| Age | Commit message (Collapse) | Author |
|---|
|
If csa_bundled is set, exactly two csas exist and they point to
each other. Therefore childsa_free already sets the bundled csa
pointer to NULL and it shouldn't be done after calling childsa_free.
ok tobhe@
|
|
- use imperative tense in the pf.conf(5) "once" part
- leave printing implementation details to pfctl(8)'s "-s rules" part
- use more markup
- debug mode also prints expired rules
OK jmc sashan
|
|
from Josiah Frentsos
|
|
RFC 2132 "DHCP Options and BOOTP Vendor Extensions"
3.8. Domain Name Server Option says
Servers SHOULD be listed in order of preference.
tcpdump(8), route(8) monitor and dhcpleasectl(8) -l athn0 show servers from
the DHCP OFFER in their original order, as expected.
resolvd(8) however sorts proposals by priority and IP address before writing
them to resolv.conf(5).
But as the system resolver tries this file's `nameserver' options in the
order appearance, sorting by IP breaks DHCP's intended order and thus may
result in the wrong nameserver being queried.
Sorting by IP is done to later remove duplicates from the file.
Sort by priority alone and ensure uniqueness by iterating over the list of
of proposals and zeroeing duplicates instead to preserve any proposal's
original order.
Spotted on a public wifi OFFERing two local IPs plus 8.8.8.8 in this order
which ended up with 8.8.8.8 being the first entry in my /etc/resolv.conf.
In other words, `route nameserver lo0 2.2.2.2 1.1.1.1 1.1.1.1' now yields
nameserver 2.2.2.2 # resolvd: lo0
nameserver 1.1.1.1 # resolvd: lo0
rather than
nameserver 1.1.1.1 # resolvd: lo0
nameserver 2.2.2.2 # resolvd: lo0
Feedback OK deraadt
|
|
- show -t with -T in options list
- sort the -T commands
- small text/formatting tweaks
ok sthen
ok kn on an earlier version
|
|
possible use after free.
ok tobhe@
|
|
|
|
possible use after free.
ok tobhe@
|
|
initialization where the msg_parent field is accessed.
ok tobhe
|
|
need to keep checking for these device names.
|
|
let packet to mark 'once' rule as expired. The rule
will be removed by pfctl(8) when rules are updated.
OK kn@
|
|
|
|
It has been annoying me for too long that fully specififed GUAs
(2001:0db8:3333:4444:5555:6666:7777:8888) mess up alignment.
systat(1)'s netstat is the only view that has a big enough limit and thus
never misaligns.
Unify ndp(8), route(8) and netstat(1) views to always align nicely.
Feedback OK claudio
|
|
|
|
outside the subnet, some hosting providers use this. info from Eric JACQUOT
ok florian kn phessler
|
|
|
|
When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc()
so regular free() is safe. Other implementations allow switching to a different
allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92)
ok tb@
|
|
string size that could lead to a buffer overflow in ikev2_print_id().
Found by and fix from dropk1ck on github (issue #90)
ok patrick@ mbuhl@
|
|
ifconfig(8) output can get too long when always printing `wgpeers' for all
wg(4) interfaces, so omit it output is requested and/or output is limited
to the interface group "wg" or a specific interface "wgX".
No install media size change as wireguard code is under #ifndef SMALL.
Diff from Mikolaj Kucharski <mikolaj AT kucharski DOT name>
makes Hrvoje Popovski happy
manual bits from jmc
OK sthen
|
|
directly instead of calling group_get() and leaking the result.
ok markus@
|
|
|
|
At least the built-in controller on sparc64 T4-2 machines supports 1E from
which OpenBSD boots just fine, but bioctl(8) reports it as RAID 10:
mpii0 at pci15 dev 0 function 0 "Symbios Logic SAS2008" rev 0x03: msi
mpii0: Solana On-Board, firmware 9.0.0.0 IR, MPI 2.0
scsibus1 at mpii0: 834 targets
sd0 at scsibus1 targ 0 lun 0: <LSI, Logical Volume, 3000> naa.600508e0000000006cd1dcd59022a30a
sd0: 713824MB, 512 bytes/sector, 1461911552 sectors
root on sd0a (efde5b2c6ab7b8ac.a) swap on sd0b dump on sd0b
# bioctl mpii0
Volume Status Size Device
mpii0 0 Online 748498714112 sd0 RAID10
0 Online 500107861504 0:2.0 noencl <ATA CT500MX500SSD1>
1 Online 500107861504 0:1.0 noencl <ATA CT500MX500SSD1>
2 Online 500107861504 0:0.0 noencl <ATA CT500MX500SSD1>
mpii(4) simply munged 1E into 10.
