| Age | Commit message (Collapse) | Author |
|---|
|
millert@ thinks its useful.
|
|
|
|
* maxLength may not be zero or negative
* maxLength can't be lower than the prefixlength of ip_addr
* maxLength can't be higher than the maximum prefix length
OK claudio@
|
|
|
|
that splits the normal RIB linkage vs the adjrib-out linkage. This is
done to make a bit of space to put an extra add-path related id into
the struct without blowing its size over 128 bytes.
Long run this struct should be split up but the necessary changes are
too large right now so this is the 2nd best option.
OK benno@
|
|
add-path information will be dumped properly.
There is one bit where this implementation is not in line with the RFC.
The encoding of DUMP_V2_RIB_GENERIC_ADDPATH for non IPv4 or IPv6 prefixes
is implemented the way gobgp did it (which seems to be the only other BGP
implementation that supports generic encoding). The RFC puts the path_id
in the NLRI for generic encoding instead of adding it to RIB entry struct
like in the IPv4 and IPv6 encoding. This is an open discussion point with
the RFC author.
OK benno@
|
|
to dump add-path enabled systems because the NLRI format changes based
on the add-path capability and there is no way to know which format is
in use so new message types had to be added.
Also extend the ctl_show_rib structure to include the path_id.
OK benno@
|
|
This allows to send more then 255 bytes of optional parameters. With this
it is possible to send more capabilities. bgpd will switch automatically
to the new extended lenght format if needed but by default the old 1 byte
param length encoding is used to keep compatible with old systems.
OK benno@
|
|
client identifier (option 61). Some dhcp servers expect these options
and refuse to hand out a lease without them.
Need for vendor class identifier pointed out & tested by bket
Need for client identifier pointed out by sthen
Input & reads OK sthen (as part of a larger diff)
OK kn (as part of a larger diff)
|
|
"%s". Same for the output of relay_expand_http().
with and ok claudio@
Found by Cedric Tessier, thanks!
|
|
* "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to
use persistent connections (RFC 7230, section 6.3).
* "Host" is recommended to be in the front.
* "Accept-Encoding: identity" makes it clear to the server compression
encodings are not supported.
Based on suggestions from Julian Reschke.
OK benno@ claudio@
|
|
the bootloader. This is a no-op on architectures where such a filesystem
isn't needed.
ok krw@, deraadt@
|
|
|
|
|
|
Refactor config_setvm to directly return error code on failure
instead of returning -1 and setting errno. It was setting unsupported
values not defined in <errno.h>.
OK mlarkin@
|
|
Zap the obsolete dhclient.conf(5) supersede quirk while here.
Feedback OK florian
|
|
Remove legacy state handling on the ns8250 and virtio network devices
originally put in place before using libevent for async device
events. The vcpu thread doesn't need to process device data as it is
handled by the libevent thread.
This has the benefit of simplifying some of the message passing
between threads introduced to the ns8250 uart since both the vcpu
and libevent threads were processing read events.
No functional change intended. Tested by many, including abieber@,
weerd@, Mischa Peters, and Matthias Schmidt. (Thanks.)
OK mlarkin@
|
|
chroot (and privdrop) in the child procs at this point are all set and done so
pledge("inet id") promises are not required anymore.
analysis and OK @kn
|
|
priv_constraint_child() which is called before we reach pledge(2), therefore we
we don't need to unveil(2) that file nor having pledge("rpath") since it was
only required to read that same file.
OK kn@
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove the tls_init() call to not give the impression of it being needed.
Feedback tb
OK Tests mestre
|
|
from PCI Code and ID Assignment Specification
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of
it being needed.
Feedback tb
OK Tests mestre
|
|
Input from deraadt@, tb@, claudio@
OK deraadt@ claudio@ tb@
|
|
to the latter two (table-mp and table) to be only available for
compatibility. People should really only use table-v2 since it is
the only method which will properly dump everything.
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
|
|
ok millert@
|
|
|
|
Default is now to attempt RRDP first, then try RSYNC.
If problems show up, return to rsync-only behaviour with -R, and file a report.
ok claudio
|
|
and fragment number components instead of printing the whole field in decimal.
ok sthen@ kn@ jca@
|
|
|
|
|
|
refactor the code into figuring out simple updates: if we don't have
any @execs but just @tags, we can probably do something simpler wrt
temporary files and temporary filenames, which should speed up texlive
updates significantly.
(the tempfile code is not there yet, just the check for safe updates)
|
|
in flame graph. Only when both kernel and userland are displayed,
the whole picture of system activity becomes clear. Fixes a parsing
bug in the flame graph tool where userland time was interpreted as
invalid kernel stack.
OK kn@
|
|
ok deraadt@
|
|
|
|
|
|
far better in the manual pages
ok jmc
|
|
network commands). Instead of passing the peer as argument to the tree
walker just default to peerself in network_flush_upcall().
OK benno@
|
|
everywhere.
OK benno@
|
|
switch statement. This way common code is referenced only once.
OK sthen@
|
|
are processed in the Adj-RIB-Out this is no longer needed since the passed
in pointer is still referenced and is not allowed to be freed.
Adjust the mrt code similar to how up_generate_attr() uses aspath_deflate().
OK sthen@
|
|
because it included two extra bytes (copy-paste error from graceful restart).
|
|
BEGIN and END use a fake dt(4) event, so in order to use the nsecs
var or time() it needs a timespec set. Init for BEGIN and update
at END.
ok mpi@
|
|
ok millert
|
|
ok kettenis
|
|
recorded as a new dependency. Even though ForwardDependencies normally
takes care of that, with tags, this is not enough.
(this happens only because libexecinfo was a "tight" dependency, thus
resulting in a large UpdateSet, and when some of the objects did require
tags in the new package, and when the order of things meant that BaseSystem
was considered a bit early).
Since there's no handle at this point, a dirty but efficient test vs
BaseSystem will do (which is not a valid normal package name anyhow)
tested to fix the obnoxious warning landry@ saw, which I was able to
reproduce on a box...
|
|
The original implementation of the virtio network device assumed a
driver would only provide a 2-descriptor chain for receiving packets.
The virtio spec allows for variable length chains and drivers, in
practice, construct them when they use a sufficiently large MTU.
This change lets the device use variable length chains provided by
the driver, thus allowing for drivers to set an MTU up to the
underlying host-side tap(4)'s limit of TUNMRU (16384).
Size limitations are now enforced on both tx and rx-side dropping
anything violating the underlying tap(4) min and max limits.
More work is needed to increase the read(2) buffer in use by vmd
to prevent packet truncation.
OK mlarkin@
|
|
The old defaults are just not sane anymore.
OK sthen@
|
|
things:
- Only allow SNMPv3 by default. SNMPv1 and SNMPv2c can be enabled by
setting the new snmpv* flags on the "liston on" statements.
- Remove the default community names. They're not secure to use.
- Change the default seclevel to enc.
Initial idea, help from and OK sthen@
|
