| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This will help prevent machines loading outdated roa-sets.
OK claudio@
|
|
|
|
OK claudio@
|
|
Fix a NULL-derference found by jasper@ with AFL++ (port coming soon!).
ok jasper@
|
|
optional expires timestamp. The rtr process is walking the roa-set every
5min and removes every prefix that is expired.
With this stale RPKI data will slowly disapear and not linger around.
OK job@
|
|
and --exclude to only fetch those files from the CA repositories.
OK job@
|
|
Discussed with mlarkin@. These functions were implemented but never
used. While in vmd.h, fix the order to match current vmd(8) reality.
|
|
Found by job@
|
|
|
|
OK tb@
|
|
|
|
Match bpftrace behavior.
|
|
|
|
|
|
|
|
consistently.
OK benno@
|
|
|
|
|
|
Arithmetic operator should now behave as expeted and tests can now be written
without superfluous parenthesis, for example:
syscall:select:entry
/($1 == 0) || (pid == $1)/
{
}
Can now be written:
syscall:select:entry
/$1 == 0 || pid == $1/
{
}
While here improve filter debugging support.
|
|
Thanks to Ben Maddison for helping create a test case
OK claudio@
|
|
OK deraadt@
|
|
Based on a diff from and ok dv@
|
|
viornd did not mask the descriptor value in the avialable ring
allowing guest values to read past the end of the descriptor table.
While here, change fatal to fatalx because errno is not set.
Reported by Ilja van Sprundel
ok mlarkin@
|
|
Guest can cause out of bounds read with a malformed descriptor. In same
loop, also fix a chunk size calculation.
Reported by Ilja van Sprundel.
ok mlarkin@
|
|
If {c,m}alloc fail, info could be NULL and result in NULL deref.
Reported by Ilja van Sprundel.
ok mlarkin@
|
|
Reported by Ilja van Sprundel.
ok mlarkin@
|
|
Used originally to aid dev. Unneeded.
ok mlarkin@
|
|
|
|
|
|
Change the default -w from 5 to 3 seconds, reducing the time it waits
for a response. John proposed using 1 second for this, but several
of us are familiar with networks where that would be likely to
remove hops, 3 seems reasonable and still saves 6 seconds on a
non-responding hop (there's always mtr if you need faster output).
Feedback from various, ok phessler@ kn@ florian@
|
|
|
|
From Scott Bennett, thanks!
|
|
ok claudio@
|
|
|
|
|
|
if all possible sources have been used to ta_fetch() this simplifies the
logic in the rsync and http done cases.
Additionally when -R is used, skip https URI and only connect via rsync.
If the TAL file has no rsync URI then the system will fall back to the
cache and not try https instead.
This makes -R a only use rsync flag.
With and OK job@
|
|
has a serial lower than what the client synced to last time. This could
happen if the CDN has a bad server that distributes old data.
Instead of falling back to a snapshot just ignore this case and consider
the repo synced. Hopefully the next run will bring everything back to normal.
OK job@ benno@
|
|
the sort of thing which should actually be used (a proper random string
rather than a common word, and especially not a common word that is the
default for much SNMP software). The example here is restricted to
127.0.0.1 but it's easy to adapt to something where it's more unsafe
so better not to give the example. ok martijn@
|
|
This caused listen on tcp lines to fail to parse.
OK sthen@
|
|
|
|
OK sthen
|
|
Suggested by schwarze@
|
|
This way we can have a global listen statement, but add an additional
listener on with different flags on specific interfaces (e.g. allow
snmpv2c on localhost for easier testing)
OK sthen@
|
|
This is a convenient shorthand for
listen on 0.0.0.0
listen on ::
and was already the default behaviour if no listen on statement is present.
This way it's easier to add additional listeners to the default (like trap
receivers).
Manpage feedback sthen@ schwarze@
Manpage OK jmc@
OK sthen@
|
|
Diff by jmc@, who can't commit right now.
Thanks.
|
|
The previous engineid was based aronud the engine boottime and a random
value, which gives problems when sending/receiving unacknowledged PDUs
(trapv2) over SNMPv3 with authentication enabled, which need a consistent
engineid across restarts to determine the correct user from the sender.
The new default engineid takes a sha256 hash (chosen for its longer output)
of gethostname(3) and places the first 27 bytes after the new format number
129. This should give us a very low probability of collisions, assuming
all machines have a unique name.
The other formats as specified in SNMP-FRAMEWORK-MIB (RFC3411) are also
supported as well as arbitrary formats in the range 128-255 for other
private enterprise numbers in hex format.
OK jmatthew@
|
|
- don't adjust the file object, just extract_to_fh
- for may_check_digest, explicitly pass the path instead of a file object
|
|
add $self->extract_to_fh, only for IsFile objects, so that they can be
written to a temporary file without needing to adjust the file object's name
|
|
- in both extract and tie, $self has the right file names
- move the possible creation of the directory into find_safe_dir (passing
state as the only parameter, since we have everything else in self), thus
getting rid of an XXX
should have zero effect on anything
|
