IABSD.fr/src/sbin

Branch :


Log

Author Commit Date CI Message
42051861 2025-02-10 18:09:10 Print error message about missing config file. dhc6leased(8) does not work without one, as oposed to dhcpleased(8) from where this code came. Noticed by claudio.
c0f05be6 2025-02-07 21:56:04 Rework checksum validation for incoming UDP in dhcpleased(8). RFC 1071 recommends to verify the checksum by calculating it over the packet including the checksum and compare to 0. That is also what our kernel does. Convert the logic in dhcpleased(8) to that algorithm. tested and OK jan@
30772397 2025-02-07 07:37:16 sync with unbound ok sthen
dd54d7a2 2025-01-30 20:02:13 drop unused -D_LIBKVM; no object change; OK deraadt
2402f85a 2025-01-30 17:08:10 When struct ext2fs_dinode was extended in r1.15 fsck_ext2fs wasn't adjusted and ckinode() would copy over more than the 128 bytes that a caller would assume. Use EXT2_DINODE_SIZE() to make sure we stick to the expected 128 bytes. OK miod@
109821c1 2025-01-16 12:48:45 unveil privileged child's write/create to mountdtab file, drop exec It needs arbitrary read access, but only ever changes one file and is not meant to execute anything; initial r1.84 privsep from 2005 has the details. OK ratchov millert
c2a2da96 2025-01-16 12:46:03 unveil nothing nfsd can't pledge due to nfssvc(2), so use the empty-permission idiom to hide filesystems and prevent execve; after it set up sockets and spawned workers, all NFS work is done in the kernel. OK millert
5ea00adc 2025-01-11 18:21:02 zap dead poll code With TCP on/off connect_type_cnt is 1/0; it can't be >=2 since 2004 r1.24 "remove iso crud, and other misc cleanups", so remove the unreachable block and flip early-exit logic to decrease indentation. OK millert
4da14ec4 2025-01-06 17:49:29 add and document vxlan "[-]endpoint" command. input anf ok dlg@
9a5c1bb0 2025-01-02 21:37:38 default to UDP when using only -n Only 'nfsd' without any option or argument default to UDP. Move the r1.28's check from argc to options/flags to cover 'nfsd -n4' as well, which would fork four servers, but not create any UDP sockets. Feedback OK jca
b8d79964 2024-12-26 18:25:51 Print "request" instead of "config" if dumping config when "request XX" is used. From William Rusnack, ok tobhe@
d51e05ad 2024-12-26 18:24:54 Skip checking for root if we are only doing a config test. Tweaked from a diff from William Rusnack, ok tobhe@ kn@
b7c9a52e 2024-12-24 21:34:23 struct gpt_partition's gp_name field is an array of u_int16_t so use nitems() not sizeof() to get the number of elements. ok kettenis@ lucas@
efb7adaa 2024-12-24 17:40:06 Set pltime to 0 when upstream interface goes down. In case of a flash-renumbering event we configure new prefixes with a pltime > 0. Clients should form new addresses and prefer those. Reported & fix tested by Tamas (cstamas at cstamas.hu). OK phessler
76b1f2eb 2024-12-21 13:15:36 change '386BSD 0.1.2.4/FreeBSD' to .Fx the 0.2.4 patchkit for 386BSD 0.1 did not have this command
7ed182d8 2024-12-21 05:01:25 correct history; a reboot command did not appear until 4BSD
dfd61507 2024-12-18 10:36:05 use opendev() for fsck_ext2fs, based on code adding this to fsck_ffs tweak (add strncmp()...blockcheck section) from martijn@ ok martijn@
a95f0396 2024-11-24 11:33:34 unwind: support wildcard in blacklist Any domain in the blacklist that starts with '.', which is not a legal name due to an empty label, is treated as any subdomain on that zone. This means that .example.com blocks all requests to any subdomain of example.com, but allows example.com. No objections: florian@ OK: kn@
e08605c7 2024-11-21 18:16:01 omit preceding flag from command/modifier lists to get tags; OK jmc reads odd to repeat, e.g. -F, when listing all its modifiers. as a consequence, automatic tagging wouldn't work, e.g. no "zero" tag would exist to jump to that -F modifier's definition. also add manual tags for -R and -T as get explained together with -s and -t, respectively, where only the first flag gets tagged.
