| Age | Commit message (Collapse) | Author |
|---|
|
charge level in newer SMC firmware.
ok tobhe@
|
|
Alexander Arch .
|
|
this is like the -t command line option on iked itself, but you get
to keep the ike listener on port 500 and you can enable this on
specific policies instead of all of them.
this is useful if you're dealing with an org that can't firewall
ESP traffic well and so you need to force the traffic to be udp
encapsulated even if there's no NAT involved.
ok markus@ tobhe@
|
|
If we are downloading as non-root, we can't drop privileges using ftp,
but sometimes that is OK.
While here, improve the DOWNLOAD_ONLY variable name.
|
|
Previously, if using fw_update -Fp ..., the argument to -p was
treated as a destination path, unless it looked like a URL.
This is too complex, if we want to be able to change the download
destination, that wll need to be a new option.
|
|
|
|
if a sleep is interrupted but the thread is also stopped that on a wakeup
the thread runs again.
OK mpi@
|
|
So... zap the now redundant check. Should have been committed along with
ec_lib.c -r1.77
|
|
Some network interfaces, like lo(4) or vio(4), set the M_UDP_CSUM_OUT
flag on incoming packets. For optimization they produce packets
with M_UDP_CSUM_IN_OK, but the actual checksum field in the packet
is wrong. If such a packet is forwarded, the checksum must be
calculated. So they also set M_UDP_CSUM_OUT.
For protocols tunneled in UDP, udp_input() removes the header, but
the mbuf flags stay. This means later processing of the packet may
insert an UDP checksum, although it is not UDP anymore. This has
been observed when forwarding ping packets between two vxlan(4)
interfaces. Then an UDP checksum was inserted into the ICMP packet.
Clearing the M_UDP_CSUM_OUT flag when the UDP header is stripped,
fixes the problem.
OK mvs@
|
|
Since we only consider standard affine coordinates, the point at infinity
must be excluded. Check at the API boundary that the point isn't the point
at infinity rather than hiding this check somewhere in a method.
ok jsing
|
|
|
|
|
|
|
|
ok miod@
|
|
While here move the code to release swap resources outside of the pageq
mutex and shuffle some locking dances to reduce differences with NetBSD.
ok miod@
|
|
|
|
ok jmatthew, who spotted that similar changes needed for iavf (and
its entry in pci.4)
|
|
|
|
|
|
From Jonas 'Sortie' Termansen
|
|
Also talk about thread rather than proc which might be confusing.
|
|
Get rid of the per-ringbuffer mutex. Use a variable to prevent against
recursion. Allow to process more events in the same timeframe.
From Christian Ludwig.
|
|
since the addition of that class
ok deraadt@
|
|
|
|
|
|
The reason these were in separate files was FIPS. Not our problem.
|
|
|
|
|
|
This type has been opaque for a while, and nobody should be able to call
this function with id != NULL. If they do, we want to know and it should
be noisy.
suggested by/ok jsing
|
|
It is helpful for network operators, publication point operators, and CA
operators to have more insight into whether the RP noticed an issuance
gap between two versions of a given manifest.
* high number of gaps all the time might be an indication the RP is not
refreshing often enough
* the CA is trying to issue manifests more than once a second
* the RFC 8181 publication server's ingress API endpoint has issues
* the RFC 8181 publication client has trouble reaching the server
* the CA's private keys (RPKI + BPKI) are used on a second (cloned) system
* the CA's issuance database is broken
Correlation opportunity: detection of a gap means some of the CA's
intermediate states were occluded from the RP; the RP operator might
want to correlate this to traffic shifts in BGP or publication point
reachability issues.
Going forward, emit a warning per manifest, adds metrics to the
openmetrics output, and displays a summary at the end of the run about
issuance gaps.
OK tb@
|
|
ok miod@
|
|
Prevent a race where the mapped object is being truncated while we are spinning
to unwire it.
Reported-by: syzbot+189cd03d088cddbee591@syzkaller.appspotmail.com
Adapted from NetBSD r1.207, ok miod@
|
|
It is valid to fault on wired mappings if the object was truncated then grown
again.
Adapted from NetBSD r1.207, ok miod@
|
|
duplicated code with no benefit.
ok mpi@ miod@ deraadt@
|
|
The IANA IPv6 Global Unicast Address Assignments registry has been
updated to reflect the allocation of the following block to APNIC:
2410::/12 APNIC 2024-11-01
the registry is at:
https://www.iana.org/assignments/ipv6-unicast-address-assignments/
OK sthen@
|
|
assembly files (which are compiled with this define).
|
|
The biggest change here is that the computation is now performed in the
Montgomery domain if we have a Montgomery curve. This avoids constant
checking whether need to use plain field operations or whether we can
use curve-specific ones.
Use a few better variable names and stop attempting to figure out whether
the operation failed due to an error in BN_mod_sqrt() or a bad point. All
in all this only shaves off 10 lines, but it is astounding what a few tweaks
can do to code that looked like Rome in 455 AD.
with/ok jsing
|
|
After we ripped it out of RSA blinding and finally the error stack, it
can go play in the attic with ENGINE and all the other abominations from
this particular keyboard.
ok jsing
|
|
This is another Thorpian obfuscation scheme hiding nasty casts of
pthread_t to unsigned long and comparing them. We can do this in
a less underhanded way by calling the portable functions directly.
ok jsing
|
|
ok miod@
|
|
Reduce accesses to global counters.
ok jsg@
|
|
|
|
|
|
|
|
and X540. The driver was originally written by Intel and released as
ixv driver version 1.5.32 and ported to OpenBSD by Yuichiro NAITO,
naito.yuichiro at gmail.com. tested by henson at acm.org and many
others.
ok jmatthew
|
|
ok jsg@
|
|
|
|
|
|
|
|
Clean up the other includes while there.
|
