| Age | Commit message (Collapse) | Author |
|---|
|
comparison is undefined.
|
|
We don't built log.c on the ramdisk so no need for ifndef small.
|
|
pointed out by tb
|
|
- include stdlib.h for exit(3)
- knf fixes
- define log_getverbose as (0) instead of 0
input & OK tb
|
|
ok anton florian
|
|
Don't ask the kernel to translate an if_index to a name if we are not
running with verbose logging, it's not free.
|
|
ok tobhe
|
|
(sent to tech@).
|
|
|
|
|
|
|
|
Authorization Extensions"(DAE) are supported.
feedback markus stu
ok tobhe
|
|
|
|
So far dhcp6leased(8) has been completely silent.
Prodding by Brian Conway.
|
|
While here, do not claim we have a ::/0 lease, it confuses the parser.
|
|
|
|
No STATUS_CODE option from the server means "success", but we are now
using stack garbage, which is usually not "success".
|
|
If we are in state "renewing" and the DHCPv6 server returns an
unsuccessful status go to "rebinding", i.e. ask any DHCPv6 server for
a lease not just the one we got the lease from.
This likely fixes a problem reported by Brian Conway where the ISP
returned "NoBinding - Prefix not bound to this interface." for a renew.
dhcp6leased recovered once T1 expired and we went to "rebinding" after
some time.
|
|
|
|
Lots of head scratching and help from the hackroom ensued because of a
inconveniently placed \r that truncated a string and placed garbage at
a weird place.
|
|
When the DHCPv6 server renumbers and hands us new delegations we have
to deconfigure the old prefixes. To prevent situations where we have
no IPv6 at all, first configure the new prefixes and then remove the
old prefixes.
|
|
Servers indicate unusable prefixes with vltime 0 when we are in
state reboot and probably hand us new, valid prefixes.
In IPv4 dhcp we would receive a NACK instead...
|
|
|
|
from netbsd -r1.46/pgoyette
|
|
the port number.
ok florian tobhe
|
|
ok deraadt@
|
|
always-running-in-background dhcpleased(8) for a while, which is
activated per-interface with "ifconfig $if autoconf', or
"ifconfig $if inet autoconf", or with "inet autoconf" in /etc/hostname.$if
dhclient(8) has done execve(3) of ifconfig(8) to handle this for a while,
so everyone has moved to the dhcpleased(8) method
ok florian
|
|
Problem reported by Kirill A. Korinsky
OK kn
|
|
Since the latest libunbound update the frontend process would segfault
about once a day on one of my MX servers with what looks like a
use-after-free deep inside of libunbound.
Maybe we are poking too much at internals and the shared cache is too
much of a hack. #ifdef for now to ease investigation, but it is
possible that this code just has to go.
|
|
|
|
OK deraadt
|
|
Missing feature reported by, testing & OK semarie
|
|
No extension in a valid certificate appears more than once per RFC 5280
section 4.2. So don't go walking the extension stack and try to inspect
multiple subject alternative names because crappy OpenSSL API encourages
you to do so. Instead call the API in the only correct way possible and
report multiple SANs in log_info(). This is unlikely to be hit since the
extension caching in LibreSSL has rejected repeated OIDs in a cert for a
long time.
ok tobhe
|
|
heavy lifting by sthen
|
|
Add IFCAP_VLAN_HWOFFLOAD to signal hardware like vio(4) can handle
checksum or TSO offloading with inline VLAN tags.
tested by Mark Patruck, sf@ and bluhm@
ok sf@ and bluhm@
|
|
|
|
For example, these are now valid, too:
request prefix delegation on vio1 for vether4/64
request prefix delegation on vio1 for { vether5 vether6/64 }
Reminded by Tim Kuijsten
|
|
|
|
This makes it easier to extend in the future.
|
|
|
|
|
|
|
|
If we got a prefix delegation for some IA but not others use the
prefix lenght from the configuration for the ones we did not get a
prefix delegation.
|
|
I was under the impression that an IAID of 0 is special, but that's
not true. Letting IAID start at zero makes array indexing easier and
avoids an out of bounds access pointed out by dhill.
While here, do not trust IAID received via imsg but do our own
accounting.
|
|
|
|
|
|
|
|
|
|
|
|
OK deraadt
|
