phessler [Tue, 25 Apr 2023 15:41:17 +0000 (15:41 +0000)]
When configuring a new address on an interface, an upstream router
doesn't know where to send traffic. This will send an unsolicited
neighbor advertisement, as described in RFC9131, to the all-routers
multicast address so all routers on the same link will learn the path
back to the address.
This is intended to speed up the first return packet on an IPv6 interface.
OK florian@
tb [Tue, 25 Apr 2023 15:34:07 +0000 (15:34 +0000)]
bn_mod_exp: temporarily add a prototype for BN_mod_exp_recp()
tb [Tue, 25 Apr 2023 15:33:25 +0000 (15:33 +0000)]
bn_test: temporarily add prototypes for reciprocal functions
This is a hack needed until bn_local.h is updated
tb [Tue, 25 Apr 2023 15:32:33 +0000 (15:32 +0000)]
bn_test: BN_one() will become void, so stop checking it
tb [Tue, 25 Apr 2023 15:30:03 +0000 (15:30 +0000)]
bn_primes: the NIST primes will go away, so remove their tests
tb [Tue, 25 Apr 2023 15:29:17 +0000 (15:29 +0000)]
The bio_asn1 test will need to be linked statically after the bump
tb [Tue, 25 Apr 2023 15:19:28 +0000 (15:19 +0000)]
Remove CTS test
tb [Tue, 25 Apr 2023 15:18:59 +0000 (15:18 +0000)]
CTS support will go away, so unhook corresponding regress
kn [Tue, 25 Apr 2023 14:48:16 +0000 (14:48 +0000)]
Do not attempt to write to read-only softraid
Bootloaders have no write support for softraid volumes, which manifests in,
e.g. /bsd.upgrade not being stripped of its 'x' permission bit to prevent
sysupgrade loops in case of upgrade failure.
Set a no-write flag handled by libsa to bail out early in write calls.
There should be no real behaviour change, writes just fail earlier now.
i386 BIOS. Crank minor.
Tested inside amd64 vmm.
kn [Tue, 25 Apr 2023 14:20:13 +0000 (14:20 +0000)]
drop empty lines around disk crypto '?' help text
kn [Tue, 25 Apr 2023 14:04:47 +0000 (14:04 +0000)]
Enable softraid(4) in the ramdisk kernel aka. make disk crypto install work
GENERIC, efiboot and installboot(8) all have softraid enabled, the manual
already documents boot support for riscv64, "just" bsd.rd lacks it.
(thought I had committed this months ago...)
SiFive HiFive Unmatched A00.
OK patrick
kn [Tue, 25 Apr 2023 14:00:35 +0000 (14:00 +0000)]
Do not attempt to write to read-only softraid
Bootloaders have no write support for softraid volumes, which manifests in,
e.g. /bsd.upgrade not being stripped of its 'x' permission bit to prevent
sysupgrade loops in case of upgrade failure.
Set a no-write flag handled by libsa to bail out early in write calls.
There should be no real behaviour change, writes just fail earlier now.
sparc64 ofwboot. Crank minor.
Tested on T4-2 guest domain with root on softraid.
op [Tue, 25 Apr 2023 13:36:01 +0000 (13:36 +0000)]
tiny markup fix: add missing Ic before `group' in the `agentx' rule
OK martijn@
op [Tue, 25 Apr 2023 13:32:20 +0000 (13:32 +0000)]
mark up `mode' in -f description
dv [Tue, 25 Apr 2023 12:51:07 +0000 (12:51 +0000)]
vmctl(8): no longer needs vmmvar.h
Finally! We can remove kernel headers from vmctl.
ok mlarkin@
dv [Tue, 25 Apr 2023 12:46:13 +0000 (12:46 +0000)]
vmm(4)/vmd(8): pull struct members out of vmm ioctl create struct.
The object sent to vmm(4) contained file paths and details the
kernel does not need for cpu virtualization as device emulation is
in userland. Effectively, "pull up" the struct members from the
vm_create_params struct to the parent vmop_create_params struct.
