summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2020-07-08Always try to retransmit on sendtofrom() errors to ensure the SAtobhe
is properly cleaned up in ikev2_msg_retransmit_timeout(). ok patrick@
2020-07-07Revert r1.121 and rewrite merge_option_data() to achieve same effectKenneth R Westerback
w/o using string functions on data that *MIGHT NOT* be NUL terminated. Fiddle parse_domain_name_list() to avoid string functions for the same reason. Problem encountered by Jesper Wallin when running with vm.malloc_conf=CFGJUR, although he later proved 'J' (more junking) was the actual trouble maker.
2020-07-07Fix shared DH secret length in log message.tobhe
ok patrick@
2020-07-07Stop using make_addr() which trims trailing zeros of the netmask, setYASUOKA Masahiko
family and length field. This fixes route(8) to handle "::/0" properly. Also fix "route add -inet 0.0.0.0 -prefixlen 0 (gateway)" to work properly. ok kn
2020-07-03Rename IN6_IFF_PRIVACY to IN6_IFF_TEMPORARY.Florian Obser
This is the name the other BSDs use for this, there is no reason to be different, the IPv6 RFCs call these addresses temporary, and some software in ports wants to use this as well. Most recently pointed out for firefox by landry. OK claudio, sthen
2020-06-27remove the spacing around "arp | rarp", as prompted by schwarze;Jason McIntyre
2020-06-27macro fixes; from matthew martinJason McIntyre
2020-06-26Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCATbket
OK florian@, kn@, millert@
2020-06-25Silence ca_validate_pubkey() error message for cert typetobhe
IKEV2_CERT_X509_CERT.
2020-06-25Rework 'ikeauth' configuration option. The key and cert checks in the configtobhe
parser aren't needed as they are checked at runtime during the handshake. Moreover, these checks during startup of the daemon never worked properly when dstid was not explicitly configured. The dstid depends on the ID message payload which is only known after the initial handshake. ok patrick@
2020-06-24spelling fix; from matthias schmidtJason McIntyre
2020-06-24Fix botched format string in previous commit as spotted by robert@Otto Moerbeek
2020-06-22use (undocumented) base64 code in libc instead of libcrypto.David Gwynne
naddy gave me a pointer in the right direction ok millert@ deraadt@ looks good to matt dunwoodie
2020-06-21various minor tweaks;Jason McIntyre
2020-06-21wgpip -> wgendpoint. ok dlg@Matthieu Herrb
2020-06-21teach ifconfig about wireguard.David Gwynne
note that this links ifconfig with libcrypto to get at base64 encoding and decoding routines. im looking at an alternative way to do that, so hopefully this is temporary. secondly, note that all the wireguard stuff is under ifndef SMALL, so the special build of ifconfig for install media does include wireguard support, and also does not need libcrypto. from Matt Dunwoodie and Jason A. Donenfeld ok deraadt@
2020-06-20With filesystem having many cylinder groups and many inodes per cg theOtto Moerbeek
ncg * ipg calcualtion can overflow if signed types are used. Move to uint32_t for the relevant values. Aligned with FreeBSD changes. Also make sure newfs refuses to create an fs with more that 2^32-1 inodes. ok millert@
2020-06-18Fix handling of short EAP-MSCHAP messages.tobhe
ok patrick@
2020-06-17Fix length check in ca_getreq().tobhe
ok patrick@
2020-06-15Log errors with log_info and SPI prepended.tobhe
2020-06-09Move AUTH_REQUEST SA state change from parser to IKE_AUTH exchange handler.tobhe
ok patrick@
2020-06-05Add default proposals for AES-GCM ciphers in IKE and ESP.tobhe
ok patrick@
2020-06-03Simplify logic in add_route(), eliminating pointless code duplication andKenneth R Westerback
improving clarity. No intentional functional change.
