| Age | Commit message (Collapse) | Author |
|---|
|
People are now expected to use snmp(1) for all their snmp client needs.
"Go ahead" deraadt@
|
|
|
|
gets enlarged use an array of pointers, so pointers to struct rib entries
remain valid after adding new RIBs. Also remove the global ribs pointer
and rib_valid() since they are no longer used since all the code uses now
rib_byid() instead.
OK benno@
|
|
of the other. Just merge struct rib_desc into struct rib. Makes code simpler.
OK benno@
|
|
start. Favoring 'invalid template' over 'permission denied' should give
the user a better hint on what went wrong.
ok kn@ mlarkin@
|
|
- pdu header has 3 elements, not 4
- additional varbinds are optional.
This is needed to make ber_scanf_elements stricter.
Note that people using "trap handle" in their snmpd.conf and expect a trap
without additional varbinds to show the trapoid to appear twice will have
to adjust their "command".
OK rob@
|
|
become different or the #define's for the slots could diverge. To avoid
this, make one a copy of the other at runtime.
|
|
disk envelopes. smtpd used the Received and helo response format that isn't
valid in a relay url and looks wrong in logs.
spotted and tested ok@ by semarie
|
|
|
|
just noise.
OK claudio
|
|
were shown because of an inconsistent rpki database and is no real problem.
OK florian@
|
|
for this MIB in the first place, this has now been removed in ifq changes.
Since the MIB is marked as deprecated anyway, simply return 0. ok claudio@
|
|
much what this counter is for. For sure better than net.inet.ip.ifq.drops
which no longer exists.
Found by and OK martijn@ and OK sthen@
|
|
prefix_peer, prefix_vstate and prefix/prefixlen to the function. This removes
some ugly hacks in cases where the prefix was not available.
Also adjust the order of arguments of rde_attr_set() to match rde_filter().
OK benno@
|
|
the bgpd_config pointer passed to these functions. Luckily the affected
functions were not used outside of the SE. While there also use
getpeerbyid() to check if an peer id is in use instead of the rather
dumb linear loop.
OK benno@
|
|
Also in merge_config() it is no longer needed to reset the reconf_action
of the new peers to RECONF_REINIT. merge_config() is not called on
startup and so some of the initialisation of new peers did not happen
correctly.
This fixes the md5 integration test since the md5 initialisation did not
happen early enough.
|
|
|
|
ones that consist of a single dot.
OK gilles@
|
|
the destination is 224.0.0.5 (AllSPFRouters).
RFC 2328 sys in "9.5. Sending Hello packets" that hello packets are
sent to the multicast address AllSPFRouters on broadcast and physical
point-to-point networks.
With this new check the test for AllDRouters is not needed anymore.
ok benno@
|
|
of a planned change or something bad is happening in the network.
ok benno@
|
|
None of this code actually does TLS, hence libssl is not needed. Instead,
pull in the correct headers and call the appropriate libcrypto
initialisation functions (even this is only necessary to support OpenSSL
prior to 1.1).
While here also remove libssl/libcrypto initialisation/uninitialisation
from main() - it should only be necessary in proc_parser().
ok deraadt@ job@
|
|
truncate it and
write the challenge again. We can get asked to supply the same challenge multiple times.
bug found and patch tested by jmc@
patch discussed with, mangled and okayed by florian@
|
|
command that clears or starts a neighbor. This way an admin reset does
what people expect since it makes the session behave like a brand new one.
OK job@ deraadt@ sthen@
|
|
The implemented reverse exponential backoff results in very long times
until a session gets back to the initial hold values. Instead just wait
for the timer to fire once and reset the settings then. In most cases
the timer is double the IdleHold time (because of the way the backoff
is implemented) which is enough to ensure that fast flapping sessions
are punished.
OK benno@
|
|
server stays queued instead of being bounced.
Also improve getline(3) error handling and remove unreachable code.
OK sunil@ a while ago, "please get it in" gilles@
|
|
the certificate we were requesting.
This is no longer true in v2 and we have to free the amount of
challenges the server told us to fullfill.
OK benno
|
|
for about a year now but until we have had a release with filters and until
we bring back the feedback from that release into the protocol, we will not
be version 1 of the protocol.
|
|
envelopes created by sessions that had or did not have an rDNS:
match from rdns [...] action "local"
match !from rdns [...] reject
|
|
and leftovers from past commands shmseg/shmmaxpg/nmbclusters
ok kettenis
|
|
|
|
basically the transaction must be created in the proceed function for the
mail from phase, not in the checking function, otherwise the second pass
in the check function will fail due to the tx already existing.
reported by Niklas Hallqvist <niklas@appli.se>
|
|
|
|
related filters to be applied one after another
|
|
|
|
not true anymore.
|
|
|
|
log lines, fix
|
|
to specifically match a connection that happened through the local enqueuer
|
|
the creation of the mda process. in some situations, we can provide details
far more precise than just the strerror()
|
|
|
|
|
|
single proxy.c file, importing it to work in tree
initial work from Antoine Kaufmann <toni@famkaufmann.info>
|
|
not the proper place, also since helo uses valid_domainpart(), such a check
would have indirectly prevented last weeks errata.
|
|
the set of configuration keys is not yet finalized but the mechanism is all
we need for now to be able to release 6.6 with a stable api.
discussed with eric months ago
|
|
|
|
spotted by "mabi"
|
|
ending with a dot to be valid. add a check to make sure that if domain part
ends with a dot, it is rejected as it should.
issue reported by Hans Freitag <hans.freitag@conesphere.com>
|
|
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.
Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.
OK deraadt@
|
|
|
|
path_update to prefix_update since this is now more working on a prefix.
OK clang
|
