openbsd
6 years agoremove unused, empty file
tb [Tue, 17 Jul 2018 16:55:21 +0000 (16:55 +0000)]
remove unused, empty file

6 years agoReplace getprogname() to argv[0] in bnaddsub
inoguchi [Tue, 17 Jul 2018 14:27:22 +0000 (14:27 +0000)]
Replace getprogname() to argv[0] in bnaddsub

ok tb@

6 years agoallow shell globs to match program and hostname selector tags via
djm [Tue, 17 Jul 2018 13:51:47 +0000 (13:51 +0000)]
allow shell globs to match program and hostname selector tags via
fnmatch(3); ok sthen@ bluhm@

6 years agovmd(8): fix vmctl -b option for i386 kernels.
mlarkin [Tue, 17 Jul 2018 13:47:06 +0000 (13:47 +0000)]
vmd(8): fix vmctl -b option for i386 kernels.

ok pd@

6 years agoDon't send FBT_DESTROY if the FUSE connection is still PENDING. Also
helg [Tue, 17 Jul 2018 13:12:08 +0000 (13:12 +0000)]
Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

6 years agolibfuse now supports -f command line option; uncomment test.
helg [Tue, 17 Jul 2018 13:04:31 +0000 (13:04 +0000)]
libfuse now supports -f command line option; uncomment test.

6 years agounvname_new() is passed something that is always 64-bits so the
krw [Tue, 17 Jul 2018 07:43:34 +0000 (07:43 +0000)]
unvname_new() is passed something that is always 64-bits so the
parameter should be declared uint64_t and not int.

From & for semarie@ who isn't committing at the moment and ok beck@
who is on the road.

6 years agoSwitch to MSG_PROTOCOL_BGP4MP_ET formats for update and state mrt messages.
claudio [Tue, 17 Jul 2018 07:02:11 +0000 (07:02 +0000)]
Switch to MSG_PROTOCOL_BGP4MP_ET formats for update and state mrt messages.
The _ET format adds an additional microsecond time field which makes those
message dumps more informative. The various table dumps are not modified
since there the time especially between entries plays a secondary role.
OK benno@

6 years agowe have splraise() now
dlg [Tue, 17 Jul 2018 03:32:10 +0000 (03:32 +0000)]
we have splraise() now

previously the code would do a series of comparisons to IPL_FOO and
IPL_BAR, and use splfoo() and splbar() as needed, but for like a
dozen different IPl levels (i may be exaggerating). splraise() rolls
all of that up.

ok deraadt@ mpi@

6 years agoSlot 0 in the hostbased key array was previously RSA1, but that is
dtucker [Mon, 16 Jul 2018 22:25:01 +0000 (22:25 +0000)]
Slot 0 in the hostbased key array was previously RSA1, but that is
now gone and the slot is unused so remove it.  Remove two now-unused
macros, and add an array bounds check to the two remaining ones
(array is statically sized, so mostly a safety check on future changes).
ok markus@

6 years agoDocument behavior change of EC_POINTs_mul() again.
tb [Mon, 16 Jul 2018 17:37:25 +0000 (17:37 +0000)]
Document behavior change of EC_POINTs_mul() again.

6 years agoRecommit Billy Brumley's ECC constant time patch with a fix for sparc64
tb [Mon, 16 Jul 2018 17:32:39 +0000 (17:32 +0000)]
Recommit Billy Brumley's ECC constant time patch with a fix for sparc64
from Nicola Tuveri (who spotted the omission of ecp_nist.c from the PR).

discussed with jsing
tested by jsg

6 years agouse ANSI C function declaration; no binary change
jasper [Mon, 16 Jul 2018 17:05:15 +0000 (17:05 +0000)]
use ANSI C function declaration; no binary change

6 years agouse 'switch' rathan than an if-else construct to match on the netflow version to...
jasper [Mon, 16 Jul 2018 16:54:30 +0000 (16:54 +0000)]
use 'switch' rathan than an if-else construct to match on the netflow version to in pflow_get_mbuf(),
to match the rest of the file

ok benno@ florian@

6 years agoInsert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
helg [Mon, 16 Jul 2018 16:44:09 +0000 (16:44 +0000)]
Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

6 years agoAdd support for the BCM43455 SDIO chip to bwfm(4).
patrick [Mon, 16 Jul 2018 13:46:17 +0000 (13:46 +0000)]
Add support for the BCM43455 SDIO chip to bwfm(4).

