| Age | Commit message (Collapse) | Author |
|---|
|
The parent process forks child processes and re-exec each of them with
an additional "-x <proc>" argument. During the early setup phase, the
parent process sends ipc socket pairs to interconnect the child
processes as needed, and it passes the queue encryption key to the
queue if necessary. When this is done, all processes have their
environment set as in the fork-only case, and they can start doing
their work as before.
ok gilles@ jung@
|
|
ok deraadt jca
|
|
|
|
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
|
|
requests lacking "HTTP/<version>".
This makes it more obvious that httpd(8) does not attempt to support
HTTP v0.9 (circa 1991), when "GET <url>\r\n" was valid.
ok millert@ florian@
|
|
The name cache walking code got adapted to the new name cache layout.
Along with the previous commit, procmap is now able to map a vnode
to a filename as long as it is in the name cache.
"nice stuff" deraadt@
|
|
This gives ddb access to the symbols of the kernel running inside the VM.
ok mlarkin@
|
|
|
|
Otherwise procmap interprets the uvm_vnode contents as a vnode,
yielding bogus values. This should cure the
"procmap: invalid address (ffffffffffffffff) == -1 vs. 656 @ ffffffffffffffff"
error messages that appear sporadically.
ok deraadt@
|
|
|
|
|
|
jmc, ok benno claudio
|
|
|
|
this isn't the kernel.
requested by deraadt@
|
|
|
|
For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
|
|
|
|
|
The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope
(function).
All extern variables are now declared in header files to avoid unnecessary
duplication.
This patch also cleans up the indentation of all function prototypes
and global variables.
|
|
|
|
|
|
In addition to that, print "exp-null" instead of "0" or "2".
|
|
bzero(), bcopy() and bcmp() were deprecated in POSIX.1-2001 and removed
in POSIX.1-2008 in deference to memset(), memcpy() and memcmp().
|
|
|
|
|
|
This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.
|
|
Nothing really interesting here.
|
|
|
|
|
|
|
|
If we lose a route and all of its associated labels, then there's no
point on keeping an entry for it in the LIB.
|
|
Whenever we lose a route, unset the local label. If the same route is
learned again later, allocate a new label for it. No need to be economic
with labels, it's not worth the added complexity.
|
|
This allows ldpd to start on a system without any IP address and bind
to the transport-address successfully. Without this patch, we'd need to
monitor the new addresses from the kernel and create the network sockets
only when the transport-address is available in the system.
|
|
Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
|
|
|
When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.
|
|
|
|
We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.
|
|
|
|
|
|
Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
|
Right now we use three network sockets in ldpd:
* the discovery socket (udp+mcast);
* the extended discovery socket (udp);
* the session socket (tcp).
When we introduce IPv6 support, we'll get three more sockets. In order
to prevent code duplication in the future, add a specialized function
that creates a socket according to the given type (and address-family
later). This also improves readability because it makes it easier to
see the differences between each socket.
|
|
|
|
I screwed up everything... trying to fix now.
|
|
IPv6 support is coming and we don't want to pollute the interface.c file
with too many of these helper functions.
Also, rename these functions from if_set_* to sock_set_*.
|
|
|
|
|
|
The F_MAP_PW_ID flag is only set for PW-ID mappings, which means that we
were ignoring all label withdraws and label releases for non PW-ID FECs.
|
|
During the setup of a pseudowire, it might change its parameters
(e.g. control-word) once the negotiation with the remote peer is done.
|
|
|
