| Age | Commit message (Collapse) | Author |
|---|
|
is added/deleted.
Fix endianess issue in rt_match_origin().
ok claudio@
|
|
|
|
|
|
(NUL terminate buffers, duh!)
with suggestions from oga@
"please commit" jacekm@, ok gilles@ oga@
|
|
1) kill the ssmtp keyword in "ssmtp listen on ...";
2) kill the use keyword in "... use certificate foo";
3) tls no longer implicit, user must explicitely use the tls or smtps option.
4) for "relay via", move the tls/smtps options to right after the
port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo"
accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo"
accept for all relay via "mx.bar.com" tls
ok gilles@
|
|
populated. Intra-area routes only for now.
"I see no obvious issues. Should go in so you can move forward" claudio@
|
|
we never entered this code path before. This is just a temporary fix.
The kroute code desperately needs a sync to ospfd.
"Looks sensible to me" jsing@, "Yes and yes" claudio@
|
|
"consistency is a good thing" jsing@, ok claudio@
|
|
requested by jmc@
|
|
Tweak some outputs and put interesting messages into sysmerge.log.
export the NEED_NEWALIASES variable.
inputs from and ok sthen@
|
|
|
|
this is required to run multiple instances of ospfd.
ok claudio@
|
|
|
|
would stop comparing files.
breakage reported by and ok naddy@
|
|
|
|
|
|
worthy post run information instead of spreading info into several
files. Tweak some output while here.
Enchance description for the -S and -X options; thanks to sthen@ and
jmc@ for finding the correct wording... it was not as easy as it seems.
Fix a typo in the man page, spotted by jmc@
ok sthen@ jmc@
|
|
|
|
prevents smtpctl from choking and allows it to work with more mua's by
default.
spotted and added to my todo list by oga@
|
|
That way, you can edit the new domain Makefile before using it,
in particular to change variables like DIR and UNSECURE.
from ajacoutot@ with message tweaks and documentation updates by myself
"I like this" otto@
|
|
imap, mostly) to provide "username1\0real_username\0password" as your
base64 encoded string for authentication. We currently don't handle
that, instead expecting the first byte to be a NUL. So fix that up by
scanning for the first string, and ignoring it if it's there. The string
is also stupid in that the last bit (password) may not be NUL
terminated, so pay attention to that in our decoding and make sure that
it's always terminated correctly.
It's been discussed, and this decoding really should happen in the
unauthenticated process, not in the privileged one, but that is another
diff.
Problem found by todd@, who kindly helped me debug this and confirmed
that it now works with kmail, mutt and thunderbird.
"if it makes more stuff work, please commit" jacekm@.
-0- - not a smtpd hacker and I resent your implication.
|
|
server certificates when connecting as an SSL client from relays. it
works so far, but needs more testing and is currently lacking support
for certificate revocation (like CRL or OCSP). the file ssl_privsep.c
is extended to implement more code that should be in openssl to allow
loading the ca from chroot...
|
|
From Padcal Lalonde, closes PR 6114
|
|
From Pascal Lalonde, closes PR 6112
|
|
now sit between two SSL connections (Oitm - OpenBSD-in-the-middle),
accept SSL connections and forward to TCP, accept TCP connections and
forward to SSL, and do TCP to TCP of course.
This was tested by some people a while ago.
|
|
correctly (anchor names with characters after the terminating NUL byte
are considered invalid).
Thanks to camield@
|
|
|
|
allocations fails.
looks right deraadt, krw
ok henning
|
|
running.
Issue spotted and diff tested by Steven Surdock.
ok claudio@
|
|
with deraadt@, mcbride@, and mpf@ it is obvious that a hmac doesnt make
sense for pfsync.
this also firms up some of the input parsing so it handles short frames a
bit better.
|
|
This implements the first stage of the shortest path tree calculation
(Dijkstra calculation) as outlined in rfc5340, with the exception that
we do not yet treat multiple router LSAs originated by a single router
as an agregate. For now, we only use the Router LSA with the lowest link
state ID.
For each destination, show the calculated set of nexthops in the debug log.
We can stop doing this once spf tree calculation has been shown to be stable.
"A lot of debug code but yes why not. commit it." claudio@
|
|
last commit. Next hop IP addresses and outgoing interfaces can now
be correctly determined, paving the way for SPF tree calculation.
Arguments have changed, so update callers, too.
ok claudio@
|
|
next-hop calculation.
In OSPFv3, next-hop IP addresses are always link-local.
The kernel will want to know which interface the link-local
address belongs to, so we need an ifindex in struct v_nexthop
in addition to the IP address.
Because we cannot determine a link-local next hop IP address
for transit networks, only the outgoing interface will be recorded.
Update calc_nexthop_add() according to the above.
Also add new helpers calc_nexthop_lladdr() and calc_nexthop_transit_nbr(),
to figure out link-local addresses of nexthop neighbours.
ok claudio@
|
|
A router vertex w has a point-to-point link back to a router
vertex v if v's router ID occurs as neighbour ID in one of the
point-to-point links described in w's router LSA.
A router vertex w has a link back to a network vertex v if the router
ID of v's advertising router (i.e. DR) occurs as neighbour ID in one
of the transit links described in w's router LSA, and v's interface
ID to the network matches the neighbour interface ID of that transit
link.
A network vertex w has a link back to a router vertex v if v's router
ID occurs in the list of attached routers in w's network LSA.
Also, get_rtr_link() and get_net_link() take an unsigned int now.
"commit it" claudio@
|
|
use less local variables. Makes it consistent with get_rtr_link().
ok claudio@
|
|
it was always returning the first link in the LSA, no matter
which link was requested. Fix this bug. Also, decrease the
number of local variables while here, and convert the idx argument
to unsigned int. Adjust one caller to pass an unsigned int,
other callers will be handled in follow-up commits.
ok claudio@
|
|
pointed out by and ok claudio@
|
|
LSAs originated by the same router the one with the lowest link
state ID.
ok claudio@
|
|
are subtracted from the total length.
ok claudio@
|
|
Most obvious use is to log router IDs.
To facilitate logging of multiple IDs within the same format string,
we use NUM_LOGS static buffers, just like log_sockaddr() does.
help and ok claudio@
|
|
can make use of it much better. No functional change.
ok claudio@
|
|
In Network-LSAs, the only thing sitting between the LSA header
and the attached router list is the options field. We already
have lsa_net_link to represent elements of the attached router list,
so there's no need to have a single entry of this list in lsa_net.
ok claudio@
|
|
Make this a more general concern about using 0 as key id. After discussion with
Tamas TEVESZ
|
|
Calculate offsets with a struct lsa_net_link pointer instead.
ok claudio@
|
|
in hello packets by next-hop neighbours. So when notifying the
RDE of a new neighbour, send the source address, too.
ok claudio@
|
|
It printed iface_id as the neighbour's interface ID, but iface_id is
in fact the ID of the advertising router's interface being described.
ok claudio@
|
|
|
|
ok stsp@
|
|
when a "special" file has been installed (e.g. master.passwd) but
sysmerge was interrupted: we now run the corresponding command
right after installing the file and not at the end of sysmerge run.
When DESTDIR is set and a new aliases file has been installed, try
to run newaliases from chrooted DESTDIR.
input from and ok sthen@
|
|
and route labels.
ok claudio@
|