6 years agoIn certain modes SDIO-connected bwfm(4) chips might expect us to read
patrick [Mon, 16 Jul 2018 13:41:19 +0000 (13:41 +0000)]
In certain modes SDIO-connected bwfm(4) chips might expect us to read
another packet (even though nextlen is set to none) to issue more RX
interrupts.

6 years agoBe more explicit in FETCH_TIMEOUT description.
espie [Mon, 16 Jul 2018 13:14:06 +0000 (13:14 +0000)]
Be more explicit in FETCH_TIMEOUT description.
It only happens on the command line.
If you want to put it in a config file, it's a DEFAULT or localhost
property called fetch_timeout instead.

6 years agoImplement FBT_FSYNC, which is called on fsync(2) and fdatasync(2).
helg [Mon, 16 Jul 2018 13:10:53 +0000 (13:10 +0000)]
Implement FBT_FSYNC, which is called on fsync(2) and fdatasync(2).
Currently ignores the a_waitfor argument and always invokes the file
system's fsync implementation synchronously.

ok mpi@

6 years agothe AP sends their crypto parameters as a mask, so let us still select it
phessler [Mon, 16 Jul 2018 12:42:22 +0000 (12:42 +0000)]
the AP sends their crypto parameters as a mask, so let us still select it
in case we want WPA2 and they have WPA1 still enabled

6 years agodon't save or use auto-join when the card is not in station (aka client) mode
phessler [Mon, 16 Jul 2018 12:34:14 +0000 (12:34 +0000)]
don't save or use auto-join when the card is not in station (aka client) mode

OK stsp@

6 years agofix thinko
espie [Mon, 16 Jul 2018 12:02:45 +0000 (12:02 +0000)]
fix thinko

okay mestre@

6 years agoRe-set the pointer to the bwfm event after the strict alignment
patrick [Mon, 16 Jul 2018 11:52:26 +0000 (11:52 +0000)]
Re-set the pointer to the bwfm event after the strict alignment
check.

6 years agoRemove support for loading HostBasedAuthentication keys directly in
dtucker [Mon, 16 Jul 2018 11:05:41 +0000 (11:05 +0000)]
Remove support for loading HostBasedAuthentication keys directly in
ssh(1) and always use ssh-keysign.  This removes one of the few remaining
reasons why ssh(1) might be setuid.  ok markus@

6 years agonetwork.conf
espie [Mon, 16 Jul 2018 09:13:29 +0000 (09:13 +0000)]
network.conf

6 years agobyebye network.conf.template
espie [Mon, 16 Jul 2018 09:12:40 +0000 (09:12 +0000)]
byebye network.conf.template

6 years agoUse struct filterstate in rde_update_dispatch() and pass it down to
claudio [Mon, 16 Jul 2018 09:09:20 +0000 (09:09 +0000)]
Use struct filterstate in rde_update_dispatch() and pass it down to
functions like rde_update_update and path_update. This will allow to
move more pointers from rde_aspath to the prefix.
Looks good benno@

6 years agomake this build again after changes made in rev 1.74
jsg [Mon, 16 Jul 2018 08:53:44 +0000 (08:53 +0000)]
make this build again after changes made in rev 1.74
ok mpi@ phessler@

6 years agoAdd an "Any" key to run a command if a key is pressed that is not bound
nicm [Mon, 16 Jul 2018 08:48:22 +0000 (08:48 +0000)]
Add an "Any" key to run a command if a key is pressed that is not bound
in the current key table. GitHub issue 1404.

6 years agoreduce duplicate code, fix typo/free correct buffer
kn [Mon, 16 Jul 2018 08:29:08 +0000 (08:29 +0000)]
reduce duplicate code, fix typo/free correct buffer

In filteropts_to_rule():

* Merge `once' handling from `anchorrule' and `pfrule'
* Remove/shorten duplicate code block
* Fix typo I introduced with r1.678 that frees the wrong buffer (twice)

OK sashan

6 years agortadvd is only interested in IPv6 so limit route socket to AF_INET6.
claudio [Mon, 16 Jul 2018 07:56:04 +0000 (07:56 +0000)]
rtadvd is only interested in IPv6 so limit route socket to AF_INET6.
OK florian@

6 years agoFix for uninitialized variables.
mpi [Mon, 16 Jul 2018 07:49:31 +0000 (07:49 +0000)]
Fix for uninitialized variables.

