| Age | Commit message (Collapse) | Author |
|---|
|
OK jmc sobrado
|
|
|
|
parse_edns_from_query_pkt() grew a parameter to handle cookies, which
we don't use.
|
|
"fatal in engine: engine_dispatch_frontend: invalid IMSG_REQUEST_REBOOT"
reported by qwer.ty tuta io
ok florian kn
|
|
The frontend and engine do not like this due to improved error
checking.
Found by Josh Grosse and Renato Aguiar, thanks!
|
|
|
|
|
|
While here mention function where fatalx(3) occurred like everywhere
else.
Suggested by & OK tb
|
|
input & OK tb
|
|
Pointed out by tb
|
|
It only handles one imsg type these days, so it doesn't need to peek
into struct imsg at all.
pointed out by & OK tb
|
|
pointed out by & OK tb
|
|
While here use i2s helper function for error logging.
OK tb
|
|
OK tb as part of a larger diff
|
|
|
|
0xdecafbad will no longer work as an IPv4 address, sorry.
OK bluhm
|
|
ok tobhe
|
|
reflect how they work, to emphasize that they do nothing unless auto conf
is set, and to more closely match each other;
prompted by a diff from andrew christopher hawk on tech, who noted a wonky
sentence;
help/feedback deraadt florian; ok deraadt
|
|
The trust-anchor was copied from the upcoming unbound(8) release and
verified against https://www.iana.org/reports/2024/root-ksk-2024.pdf
While here switch the 2017 trust-anchor from DNSKEY to DS to use the
same record type as for the 2024 trust-anchor. They are functionally
equivalent. It was verified against
https://www.iana.org/reports/2017/root-ksk-2017.pdf
As well as with run-time testing, i.e. unwind would still perform
DNSSEC validation.
checked pdfs & OK phessler
|
|
|
|
original diff from markus
ok tobhe
|
|
fields that can differ between the primary and 1st backup superblock.
This fixes fsck issues I've encountered on my system with a shared home
partition.
OK miod@
|
|
- tweak bioctl text
- don;t repeat the device examples
- reinstate softraid device being always softraid0
usage():
- add vertical blank between two formats
- rewrap to match 80col (shorter and matches man)
feedback/ok krw kn
|
|
anchor foo {
table <bar> { 192.168.1.1 }
pass in from <bar> to <self>
}
Without this diff one must either create table <bar> in main
ruleset (root) or use 'pfctl -a foo -t bar -T add 192.168.1.1'
This glitch is hard to notice. Not many human admins try to attach
tables to non-global anchors. Deamons which configure pf(4) automatically
at run time such as relayd(8) and spamd(8) create tables attached to
thair anchors (for example 'relayd/*') but the deamons use way similar
to pfctl(8) to add and manage those tables.
The reason why I'd like to seal this gap is that my long term goal
is to turn global `pfr_ktable` in pf(4) into member of pf_anchor.
So each ruleset will get its own tree of tables.
feedback and OK bluhm@
|
|
nvme(4).
Feedback jmc@ jmatthew@ deraadt@ kn@
ok jmc@ kn@
|
|
comparison is undefined.
|
|
We don't built log.c on the ramdisk so no need for ifndef small.
|
|
pointed out by tb
|
|
- include stdlib.h for exit(3)
- knf fixes
- define log_getverbose as (0) instead of 0
input & OK tb
|
|
ok anton florian
|
|
Don't ask the kernel to translate an if_index to a name if we are not
running with verbose logging, it's not free.
|
|
ok tobhe
|
|
(sent to tech@).
|
|
|
|
|
|
|
|
Authorization Extensions"(DAE) are supported.
feedback markus stu
ok tobhe
|
|
|
|
So far dhcp6leased(8) has been completely silent.
Prodding by Brian Conway.
|
|
While here, do not claim we have a ::/0 lease, it confuses the parser.
|
|
|
|
No STATUS_CODE option from the server means "success", but we are now
using stack garbage, which is usually not "success".
|
|
If we are in state "renewing" and the DHCPv6 server returns an
unsuccessful status go to "rebinding", i.e. ask any DHCPv6 server for
a lease not just the one we got the lease from.
This likely fixes a problem reported by Brian Conway where the ISP
returned "NoBinding - Prefix not bound to this interface." for a renew.
dhcp6leased recovered once T1 expired and we went to "rebinding" after
some time.
|
|
|
|
Lots of head scratching and help from the hackroom ensued because of a
inconveniently placed \r that truncated a string and placed garbage at
a weird place.
|
|
When the DHCPv6 server renumbers and hands us new delegations we have
to deconfigure the old prefixes. To prevent situations where we have
no IPv6 at all, first configure the new prefixes and then remove the
old prefixes.
|
|
Servers indicate unusable prefixes with vltime 0 when we are in
state reboot and probably hand us new, valid prefixes.
In IPv4 dhcp we would receive a NACK instead...
|
|
|
|
from netbsd -r1.46/pgoyette
|
|
the port number.
ok florian tobhe
|
