openslx-ng/ipxe.git/src/net, branch v1.20.1

[peerdist] Allow for the use of a hosted cache server

2019-12-15T23:29:44+00:00

Allow a PeerDist hosted cache server to be specified via the ${peerhost} setting, e.g.: # Use 192.168.0.1 as hosted cache server set peerhost 192.168.0.1 Note that this simply treats the hosted cache server as a permanently discovered peer for all segments. Signed-off-by: Michael Brown

[peerdist] Allow PeerDist to be globally enabled or disabled

2019-12-13T14:44:22+00:00

Allow the use of PeerDist content encoding to be enabled or disabled via the ${peerdist} setting, e.g.: # Disable PeerDist set peerdist 0 Signed-off-by: Michael Brown

[ethernet] Avoid false positive Coverity warning

2019-08-17T16:30:09+00:00

Signed-off-by: Michael Brown

[tls] Add missing call to tls_tx_resume() when restarting negotiation

2019-08-16T21:51:14+00:00

The restart of negotiation triggered by a HelloRequest currently does not call tls_tx_resume() and so may end up leaving the connection in an idle state in which the pending ClientHello is never sent. Fix by calling tls_tx_resume() as part of tls_restart(), since the call to tls_tx_resume() logically belongs alongside the code that sets bits in tls->tx_pending. Signed-off-by: Michael Brown

[peerdist] Limit number of concurrent raw block downloads

2019-08-16T21:19:50+00:00

Raw block downloads are expensive if the origin server uses HTTPS, since each concurrent download will require local TLS resources (including potentially large received encrypted data buffers). Raw block downloads may also be prohibitively slow to initiate when the origin server is using HTTPS and client certificates. Origin servers for PeerDist downloads are likely to be running IIS, which has a bug that breaks session resumption and requires each connection to go through the full client certificate verification. Limit the total number of concurrent raw block downloads to ameliorate these problems. Signed-off-by: Michael Brown

[peerdist] Start block download timers from within opener methods

2019-08-16T21:19:50+00:00

Move the responsibility for starting the block download timers from peerblk_expired() to peerblk_raw_open() and peerblk_retrieval_open(), in preparation for adding the ability to defer calls to peerblk_raw_open() via a block download queue. Signed-off-by: Michael Brown

[vlan] Provide vlan_netdev_rx() and vlan_netdev_rx_err()

2019-04-27T19:25:00+00:00

The Hermon driver uses vlan_find() to identify the appropriate VLAN device for packets that are received with the VLAN tag already stripped out by the hardware. Generalise this capability and expose it for use by other network card drivers. Signed-off-by: Michael Brown

[tcp] Display "connecting" status until connection is established

2019-03-10T17:29:06+00:00

Provide increased visibility into the progress of TCP connections by displaying an explicit "connecting" status message while waiting for the TCP handshake to complete. Signed-off-by: Michael Brown

[tls] Display validator messages only while validation is in progress

2019-03-10T17:27:33+00:00

Allow the cipherstream to report progress status messages during connection establishment. Signed-off-by: Michael Brown

[tls] Display cross-certificate and OCSP status messages

2019-03-07T15:23:19+00:00

TLS connections will almost always create background connections to perform cross-signed certificate downloads and OCSP checks. There is currently no direct visibility into which checks are taking place, which makes troubleshooting difficult in the absence of either a packet capture or a debug build. Use the job progress message buffer to report the current cross-signed certificate download or OCSP status check, where applicable. Signed-off-by: Michael Brown