0e59d0d1 2024-11-21 13:35:20 Convert sbin and usr.bin to check for imsgbuf_init failure and add imsgbuf_allow_fdpass where needed. OK tb@
fa353a8f 2024-11-21 13:26:49 s/ibuf_add_buf/ibuf_add_ibuf/ OK tb@
aab0b474 2024-11-21 13:24:07 Implement the recv_imsg/read_message function in the correct way. One needs to first check imsg_get() if there is a imsg already in the queue. Then if that returns 0 call imsgbuf_read(). Do this in a loop until imsg_get() returns an imsg. OK tb@ and nicm@ for file
668e5ba9 2024-11-21 13:21:33 Convert the common imsgbuf_read calls to the post EAGAIN world. OK tb@
31be28ca 2024-11-21 13:18:37 Use imsgbuf_queuelen() instead of accessing the w.queue member. OK tb@
9cbf9e90 2024-11-21 13:17:56 Use imsgbuf_clear() where appropriate instead of msgbuf_clear(). OK tb@
dd7efffe 2024-11-21 13:17:01 Rename imsg_init, imsg_clear, imsg_read, imsg_write and imsg_flush to imsgbuf_init, imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush. This separates the imsgbuf API from the per-imsg API. OK tb@
e3b6409c 2024-11-21 13:14:44 Convert imsg_write() callers to the new simplified return logic. OK tb@
ce33693d 2024-11-21 13:10:18 Introduce imsg_write() and use it instead of msgbuf_write(). imsg_write() is just a thin wrapper around msgbuf_write(). So this is mostly search and replace. OK tb@
f978fa48 2024-11-21 13:06:19 imsg_flush no longer returns EAGAIN. Simplify proc_flush_imsg() accordingly. Issue spotted by op@
e449cd41 2024-11-21 10:07:30 The block size of HMAC-SHA2-{384,512} must be 128 bytes. ok tb
e496dff3 2024-11-20 13:57:29 pfctl: clear statistic for specified addresses OK: bluhm@
42a2f8b7 2024-11-12 04:14:51 bump the type used to specify traffic queue bandwidth to 64bit. this should let people specify interface and queue bandwidths greater than ~4Gbit. this changes the pf ioctls used to specify queues, so if you want to try this you'll need a new kernel, new headers, and a new pfctl (and systat). or upgrade using a snapshot. the effort and benefit of providing compat isn't worth it. putting it in now so people can kick it around.
726515c9 2024-11-11 15:19:31 Prevent completely empty interface blocks. This is meaningless in dhcpleased(8) and *not* needed to receive leases for an interface. In fact dhcpleased(8) works just fine without any configuration file at all. man page diff & OK kn
9720bce5 2024-11-09 12:44:12 sync curly braces markup, fix indent Replace literal braces with .Brq, use a list and indent the interface options under that interface entry to reflect hierarchy (rad.conf(5) does that, too). Feedback from/fine with jmc
22ac2f2a 2024-11-09 10:57:06 usage should fit in a 80-column display. ok jmc@
2119819d 2024-11-04 21:59:15 Ignore extra groups that don't fit in the buffer passed to getgrouplist(3) Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents an admin from adding a user to more groups. With that tweak we'll keep on ignoring them instead of potentially reading past the buffer passed to getgrouplist(3). That behavior is explicitely described in initgroups(3). ok millert@ gilles@
