IABSD.fr/src/usr.sbin

Branch :


Log

Author Commit Date CI Message
510586ac 2024-01-20 09:01:03 Use imsg_get_fd() to access the fd passed via imsgs. Most of the conversion is simple there is just log_imsg() that can no longer display the fd since imsg_get_fd() can only be called once. OK op@
25d70ad5 2024-01-18 14:56:44 Convert IMSG_UPDATE and session_update() to new imsg API and ibufs. OK tb@
53027660 2024-01-18 14:49:59 Use imsg_get_fd() in vmd. vmd uses a lot of fd passing and does it sometimes via extra abstraction so this just tries to convert the code without any optimisations. ok dv@
fbeb5293 2024-01-18 14:46:21 Convert the simple imsgs to use imsg_get_data(). OK tb@
c527cc7a 2024-01-18 14:34:26 The CRL's purported signing time actually is called thisUpdate, not lastUpdate OK tb@ claudio@
12c70ad2 2024-01-18 09:58:23 Convert privsep imsg code to use imsg_get_fd(). ok yasuoka
d1ecb0c5 2024-01-18 09:39:36 Fix IMSG_RECONF_ASPA handling. The rde did not expect what the rtr process was sending and hit the error path because of that. Since the encoding as two uint32_t in rtr.c is awkward use the same way that the parent is sending the aspa sets. This uses a local copy so that the included expire filed is forced to 0 (the RDE does not use that field). OK tb@
a1416996 2024-01-17 10:01:24 Use imsg_get_fd() As usual proc_forward_imsg() is never forwarding a file descriptor so just use -1 there. This should be replaced by imsg_forward(). All other changes are simple conversions. OK tb@
135f245e 2024-01-17 08:28:15 Use imsg_get_fd() and a local variable. OK florian@
3cc21533 2024-01-17 08:22:40 Convert to use imsg_get_fd() since proc_forward_imsg() never forwards a file descriptor just use -1 there. OK tb@
8e42cc06 2024-01-17 08:20:58 Get all variable-length values for the parent server before linking the server onto various list. Fixes a use-after-free if former fails. OK tb@
72348922 2024-01-16 19:52:39 Update standards reference
1045066f 2024-01-16 14:35:56 Handle variable names (things strating with $ or @) in yylex() this way the error handling of strange variable names can be better controlled. With and OK dv@
e60163e5 2024-01-16 13:33:12 Convert to imsg_get_fd() and remove unused proc_forward_imsg(). OK martijn@
ebae4308 2024-01-16 13:15:31 Switch session_notification() over to use a struct ibuf to carry the extra data. With this IMSG_UPDATE_ERR can use the new imsg API. Introduce session_notification_data() for the few cases where there is no ibuf readily available. OK tb@
d8eba67b 2024-01-15 15:44:50 Convert the simple bits of imsg handling over to the new imsg API. OK tb@
a62144a2 2024-01-15 11:55:26 A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation so handle this case as well. This error triggers an RTR_EVNT_NO_DATA event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation). When there is no data available the session_id remains unset until data becomes available. So handle this case not only in rtr_parse_cache_response() but also in rtr_parse_notify(). RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a reset or serial query depending on the cache session state. OK tb@
3d08ede4 2024-01-12 23:50:11 Clarify some behaviour for 'vmctl start' and 'vmctl reload' Clarify that vmctl start max memory is governed by the vmd(8) user's max datasize in /etc/login.conf and that vmctl reload only reloads state for non-running VMs. ok dv
ba323c9d 2024-01-12 11:19:51 Convert the simple IMSG calls in session.c to the new imsg API. OK tb@
c8f6e08e 2024-01-11 15:46:25 rename field ibuf to imsgbuf in struct ctl_conn OK tb@
047cb73c 2024-01-11 15:38:05 Clear the last errors after receiving a RTR_EVNT_END_OF_DATA event. Once the cache is synced we can assume that the errors are no longer relevant. OK tb@
d6291362 2024-01-11 14:34:49 Move the 'Last received shutdown reason:' output a bit down where it makes more sense.
