| Age | Commit message (Collapse) | Author |
|---|
|
forward queries for certain reverse zones (e.g. RFC1918 space). The
local network might use them and it's the policy of the upstream
nameserver what should be done with these.
Of course if we are recursively resolving ourselves these should not
leak to the global internet so we continue to synthesize NXDOMAIN
ourselves.
For now we also always synthesize NXDOMAIN for special use domains like
test and onion.
Pointed out by henning.
Input & OK sthen
|
|
|
|
|
|
strategy to get past it. This is also true when we don't know yet if
we are behind a captive portal.
However, when the nameserver dhcp hands us are unreachable (e.g.
because they are down) asr is dead, we are still using it and we are
now stuck.
Only force to asr if we know that it is working. If we are behind a
captive portal and the dhcp nameserver are dead we probably won't get
past it. But if we are in a network with unreachable dhcp nameservers
we will make progress.
Stumbled upon by remi while blocking port 53 in pf.
OK remi
|
|
lease. Constrain by only looking at static routes, which are the only
kind dhclient will add. Correct by realizing direct /32 routes in the
lease look different when returned from the routing table.
Further correct route comparison by applying appropriate netmask to
both destination addresses before comparing them.
Fixes "arpresolve: ... route contains no arp information" issue
reported on bugs@.
Much problem analysis and fix testing by Lauri Tirkkonen. Thanks!
|
|
unwind should now be able to work in networks with crappy middle boxes.
We also need to switch to the ASR resolver, not DHCP when we are behind
a captive portal. Some captive portals let through DNS queries with edns0
options but the "click here to accept the terms of service page" is not
resolvable with edns0.
|
|
libc asynchronous resolver directly with DHCP provided nameservers.
This is a last-ditch effort when we find ourself behind a completely
broken middle-box.
Input & OK otto
OK benno
|
|
|
|
RTM_CHGADDRATTR messages. Be consistant and eliminate ':' after all
'name's.
ok bluhm@
|
|
route will now show "AUTOCONF4" in flags.
|
|
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@
|
|
OK benno
|
|
|
|
|
|
|
|
a couple of times by declaring optional stuff the proper way. ok @florian
|
|
This is the userland portion. OK deraadt@ sashan@
|
|
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@
|
|
|
|
responsible for freeing allocated memory.
|
|
worker_handle_request() in unbound(8).
|
|
This requires a switch to sldns_buffer to satisfy the API. But it will
be benefitial later on for even stricter input validation.
|
|
Doesn't matter currently but lead to some head scratching while
working on new things.
|
|
|
|
---
Recent versions of Unbound contain a problem that may cause Unbound to
crash after receiving a specially crafted query. This issue can only be
triggered by queries received from addresses allowed by Unbound's ACL.
---
tested by benno, tb
|
|
This also fixes a brain fart in trust_anchor_resolve_done() which was
arguably created by "sec" carrying 3 values and "true" does not mean
secure. Why this does not use enum sec_status is beyond me.
|
|
avoid an out-of-bound write for specific values and also check for
oob writes in general; with input from kettenis; ok florian@ kn@
|
|
|
|
instead of log_debug in error cases.
ok bluhm@ sthen@
|
|
ok bluhm@
|
|
Found by llvm's scan-build.
OK deraadt, benno
|
|
Do not assume that required tokens have been generated by strsep.
(toks[0] cannot be NULL but it doesn't hurt to be explicit about it.)
Found by llvm's scan-build.
OK deraadt, kn
|
|
to ps(1).
Noted by kettenis@. florian@'s fix pointed out by maestre@.
ok maestre@
|
|
ok mlarkin
|
|
Heavy lifting by sthen with updating in-tree unbound(8)
|
|
This became possible because copies of the original v1 manuals
have shown up on the Internet some time ago.
Reminded by Sevan Janiyan <venture37 at geeklan dot co dot uk>.
|
|
when an interface is gone. Bubble the error up and let the callers
deal with it instead of exiting.
OK deraadt, benno
|
|
getcap->cgetent. pwcache->user_from_uid. And then repair references.
ok jmc
|
|
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
|
were still not correct. While the values written to the kernel are
fine, the bytes for padding were taken from memory after the sockaddr
structs.
In route(8) the union of sockaddrs can be made larger, so that the
padding is taken from there.
In arp(8) the size of the struct is known. Copy only the struct
and advance over the padding. The memory has been zeroed before.
Merge all address size fixes from arp(8) into ndp(8).
OK claudio@
|
|
help/ok deraadt
|
|
link-state change and no new router advertisement is obtained (in accordance
with RFC 6059).
This should improve IPv6 -> legacy-IP-only transitions, preventing
applications from believing IPv6 connectivity is available when it is
not, potentially resulting in long timeouts.
suggestion, input and OK florian@ phessler@
|
|
|
|
included in the routing message. The significance of the bits has
to be consistent with the order of the addresss. In route(8) store
addresses in ascending order of RTA values. This allows to use
MPLS routes together with route labels.
OK mpi@ claudio@
|
|
ok patrick@
|
|
type. Provide the address family AF_LINK and storage size of struct
sockaddr_dl to the kernel when creating an IFP routing address.
OK mpi@
|
|
found by deraadt@
|
|
|
|
implausible bug existed in the socket setup (mostly dns-related and
setsockopt) it would be largely neutered. of course, a very restrictive
pledge is installed soon after that...
ok mestre brynet florian
|
|
shrinks some QSFP+ DAC output a bit.
|