Found by and ok jsg@, ok markus@

6 years agotypos, from Michael W. Bombardieri.
mpi [Mon, 16 Jul 2018 07:48:17 +0000 (07:48 +0000)]
typos, from Michael W. Bombardieri.

6 years agokeep options.identity_file_userprovided array in sync when we load
djm [Mon, 16 Jul 2018 07:06:50 +0000 (07:06 +0000)]
keep options.identity_file_userprovided array in sync when we load
keys, fixing some spurious error messages; ok markus

6 years agomemleak in unittest; found by valgrind
djm [Mon, 16 Jul 2018 03:09:59 +0000 (03:09 +0000)]
memleak in unittest; found by valgrind

6 years agomemleaks; found by valgrind
djm [Mon, 16 Jul 2018 03:09:13 +0000 (03:09 +0000)]
memleaks; found by valgrind

6 years agovioscsi driver has been stable enough so we can move a good portion of these
ccardenas [Sun, 15 Jul 2018 20:25:52 +0000 (20:25 +0000)]
vioscsi driver has been stable enough so we can move a good portion of these
log_debug messages to be DPRINTF (compile time).

Prompted by reyk@.

Ok reyk@.

6 years agore-commit the removal of the EC_POINTs_mul() regression tests with num > 1
tb [Sun, 15 Jul 2018 18:22:57 +0000 (18:22 +0000)]
re-commit the removal of the EC_POINTs_mul() regression tests with num > 1

6 years agoDocument xcrypt in the amd64 version of cpu.4.
fcambus [Sun, 15 Jul 2018 18:04:37 +0000 (18:04 +0000)]
Document xcrypt in the amd64 version of cpu.4.

Bits taken from the i386 version.

OK jmc@

6 years agorecommit label indentation part of the backout; clearly unrelated to the
tb [Sun, 15 Jul 2018 16:27:39 +0000 (16:27 +0000)]
recommit label indentation part of the backout; clearly unrelated to the
breakage.

6 years agoRevert unrelated change to vioscsi.c
reyk [Sun, 15 Jul 2018 14:42:04 +0000 (14:42 +0000)]
Revert unrelated change to vioscsi.c

(I had this in my tree to silence vioscsi.c log_debug, but Carlos
already has a better diff for that)

6 years agoTrack resources and enforce cpu/memory/interface limits for non-root users.
reyk [Sun, 15 Jul 2018 14:36:54 +0000 (14:36 +0000)]
Track resources and enforce cpu/memory/interface limits for non-root users.

The limits are currently hard-coded and undocumented (4 CPUs/VMs, 2G
memory, 8 interfaces) but will be configurable in an upcoming diff.
These limits are tracked in total usage; for example, a user will be
able to run up to 4 VMs with 512M of memory or a single VM with 2G.

OK ccardenas@ mlarkin@

6 years agoRestore correct behaviour to pledge for access and stat, which was broken
beck [Sun, 15 Jul 2018 12:44:09 +0000 (12:44 +0000)]
Restore correct behaviour to pledge for access and stat, which was broken
by the unveil diff.   Noticed at, and diff from semarie@

6 years agotweak previous;
jmc [Sun, 15 Jul 2018 11:35:57 +0000 (11:35 +0000)]
tweak previous;

6 years agoadjust the example hostname.if to show "wpakey" on the same line as "nwid",
phessler [Sun, 15 Jul 2018 10:46:48 +0000 (10:46 +0000)]
adjust the example hostname.if to show "wpakey" on the same line as "nwid",
and provide an IPv6 autoconf example.

while here, split interface settings from IP assignment.

OK jmc@

6 years agoadjust hostname.if examples to show "wpakey" on the same line as "nwid"
phessler [Sun, 15 Jul 2018 10:44:49 +0000 (10:44 +0000)]
adjust hostname.if examples to show "wpakey" on the same line as "nwid"

OK jmc@

6 years agoImplement RFC 8106: IPv6 Router Advertisement Options for DNS
florian [Sun, 15 Jul 2018 09:28:21 +0000 (09:28 +0000)]
Implement RFC 8106: IPv6 Router Advertisement Options for DNS
Configuration.

