| Age | Commit message (Collapse) | Author |
|---|
|
with the fork messages.
OK tb@
|
|
DPADD bit pointed out by deraadt@
"No kidding" deraadt@
|
|
ok florian
|
|
Reduces the amount of copy-paste and makes things easier on the eye.
ok claudio job
|
|
here rework the text so it reads a little better;
ok deraadt
|
|
|
|
|
|
|
|
If multiple recipients are specified but only one is valid, use the
first entry in the recipient list for the Received: header, not the
value from the last "RCPT TO:" command (which could be invalid).
From Chris Waddey
|
|
OK miod
|
|
freed.
Should fix https://github.com/rpki-client/rpki-client-portable/issues/74
Reported by Ben Castricum
OK tb@
|
|
Having metrics depend on session state makes reporting more complex.
This now reports the number of seconds a session was up or down.
OK tb@
|
|
for peers that never managed to establish a connection.
OK tb@
|
|
Thanks Marco D'Itri for spotting them
OK claudio@
|
|
|
|
OK tb@
|
|
OK tb@
|
|
This uses `bgpctl show metric` to produce the payload.
OK tb@
|
|
This adds most of the generic code to output the metrics with labels
and implements some basic metrics. The code works but metrics may still
change.
OK tb@
|
|
|
|
Pointed out in the pref64 code, which was copied from here, by kn.
|
|
With this clients can learn the presence and used prefix for Network
Address and Protocol Translation between IPv6 and IPv4 (NAT64).
Apparently there is support in mobile devices as well as in macOS.
This option, together with the the dhcp "IPv6-only preferred"
option (108) enables the Customer-side transLATor (CLAT) on macOS so
IPv4 literals can be used in IPv6-only networks.
Input & OK kn
|
|
from josiah frentsos
|
|
which allows the client to bind as the subject of the certificate in cases
where the directory doesn't implicitly do that.
The client certificate is configured with 'certfile' and 'keyfile'
directives, and SASL EXTERNAL bind is configured with the 'bindext'
directive.
ok tb@
|
|
in ASN.1 as following: "version [0] INTEGER DEFAULT 0,". Each object
profile preamble contains "DEFINITIONS EXPLICIT TAGS ::=".
We didn't bump into any issue yet, because all Signed Objects are at
version 0, which means the field is entirely omitted (including the tag,
be it implicit or explicit). (From X.690 section 11.5: "The encoding of
a set value or a sequence value shall not include an encoding for any
component value which is equal to its default value.")
OK tb@
|
|
ok miod@ martijn@
|
|
ok miod@ claudio@ tb@
|
|
|
|
This is only required for the single fchmod(2) ensuring default permissions
which only happens in the -c code path.
OK millert
|
|
ok florian
|
|
|
|
Noticed by job@, OK tb@
|
|
Assignable PCIe devices have a root complex path and a more descriptive
I/O slot path; example output from a T4-2:
# ldomctl list-io | head -n2
PATH NAME
/@400/@2/@0/@8 /SYS/MB/PCIE0
ldom.conf(5) `iodevice' currently accepts PATH values, which are cryptic and
completely hardware specific, whereas NAME values are obvious (partially
same across machines) and match physical slot labels ("0 PCIe2 x8") besides
information from ILOM:
/System/PCI_Devices/Add-on/Device_0 location = PCIE0 (PCIe Slot 0).
Make ldom.conf `iodevice' accept either value; internally nothing changes.
Rename struct iodev's path member to dev to clarify this further.
OK kettenis
|
|
snmpd_metrics.
OK benno@ sthen@
|
|
Keydisks appear as chunks internally (with special properties) and
installboot(8) thus treated them like actual data chunks.
Most users probably don't hit this as their keydisk is detached and thus
appears "offline" and gets skipped.
Installing to online keydisks may work but is neither expected nor intended
to work, so properly skip them.
Odd setups like keydisk and CRYPTO chunk on the same physical disk would
end up installing getting bootblocks installed twice.
Pointed out by Mikolaj Kucharski <mikolaj AT kucharski DOT name> who also
provided the actual diff (minor wording tweaks by me)
OK jsing
|
|
|
|
-t succeeded this macro in 2004.
|
|
Write access seems less often required these days and other ways to ensure
effective read-only access are mere workarounds; worst case malicious users
can fill up the server's disk by writing to existing files.
diskless(8) only ever needs to read and running with "stdio rpath dns inet"
by default is much safer for a network daemon without any authentication.
Initially proposed as a new -R flag for read-only mode
new default suggestion dlg deraadt
"looks great" millert
OK sthen dlg
|
|
OK millert
|
|
Unless -t is used, this directory is not accessed in any way.
OK millert
|
|
reminded by jmc
|
|
Match rpc.{lock,stat}d(8) only having their proper name.
OK deraadt
|
|
This fixes installboot regress on octeon; same diff as
macppc_installboot.c r1.6, powerpc64_installboot r1.7 and
octeon_installboot r1.8.
loongson was the last architecture requiring this fix. I don't have a
machine to test it myself (loongson isn't built anymore, anyway) but given
the same diff works on four other architectures, this should just work.
|
|
This fixes installboot regress on octeon; same diff as
macppc_installboot.c r1.6 and powerpc64_installboot r1.7.
|
|
This fixes installboot regress on powerpc64.
The exact same diff already landed for macppc; efi also has the same fix
for md_init() but without the string handling cleanup that entails.
macppc_installboot.c r1.6 "Fix passing explicit stage files":
Using `stage1' leads to a bit more cleanup since early MI installboot.c
handles `-r', i.e. write_filesystem() no longer has needs to do the
fileprefix() dance itself.
OK gkoehler
|
|
Found the hard way by renaud <at> allard <dot> it
OK eric@, gilles@, millert@
|
|
IPv6 addresses have been formatted as "[address]" in envelope files
for years. This was supposed to be removed after the 6.6 release
but got forgotten. Noticed by kn@, OK deraadt@ kn@
|
|
|
|
|
|
ok deraadt
|