Report it as 0x1E just like softraid(4) RAID 1C is 0x1C internally:
# ./obj/bioctl mpii0 | grep RAID
mpii0 0 Online 748498714112 sd0 RAID1E
OK jsing
|
|
Only the RAID level itself with level specific values in the end differs.
OK jsing
|
|
D_VENDOR lives in d_flags, not d_secpercyl.
Makes resizing a partition more likely to respect cylinder rounding
on sparc64.
|
|
|
|
DEC standard 144 bad sector information is no longer a thing. As
evidenced by bad144(8) moving to the attic 16 years ago.
ok miod@, who points out that badsect(8) is now the nail sticking
out.
|
|
In config_free_policy() the refcounting is unchanged and each SA linked to the
policy will trigger a call to policy_ref() and increase the references as
before the change. This allows unconditional calls to policy_ref() and
policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT
is set.
From and ok markus@
|
|
r1.11 "Don't print device name on failure" made it print unconditionally,
which contradicts what the manual says.
Report + diff from Brin Conway <bconway AT rcesoftware DOT com>, thanks.
From Brian Conway
|
|
- fix the crazy list width
- since there's only one item, -compact makes no sense
|
|
reported to FreeBSD by Franco Fichtner; from Kristof Provost
|
|
|
|
sure ikes_retransmit_response events don't also increase the
ikes_msg_rcvd_busy counter.
ok markus@
|
|
error types and other events that help analyze errors in larger setups.
The counters can be printed with 'ikectl show stats'.
ok bluhm@ patrick@
from and ok markus@
|
|
|
|
and make 'fdisk -v' display their names (NoAutoMount, Hidden,
Shadow, ReadOnly).
Shift 1ULL instead of 1 to make it clear these are uint64_t
flags. Makes clang happier.
|
|
This will happen when an address expires because the vltime drops to
zero. The kernel then deletes the address and slaacd tries to do so,
too. The correct fix is to track in slaacd that the kernel already
deleted the address for us, but that's too much work shortly before a
release so just hide the ugly warning for now, it's harmless.
Problem reported by semarie some time ago.
OK deraadt, benno
|
|
not differentiate between similar policies that only differ in srcnat. Also
include srcnat when logging flows or policies.
ok markus@
|
|
and BOOTABLE, set BOOTABLE attribute bit instead of using the
incorrect GPTDOSACTIVE value, have 'fdisk -v' print out GPT
partition attributes if any of the 64 bits are set, don't spoof
any partition with REQUIRED bit set.
Prompted by kettenis@ stumbling across a machine with 40+ (!!)
REQUIRED GPT partitions.
Tested & ok kettenis@
|
|
The variable "clang" is modified from a signal handler. Change it
from an 'int' to a 'sig_atomic_t' and mark it 'volatile', as we
recommend in signal(3).
ok millert@ kn@
|
|
that use d_drivedata.
Since nothing else in the tree refers to d_drivedata other than
/etc/disktab parsing and no /etc/disktab entry utilizes the
:d[0-4]: attributes, stop disklabel(8) both printing "drivedata:
0" and paying attention to any "drivedata: ..." lines in ascii
labels being read.
ok jsg@ miod@
|
|
OK jmc
|
|
allocation of RAID partitions.
Make both 'raid' and 'swap' keywords case insensitive.
Suggested by kn@
ok kn@ miod@
|
|
There were few reports were /etc/resolv.conf would lose user-managed
lines, possibly caused by a system crash.
While here add a call to fsync(2) which might also help.
input otto
input & OK deraadt, kn
|
|
ok otto@ as part of larger diff
|
|
No need to set them or check that they are set.
ok otto@ as part of larger diff
|
|
This is about to change and connect(2) will require "w", not "r".
OK deraadt@ florian@ mestre@
|
|
Noticed by mistake (wanted `-l'):
# vnconfig l
vnd0
vnconfig: VNDIOCSET: No such file or directory
Same happens if you try to load a bogus file:
# vnconfig ./empty
vnd0
vnconfig: VNDIOCSET: Input/output error
In both cases, the info on stdout is useless as vnd0 is not used.
Defer printing the device until after the file is set up:
# ./obj/vnconfig l
vnconfig: VNDIOCSET: No such file or directory
# ./obj/vnconfig ./empty
vnconfig: VNDIOCSET: Input/output error
OK deraadt
|
|
only warn about the start.
ok millert@
|
|
|
|
usable LBA area of the device the GPT is currently inhabiting.
Makes GPT display as informative as MBR display.
In passing, eliminate possible underflow in partition size
calculation.
ok deraadt@
|
