peer_dump already puts all prefixes onto the pending queue.
So there is no need to call peer_blast at the end, just call
peer_blast_done() so the EOR marker is added and the peer
is unthrottled.
This removes an extra tree walk during session establishment.
OK tb@
Implement the bin_of function like omalloc.c and use it for various
dynamic array sizing.
Convert the attrs and communities code to use this (with slightly
different values).
OK tb@
Extend the prefix/pt API with functions for iterators.
- pt_first() and pt_next() can be used to implement a basic iterator
that can walk all or part of a tree.
- pt_get_next() returns the match or next bigger match than prefix/prefixlen
OK tb@
Add 'invaliduser' penalty to PerSourcePenalties, which is applied
to login attempts for usernames that do not match real accounts.
Defaults to 5s to match 'authfail' but allows administrators to
block such sources for longer if desired. with & ok djm@
static int, not int static
c99 6.11.5:
"The placement of a storage-class specifier other than at the beginning
of the declaration specifiers in a declaration is an obsolescent
feature."
static const, not const static
c99 6.11.5:
"The placement of a storage-class specifier other than at the beginning
of the declaration specifiers in a declaration is an obsolescent
feature."
ok krw@
Rearrange command completion so callbacks are called without holding any
locks. This makes it possible to mark the interrupt handler MPSAFE, but
we're not actually doing that yet.
Releasing the cq mutex means the completion callback can't use the cq
entry, so we have to copy any fields we use from it into the ccb. For now,
that's just the flags. This simplifies the callbacks in a few places.
ok dlg@ (some time ago)
also tested by kettenis@ with aplns(4)
avoid including "xcall.h" in cpu.h to avoid confusing userland.
llvm couldn't find "xcall.h". this follows the example set by amd64 now.
tb@ hit this, and says it helps.
sndioctl: Fix confusion between SIOCTL_NAMEMAX and SIOCTL_DISPLAYMAX
As both macros have the same value, so the change results in no
difference in the binary
Stop using PREFIX_ADJOUT_FLAG_STALE in up_generate_addpath().
Instead of marking prefixes with PREFIX_ADJOUT_FLAG_STALE
up_generate_addpath() can use a local array of path-ids to track which
paths were present at the start of the call. On update the path id is
cleared from the list and then at the end remove all remaining paths
from that list.
The extra traversals during the update should not matter since the number
of available paths small and so this linear search will only need one or
two cache lines.
It is possible to further optimize this by also tracking the adjout_prefix
pointer to drop the adjout_prefix_get() call at the end.
This also uses a fixed maximum of 2000 paths which is more than a
magnitude more than the biggest system I know.
OK tb@
BN_get_word(): return (BN_ULONG)-1 on error rather than BN_MASK2
While the latter is more general in that it also works on 1-complement
achitectures, we don't care about that. Adjust documentation and the
only error check for it in libcrypto.
ok deraadt
fix srp_follow to close a window on use-after-free
Use srp_enter() to get a new reference to the next element while
keeping the current element alive. Afterwards the old reference can
safely be released and the hazard in the caller provided srp_ref
struct can be updated to the hazard of the new element.
This is just in time for almost all the SRP code in the tree to go away.
from Carsten Beckmann carsten_beckmann at genua.de
ok jmatthew@