2020-06-03Pass sockaddr instead of sockaddr_storage to sa_address.tobhe
ok patrick@
2020-06-02Don't leak authmsg.tobhe
ok patrick@
2020-06-01Fix "comparison of integers of different signs" warning.tobhe
ok patrick@
2020-05-30Indentation style(9).tobhe
2020-05-29dev/rndvar.h no longer has statistical interfaces (removed during variousTheo de Raadt
conversion steps). it only contains kernel prototypes for 4 interfaces, all of which legitimately belong in sys/systm.h, which are already included by all enqueue_randomness() users.
2020-05-28Move duplicate SA negotiation code to ikev2_sa_negotiate_common().tobhe
ok patrick@
2020-05-28A few stray 'ifa' overloadings.Kenneth R Westerback
2020-05-28Make generation numbers unsigned and fill them using a random numberOtto Moerbeek
from the range [1..UINT_MAX] initially. On inode re-use increment and on wrap refill from the range [1..UINT_MAX-1] to avoid assigning UINT_MAX (the original value). Zero still means uninitialized. ok millert@
2020-05-28Reduce 'ifa' overloading by renaming some parameters 'address'.Kenneth R Westerback
2020-05-28Reduce 'ifa' overloading by renaming proposal field from 'ifa' toKenneth R Westerback
'address'.
2020-05-26Wrap some overly long lines.Kenneth R Westerback
2020-05-26Nuke a superflous local array in release_lease().Kenneth R Westerback
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
2020-05-25Do not log "startup" to syslog.Florian Obser
slaacd and unwind start very early in the boot process and syslog is not fully available yet so these messages tend to get lost. But they are also not particularly useful. Prompted by a report by Jason Mader on bugs@ OK deraadt, claudio, bluhm Note that this code has been copied around to all our privsep daemons and also lives in usr.sbin. Leave it alone there because multiple people said they find it useful for those daemons.
2020-05-21Rename various parameters and variables to eliminate misleadingKenneth R Westerback
allusions to 'rtstatic'.
2020-05-21extract_classless_route() -> extract_route() as there is only the one routeKenneth R Westerback
extraction function.
2020-05-21Rename route_in_rtstatic() to route_pos() to more clearly reflect itsKenneth R Westerback
current usage.
2020-05-20Remove no longer necessary RTLEN.Kenneth R Westerback
2020-05-20Fix typo in comment.Kenneth R Westerback
2020-05-20Rename proposal{} fields rtstatic_len, rtsearch_len and rtdns_len toKenneth R Westerback
routes_len, domains_len, ns_len. Removes obsolete alignment with names of RTM_PROPOSAL fields and makes code easier to read. No intentional functional change.
2020-05-20Replace fixed 128-byte fields for search domains, static routes andKenneth R Westerback
domain name servers with variable sized uint8_t chunks. Allows larger lists of search domains and static routes while making common situations use much less memory. Original report of breaching the 128-byte limit for static routes from James Cook via misc@. Testing of various versions by Andreas Kusalananda.
2020-05-19Eliminate imsg_propose{}, imsg_revoke{} and imsg_tell_unwind{} asKenneth R Westerback
unnecessary wrappers, since they all contained a single field that could be used as is. Suggested by claudio@
2020-05-19sync libunbound fixes from unbound, ok florian@Stuart Henderson
2020-05-19Move back to FFS1 by default for MFS as suggested by millert@. OK otto@Stuart Henderson
2020-05-19Copy ownership/permissions from the mountpoint to FFS2 MFS, as already doneStuart Henderson
for FFS1 MFS. Problem reported by Mark Patruck and Andreas Kusalananda Kahari. ok otto@
2020-05-18Make ffs2 the default for newfs; change all calls to create e.g. floppyOtto Moerbeek
filesystems or ramdisks to use explicit -O 1; installer already does that. ok sthen@
2020-05-16list example files in FILES with a short description: generally, "ExampleJason McIntyre
configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 11:06:11 +0000