| Age | Commit message (Collapse) | Author |
|---|
|
Pointed out by & OK otto
|
|
it in unwindctl status output next to the all time histogram.
|
|
resolver is doing. But circumstances can change, so decay the
histogram data over time to slowly forget about that past. Uses
fixed point arithmetic to avoid floating point. ok florian@
|
|
|
|
Zap lots of duplicate code and unify address family specific code where
possible. There's probably more to improve, but this already cuts a lot.
This is the minimal version without any cosmetic fixes or logical
relocations to either improve the code or sync it with pfctl, bgpd, etc.
OK tobhe
|
|
The new wrapper will be used in the upcoming diff, set_ipmask() will be
called with -1.
Both is in analogy to pfctl, bgpd and others where IP/host parsing has been
made more AF agnostic already.
copy_sockaddrtoipa() is not called copy_satoipa() to avoid confusion with
IPSec terminology (SA) as suggested by tobhe.
No functional change
OK tobhe
|
|
|
|
only when the full message was parsed successfully.
ok patrick@, "that's working for me" - sthen@
|
|
|
|
IP address, port and authentication name.
This makes print_config less awkward and fixes a bug were an
alternative port number was not printed.
|
|
|
|
|
|
validates, measure how well it is doing.
We keep track of the round trip median time of past queries and sort
strategies according to this in addition to the more basic qualities
of does it resolve and does it validate. If a query is not answered
within the median time the next best strategy gets a chance. The most
prefered strategy (either from the config file or defaults) gets an
additional head start of 200ms.
A response of SERVFAIL also advances to the next best strategy. This
is helpful when the picked strategy can only see parts of the internet
but another strategy can reach more.
This alone gets us past quite a few captive portals already.
Additionally we doubt NXDOMAIN from anything but the stub resolver for
the first 5 minutes after a network change. This is probably as good
as the http check we had previously but more tests are needed.
This was inspired by RFC 8305, "Happy Eyeballs".
OK otto
|
|
reuse in the future.
OK otto
|
|
OK otto
|
|
Avoid an extra parameter and set NULL initialised conffile conditionally.
From Matthew Martin <phy1729 at gmail dot com>, thanks!
|
|
Default /etc/unwind.conf is optional and may be missing, but explicitly
specified files should exist.
OK florian
|
|
unwindctl suggests; ok florian@
|
|
The frontend doesn't know.
|
|
|
|
empty proposal with if_index 0.
It is possible that the set of autoconf interfaces changed between a
stop -> start transition and slaacd would never withdraw nameservers
for interfaces that had the autoconf flag previously but no longer
after the restart.
|
|
daemon. Soon to be used by slaacd(8) which handles all interfaces but
can't know which interfaces had been set to autoconf before a restart.
|
|
ok florian@
|
|
|
|
To withdraw a proposal sent an empty list of nameservers.
This one is a bit of a hack by me to keep everything in sync for now.
A better version from krw is coming soon.
|
|
daemon and interface. An empty list is automatically a withdrawl.
prodding deraadt@
|
|
That way we no longer need to handle withdraws in unwind. A new
proposal from a daemon on an interface is always a replacement.
If nameservers expire or an interface goes away we sent an empty list
of nameservers.
pestering^Wprodding deraadt
|
|
the size constraint to allow this to pass through the kernel.
Looks good to deraadt@
|
|
|
|
Do not copy them to the main process.
|
|
no objection krw@ who has further suggestions for improvement
|
|
prodding deraadt@
|
|
different priorities for wired vs. wireless interfaces for us.
Gleaned from dhclient.
|
|
of zero. It just means that the router is not a default router.
This is also true for prefixes, but not yet implemented.
(The diff looks complicated but it's only a } moved up + reindent.)
|
|
otherwise we try to parse an invalid packet.
This can be triggered by captive_portal_resolve_done() when dhcp
provided nameservers do not answer and asr hits a timeout.
answer_packet is NULL and answer_len -1 in that case.
Found the hard way by claudio
|
|
Someone please make this pretty.
Tested by deraadt as part of a larger diff.
|
|
slaacd should be changed as well.
Tested by deraadt as part of a larger diff.
|
|
Tested by deraadt as part of a larger diff.
|
|
ok florian@
|
|
|
|
ok patrick@
|
|
ok bluhm@
|
|
interface name if known. As all the other message types do.
ok bluhm@
|
|
messages, not "ifidx".
ok bluhm@
|
|
|
|
ok bluhm@
|
|
are u_char or u_short. So use %u instead of %d in printf().
ok bluhm@
|
|
had them.
ok bluhm@
|
|
fragmentation was added every incoming message increased the internal
msg_id count. Fragments were handled with an explicit exception.
Now that we have msg_valid we can increase the SA's msg_id counter
only with the reconstructed message and remove the exception.
ok bluhm@
|
|
Check sa is not NULL before using it. Use sa consistently instead of
mixing sa and msg->msg_sa. In the error case, if sa is not NULL, save
the message for retransmission and return 0 instead of -1.
ok mikeb@
|
