| Age | Commit message (Collapse) | Author |
|---|
|
to misread.
as per suggestion by and OK deraadt@
|
|
|
|
This way config errors will be directly user visible on startup.
To do this split out send_config() out of reconfigure() which is
sending the config to the SE and RDE.
OK sthen@
|
|
the session engine expects and will allow to send out the config without
calling merge_config first.
OK sthen@
|
|
flag
ok claudio@
|
|
it's invoked with either -A/-C/-L, which at the time I left alone due to some
forbidden ioctls by pledge(2).
Now we have unveil(2) and this path can be further restricted by using it
instead of chroot(2) since this "sandbox" (not sure why people call sandbox to
about everything these days) can be escaped with *at(2) calls.
Since no filesystem access is needed here then we can disable its access by
calling unveil("/", "") unveil(NULL, NULL).
added /* no filesystem visibility */ as per suggestion by and OK deraadt@
|
|
route evaluation is modified. In both cases the softreconfig code will
now walk the RIB and ensure that everything is in proper sync.
Additionally remove 'route-collector yes|no' from the bgpd config, instead
use 'rde rib Loc-RIB no evaluate' with the benefit that you can alter
the setting now during runtime.
Tested and OK benno@
|
|
AGGREGATOR and AS4_AGGREGATOR are non zero. All other cases have already
been covered.
OK benno@
|
|
from the OPEN message) any other use of AS 0 is forbidden. This makes
templates work again without any extra unwanted config.
OK benno@
|
|
OK benno@
|
|
Brings various dhcp related daemons into line with
the common idiom.
ok florian@
|
|
to allocate virtual CPUs but not assign them to domains. This way you
can give domains exclusive access to a core without assigning all threads
of that core to the domain.
|
|
send_filterset() would result in a use after free because send_filterset()
frees the set after sending but network_bulk() runs in a loop.
|
|
and l3vpns instead of temporary globals. Also rework rde_reload_done to
free filters and sets earlier. The soft-reconfiguration process no longer
needs the previous filters / sets to do its work since there is a full
Adj-RIB-Out.
OK benno@
|
|
of sending them after e.g. the filter rule send them before. The benefit
is that the filterset is present when a rule is added and so the filter
rule is complete at that moment.
OK benno@
|
|
the crash is caused by a logic error leading to a fatal()
ok deraadt@ bluhm@ benno@
|
|
getnext value. Based on an older diff.
Reminded and tested by deraadt@
|
|
|
|
|
|
|
|
|
|
ldomctl(8)/ldomd(8) differs from the usual control/daemon setup since
ldom.conf(5) is never read by the daemon itself but the control program
only, so put it where it belongs.
While here, mention eeprom(8) for a list of OpenPROM variables.
Move prompted by kettenis
Positive feedback deraadt, "go ahead" kettenis
|
|
keep.
|
|
|
|
|
|
ldomctl(8) contains the entire format describing logical domain
configurations loaded with that tool. Entangle control commands and config
options by putting the latter into its own page.
The config options' descriptions stayed the same, only the EXAMPLE section
gained a bit wording.
Convert mdoc(7) macros `Ic =' to `Ns = Ns' and `Ic \&{ ... Ic \&}' to
`Brq ...' while here.
More improvements will follow in-tree.
OK deraadt
|
|
|
|
transaction so rename link-reset to tx-reset and only issue the smtp report
when a reset _actually_ has a side-effect.
note that rset is implicit on a message commit or rollback, so tx-reset get
issued even though there was no explicit RSET. the filters are MUCH simpler
to write when you don't need to track every event that can reset a tx :-)
|
|
Found by bluhm, thanks.
|
|
locked entry (rib or prefix) before removing the context else elements
may remain locked for the rest of the run time (which is equal to a
memory leak).
OK benno@
|
|
While the other protocols either require an explicit port (LTMP) or
correctly default to 25 for plaintext as well as STARTTLS, SMTP with forced
TLS never happens on 25, so default to the well defined standard instead.
Input and OK gilles
|
|
ok claudio@
|
|
- RFC 2034 Section 3 (item 4) requires that the status code is always followed
by one or more spaces. However, OpenSMTPD has a colon right after the status
code in many of the replies it sends.
- RFC 2034 Section 4 states: "When responses are continued across multiple lines
the same status code must appear at the beginning of the text in each line of
the response." However, OpenSMTPD only has the enhanced status code for the
last reply line it sends. Still, there is only one case in which it sends
such a multi-line reply: the HELP command.
diff from Stephan Bosch
|
|
Typo from r1.84 introducing the logmsg() wrapper.
OK deraadt
|
|
add a better framework for signal handling (not used yet)
|
|
in the default smtpd.conf and smtpd.conf(5) manual page. This
eliminates ambiguity in our documentation examples that can cause
confusion.
Input and OK deraadt@ schwarze@ kn@
|
|
|
|
make it easier to extend the rib definitions later on.
OK benno@
|
|
implement the missing bits to dump MPLS VPN prefixes in the table-mp
case. Missing support noticed by benno@ because of King Bula warning.
OK benno@
|
|
prefixes.
|
|
is off.
|
|
|
|
|
|
from the RDE. Make sure that all nexthops don't get removed in the FIB
when a FIB table is removed. This should only happen for the main FIB.
Remove F_RIB_HASNOFIB which is just confusing since there is already
F_RIB_NOFIB and F_RIB_NOFIBSYNC.
OK benno@
|
|
|
|
More readable, no binary change.
OK kmos
|
|
unveiled:
/ -> read, it will open config files from anywhere in the system
/dev -> read/write, in order to open /dev/tap* and /dev/switch*
hint and OK akoshibe@
|
|
Initialize stack variables directly instead of using global state in
between.
OK tedu deraadt
|
|
Just do it all the time.
|
|
|
