| Age | Commit message (Collapse) | Author |
|---|
|
Socket splicing belongs to sockets buffers. udp(4) sockets are fully
switched to fine-grained buffers locks, so use them instead of exclusive
solock().
Always schedule somove() thread to run as we do for tcp(4) case. This
brings delay to packet processing, but it is comparable wit non splicing
case where soreceive() threads are always scheduled.
So, now spliced udp(4) sockets rely on sb_lock() of `so_rcv' buffer
together with `sb_mtx' mutexes of both buffers. Shared solock() only
required around pru_send() call, so the most of somove() thread runs
simultaneously with network stack.
Also document 'sosplice' structure locking.
Feedback, tests and OK from bluhm.
|
|
reported by Peter J. Philipp
|
|
erroneously rejected as malformed.
ok chrisz@
|
|
For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.
Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).
ok tb@
|
|
Variable ip and ip6 sendredirects is only read once during packet
processing. Use atomic_load_int() to access the value in exactly
one read instruction. No memory barriers needed as there is no
correlation with other values.
Sort the ip and ip6 checks, so the difference is easier to see.
Move access to global variable to the end.
OK mvs@
|
|
OK mvs@
|
|
OK deraadt@
|
|
|
|
|
|
SSL_SESSION has a 'ciphers' member which contains a list of ciphers
that were advertised by the client. Move this from SSL_SESSION to
SSL_HANDSHAKE and rename it to match reality.
ok tb@
|
|
|
|
ok millert@
|
|
is not found.
|
|
|
|
|
|
POSIX says this is implementation-dependent; OpenBSD does not allow
it. OK guenther@
|
|
from markus@
|
|
|
|
original diff from markus
ok tobhe
|
|
|
|
md5 also in other places instead libc md5.
ok millert
|
|
|
|
|
|
Use warn()/err() instead of sed's homegrown warning()/error() for
things other than parser problems. The warning()/error() functions
display the file and line number in addition to the error message.
This also removes of the COMPILE/FATAL argument to error() since
now all calls to error() are for compilation/parsing issues.
OK op@ espie@
|
|
ok millert
|
|
|
|
sysclt(2) and ID register access emulation can share the variables.
ok jca@
|
|
Turns out this is already linked statically.
|
|
|
|
|
|
been waited for. If you SIG_IGN SIGCHLD or don't call any of the wait
functions then RUSAGE_CHILDREN wont report anything.
OK deraadt@ millert@
|
|
|
|
|
|
spotted by deraadt
|
|
|
|
modules. Also, don't assume the authenticator of the packet from the
module that has no secret is valid.
|
|
|
|
Remove "\027XX" (old systrace flag) and "\035SOFTDEP".
OK jsg@
|
|
|
|
Previously, sed would fail silently if it was unable to move the
temporary file into place. Also allow "sed -i" on symbolic link--the
link will be broken but this matches GNU sed behavior. From espie@
OK op@
|
|
|
|
The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1
ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0
and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite
table and remove the various defines/macros/code that existed to handle
the upgrade.
ok tb@
|
|
|
|
|
|
on platforms using gcc.
|
|
the hup flag before and after that call, when the buffer structures are stable
for write_file() to work. Remove the hup handling from the SPL0() macro,
because this is run in at least one place during structure instability.
The SIGINT handler, which uses siglongjmp(), is also trusting the SPL1/SPL0
dance more than it should.
ok millert
|
|
from and tested by Brendan Shanks
|
|
This would have prevented the PKCS12 oopsie.
|
|
This tries to copy some microsoft attributes which are not usually present
and chokes on the now disabled EVP_PKEY_*attr* API. Instead of reviving
about four layers of traps and indirection, just inline the two functions
in a way that should be more obvious.
found by anton via the ruby-openssl tests
ok jsing
|
|
ok patrick@
|
