florian [Tue, 30 May 2017 15:57:12 +0000 (15:57 +0000)]
delete default route from FIB when we receive advertisement with
router lifetime of 0
florian [Tue, 30 May 2017 15:39:49 +0000 (15:39 +0000)]
delete default route from FIB when it expires
mpi [Tue, 30 May 2017 15:39:04 +0000 (15:39 +0000)]
Kill db_sym_t.
ok deraadt@, kettenis@, jasper@
bluhm [Tue, 30 May 2017 15:36:13 +0000 (15:36 +0000)]
Organize iked parser regress Makefile similar to mandoc dbm_dump.
When object files from other parts of the tree are needed, build
them there and symlink them into the regress obj directory.
OK markus@
tedu [Tue, 30 May 2017 15:29:53 +0000 (15:29 +0000)]
usage and order tweaks from jmc
deraadt [Tue, 30 May 2017 15:11:32 +0000 (15:11 +0000)]
Support for SMAP is pretty small, so don't exclude it from the RAMDISKS.
ok jsg visa
schwarze [Tue, 30 May 2017 15:10:48 +0000 (15:10 +0000)]
stop reacharound from w(1) to ps(1); no functional change;
diff from bcallah@; OK tedu@ deraadt@
tedu [Tue, 30 May 2017 15:07:01 +0000 (15:07 +0000)]
id -R: make current rdomain more easily accessible to the shell
ok benno deraadt
millert [Tue, 30 May 2017 15:06:00 +0000 (15:06 +0000)]
Remove FILES section now that /usr/share/misc/ascii is no more.
Noted by jmc@
deraadt [Tue, 30 May 2017 15:04:45 +0000 (15:04 +0000)]
getrtable() is now permitted in "stdio". It carries no risk factors.
naddy [Tue, 30 May 2017 15:02:22 +0000 (15:02 +0000)]
Build amd64 bootstrap with -ffreestanding.
"totally makes sense" kettenis@
ok deraadt@
florian [Tue, 30 May 2017 14:56:34 +0000 (14:56 +0000)]
no need to pass the slaacd_iface around, the proposal has the if_index
millert [Tue, 30 May 2017 14:54:09 +0000 (14:54 +0000)]
Don't fall back to heapsort() if we would otherwise switch to
insertion sort (when the number of elements is < 7).
millert [Tue, 30 May 2017 14:52:37 +0000 (14:52 +0000)]
Remove /usr/share/misc/ascii since we have ascii(7).
OK schwarze@ deraadt@ sthen@
florian [Tue, 30 May 2017 14:45:22 +0000 (14:45 +0000)]
fix previous; actually free the memory
markus [Tue, 30 May 2017 14:29:59 +0000 (14:29 +0000)]
switch auth2 to ssh_dispatch API; ok djm@
markus [Tue, 30 May 2017 14:27:22 +0000 (14:27 +0000)]
switch auth2-none.c to modern APIs; ok djm@
markus [Tue, 30 May 2017 14:26:49 +0000 (14:26 +0000)]
switch auth2-passwd.c to modern APIs; ok djm@
markus [Tue, 30 May 2017 14:25:42 +0000 (14:25 +0000)]
switch auth2-hostbased.c to modern APIs; ok djm@
markus [Tue, 30 May 2017 14:23:52 +0000 (14:23 +0000)]
protocol handlers all get struct ssh passed; ok djm@
florian [Tue, 30 May 2017 14:23:10 +0000 (14:23 +0000)]
Remove default router proposals and address_proposals
when their lifetime reaches zero.
