cinap_lenrek
7e4b669393
/sys/lib/dist: split 9boot into 9bootproto, make *.386.iso and *.amd64.iso targets
2018-01-05 08:41:46 +01:00
cinap_lenrek
c197fede61
inst: determine kernel for bootsetup from $bootfile and $cputype
2018-01-05 08:38:23 +01:00
cinap_lenrek
af06c6fa34
sysinfo: #c/swap -> #¶/swap
2018-01-05 02:43:28 +01:00
cinap_lenrek
b437065950
stats: show amount of reclaimable pages (add -r flag)
...
reclaimable pages are user pages that are used for
caches like the image cache, mount cache and swap cache.
2018-01-05 00:52:14 +01:00
cinap_lenrek
d3e54ff2d9
pc kernel: fix wrong simd exception mask (fixes go bootstrap)
2018-01-04 04:38:31 +01:00
cinap_lenrek
743f65c878
ape/libauth: remove auth_wep.$O from mkfile
2018-01-02 06:05:47 +01:00
cinap_lenrek
e8b46f6972
ape: update auth.h header for APE
2018-01-02 04:59:44 +01:00
cinap_lenrek
f70ebd8e62
factotum(4): document dp9ik, update protocol list
2018-01-02 04:50:13 +01:00
cinap_lenrek
77ad456b31
libauth: simplify _attrfmt() using fmtprint() avoiding stack buffer
2018-01-02 04:47:42 +01:00
cinap_lenrek
e1ca49d625
libauth: remove auth_wep() function, and non-existing httpauth() declaration
2018-01-02 04:31:21 +01:00
cinap_lenrek
1d7bb80793
factotum: remove legacy wep protocol
2018-01-02 04:27:23 +01:00
cinap_lenrek
4edc761024
libauth: fix out of bounds memory access in _parseattr()
...
empty token would read ""[-1] accidentally in the AttrQuery case.
2018-01-01 23:23:55 +01:00
cinap_lenrek
f7b0cc7a64
factotum: replace custom hex parsing code with dec16() avoding timing side channels
2018-01-01 21:14:39 +01:00
cinap_lenrek
5cf5f6e9ac
libmp: use constant time encode(2) routines instead of lookup tables
...
the encode(2) routines are constant time now, so
use them instead of using lookup table that can
leak information through cache timing side channel.
2017-12-31 10:59:01 +01:00
cinap_lenrek
ea212266a1
ape: make encXchr()/decXchr() functions available
2017-12-31 10:53:50 +01:00
cinap_lenrek
c039b52fc3
libc: constant time implementation for encode(2) routines, fix base32
...
the string encoding functions touch secret key material
in a bunch of places (devtls, devcap), so make sure we do
not leak information by cache timing side channels, making
the encoding and decoding routines constant time.
we also expose the alphabets through encXchr()/decXchr()
functions so caller can find the end of a encoded string
before calling decode function (for libmp).
the base32 encoding was broken in several ways. inputs
lengths of len%5 == [2,3,4] had output truncated and
it was using non-standard alphabet. documenting the alphabet
change in the manpage.
2017-12-31 09:06:42 +01:00
cinap_lenrek
ee89c82dd3
wifi: get rid of custom hextob() routine, use dec16(), avoid copies in parsekey()
2017-12-31 01:49:58 +01:00
cinap_lenrek
8a64413eca
aux/wpa: get rid of custom Hfmt() routine, just use encodefmt. use %E for mac addresses
2017-12-31 01:04:41 +01:00
cinap_lenrek
57f8b6ec75
libsec: implement SPKI fingerprinting for okCertificate()
...
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.
This allows certificates to be renewed independendtly of the
public key.
X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.
tlsclient will print the certificate when run with -D flag.
okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek
b42d441a23
libsec: fix mistake: strnchr -> strchr
2017-12-30 02:47:02 +01:00
cinap_lenrek
582d2e664f
libsec: avoid unneccesary memory copies and redundant code in x509
...
getting rid of some functions that take Byte* and instead
pass uchar* and length.
keeping the signature and public key fields in CertX509
as Bits* allows ownership transfer by swapping pointers.
use common code to copy CN from subject field.
