pppoe(4): leverage if_hardmtu for RFC 4638 instead of parent if_mtu
Interfaces operate at their maximum supported packet size at all times,
independent of the software IP stack MTU.
Enforce MTU ceilings during PPPOESETPARMS and SIOCSIFMTU based on
if_hardmtu instead of the parent's software if_mtu. This allows pppoe(4)
devices to use "mtu 1500" without requiring manual MTU manipulation on
the physical parent interface. Update pppoe.4 to match.
"if it works for you then it's ok by me" dlg
Implement bgscan, add hooks for set and delete key and improve mwx_stop
so that there is a better chance to recover after down/up.
On top of this implement mwx_activate() so that suspend/resume works.
None of this is perfect but hopefully good enough.
Tested on MT7921
Everything needed to bring the FUSE kernel protocol in line with
the Linux implementation is now in place. With this update, the
kernel can support ports that talk directly to /dev/fuse0 rather
than relying on libfuse.
sys/fusebuf.h is retained rather than introducing fuse_kernel.h
OK claudio@
Tidy up server_client_check_redraw. Get rid of the bitmask tracking
panes which want redraw for deferred clients - if they are deferred then
they can just have a full redraw instead. Also return earlier if no
redraw is actually needed, and improve the comments.
rpki-client: unify CMS signed object parsers
This commit starts unifying various CMS signed object parsers in
preparation for a lot more refactoring of this long-accumulated
copy-paste mess.
The signed object is passed as a void * object to various handlers, so
these handlers all have the same signature.
In this step, *_parse() is essentially split into allocation plus:
1. *_cert_info(), which checks some basic things on the EE cert (usually
inheritance, presence or absence of RFC 3779 extensions). For MFTs
it also extracts some info and hangs that off mft.
2. the already existing *_parse_econtent()
3. *_validate() that does some validation steps and sets ->valid.
In most signed object handlers the validate step can't currently
[10 lines not shown]
Make the behavior of the '(' command match the ')' command.
Previously, the ')' command required a sentence to end with two
blanks, but '(' only required a single space. Historic vi (and the
documentation) requires two spaces in both directions.
Based on a diff from Walter Alejandro Iglesias.
When releasing, read trace index before reference counter decrement.
When btrace(8) is active, refcounting is traced using an index field
to the dt(4) backend. When two CPU simultaneously decrement the
reference count, one could free the object while the other is still
reading the index. Move the load before the dec separated by a
membar. Crashes seen while testing an experimental diff from dlg@.
OK cludwig@
isakmpd: Fix NULL dereference in message_validate_sa()
When the responder cookie is non-zero but sa_lookup_by_header()
finds no matching SA, msg->isakmp_sa is NULL. Thus check before
dereferencing.
Allow rectangle selection to extend past end of current line to behave
the same as vi with virtualedit=block set. From Mark Kelly in GitHub
issue 5227.
Fix behavior of ')' used in a range when setence reaches EOF.
For a sentence spanning more than one line at the end of the file,
when the cursor is placed at the first character of any line except
for the last one, running '!)<cmd>' won't affect the last line.
From Walter Alejandro Iglesias
Check for E_CLRFLAG in ecp->cmd->flags, not ecp->iflags.
Fixes a problem where an extra line is printed at the end of the
output when the "number" command is given the "l" (literal display)
flag.
From Jeremy Mates Walter Alejandro Iglesias and
Be more strict about what names and titles we allow and reject them
immediately when possible, but allow # again for those directly set by
commands (but not escape sequences). From Barrett Ruth in GitHub issue
5175.
rpki-client: reject certs with duplicate extension OIDs
We check this for extensions we know about in cert_parse_extensions().
We keep doing it there since we need to keep track of the extensions we
encountered anyway.
While cert_parse_extensions() rejects certs with critical extensions we
don't know about, we allow duplicate non-critical ones mainly because
that's annoying to keep track of. LibreSSL's libcrypto checks for this
and rejects the cert when caching the extensions, OpenSSL 4 adds a new
EXFLAG_DUPLICATE flag and accepts the cert, and OpenSSL 3 simply ignores
duplicates. In short: we get to do it ourselves.
This check is basically lifted from libcrypto's x509_purp.c with a few
extra contortions due to const sprinkling and making things opaque. The
warnx is the same as the one already present in cert_parse_extensions().
We do not NULL check X509_EXTENSION_get_object() because the extension
parsed, so an OID is present.
[2 lines not shown]
