| Age | Commit message (Collapse) | Author |
|---|
|
ok sthen@, tb@
|
|
should count through AS_SET boundaries, in other words the path
1 2 3 { 4 3 5 } 3 3 7 has an as-seq count of 4, before it was just 2.
OK benno@
|
|
extract the rightmost AS of a segment if the segment is not an AS_SET.
Then if we hit the final segment as will contain the last aggregator AS.
This fixes a possible issue with a path like 1 2 3 { 4 5 } { 6 7 } which
should match for source-as 3.
OK benno@
|
|
use the rightmost AS from the previous AS path segment. As suggested in
rfc6472. Also fix a long standing bug of AS 42 >< 4242 matching 43 - 4241
instead of 1-41 and 4243 and upwards. Last but not least pass the filter_as
struct to as_compare since that will make it easier to implement as-sets.
OK benno@, OK job@ on a previous version
|
|
was the same size)
|
|
runner makes progress and does not get hold back by poll sleeping at
the same time fds are still serviced first if they have data pending.
|
|
AS_PATH with a AS4_PATH and are therefor fairly special.
|
|
that and start listening for failure reports.
|
|
constraints process), and /usr/sbin/ntpd "x" to perform fork+exec operations.
|
|
ok claudio@
|
|
directory for placement. We can only protect the directory case,
since the file_prefix+sig+id case is too large to enumerate.
|
|
ok florian
|
|
|
|
takes a flag if it is large or not. Makes code more reusable.
|
|
|
|
|
|
heavy bits into the background and so the RDE is able to process new
messages more or less instantly after a configuration reload.
Not all cases are covered yet but the bulk is.
While the backgorund process is running no new config can be loaded.
Tested by and OK benno@
|
|
ok claudio@
|
|
(that decides whether rarpd should reply), and /etc/ethers "r" for
debug reporting.
|
|
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes. Also unveiled in the privsep process are
the specific log files being written to.
If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away). If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed. The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.
Help from bluhm for some edge cases.
|
|
The new vm_checkaccess() call didn't account for the vmboot case.
OK ccardenas@ mikeb@
|
|
Found by mikeb@
|
|
|
|
The infrastructure no longer uses -Dunsigned, but TRUSTED_PKG_PATH,
which narrows the source of unsigned package to a single place, and
thus is less hazardous.
|
|
log updates|all
with
log state changes
log host checks
log connection [errors]
The first two control the logging of host check results: either changes in host state only or
all checks.
The third option controls logging of connections in relay mode:
Either log all connections, or only errors.
Additionaly, errors will be logged with LOG_WARN and good connections
will be logged with LOG_INFO, so they can be differentiated in syslog.
ok and feedback from claudio@
|
|
a password and that way it would log it when the daemon is ran in verbose mode.
Hint and OK claudio@
|
|
it. We should not trust this input too much as found by Pierre Emeriaud.
OK benno@
|
|
|
|
|
|
|
|
be shortened by 1.
OK florian@
|
|
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
While here also scramble pledge promises to their canonical form.
OK florian@
|
|
|
|
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
OK florian@
|
|
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
OK akoshibe@ florian@
|
|
that not deleting the unix control sockets cause no harm and this way we close
another attack surface by not allowing the daemon to create/delete any more
files.
tweak and OK florian@
|
|
harm if not deleted after the daemon is shutdown and at the same time we also
tackle another attack surface by not allowing the program to create/delete
any more files (by removing "cpath" promise from pledge(2)).
Discussion initiated by a question from deraadt@ OK florian@
|
|
On the other hand it is much more powerful to get rid of cpath; rad is
no longer allowed to change anything on the filesystem.
Triggered by mestre@'s work to fix unlinking in other daemons and a
question from deraadt@
OK mestre
|
|
|
|
|
|
|
|
From Ross L Richardson, thanks
ok millert@
|
|
From Ross L Richardson
ok millert@
|
|
ok millert@
|
|
From Ross L Richardson
|
|
From Ross L Richardson
|
|
struct prefix will be slowly becomming the hub of the rib.
OK phessler@ job@
|
|
output directory). If prefix isn't a directory, that would require
enumerating all prefix<sig>.<id> filenames and unveiling all of them
which isn't reasonable... for the file case can we identify whether it
starts start with '/' or not, and unveil '/' or '.' for "w"?
|
|
before unveil/pledge.
|
|
Walk each rib at most once and push it from there to all RIBs or peers
that need the update. Makes the logic more streight and so easier to run
in background.
Tested by and OK phessler@
|
