| Age | Commit message (Collapse) | Author |
|---|
|
That way, you can edit the new domain Makefile before using it,
in particular to change variables like DIR and UNSECURE.
from ajacoutot@ with message tweaks and documentation updates by myself
"I like this" otto@
|
|
imap, mostly) to provide "username1\0real_username\0password" as your
base64 encoded string for authentication. We currently don't handle
that, instead expecting the first byte to be a NUL. So fix that up by
scanning for the first string, and ignoring it if it's there. The string
is also stupid in that the last bit (password) may not be NUL
terminated, so pay attention to that in our decoding and make sure that
it's always terminated correctly.
It's been discussed, and this decoding really should happen in the
unauthenticated process, not in the privileged one, but that is another
diff.
Problem found by todd@, who kindly helped me debug this and confirmed
that it now works with kmail, mutt and thunderbird.
"if it makes more stuff work, please commit" jacekm@.
-0- - not a smtpd hacker and I resent your implication.
|
|
server certificates when connecting as an SSL client from relays. it
works so far, but needs more testing and is currently lacking support
for certificate revocation (like CRL or OCSP). the file ssl_privsep.c
is extended to implement more code that should be in openssl to allow
loading the ca from chroot...
|
|
From Padcal Lalonde, closes PR 6114
|
|
From Pascal Lalonde, closes PR 6112
|
|
now sit between two SSL connections (Oitm - OpenBSD-in-the-middle),
accept SSL connections and forward to TCP, accept TCP connections and
forward to SSL, and do TCP to TCP of course.
This was tested by some people a while ago.
|
|
correctly (anchor names with characters after the terminating NUL byte
are considered invalid).
Thanks to camield@
|
|
|
|
allocations fails.
looks right deraadt, krw
ok henning
|
|
running.
Issue spotted and diff tested by Steven Surdock.
ok claudio@
|
|
with deraadt@, mcbride@, and mpf@ it is obvious that a hmac doesnt make
sense for pfsync.
this also firms up some of the input parsing so it handles short frames a
bit better.
|
|
This implements the first stage of the shortest path tree calculation
(Dijkstra calculation) as outlined in rfc5340, with the exception that
we do not yet treat multiple router LSAs originated by a single router
as an agregate. For now, we only use the Router LSA with the lowest link
state ID.
For each destination, show the calculated set of nexthops in the debug log.
We can stop doing this once spf tree calculation has been shown to be stable.
"A lot of debug code but yes why not. commit it." claudio@
|
|
last commit. Next hop IP addresses and outgoing interfaces can now
be correctly determined, paving the way for SPF tree calculation.
Arguments have changed, so update callers, too.
ok claudio@
|
|
next-hop calculation.
In OSPFv3, next-hop IP addresses are always link-local.
The kernel will want to know which interface the link-local
address belongs to, so we need an ifindex in struct v_nexthop
in addition to the IP address.
Because we cannot determine a link-local next hop IP address
for transit networks, only the outgoing interface will be recorded.
Update calc_nexthop_add() according to the above.
Also add new helpers calc_nexthop_lladdr() and calc_nexthop_transit_nbr(),
to figure out link-local addresses of nexthop neighbours.
ok claudio@
|
|
A router vertex w has a point-to-point link back to a router
vertex v if v's router ID occurs as neighbour ID in one of the
point-to-point links described in w's router LSA.
A router vertex w has a link back to a network vertex v if the router
ID of v's advertising router (i.e. DR) occurs as neighbour ID in one
of the transit links described in w's router LSA, and v's interface
ID to the network matches the neighbour interface ID of that transit
link.
A network vertex w has a link back to a router vertex v if v's router
ID occurs in the list of attached routers in w's network LSA.
Also, get_rtr_link() and get_net_link() take an unsigned int now.