This allows us to clean up some of vmd(8) and simplify things for
switching to having vmctl(8) open the "kernel" file (SeaBIOS, bsd.rd,
etc.) to allow users to boot recovery ramdisk kernels.
ok mlarkin@
mpi [Tue, 25 Apr 2023 12:36:30 +0000 (12:36 +0000)]
Do not grab the `vmmaplk' recursively, prevent a self-deadlock.
Change the semantic of vm_map_busy() to be able to completely unlock the
`vmmaplk' instead of downgrading it to a read lock in mlock(2). This is
necessary because uvm_fault_wire() tries to re-grab the same lock.
We now keep track of the thread currently holding the vmmap busy to ensure
it can relock & unbusy the vmmap. The new pattern becomes:
....vm_map_lock(map);
....vm_map_busy(map); /* prevent other threads to grab an exclusive lock */
....vm_map_unlock(map);
....
..../*
.... * Do some stuff generally requiring a tsleep(9).
.... */
....
....vm_map_lock(map);
....vm_map_unbusy(map); /* allow other threads to make progress after unlock */
....vm_map_unlock(map);
Fix adapted from NetBSD's r1.249 of uvm/uvm_map.c. Issue reported by
Jacqueline Jolicoeur exposed by a "wallet refresh" of the Monero App.
Panic hand-copied below:
sleep_finish()
rw_enter()
uvmfault_lookup()
uvm_fault_check()
uvm_fault()
uvm_fault_wire()
uvm_map_pageable_wire()
sys_mlock()
ok kettenis@
krw [Tue, 25 Apr 2023 12:13:15 +0000 (12:13 +0000)]
Create & use variables MRDISKTYPE and MRMAKEFSARGS like all the other build
makefiles.
Fixes & ok kn@
No intentional functional change.
patrick [Tue, 25 Apr 2023 11:36:55 +0000 (11:36 +0000)]
Enable power management for PCI devices.
ok kettenis@
patrick [Tue, 25 Apr 2023 11:21:01 +0000 (11:21 +0000)]
Add suspend/resume support to pwmbl(4), so that when suspending the x13s
the display turns off and it actually looks like it's properly suspended.
ok kettenis@ tobhe@
tobhe [Tue, 25 Apr 2023 11:12:38 +0000 (11:12 +0000)]
Disable keyboard backlight on Apple Silicon laptops on suspend,
restore on wakeup.
ok patrick@ kettenis@
tb [Tue, 25 Apr 2023 11:03:37 +0000 (11:03 +0000)]
The #ifdef missed a few NETSCAPE_CERT things
tb [Tue, 25 Apr 2023 10:56:58 +0000 (10:56 +0000)]
Remove v3_sxnet from the standard extensions
patrick [Tue, 25 Apr 2023 10:35:48 +0000 (10:35 +0000)]
Invalidate ITS caches during suspend/resume cycle to commit the changes
to the LPIs. So far we have only flipped the enable bit in the shared
memory, but it turns out that the state is actually cached in the ITS.
We have to send an invalidation to flush it, both after disabling and
enabling the LPI. We probably also should do it after establishing an
interrupt, and especially when disestablishing, e.g. for PCIe hotplug.
Since we do not currently store the device/event IDs we cannot do a
targeted invalidation and have to fall back to sending one that clears
the whole cache to each ITS. In the future we should keep some more
state per established LPI.
Furthermore we currently keep a list of LPIs in each ITS instance, which
means in case we have multiple ITS we will re-use LPI numbers. But since
there's no relevant HW so far that has those, there's no rish to fix that.
This fixes suspend/resume on x13s with NVMe+MSI.
ok kettenis@
job [Tue, 25 Apr 2023 10:18:39 +0000 (10:18 +0000)]
Invalidate the DER cache earlier on in X509 setter functions
Note that it is important to invalidate the cache before returning,
as the return might bubble up an error.