41ac0909 2024-01-11 14:11:03 Clear the last_sent_errcode, last_rcvd_errcode and last_reason when the session comes up instead of at the start of a connect. With this the last errors reported should stick around longer. Reported by linx.net, OK job@
8167eafe 2024-01-11 13:09:41 Display the exported rtr session state and fix a missing indent. OK tb@
33c73471 2024-01-11 13:08:39 Export the rtr session state as string. OK tb@
e9d2d4cd 2024-01-11 11:55:14 Make the -P option work for Trust Anchor certificates as well OK tb@
125ef3d5 2024-01-11 11:43:07 Try to improve RTR version negotiation. RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when it comes to inital version negotiation. The authors seem to have a very different view on how this works compared to the various RTR cache implementations. Reducing the version on any session close is a problem since it often leads to downgraded sessions where not needed. Instead require the server to send PDUs with their correct version (either a code 4 error, a cache response or cache reset pdu). Extensively tested against various modes of StayRTR. Also tested against routinator which is currently not following the spec (https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown versions. This is probably not the last change to make RTR version negotiation work but it is a step in the right direction. OK tb@
9dad7388 2024-01-10 16:08:36 Improve rtr_send_error() so that there is no need to log_warnx() before. Now rtr_send_error() supports a format string for the error message so use this fact to make the error report better. OK tb@
2d7da873 2024-01-10 14:59:41 Add missing newlines in printf.
6290e740 2024-01-10 13:31:09 Implement log_roa() and log_aspa() and use these functions in printconf.c OK tb@
0b920bb9 2024-01-10 11:08:04 Update the control.c code to use the new imsg API. OK tb@
cc847d2a 2024-01-10 04:13:59 vmm/vmd: add io instruction length to exit information. Add the instruction length to the vm exit information to allower vmd(8) to manipulate the instruction pointer after io emulation. This is preparation for emulating string-based io instructions. Removes the instruction pointer update from the kernel (vmm(4)) as well as the instruction length checks, which were overly restrictive anyways based on the way prefixes work in x86 instructions. ok mlarkin@
0d6339a2 2024-01-09 15:13:49 The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210). Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this oddity. With this bgpd supports RFC6810 and RFC8210 and some form of draft-ietf-sidrops-8210bis OK tb@
964d6687 2024-01-09 14:43:41 rtr_parse_notify() state check is special since we ignore the PDU when it arrives in a strange moment. The RFC is as helpful about this as one could expect. Still I botched the state check and later added an rtr_send_error() call which made the previous worse. OK tb@
4fa7a5b4 2024-01-09 14:15:15 Be more consistent with RTR parse error reporting. Stop calling rtr_send_error() after a parse error in rtr_process_msg(); instead move the calls into the parse functions. Use consistend and useful error text to most rtr_send_error() calls. In parse header also check the minimal version for router key and ASPA pdus before checking their length. OK tb@
be25e90d 2024-01-09 13:41:32 Convert the parent process imsg handling over to the new imsg API. This simplifies the code a fair bit and removes direct unchecked memory access to imsg.data. OK tb@
da5362d5 2024-01-09 03:15:59 Delete support for FFS filesystems before the in-inode symlink optimization. As observed by ali_farzanrad(at)riseup.net, support for these was broken in the 5.5 release in early 2014 by the time_t changes. No one noticed before now, so clearly this isn't something we need to continue to support; rejecting in ffs_validate() is an improvement. Also: simplify DIRSIZ(), drop OLDDIRFMT and NEWDIRFMT, tests of fs_maxsymlinklen against zero, #ifdef tests of FS_44INODEFMT, and remove support for newfs -O0, last used in 2016. ok miod@
7d96e163 2024-01-08 19:46:19 Only use DIR_VALID in noop mode Looking in DIR_TEMP will not find a file, resulting in lots of ugly printf (null). This is another bandaid until I figure out how to fix my fix for this function... with/ok job
37149e4f 2024-01-08 16:39:17 Rework rtr_parse_header() and introduce rtr_check_session_id() to make the initial header parsing simpler. This also allows to simplify the version negotiation dance a bit. More is needed there. OK tb@
ee979483 2024-01-08 15:09:14 Simplify the IMSG_CTL_KROUTE after the change in bgpd. OK tb@
91504155 2024-01-08 15:08:34 Define and use struct ctl_kroute_req to encode the arguments of IMSG_CTL_KROUTE instead of doing it by hand. OK tb@
76e157ac 2024-01-08 04:16:48 Pass the request packet to response decorations for future use. This is required for many cases and will be used future.
