openbsd
3 years agoAdd back IMSG_RECONF_ROA_ITEM in the parent imsg handler. It is needed
claudio [Fri, 16 Apr 2021 06:20:29 +0000 (06:20 +0000)]
Add back IMSG_RECONF_ROA_ITEM in the parent imsg handler. It is needed
for origin-sets. Found by and reminder procter@
OK deraadt@

3 years agoopenssh-8.6
djm [Fri, 16 Apr 2021 03:42:00 +0000 (03:42 +0000)]
openssh-8.6

3 years agoSince iwi(4) doesn't call into net80211_newstate() the interface link state
stsp [Thu, 15 Apr 2021 18:32:19 +0000 (18:32 +0000)]
Since iwi(4) doesn't call into net80211_newstate() the interface link state
must be updated by the driver in order to get packets to flow.

In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.

Similar fix as recently committed to ipw(4).

Additionally, check for errors from iwi_auth_and_assoc() and keep scanning
if this function fails.

Problem confirmed and fix tested by matthieu@
ok deraadt@

3 years agoSwitch athn(4) 802.11n Tx rate adaptation from MiRA to RA.
stsp [Thu, 15 Apr 2021 18:25:43 +0000 (18:25 +0000)]
Switch athn(4) 802.11n Tx rate adaptation from MiRA to RA.

Tests:
AR5418: Uwe Werler
AR9280: kn, jmatthew, Lauri Tirkkonen, Scott Bennett, Mikolaj Kucharski
AR9285: kevlo, trondd, myself

ok deraadt@

3 years agoMake athn(4) set the channel when hostap or monitor modes enter RUN state.
stsp [Thu, 15 Apr 2021 18:14:45 +0000 (18:14 +0000)]
Make athn(4) set the channel when hostap or monitor modes enter RUN state.

Fixes a problem where the hardware would end up using a different channel
than the one selected by net80211.

Found while investigating issues reported by trondd testing my athn RA patch.

ok deraadt@

3 years agoMake the description of the ELF header reflect reality, removing the
kettenis [Thu, 15 Apr 2021 18:13:24 +0000 (18:13 +0000)]
Make the description of the ELF header reflect reality, removing the
traces of the long gone FreeBSD "ELF brand" code.

Based on a diff from George Brown.
ok jmc@

3 years agoWhen starting an AP or IBSS network, reconfigure the operation mode to
stsp [Thu, 15 Apr 2021 18:05:05 +0000 (18:05 +0000)]
When starting an AP or IBSS network, reconfigure the operation mode to
11ac/n/a/g/b as applicable. Fixes an issue where hostap would end up
running in the rather meaningless MODE_AUTO unless a mode was explicitly
configured with ifconfig.

Found while investigating issues reported by trondd testing my athn RA patch.

ok deraadt@

3 years agoImplement version 2 of virtio(4) at fdt, as used by Parallels on the
patrick [Thu, 15 Apr 2021 17:06:59 +0000 (17:06 +0000)]
Implement version 2 of virtio(4) at fdt, as used by Parallels on the
Apple M1.  With this vio(4) shows up and we can properly install and
use OpenBSD as VM.

"not afraid of the virtio diff" deraadt@
"okie dokie" jcs@

3 years agomention DTLS1_2_VERSION
tb [Thu, 15 Apr 2021 16:43:27 +0000 (16:43 +0000)]
mention DTLS1_2_VERSION

3 years agoMention DTLS1_2_VERSION here, too
tb [Thu, 15 Apr 2021 16:40:32 +0000 (16:40 +0000)]
Mention DTLS1_2_VERSION here, too

3 years agoDocument SSL_OP_NO_DTLSv1{,_2}
tb [Thu, 15 Apr 2021 16:35:54 +0000 (16:35 +0000)]
Document SSL_OP_NO_DTLSv1{,_2}

3 years agoDocument DTLSv1_2_{,client_,server_}method(3)
tb [Thu, 15 Apr 2021 16:30:14 +0000 (16:30 +0000)]
Document DTLSv1_2_{,client_,server_}method(3)

3 years agodo not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@
markus [Thu, 15 Apr 2021 16:24:31 +0000 (16:24 +0000)]
do not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@

3 years agoMerge documentation for SSL_is_dtls() from OpenSSL
tb [Thu, 15 Apr 2021 16:13:22 +0000 (16:13 +0000)]
Merge documentation for SSL_is_dtls() from OpenSSL

3 years agoReshuffle and reindent code. No functional change.
claudio [Thu, 15 Apr 2021 16:07:21 +0000 (16:07 +0000)]
Reshuffle and reindent code. No functional change.

