| Age | Commit message (Collapse) | Author |
|---|
|
the mtu negotiation seems wrong. it seems to assume
that the peer requests a mtu to us, but actually this
doesnt seem to be the case and if the peer doesnt
request it, we'd always use Defmntu of 1450, no
matter what we set on with -m option.
instead, we use the mtu specified with -m option
and always request it to the peer. if the peer requests
a different mtu we use that instead.
this at least gives some control and allows to just use
the correct mtu from pppoe (1492).
|
|
This only works when we'r not already having a interface
bound to that ethernet. Otherwise ipconfig can get
confused and adds the addresses to the wrong interface.
|
|
Change ip/ppp to call ip/ipconfig to add and remove
addresses to avoid duplicating code for removing
ndb entries and handling default routes as well as
allow ipv6 address auto-configuration.
|
|
This adds a very basic (probably wrong) DHCPv6 client,
to handle the "managed"-flag in IPv6 router solicitations.
We add -U option to pass the DHCPv6 client id as well as
an -s flag to manually add a dns server (because ppp
is going to call ipconfig to handle all the configuration
and write-back to /net/ndb in the future).
Have the remove command also remove default routes and
/net/ndb entries. (needed by ppp).
|
|
for ipv6, we need to be able to set both v4 and v6
local and remote addresses:
local4
local6
local4 remote4
local6 remote6
local4 local6
local6 local4
local4 local6 remote4
local6 local4 remote6
local4 remote4 local6 remote6
local6 remote6 local4 remote4
|
|
the previous change introduces a out of bounds access
as it does not change n.
it is also conceptually wrong because this routine is
supposed to just verify the structure. as later getopts()
is *NOT* going to deal with malfored TLV's.
this actually replaces the android magic garbage with
OBpad bytes, which getopts() later will handle correctly
and makes sure the garbage is fully contained within
the buffer boundaries.
thanks sigrid for testing.
|
|
|
|
establish ipv6 link-local addresses if supported.
to get a full prefix, one would need to do dhcpv6
or using slaac configuration. this will come later.
remove ipv4 default route on exit.
maintain the entries in /net/ndb on ip change and
also remove them on exit.
dont filter source address, this should be done
differently.
fix various bugs in the option iteration loops.
honour primary flag (it used to just ignore that
and set it unasked in the code... what the hell...)
|
|
|
|
|
|
Send lcp echo request every 5 seconds
and terminate if we do not get any reply
after 12 seconds.
On protocol termination, exit all the processes
using a note and log a reason.
Cleanup.
|
|
|
|
|
|
|
|
|
|
Remove stale ip/acmed.c left over after move from ip/ to auth/ in
d8a1437cf4d604b66faad24f274b447d85039d63.
|
|
When using a packet interface, such as /net/ipifc/x as the
packet-soucre, there is no media header and the ip protocol
version has to be determined from the first byte.
The ippkt protocol solves this, allowing one to decode
both ipv4 and ipv6, such as:
snoopy -h ippkt /net/ipifc/2
|
|
|
|
|
|
the packet prints can be found
through -d now.
|
|
Unless ip/dhcpd is started with the -6 option,
we only receive v4 addresses. If we do see the
v6 options we should prefer them but should
also make sure we grab the v4 addresses as a fallback.
None of the v6 options should overwrite valid
overrides given at the command line.
Add our custom types to logging.
|
|
If the first address passed happened to be an ipv6
address we would send a malformed option by never including
a ipv4 address.
|
|
|
|
|
|
(when unsupported)
|
|
httpdigest authentication allows one to share the key
in factotum with the amt webserver on https://target:16993
|
|
|
|
|
|
This avoids ipconfig having to explicitely specify the tag
when we want to set route type, as the tag can be provided
implicitely thru the "tag" command.
|
|
should ignore advice as we are handling all connections
thru a single udp connection.
|
|
|
|
|
|
This allows mapping incoming filenames to a different name
using regular expressions, followed by subtitutions
of the %[ICE] format strings.
I needed this to have individual cmdline.txt files for
netbooted raspberry pi's. In this example, i map cmdline.txt
to %C, which gets substituted for /cfg/pxe/$ether of the client.
|
|
|
|
|
|
|
|
|
|
|
|
- allow for external command to be run to install a challenge using -e flag
- remove the challengedom argument, it is given by the subject in the csr
- fix some filedescriptor leaks in error paths
|
|
|
|
|
|
snoopy shares ndb/dns's dns parser code, but has its own
copy of rralloc() function, which is responsible to allocating
auxiolary data structures on an RR depending on the type.
ndb/dns gained some support for some new types, but snoopy's
copy of rralloc() was not updated, resulting the auxiolary
structures to be nil, and the shared parsing routines crashes
when trying to dereference them.
this just syncs the copies, we might consider moving rralloc()
into its own file so it can be completely shared.
|
|
Update tinc(8) man page to:
1. state the implementation aligns with 1.0.36 of tinc.org;
2. use same hostname as mentioned in usage line.
Fix typos in tinc.c.
|
|
Removed:
- Challenge reponse auth.
- Noworld login.
- Anonymous users writing files to /incoming.
|
|
|
|
The raspberry pi 4 PXE firmware insists on finding the tftp
server address by parsing dhcp option 66 as an ip address
string.
|
|
|
|
tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.
I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.
The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.
I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.
- sam-d
|
|
|
|
|