OK tb@ jsing@
kn [Tue, 25 Apr 2023 10:11:20 +0000 (10:11 +0000)]
Do not attempt to write to read-only softraid
Bootloaders have no write support for softraid volumes, which manifests in,
e.g. /bsd.upgrade not being stripped of its 'x' permission bit to prevent
sysupgrade loops in case of upgrade failure.
Set a no-write flag handled by libsa to bail out early in write calls.
There should be no real behaviour change, writes just fail earlier now.
amd64 EFI bits, other architectues to come. Crank minor.
"seems sensible" jsing
kn [Tue, 25 Apr 2023 10:06:12 +0000 (10:06 +0000)]
Do not attempt to write to read-only softraid
Bootloaders have no write support for softraid volumes, which manifests in,
e.g. /bsd.upgrade not being stripped of its 'x' permission bit to prevent
sysupgrade loops in case of upgrade failure.
Set a no-write flag handled by libsa to bail out early in write calls.
There should be no real behaviour change, writes just fail earlier now.
amd64 BIOS bits first, rest to come. Crank minor.
"seems sensible" jsing
job [Tue, 25 Apr 2023 09:46:36 +0000 (09:46 +0000)]
Use X509_set_version() and X509_REQ_set_version() instead doing it by hand
A small side-effect in X509_to_X509_REQ() is that 'x->req_info->enc.modified'
now earlier on is set to 1.
OK tb@ jsing@
nicm [Tue, 25 Apr 2023 09:31:50 +0000 (09:31 +0000)]
Tidy tparm wrapper functions to have more obvious names and check tparm
return value.
nicm [Tue, 25 Apr 2023 09:24:44 +0000 (09:24 +0000)]
Invalidate cached tty state after changing features since they may
change what the terminal can do and need mouse sequences or similar to
be sent again, GitHub issue 3513.
krw [Tue, 25 Apr 2023 08:57:11 +0000 (08:57 +0000)]
Add option 'rdroot' to simplify creation of rdroot filesystems for the install
media.
No functional change to existing behaviour.
krw [Tue, 25 Apr 2023 08:44:19 +0000 (08:44 +0000)]
Delete now unused disklabel template files.
op [Tue, 25 Apr 2023 08:37:24 +0000 (08:37 +0000)]
document that prefix-region with a prefix argument prompts for the string
jsg [Tue, 25 Apr 2023 08:28:27 +0000 (08:28 +0000)]
regen
jsg [Tue, 25 Apr 2023 08:27:59 +0000 (08:27 +0000)]
add Kingston KC3000 from Paul de Weerd
and Samsung PM9B1 as found in sthen's t14 gen 3 intel
tb [Tue, 25 Apr 2023 07:50:38 +0000 (07:50 +0000)]
Fix allocation size
Reported by anton
tb [Tue, 25 Apr 2023 07:48:15 +0000 (07:48 +0000)]
Unbreak tree: file missed in last commit
Reported by anton
asou [Tue, 25 Apr 2023 05:02:56 +0000 (05:02 +0000)]
add eoip to keepalive.
ok david@
deraadt [Tue, 25 Apr 2023 04:42:25 +0000 (04:42 +0000)]
Add endbr64 where needed by inspection. Passes regresson tests.
ok jsing, and kind of tb an earlier version
deraadt [Tue, 25 Apr 2023 04:11:10 +0000 (04:11 +0000)]
endbr64 is potentially neccessary in the syscall stubs.
deraadt [Tue, 25 Apr 2023 04:10:21 +0000 (04:10 +0000)]
Add missing endbr64 instructions as required. Verified as neccessary with
a fully IBT userland operational..
deraadt [Tue, 25 Apr 2023 04:06:06 +0000 (04:06 +0000)]
placing .align after the function start is crazy. other things are ensuring
this function is at the start of the section, there is no poing in potentially
stuffing nops into the sequence if things go wrong, it is better to fail hard.
ok guenther
cheloha [Tue, 25 Apr 2023 01:32:36 +0000 (01:32 +0000)]
prof_state_toggle: keep a count of CPUs with profiling enabled
On MULTIPROCESSOR systems, the following sequence of kgmon(8)
invocations leaves the statclock() frequency at stathz when there is
still a CPU on the system where the gmon state is GMON_PROF_ON:
# kgmon -c 0 -b
# kgmon -c 1 -b
# kgmon -c 0 -h
The problem is that we aren't counting CPUs with profiling enabled.