3 years agoRework the http code to require poll() only when really needed.
claudio [Thu, 15 Apr 2021 14:22:05 +0000 (14:22 +0000)]
Rework the http code to require poll() only when really needed.
Especially tls_read() and tls_write() do not map 1:1 to read() and write()
calls and so assuming that after a tls_read() one needs to poll for more
data is wrong. Instead call tls_read() until it returns a TLS_WANT_*
return.

While here also ignore SIGPIPE. It is almost impossible to properly guard
from SIGPIPE by looking at POLLHUP. Instead just let write() handle it and
return an error.

Putting this in now so this can be tested widely.

3 years agoSwitch back to the legacy verifier for the release.
tb [Thu, 15 Apr 2021 14:15:03 +0000 (14:15 +0000)]
Switch back to the legacy verifier for the release.

This is disappointing as a lot of work was put into the new verifier
during this cycle. However, there are still too many known bugs and
incompatibilities. It is better to be faced with known broken behavior
than with new broken behavior and to switch now rather than via errata.
This way we have another cycle to iron out the kinks and to fix some of
the remaining bugs.

ok jsing

3 years agoFix bgpctl show mrt for UPDATE messages. The call to output->attr() was
claudio [Thu, 15 Apr 2021 14:12:05 +0000 (14:12 +0000)]
Fix bgpctl show mrt for UPDATE messages. The call to output->attr() was
incorrect. Adjust output->attr() to take a reqflag argument instead of
a struct parse_result pointer since that is the only bit needed.
Found by and OK procter@, OK deraadt@

3 years agoOn powerpc64 regress/usr.sbin/bgpd/config failed. It parses a
bluhm [Thu, 15 Apr 2021 13:42:33 +0000 (13:42 +0000)]
On powerpc64 regress/usr.sbin/bgpd/config failed.  It parses a
config file, writes bgpd's config to stdout and compares it with
an expected output.  On big endian machines the order of the set
of communities is different.  The parser used memcmp(3) to sort a
struct of integers.  This depends of the endianess.  The correct
way is to compare the integer fields in native byte order.  With
this change, the resulting order is the same on i386 and powerpc64.
OK claudio@

3 years agoMake rpki-client -V output nicer.
claudio [Thu, 15 Apr 2021 13:33:17 +0000 (13:33 +0000)]
Make rpki-client -V output nicer.
OK job@, kn@, deraadt@

3 years agoCall rrdp_data_handler() for any kind of poll event that has happened.
claudio [Thu, 15 Apr 2021 13:31:30 +0000 (13:31 +0000)]
Call rrdp_data_handler() for any kind of poll event that has happened.
On OpenBSD closing a connection will result in a read even (POLLIN) while
on Linux POLLHUP is returned. rrdp_data_handler()'s read() call returns
in both cases 0 and finishes the XML parsing.
Found and fix tested by job@, OK deraadt@

3 years agoDo not only check the serial number but also the session_id before
claudio [Thu, 15 Apr 2021 08:58:46 +0000 (08:58 +0000)]
Do not only check the serial number but also the session_id before
adding a delta to the queue. If the session_id differs there is no
need for deltas since a snapshot must be fetched.
OK job@ benno@ deraadt@