florian [Tue, 30 May 2017 14:21:33 +0000 (14:21 +0000)]
Update default router states; pointed out by naddy
markus [Tue, 30 May 2017 14:19:15 +0000 (14:19 +0000)]
ssh: pass struct ssh to auth functions, too; ok djm@
markus [Tue, 30 May 2017 14:18:15 +0000 (14:18 +0000)]
sshd: pass struct ssh to auth functions; ok djm@
markus [Tue, 30 May 2017 14:16:41 +0000 (14:16 +0000)]
remove unused wrapper functions from key.[ch]; ok djm@
markus [Tue, 30 May 2017 14:15:17 +0000 (14:15 +0000)]
sshkey_new() might return NULL (pkcs#11 code only); ok djm@
markus [Tue, 30 May 2017 14:13:40 +0000 (14:13 +0000)]
switch sshconnect.c to modern APIs; ok djm@
markus [Tue, 30 May 2017 14:10:53 +0000 (14:10 +0000)]
switch auth2-pubkey.c to modern APIs; with & ok djm@
jmatthew [Tue, 30 May 2017 14:04:02 +0000 (14:04 +0000)]
Remove comments about implementing FIS-based switching with port multipliers,
which we can safely assume isn't going to happen now. No code changes.
tb [Tue, 30 May 2017 13:56:07 +0000 (13:56 +0000)]
waive signature check waving
ok jmc espie
fcambus [Tue, 30 May 2017 13:16:09 +0000 (13:16 +0000)]
sync
fcambus [Tue, 30 May 2017 13:14:44 +0000 (13:14 +0000)]
Remove qvss8x15, vt220l8x8, and vt220l8x10 fonts.
Those fonts are not compiled in by default, and are smaller than the
smallest font (bold8x16_iso1) we currently include.
OK mpi@, deraadt@
mlarkin [Tue, 30 May 2017 13:13:47 +0000 (13:13 +0000)]
increase vmd(8) virtio queue size from 64 to 128. Also fix an old
copypaste bug that didn't hurt us as long as all the queue sizes were
the same, which was the case up to now.
suggested by sf@, ok krw@
akfaew [Tue, 30 May 2017 12:52:59 +0000 (12:52 +0000)]
The capability error codes never made it into a standard and now error
code 7 is for enhanced route refresh.
OK claudio@ phessler@
mlarkin [Tue, 30 May 2017 12:48:01 +0000 (12:48 +0000)]
print more useful information when an error is returned from uvm_fault
when processing NPT/EPT violations
krw [Tue, 30 May 2017 12:47:47 +0000 (12:47 +0000)]
Statically allocate resource to requests, and only create requests
that there will be resources for.
Protect request list with a mutex.
Makes everything much more scsi-like. Fewer splbio() dances. Uses
less memory and eliminates superfluous freeing and acquiring of the
same resources over and over.
ok sf@
friehm [Tue, 30 May 2017 12:42:31 +0000 (12:42 +0000)]
Adding multipath route support to ospf6d. Almost copied from ospfd.
OK bluhm@
mlarkin [Tue, 30 May 2017 12:41:55 +0000 (12:41 +0000)]
move some data tables out of .text and into .rodata where they belong
ok deraadt
jmc [Tue, 30 May 2017 12:39:33 +0000 (12:39 +0000)]
tweak previous; ok florian
naddy [Tue, 30 May 2017 12:38:36 +0000 (12:38 +0000)]
fix a jumbled conditional clang warns about; ok florian@
jmc [Tue, 30 May 2017 12:24:43 +0000 (12:24 +0000)]
tweak previous;
jmc [Tue, 30 May 2017 12:17:17 +0000 (12:17 +0000)]
remove an extra .Ed;
jmc [Tue, 30 May 2017 12:14:38 +0000 (12:14 +0000)]
tweak previous; ok bluhm
henning [Tue, 30 May 2017 12:13:04 +0000 (12:13 +0000)]
fix a comment
friehm [Tue, 30 May 2017 12:09:27 +0000 (12:09 +0000)]
Carp balancing ip does not work since there is a mac filter in
ether_input(). Now we use mbuf tags instead of modifying the MAC
address.
ok mpi@
tb [Tue, 30 May 2017 12:04:26 +0000 (12:04 +0000)]
Introduce a scary rc.conf(8) knob library_aslr=(YES|NO) to turn off the
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.