Add "gmon_cpu_count" to keep a count. Call startprofclock() for the
first CPU to enable profiling and stopprofclock() for the last CPU to
disable profiling.
cheloha [Tue, 25 Apr 2023 00:58:47 +0000 (00:58 +0000)]
addupc_intr: support adding multiple profiling ticks at once
Add a third parameter to addupc_intr(), "u_long nticks". This will
allow us to credit more than one profiling tick to the thread at once.
Should be useful in the unusual case where the clock interrupt is
masked for an extended period.
tb [Mon, 24 Apr 2023 22:30:17 +0000 (22:30 +0000)]
Future users of libcrypto will also have to do without strong extranet
support.
discussed with beck and jsing
tb [Mon, 24 Apr 2023 22:24:39 +0000 (22:24 +0000)]
Mark NETSCAPE_CERT_SEQUENCE for removal
discussed with beck and jsing
tb [Mon, 24 Apr 2023 22:12:28 +0000 (22:12 +0000)]
Mark the NDEF API for removal
Discussed with jsing and beck
kettenis [Mon, 24 Apr 2023 22:06:05 +0000 (22:06 +0000)]
Since ENTRY() already inserts a BTI instructions so don't add another one.
ok patrick@
claudio [Mon, 24 Apr 2023 17:11:33 +0000 (17:11 +0000)]
If the two mfts in mft_compare() are the same do not prefer the
first (DIR_VALID) but perfer the 2nd (DIR_TEMP) since this allows
rpki-client to move the equal files from .rrdp back into the valid
repo tree and so there are less unaccounted files for.
Problem noticed by and OK job@
krw [Mon, 24 Apr 2023 17:07:33 +0000 (17:07 +0000)]
Replace the only two uses of disklabel template files with 'echo "/ *"'.
No functional change.
ok kn@
tb [Mon, 24 Apr 2023 16:55:06 +0000 (16:55 +0000)]
Free and calloc() the tlsext_build_order and remember its length
Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order()
and will help regression testing.
ok jsing
dv [Mon, 24 Apr 2023 16:53:57 +0000 (16:53 +0000)]
vmm(4): allow guests to enable and use supervisor IBT.
Why should hosts have all the fun? Conditionally unmask the cpuid
bits for IBT and allow r/w access to the supervisor CET msr.
Will need revisiting when we introduce usage of userland CET msr.
ok marlkin@
beck [Mon, 24 Apr 2023 16:46:43 +0000 (16:46 +0000)]
Remove recursive spl grabbing in vfs_bio.c
in preparation for improvements.
ok claudio@
kn [Mon, 24 Apr 2023 16:36:54 +0000 (16:36 +0000)]
add default tmux config; ok sthen
krw [Mon, 24 Apr 2023 16:21:43 +0000 (16:21 +0000)]
Change variables 'MRFSDISKTYPE' to 'MRDISKTYPE' like every other arch.
No functional change.
Noticed by & ok kn@
beck [Mon, 24 Apr 2023 15:35:22 +0000 (15:35 +0000)]
Fix sk_is_sorted to tread 0 and 1 element lists as sorted.
from boringssl
ok tb@ jsing@
tb [Mon, 24 Apr 2023 15:32:31 +0000 (15:32 +0000)]
Use TLSEXT_TYPE_alpn instead of the stupid long one
krw [Mon, 24 Apr 2023 15:31:14 +0000 (15:31 +0000)]
Change variable 'DISKTYPE' to 'FSDISKTYPE' like every other arch.
No functional change.
ok patrick@
patrick [Mon, 24 Apr 2023 15:15:00 +0000 (15:15 +0000)]
Enable MSI if the node contains an msi-map, like we already do in pciecam(4).
