| Age | Commit message (Collapse) | Author |
|---|
|
One needs to first check imsg_get() if there is a imsg already in
the queue. Then if that returns 0 call imsgbuf_read(). Do this in
a loop until imsg_get() returns an imsg.
OK tb@ and nicm@ for file
|
|
OK tb@
|
|
OK tb@
|
|
OK tb@
|
|
imsgbuf_init, imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush.
This separates the imsgbuf API from the per-imsg API.
OK tb@
|
|
OK tb@
|
|
imsg_write() is just a thin wrapper around msgbuf_write(). So this is
mostly search and replace.
OK tb@
|
|
Issue spotted by op@
|
|
ok tb
|
|
OK: bluhm@
|
|
this should let people specify interface and queue bandwidths greater
than ~4Gbit.
this changes the pf ioctls used to specify queues, so if you want
to try this you'll need a new kernel, new headers, and a new pfctl
(and systat). or upgrade using a snapshot. the effort and benefit
of providing compat isn't worth it.
putting it in now so people can kick it around.
|
|
This is meaningless in dhcpleased(8) and *not* needed to receive
leases for an interface. In fact dhcpleased(8) works just fine without
any configuration file at all.
man page diff & OK kn
|
|
Replace literal braces with .Brq, use a list and indent the interface options
under that interface entry to reflect hierarchy (rad.conf(5) does that, too).
Feedback from/fine with jmc
|
|
ok jmc@
|
|
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups. With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3). That behavior is explicitely described in initgroups(3).
ok millert@ gilles@
|
|
this is like the -t command line option on iked itself, but you get
to keep the ike listener on port 500 and you can enable this on
specific policies instead of all of them.
this is useful if you're dealing with an org that can't firewall
ESP traffic well and so you need to force the traffic to be udp
encapsulated even if there's no NAT involved.
ok markus@ tobhe@
|
|
Leave the notion of repition to ... and markup optional prefixes as such;
'name/prefix [name/prefix ...]' becomes 'name[/prefix] ...'.
Also sync with unwind.conf.5 to fix curly braces and indentation.
OK florian
Input OK jmc
|
|
Input & OK kn, jmc, sthen
|
|
|
|
for handling DNS compression). OK florian
|
|
Add reverse_scrolling to the manpage.
ok bru@
|
|
from thorsten blum
|
|
ok mpi@
|
|
|
|
Instead of closing the just received UDP socket we closed the imsg fd
thus cleanly shutting down dhcpleased(8).
Problem triggered by sf@ with something like
while :; do ifconfig vio0 -inet; done
while :; do ifconfig vio0 inet autoconf; done
The problem triggers when dhcpleased configured a lease and in just
the right moment the autoconf flag gets removed. The main process
opens a udp socket and sends it to the frontend. At the same time the
frontend learned (from the route socket), that the interface lost its
autoconf flag. When the frontend then receives the udp socket via fd
passing it tries to close it. Due to a typo it would instead close the
imsg file descriptor.
Found by me after lots of head scratching.
OK tb
|
|
ok markus
|
|
|
|
|
|
|
|
from markus
|
|
OK jmc sobrado
|
|
|
|
parse_edns_from_query_pkt() grew a parameter to handle cookies, which
we don't use.
|
|
"fatal in engine: engine_dispatch_frontend: invalid IMSG_REQUEST_REBOOT"
reported by qwer.ty tuta io
ok florian kn
|
|
The frontend and engine do not like this due to improved error
checking.
Found by Josh Grosse and Renato Aguiar, thanks!
|
|
|
|
|
|
While here mention function where fatalx(3) occurred like everywhere
else.
Suggested by & OK tb
|
|
input & OK tb
|
|
Pointed out by tb
|
|
It only handles one imsg type these days, so it doesn't need to peek
into struct imsg at all.
pointed out by & OK tb
|
|
pointed out by & OK tb
|
|
While here use i2s helper function for error logging.
OK tb
|
|
OK tb as part of a larger diff
|
|
|
|
0xdecafbad will no longer work as an IPv4 address, sorry.
OK bluhm
|
|
ok tobhe
|
|
reflect how they work, to emphasize that they do nothing unless auto conf
is set, and to more closely match each other;
prompted by a diff from andrew christopher hawk on tech, who noted a wonky
sentence;
help/feedback deraadt florian; ok deraadt
|
|
The trust-anchor was copied from the upcoming unbound(8) release and
verified against https://www.iana.org/reports/2024/root-ksk-2024.pdf
While here switch the 2017 trust-anchor from DNSKEY to DS to use the
same record type as for the 2024 trust-anchor. They are functionally
equivalent. It was verified against
https://www.iana.org/reports/2017/root-ksk-2017.pdf
As well as with run-time testing, i.e. unwind would still perform
DNSSEC validation.
checked pdfs & OK phessler
|
|
|