Discussed with various;
input & ok from deraadt ajacoutot
bluhm [Tue, 30 May 2017 12:03:11 +0000 (12:03 +0000)]
Link iked test to build so that obj directories are created.
bluhm [Tue, 30 May 2017 11:57:59 +0000 (11:57 +0000)]
Remove the .INTERRUPT target, it prevented to terminate the test
with Ctrl-C in some situations.
sf [Tue, 30 May 2017 11:02:39 +0000 (11:02 +0000)]
virtio: Put entries in freelist in reverse order
This avoids breaking krw@'s ongoing work on improving virtio_enqueue_trim().
stsp [Tue, 30 May 2017 11:01:38 +0000 (11:01 +0000)]
Use ieee80211_{min,max}_basic_rate() in iwn(4).
ok mpi@ phessler@
stsp [Tue, 30 May 2017 11:00:38 +0000 (11:00 +0000)]
Introduce ieee80211_min_basic_rate() and ieee80211_max_basic_rate().
These helpers can be used by drivers to improve compatibility with APs
that disable some mandatory PHY rates in the basic rate set.
For instance, many of our drivers hard-code 11b rates on 2 Ghz and run
into problems when APs disable them. Since 11b rates are being disabled
by default by some vendors, hardcoding them is not a good idea anymore.
ok mpi@ phessler@
stsp [Tue, 30 May 2017 10:50:33 +0000 (10:50 +0000)]
Always set the link state DOWN once we enter ieee80211_newstate(), regardless
of whether the wifi interface happens to be leaving RUN state. The interface
is never usable during state transitions so setting the link DOWN is the only
reasonable option when any transition is triggered.
Fixes a problem where, at boot time, the link state of wifi interfaces was
reported to userland as UNKNOWN (which, curiously, has value 0). dhclient's
link detection logic was recently changed from ifmedia to getifaddrs which
exposed the UNKOWN link state. Since dhclient assumes an UNKNOWN link state
means UP it would start trying to negotiate a lease too early during boot.
Problem reported by tb@
ok krw@
sf [Tue, 30 May 2017 10:32:53 +0000 (10:32 +0000)]
ext2fs: Mark superblock as not modified when written
I have seen spurious "file system not clean; please fsck(8)" warnings
during "mount -ur". Set e2fs_fmod = 0 when writing the superblock (as
ffs does).
"Makes sense" deraadt@
florian [Tue, 30 May 2017 10:24:05 +0000 (10:24 +0000)]
reduce lies
fcambus [Tue, 30 May 2017 10:20:55 +0000 (10:20 +0000)]
sync
fcambus [Tue, 30 May 2017 10:19:22 +0000 (10:19 +0000)]
Remove lucida16x29.h and omron12x20 fonts.
- lucida16x29 is a bad conversion from a truetype font, it is too bold
which makes it unreadable.
- omron12x20 is a serif font, and is very difficult to read due to
inconsistencies in character spacing, alignement, and width.
Moreover, both fonts only have 96 glyphs.
No objection from mlarkin@
OK mpi@, jcs@
akfaew [Tue, 30 May 2017 09:40:08 +0000 (09:40 +0000)]
Enable more error codes for BGP. These were commited some time ago, but
never enabled. Also add error codes for FSM.
With input from Job Snijders.
OK phessler@ (previous version), claudio@, deraadt@
jmatthew [Tue, 30 May 2017 09:33:31 +0000 (09:33 +0000)]
Teach ypldap to use tls when connecting to ldap servers.
libtls help from jsing@, linker help from deraadt@
mpi [Tue, 30 May 2017 09:10:49 +0000 (09:10 +0000)]
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
florian [Tue, 30 May 2017 08:58:34 +0000 (08:58 +0000)]
Enable slaacd(8) by default and disable router solicitation and
advertisement processing in the kernel.