9a836554 2024-11-04 02:44:28 add a "natt" option that forces negotiation of nat-t (and udpencap). this is like the -t command line option on iked itself, but you get to keep the ike listener on port 500 and you can enable this on specific policies instead of all of them. this is useful if you're dealing with an org that can't firewall ESP traffic well and so you need to force the traffic to be udp encapsulated even if there's no NAT involved. ok markus@ tobhe@
3612e128 2024-11-01 08:27:49 Simplify name/prefix markup, readability tweak and cleanup Leave the notion of repition to ... and markup optional prefixes as such; 'name/prefix [name/prefix ...]' becomes 'name[/prefix] ...'. Also sync with unwind.conf.5 to fix curly braces and indentation. OK florian Input OK jmc
be0e8945 2024-10-30 17:01:28 Document /var/db/dhcp6leased/uuid. Input & OK kn, jmc, sthen
a52c5fd0 2024-10-23 03:14:32 remove duplicate defines
df2ad427 2024-10-08 00:21:08 apply the CVE-2024-8508 fix from unbound (put a limit on resources used for handling DNS compression). OK florian
c08965e9 2024-10-05 13:27:16 Make scaling available for normal mice, too; not just for touchpads. Add reverse_scrolling to the manpage. ok bru@
411db55c 2024-09-29 18:00:38 add some commas, to aid readability; from thorsten blum
21cd3483 2024-09-25 19:56:33 Correct an indexing error that may leave stale data in the mousecfg buffer. ok mpi@
479c151d 2024-09-20 02:00:46 remove unneeded semicolons; checked by millert@
1a834994 2024-09-16 07:34:49 Close correct file descriptor. Instead of closing the just received UDP socket we closed the imsg fd thus cleanly shutting down dhcpleased(8). Problem triggered by sf@ with something like while :; do ifconfig vio0 -inet; done while :; do ifconfig vio0 inet autoconf; done The problem triggers when dhcpleased configured a lease and in just the right moment the autoconf flag gets removed. The main process opens a udp socket and sends it to the frontend. At the same time the frontend learned (from the route socket), that the interface lost its autoconf flag. When the frontend then receives the udp socket via fd passing it tries to close it. Due to a typo it would instead close the imsg file descriptor. Found by me after lots of head scratching. OK tb
9ca241fc 2024-09-15 11:08:50 Add handling of "Class" attribute. diff from markus ok markus
f6e4162f 2024-09-15 07:14:58 remove unused variables
4c856965 2024-09-11 00:41:51 Fix a typo
6bf66549 2024-09-10 05:33:32 missing "Ar" in previous;
ed822a90 2024-09-09 23:38:29 When accounting start the type attribute was added twice. from markus
2402a19b 2024-09-09 05:36:17 Add triple-dots to synopsis as multiple name[=value] arguments may be given OK jmc sobrado
19b65b99 2024-09-06 06:31:11 Repair build with gcc.
7037e34c 2024-09-05 08:22:46 Sync to unbound 1.21.0; heavy lifting by sthen parse_edns_from_query_pkt() grew a parameter to handle cookies, which we don't use.
c920a736 2024-09-01 20:24:42 dhcpleased: fix a sizeof for IMSG_REQUEST_REBOOT. "fatal in engine: engine_dispatch_frontend: invalid IMSG_REQUEST_REBOOT" reported by qwer.ty tuta io ok florian kn
596e1897 2024-08-27 05:55:39 Do not send zero sized vendor or client ids. The frontend and engine do not like this due to improved error checking. Found by Josh Grosse and Renato Aguiar, thanks!
7e5648d1 2024-08-26 06:06:04 Use i2s instead of hard coding the imsg type. Suggested by tb.
c7074a52 2024-08-26 06:05:05 errno is unset, use fatalx(3) instead of fatal(3).
