On Thu, Jan 28, 2021 at 08:15:06AM +0100, Claudio Jeker wrote:
> On Thu, Jan 28, 2021 at 09:57:33AM +1000, David Gwynne wrote:
> > calling if_output with a route to a local IP is confusing, and I'm not
> > sure it makes sense anyway.
> >
> > this treats a an RTF_LOCAL route like an invalid round a
Hello,
On Thu, Jan 28, 2021 at 11:47:30AM +1000, David Gwynne wrote:
> i think these code chunks are around the wrong way.
>
> pfsync may want to defer the transmission of a packet. it does this so
> it can try and get a state over to a peer firewall before a host may
> send a reply to the peer,
On Thu, Jan 28, 2021 at 09:57:33AM +1000, David Gwynne wrote:
> calling if_output with a route to a local IP is confusing, and I'm not
> sure it makes sense anyway.
>
> this treats a an RTF_LOCAL route like an invalid round and drops the
> packet.
>
> ok?
Isn't this a change of behaviour? I thin
i think these code chunks are around the wrong way.
pfsync may want to defer the transmission of a packet. it does this so
it can try and get a state over to a peer firewall before a host may
send a reply to the peer, which would get dropped cos there's no
matching state.
i think the once rule pr
calling if_output with a route to a local IP is confusing, and I'm not
sure it makes sense anyway.
this treats a an RTF_LOCAL route like an invalid round and drops the
packet.
ok?
Index: pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
re
On Wed, Jan 27, 2021 at 10:45:46PM +0100, Ingo Schwarze wrote:
> Hi,
>
> this page is a mess. It is full of unclear wordings, in some cases
> verging incorrect statements. At the same time, parts of it are wordy.
>
> Here is an attempt to start fixing it.
> I refrained from trying to explain $2
On 2021/01/27 22:45, Ingo Schwarze wrote:
> Hi,
>
> this page is a mess. It is full of unclear wordings, in some cases
> verging incorrect statements. At the same time, parts of it are wordy.
>
> Here is an attempt to start fixing it.
> I refrained from trying to explain $2a$ (as suggested by s
Hi,
this page is a mess. It is full of unclear wordings, in some cases
verging incorrect statements. At the same time, parts of it are wordy.
Here is an attempt to start fixing it.
I refrained from trying to explain $2a$ (as suggested by sthen@) or to
document the missing bcrypt_gensalt(3) in t
A new resolver can be created while we currently run a check with the
old configuration. We will then request another check that runs in
parallel to the old check. If the new check finishes earlier, the
current check result will be overwritten by an outdated check result
which is likely wrong.
Wh
On 1/27/21 7:29 AM, gil...@poolp.org wrote:
> January 27, 2021 9:47 AM, "Lauri Tirkkonen" wrote:
>
>> On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote:
>>
>>> There has been a plan for some time now to make smtpd use libtls
>>> instead of openssl. Recent changes in libtls allow to move forwa
January 27, 2021 9:47 AM, "Lauri Tirkkonen" wrote:
> On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote:
>
>> There has been a plan for some time now to make smtpd use libtls
>> instead of openssl. Recent changes in libtls allow to move forward
>> with this. Here is a diff to start the switch
On Wed, Jan 27, 2021 at 04:41:01PM +1000, David Gwynne wrote:
> at the moment if the route is invalid, we drop the packet. this
> generates an icmp error.
>
> ok?
OK bluhm@
> Index: pf.c
> ===
> RCS file: /cvs/src/sys/net/pf.c,v
> r
On Wed, Jan 27, 2021 at 01:41:52AM +0100, Ingo Schwarze wrote:
> It's maybe just a bikeshed, but could you put the logic selecting
> the filename extension (either "" or ".html") at the place where
> term_tag_init() is called? That (main.c) is the module where the OUTT_
> constants are defined, so
On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote:
> There has been a plan for some time now to make smtpd use libtls
> instead of openssl. Recent changes in libtls allow to move forward
> with this. Here is a diff to start the switch. I've tried to keep
> it as small as possible, sticking to
There has been a plan for some time now to make smtpd use libtls
instead of openssl. Recent changes in libtls allow to move forward
with this. Here is a diff to start the switch. I've tried to keep
it as small as possible, sticking to the necessary changes. There is
still a lot of code that can be
15 matches
Mail list logo