| Age | Commit message (Collapse) | Author |
|---|
|
When started manuall from single-user mode (/ still read-only), the current
error is misleading:
# slaacd -dv
slaacd: already running
The lock was specifically added to prevent multiple instances in the
installer, which discards the error message entirely anyway.
Retain the useful EAGAIN/"already running" message, but otherwise print the
real error reason:
# slaacd -dv
slaacd: /dev/slaacd.lock: Read-only file system
Feedback OK deraadt millert
|
|
ok florian
|
|
ok florian
|
|
|
|
an ugly line split on narrower terminals
- in usage(), match the output
|
|
cloned (virtual) interfaces are skipped, and if the MAC is on more
than 1 interface, no answer either. The mac must be in same format
as the ifconfig lladdr output (complete lowercase with :)
idea from florian, ok afresh1
|
|
indicated.
Found by kn with amap.
Input bluhm.
OK deraadt, tb, otto, kn
from florian@
|
|
Since sbin/iked/vroute.c r1.13 (sep 2021):
Add client side support for DNS configuration. Use RTM_PROPOSAL_STATIC
route messages to propose the name server to resolvd(8).
|
|
and interface groups are reported. The bug allowed
to enumerate the first 64 interfaces only.
The issue has been noticed and bug kindly reported
by Olivier Croquin.
OK kn@
|
|
|
|
"pfctl -s rules" omits expired rules but print newlines for them.
"pfctl -s rules -v" omits expired rules but print their stats.
Add the existing skip check to those two missing print logic places such
that expired rules won't cause any output at all, as expected, unless
debug ("-g") or more verbose ("-vv") mode are given, as documented.
OK sashan
|
|
optionally use FFS2 (stu@ ran into a problem when running some tests on
an MFS filesystem that involved future dates).
Correct the manual which said that FFS2 is the default, which isn't the
case for mount_mfs.
lgtm miod@
|
|
If csa_bundled is set, exactly two csas exist and they point to
each other. Therefore childsa_free already sets the bundled csa
pointer to NULL and it shouldn't be done after calling childsa_free.
ok tobhe@
|
|
- use imperative tense in the pf.conf(5) "once" part
- leave printing implementation details to pfctl(8)'s "-s rules" part
- use more markup
- debug mode also prints expired rules
OK jmc sashan
|
|
from Josiah Frentsos
|
|
RFC 2132 "DHCP Options and BOOTP Vendor Extensions"
3.8. Domain Name Server Option says
Servers SHOULD be listed in order of preference.
tcpdump(8), route(8) monitor and dhcpleasectl(8) -l athn0 show servers from
the DHCP OFFER in their original order, as expected.
resolvd(8) however sorts proposals by priority and IP address before writing
them to resolv.conf(5).
But as the system resolver tries this file's `nameserver' options in the
order appearance, sorting by IP breaks DHCP's intended order and thus may
result in the wrong nameserver being queried.
Sorting by IP is done to later remove duplicates from the file.
Sort by priority alone and ensure uniqueness by iterating over the list of
of proposals and zeroeing duplicates instead to preserve any proposal's
original order.
Spotted on a public wifi OFFERing two local IPs plus 8.8.8.8 in this order
which ended up with 8.8.8.8 being the first entry in my /etc/resolv.conf.
In other words, `route nameserver lo0 2.2.2.2 1.1.1.1 1.1.1.1' now yields
nameserver 2.2.2.2 # resolvd: lo0
nameserver 1.1.1.1 # resolvd: lo0
rather than
nameserver 1.1.1.1 # resolvd: lo0
nameserver 2.2.2.2 # resolvd: lo0
Feedback OK deraadt
|
|
- show -t with -T in options list
- sort the -T commands
- small text/formatting tweaks
ok sthen
ok kn on an earlier version
|
|
possible use after free.
ok tobhe@
|
|
|
|
possible use after free.
ok tobhe@
|
|
initialization where the msg_parent field is accessed.
ok tobhe
|
|
need to keep checking for these device names.
|
|
let packet to mark 'once' rule as expired. The rule
will be removed by pfctl(8) when rules are updated.
OK kn@
|
|
|
|
It has been annoying me for too long that fully specififed GUAs
(2001:0db8:3333:4444:5555:6666:7777:8888) mess up alignment.
systat(1)'s netstat is the only view that has a big enough limit and thus
never misaligns.
Unify ndp(8), route(8) and netstat(1) views to always align nicely.