3 years agoThe SSR1 register can have bits set that don't match to bits in the MSR
kettenis [Thu, 15 Apr 2021 07:28:37 +0000 (07:28 +0000)]
The SSR1 register can have bits set that don't match to bits in the MSR
register.  We would set the sc_ps member of struct sigcontext to SSR1
when entering a signal handler, and compare it to PSL_USER in sigreturn(2)
to make sure that the user code didn't set any bits it shouldn't set.
If non-MSR bits are set that comparison would fail and sigreturn(2) would
fail.  Fix this by initializing sc_ps to PSL_USER instead of taking its
value from SSR1.  On OpenBSD we always run processes with the same MSR
value.

ok deraadt@

3 years ago%begin now has three arguments, not two. GitHubs issue 2646.
nicm [Thu, 15 Apr 2021 05:38:11 +0000 (05:38 +0000)]
%begin now has three arguments, not two. GitHubs issue 2646.

3 years agoMatch Linux path in r8153_set_rx_early_size().
kevlo [Thu, 15 Apr 2021 02:23:17 +0000 (02:23 +0000)]
Match Linux path in r8153_set_rx_early_size().

The rx early size is used to reduce the loading of CPU by letting a transfer
contain more data to reduce the number of transfers.

ok deraadt@

3 years agomy fingers cannot avoid KNF'ing as I review code
deraadt [Wed, 14 Apr 2021 23:35:24 +0000 (23:35 +0000)]
my fingers cannot avoid KNF'ing as I review code

3 years agoOn powerpc64 tcpdump(8) could not parse wireguard packets.
bluhm [Wed, 14 Apr 2021 19:34:56 +0000 (19:34 +0000)]
On powerpc64 tcpdump(8) could not parse wireguard packets.
EXTRACT_LE_32BITS() converts the type from little endian to host
endian.  So we need the constants in host endianess.  This fixes
regress/sys/net/wg.
OK deraadt@ sthen@

3 years agoMake iwx(4) attach to AX201 devices with PCI ID 0x06f0.
stsp [Wed, 14 Apr 2021 18:38:54 +0000 (18:38 +0000)]
Make iwx(4) attach to AX201 devices with PCI ID 0x06f0.

Patch and testing by Ivo Sbalzarini
ok deraadt@

3 years agoregen
stsp [Wed, 14 Apr 2021 18:37:14 +0000 (18:37 +0000)]
regen

3 years agoAdd PCI IDs of the Thunderbolt and WiFi devices in Thinkpad X1 Extreme Gen 3.
stsp [Wed, 14 Apr 2021 18:36:42 +0000 (18:36 +0000)]
Add PCI IDs of the Thunderbolt and WiFi devices in Thinkpad X1 Extreme Gen 3.

Patch by Ivo Sbalzarini

ok deraadt@

3 years agoProperly restore FPSCR register.
kettenis [Wed, 14 Apr 2021 18:35:14 +0000 (18:35 +0000)]
Properly restore FPSCR register.

ok deraadt@

3 years agohandle obj dir
deraadt [Wed, 14 Apr 2021 18:10:47 +0000 (18:10 +0000)]
handle obj dir

3 years agomove the RPKI_VERSION define into its own version.h file, helps portable.
benno [Wed, 14 Apr 2021 18:05:47 +0000 (18:05 +0000)]
move the RPKI_VERSION define into its own version.h file, helps portable.
ok claudio@

3 years agoUnify pivot.h; brings powerpc/powerpc64 support to the usr.bin/lastcomm
kettenis [Wed, 14 Apr 2021 16:06:15 +0000 (16:06 +0000)]
Unify pivot.h; brings powerpc/powerpc64 support to the usr.bin/lastcomm
regress test.

ok bluhm@

3 years agorevert previous. some of the keyupdate tests still fail occasionally
tb [Wed, 14 Apr 2021 14:54:30 +0000 (14:54 +0000)]
revert previous. some of the keyupdate tests still fail occasionally

3 years agoEnable test-tls13-keyupdate.py
tb [Wed, 14 Apr 2021 14:29:16 +0000 (14:29 +0000)]
Enable test-tls13-keyupdate.py

3 years agomove test-record-size-limit.py to unsupported
tb [Wed, 14 Apr 2021 14:19:51 +0000 (14:19 +0000)]
move test-record-size-limit.py to unsupported

3 years ago_PASSWORD_LEN is no longer the limit for an unencrypted password.
millert [Wed, 14 Apr 2021 13:59:59 +0000 (13:59 +0000)]
_PASSWORD_LEN is no longer the limit for an unencrypted password.
It is now used as the max length of the encrypted password hash.
From Benjamin Baier.