3db25975 2024-01-07 09:48:29 rpki-client: zap a stray space
65827fe9 2024-01-07 09:48:03 rpki-client: print revocation time in filemode If a certificate was revoked, extract the revocation timestamp and update the warning message in filemode to include it. ok job
172a5cb9 2024-01-06 19:34:54 Prevent use after free of TLS context at syslogd(8) shutdown. When splitting the event fields f_ev and f_bufev, disabling some events was missed. Callbacks could happen after tls_free(). Call bufferevent_disable() before f_bufev and struct filed are cleaned. In some error cases f_bufev might be NULL, add a check before cleanup. OK tb@
ef0dceb5 2024-01-06 11:29:00 put the real sizes into the "title" attribute so that hovering shows the exact value. adjust/refactor javascript sorter accordingly
fba72c10 2024-01-05 11:02:57 Improve rtr_send_error() logging and demote the FSM state changes from log_info to log_debug. OK tb@
8dc592d3 2024-01-04 18:17:47 make auto-index better - make it an actual table - use "human readable sizes" for the file sizes - add some decoration and javascript to be able to sort it per-column (client side) (this means some extra column attribute) - add glue to facilitate embedding js + css directly in the program - add some graphical indication for directories - should still validate as proper html everywhere (custom properties need to be called data-* for this!) Work with claudio@ and tb@, many thanks to claudio@ for some of the finer points of css handling, and tb@ for some fine spaces fixes. I've tried it with lynx as well, shows up correctly. One big plus is that the size of columns work as utf-8, so you can expose filenames without any problems (I've tried it with non-js text navigators as well as firefox, chromium and friends) And it looks slightly less yahoo ca. 1995. It's still "one size fits all". If people object to the current look, adding httpd.conf(5) properties to override the default css should be easy. okay claudio@, tb@
ed5572f8 2024-01-04 16:38:18 Rewrite the imsg handling using the new API functions. OK tb@
b1793e8c 2024-01-04 14:30:09 Convert the RTR PDU parser to use the new ibuf API. Lenght / overflow checks are now handled by ibufs. OK tb@
ee9b0250 2024-01-04 10:26:14 Rename argument roa of imsg_send_sockets() to rtr since the imsgbuf is for PROC_RTR.
d1ee423b 2024-01-04 09:34:03 fix IPv6 addresses table lookups Rework parse_sockaddr() to not reach inet_pton() with a brace-wrapped IPv6 address. Issue reported by Kirill Miazine. ok millert@
ed9a50d3 2024-01-04 09:30:09 set_localaddrs(): don't wrap IPv6s address with braces twice ss_to_text() already wraps ipv6 addresses in braces, so no need to do it again and no need to do that for IPv4 addresses too. ok millert@
adb7c8aa 2024-01-03 22:34:39 vmd(8): improve error messages when out of tap devices. The logging and the (lack of) errno don't describe the actual reason a vm fails to start when there are not enough tap(4) special files in /dev. Improve the log message to specify the tap file in question and set ENOENT so vmctl(8) gets something other than an undefined errno value to report. ok bluhm@
0314fe8b 2024-01-03 16:07:37 Use "established" and "exchange" as RTR state names. "idle" and "active" are used in the BGP FSM with different meaning which leads to confusion. When a RTR session is up the state is "established" apart from the time when a new delta is loaded (between cache response and end of data PDU) the state is "exchange". OK tb@
cd8603db 2024-01-03 08:11:15 relax ORCPT syntax validation We expected the ORCPT parameter to be a valid rfc822 address. This is wrong on multiple levels: - any other IANA-registered "addr-type" can be used - the parameter may be encoded and we didn't decode it prior validation - RFC3461 explicitly states that "[..] the address associated with the ORCPT keyword is NOT constrained to conform to the syntax rules for that 'addr-type'". Instead, just validate the xtext and preserve the ORCPT value as-is. Issue originally reported by Tim Kuijsten, Tassilo Philipp and others. ok millert@
c46e1f29 2024-01-03 03:14:16 vmd(8): remove unused variable from vionet_notify_tx. num_enq was assigned and incremented, but never used. clang started pointing out via warnings. No functional change.
