Send source link-layer address option in router advertisements.
With this, hosts immediately learn the layer 2 (i.e. ethernet mac)
address of their default router and don't need to do another round
trip.
It also turns out that apple devices (macOS & iOS) install the default
route as what they call "interface scoped" if a DNS option is present
and the source link-layer address option is absent. This effectively
makes the default route unusable.
Problem with fruit devices tracked down & diff by Ryan Vogt (rvogt.ca
AT gmail), thanks!
OK sthen, bket
Start the process of splitting sshd into separate binaries. This step
splits sshd into a listener and a session binary. More splits are
planned.
After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.
This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.
Add a complete suite of tests covering ASCII characters in UTF-8 spelling.
Most of this goes to nogroff.in rather than ascii.in for now
because groff-1.23.0 is buggy as hell in this respect
and i'm too lazy to debug the horrific function make_glyph_node()
in the file groff/src/roff/troff/node.cpp right now.
Fix IPsec in use with IP forwarding 2 logic.
If sysctl net.inet.ip.forwarding is 2, only packets processed by
IPsec are forwarded. Variable ipsec_in_use is a shortcut to avoid
IPsec processing if no policy has been configured. With ipsec_in_use
unset and ipforwarding set to IPsec only, the packet must be dropped.
OK claudio@
As of the documentation, the value of the Command UPIU expected_xfer_len
field shall be the product of the Logical Block Size and the transfer
length field of the CDB.
40GB WRKOBJDIR is too tight if you end up with two chromium-based ports
built on the same machine, suggest 50 min on archs with chromium and that
100 wouldn't be unreasonable