rpki-client: only accept BGPsec certs with a single AS number
We've long been pointing out that the possibility of adding multiple AS
numbers and in particular AS ranges to BGPsec Router Certificates is at
best dubious. Enforce that there is a single AS, encoded as an ASID, not
as an ASRange with a single element (cf. eid7653 to RFC 3779).
Prompted by a report by Xie Yifan
with/ok claudio job
rpki-client: check purpose for .cer files in Manifests
Only intermediate CAs and BGPsec certificates are allowed in a Manifest
fileList. Check this is the case, otherwise stop processing the cert.
Missing check reported by Xie Yifan
ok claudio job
regress/xstate: Dynamic xstate buffer size
The current implementation leads to an "xstate buffer too small" error
on newer machines with an xstate area bigger than 1KiB. Allocate the
buffer dynamically from PT_GETXSTATE_INFO kernel info.
ok anton@
Remember last pane or type of location for double and triple clicks and
correctly handle it changes between first and second or second and
third. GitHub issue 4795 from Shaobo Song.
remove lacp support from trunk(4)
lacp is better supported by aggr(4). users of lacp in trunk(4)
should migrate to aggr(4).
trunk(4) and the lacp support inside it is one of the last chunks
of code that still requires the netlock in the ethernet stack. the
last time i tried to fix this i ended up writing aggr(4), and nothing
about this code has improved since then. the other protos such as
failover and loadbalance are trivial in comparison and will be easy
to improve in the future.
discussed with and no objections from many
Add support for the ASUS Zenbook A14. There are two different models
(UX3407QA and UX3407RA) that need different device trees. This means
the letters at the end of the model number are meaningful so adjust the
entry for the ASUS Vivobook S 15 as well.
ok tobhe@
More asn1t.h cleanup
This converts more macros to C99 initializers. Rename flags and tags
arguments by appending val because they collide with the field names.
The remainder are whitespace changes.
ok kenjiro
Apply upstream patch to fix segfault with multi-arg for loops
This is documented upstream https://github.com/perl/perl5/issues/23405
A simple trigger is
perl -c -wE 'for my ($x, $y) (Bar->foo) {}'
Suggested by James Cook <falsifian () falsifian ! org>
Tested and OK gkoehler@
Delete unused syscall_emulator.c
This file is generated in the obj directory during build,
so this outdated copy should never be used.
Noticed by miod@
Report the inodes statistics in 'df -hi' in a scaled manner
This improves readability and column alignment for large file systems,
leaving more space for displaying the mountpoint on the same line.
OK asou@ sthen@
asn1t.h: add C99 initializers for some ASN.1 templates
This is a first pass at tidying up the unsightly mess that is asn1t.h.
For better or worse, we have expanded the macros internally, and in base
only rpki-client uses the templates. They are generally rarely used.
Fortunately.
Having C99 initializers helps a lot with debugging templated ASN.1 by
combining cc -E with clang-format. They make the macros more readable,
look tidier and help with grep.
ok kenjiro
This change extends pf(4) limiters so administrator
can specify action the rule executes when limit is
reached. By default when limit is reached the limiter
overrides action specified by rule to no-match.
If administrator wants to block packet instead then
rule with limiter should be changed to:
pass in from any to any state limiter test (block)
OK dlg@