b1f70f86 2024-01-02 10:25:48 have quirks behave way more like other packages so it can have dependencies
d224bf8f 2023-12-29 18:52:11 bump version
3360cec3 2023-12-29 17:15:10 Pass correct file to warnx() We end up here only if mft1 == NULL, which can happen because file1 == NULL. Use file2 instead because mft2 != NULL implies file2 != NULL. ok job
949cd606 2023-12-29 14:35:43 Fix a NULL access or use-after-free bug This is a bandaid, the proc_parser_mft() is too complex and needs reworking OK tb@
57fd1053 2023-12-28 18:05:32 don't add values we won't print, use scandir properly okay tb@ (logic NOT simplified because I don't want to risk introducing bugs, and the compiler knows as much boolean logic as me)
929e486e 2023-12-27 12:00:30 Refactor rtr_parse_error() so that even a NO_DATA_AVAILABLE is logged as last error. So that bgpctl can show that there was no data available. OK tb@
81536071 2023-12-27 11:29:56 sync table(5) with reality There are two different parser for table(5)s with different edge cases. Adjust the documentation to what the strictier of the two (smtpd internal parser) accepts, even if makemap(8) allows for more. In particular, adjust the description for the comments (that cannot be 'anywhere in the file'), document the special comment @list and mention that splitting is done on the colon character too. ok and many improvements from jmc@
58d5f018 2023-12-27 07:17:39 Mark rrdp debug logging functions as used in regress ok claudio
4032f119 2023-12-27 07:15:55 Rework the warnings on internet resources Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages. ok claudio job
c35859a1 2023-12-26 11:03:27 Do not accept empty delta elements Ties de Kock found RRDP content that doesn't match the XML schema, most likely generated by krill: https://github.com/NLnetLabs/krill/issues/1180 Use the state machine to mark a new delta element as empty and check at the end whether that state was changed (which means it contained publish or withdraw elements). If so, raise a parse failure. ok claudio job
b7a40dd6 2023-12-24 10:48:58 Zal dead code OK tb@
ea1a5cb4 2023-12-24 06:35:05 Rewrite dev_mkdb with FTS This adds support for the devices in nested directories. Pointers, review, and OK by semarie@
d835b37b 2023-12-23 10:29:05 remove trailing whitespaces
a66ae6eb 2023-12-22 13:04:30 Call log_setverbosity() directly after getopt() so that debugging information during config-parsing can be displayed. OK tb@
7a7ccefc 2023-12-22 13:03:16 Remove a log_debug from usm_checkuser(). It would only display what is in the config and was never actually displayed because of insufficient verbosity level during config-parsing and would display the wrong auth algorithm for SHA2. OK tb@
4e2cbd5c 2023-12-21 13:54:05 mib_init() and MIB() disappeared with mib.c, remove their declarations. MIBDECL() and MIBEND are only used inside mib.h, so move their definition in there. OK tb@
a9292d2a 2023-12-21 12:43:30 Clean up snmpd's header situation. With the help of tb@ and include-what-you-use. OK tb@
b71395ea 2023-12-20 17:29:01 update to nsd 4.8.0 OK sthen
8745f5cf 2023-12-20 15:36:36 introduce log_ntp_addr() and use it where applicable, avoids a null pointer deref in constraint.c reported by bluhm@; ok millert@
bf2cda35 2023-12-20 14:00:17 btrace: add support for hex and octal values. Changes number tokenizing and parsing to support hex & octal values. Does not address other lexer issues (e.g. $0x1) to close gaps with bpftrace. OK claudio@
68aa3067 2023-12-20 01:38:46 btrace: "too long line" -> "line too long" ok claudio@
bf4f3cea 2023-12-19 10:32:20 Show the RTR protocol version in the `bgpctl show rtr` output. Knowing the version is essential to understand if ASPA PDUs are included or not. OK tb@
5134f2df 2023-12-18 23:42:20 Rephrase some warnings related to Manifests Feedback from Tom Harrison (APNIC) with and OK tb@
70787abd 2023-12-18 16:58:26 Add a family argument to host(). This allows us to force a specific address family for source-address, which must be in line with the destination address. OK jca@
35b9b084 2023-12-18 16:56:01 Fix copy-paste error for setting source-address in trap receiver. OK jca@
649070df 2023-12-18 09:51:06 bump version
063971dd 2023-12-18 09:42:57 Fix two memory leaks: - MIB_snmpInReadOnlys was tried to be registered twice, leading to a leak of the second instance. Prevent this mistake in the future by making a double registration fatal. - The response buffer is owned by the backend, so the backend must also free it. OK tb@
01a115c6 2023-12-14 13:52:37 Mostly straightforward conversion to imsg_get_fd() only the handling of the control socket needs a local variable since imsg_get_fd() can only be called once on an imsg. OK tb@
