| Age | Commit message (Collapse) | Author |
|---|
|
okay deraadt@
|
|
OK deraadt@
|
|
I'm considering simply deleting mount_vnd -- are there any users of this
bizzare feature?
|
|
|
|
|
|
|
|
option which will ease distribution build.
not connected to the build yet.
|
|
reported by Fabio Scotoni <fabio at esse dot ch>;
also garbage collect one .Tn while here
|
|
|
|
this complements txprio and should finish support for RFC 2983
ok claudio@
|
|
`-t table -T add|replace ...' would only check for duplicate tables in case
addresses where actually to the table.
Instead of using a positive number of added addresses as prove for
successful table operations, rely on the fact that CREATE_TABLE() is
guaranteed to be called only if pf(4) can be accessed, that is
warn_duplicate_tables() will return.
This improves duplicate detection rate as warnings are now also emitted
even when table commands eventually leave tables unchanged.
OK benno sashan
|
|
revision 1.689 introduced warn_duplicate_tables() unconditionally, breaking
the parser on tables withs insufficient permissions to open pf(4):
$ echo 'table <t>' | pfctl -nf-
pfctl: pfr_get_tables: Bad file descriptor
So simply check whether pfctl is able to get the table list first. If not,
instead of silently avoiding namespace collision checks, print a brief
notice iff `-v' is given to help finding duplicate definitions by hand:
$ echo 'table <t>' | ./obj/pfctl -vnf-
table <t>
stdin:1: skipping duplicate table checks for <t>
Reported by Rivo Nurges, thanks!
OK benno sashan
|
|
better...
|
|
|
|
(discussed with many at tech@)
OK deraadt@, kn@, sthen@, tedu@
|
|
These were deprecated with 6.3, but instead of removing them all together,
keep [-]vlan and [-]vlandev as aliases for [-]vnetid and [-]parent.
Alias idea from sthen
OK dlg sthen benno
|
|
|
|
qsfp was originally defined in SFF-8436, but the management interface
now seems to be managed in SFF-8636, so this uses sff8636 as a
prefix for qsfp things. the same spec applies to qsfp+ and probably
qsfp28.
XFP and QSFP share a bunch of offsets for where strings are located,
so this factors out the printing of those strings from the xfp code
and uses it from both the xfp and qsfp handling.
i have a qsfp+ to 4x sfp+ cable that looks like this with the new
code:
transceiver: QSFP+
model: Amphenol 601110005 rev A
serial: CN0HVVVFxxxxxxx date: 2013-04-18
if i ever get a pair of optics i can work on the diags
|
|
xfp uses a different page layout compared to sfp. xfp uses info in
INF-8077, not SFF-8472, and by default provides the info at page
1, not 0.
myx(4) supports xfp modules, but doesn't support i2c writes so it
cannot change the page the chip is looking at. it appears that myx
defaults to page 1 for xfp, so if the first read of page 0 fails
with ENXIO, try to read page 1 instead.
a 10G-PCIE-8A-R myx with the only xfp module i could find lying
around looks like this:
transceiver: XFP
model: Intel Corp TXN181070850X1J rev B3
serial: USC2048M95 date: 2005-04-13
im not sure if it's worth spending much more time on these though..
|
|
|
|
(like media/joinlist do) rather than totally separate; this also allows
"ifconfig -a sff" or "ifconfig ix sff".
tweak display format to make it look closer to the standard lines.
ok deraadt
|
|
because these are the commonly used terminology
ok claudio sthen
|
|
|
|
problem spotted by Hrvoje, thank you!
ok deraadt
|
|
|
|
in less space. Adds wavelength, printing alarm low/high thresholds, and
prints a flag for warning or alarm indications. "i like it" deraadt@
|
|
|
|
this is very basic, and will get cut up a lot by sthen@ soon, but
it was enough to get us started with. at the moment it shows the
type of module, some vendor and products strings, and detects if
the device supports diag and then shows it. qsfp info is structured
very differently, but i'll let sfp support settle before trying to
make it look the same.
so far only ix(4) and some ixl(4) with up to date firmware implement
the backend ioctl for this. no em(4) yet :(
suggestions from mikeb@
ok deraadt@ sthen@
this was started because of a question from rachel roch
|
|
a strdup()'d copy and throw it away when done.
cluebat from deraadt@
|
|
soon-but-not-yet-initialized string.
Should fix "Segmentation fault" reported by Raf
Czlonka.
|
|
|
|
*.ok files whenever space_allocation tables are
modified.
|
|
|
|
used a private-use group number. Switch to the group number assigned in
RFC8031 as used in other implementations.
"this is the right time" deraadt@ "I like the idea" reyk@
If you use iked<>iked and have configured curve25519 in iked.conf (this
is not the default), you can switch to another PFS group before updating
then switch back. OpenBSD 6.3+ allows multiple "ikesa" lines so the
initiator can choose which to use.
|
|
add an entry for /etc/example/unwind.conf;
sort;
ok florian
|
|
|
|
|
|
|
|
Unfortunately the nameserver types enums needed to be renamed
to not collide with yacc tokens.
|
|
in type to identify the resolver now that they can be addressed by
index.
|
|
|
|
option. Replace handrolled dn_expand() with the system
version. Existing hex octet versions still accepted. New format is
option domain-search "my.domain.org", "fw.my.domain.org";
It is now possible to append and prepend domains to the list provided
by the server.
Documention update to dhcp-options(5) in the pipeline!
Inspired by dhcpd(8) domain-search diff from William Ahern.
Code peered at by florian@ and kn@.
|
|
ioctl() (i.e. == -1). Don't prepend 'ioctl ' to ioctl
name in error or warning messages. Always put the
ioctl name in emitted messages.
No intentional functional change.
|
|
normal mode.
And not overwriting any -F/-f file when in -n (donothing) mode is
likely less surprising.
|
|
messages in writelabel(). Consolidate two
consecutive 'if (!donothing) ...' blocks into
one.
|
|
checking counterpart are created the same way.
|
|
section 7.1 for DoT servers.
We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in
libunbound so we need to losen pledge(2) a bit and allow rpath. At the
same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2)
since pledge(2) and unveil(2) give us more fine grained isolation.
prodding by tb@.
p.s. for portable it might be necessary to pass in a file descriptor
from the parent, slurp in the file and then use X509_STORE_load_mem()
(pointed out by sthen) in the guts of libunbound.
|
|
with latest command line prompt change.
ok kn@ jmc@, with more improvements inevitable.
|
|
getasciilabel() when getasciilabel() explicitly avoids
changing those fields.
ok otto@
|
|
|