6 years agomark up managed / other configuration
florian [Sun, 15 Jul 2018 09:27:02 +0000 (09:27 +0000)]
mark up managed / other configuration

6 years agoIt's a packet, not package.
florian [Sun, 15 Jul 2018 09:26:26 +0000 (09:26 +0000)]
It's a packet, not package.

6 years agonuke newd leftover
florian [Sun, 15 Jul 2018 09:25:41 +0000 (09:25 +0000)]
nuke newd leftover

6 years agoremove unused variable
gilles [Sun, 15 Jul 2018 08:49:12 +0000 (08:49 +0000)]
remove unused variable

6 years agoFix new-window -k, GitHub issue 1403.
nicm [Sun, 15 Jul 2018 06:57:13 +0000 (06:57 +0000)]
Fix new-window -k, GitHub issue 1403.

6 years ago$OpenBSD$
tb [Sun, 15 Jul 2018 06:03:31 +0000 (06:03 +0000)]
$OpenBSD$

6 years agoAlso revert regression tests so that EC_POINTs_mul() with longer vectors
tb [Sun, 15 Jul 2018 06:02:42 +0000 (06:02 +0000)]
Also revert regression tests so that EC_POINTs_mul() with longer vectors
gets exercised again.

6 years agoback out ecc constant time changes
jsg [Sun, 15 Jul 2018 05:38:48 +0000 (05:38 +0000)]
back out ecc constant time changes

after the constant time commits various regress tests started failing
on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out
resulted in 'invalid elliptic curve value'

ok tb@

6 years agodon't run cvs_client_sendfile() if its file_type is CVS_DIR, but do not
joris [Sat, 14 Jul 2018 21:28:02 +0000 (21:28 +0000)]
don't run cvs_client_sendfile() if its file_type is CVS_DIR, but do not
depend on it being CVS_FILE explicitly.

unbreaks remote operations on removed files.

6 years agoDocument that route monitor also takes -T rtable as an argument.
benno [Sat, 14 Jul 2018 13:38:48 +0000 (13:38 +0000)]
Document that route monitor also takes -T rtable as an argument.

6 years agoMake route monitor display changes in all routing domains by forcing
benno [Sat, 14 Jul 2018 13:37:44 +0000 (13:37 +0000)]
Make route monitor display changes in all routing domains by forcing
the route filter to set RTABLE_ANY. Previously only the routing
table/rdomain of the route process was displayed (that being the
kernel default).
ok kn@ claudio@ and henning@

6 years agoget rid of two more implicit ktable_get with rdomain 0.
benno [Sat, 14 Jul 2018 12:32:35 +0000 (12:32 +0000)]
get rid of two more implicit ktable_get with rdomain 0.
should not change anything when run in rdomain 0.
ok henning@ phessler@ claudio@

6 years agoDon't pass an uninitialised size value to free(9). Pointer argument is
jsg [Sat, 14 Jul 2018 10:21:48 +0000 (10:21 +0000)]
Don't pass an uninitialised size value to free(9).  Pointer argument is
NULL in this path so free will return early without accessing it.

ok jca@ tb@

6 years agoRemove mention of old man directory
kn [Sat, 14 Jul 2018 10:02:24 +0000 (10:02 +0000)]
Remove mention of old man directory

OK espie

6 years agosync
jsg [Sat, 14 Jul 2018 09:07:27 +0000 (09:07 +0000)]
sync

6 years ago.El should have been zapped too;
jmc [Sat, 14 Jul 2018 07:40:17 +0000 (07:40 +0000)]
.El should have been zapped too;

6 years agozap network configuration section, it's a level of tinkering that's
espie [Sat, 14 Jul 2018 07:07:26 +0000 (07:07 +0000)]
zap network configuration section, it's a level of tinkering that's
not really supported.

add another ref to PORTS_PRIVSEP here, as it is really a good idea.

6 years agoRemove cscope leftover and a stray comma.
bentley [Fri, 13 Jul 2018 20:06:10 +0000 (20:06 +0000)]
Remove cscope leftover and a stray comma.

From "kshe" on tech@.