Feedback OK claudio
|
|
|
|
outside the subnet, some hosting providers use this. info from Eric JACQUOT
ok florian kn phessler
|
|
|
|
When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc()
so regular free() is safe. Other implementations allow switching to a different
allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92)
ok tb@
|
|
string size that could lead to a buffer overflow in ikev2_print_id().
Found by and fix from dropk1ck on github (issue #90)
ok patrick@ mbuhl@
|
|
ifconfig(8) output can get too long when always printing `wgpeers' for all
wg(4) interfaces, so omit it output is requested and/or output is limited
to the interface group "wg" or a specific interface "wgX".
No install media size change as wireguard code is under #ifndef SMALL.
Diff from Mikolaj Kucharski <mikolaj AT kucharski DOT name>
makes Hrvoje Popovski happy
manual bits from jmc
OK sthen
|
|
directly instead of calling group_get() and leaking the result.
ok markus@
|
|
|
|
At least the built-in controller on sparc64 T4-2 machines supports 1E from
which OpenBSD boots just fine, but bioctl(8) reports it as RAID 10:
mpii0 at pci15 dev 0 function 0 "Symbios Logic SAS2008" rev 0x03: msi
mpii0: Solana On-Board, firmware 9.0.0.0 IR, MPI 2.0
scsibus1 at mpii0: 834 targets
sd0 at scsibus1 targ 0 lun 0: <LSI, Logical Volume, 3000> naa.600508e0000000006cd1dcd59022a30a
sd0: 713824MB, 512 bytes/sector, 1461911552 sectors
root on sd0a (efde5b2c6ab7b8ac.a) swap on sd0b dump on sd0b
# bioctl mpii0
Volume Status Size Device
mpii0 0 Online 748498714112 sd0 RAID10
0 Online 500107861504 0:2.0 noencl <ATA CT500MX500SSD1>
1 Online 500107861504 0:1.0 noencl <ATA CT500MX500SSD1>
2 Online 500107861504 0:0.0 noencl <ATA CT500MX500SSD1>
mpii(4) simply munged 1E into 10.
Report it as 0x1E just like softraid(4) RAID 1C is 0x1C internally:
# ./obj/bioctl mpii0 | grep RAID
mpii0 0 Online 748498714112 sd0 RAID1E
OK jsing
|
|
Only the RAID level itself with level specific values in the end differs.
OK jsing
|
|
D_VENDOR lives in d_flags, not d_secpercyl.
Makes resizing a partition more likely to respect cylinder rounding
on sparc64.
|
|
|
|
DEC standard 144 bad sector information is no longer a thing. As
evidenced by bad144(8) moving to the attic 16 years ago.
ok miod@, who points out that badsect(8) is now the nail sticking
out.
|
|
In config_free_policy() the refcounting is unchanged and each SA linked to the
policy will trigger a call to policy_ref() and increase the references as
before the change. This allows unconditional calls to policy_ref() and
policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT
is set.
From and ok markus@
|
|
r1.11 "Don't print device name on failure" made it print unconditionally,
which contradicts what the manual says.
Report + diff from Brin Conway <bconway AT rcesoftware DOT com>, thanks.
From Brian Conway
|
|
- fix the crazy list width
- since there's only one item, -compact makes no sense
|
|
reported to FreeBSD by Franco Fichtner; from Kristof Provost
|
|
|
|
sure ikes_retransmit_response events don't also increase the
ikes_msg_rcvd_busy counter.
ok markus@
|
|
error types and other events that help analyze errors in larger setups.
The counters can be printed with 'ikectl show stats'.
ok bluhm@ patrick@
from and ok markus@
|
|
|
|
and make 'fdisk -v' display their names (NoAutoMount, Hidden,
Shadow, ReadOnly).
Shift 1ULL instead of 1 to make it clear these are uint64_t
flags. Makes clang happier.
|
|
This will happen when an address expires because the vltime drops to
zero. The kernel then deletes the address and slaacd tries to do so,
too. The correct fix is to track in slaacd that the kernel already
deleted the address for us, but that's too much work shortly before a
release so just hide the ugly warning for now, it's harmless.
Problem reported by semarie some time ago.
OK deraadt, benno
|
|
not differentiate between similar policies that only differ in srcnat. Also
include srcnat when logging flows or policies.
ok markus@
|
|
and BOOTABLE, set BOOTABLE attribute bit instead of using the
incorrect GPTDOSACTIVE value, have 'fdisk -v' print out GPT
partition attributes if any of the 64 bits are set, don't spoof
any partition with REQUIRED bit set.
Prompted by kettenis@ stumbling across a machine with 40+ (!!)
REQUIRED GPT partitions.
Tested & ok kettenis@
|
