This avoids ipconfig having to explicitely specify the tag
when we want to set route type, as the tag can be provided
implicitely thru the "tag" command.
This allows mapping incoming filenames to a different name
using regular expressions, followed by subtitutions
of the %[ICE] format strings.
I needed this to have individual cmdline.txt files for
netbooted raspberry pi's. In this example, i map cmdline.txt
to %C, which gets substituted for /cfg/pxe/$ether of the client.
- allow for external command to be run to install a challenge using -e flag
- remove the challengedom argument, it is given by the subject in the csr
- fix some filedescriptor leaks in error paths
snoopy shares ndb/dns's dns parser code, but has its own
copy of rralloc() function, which is responsible to allocating
auxiolary data structures on an RR depending on the type.
ndb/dns gained some support for some new types, but snoopy's
copy of rralloc() was not updated, resulting the auxiolary
structures to be nil, and the shared parsing routines crashes
when trying to dereference them.
this just syncs the copies, we might consider moving rralloc()
into its own file so it can be completely shared.
Update tinc(8) man page to:
1. state the implementation aligns with 1.0.36 of tinc.org;
2. use same hostname as mentioned in usage line.
Fix typos in tinc.c.
tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.
I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.
The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.
I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.
- sam-d
supplying a non-ip address in ADD_EDGE crashes the unix tincd.
the reason was that we where misreporting ADD_EDGE messages;
ignoring the information from our peers; and always supplying
the Address string from our configuration instead of the
connections ip address.
now we just report the edge information as is.
we used to only allocate ports from 6881 to 6890,
which limits the maximum of parallel torrents to 9.
this change make it go up to 9000, which gives us
at best 2120 ports, which is overkill but ports might
be randomly occupied by other connections.
RFC959 says:
"The ALLO command should be treated as a NOOP (no
operation) by those servers which do not require
that the maximum size of the file be declared
beforehand..."
version(5) says:
If the server does not understand the client's version
string, it should respond with an Rversion message (not
Rerror) with the version string the 7 characters
``unknown''.
Pre-lib9p file servers -- all except cwfs(4) -- do return Rerror.
lib9p(2) follows the above spec, although ignoring the next part
concerning comparison after period-stripping. It assumes an
Fcall.version starting with "9P" is correctly formed and returns
the only supported version of the protocol, which seems alright.
This patch brings pre-lib9p servers in accordance with the spec.
The mount() and bind() syscalls return -1 on error,
and the mountid sequence number on success.
The manpage states that the mountid sequence number
is a positive integer, but the kernels implementation
currently uses a unsigned 32-bit integer and does not
guarantee that the mountid will not become negative.
Most code just cares about the error, so test for
the -1 error value only.
when running ndb configuration, we might inherit the ipgw=
attribute from the ipnet pointing to our own ip address
(we are the default gateway). ignore such entries.
do not add default routes with gateway equal to our own
local (ip4) or link-local ip address (ipv6).
in ndb, we use the ethernet mac to identify the client.
in dhcpv6, there is just a uniqueue device id that
might even be generated randomly. to find the ethernet
address of a client, check the duid type and only use
it when the dudid is of type 1 (link layer) or 3 (link
layer address + time) and the link layer address type
is 1 (ethernet). otherwise, assume the source ip is
a link local address and extract it from that.
this hack works for thinkpad t495, which uses random
uuid based client duid.
avm fritzbox uses very long RA period so it effectively only
responds after a router solicitation. when there are multiple
fritzbox routers on the lan, then while configuring one prefix
of the first RA, the ip stack can drop the second router
advertisement and we would never get the second route.
packets can always get lost. so we just keep on sending router
solicitations (up to 3 times) to make sure we got all the RA's.
for servers that handle incoming network connections and authentication,
change the owner of the network connection file to the authenticated user
after successfull authentication.
note that we set the permissions as well to 0660 because old devip used
to unconditionally set the bits.