| Age | Commit message (Collapse) | Author |
|---|
|
time.
|
|
pretty printing, when 'X' is not used in the next switch statement.
Just keep 'X'. Makes the code a touch less mysterious.
|
|
statement in dhclient.conf.
|
|
valued options and previously snprintf()'d filename and servername
lease attributes.
Should fix "string constant too long" errors when reading back a
lease with filename or servername attributes with escaped characters.
Reported by Rivo Nurges.
|
|
to the leases file. No code existed to correctly read back the
strings so written.
Redo both sides and use vis()/strnunvis() instead of handrolling
more parsing. As a side-effect allow embedded NUL characters rather
than skipping them.
|
|
|
|
lease.
|
|
okay kettenis@, martin@, beck@, krw@, tedu@, millert@
|
|
exclusively and thus simplify error checking/overflow detection.
Bail out when unknown format character found. Don't ignore last
character if it's unprintable. Print embedded NULs rather than
ignoring them.
|
|
resolv_conf fields. Makes 'effective' lease written by '-L' a bit
more useful.
|
|
|
|
print buffer. Use consistant idiom to increment pointer to data
being consumed, instead of hiding some increments.
|
|
ethernet header, the ip header, the udp header and the packet.
Rather than manually concatenating the headers and then using iovec
to bundle in the packet. Eliminates some memcpy()s and convoluted
data copying.
|
|
|
|
Rework [priv_]write_file() and associated struct imsg_write_file
to use imsg_composev() rather than allocating memory, copying data
into it, and then passing it to imsg_compose() to copy data again
into imsg buffer.
ok pelikan@
|
|
to use imsg_composev() rather than allocating memory, copying data
into it, and then passing it to imsg_compose() to copy data again
into imsg buffer.
ok pelikan@
|
|
more data validation, reduce magic number count, shorter parameter
name, reduce mem*() usage, etc.
|
|
dropping messages if we usually are the initiator and the peer
initiates rekeying first. ok mikeb@
|
|
variable has been copied to [cm]alloc'ed memory and thus properly aligned.
|
|
replace the 'struct hardware' abstraction layer and use 'struct
ether_addr' where hardware addresses are of interest.
ok matthew@, confirmed by reyk@ not to impact DHCP-over-IPSec support.
|
|
idea ok deraadt@ matthew@
|
|
<in_addr>.s_addr to shorten code.
ok deraadt@ matthew@ as part of larger diff
|
|
ETHER_HDR_LEN from if_ether.h. dhclient change ok matthew@ as part
of larger diff.
|
|
a direct route for the default gateway IP with equivalent to
route add -net $gw -netmask 255.255.255.255 -cloning -iface $myip
so that the subsequent
route add default $gw
can succeed.
Magic route(8) incantation thanks to claudio.
Tested successfully on Compute Engine.
Committing now so additional testing/discussion can happen in-tree.
Discussed with deraadt, krw, claudio.
|
|
size of mask is > 4 bytes. Don't keep looping on the data
hoping it gets better.
|
|
|
|
Potential problems pointed out by matthew@.
|
|
Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a
hashing function for RSA Digital Signatures. Tested by and OK markus.
|
|
this fixes an out-of-bounds-memcpy in pfkey_process(); ok mikeb@
|
|
These were only shown for access points, so getting useful information
about IBSS networks in the area was somewhat difficult.
ok deraadt
|
|
sides negotiate the same flow, but only one flow is active
in the kernel; ok mikeb@
|
|
|
|
otherwise IKE_AUTH requests might be accepted twice, leading to TWO
child-SAs with the same remote SPI, but different local SPIs, leading
to corrupt child-SA tables.
with & ok mikeb@
|
|
|
|
otherwise this can happen: initiator retransmits SA_INIT
with rspi of zero, sa_lookup for responder fails, and
it creates a new SA, that cannot be inserted in the SA tree
|
|
|
|
|
|
mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
|
found by millert@, from deraadt@
|
|
found by millert@, ok deraadt@
|
|
it to not optimize away a comparison against NULL-1.
Add (unsigned char) casts for some ctype calls.
Teach fsck_ext2fs about MAXPARTITIONS, letting it operate on
partitions 'i' through 'p'.
ok deraadt@ millert@ otto@
|
|
Careful second audit by millert
|
|
Careful second audit by millert
|
|
multiple IPsec SAs in NAT-T case.
This fixes a problem that L2TP/IPsec connections are disconnected
improper in case multiple Windows clients are connected from behind
one NAT.
ok markus
|
|
shouldn't have chars > 127 in these but it is better not to assume
this. OK deraadt@
|
|
In practice we shouldn't have chars > 127 in these but it is better
not to assume this. OK deraadt@
|
|
ok krw
|
|
ok deraadt
|
|
ok jsg@, miod@
|
|
|