This will make MSIs work on the Lenovo x13s as soon as an updated device tree
is installed.
Discussed with kettenis@
kn [Mon, 24 Apr 2023 15:12:14 +0000 (15:12 +0000)]
Missing the optional default config is not an error
/var/log/{messages,daemon} logs ENOENT as error on default configless vmd.
Only complain on explicitly passed files and print a debug hint under `-vv'
in case someone forgot to populate their /etc/vm.conf.
OK dv mlarkin
patrick [Mon, 24 Apr 2023 14:34:13 +0000 (14:34 +0000)]
Update qcpon(4) compatibles to match on qcom,pmk8350-pon, which is the updated
binding in Linux 6.3 device trees. While there, remove retrieving the register
address, as the new binding has an additional register with doesn't work with
a single OF_getpropint(), and since we're not using it we don't need to keep it
around.
kn [Mon, 24 Apr 2023 14:31:15 +0000 (14:31 +0000)]
"ls rogue" needs root; OK aja
krw [Mon, 24 Apr 2023 14:06:01 +0000 (14:06 +0000)]
Add '-s' option to simply display the number of bytes available for the rdroot
filesystem in the specified kernel.
No behaviour change to existing uses of rdsetroot.
Improved option handling & ok kn@
kn [Mon, 24 Apr 2023 12:11:56 +0000 (12:11 +0000)]
Hoist privilege checks further
in6.c already has the privilege check as early as possible, make in.c match.
For unprivileged IPv4 ioctl calls with invalid args, this changes errno from
E* to EPERM.
OK bluhm
ajacoutot [Mon, 24 Apr 2023 11:54:28 +0000 (11:54 +0000)]
gtk-update-icon-cache moved from being a gtk+3 subpackage to a gtk+4 one.
kettenis [Mon, 24 Apr 2023 10:22:48 +0000 (10:22 +0000)]
Enable branch target control flow enforcement on arm64.
ok robert@, deraadt@
kettenis [Mon, 24 Apr 2023 10:22:06 +0000 (10:22 +0000)]
Abuse the wxallowed flag to decide whether we should enforce branch target
or not. The idea is that since /usr/local has wxallowed by default this
will enable enforcement for base while leaving ports alone for now. This
will help us transition to a state where ports are properly marked and
allow us to establish that base is really clean.
Also add an exception for chrome. Chrome already appears to be clean on
arm64 and this exception can be easily modified for testing other ports.
This will screw over people that deliberately disable wxallowed on
/usr/local or who don't have a separate partition for /usr/local. We
think that is an acceptable compromise for the next months.
ok robert@, deraadt@ (who came up with the idea)
mvs [Mon, 24 Apr 2023 09:20:09 +0000 (09:20 +0000)]
Don't check `so_sp' within sofree(). The following isspliced() and
issplicedback() already have this check.
ok bluhm@
jmatthew [Mon, 24 Apr 2023 09:18:55 +0000 (09:18 +0000)]
Add initial support for Atlantic 2 hardware. Atlantic 2 has
much more complicated rx processing, and here we're doing the
bare minimum to get packets moving. RSS is not implemented yet,
vlans and multicast (among others) probably don't work yet either.
tested by kettenis@ on an M2 Mac Mini, and by me on an AQC113
card provided by Brad
ok dlg@
dv [Mon, 24 Apr 2023 09:04:03 +0000 (09:04 +0000)]
Toggle IBT off during amd64 hibernate before dropping to real mode.
Hibernate on IBT-capable MP systems broke when trying to quiesce
cpus. Instead of finding the locations of endbr64 in the asm indirect
jumps in acpi_wakecode.S, simply disable CR4.CET beforehand and
re-enable on resume.
This will also disable shadowstack, but there are no plans to use it.
"this approach is fine" deraadt@
robert [Mon, 24 Apr 2023 08:59:09 +0000 (08:59 +0000)]
do a cache lookup as well in case a full pathname is passed to dlopen
job [Mon, 24 Apr 2023 08:39:06 +0000 (08:39 +0000)]
Sort X.509 error reasons, use next available error value, and align
error message with internal error code name.