Go for it!!! deraadt@
additional encouragement to push forward from at least mpi and henning
special thanks to naddy for being an early adopter and finding bugs.
markus [Tue, 30 May 2017 08:52:19 +0000 (08:52 +0000)]
switch from Key typedef with struct sshkey; ok djm@
markus [Tue, 30 May 2017 08:49:58 +0000 (08:49 +0000)]
remove ssh1 references; ok djm@
markus [Tue, 30 May 2017 08:49:32 +0000 (08:49 +0000)]
revise sshkey_load_public(): remove ssh1 related comments, remove extra
open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL,
replace strlcpy+cat with asprintf; ok djm@
sf [Tue, 30 May 2017 08:44:58 +0000 (08:44 +0000)]
fileops test: Also run on ext2fs
Also sort subdirs in makefile
sf [Tue, 30 May 2017 08:35:32 +0000 (08:35 +0000)]
virtio: Do LIFO in the freelist
Use a SLIST instead of a SIMPLEQ and use LIFO instead of FIFO. This should
improve cache usage.
fcambus [Tue, 30 May 2017 08:24:56 +0000 (08:24 +0000)]
Remove the unused pcdisplay_mapchar_simple function in pcdisplay(4).
It has been unused since this code was imported from NetBSD.
OK mlarkin@
nicm [Tue, 30 May 2017 08:13:48 +0000 (08:13 +0000)]
Preserve search string when entering prompt again.
henning [Tue, 30 May 2017 08:10:01 +0000 (08:10 +0000)]
teach pf_build_tcp() about SACK, ok & with sashan
mpi [Tue, 30 May 2017 07:50:37 +0000 (07:50 +0000)]
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.
Disucssed with bluhm@, ok claudio@
mpi [Tue, 30 May 2017 07:40:24 +0000 (07:40 +0000)]
Use memmove() instead of memcpy(), buffers are overlapping.
From Coverity via NetBSD via miod@
ok claudio@, tedu@, deraadt@, krw@
tb [Tue, 30 May 2017 07:11:40 +0000 (07:11 +0000)]
The is open-file command is actually called find-file. Typo pointed out
by "Choose a display name <thelocals_job_applicant protonmail com>".
florian [Tue, 30 May 2017 07:05:22 +0000 (07:05 +0000)]
fix -Wshadow warnings.
Found by bcallah, thanks!
florian [Tue, 30 May 2017 06:55:40 +0000 (06:55 +0000)]
Unbreak previous for git diffs that do not have the a/ prefix.
Found the hard way be me, OK tedu
mpi [Tue, 30 May 2017 06:42:13 +0000 (06:42 +0000)]
Clear the internal table used by if_get(9) and sleep until all
remaining ifp references are released *without* the NET_LOCK().
It's safe to do so because the KERNEL_LOCK() serializes accesses
to ``if_map''.
More importantly this fix possible deadlocks between if_get() and
the NET_LOCK(). It is now possible to call them in whatever order.
ok visa@, dlg@
mpi [Tue, 30 May 2017 06:38:10 +0000 (06:38 +0000)]
Fix a race by always modifying the 'counter' variable while holding the
mutex.
ok tedu@
tedu [Tue, 30 May 2017 06:01:30 +0000 (06:01 +0000)]
avoid some shadow warnings. from Brian Callahan
tedu [Tue, 30 May 2017 05:58:44 +0000 (05:58 +0000)]
fix a shadow warning. from Brian Callahan
tedu [Tue, 30 May 2017 05:57:46 +0000 (05:57 +0000)]
rename variable to avoid shadow. from Brian Callahan
mlarkin [Tue, 30 May 2017 04:45:38 +0000 (04:45 +0000)]
typo - extra semicolon
jmc [Mon, 29 May 2017 21:27:36 +0000 (21:27 +0000)]
missing .El;
mpi [Mon, 29 May 2017 21:19:30 +0000 (21:19 +0000)]
Enable futex-based mutex and condvar.
