summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2015-04-06remove superfluous ';' in Received linesGilles Chehade
2015-04-06don't check this twice.Marc Espie
2015-04-06make pkg_info run slightly slower on distant packages, but do check thatMarc Espie
the info is signed and checked. after remarks from tedu@...
2015-04-06mark installed locations as "trusted" so that pkg_info does not check sigsMarc Espie
on them.
2015-04-06move signer_list up so pkg_info can use itMarc Espie
2015-04-05Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.xPhilip Guenther
reference. ok sthen@ jca@ deraadt@
2015-04-04gcc 2.x is deadPhilip Guenther
ok millert@
2015-04-04Show the remote labels in "ldpctl show lib" even if they are not installed ↵Renato Westphal
in the FIB. ok claudio@
2015-04-04Remove lo protection.Renato Westphal
There's no need to protect the 127/8 network on ldpd since this network is filtered before being sent to lde. If we receive a label mapping for this network, it won't be installed because lde has no nexthop for it, and thus the code will always fall into the LMp.13 case of the RFC "Receive Label Mapping" algorithm: the mapping will be recorded but not used. ok claudio@
2015-04-04Show the full LIB in the "ldpctl show lib" command.Renato Westphal
The LIB is a table where the router keeps all known MPLS labels. So, we should loop over all the received label mappings from all neighbors to show the full LIB. The lde_nbr_is_nexthop() function was introduced to verify if a lib entry is supposed to be installed in the fib (according to the fib entry's nexthop and the addresses advertised by the lib entry's nexthop). This is better than keeping track of lib<->fib entries with pointers and back pointers because it keeps the lib/fib structures independent of each other, which in turn makes the code less prone to bugs. OK claudio@
2015-04-04Remove unused parameter from adj_new().Renato Westphal
The adjacency holdtime is set in recv_hello(). OK claudio@
2015-04-04Give more detailed information on a couple of debug messages.Renato Westphal
2015-04-01Zero the tls cert/key length variables when inheriting a serverJonathan Gray
configuration for multiple listen statements in a server block. Otherwise httpd will crash when a listen statement with tls is followed by a listen statement without tls. Problem reported by Kent Fritz on misc. ok jsing@ looks good deraadt@
2015-03-31Do not iterate past the size of the array.Martin Pieuchot
Found by naddy@
2015-03-30Use getline instead of fgets to allow arbitrary line length inTobias Stoeckmann
configuration file. Also make sure that we fully parsed it. If not, avoid to start a half-baked syslogd. with input by and ok bluhm@
2015-03-29Most packets generate one line in tcpdump. For AH and RIP thereAlexander Bluhm
was an extra line without benefit. Remove the new-line in printf to make parsing easier. OK lteo@ mikeb@
2015-03-29make sure specialfiles get checked. Actual bug, got lost when moving toMarc Espie
extractible/tied files. Could have been mentioned earlier, the fix is obvious.
2015-03-28Add comment.Antoine Jacoutot
2015-03-28Add rcctl_err() which is a wrapper for _rc_err() with common rcctl(8) verbiage.Antoine Jacoutot
Add some explicit error messages while here. Prefer cat over cp/mv to edit rc.conf.local; this prevents creating rc.conf.local with mode 0600.
2015-03-28Avoid overflow on 32-bit time_t systems converting timeval to NTP time.Brent Cook
Original fix from Romuald Delavergne. ok henning@
2015-03-27f the parent builts up a list of replies for the child, it helpsDavid Gwynne
to readd the write event if there's still items on the list. this lets things that do a lot of requests in parallel (like npm) work betterer through a squid proxy using ident for auth. ok jmatthew@
2015-03-26Backout -DSHORTENED semantics by default for now, because it causedMatthias Kilian
too much problems with the recent changes to net/libnet (in combination with security/dsniff); the PKGSPEC changes. Some more suspicious pudate problems mentioned by landry@. ok sthen@
2015-03-26do not encourage random uppercasing;Jason McIntyre
2015-03-26pointers to slowcgi(8); from alexei malininJason McIntyre
2015-03-26Allow more characters in CGI environment variables as specified by RFCFlorian Obser
7230 and RFC 3875. sthen@ suggested to add a comment to explain where the list of characters is coming from. Found the hard way and initial diff from Tim van der Molen (tbvdm at xs4all), thanks! Some more allowed characters added by me. OK sthen@
2015-03-24instead of routing SIGHUP thru sighdlr_dns() which then ignores it,Henning Brauer
ignore it directly. no functional change. Rafael Neves rafaelneves at gmail
2015-03-24Missing free(3) in error pathGiovanni Bechis
ok benno@
2015-03-21Remove unused variables and functions.Renato Westphal
2015-03-21Remove interface finite state machine.Renato Westphal
In the name of simplicity, remove the interface FSM that was inherited from ospfd. In ldpd interfaces are just up or down, so keeping a FSM for that is an overkill. Now instead of calling if_fsm(), just call if_update() whenever a relevant event occurs (status change, address addition/removal). Additional notes: 1 - s/if_act_/if_/ 2 - Remove the IMSG_IFUP and IMSG_IFDOWN events. Now whenever an interface changes its state a IMSG_IFSTATUS event will be generated with the new status. kroute.c ldpd.h ldpe.c ldpe.h CVS: ----------------------------------------------------------------------
2015-03-21Don't try to send address withdraws to neighbors that are unreachableRenato Westphal
after an address removal in the system.