OK tb@ jsing@
job [Mon, 24 Apr 2023 08:09:29 +0000 (08:09 +0000)]
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to
introduce this check (as could lead to pushing errors
(ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching
validation on the encoding side brittleness is introduced.
dlg [Mon, 24 Apr 2023 01:33:32 +0000 (01:33 +0000)]
handle fixed-link configuration in the device tree.
if fixed-link is present, populate the interface baudrate and link
status (full duplex or half duplex), and then call the statch handler
to apply that config to the MAC. if fixed-link is specified then
do not attach a phy.
note that phy lookup and reset still occurs in case the device tree
still uses the deprecated snps,reset-gpio properties. the fixed
link port on the bpi r2 pro is connected to a switch chip (which
is not really a phy) that needs needs a reset provided by the
snps,reset-gpio handling. an improved device tree would have the
reset properties on the switch node so it could do its own reset,
but we can't have nice things can we?
tested on a nanopi r5s, which has a phy but no fixed-link config,
and a banana pi bpi-r2 pro, which has both (cos it has two dwqes,
one with a phy and one without).
dlg [Mon, 24 Apr 2023 00:11:08 +0000 (00:11 +0000)]
actually xr to iosf this time.
with patience from jmc@
jmatthew [Sun, 23 Apr 2023 22:57:23 +0000 (22:57 +0000)]
Adjust some printfs in the attach code path to make more sense,
and include the mac address of the interface on the attach line.
ok dlg@
jmatthew [Sun, 23 Apr 2023 22:48:03 +0000 (22:48 +0000)]
Prepare for adding Atlantic 2 support by renaming functions and defines
specific to Atlantic 1, shuffling some of the setup code, and adding
get_mac_addr to the firmware ops struct.
ok dlg@
job [Sun, 23 Apr 2023 21:49:15 +0000 (21:49 +0000)]
Replace X509v3_get_ext_count() with X509_get_ext_count()
Error introduced in 1.24
job [Sun, 23 Apr 2023 21:46:07 +0000 (21:46 +0000)]
In the case of V1 certs, the extension count should be exactly 0
OK tb@
job [Sun, 23 Apr 2023 21:39:19 +0000 (21:39 +0000)]
If extensions are encountered on a X.509 V1 cert, mark as invalid
While there, explicitly check for 0 - as X509_get_version() is a wrapper
around the less than beloved ASN1_INTEGER_get().
OK tb@
job [Sun, 23 Apr 2023 21:31:16 +0000 (21:31 +0000)]
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version
values, and also checks whether the version is consistent with fields
new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence
value shall not include an encoding for any component value which is
equal to its default value." However, enforcing version 1 (value 0) to
be absent reportedly caused some issues as recent as July 2020, so
accept version 1 even if it is explicitly encoded.
OK tb@ beck@
kettenis [Sun, 23 Apr 2023 21:08:26 +0000 (21:08 +0000)]
Don't create IBT .plt if there are no PLT entries. Cherry picked from
upstream. Fixes several issues including problems with ld.bfd when it
sees such a .plt in an object file that is getting linked into a binary.
ok deraadt@
deraadt [Sun, 23 Apr 2023 19:22:08 +0000 (19:22 +0000)]
sync
tb [Sun, 23 Apr 2023 18:59:41 +0000 (18:59 +0000)]
Fix the client test and the tlsext test to work with randomized
TLS extensions (this involves unrandomizing the extension order
for the tests that rely on golden numbers.
tb [Sun, 23 Apr 2023 18:51:53 +0000 (18:51 +0000)]
Randomize the order of TLS extensions
On creation of an SSL using SSL_new(), randomize the order in which the
extensions will be sent. There are several constraints: the PSK extension
must always come last. The order cannot be randomized on a per-message
basis as the strict interpretation of the standard chosen in the CH hashing
doesn't allow changing the order between first and second ClientHello.
