| Age | Commit message (Collapse) | Author |
|---|
|
only warn about the start.
ok millert@
|
|
|
|
usable LBA area of the device the GPT is currently inhabiting.
Makes GPT display as informative as MBR display.
In passing, eliminate possible underflow in partition size
calculation.
ok deraadt@
|
|
resolvd, slaacd, unwind.
The mitigation story is way better: syscalls are in a randomly located
libc, and every syscall stub is randomly located inside that due to
random relinking. As opposed to fixed offset inside a release binary.
There is one known consequence: /usr nfs mounting must use statically
configured IP addresses.
ok kettenis florian, others
|
|
end of the device the MBR is currently inhabiting.
Prompted by some interesting MBR's from France, verbiage
suggestion from deraadt@, ok miod@
|
|
-l takes chunks not specials; while here, simplify markup for optional parts.
Feedback OK jmc
|
|
if_state_name() and proposal_state_name() are only uesd in log_debug()
calls which are NOOPs in SMALL builds.
Seen with -Wunused-function warnings in distrib/special/slaacd.
OK deraadt
|
|
"Reads better indeed" otto
|
|
OK millert
|
|
handling. Code from mount_msdos (which got it from chmod/chown).
ok tb@ deraadt@
|
|
opendev(3) takes a const char * (since 2012, thanks tb),
just what getinfo() provides.
No amd64 object change.
OK millert tb
|
|
Check for numeric levels before checking for single-character ones
("c" and "C") such that a) invalid synopsis (no "-l") is detected as such
# bioctl -c 10 vnd0 softraid0
bioctl: Invalid RAID level
# ./obj/bioctl -c 10 vnd0 softraid0
usage: bioctl ...
and b) ten is correctly treated as valid but unsupported level:
# bioctl -c 10 -l vnd0a softraid0
bioctl: Invalid RAID level
# ./obj/bioctl -c 10 -l vnd0a softraid0
bioctl: unsupported RAID level
Uppercase the abbreviation while here.
Feedback OK tb
|
|
Feedback OK jmc
|
|
Ought to go in 2020 already.
OK deraadt
|
|
stderr is expected and stdout would break vnconfig(8)'s usage
where vnd_dev is omitted and a new one is printed on stdout.
|
|
in PWB/UNIX 1.0 (July 1977) and in System III (1982),
but not in v7 (Jan 1979) nor in 32v (May 1979).
According to the Australian UNIX User Group Newsletter Vol. I No. I
https://www.tuhs.org/Archive/Documentation/AUUGN/AUUGN-V01.1.pdf ,
(October 1978), Letter from John Lions on page 20, UNIX/TS 1.0 (late
1978 or early 1979) also contained an implementation of shutdown(8).
So it is unlikely it came from the CSRC and more likely it was
invented either by the PWB or by the USG group.
Since we don't know for sure, only cite the first public release.
It was a mistake to say "appeared in 4.0BSD". That release only
contained a stub manual page (without a DESCRIPTION), and the
file man8/BUGS in 4.0BSD mentions it without giving details,
presumably trying to indicate it wasn't really available yet.
The is no shutdown(8) implementation in BSD before 4.1cBSD.
OK jsg@
|
|
dmesg(8) doesn't use any positional arguments. If we see any, it's a
usage error.
ok florian@, "Sure" deraadt@ millert@
|
|
anything. Allowing modifications to it or displaying whatever
geometry was in use when the label was created leads to needless
inconsistency with the kernel and with the values displayed by,
e.g., fdisk(8).
Always set label fields d_secsize, d_nsectors, d_ntracks,
d_secpercyl, d_ncylinders to the current values used by the
kernel, obtained via DIOCGPDINFO. Ignore any values from the
on-disk label or the file -R uses.
Nuke editor command 'g' and restrict editor command 'e' to
changing d_type and d_packname.
|
|
ok jmc@ schwarze@
|
|
Fix "ps -o rtable" example description while here.
Initial idea to mention id -R in route(8) from sthen
Feedback OK sthen
|
|
Also memset the pfctl struct in pfctl_reset.
OK jan@
|
|
Fallout from regress failure spotted by anton@.
|
|
If neither are found, restrict user actions to printing basic
information on the disk, reading the man page, initializing an
MBR or GPT, or terminating fdisk without changing anything.
Feedback on earlier attempt by miod@ and brynet@.
|
|
OK kn
|
|
interface.
This works around a problem where the kernel always deletes
the first default route if there are multiple present
with the same gateway.
This only fixes the problem when running ifconfig inet -autoconf.
There are other cases where we call configure_rotures(RTM_DELETE), for
example when setting ignore routes in dhcpleased.conf and issuing a
reload. To fix that we either need help from the kernel to distinguish
routes by IFP or track priorities and hope they are unique.
Problem reported by mbuhl.
OK claudio
|
|
to the same gateway.