2015-03-21ldpd: Remove attached adjacencies whenever an interface is disabledRenato Westphal
for whatever reason. If one interface is disabled, the holdtimer of the attached adjacencies will eventually timeout after a few seconds. But there's no need to wait when we know that the interface is disabled. In these cases, remove the attached adjacencies to speedup the convergence process.
2015-03-21ldpd: Don't assign labels for BGP routes.Renato Westphal
Although RFC 5036 is not explicit about this, LDP should not assign labels for BGP routes. Doing that would be very resource consuming in some scenarios and unnecessary. The goal is generally only to establish LSPs among all PEs in the AS since LDP is not used as an end in itself but as a means to implement advanced solutions like MPLS L2/L3 VPNs. Some implementations (e.g. JunOS) go further and only assign labels for /32 loopback routes advertised in the IGP. If Inter-AS LSPs are necessary, BGP itself should be used for distributing IPv4 labeled routes (e.g. option C. of section 10 in RFC 4364).
2015-03-21Close extended discovery socket on exit.Renato Westphal
2015-03-18check for invalid disknamesTed Unangst
2015-03-17Initialize nameservers ports along with nameservers addresses.Jeremie Courreges-Anglas
Missing initialization, as hinted by lwres_conf_clear(). Not present in recent bind versions (the code has changed since). This fixes an erratic behaviour when no (valid) nameserver is configured in resolv.conf (dig / nslookup send requests to 127.0.0.1:48830). Problem reported by Pawel S. Veselov who also provided an alternative diff. ok crickets@
2015-03-15Prevent use after free.Florian Obser
While here unconditionally free clt and move declaration of server_inflight_dec() into server.c Found while investigating if (foo != NULL) free(foo) patterns pointed out by Markus Elfring. OK reyk
2015-03-15tzfile.h is an internal header that should never have been installed.Todd C. Miller
What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
2015-03-14Add missing #include <stdint.h> for SIZE_MAX.Todd C. Miller
2015-03-14remove unused 'cause' string when checking child statusBrent Cook
ok deraadt@
2015-03-14mention TLS HTTPS here also; ok bcookTheo de Raadt
2015-03-14rename rde_free_filter() to filterlist_free() and start using it outsideClaudio Jeker
of the RDE to free the filterlists. Also refactor common code to merge filterlists into its own function. Makes the code look nicer.
2015-03-14Move the command line options (mainly -d and -v) out of struct bgpd_configClaudio Jeker
into a own flag field since these can't be modified via a config reload. OK henning@ benno@ before lock
2015-03-14Move the code that adjust FIB priority when changed during a config reloadClaudio Jeker
from the parsing function to the merge_config function where it belongs. OK henning@ benno@ before lock
2015-03-14When removing interfaces in the RDE we also need to remove all the RDEClaudio Jeker
neighbors that are part of that interface or we open us up to use after free situations like the one found by sthen@. Diff makes sense sthen@
2015-03-13typoEric Faurot
2015-03-13remove the first comma from constructs like ", and," and ", or,": you can useJason McIntyre
"and" and "or" to join sentence clauses, and you can use commas, but both hinders reading;
2015-03-13delete useless comment about Open GroupTheo de Raadt
2015-03-13Missing free(3) in error pathGiovanni Bechis
2015-03-13Make sure that the debug messages include the neighbor ID so we hava a chanceClaudio Jeker
to know which neighbor caused the problems. While there make sure that all messages log roughly in the same way.
2015-03-12Set TERM if unset. Fixes some remote sysmerge usage by sthen@Antoine Jacoutot
ok sthen@