ok everybody
markus [Mon, 29 May 2017 20:57:21 +0000 (20:57 +0000)]
*** empty log message ***
markus [Mon, 29 May 2017 20:59:28 +0000 (20:59 +0000)]
fuzz the iked payload parser using the openssh unit-test framework
from hshoexer
nicm [Mon, 29 May 2017 20:42:53 +0000 (20:42 +0000)]
Add a flag to stop the prompt input being expanded.
nicm [Mon, 29 May 2017 20:41:29 +0000 (20:41 +0000)]
Store a copy of the old status line, will be needed soon for new choose mode.
nicm [Mon, 29 May 2017 20:37:30 +0000 (20:37 +0000)]
Function to count clients.
bluhm [Mon, 29 May 2017 20:35:47 +0000 (20:35 +0000)]
Add more regress guidelines to bsd.regress.mk(5) man page.
input schwarze@ jmc@; OK henning@ benno@
florian [Mon, 29 May 2017 20:31:31 +0000 (20:31 +0000)]
The kernel sets IN6_IFF_AUTOCONF for autoconf addresses, also make
slaacd(8) do that. At least you can identify them in ifconfig output.
Difference pointed out by & OK naddy
claudio [Mon, 29 May 2017 20:31:12 +0000 (20:31 +0000)]
Replace handrolled list with LIST_* macros. OK mpi@
florian [Mon, 29 May 2017 20:28:57 +0000 (20:28 +0000)]
Allow passing in IN6_IFF_AUTOCONF from userland. Needed by slaacd(8)
OK naddy
benno [Mon, 29 May 2017 20:23:18 +0000 (20:23 +0000)]
change section title in bgpd.conf talking about MPLS,
add a bit about working with multiple bgpds in rdomains in bgpctl.
shouting from claudio@ and help from jmc@
nicm [Mon, 29 May 2017 18:06:34 +0000 (18:06 +0000)]
Add ||, && format operators and C: to search pane content.
joris [Mon, 29 May 2017 17:18:56 +0000 (17:18 +0000)]
cvs_file_classify() was making the mistake of only taking over a sticky
tag from Entries for a given file if the sticky tag is present.
while changing this we can simplify some logic in update.c on how it
decides what tag to use for file classification.
nicm [Mon, 29 May 2017 15:43:48 +0000 (15:43 +0000)]
Add m: for fnmatch(3) format matching.
deraadt [Mon, 29 May 2017 15:21:12 +0000 (15:21 +0000)]
sync
mpi [Mon, 29 May 2017 14:47:54 +0000 (14:47 +0000)]
SPINLOCK_SPIN_HOOK is no more, define our own set of macros.
Prodded by kettenis@ and tedu@
fcambus [Mon, 29 May 2017 14:41:16 +0000 (14:41 +0000)]
Remove unused zclose function.
From Brian Callahan, thanks!
OK tb@
tedu [Mon, 29 May 2017 14:37:51 +0000 (14:37 +0000)]
openbsd does not use nonexec stack segment header hints.
in fact, false is a much better default for UsesNonexecutableStackSection.
platforms that require it can reenable, instead, saving the rest of us an
unnecessary program header (causes trouble for some special binaries).
ok kettenis
mpi [Mon, 29 May 2017 14:36:22 +0000 (14:36 +0000)]
Per-interface list of addresses, both multicast and unicast, are
currently protected by the NET_LOCK().
They are not accessed in the hot path, so protecting them with a
mutex could be an option. However since we're now going to run
with a NET_LOCK() for some time, assert that it is held.
IPsec is not yet ready to run without KERNEL_LOCK(), so assert it
is held, even in the forwarding path.
Tested by sthen@, ok visa@, claudio@, bluhm@
claudio [Mon, 29 May 2017 14:28:01 +0000 (14:28 +0000)]
Kill struct pfkey_version and move struct pfkeyv2_socket & dump_state
to pfkeyv2.c. These structs are nowhere else needed.
OK gcc