Now that we only do curves over GF(p) fields, there's no need to use a
weird, confusing name for what we usually call p. Adjust some comments
in the vicinity as well.
As explained in a comment, this needs to loop backwards and the last tt--
ends up pointing at &it->templates[-1], which isn't ok. Use a simple way
of looping, which is also ugly and involves some type confusion as pointed
out by claudio. However, type confusion is common in libcrypto's asn1 code
and won't be fixed anytime soon anyway.
ok jsing
pfsync doesnt know the source address in IP packets before it calls
ip_output, so the extra bpf attachment has a distorted view of what
IP packets are being sent anyway. you can tcpdump on the pfsync
syncdev if you want to see what will be on the wire.
prefixes to the update / withdraw queue if the peer is up.
For updates the Adj-RIB-Out is already updated and nothing more needs to happen.
For withdraws the prefix is unlinked and needs to be destroyed if the peer is
not up. For this to work correctly make the prefix as dead.
Right now this is a no-op since the functions are only called if the peer
is up.
OK tb@
Some firmware phy types are not being mapped to ifmedia yet.
Print a message when this happens since the driver might not
work without a known media type.
The real fix will be to get missing media types mapped properly.
It does *not* "work in the same way" as EVP_PKEY_new_raw_private_key(3)
but merely arrives at the same end result after doing lots of
cumbersome and unnecessary work - and on top of that, it only works
for EVP_PKEY_HMAC.
parameters that can be controlled with EVP_PKEY_CTX_ctrl(3).
But rather than providing a detailed despription, instead
point to what application programs should use instead and explain
why using the control constant directly would be a particularly bad
idea in this case.
and is stopped when the session comes up (ESTABLISHED state).
Right now it is used to remove cloned sessions. For that the SessionDownTimer
is also started when a clone is created.
OK tb@
The pointer passed to pt_writebuf() is bad and there is no reason to limp
further. Someone else will trip over this at a later stage so better to
do it now.
OK tb@
Rename the upcall and done callbacks:
- rde_up_adjout_force_upcall() to peer_blast_upcall() and same for done
- rde_up_dump_upcall() to peer_dump_upcall() and same for done
Introduce peer_blast() which blasts out the Adj-RIB-Out including all
the route refresh messages (BEGIN_RR, EOR and END_RR) needed.
peer_dump() now always throttles the peer before starting the table walk to
fill the Adj-RIB-Out and calls peer_blast() in all cases (either directly or
via the peer_dump_done() call.
OK tb@
There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract it from the peer cert's PEM by hand, but that way lies madness.
While the common name is close to being deprecated in the webpki, it is
still the de facto standard to identify client certs. It would be nice to
have a way to access the subject alternative names as well, but this is a
lot more difficult to expose in a clean and sane C interface due to its
multivaluedness.
Initial diff from henning, with input from beck, jsing and myself
henning and bluhm have plans of using this in syslogd.
ok beck