6 years agoopenssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET
cheloha [Fri, 13 Jul 2018 18:36:56 +0000 (18:36 +0000)]
openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

6 years agotweak previous; ok reyk
jmc [Fri, 13 Jul 2018 17:48:30 +0000 (17:48 +0000)]
tweak previous; ok reyk

6 years agoCorrect some typos and also ran it through mandoc -Tlint
mestre [Fri, 13 Jul 2018 17:18:34 +0000 (17:18 +0000)]
Correct some typos and also ran it through mandoc -Tlint

OK millert@ deraadt@ and jmc@ who also gave me a cluebat stick

6 years agoAdd & update author credits for Mary Ann Horton.
cheloha [Fri, 13 Jul 2018 16:59:46 +0000 (16:59 +0000)]
Add & update author credits for Mary Ann Horton.

Add credits for leave(1) and w(1); update credit for script(1).

Supported by the Spinellis repo and CSRG SCCS logs.

ok brynet millert jca jmc schwarze

6 years agonetwork -> interface; ok reyk@
anton [Fri, 13 Jul 2018 15:18:59 +0000 (15:18 +0000)]
network -> interface; ok reyk@

6 years agoexplicitly link libm for sqrt()/fmax() calls added in bgpctl.c rev 1.204
jsg [Fri, 13 Jul 2018 15:02:40 +0000 (15:02 +0000)]
explicitly link libm for sqrt()/fmax() calls added in bgpctl.c rev 1.204

6 years agounbreak gcc4 build
jsg [Fri, 13 Jul 2018 13:47:41 +0000 (13:47 +0000)]
unbreak gcc4 build

6 years agoCheck the disk/kernel/cdrom file permissions after openening the fd.
reyk [Fri, 13 Jul 2018 10:26:57 +0000 (10:26 +0000)]
Check the disk/kernel/cdrom file permissions after openening the fd.

This prevents time of TOCTOU attacks for instances.

OK mlarkin@

6 years agoMake the default failure for unveil while disabled return success
beck [Fri, 13 Jul 2018 09:36:00 +0000 (09:36 +0000)]
Make the default failure for unveil while disabled return success
so that people don't get screwed when playing with it on their
machines

6 years agosync
deraadt [Fri, 13 Jul 2018 09:28:07 +0000 (09:28 +0000)]
sync

6 years agoCrank minor for unveil
beck [Fri, 13 Jul 2018 09:27:07 +0000 (09:27 +0000)]
Crank minor for unveil
ok deraadt@

6 years agoUnveiling unveil(2).
beck [Fri, 13 Jul 2018 09:25:22 +0000 (09:25 +0000)]
Unveiling unveil(2).
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.

Still needs to send the unveil's across forks and execs before
fully enabling.

Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@

6 years agono longer interpret 0.192.168.4 in hosts(5) as 192.168.4/24
schwarze [Fri, 13 Jul 2018 09:19:42 +0000 (09:19 +0000)]
no longer interpret 0.192.168.4 in hosts(5) as 192.168.4/24
OK phessler@ claudio@ benno@ kn@
"steh' nicht rum, committe das" henning@

6 years agoMonitor the route socket and regenerate the list of interfaces and
florian [Fri, 13 Jul 2018 09:16:50 +0000 (09:16 +0000)]
Monitor the route socket and regenerate the list of interfaces and
messages to send when an interface shows up or disappears or
and address shows up or disappears.

6 years agoadd missing IMSG_STARTUP; unclear why this ever worked
florian [Fri, 13 Jul 2018 09:16:15 +0000 (09:16 +0000)]
add missing IMSG_STARTUP; unclear why this ever worked

6 years agoUse "rtable" not "tableid" as argument name for rtable
kn [Fri, 13 Jul 2018 09:06:58 +0000 (09:06 +0000)]
Use "rtable" not "tableid" as argument name for rtable

Make rtable(4) usage documentation consistent with other programs.
This is to have `man -k ar~rtable' show the full list without having to
look for other variations of the same argument type.

