| Age | Commit message (Collapse) | Author |
|---|
|
|
|
with "temporary".
|
|
deprecates a prefix by sending a pltime of 0, this is normal.
Continue warning when the pltime is smaller than 5 as this is almost
certainly a configuration error.
Found the hard way by & OK otto.
|
|
Keep "temporary" the default when setting inet6 autoconf but make it
possible to disable the "autoconf" flag but keep "temporary" enabled.
The normal usecase to only have temporary autoconf addresses would be
"inet6 temporary" in hostname.if
OK kn
|
|
Track autoconf and temporary flag individually to be able to support
this.
OK kn
|
|
distrib/special/slaccd is the actual SMALL user but having it build from here
is useful, too; in fact, it showed some more unused variables under SMALL.
OK florian
|
|
Swap -wgpeerall and wgpeer in synopsis to ease parsing.
"I'm good" - Matt Dunwoodie. "just commit" - jmc
suggestions and ok sthen@
|
|
|
|
getifaddrs on every route message.
This also allows us to drop the route pledge since we only need to
fetch the interface state with getifaddrs on startup.
|
|
OK claudio
|
|
state of the machine on startup using ioctl(2) and getifaddrs(3).
We can then update this state with information provided by route
messages. We still need getifaddrs(3) to check if the layer 2 address
has changed.
This simplifies error handling (what should we do if ioctl(2) fails?),
reduces kernel round trips (no need to ask the kernel again for
information RTM_IFINFO provided already) and prevents a theoretical
race between RTM_IFINFO and getaddrinfo(3).
In a fast link state UP -> DOWN -> UP transition RTM_IFINFO informs us
that the link went down but we were not using this information but
rather looked at getifaddrs(3) information which might see the link as
already up again. We would then do nothing while we should try to get
a new lease.
By storing all interface information in the frontend process we can
skip imsgs to the engine process if we get an RTM_IFINFO without
relevant changes for us.
|
|
|
|
|
|
Those commands are not supported under SMALL; unless I overlooked others,
this should be the last bit to declare all prototypes correctly wrt. SMALL
(the overall unsorted order of both prototypes and commands makes this hard
to spot).
No object change, with and without SMALL.
|
|
|
|
|
|
it.
|
|
contains an explicit group transform. Override requiredh if one
of the local options is 'none' so that a proposal with no DH
group and on with explicit group 'none' result in a match.
ok patrick@
|
|
'none' (disabling PFS). Fixes a bug when the initiator sends a KE
payload but the negotiation results in DH group "none".
For other DH group mismatches we send an INVALID_KE notify, for 'none'
we can just ignore the KE payload.
ok patrick@
|
|
|
|
AF_LINK and skip one ioctl.
OK benno
|
|
OK deraadt
|
|
"[-]rdomain" commands are ignored under SMALL but their prototypes,
the global and therefore dead print logic are still in.
OK deraadt
|
|
OK deraadt
|
|
|
|
While here check address family for 'temporary' option, only inet6 is
allowed.
OK kn
|
|
|
|
"privacy extensions" to "temporary address extensions"
Change ifconfig(8) to output temporary after temporary addresses and
add "temporary" option which is an alias for autoconfprivacy for now.
Also make AUTOCONF6TEMP a positiv flag that is set by default.
Previously the negative flag "INET6_NOPRIVACY" was set when privacy
addresses were disabled. This makes the flags output less ugly and
will allow us to disable autoconf addresses while having temporary
addresses enabled in the future.
More work is needed in slaacd.
input benno, jmc, deraadt
previous verison OK benno
OK jmc, kn
|
|
are exceeded.
Feedback from otto@, cheloha@
|
|
with dlg
|
|
All text is copied from other already existing sections, i.e. link flag
handling from TPMR and the rest from BIDGE.
Contrary to BRIDGE, add a synopsis for VEB such that there's a simple
overwiew, especially since veb(4) currently does not explain *how* to use
the described features.
NB: While TPMR and VEB use the same wording for link flags, their semantics
are different, i.e. both different flags and swapped polarity for those
flags.
Feedback jmc dlg
OK dlg
|
|
|
|
|
|
|
|
Feedback from otto@
|
|
zero (should not happen, but did), because the auto-allocate code will
put a filesystem on that partition.
ok otto kurt
|
|
dhcpleased.
|
|
and installing USD/SMM/PSD docs.
jmc@ agrees with the direction, ok millert@ on an earlier diff
|
|
behind -vv or by deleting unneeded output.
While here reword some debug output to make it more useful.
(There is more to be done here.)
|
|
handles this for us by doing a state transition if we have been stuck
in "rebooting" or "requesting" for too long.
Makes the code a bit simpler and we only have one place were we need
to special case the timeout cap.
|
|
|
|
Problem reported by deraadt some time ago.
|
|
This allows us to pass the link state over to engine here instead of
in update_addr which is not available in small.
This gets us more in line dhcpleased.
|
|
already in the interface on the engine side.
|
|
|
|
This was too much code in the imsg handler.
|
|
|
|
The desync factor is now tracked per temporary IP and the max value
has been increased to about 9 hours.
While here fix a bug where the minimum acceptable pltime in a router
advertisement should be bigger than PRIV_REGEN_ADVANCE not the desync
factor (which didn't make any sense at all).
From Fernando Gont, thanks!
OK sthen
|
|
they don't like them instead of sending a DHCPNAK. Found the hard way
by benno who didn't want to wait 127 seconds.
Due to another bug dhcpleased would have exit through a fatal() in the
frontend process if he had waited long enough for a Rebooting -> Init
transition because we didn't deconfigure our IP address and thus
didn't close our UDP socket. Upon configuring a new IP address we would
open a new UDP socket send it to the frontend which would then fatal()
due to an unexpected fd passed in.
Aproporiate timings are rather underspecified in RFC 2131. Instead of
doing an exponential backoff up to 64 in the "Rebooting" and
"Requesting" state only go up to 2 for a total of 3 packets and total
timeout of 3 seconds before going into "Init" state and sending a
DHCPDISCOVER.
To prevent the fatal() in the frontend process we reshuffle the state
transition into the "Init" state and deconfigure the IP when
appropriate.
|
|
ok patrick@
|