"commit it" claudio@
|
|
use less local variables. Makes it consistent with get_rtr_link().
ok claudio@
|
|
it was always returning the first link in the LSA, no matter
which link was requested. Fix this bug. Also, decrease the
number of local variables while here, and convert the idx argument
to unsigned int. Adjust one caller to pass an unsigned int,
other callers will be handled in follow-up commits.
ok claudio@
|
|
pointed out by and ok claudio@
|
|
LSAs originated by the same router the one with the lowest link
state ID.
ok claudio@
|
|
are subtracted from the total length.
ok claudio@
|
|
Most obvious use is to log router IDs.
To facilitate logging of multiple IDs within the same format string,
we use NUM_LOGS static buffers, just like log_sockaddr() does.
help and ok claudio@
|
|
can make use of it much better. No functional change.
ok claudio@
|
|
In Network-LSAs, the only thing sitting between the LSA header
and the attached router list is the options field. We already
have lsa_net_link to represent elements of the attached router list,
so there's no need to have a single entry of this list in lsa_net.
ok claudio@
|
|
Make this a more general concern about using 0 as key id. After discussion with
Tamas TEVESZ
|
|
Calculate offsets with a struct lsa_net_link pointer instead.
ok claudio@
|
|
in hello packets by next-hop neighbours. So when notifying the
RDE of a new neighbour, send the source address, too.
ok claudio@
|
|
It printed iface_id as the neighbour's interface ID, but iface_id is
in fact the ID of the advertising router's interface being described.
ok claudio@
|
|
|
|
ok stsp@
|
|
when a "special" file has been installed (e.g. master.passwd) but
sysmerge was interrupted: we now run the corresponding command
right after installing the file and not at the end of sysmerge run.
When DESTDIR is set and a new aliases file has been installed, try
to run newaliases from chrooted DESTDIR.
input from and ok sthen@
|
|
and route labels.
ok claudio@
|
|
contains a matching entry, use that and refrain from accessing YP.
getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains
a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed
out by deraadt@: When YP was configured but temporarily unavailable, even
root login would block, hindering you when trying to do repairs.
To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@.
"commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
|
|
specific or we had to widen the peer specific flags without need.
defien PERRFLAG_TRANS_AS instead and use that
|
|
* constistency in redirections (and fix a wrong one)
* enclose variables
* several UPPER -> lowercase rewordings
* add "" on conditionals (suggested by jared r r spiegel a while ago)
* use cmp instead of md5 for sets comparison (from sthen@)
* some man page rewordings from sthen@
ok sthen@
|
|
corresponding to your current snapshot or release. Any file that was
modified between this old reference and the new one *and* that you did
not change locally will automatically be updated to the new version.
Make sure we don't compare files that have not changed between old and
new tarball (from Alexander Hall).
man page flushing, tweaking, rewording and enhancing from jmc@
Several people came up with this request or alike, thanks to them.
looked over and tested by several
ok weerd@
|
|
with address belonging to that prefix. Don't skip it.
ok claudio@
|
|
Now a default route have to be present in the fib to be correctly advertised.
Spotted and tested by Steven Surdok on ripd.
ok claudio@
|
|
|
|
|
|
architecture. it was silently creating broken code on other architectures.
|
|
|
|
was introduced in revision 1.7.
ok and log message by gilles
|
|
not to be taken into account if they had no ~/.forward file AND were the
result of an alias expansion that expanded to more than one username.
while at it, I spotted another bug where I would check T_MDA_MESSAGE on
the flags field instead of the type field. the bug could cause two MDA
message to end up in the same batch which is no longer valid.
|
|
acting as default.
per-neighbor requested by arnold nipper @ decix, ok claudio
|
|
|
|
ok jcm@
|
|
spotted and fix by Matthew Haub <matthew.haub@alumni.adelaide.edu.au>
|
|
to db file; ok gilles@
|
|
|
|
dumps that were wrong because of the 4byte AS support. Dumps I took seemed
to work so far. "Put it in" henning@
|
