| Age | Commit message (Collapse) | Author |
|---|
|
To match all traffic use 0.0.0.0/0 or ::/0.
ok patrick@
|
|
OK kn some time ago
|
|
has the downside to always copy the maximum IMSG size (about 16k)
between the resolver and frontend process for DNS answers because
we had to keep it as simple as possible.
We can now rearange things in -current to be less wasteful. This copies
only the usually small DNS answer.
In the unusual case that a DNS answer is larger than the maximum IMSG size
fragment the message and send multiple IMSGs.
|
|
upstream.
|
|
upstream.
|
|
Support for channel reuse of TCP and TLS (DoT) streams should improve
latency when the DoT strategy is used in unwind.
|
|
manually mounting a device which is not present in fstab(5) so that
the `-s' flag can be used in this case as well.
ok millert@, deraadt@
|
|
when an invalid option name is encountered.
|
|
transforms are not supported.
ok patrick@
|
|
issue noticed by sthen@. fix discussed with bluhm@ and procter@
OK bluhm@, kn@, procter@
|
|
fatal() immediately whem parsing command line option '-c' reveals a non-existant
file.
Original diff, tweaks & ok kn@
|
|
ok patrick@
|
|
file.
Original diff, tweaks & ok kn@
|
|
ok patrick@
|
|
|
|
ok markus@
|
|
otherwise the wrong rules might me skipped, e.g. if you have
policies with different listen addresses that are not sorted
by address family.
ok patrick@
|
|
|
|
cast in front of a strlcpy(3).
tb@ had pointed out that the use in rad(8) was not consistent.
I consider the void cast a useless annotation, either the strl*
functions must have the canonical trucation check or it must be
obvious that truncation cannot happen or is not a problem.
While at it remove a bunch more casts that snuck in over time.
|
|
get_routefd() and set_user().
|
|
get out of sync with the peer and the peer would keep on using the
expired SA because the lifetime is not negotiated.
ok patrick@
|
|
to assign the same 'config address' when an IKESA is negotiated with the
DSTID of an existing IKESA. The original IKESA will be closed and the
address will be transferred to the new IKESA.
ok patrick@
|
|
otherwise we are referencing the wrong one when the rdomain changes.
Sorry for not spotting it earlier.
|
|
code gets copied around; ok florian@
|
|
specifying multiple pools, make ikev2_cp_setaddr() iterate over
the pools to find a matching address.
ok patrick@
|
|
waited for a FD. It's not a fatal condition if it arrives late.
OK tb
|
|
OK tb
|
|
To avoide code duplication have get_icmp6ev_by_rdomain() either
return an existing icmp6ev in the correct rdomain or allocate one.
OK tb
|
|
|
|
internal structure reflecting the interface into a function that in turn
calls simple helper functions to do the different actions involved.
Simplifies the overly lengthy main(), correctly starts the state machine
with the state of the interface link as DOWN when IFF_UP is 0, tests
more initialization actions when '-n' is used.
|
|
choosing a unique IV for every encryption operation, using a counter
as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
|
type or id, ignore the proposal instead of failing the exchange.
ok patrick@
|
|
|
|
routes that are already present, neither deleting nor re-adding them.
|
|
|
|
|
|
|
|
Check quit != TERMINATE before trying to open leases file.
|
|
msg header to get the correct addresses and spis.
ok patrick@
|
|
configuration changges.
|
|
lease and use the updated values to initialize ifi->expiry and
ifi->rebinding.
Fixes odd behaviour, bouncing the link in particular, when using
dhclient.conf to change the lease renew/rebind/expiry timing. e.g. when
debugging wifi interface behaviour.
|
|
|
|
|
|
multiple iked instances running in different rdomains are used.
ok patrick@
|
|
1) The RTM_PROPOSAL telling unwind(8) about DNS servers is seen.
2) The interface is in the process of getting a new or renewed lease.
3) The default route is not UP.
Edge cases discovered while debugging urtwn(4) link bouncing.
|
|
ok patrick@
|
|
sa or policy state, this should help make it clearer.
ok patrick@
|
|
in interface_state() as it is elsewhere.
Avoids any possible NULL pointer dereference.
|
|
appropriate ifa is already known and ifi->rdomain does not need to be
updated because a change of rdomain causes a link bounce and thus
reinitialization of ifi.
One less invocation of getifaddrs() during route message processing.
|
|
Take more care to only update resolv.conf when a default route
can be found with which to determine the responsible interface.
|
