| Age | Commit message (Collapse) | Author |
|---|
|
the previous change introduces a out of bounds access
as it does not change n.
it is also conceptually wrong because this routine is
supposed to just verify the structure. as later getopts()
is *NOT* going to deal with malfored TLV's.
this actually replaces the android magic garbage with
OBpad bytes, which getopts() later will handle correctly
and makes sure the garbage is fully contained within
the buffer boundaries.
thanks sigrid for testing.
|
|
|
|
establish ipv6 link-local addresses if supported.
to get a full prefix, one would need to do dhcpv6
or using slaac configuration. this will come later.
remove ipv4 default route on exit.
maintain the entries in /net/ndb on ip change and
also remove them on exit.
dont filter source address, this should be done
differently.
fix various bugs in the option iteration loops.
honour primary flag (it used to just ignore that
and set it unasked in the code... what the hell...)
|
|
|
|
|
|
Send lcp echo request every 5 seconds
and terminate if we do not get any reply
after 12 seconds.
On protocol termination, exit all the processes
using a note and log a reason.
Cleanup.
|
|
|
|
|
|
|
|
|
|
Remove stale ip/acmed.c left over after move from ip/ to auth/ in
d8a1437cf4d604b66faad24f274b447d85039d63.
|
|
When using a packet interface, such as /net/ipifc/x as the
packet-soucre, there is no media header and the ip protocol
version has to be determined from the first byte.
The ippkt protocol solves this, allowing one to decode
both ipv4 and ipv6, such as:
snoopy -h ippkt /net/ipifc/2
|
|
|
|
|
|
the packet prints can be found
through -d now.
|
|
Unless ip/dhcpd is started with the -6 option,
we only receive v4 addresses. If we do see the
v6 options we should prefer them but should
also make sure we grab the v4 addresses as a fallback.
None of the v6 options should overwrite valid
overrides given at the command line.
Add our custom types to logging.
|
|
If the first address passed happened to be an ipv6
address we would send a malformed option by never including
a ipv4 address.
|
|
|
|
|
|
(when unsupported)
|
|
httpdigest authentication allows one to share the key
in factotum with the amt webserver on https://target:16993
|
|
|
|
|
|
This avoids ipconfig having to explicitely specify the tag
when we want to set route type, as the tag can be provided
implicitely thru the "tag" command.
|
|
should ignore advice as we are handling all connections
thru a single udp connection.
|
|
|
|
|
|
This allows mapping incoming filenames to a different name
using regular expressions, followed by subtitutions
of the %[ICE] format strings.
I needed this to have individual cmdline.txt files for
netbooted raspberry pi's. In this example, i map cmdline.txt
to %C, which gets substituted for /cfg/pxe/$ether of the client.
|
|
|
|
|
|
|
|
|
|
|
|
- allow for external command to be run to install a challenge using -e flag
- remove the challengedom argument, it is given by the subject in the csr
- fix some filedescriptor leaks in error paths
|
|
|
|
|
|
snoopy shares ndb/dns's dns parser code, but has its own
copy of rralloc() function, which is responsible to allocating
auxiolary data structures on an RR depending on the type.
ndb/dns gained some support for some new types, but snoopy's
copy of rralloc() was not updated, resulting the auxiolary
structures to be nil, and the shared parsing routines crashes
when trying to dereference them.
this just syncs the copies, we might consider moving rralloc()
into its own file so it can be completely shared.
|
|
Update tinc(8) man page to:
1. state the implementation aligns with 1.0.36 of tinc.org;
2. use same hostname as mentioned in usage line.
Fix typos in tinc.c.
|
|
Removed:
- Challenge reponse auth.
- Noworld login.
- Anonymous users writing files to /incoming.
|
|
|
|
The raspberry pi 4 PXE firmware insists on finding the tftp
server address by parsing dhcp option 66 as an ip address
string.
|
|
|
|
tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.
I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.
The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.
I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.
- sam-d
|
|
|
|
|
|
|
|
supplying a non-ip address in ADD_EDGE crashes the unix tincd.
the reason was that we where misreporting ADD_EDGE messages;
ignoring the information from our peers; and always supplying
the Address string from our configuration instead of the
connections ip address.
now we just report the edge information as is.
|
|
we used to only allocate ports from 6881 to 6890,
which limits the maximum of parallel torrents to 9.
this change make it go up to 9000, which gives us
at best 2120 ports, which is overkill but ports might
be randomly occupied by other connections.
|
|
RFC959 says:
"The ALLO command should be treated as a NOOP (no
operation) by those servers which do not require
that the maximum size of the file be declared
beforehand..."
|
|
|