Another constraint is that the current code calls callbacks directly on
parsing an extension, which means that the order callbacks are called
depends on the order in which the peer sent the extensions. This results
in breaking apache-httpd setups using virtual hosts with full ranomization
because virtual hosts don't work if the SNI is unknown at the time the
ALPN callback is called. So for the time being, we ensure that SNI always
precedes ALPN to avoid issues until this issue is fixed.
This is based on an idea by David Benjamin
https://boringssl-review.googlesource.com/c/boringssl/+/48045
Input & ok jsing
anton [Sun, 23 Apr 2023 18:38:55 +0000 (18:38 +0000)]
cope with more s/XCR0/XFEATURE renames
job [Sun, 23 Apr 2023 18:24:01 +0000 (18:24 +0000)]
Man page update for EVP_sha512_224() and EVP_sha512_256()
OK tb@
tb [Sun, 23 Apr 2023 13:47:35 +0000 (13:47 +0000)]
Link c2sp test to build
tb [Sun, 23 Apr 2023 13:43:46 +0000 (13:43 +0000)]
Import C2SP/CCTV test
This currently only covers
Ed25519 using the c2sp-testvectors package
and checks that our
Ed25519 implementation behaves as expected from a
"ref10" implementation.
This test has Go and c2sp-testvectors as a hard dependency. It will
optionally pick up any OpenSSL package installed on the system and
test that as well.
https://github.com/C2SP/CCTV
https://github.com/C2SP/CCTV/tree/main/
ed25519
job [Sun, 23 Apr 2023 13:19:34 +0000 (13:19 +0000)]
In filemode, if an ASPA contains information for only 1 AFI, supplement the other
OK claudio@
dv [Sun, 23 Apr 2023 12:11:37 +0000 (12:11 +0000)]
vmd(8): teach vmm process how to exec.
Use execvp(2) to launch vm children with new address spaces.
Consequently, introduces use of unveil(2) into the vmm and vm
processes.
This imposes the requirement of launching vmd with absolute paths,
similar to sshd(8).
ok mlarkin@
tb [Sun, 23 Apr 2023 11:52:14 +0000 (11:52 +0000)]
Drop some extra parentheses
claudio [Sun, 23 Apr 2023 11:42:45 +0000 (11:42 +0000)]
Flowspec show support an address family argument. Copy the description
from the very similar 'network show'.
tb [Sun, 23 Apr 2023 11:39:56 +0000 (11:39 +0000)]
Drop a superfluous isneg check.
claudio [Sun, 23 Apr 2023 11:39:51 +0000 (11:39 +0000)]
For FLOWSPEC_SHOW conver the AID form regular inet/inet6 to flowspec versions.
OK tb@
claudio [Sun, 23 Apr 2023 11:39:10 +0000 (11:39 +0000)]
Add the same AID filter to prefix_flowspec_dump() like in the other
prefix/rib dump functions.
OK tb@
tb [Sun, 23 Apr 2023 11:34:57 +0000 (11:34 +0000)]
Add missing NULL check for BN_new()
claudio [Sun, 23 Apr 2023 11:29:57 +0000 (11:29 +0000)]
Document flowspec commands
OK tb@ jmc@
tb [Sun, 23 Apr 2023 11:25:21 +0000 (11:25 +0000)]
Initialize ishex and isneg at the top and drop some elses
patrick [Sun, 23 Apr 2023 10:29:35 +0000 (10:29 +0000)]
Stop setting ri->ri_bs to prevent a panic caused by rasops accessing its
uninitialized content. When we rasops_init() with RI_VCONS, a new screen
is allocated. If ri->ri_bs is set, this will be copied. Otherwise a new
one will be allocated and filled with ASCII spaces. Copying the ri->ri_bs
is useful in case we have an early console which contents we want to keep.
As we do not have an early console here, there's no point in setting it at
the moment.
With this my Hetzner arm64 VM doesn't panic anymore.
ok jcs@ kettenis@