| Age | Commit message (Collapse) | Author |
|---|
|
This simply puts the wiggle around inet_ntop() from four into one location.
OK benno
|
|
`error' is not used so drop it and jump to the end.
OK sashan
|
|
leaves old ones behind. The IPv6 RFCs don't seem to offer guidance on
what to do in this case. (RFC 5220 discusses related issues, but not
exactly this.)
It seems a bit harsh to just delete old addresses - a naive
implementation can easily lead to flip-flopping between two prefixes.
Instead set the preferred lifetime to 0 for all addresses on an
interface when the link goes down, thus marking addresses as
deprecated but still usable. When the link comes back send a router
solicitation. If we are still on the old network and receive a router
advertisement the preferred lifetime will increase and the addresses
will no longer be deprecated.
If we moved to a new network we will get new router advertisements and
form new addresses. The old ones will stay deprecated and the address
selection algorithm will prefer new addresses.
Problem reported by many.
testing & OK phessler
|
|
OK deraadt, phessler, jmc
|
|
We get notified when duplication is detected on the route socket. For
privacy addresses simply generate a new random address. If we have
soii enabled increase the dad counter on the prefix and generate a new
address. For eui64 addresses nothing can be done.
|
|
the way the man page says.
ok tb@
|
|
reality.
|
|
next option. Don't rely on truncated NULs being ignored because
NUL == DHO_PAD.
ok tb@
|
|
extra byte is always there. Even if the byte contains
innocuous data that isn't used. Eeven if a particular
level of optimization of a particular compiler avoids
it by processing things backwards. Bad.
So simplify and correct logic. Perhaps even proof the
code against future generations of clever compilers.
Pointed out by Brandon Falk. Thanks!
ok millert@ tb@
|
|
they are like that by default.
OK florian@
|
|
Tiny left over from 2003 when it was removed. Twist the logic by checking
for `show' and `test' to make it even simpler.
OK sashan henning
|
|
|
|
makes the code shorter and easier to read.
suggested by & OK claudio
|
|
sending all packets otherwise ping will wait forever to see all
answers - which might not arrive on lossy links.
Problem pointed out by, input & OK claudio
|
|
This removes any logic that implies IPv6 destination host addresses to be
/64 subnets so they are taken as is.
RFC 3587 deprecated this in 2003 and our manual page actually states:
The route is assumed to be to a network if any of the following apply to
destination:
* [...]
* it is an IPv6 address with a â/XXâ suffix (where XX is the number of
bits in the network portion of the address and is less than 128)
* [...]
If destination is a valid IP address or host name, it is presumed to be a
route to a host.
Stripping relevant code from `inet6_makenetandmask()' left the function as
dummy wrapper around `prefixlen()', so zap it completely.
Discussed with and positive feedback from many, OK benno henning
|
|
|
|
In filteropts_to_rule():
* Merge `once' handling from `anchorrule' and `pfrule'
* Remove/shorten duplicate code block
* Fix typo I introduced with r1.678 that frees the wrong buffer (twice)
OK sashan
|
|
|
|
the route filter to set RTABLE_ANY. Previously only the routing
table/rdomain of the route process was displayed (that being the
kernel default).
ok kn@ claudio@ and henning@
|
|
OK phessler@ claudio@ benno@ kn@
"steh' nicht rum, committe das" henning@
|
|
Make rtable(4) usage documentation consistent with other programs.
This is to have `man -k ar~rtable' show the full list without having to
look for other variations of the same argument type.
OK bluhm
|
|
ok henning@ phessler@
|
|
I comitted the wrong diff in 1.680 which turned `queue cq parent pq ...'
into invalid syntax by changing `interface' to `ON if_item'.
Found by bket, thanks!
|
|
- remove some duplication between them
- document -join
- sort
ok phessler
|
|
same functions as auto-allocation. parse_sizespec()
and apply_unit(). No intentional functional
change.
Looked good to tb@
|
|
normal people and is more efficient to boot.
The only intentional functional change was to use mergesort()
instead of heapsort() so that partitions with the same offset
retain their order in the emitted verbiage.
Looked good to tb@, ok kn@
|
|
OK phessler, benno, claudio
|
|
This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up
OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years
|
|
pf.conf(5) states that queues attach to actual interfaces only, yet the
following parses:
# echo queue eq on egress bandwidth 1G default | pfctl -f-
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
# echo queue rq on rdomain 0 bandwidth 1G default | pfctl -vf-
queue rq bandwidth 1G default
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
On rdomains, ifa_exists() returns NULL.
On interface groups, ifa_exists() returns non-NULL but af is never set
to AF_LINK.
OK henning sashan
|
|
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
Minor tweak and OK jca@
OK beck@ deraadt@
|
|
Since the address string comes last, `-prefixlen 56 2001:db8::' silently
installs a route for /64 since that's the currently implied prefix length.
The manual page already states that these options must follow the
destination parameter in order to have any effect.
Discussed at length with many
OK benno sthen bluhm jca
|
|
it.
ok markus@ as part of a larger diff
|
|
|
|
ok benno@
|
|
Some filter options were parsed but not set on anchor rules due to missing
copies of the respective struct members:
$ cat pf.conf
queue rq on trunk0 bandwidth 1G
queue dq parent rq bandwidth 1G default
anchor a set queue dq
$ pfctl -vnf pf.conf | fgrep queue
anchor "a" all
Fix this by moving common code from `anchorrule' and `pfrule' into a new
helper filteropts_to_rule().
Input from henning and benno
OK henning sashan jca
|
|
Commented since r1.465 (2004).
OK deraadt benno jca sashan
|
|
Don't say that route(8) is mostly useful to set up a default route,
which is almost a lie. What's more, I'm not sure new users struggling
with route(8) should be pointed to ripd(8) (sic) or bgpd(8) as
a solution to their problems. ok benno@ kn@
|
|
that there is only one softraid(4) controller (called softraid0), and
clarify that you cannot add or delete chunks, but merely replace them.
Tweaks and OK jsing@, and OK henning@ on a previous version.
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
It was helpfull in the beginning to know which IMSG are flying around
but unusable (and unsused) since slaacd(8) is on the ramdisk.
|
|
running out of memory.
Next step, be correct *and* consistent.
ok dennis@ tb@ benno@ schwarze@
|
|
family on the two socket() calls to open the routing socket, so that only
v6-related and af-unspecific messages are seen.
One of the sockets is only used for sending not receiving messages;
shutdown the receive side to avoid receiving messages as suggested by
claudio@.
slaacd is run by default (watching for interface changes to add the
"autoconf" flag), so has to process route messages even where IPv6
autoconf isn't used - these changes reduce CPU use on machines processing
large numbers of route updates (in particular full-table BGP routers).
ok florian@ claudio@ benno@
|
|
parse_sizespec().
ok otto@
|
|
an error occurs.
ok krw@
|
|
reference to RFC 7359.
Patch by David Dahlberg
|
|
editor_countfree() in the function body rather than in
the invocation.
ok millert@
|
|
years.
ok otto@
|
|
ok otto@
|