3 years agoenable test-record-layer-fragmentation.py
tb [Wed, 14 Apr 2021 13:37:59 +0000 (13:37 +0000)]
enable test-record-layer-fragmentation.py

3 years agofactor argument to catch an alert mismatch into a helper function
tb [Wed, 14 Apr 2021 13:06:53 +0000 (13:06 +0000)]
factor argument to catch an alert mismatch into a helper function

3 years agoRename privacy to temporary in slaacd regress, then it passes.
bluhm [Wed, 14 Apr 2021 12:32:56 +0000 (12:32 +0000)]
Rename privacy to temporary in slaacd regress, then it passes.
OK florian@

3 years agospacing
deraadt [Tue, 13 Apr 2021 21:16:01 +0000 (21:16 +0000)]
spacing

3 years agoconstruct an octeon installXX.img file
deraadt [Tue, 13 Apr 2021 21:13:20 +0000 (21:13 +0000)]
construct an octeon installXX.img file

3 years agoAutomated regress cannot connect to servers in internet. Check
bluhm [Tue, 13 Apr 2021 18:50:46 +0000 (18:50 +0000)]
Automated regress cannot connect to servers in internet.  Check
whether jigsaw.w3.org is reachable and skip rpki client http test
if not.
OK claudio@

3 years agoenable test-tlsfuzzer-invalid-compression-methods.py
tb [Tue, 13 Apr 2021 16:16:06 +0000 (16:16 +0000)]
enable test-tlsfuzzer-invalid-compression-methods.py

3 years agoInclude modifiers when looking up an individual key.
nicm [Tue, 13 Apr 2021 16:00:47 +0000 (16:00 +0000)]
Include modifiers when looking up an individual key.

3 years agoenable test-large-hello.py as a slow test
tb [Tue, 13 Apr 2021 15:59:14 +0000 (15:59 +0000)]
enable test-large-hello.py as a slow test

3 years agowith new defaults, test-fuzzed-plaintext.py is no longer slow
tb [Tue, 13 Apr 2021 15:53:20 +0000 (15:53 +0000)]
with new defaults, test-fuzzed-plaintext.py is no longer slow

3 years agomove a few tests to the unsupported group and fix two comments
tb [Tue, 13 Apr 2021 15:45:22 +0000 (15:45 +0000)]
move a few tests to the unsupported group and fix two comments

3 years agoRequire that the argument to the window option be non-zero.
millert [Tue, 13 Apr 2021 15:39:21 +0000 (15:39 +0000)]
Require that the argument to the window option be non-zero.
A zero-row window would not be usable (no room to edit) and the
code is full of assumptions that "sp->t_rows - 1" >= 0.
From Erik Ruotsalainen, fixes a bug reported by Paul de Weerd.

3 years agoannotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expected
tb [Tue, 13 Apr 2021 15:35:20 +0000 (15:35 +0000)]
annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expected
alerts and where to add them.

3 years agoIgnore expandtab setting when in command mode.
millert [Tue, 13 Apr 2021 15:34:41 +0000 (15:34 +0000)]
Ignore expandtab setting when in command mode.
Fixes things like searching for a literal tab character when
expandtab is enabled.  From nvi2 (leres).  OK martijn@

3 years agoFix merging of files that lack a final \n at EOF after a block of common lines.
stsp [Tue, 13 Apr 2021 14:20:23 +0000 (14:20 +0000)]
Fix merging of files that lack a final \n at EOF after a block of common lines.

