I was adding a new custom service to /etc/rc.d/ and continued to get the
uninformative error
rcctl: service does not exist
however the service was listed with `rcctl ls all`.
Turns out I had the wrong permissions set for the rc.subr file. I think it
would be helpful to check the permission a
payloads then please be
specific.
William Rusnack
> On Jan 5, 2025, at 1:30 PM, William Rusnack wrote:
>
> I am using multiple ai assistants but ChatGPT is not one of them.
>
> Also I do not understand your statement
>
>> I think most people with privileges to commit fi
> On 2025/01/05 19:46, William Rusnack wrote:
>> To Peter Hessle,
>>
>> I said that I use (utilize) multiple AIs but I do not solely
>> rely on them for generating the content. I have:
>> - actually been using iked
>> - looked into the sources extensively
bugs that made figuring out the actual problems much
harder.
> On Jan 6, 2025, at 7:56 PM, William Rusnack wrote:
>
> To Stuart,
>
> Thank you for your civility.
>
> For the copyright, the code changes I have submitted are minimal and follow
> the patterns that already
Thanks.
> On Jan 6, 2025, at 8:18 PM, Kirill A. Korinsky wrote:
>
> On Tue, 07 Jan 2025 01:56:27 +0100,
> William Rusnack wrote:
>>
>> Lastly, if there is not opposition to receiving more legitimate bug reports,
>> I am planning on auditing unbound and nsd soon
> Synopsis: Failure to detect rewind(3) errors in certificate validation
> Category: bin
> Description:
In iked(8), the ca_validate_pubkey() function uses rewind(3) to retry
reading
a public key file in a different format after the first attempt fails.
However,
rew
>Synopsis: Refactor iked parser to separate config and request parsing
>logic
>Category: bin
>Description:
The current implementation in parse.y duplicates logic between CONFIG
and REQUEST handling in the ikecfgvals grammar rule. This refactor extracts the
common parsing logic
>Synopsis: The iked(8) daemon currently requires root privileges even when
>run with -n (configtest mode), which only validates the configuration file
>syntax. This prevents system administrators from validating iked configuration
>files from non-privileged accounts.
>Category: bin
>De
>Synopsis: When printing the parsed policy iked erroneously prints config
>when it should print request.
>Category: bin
>Description:
The below example iked.conf has a request configuration payload.
```iked.conf
ikev2 \
from dynamic to any \
>Synopsis: The ordering of the iked flags -d and -n erroneously changes
>the debug level.
>Category: bin
>Description:
I've found an issue with iked's command line flag processing where the
order of
the -d and -n flags affects the resulting debug level. This appears to
>Synopsis: iked allows for levels of debug and verbosity that is undocumented
>in iked(8)
>Category: bin
>Description:
Currently, iked(8) does not document that the -d and -v flags can be
specified multiple times.
>Fix:
Replace the iked(8) man text of
```txt
-d
>Synopsis: Update deprecated EVP_DigestInit/Final to _ex variants in iked
>Category: bin
>Description:
The OpenSSL EVP_DigestInit() and EVP_DigestFinal() functions have been
deprecated
in favor of their _ex variants. The old functions automatically reset
the context
>Synopsis: The iked cli arg parser accepts the -I and -P options with no
>documentation in iked(8) or in the src itself as to what these flags do.
>Category: bin
>Description:
iked supports two undocumented flags, -I and -P, that appear to be
testing/development flags.
Wh
> Synopsis: iked leaves behind pf state entries for NAT-T (UDP 4500) upon
> stopping
> Category: bin
> Description:
When stopping iked with `rcctl stop iked`, the service leaves behind pf state
entries for NAT-T (UDP 4500) that prevent normal network connectivity until
they expire natura
> Synopsis: iked.conf(5) incompletely documents comment syntax and has
> potentially problematic behavior where comments can be continued with line
> continuations (\), leading to unexpected configuration parsing. Man page also
> fails to document that comments can have preceding whitespace
> Synopsis: util.c mask2prefixlen6() may read beyond the end of netmask
> structure
> Category: security
> Description:
The mask2prefixlen6() function in iked util.c uses the sin6_len field
from a
sockaddr_in6 structure to determine how many bytes to read when
calculatin
Still hangs until the timeout even with ikectl decouple.
> On Jan 4, 2025, at 12:22 PM, Lucas Gabriel Vuotto wrote:
>
> On Fri, Jan 03, 2025 at 07:13:37AM -0500, William Rusnack wrote:
>> Specifically with iked, it makes debugging configurations remotely very
>> tedio
Synopsis: The cfg grammar rule allows for unsupported payloads to be parsed
without error making it seem that the iked implementation allows for much more
functionality than is implemented.
Description:
The function ikev2_pld_cp in ikev2_pld.c only supports requesting an
address and name
Synopsis: iked fails to log when it receives unsupported configuration payload
types, making it difficult to diagnose when valid peer configurations are being
ignored.
Description:
The IKEv2 daemon (iked) currently has incomplete handling of configuration
payloads
received from peers. Wh
Synopsis: iked.conf(5) needs clearer documentation about which configuration
payload options are supported when receiving configurations and their system
effects.
Description:
The documentation of configuration payloads in iked.conf(5) has two
issues:
1. Missing Implementation D
ote:
>
> On Thu, Dec 26, 2024 at 10:46:10AM -0500, William Rusnack wrote:
>>> Synopsis: The ordering of the iked flags -d and -n erroneously changes
>>> the debug level.
>>> Category: bin
>>> Description:
>> I've found an issue with ik
Synopsis: Multiple instances of err(), errx(), warn(), and warnx() from
err.h bypass daemon logging infrastructure from log.c
Category: sbin
Description:
The iked daemon uses err(), errx(), warn(), and warnx()
functions in many places throughout the code. When running
Specifically with iked, it makes debugging configurations remotely very tedious
and time consuming since after stopping iked you have to wait a minute to ssh
the server every time.
> On Dec 26, 2024, at 11:19 AM, Stuart Henderson wrote:
>
> On 2024/12/26 10:15, William Rusn
Synopsis: iked silently discards IPv6 link-local addresses without logging
Category: sbin
Description:
When processing interface addresses in ifa_lookup(), link-local IPv6
addresses are silently discarded. This makes debugging connectivity
issues harder since there is no ind
Synopsis: Remove unused ret variable in RADIUS DAE LISTEN rule in parse.y.
Description:
The ret variable is declared but only used once to store the return
value
from config_setraddae() before immediately checking it in an if
condition.
Remove the variable and check the re
ceived.
> On Jan 4, 2025, at 4:52 PM, Tobias Heider wrote:
>
> On Sat, Jan 04, 2025 at 04:40:50PM GMT, William Rusnack wrote:
>> Synopsis: iked.conf(5) needs clearer documentation about which configuration
>> payload options are supported when receiving configurations a
26 matches
Mail list logo
