| Age | Commit message (Collapse) | Author |
|---|
|
This fixes an issue that might better be solved in imsg itself.
The problem is that IMSG_CTL_RESET does not include an fd while the
following messages (IMSG_CFG_RELAY and IMSG_CFG_RELAY_FD) do contain
fds. If the receiver gets them in one buffer (via recvmsg), the first
fd might be wrongly associated to the IMSG_CTL_RESET message. This is
theoretically taken care of by the imsg API, so it is either a bug in
relayd's API usage or in imsg itself.
"sure" claudio@ as a temporary fix.
|
|
|
|
which effectively caused the config file to be ignored. So move
parse_config() back after create().
OK deraadt@
|
|
Tested by many (thanks!)
Feedback & OK rob@
|
|
Moving the certs out of the relay struct will help to add multiple SNI certs.
Tested by many users (thanks!)
Feedback & OK rob@
|
|
"bgpctl reload" that ipsec/md5sig and "export none/default-route"
only take effect when the session is reset. sounds good to claudio
|
|
and the loop passed all attributes known by bgpd. Saves about 80% of
time in up_generate_attr().
OK phessler@
|
|
Fixes adding network 0.0.0.0/0 after network inet static.
OK phessler@ benno@
|
|
an absolute value and fix poll loop to first generate messages and
then compute poll flags the write cases. This makes the timeout
workaround for constraints unneeded. ok reyk@ tb@
|
|
vmctl had a CLI-style syntax (bgpctl-style) for a short time but I
changed it back to a more suitable getopt syntax. I replaced the CLI
tokens to getopts flags but didn't consider swapping the order of
command options and arguments to be more UNIX-like again ("vmctl
create disk.img size 10G" simply became "vmctl create disk.img -s 10G").
This changes "create", "start", and "stop" commands to the commonly
expected syntax like "vmctl create -s 10G disk.img".
Requested by many
OK mlarkin@ kn@ solene@
|
|
with once the clock is synced. ok deraadt@ florian@
|
|
Relays cannot have the same name or listen address. If a listen
address is specified multiple times, the parser expands the
configuration into multiple relays automatically.
OK rob@
|
|
Pass the *env as an explicit argument instead of using the global
pointer: The relay_load_certfiles() function is called early before
the *env is set up. This does not change anything in the current code
as *env is not used by anything in the function (not even
ssl_load_key() that is taking it as an argument) but it will be needed
by upcoming changes for SNI.
Ok rob@
|
|
to be picked up after a reload.
With and OK jmc@, sthen@
|
|
hit a race frequently where a session ended up with no key/SPI in the kernel.
Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE
the code is adding a new one then removing the old one.
Also make sure keys are correctly cleared when peers are deconfigured.
May not be perfect but a lot better than what was there before.
Tested by and OK sthen@
|
|
Noticed by sthen@
|
|
as discussed with sthen@, code slightly adjusted
|
|
Remove the scratch register (8250s don't have this), and reorganize
some constants to be able to more easily support more than one serial
port in the future.
ok deraadt
Diff from Katherine Rohl, thanks!
|
|
If the time is wrong, we cannot validate dnssec, leading to failed
DNS lookups, so we cannot adjust or set the time. Work around this
by repeating a failed DNS lookup with a lookup with the DC (check
disabled) bit set. ok florian@
|
|
These never got unset on AMD/SVM guests when booted via vmctl start
-b causing them to run very slow
ok mlarkin@
|
|
if something changed in register A.
when updating register A we were checking in register B if the
PIE bit was set in order to decide if rtc_reschedule_per needed
to be called. if that bit was changed then the timer rate would
already have been adjusted by rtc_update_regb so the call from
rtc_update_rega is not needed.
this now matches what qemu and other emulators are doing too.
ok mlarkin@
|
|
getpeerbyid() gets a lot quicker at finding the peer when many peers
are configured. In my test case the difference is around 20% runtime.
OK denis@
|
|
this lets me configure a custom gre protocol on a dell s4810 or
s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
|
it's much simpler now that md5 is entirely gone
|
|
|
|
OpenBSD::Ustar gained support for xhdr.
|
|
|
|
reads OK to kn@
OK denis@
|
|
with EVP_CIPHER_CTX_new() and releasing them with EVP_CIPHER_CTX_free().
ok sunil@ and millert@
|
|
OpenSSL, so use that one instead to reduce delta in portable branch
|
|
X509_STORE_CTX_get_error() function instead
|
|
|
|
|
|
|
|
as an argument. This way getmonotime() can be called once at the start
of looping over all peers instead of twice during the loop.
Makes a big difference with many peers.
OK florian@ sthen@
|
|
we could find the dependency in another version of the
the same package first, and error out (see
special case found_in_self).
|
|
of MRT TABLE_DUMP_V2 dumps. It only works with TABLE_DUMP_V2 dumps on other
table dumps the neighbor of the first entry is printed since those table
dumps don't have a neighbor table.
OK sthen@ benno@
|
|
OK sthen@ benno@
|
|
(File access is needed through the course of a run depending on which options
are configured - e.g. for DNSSEC root keys, hints and zone files).
Based on a diff from, and ok with, mestre@
|
|
paused takes priority over running; running takes priority over disabled
ok mlarkin@ pd@
|
|
private key data. We leave the corresponding freezero() calls since
the code might be ported to a system not having the conceal functions.
This also makes sure the stdio bufer is concealed. And zap a
redundant free(buf); ok gilles@
|
|
to crash vmd and take all other vms with it. this required a little
shuffling to get the error value reported back to the caller to
handle the error properly.
ok mlarkin@
|
|
fixed the root cause in mda_variables.c months ago independantely but we're
still carrying this diff which is not only unnecessary now, but is also the
cause of a bug with mailer-daemons going through an LMTP mda.
issue reported by otto@
|
|
ok guenther@, claudio@
|
|
type I and II share their GRE protocol, but you tell them apart by
checking if a sequence number is used. type I does not use a sequence
number and contains a bare ethernet frame. type II contains a
sequence number and a shim header that is already handled by the
code.
tested with a Dell S5048F-ON and an encapsulated remote port mirror setup.
|
|
Define a local definition of LOADADDR() instead of pulling in
machine/loadfile_machdep.h. vmd -b requires the addresses to be masked
and the new bootloader no longer does that.
OK pd@ kettenis@
|
|
OK denis@ benno@
|
|
From Anton Borowka.
ok sthen
|
|
"disabled" in this context might imply it being broken or otherwise unusable
prompted by and ok mlarkin@
|
|
OK remi@
|