Problem reported by Josh Rickmar.
ok millert@

3 years agoAdjust http_done() the be more like http_fail() -- only do the message
claudio [Tue, 13 Apr 2021 13:54:15 +0000 (13:54 +0000)]
Adjust http_done() the be more like http_fail() -- only do the message
delivery part but don't alter the http_connection anymore.
Also move common code in the connect case into a new function and call it
from connect and finish connect.
OK benno@

3 years agoBefore adding a file to the temporary rrdp repo remove it from the
claudio [Tue, 13 Apr 2021 13:35:59 +0000 (13:35 +0000)]
Before adding a file to the temporary rrdp repo remove it from the
deleted filepath set. A file can only be in one set (deleted or added)
but not on both.
OK benno@

3 years agoChange how extended ctrl keys are processed to fix C-S-Tab and C-;.
nicm [Tue, 13 Apr 2021 12:26:34 +0000 (12:26 +0000)]
Change how extended ctrl keys are processed to fix C-S-Tab and C-;.

3 years agoUnbreak rtable regress test. Define _KERNEL in some crucial spots so that
claudio [Tue, 13 Apr 2021 08:21:12 +0000 (08:21 +0000)]
Unbreak rtable regress test. Define _KERNEL in some crucial spots so that
the include guard in rtsock.h is bypassed and critical defines like rtentry
show up. Also remove the old RADIX bits, rtable code is art only for a while.

3 years agoFix rde_decide_test regress test
claudio [Tue, 13 Apr 2021 07:43:23 +0000 (07:43 +0000)]
Fix rde_decide_test regress test

3 years agoAdd a basic regress test to test the 'rde evaluate all' feature.
claudio [Tue, 13 Apr 2021 07:39:17 +0000 (07:39 +0000)]
Add a basic regress test to test the 'rde evaluate all' feature.

3 years agoUse tee(1) so that the bgpctl output is visible during the run.
claudio [Tue, 13 Apr 2021 07:38:23 +0000 (07:38 +0000)]
Use tee(1) so that the bgpctl output is visible during the run.

3 years agoMove mode set/reset after sync so cursor doesn't flicker, from Avi
nicm [Tue, 13 Apr 2021 05:25:05 +0000 (05:25 +0000)]
Move mode set/reset after sync so cursor doesn't flicker, from Avi
Halachmi.

3 years agoHandle C-Tab correctly with extended keys, GitHub issue 2642.
nicm [Tue, 13 Apr 2021 05:23:34 +0000 (05:23 +0000)]
Handle C-Tab correctly with extended keys, GitHub issue 2642.

3 years agohandle iso dir
deraadt [Tue, 13 Apr 2021 04:55:28 +0000 (04:55 +0000)]
handle iso dir

3 years agoCast XML_GetCurrentLineNumber() to unsigned long long in warnx since
claudio [Mon, 12 Apr 2021 17:23:30 +0000 (17:23 +0000)]
Cast XML_GetCurrentLineNumber() to unsigned long long in warnx since
expat my either use unsigned long or unsigened long long as return value
depending on compile options. This upcast is an easy way around this issue.
OK deraadt@

3 years agoSpaces, no functional change
claudio [Mon, 12 Apr 2021 10:03:33 +0000 (10:03 +0000)]
Spaces, no functional change

3 years agoAdd a flag to disable keys to close a message, GitHub issue 2625.
nicm [Mon, 12 Apr 2021 09:36:12 +0000 (09:36 +0000)]
Add a flag to disable keys to close a message, GitHub issue 2625.

3 years agoPermit shortcut keys in buffer, client, tree modes to be configured with
nicm [Mon, 12 Apr 2021 06:50:25 +0000 (06:50 +0000)]
Permit shortcut keys in buffer, client, tree modes to be configured with
a format; the default remains the line number. GitHub issue 2636.

3 years agoDocument bpe(4)
kn [Mon, 12 Apr 2021 03:17:57 +0000 (03:17 +0000)]
Document bpe(4)

Diff from Marcus MERIGHI <mcmer-openbsd at tor dot at>, thanks.

