| Age | Commit message (Collapse) | Author |
|---|
|
choosing MBR partitioning.
|
|
initialize_interface() logic into closer alignment, and try harder to
initialize link_state at start up.
|
|
a rewritten resolv.conf, and without being too precise, the order they will
be in the file
discussed with florian and jmc
|
|
the control socket instead of fatal().
OK deraadt
|
|
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
|
|
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
|
|
These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.
ok bluhm@, tb@
|
|
easier to read;
|
|
|
|
Diff from Marcus MERIGHI <mcmer-openbsd at tor dot at>, thanks.
Feedback OK jmc
OK dlg
|
|
ok patrick@
|
|
padding because the ethernet header in front is only 14 bytes.
Found the hard way by me while testing on sparc64.
Solution suggested by & OK deraadt
|
|
values as specified in RFC2131 section 4.4.5. Allows my Comtrend VI-3223u
to work.
OK florian@
|
|
sa_cp_addr and sa_cp_addr6 are moved to the new SA before the old
SA is deleted.
Fixes a bug where host routes were deleted on IKE SA rekey.
ok patrick@
|
|
Doing so implies support for it, but dhcpleased(8) currently ingores it
entirely and does not configure any route from it.
As per RFC 3442 servers SHOULD NOT respond with a "routers" option when
"classless-static-routes" is set.
dhcpd(8)/dhcpd.conf(5) follows that, hence requesting but not using static
routes results in not installing any routes at all.
Stop signaling support for this option and only request "routers" such that
dhcpleased continues to install a default route and properly ignores the
unsupported option if used by the server.
Report from Uwe Werler <uwe @ werler dot is> about a default route not
being set when requesting the "classless-static-routes" dhcp-options(5)
from dhcpd(8), thanks!
OK florian
|
|
|
|
|
|
(ACK/NAK), add details (DISCOVER/REQUEST) and provide
before/after info for SSID/LLADDR/MTU changes.
|
|
rather than waiting for select_timeout to expire before accepting the same
OFFER.
|
|
requested in the DISCOVER.
i.e. immediately accept the OFFER rather than waiting for select_timeout to
expire before accepting the same OFFER.
A corner case since select-timeout is 0 by default.
|
|
|
|
Call tick_msg() at startup so it knows if the link
is up. Don't emit 'link timeout expired' messages
after the link has been up.
|
|
cross flip CLOCK_REALTIME to CLOCK_MONOTONIC.
Suggested by cheloha@, millert@, otto@ at various
stages in the time_t -> timespec conversion.
|
|
timespec values. Translate from the epoch values in leases
to timespec values in one place.
Final step to allow CLOCK_REALTIME -> CLOCK_MONOTONIC time
accounting for the active lease.
|
|
need to provide the address of the interface behind which the default
router is in case they are on the same subnet otherwise the kernel
can't figure out which route we are talking about
This happens for example when your wifi and wired networks are bridged.
Pointed out by claudio some time ago.
|
|
|
|
|
|
'enforcesingleikesa'. Fixes an interop problem with strongswan
if make-before-break is enabled.
ok patrick@
|
|
interoperable with BOOTP we should also send packets that have a
minimum size of 300.
I haven't seen a DHCP server that actually enforces this except the
one in vmd(8), but it doesn't cost us much and prevents hair pulling
later on when we find one in the wild.
OK deraadt
|
|
|
|
|
|
with "temporary".
|
|
deprecates a prefix by sending a pltime of 0, this is normal.
Continue warning when the pltime is smaller than 5 as this is almost
certainly a configuration error.
Found the hard way by & OK otto.
|
|
Keep "temporary" the default when setting inet6 autoconf but make it
possible to disable the "autoconf" flag but keep "temporary" enabled.
The normal usecase to only have temporary autoconf addresses would be
"inet6 temporary" in hostname.if
OK kn
|
|
Track autoconf and temporary flag individually to be able to support
this.
OK kn
|
|
distrib/special/slaccd is the actual SMALL user but having it build from here
is useful, too; in fact, it showed some more unused variables under SMALL.
OK florian
|
|
Swap -wgpeerall and wgpeer in synopsis to ease parsing.
"I'm good" - Matt Dunwoodie. "just commit" - jmc
suggestions and ok sthen@
|
|
|
|
getifaddrs on every route message.
This also allows us to drop the route pledge since we only need to
fetch the interface state with getifaddrs on startup.
|
|
OK claudio
|
|
state of the machine on startup using ioctl(2) and getifaddrs(3).
We can then update this state with information provided by route
messages. We still need getifaddrs(3) to check if the layer 2 address
has changed.
This simplifies error handling (what should we do if ioctl(2) fails?),
reduces kernel round trips (no need to ask the kernel again for
information RTM_IFINFO provided already) and prevents a theoretical
race between RTM_IFINFO and getaddrinfo(3).
In a fast link state UP -> DOWN -> UP transition RTM_IFINFO informs us
that the link went down but we were not using this information but
rather looked at getifaddrs(3) information which might see the link as
already up again. We would then do nothing while we should try to get
a new lease.
By storing all interface information in the frontend process we can
skip imsgs to the engine process if we get an RTM_IFINFO without
relevant changes for us.
|
|
|
|
|
|
Those commands are not supported under SMALL; unless I overlooked others,
this should be the last bit to declare all prototypes correctly wrt. SMALL
(the overall unsorted order of both prototypes and commands makes this hard
to spot).
No object change, with and without SMALL.
|
|
|
|
|
|
it.
|
|
contains an explicit group transform. Override requiredh if one
of the local options is 'none' so that a proposal with no DH
group and on with explicit group 'none' result in a match.
ok patrick@
|
|
'none' (disabling PFS). Fixes a bug when the initiator sends a KE
payload but the negotiation results in DH group "none".
For other DH group mismatches we send an INVALID_KE notify, for 'none'
we can just ignore the KE payload.
ok patrick@
|
|
|
