| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Check quit != TERMINATE before trying to open leases file.
|
|
msg header to get the correct addresses and spis.
ok patrick@
|
|
configuration changges.
|
|
lease and use the updated values to initialize ifi->expiry and
ifi->rebinding.
Fixes odd behaviour, bouncing the link in particular, when using
dhclient.conf to change the lease renew/rebind/expiry timing. e.g. when
debugging wifi interface behaviour.
|
|
|
|
|
|
multiple iked instances running in different rdomains are used.
ok patrick@
|
|
1) The RTM_PROPOSAL telling unwind(8) about DNS servers is seen.
2) The interface is in the process of getting a new or renewed lease.
3) The default route is not UP.
Edge cases discovered while debugging urtwn(4) link bouncing.
|
|
ok patrick@
|
|
sa or policy state, this should help make it clearer.
ok patrick@
|
|
in interface_state() as it is elsewhere.
Avoids any possible NULL pointer dereference.
|
|
appropriate ifa is already known and ifi->rdomain does not need to be
updated because a change of rdomain causes a link bounce and thus
reinitialization of ifi.
One less invocation of getifaddrs() during route message processing.
|
|
Take more care to only update resolv.conf when a default route
can be found with which to determine the responsible interface.
|
|
ikev2_pld_parse().
|
|
|
|
returns 0 on error. This code path is taken multiple times until all
requirements for sa_stateok() are met, so don't delete the SA because
of a single failure.
ok patrick@
|
|
certificate authentication.
Reported by Mark Patruck <mark (at) wrapped (dot) cx>
|
|
assigned address.
|
|
Adjust variable declaration in disklabel to match.
ok millert@ deraadt@
|
|
address (addr_net is set).
|
|
sa_addrpool, so we don't need to re-check here.
ok patrick@
|
|
ok markus@
|
|
|
|
|
|
No binary change on amd64.
ok florian
|
|
If the configuration contains duplicate domains in the block list
file or a force list, the nodes would leak in the frontend process
each time the config is reloaded. Also add a check when copying the
force list over imsg and fatal if a duplicate is encountered. This
should never happen.
ok florian
|
|
Domains contained in the block list file were not correctly freed.
This would grow the frontend process by the size of the blocklist
file on each config reload.
ok florian
|
|
with the received dynamic IP addresse.
ok patrick@
|
|
- Move most of the processing out of rtable.c (reasonnable tb@, ok bluhm@)
- Remove memory allocation, store pointer to existing ifaddr
- Fix tunnel interface handling
looks fine mpi@
|
|
man page and usage() tweaks from jmc@.
ok lteo@
|
|
Someone reported wg(4) not working on macppc; fix ifconfig(8)'s "wgaip" to
interate over data structures in the same way as the kernel does.
Analysis and fiff from Jason A. Donenfeld
Tested on macppc, sparc64 and amd64 by me
|
|
changes that will be attempted after accepting a lease.
Verbiage enhancement suggested by jmc@.
|
|
|
|
Tested with multiple Window 10 Pro (ver 2004) clients, and OpenBSD+iked
as the server.
OK tobhe@ sthen@ kn@
|
|
16k) by splitting them up.
Previously unwind would send meta-data about the finished query from
the resolver process to the frontend process and then silently fail to
send the actual answer because it was too big for imsg.
When receiving the meta-data for the next query the frontend process
would then exit via fatal() because it was still expecting an answer.
This likely fixes rare crashes observed by Leo Unglaub.
Note that even with DNSSEC signatures, answers this big are very rare.
OK tb, benno
|
|
ok patrick@
|
|
|
|
The keyword is replaced at runtime with the address assigned from the pool
in 'config address'.
ok patrick@
|
|
|
|
|
|
lifetime. Use this information to renew pltime / vltime of privacy
addresses for up to 1 day / 2 days as RFC 4941.
This is important when announced pltime / vltime is lower than 1 day /
2 days, privacy addresses would have expired too fast.
Spotted after a remark by Fernando Gont on misc@
|
|
if we are using Semantically Opaque Interface Identifiers (soii)
otherwise we would just create the same address again and DAD will
fail again.
|
|
There is probably nothing wrong with calculating a new random value
everytime we create an address, but we are also not gaining anything.
Makes math in upcomming diffs easier.
|
|
(netinet6/nd6.h) we can remove the ND6 prefix.
While here use a MAX_DESYNC_FACTOR of 10 minutes as the RFC specifies.
We are using arc4random_uniform which avoids modulo bias.
|
|
going to renew them. Avoids redundant check for privacy addresses.
|
|
|
|
|
|
|