Feedback OK jmc
OK dlg

3 years agoDocument 'request' option to request additional configuration payloads.
tobhe [Sun, 11 Apr 2021 23:27:06 +0000 (23:27 +0000)]
Document 'request' option to request additional configuration payloads.

ok patrick@

3 years agoKNF, capitalization, whitespace
dv [Sun, 11 Apr 2021 21:02:40 +0000 (21:02 +0000)]
KNF, capitalization, whitespace

3 years agoRemove dead code for unused IMSG_CTL_NOTIFY messages.
dv [Sun, 11 Apr 2021 18:53:23 +0000 (18:53 +0000)]
Remove dead code for unused IMSG_CTL_NOTIFY messages.

Some vestigial code left over from when priv-sep was implemented.

ok mlarkin@

3 years agoCreate a sparc64 install*.img file also
deraadt [Sun, 11 Apr 2021 17:18:15 +0000 (17:18 +0000)]
Create a sparc64 install*.img file also
tested by kettenis

3 years agovnconfig is run without a label-type (install360), because in-Makefile
deraadt [Sun, 11 Apr 2021 16:11:59 +0000 (16:11 +0000)]
vnconfig is run without a label-type (install360), because in-Makefile
scripting calculates msdos+ffs layout, so FSTYPE= is not neccessary.

3 years agoOn systems that hide the PCI bridge device corresponding to a PCIe RC port
kettenis [Sun, 11 Apr 2021 15:30:51 +0000 (15:30 +0000)]
On systems that hide the PCI bridge device corresponding to a PCIe RC port
we may end up passing a NULL pointer to pcie_get_speed_cap().  Handle this
by returning PCI_SPEED_UNKNOWN instead of dereferencing a null-pointer.

ok jsg@

3 years agoCorrect a comment: reference the correct file
dv [Sun, 11 Apr 2021 14:12:42 +0000 (14:12 +0000)]
Correct a comment: reference the correct file

3 years agobwfm(4) needs firmload
kn [Sun, 11 Apr 2021 14:07:03 +0000 (14:07 +0000)]
bwfm(4) needs firmload

Otherwise compiling a kernel witout any other wifi drivers fails.

OK patrick deraadt

3 years agodo not build unused code and remove uneeded dependency on libm.
eric [Sun, 11 Apr 2021 07:18:08 +0000 (07:18 +0000)]
do not build unused code and remove uneeded dependency on libm.

ok tb@

3 years agoUpdate a stale comment and fix a typo.
tb [Sun, 11 Apr 2021 07:06:01 +0000 (07:06 +0000)]
Update a stale comment and fix a typo.

3 years agosync
deraadt [Sun, 11 Apr 2021 02:30:03 +0000 (02:30 +0000)]
sync

3 years agoFix two typos in comments
job [Sun, 11 Apr 2021 01:20:03 +0000 (01:20 +0000)]
Fix two typos in comments

sure deraadt@

3 years agobuild arm64 install*.img
deraadt [Sat, 10 Apr 2021 21:02:36 +0000 (21:02 +0000)]
build arm64 install*.img
requested by kettenis, first testing by kn

3 years agoMake sure the ip header lands on a 4 byte alignment by adding 2 bytes
florian [Sat, 10 Apr 2021 17:22:34 +0000 (17:22 +0000)]
Make sure the ip header lands on a 4 byte alignment by adding 2 bytes
padding because the ethernet header in front is only 14 bytes.
Found the hard way by me while testing on sparc64.
Solution suggested by & OK deraadt

3 years agoAdd cabal-module(5) man page
gnezdo [Sat, 10 Apr 2021 15:26:47 +0000 (15:26 +0000)]
Add cabal-module(5) man page

OK kn

3 years agoremove dead code and unused dependencies
eric [Sat, 10 Apr 2021 10:19:19 +0000 (10:19 +0000)]
remove dead code and unused dependencies

ok tb@

3 years agoDo not compare TLS config params for non-TLS servers. This allows to
claudio [Sat, 10 Apr 2021 10:10:07 +0000 (10:10 +0000)]
Do not compare TLS config params for non-TLS servers. This allows to
mix 'listen * port 80' and 'listen * tls port 443' in one server block.
Also the last argument of server_tls_cmp - match_keypair - is always 0
so remove this code.
OK florian@ tb@ some long time ago

