
return early for simple conditions instead of using navigating inside
if-branches.
with and ok claudio@
|
|
ok jsg drahn
|
|
|
|
count on it being observable in the normal program flow after the signal
handler returns. Such code would break code that sets errno to 0 and
looks at its value later. With the recent futex(2) changes this particular
aspect of the test no longer passed.
ok deraadt@, bluhm@
|
|
is easier to spot misconfiguration or wrong behaviour where NULL is
used as address. Right now that page is not part of the IOVA at all,
so when we reserve regions, like PCI I/O space, which can cover that
page as well, extent(9) will panic. Instead, include it in the IOVA
but reserve it right away. This way that page can be reserved twice.
|
|
and Readline.
feedback and okay afresh1@
|
|
|
|
|
|
ok deraadt@
|
|
ok deraadt@
|
|
Timeout callback functions are of type void (*)(void *).
adb_cuda_tickle() needs a void pointer for a first parameter.
ok mpi@
|
|
place the wrong index is used resulting in re-evaluating all unveil nodes.
Also loop over over all but the last (just added vnode) -- again there is
no need to re-evaluate the cover of the just added unveil.
OK anton@ semarie@
|
|
ok deraadt@
|
|
Tweak man page.
|
|
printing for route flags.
ok markus@
|
|
ok markus@
|
|
BEGIN and END use a fake dt(4) event, so in order to use the nsecs
var or time() it needs a timespec set. Init for BEGIN and update
at END.
ok mpi@
|
|
was removed in t1_lib.c r1.141.
|
|
before this, things that iterated over the global list of pf states
had to take the net, pf, or pf state locks. in particular, the
ioctls that dump the state table took the net and pf state locks
before iterating over the states and using copyout to export them
to userland. when we tried replacing the use rwlocks with mutexes
under the pf locks, this blew up because you can't sleep when holding
a mutex and there's a sleeping lock used inside copyout.
this diff introduces two locks around the global state list: a mutex
that protects the head and tail of the list, and an rwlock that
protects the links between elements in the list. inserts on the
state list only occur during packet handling and can be done by
taking the mutex and putting the state on the tail before releasing
the mutex. iterating over states is only done from thread/process
contexts, so we can take a read lock, then the mutex to get a
snapshot of the head and tail pointers, and then keep the read lock
to iterate between the head and tail points. because it's a read
lock we can then take other sleeping locks (eg, the one inside
copyout) without (further) gymnastics. the pf state purge code takes
the rwlock exclusively and the mutex to remove elements from the
list.
this allows the ioctls and purge code to loop over the list
concurrently and largely without blocking the creation of states
when pf is processing packets.
pfsync also iterates over the state list when doing bulk sends,
which the state purge code needs to be careful around.
ok sashan@
|
|
|
|
pfsync_undefer_notify uses the state keys to look up the address
family, which is used to figure out if it should call ipv4 or ipv6
functions. however, the pf state purge code can unlink a state from
the trees (ie, the state keys get removed) while the pfsync defer
code is holding a reference to it and expects to be able to send
the deferred packet in the future. we can test if the state keys
are set by checking if the timeout state is PFTM_UNLINK or not.
this currently relies on both pf_remove_state and pfsync_undefer_notify
being called with the NET_LOCK held. this probably needs to be
rethought later but is good enough for now.
found the hard way on a production firewall at work.
|
|
im going to make it so pf_purge_expired_states() can gather states
largely without sharing a lock with pfsync or actual packet processing
in pf. if pf or pfsync unlink a state while pf_purge_expired_states
is looking at it, we can race with some checks and fall over a
KASSERT.
i'm fixing this by having the caller of pf_state_expires read
state->timeout first, do it's checks, and then pass the value as
an argument into pf_state_expires. this means there's a consistent
view of the state->timeout variable across all the checks that
pf_purge_expired_states in particular does. if pf/pfsync does change
the timeout while pf_purge_expired_states is looking at it, the
worst thing that happens is that it doesn't get picked as a candidate
for purging in this pass and will have to wait for the next sweep.
ok sashan@ as part of a bigger diff
|
|
pieces by jmc, pieces by me
|
|
i reformatted it to match 80w, and removed two functions that
had been used to populate usage: getdistoptlist and msgprusage;
ok millert
|
|
ok millert
|
|
ok millert
|
|
ok millert
|
|
|
|
from jmc, ok kn
|
|
This way early calls to err(), failed() and usage() show "reset"
instead of "tset" if the program was invoked as reset(1).
Issue noted by jmc
ok kn
|
|
tls_config_set_*_file(3) do not just set the file paths like
tls_config_set_*_path(3) do, they do load the given file(s) into memory
directly using tls_config_load_file().
This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least wrt. those files), which is relevant when
for example pleding without "[rwc]path" after loading files into memory and
before doing tls_connect(3).
The manual's current wording made me use the following due to above way of
pledging a program:
tls_load_file()
tls_config_set_ca_mem()
tls_unload_file()
While in fact a single tls_config_set_ca_file() call does the same.
tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual
as noted by tb, thanks.
Feedback OK tb
|