OK bluhm

6 years agoUnused variables.
krw [Fri, 13 Jul 2018 09:03:44 +0000 (09:03 +0000)]
Unused variables.

ok henning@

6 years agoUnused variable.
krw [Fri, 13 Jul 2018 09:02:07 +0000 (09:02 +0000)]
Unused variable.

ok martijn@ henning@

6 years agotests for next steps in unveil
beck [Fri, 13 Jul 2018 08:59:02 +0000 (08:59 +0000)]
tests for next steps in unveil

6 years agoSome USB network interfaces like rum(4) report ENXIO from their
bluhm [Fri, 13 Jul 2018 08:51:15 +0000 (08:51 +0000)]
Some USB network interfaces like rum(4) report ENXIO from their
ioctl function after the device has been pulled out.  Also accept
this error code in bpf_detachd() to prevent a kernel panic.  tcpdump(8)
may run while the interface is detached.
from Moritz Buhl; OK stsp@

6 years agoUnused variables.
krw [Fri, 13 Jul 2018 08:51:14 +0000 (08:51 +0000)]
Unused variables.

ok halex@

6 years agoFix some comments referencing sockets which are not used by the ber api. The
rob [Fri, 13 Jul 2018 08:50:38 +0000 (08:50 +0000)]
Fix some comments referencing sockets which are not used by the ber api. The
api uses read and write buffers (byte streams) that are utilized by calling
applications which may or may not use sockets.

ok claudio@

buffer byte streams that applications then use for

6 years agoWhen we nack a domain service because we don't support the requested major
kettenis [Fri, 13 Jul 2018 08:46:07 +0000 (08:46 +0000)]
When we nack a domain service because we don't support the requested major
version, provide a major version that we do support.

6 years agoEliminate the weird condition in the BN_swap_ct() API that at most one bit
tb [Fri, 13 Jul 2018 08:43:31 +0000 (08:43 +0000)]
Eliminate the weird condition in the BN_swap_ct() API that at most one bit
be set in condition. This makes the constant time bit-twiddling a bit
trickier, but it's not too bad. Thanks to halex for an extensive rubber
ducking session over a non-spicy spicy tabouleh falafel..

ok jsing, kn

6 years agoAdd "allow instance" option.
reyk [Fri, 13 Jul 2018 08:42:49 +0000 (08:42 +0000)]
Add "allow instance" option.

This allows users to create VM instances and change desired options,
for example a user can be allowed to run a VM with all the
pre-configured options but specify an own disk image.

(mlarkin@ was fine with iterating over it)

OK ccardenas@

6 years agoUnused variables.
krw [Fri, 13 Jul 2018 08:41:32 +0000 (08:41 +0000)]
Unused variables.

ok henning@ phessler@

6 years agoFix regression on child queue definitions
kn [Fri, 13 Jul 2018 08:41:15 +0000 (08:41 +0000)]
Fix regression on child queue definitions

I comitted the wrong diff in 1.680 which turned `queue cq parent pq ...'
into invalid syntax by changing `interface' to `ON if_item'.

Found by bket, thanks!

6 years agoUnused variable.
krw [Fri, 13 Jul 2018 08:39:33 +0000 (08:39 +0000)]
Unused variable.

ok deraadt@

6 years agopass control socket in from main
florian [Fri, 13 Jul 2018 08:32:10 +0000 (08:32 +0000)]
pass control socket in from main

6 years agopass in route socket from main; stub out handling for now
florian [Fri, 13 Jul 2018 08:31:34 +0000 (08:31 +0000)]
pass in route socket from main; stub out handling for now

6 years agoDisable codepatching infrastructure after boot
sf [Fri, 13 Jul 2018 08:30:34 +0000 (08:30 +0000)]
Disable codepatching infrastructure after boot

This way, it is not available for use in ROP attacks.  This diff puts the
codepatching code into a separate section and unmaps that section after boot.
In the future, the memory could potentially be reused but that would require
larger changes.

ok pguenther@

6 years agoFix loop condition in ber.c. Discussed with claudio.
rob [Fri, 13 Jul 2018 08:30:10 +0000 (08:30 +0000)]
Fix loop condition in ber.c. Discussed with claudio.

ok claudio@, jca@

6 years agoMove aspath_verify() and aspath_inflate() into util.c so bgpctl can use them.
claudio [Fri, 13 Jul 2018 08:18:11 +0000 (08:18 +0000)]
Move aspath_verify() and aspath_inflate() into util.c so bgpctl can use them.
With this it gets a bit easier to parse MRT update messages in bgpctl.
OK benno@ phessler@

6 years agorepair inconsistancies
deraadt [Fri, 13 Jul 2018 08:10:56 +0000 (08:10 +0000)]
repair inconsistancies

6 years agorepair inconsistancies
deraadt [Fri, 13 Jul 2018 08:10:45 +0000 (08:10 +0000)]
repair inconsistancies