3 years agobump smtpd version
eric [Sat, 10 Apr 2021 06:44:18 +0000 (06:44 +0000)]
bump smtpd version

3 years agoregen
mlarkin [Fri, 9 Apr 2021 20:59:03 +0000 (20:59 +0000)]
regen

3 years agoadd pcidevs entries for Aquantia ethernet devices
mlarkin [Fri, 9 Apr 2021 20:58:20 +0000 (20:58 +0000)]
add pcidevs entries for Aquantia ethernet devices

3 years agoIt is macobio0; hit with the cluestick from jsg
kn [Fri, 9 Apr 2021 20:05:50 +0000 (20:05 +0000)]
It is macobio0;  hit with the cluestick from jsg

3 years agoallow to specify tls ciphers and protocols on listeners
eric [Fri, 9 Apr 2021 16:43:43 +0000 (16:43 +0000)]
allow to specify tls ciphers and protocols on listeners

ok tb@

3 years agoWhen a DHCP server sends an invalid T1 or T2 default back to the default
martijn [Fri, 9 Apr 2021 14:46:39 +0000 (14:46 +0000)]
When a DHCP server sends an invalid T1 or T2 default back to the default
values as specified in RFC2131 section 4.4.5. Allows my Comtrend VI-3223u
to work.

OK florian@

3 years agosynopsis: macobio0* -> macobio*
kn [Fri, 9 Apr 2021 11:36:28 +0000 (11:36 +0000)]
synopsis: macobio0* -> macobio*

3 years agoAdd a minimal regress test for the http client code.
claudio [Fri, 9 Apr 2021 10:14:36 +0000 (10:14 +0000)]
Add a minimal regress test for the http client code.
This currently uses some external website to do redirect test and
to check both regular and chunked downloads.
Only for libressl because you can't mix openssl 1.1 and libtls on OpenBSD.

3 years agoOnly modify routes if SA has a valid address lease. On IKE SA rekey
tobhe [Fri, 9 Apr 2021 09:15:04 +0000 (09:15 +0000)]
Only modify routes if SA has a valid address lease.  On IKE SA rekey
sa_cp_addr and sa_cp_addr6 are moved to the new SA before the old
SA is deleted.
Fixes a bug where host routes were deleted on IKE SA rekey.

ok patrick@

3 years agoChange a type to fix a warning with some compilers.
nicm [Fri, 9 Apr 2021 07:02:00 +0000 (07:02 +0000)]
Change a type to fix a warning with some compilers.

3 years agoTidy up the http state machine a bit. Make sure that http_nextstate() runs
claudio [Fri, 9 Apr 2021 06:52:50 +0000 (06:52 +0000)]
Tidy up the http state machine a bit. Make sure that http_nextstate() runs
until an error or an IO opperation is needed. In other words it should not
return 0. Because of this adjust the http_tls_connect() call a bit. Also
call http_connect() in http_redirect() instead of needing an extra step
in the state machine. Last but not least make sure that http_handle() does
only one IO operation and check for possible POLLHUP event.
OK tb@

3 years agoAn extra internal consistency check and a missing stats adjustment. ok tb@
otto [Fri, 9 Apr 2021 06:05:21 +0000 (06:05 +0000)]
An extra internal consistency check and a missing stats adjustment. ok tb@

3 years agoCache implementation has changed, we do not hold on to an exact number
otto [Fri, 9 Apr 2021 06:04:15 +0000 (06:04 +0000)]
Cache implementation has changed, we do not hold on to an exact number
of pages anymore, but also cache larger regions; ok tb@

3 years agoFix release time
tb [Fri, 9 Apr 2021 05:54:00 +0000 (05:54 +0000)]
Fix release time

ok deraadt

3 years agoExpose two extra metrics via JSON
job [Thu, 8 Apr 2021 19:49:27 +0000 (19:49 +0000)]
Expose two extra metrics via JSON

This removes some of the needs of rpki-client affiniadios who
screen-scrape rpki-client's STDOUT.

OK deraadt@