| Age | Commit message (Collapse) | Author |
|---|
|
|
|
with and OK tb@
|
|
OK bluhm@
|
|
various *d, *conf, *ctl files (where relevant) and simple;
also makes "man -k routing" more useful;
help from claudio and florian
ok claudio florian millert
|
|
|
|
OK tb@
|
|
|
|
Kill default_print_unaligned() and adjust default_print() to also work
with unaligned buffers. There is no need for two functions doing the
same thing.
Pass the right length in nsh_print to default_print(). Fixes on place
that makes tcpdump crash.
Reported by Peter J. Philipp (pjp at delphinusdns dot org)
OK mbuhl@
|
|
Now that we always inspect both locations if necessary, we can do away
with the loop and simply have the only caller call twice. Removes a
bunch of clever complexity and streamlines the code quite a bit.
ok claudio job
|
|
the same time. So in case of a valid crl pass the CRL filename as entity
message to the parent process together with the MFT. This way the MFT and
CRL end up both in the valid cache even if some files in the MFT are missing.
On severe errors (like X.509 verify errors) the CRL is not moved since it
is not considered valid.
With and OK job@, tb@
|
|
Found by codechecker.
ok dv@
|
|
Now that we always try to load the CRL from both locations, we can deal
with loading the DER directly in proc_parser_mft_pre(), so shuffle the
code around to accomplish that. This should make an upcoming diff by
claudio a bit simpler.
ok claudio
|
|
ok jmc
|
|
This change makes proc_parser_mft_pre() -> parse_load_crl_from_mft()
search in both DIR_TEMP and DIR_VALID for a CRL with a matching SHA256
hash, increasing our chances of constructing a full publication point.
With and OK tb@ claudio@
|
|
The d2i functions are designed in such a way that the caller is responsible
to check if the entire buffer was consumed. Add checks on deserializing a
signed object to ensure the entire file has been consumed. Reject the file
if it has trailing garbage.
found by & ok job, ok claudio
|
|
|
|
|
|
|
|
- escape "An" as this is also a macro
|
|
Also drop largely irrelevant references like IPv6 and CIDR
(as we didn't reference IPv4 either), remove obsoleted RFCs and add
their successors.
|
|
GEN_OTHERNAME is the type of a GENERAL_NAMES, not of a DIST_POINT_NAME,
which needs naked numbers as there is no enum nor defines describing it.
claudio agrees
|
|
OK tb@ claudio@
|
|
ok job
|
|
Intel(R) does not appear in
cpu0: Intel Atom(R) x6425RE Processor @ 1.90GHz, 1895.90 MHz, 06-96-01
reported by patrick@ ok deraadt@
|
|
ok florian@ bluhm@
ok for vmd mlarkin@
|
|
eo the remote end. With this the RDE has a chance to finish config reload
before the session to a new peer is established.
OK tb@
|
|
sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend
on the RTR config reload (in contrast to the SE).
The ROA / ASPA reload is async from the RDE config reload.
OK tb@
|
|
With this the newbest and oldbest arguments can go since the infromation
is part of the rib_entry. Especially the prefix in the rib_entry is
always valid so simplify some code in various functions below to use
this information.
OK tb@
|
|
Simplifies up_generate_updates(), up_generate_addpath() and
up_generate_addpath_all() a fair bit.
OK tb@
|
|
discussed with job
|
|
stat numbers, just send the peerid and have the RDE response with the
stats. The control code will then merge these counters into the real
peer struct and send that to bgpctl. This reduces the number of bytes
sent around a fair bit.
OK tb@
|
|
|
|
vmd's SeaBIOS bootorder strings had hardcoded pci device ids, so
if a user added a network interface the bootorder strings didn't
line up with reality. Using vmctl(8) to boot from a cdrom (-B cdrom)
would fail, for instance, if attaching both a nic and a disk as
well.
This change scans the pci devices and finds the first of each type
to construct viable bootorder strings.
ok jan@
|
|
avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use
getaddrinfo(3) instead of.
ok millert@ florian@ kn@
|
|
OK bluhm@ deraadt@ jmc@
|
|
This makes the function definition match the prototype and silences a
clang-15 warning.
|
|
|
|
OK tb@ claudio@
|
|
|
|
|
|
with disabled pipex(4), because in such case npppd(8) successfully
establishes connection, but doesn't create corresponding interface, so
the traffic doesn't flow.
This is not applicable for pppac(4) interfaces, they work with disabled
pipex(4).
ok yasuoka@
|
|
|
|
but also reset the cache and start totally fresh. The RFC is exceptionally
vague about error handling but in most cases the cache state is enough
off after an error that a fresh restart makes most sense.
With and OK job@
|
|
OK claudio@
|
|
OK claudio@
|
|
On slower hosts, such as those in a nested virtualization scenario
of OpenBSD guest inside OpenBSD atop Linux KVM, ns8250 can cause a
race between the kevent firing and the vcpu being kicked by an
assert/deassert of the irq.
The end user experiences a "stuck" serial console and the host will
see a vmd process peg the cpu.
This change only toggles the irq if we were in a position of being
ready to receive data on the device so while the kevent might
continuously fire, the vcpu will not be kicked repeatedly.
OK mlarkin@
|
|
Use 2-byte ASnum encoding as a default when local-as/neighbor-as is used.
|
|
is auto-expanded or masked off.
Try to match against both 2- and 4-byte AS encoding and on insertion
check if expansion is actually possible and deny communities where both
community values are > USHRT_MAX.
OK tb@
|
|
Part of an ongoing effort to move userland-specific information out
of a kernel header and directly into vmd(8). No functional change.
ok mlarkin@
|
|
ports like "lang/chicken/core" do generate files like lang.chicken.core.lru
instead of lang.chicken.core (which can create confusion in people's mind)
do so transparently by reading the old file if need be, and removing it
afterwards.
Funny thing noticed by tb@
ok tb@, sthen@
|