4bba3f27 2023-12-14 11:10:19 Use imsg_get_fd() to access the file descriptor passed in the imsg. OK tb@
95e9ede3 2023-12-14 11:09:56 Use imsg_get_fd() to access the file descriptor passed in the imsg. OK tb@
d9be77f0 2023-12-14 11:09:34 Use imsg_get_fd() to access the file descriptor passed in the imsg. OK tb@
4e94f1e1 2023-12-14 10:02:27 Rewrite send_packet to update the eigrp header without using ibuf_seek. There is a long term goal to remove ibuf_seek from the public ibuf API since the function is a bit tricky to use. OK tb@
de494ec3 2023-12-14 07:52:53 rpki-client: make IP address block checks stricter There are only two valid AFIs in this context, so check that we have one or two of them. We only accept the IPv4 and IPv6 AFIs in ip_add_afi_parse() and reject any SAFI, so enforce that neither AFI is repeated. This doesn't change things for certificates, where all this is implied by other checks combined. Making this explicit and match the logic needed for ROAs is a win. looks good to job ok claudio
f608ccda 2023-12-13 17:50:23 Match what reorder_kernel is doing and use kern.osversion to find out whether we are running an MP kernel or not. based on a reworked submission from kris at devtty dot one via deraadt@ input and ok robert@
5608ad94 2023-12-13 15:34:43 Use imsg_get_fd() to access the control fd. OK tb@
19ca2900 2023-12-13 15:34:27 Use imsg_get_fd() to access the control fd. OK tb@
ca6116e7 2023-12-12 20:18:39 The OID inside snmpTrapOID is of type NOTIFICATION-TYPE, which does not have a zero appended. OK tb@
aea9a53a 2023-12-12 20:15:49 Do a bitter cleanup after the config defined objects on shutdown. OK tb@
edece116 2023-12-12 15:54:18 io_read_buf() abused the ibuf internal rpos which is no longer allowed. This is now just a simple wrapper around ibuf_get(). OK tb@
c5b5cf9a 2023-12-11 19:05:20 Warn when the same manifestNumber is recycled across multiple issuances of that manifest OK tb@
0c60a445 2023-12-11 15:50:23 Log a warning when a manifest replay is detected OK tb@ claudio@
8fcc9cc2 2023-12-10 14:18:23 Since errno isn't used here, use warnx() instead of warn() OK tb@
102443c7 2023-12-09 00:44:18 Following a failed fetch, use a previously cached and valid Manifest RPKI Manifests enable Relying Parties (RPs) to detect replay attacks, unauthorized in-flight modification, or deletion of signed objects. RPs can accomplish these security functions by comparing (what is expected to be) a monotonically increasing counter (the 'manifestNumber') - to determine what the latest Manifest is; a list of filenames - in order to establish whether the complete set of files was fetched; and a list of SHA256 message digests to ascertain whether the content's of said files are exactly the same as the CA intended them to be. Over time, two schools of thought arose. One philosophy is that the highest numbered cryptographically valid Manifest represents the express intent of the CA, so if manifest-listed files are missing, someone upstream messed up and gets to enjoy the broken pieces. After all, RFC 9286 section 5.2 puts the onus firmly on the repository operator to publish in a consistent manner. Here, "consistent" means that newly issued manifests - in the same RRDP delta - are bundled together with all new or changed ROAs, and that remote RSYNC repositories are atomically updated (for example, using symlink pivots). To overcome various types of inconsistent, transient, or intermediate states of the remote publication point - previous versions of rpki-client did construct the full CARepository state using a mix of objects from both its local validated cache and the RRDP/RSYNC staging directories (which contain purported new versions of the objects). However, another take on RFC 9286 section 6.6's "use cached versions of the objects" is that 'the objects' not only refers to the listed subordinate products (such as ROAs/Certificates/ASPAs), but also to Manifests themselves. The philosophy being that lower numbered cryptographically valid Manifests with a complete & untampered set of files are to be preferred over a higher numbered cryptographically valid Manifests accompanied by incomplete sets of files. Consequently - potentially - producing more stable VRP outputs, at the expense of being magnanimous towards sloppy CAs and repository operators. Going forward, rpki-client logs errors when inconsistent publications are encountered, but also proceeds to use older cryptographically valid Manifests (from previous successful fetches) in order to construct the tree. With and OK tb@, and also thanks to Ties de Kock from RIPE NCC.