Unfortunately this doesn't help with deleting the correct route when
issuing ifconfig inet -autoconf, the kernel always deletes the first
route. This is the one with the lowest priority if the routes have
different priorities.
What does work is identifying routes by priority but dhcpleased(8)
doesn't set the priority so that the kernel choses the right one
when adding a route and it doesn't yet track the priority the
kernel set.
Another issue is that we might end up with routes having the same
gateway and same priority pointing out of different interfaces. For
example when two ethernet interfaces are set to autoconf and they are
connected to the layer 2 network. This seems like a bad idea but it is
something that could be configured.
Problem reported by mbuhl, claudio suggested to try to send an IFP.
Even though it doesn't work, it seems worthwhile to send the IFP for
when the kernel gains the ability to distinguish routes by IFP.
|
|
This brings it in line with dhcpleased(8) as well as what we do for
the default route and DNS proposals.
I missed this when I rewrote the state machine to match
dhcpleased(8).
|
|
|
|
make it easier to handle interoperability problems with older versions in
the future. The ID is constructed from the string "OpenIKED-" followed by
the version number.
Sending of the vendor ID payload can be disabled by specifying
"set novendorid" in iked.conf(5).
ok markus@ bluhm@
|
|
From markus@
ok bluhm@
|
|
ok jan@ miod@
|
|
|
|
It was possible to exhaust kernel memory by repeatedly calling
pfioctl DIOCXBEGIN with different anchor names.
OK bluhm@
Reported-by: syzbot+9dd98cbce69e26f0fc11@syzkaller.appspotmail.com
|
|
to RTP_PROPOSAL_SOLICIT. Fixes a crash when resolvd is restarted but
no name server is set.
|
|
Put 'setpid' description in correct place in COMMAND MODE
command list. i.e. in same order as ask_cmd() will parse
it.
Simplify ask_cmd() by displaying prompt in edit loop
rather than passing editlevel to ask_cmd().
No intentional functional change.
|
|
Tweak 'abort' description to emphasize discarding
of changes.
|
|
aligned with the code. Tweak usage() to stay in step.
Usual cogent feedback, tweaks and ok jmc@
|
|
FDs in flight. Things then get confusing. The kernel tells us we can
read from the bpf FD but the data is actually "on the other FD", so
read(2) returns 0.
Found the hard way by, and patiently debugged with weerd@
One way to trigger this is booting a vmm VM where dhcpleased(8)'s
init_ifaces() loses a race against netstart(8). init_ifaces() would
already see the autoconf flag and request a bpf FD.
But then it would receive a RTM_IFINFO message without the autoconf flag
set from when the interface came up. Then it will see another RTM_IFINFO
message with the autoconf flag set and request yet another bpf FD. If
the first bpf FD had not arrived yet we ended up with two in the frontend
process.
While here make sure a bpf FD has been received for an iface before
trying to close(2) it.
tweak & OK dv
|
|
It is less cluttered, easier to reason about and fixes some bugs in
passing that would have been difficult in the old state machine.
Stale IPv6 addresses, default routes and nameservers are now correctly
removed when moving from one IPv6 enabled network to another IPv6
enabled network.
Default routes and nameservers correctly expire when they are not
refreshed and nameservers are updated when router advertisements
change the nameserver option.
Testing & input caspar@
Putting it in now to get wider testing and shake out bugs, discussed
with deraadt@ at r2k22.
|
|
input of excessive length.
Make 'args' parameter to Xfuncs const char * and do the multiple
argument parsing in Xswap() and Xflag() on a local copy.
|
|
No functional change.
|
|
payloads. Local certificate chains as required with LetsEncrypt certs will
work between iked and other IKEv2 implementations, iked to iked connections
won't work yet because of missing support to receive multiple CERT
payloads.
from Katsuhiro Ueno
tested by and ok sthen@
|
|
|
|
when more than one is received. The first CERT is always the leaf
certificate, additional payloads can be used to send intermediate certs
which iked can not handle at the moment.
This fixes exchanges where the certificate chain is still valid because
matching intermediate certs are available locally in /etc/iked.
Reported and tested by Loïc Revest <l.revest (at) apc.fr>
ok mbuhl@
|
|
SA shall be deleted. ni should be set to the minimum nonce for the
exchange intitiated by us while nr should be the smaller of the
nonces of the simultaneous exchange initiated by the peer, which
is stored in sa_simulat.
This fixes the ni < nr comparison below and makes sure our Child SA
is only deleted in the correct case as specified in RFC 7296.
Reported by and fix from Sibar Soumi <sibar.soumi (at) achelos.de>
ok mbuhl@
|
|
for a couple of years, backed by dhcpleased(8), which provides much better
dns handling. The next step is to make the dhclient simply execve
ifconfig in that way, and provide syslog warnings about deprecated options
along the way. This way, we can find the last few dhclient users, and what
they are missing.
ok florian krw
|
|
variables inside the #ifdef DEBUG block using them.
|
|
|
|
use it for.
|
|
|
