| Age | Commit message (Collapse) | Author |
|---|
|
Found the hard way and OK tb@
|
|
|
|
|
|
|
|
decomposition into major and minor is unsigned, so we should print them
with %u instead of %d.
ok guenther
|
|
ok florian
|
|
This requires quite a bit of yak shaving until we can pick up nameservers
from router advertisements.
Pointed out by sthen & kn
|
|
|
|
ok sthen
|
|
it will crash when it sees a -1 FD.
Found the hard way by solene on a box without ::1
|
|
|
|
Contrary to other rules accepting a single port, this one only works with
numerical values. Fix it by simply using the proper grammar.
Port ranges are not accepted, but an error message on a range without start
was missing in general, so add it while here.
OK bluhm
|
|
ok florian@
|
|
tweaks and ok florian@
|
|
ok florian@
|
|
ok florian@
|
|
add some to unwind.h
clean up some whitespace.
ok florian@
|
|
of memory and can't do anything else. This way we don't terminate on
config reload with a bad config.
ok florian@
|
|
file.
Prodded by deraadt
|
|
|
|
otto@ pointed out that we lost a description on HOW to use macros.
|
|
If it comes from one of our processes and the size does not match what
we expect call fatalx to crash and burn. We either hit a logic bug or
something is fishy on the other end and we can't trust that process
any longer. Not that we trust those processes to begin with.
This also applies to receiving resources that we don't expect. For
example if we have an open UDP listen socket and get a new one passed
from the main process something is wrong and we should crash and burn.
The only place where we are more lenient is on the control socket. We
just ignore wrong sized messages so that users can't bring down
unwind.
|
|
ok florian@
|
|
pointed out by deraadt
|
|
The new node contains the subsystem's main control variable,
kern.witness.watch. It is aliased by the old name, kern.witnesswatch.
The alias will be removed in the future.
OK anton@ mpi@
|
|
Recently introduced in pfctl_parser.c r1.333, this helper nicely
simplifies code when copying IPs based on their address family, so use
it in five other places when killing state or source node entries.
All addresses copied in these code paths result from either
pfctl_parse_host() or pfctl_addrprefix() which guarantee the address
family set to AF_INET or AF_INET6. Therefore, effectively relaxing the
case of unhandled families from errx(3) in callers to warnx(3) in
copy_satopfaddr() is safe since it's never reached.
OK sashan
|
|
Either disable DNS or enable additional reverse lookups, but not both.
OK benno
|
|
Killing source tracking or state entries by hostname or CIDR would pass
given keys twice to getaddrinfo(3): once to resolve/parse and again to
parse the numerical address in case a prefix was specified.
Avoid this overhead by making pfctl_addrprefix() resolve, pass and mask
in one go and return the list of IPs to the callers. This notably
simplifies both logic and sanity checks around prefix length and address
family.
While here, also pass -N along such that -k and -K can be restricted to
not use DNS.
Discussed with procter sashan, OK sashan
|
|
|
|
|
|
directives, some of them no longer necessary.
Cleanup by Caspar Schutijser, thank you very much!
|
|
More consistent, clearer.
|
|
|
|
OK benno
|
|
previously specified 'append', 'default', 'ignore', 'prepend', or
'supersede' actions on the values provided in leases.
|
|
|
|
|
|
|
|
the .y file is not hooked up to the build.
But since it works out just fine remove configparser.c and hook up
configparser.y.
(The same does not hold true for configlexer.lex though.)
With this obj/configparser.c is not left behind on make clean.
|
|
|
|
|
|
This lets us get past the broken Dutch railway wifi that responds
NXDOMAIN if an edns0 option is present.
|
|
|
|
|
|
|
|
|
|
resolve at all.
We come up without listening and open IPv4 and IPv6 sockets once the
resolver process has determinded that we can speak DNS to the outside
world.
Furthermore close the listening sockets when the resolver process
notices that we can no longer speak DNS to the outside.
This is a last-ditch effort to get out of libc resolver's way and let
it speak directly to e.g. dhcp provided resolvers.
With the recomended configuration of having 127.0.0.1 first in
/etc/resolv.conf and then add dhcp provided resolvers after that our
libc resolver will receive a port unreachable error and immediately
switch to the next one if unwind is not listening on port 53.
(Networks have been observed in the wild that intercept DNS packets and
answer NXDOMAIN if an edns0 option is send with the query.)
|
|
|
|
|
|
These functions / macros (from (s)ldns) are not part of the public
libunbound API so we couldn't use them before. Due to the way we use
libunbound (a local copy) we now have access.
|