2017-12-30 02:36:47 +01:00
cinap_lenrek
e3cad82680
libsec: get rid of dummy data[1] in Bytes and Ints types (thanks pr)
2017-12-29 20:04:42 +01:00
cinap_lenrek
ce2211b08c
usbxhci: add missing pexit() in xhcirecover proc (thanks sam-d)
2017-12-29 06:10:25 +01:00
cinap_lenrek
a021f054b0
wifi: revert rate adoption divider, breaks arpunks wifi
2017-12-29 03:41:32 +01:00
cinap_lenrek
e313265eef
/lib/bullshit: +converged
2017-12-29 01:58:47 +01:00
cinap_lenrek
8040a878de
devtls, devssl: avoid ~0UL comparsion (from drawterm)
2017-12-28 19:13:53 +01:00
cinap_lenrek
80185daba9
devmnt: use u32int for tagmask, simplify alloctag()
2017-12-28 18:25:15 +01:00
cinap_lenrek
b9d2a9efd5
wifi: don't implicitely update lastseen timestamp on nodelookup()
...
in case we continue to send traffic (like ping) with the ap gone,
the sending would keep updating bss->lastseen which prevents the
timeout to happen to switch bss.
2017-12-28 04:34:03 +01:00
cinap_lenrek
d13142b3da
etheriwl, etherwpi: limit transmit queue buffer bloat to 48k (at 22Mbit ≅ 20ms)
2017-12-28 01:24:38 +01:00
cinap_lenrek
ce9cc8a358
wifi: don't assume Wifi.rates[] is sorted, return net data rate for mbps (50% theoretical)
2017-12-28 01:19:14 +01:00
cinap_lenrek
9c6897e848
arch(3): document #P/realmodemem file
2017-12-23 04:45:22 +01:00
cinap_lenrek
96eb90fba1
devvga: removing #v/vgabios, use /dev/realmodemem instead
2017-12-23 04:26:50 +01:00
cinap_lenrek
50bea0348c
kernel: convert textmode cga screen contents to kmesg only once
...
screeninit() might be called again by devvga when switching
to textmode, so only convert the text framebuffer to kmesg
the first time.
2017-12-23 03:56:12 +01:00
cinap_lenrek
19419329b2
auth(8): auth/debug tests both dp9ik and p9sk1
2017-12-23 03:21:01 +01:00
cinap_lenrek
02b6831fa5
kernel: remove Ipifc.mbps, unused.
2017-12-23 02:58:47 +01:00
cinap_lenrek
47f40d8e26
/lib/bullshit: blockchain
2017-12-22 18:26:54 +01:00
cinap_lenrek
3b7f73ccff
ip/tinc: handle and set ethertype for ipv6
2017-12-21 04:11:02 +01:00
cinap_lenrek
21b5656d89
upas/fs: more bugs
2017-12-19 20:57:24 +01:00
cinap_lenrek
a84a5c21ce
upas/fs: fix precedence bugs, compare digest pointer to nil
2017-12-19 20:44:15 +01:00
cinap_lenrek
417bdbb869
ether8169: add Macv45 for RTL8111HN, rename Macv45 -> Macv42 (thanks qeed, sam-d)
2017-12-19 00:03:54 +01:00
cinap_lenrek
3e22f7ef1d
nusb/ether: dont forward loopback packets on bridges, remove read nonblocking hack
2017-12-18 20:50:25 +01:00
cinap_lenrek
c1eb4b8d68
devether: dont forward loopback packets on bridges
2017-12-18 20:47:55 +01:00
cinap_lenrek
1f80d31f41
devbridge: disable write blocking on ethernets
2017-12-18 20:44:53 +01:00
cinap_lenrek
e31934f9f3
bridge(3): clarify manpage, this is a layer2 bridge
...
yes, it peeks into IP packets to handle fragmentation when sending
onto tunnel ports and does mss clamping. but it can carry arbitrary
ethernet packets just fine (between ethernets).
2017-12-17 20:51:41 +01:00
cinap_lenrek
3e48a66665
pc, pc64: add devbridge to kernel configuration
2017-12-17 20:33:39 +01:00
cinap_lenrek
520c938f0b
devbridge: fix mss clamping
...
- use protocol constants from ip/ip.h and ip/ipv6.h
- support mss clamping for ipv6
- fix padding bug on 64 bit machines (can't use sizeof(Tcphdr))
2017-12-17 20:30:24 +01:00
cinap_lenrek
0affe02b61
ip/tinc: handle single byte noop and end-of-option-list tcp options in clampmss()
2017-12-17 20:20:17 +01:00
cinap_lenrek
15ff38e818
wifi: use protocol constants from ip/ip.h and ip/ipv6.h for dmatproxy()
2017-12-17 17:17:26 +01:00
cinap_lenrek
070a9ef753
wifi: matt damon wifi bridging support
2017-12-16 21:43:47 +01:00
cinap_lenrek
9fd8894fec
ether: allow spoofing of source mac address for bridges; used by vmx
...
to implement layer 2 bridges in userspace, we disable to auto filling
of the source mac address when bridge mode is enabled on the
connection.
2017-12-15 22:22:29 +01:00