f46577a8 2024-08-26 06:04:24 Be stricter in what we accept from the main process. While here mention function where fatalx(3) occurred like everywhere else. Suggested by & OK tb
45c5e5ad 2024-08-25 09:53:53 Do not peek inside of struct imsg. input & OK tb
5bd09d2d 2024-08-25 07:04:05 sin6_to_str and i2s take a single argument. Pointed out by tb
9a7d784a 2024-08-24 16:35:05 Simplify engine_showinfo_ctl() It only handles one imsg type these days, so it doesn't need to peek into struct imsg at all. pointed out by & OK tb
46c03dec 2024-08-24 16:34:23 Stop peeking into struct imsg when relaying control messages. pointed out by & OK tb
33d2acb6 2024-08-24 09:44:41 Do not peek inside of struct imsg. While here use i2s helper function for error logging. OK tb
d5be4999 2024-08-24 09:42:40 Helper function for logging imsg type names. OK tb as part of a larger diff
3ff0799e 2024-08-19 13:01:47 correctly indent a line
a81015d0 2024-08-19 05:58:41 Replace too flexible inet_aton(3) with getaddrinfo(3). 0xdecafbad will no longer work as an IPv4 address, sorry. OK bluhm
8172eb65 2024-08-17 03:28:22 Fix some memory leaks in the RADIUS part. ok tobhe
fb6793a6 2024-08-11 06:07:37 rework DESCRIPTION for both dhcpleased(8) and slaacd(8) to more accurately reflect how they work, to emphasize that they do nothing unless auto conf is set, and to more closely match each other; prompted by a diff from andrew christopher hawk on tech, who noted a wonky sentence; help/feedback deraadt florian; ok deraadt
10427868 2024-08-09 19:43:26 Add 2024 root zone trust-anchor, it is expected to be used in 2026. The trust-anchor was copied from the upcoming unbound(8) release and verified against https://www.iana.org/reports/2024/root-ksk-2024.pdf While here switch the 2017 trust-anchor from DNSKEY to DS to use the same record type as for the 2024 trust-anchor. They are functionally equivalent. It was verified against https://www.iana.org/reports/2017/root-ksk-2017.pdf As well as with run-time testing, i.e. unwind would still perform DNSSEC validation. checked pdfs & OK phessler
3a580dd9 2024-08-08 03:58:53 Fix a typo in log message.
ee519c7f 2024-07-18 08:58:59 Fix memory leaks and improve id handling of iked_radserver_req. original diff from markus ok tobhe
0025a967 2024-07-15 13:32:50 Add e2fs_fsmnt, and the newly defined e2fs_kbytes_written to the list of fields that can differ between the primary and 1st backup superblock. This fixes fsck issues I've encountered on my system with a shared home partition. OK miod@
178701b6 2024-07-15 05:36:08 bioctl.8: - tweak bioctl text - don;t repeat the device examples - reinstate softraid device being always softraid0 usage(): - add vertical blank between two formats - rewrap to match 80col (shorter and matches man) feedback/ok krw kn
30269bc3 2024-07-14 19:51:08 This change allows user to define table inside the anchor like that: anchor foo { table <bar> { 192.168.1.1 } pass in from <bar> to <self> } Without this diff one must either create table <bar> in main ruleset (root) or use 'pfctl -a foo -t bar -T add 192.168.1.1' This glitch is hard to notice. Not many human admins try to attach tables to non-global anchors. Deamons which configure pf(4) automatically at run time such as relayd(8) and spamd(8) create tables attached to thair anchors (for example 'relayd/*') but the deamons use way similar to pfctl(8) to add and manage those tables. The reason why I'd like to seal this gap is that my long term goal is to turn global `pfr_ktable` in pf(4) into member of pf_anchor. So each ruleset will get its own tree of tables. feedback and OK bluhm@
9182e176 2024-07-14 16:09:06 Shuffle verbiage to make page more general. e.g. by mentioning nvme(4). Feedback jmc@ jmatthew@ deraadt@ kn@ ok jmc@ kn@
f294d01e 2024-07-14 13:13:33 Fail explicitly on unexptected imsg->hdr_type. Otherwise the following comparison is undefined.
237d2500 2024-07-14 08:57:32 sync slaacd(8) log.c to dhcpleased(8)'s version. We don't built log.c on the ramdisk so no need for ifndef small.
7ab22e66 2024-07-14 08:45:05 log_getverbose() is a void function pointed out by tb
dc5d4411 2024-07-14 08:41:54 sync slaacd(8) log.h to dhcpleased(8) log.h - include stdlib.h for exit(3) - knf fixes - define log_getverbose as (0) instead of 0 input & OK tb
38b547d0 2024-07-14 06:34:04 Unbreak tree by defining log_getverbose() for SMALL builds ok anton florian
cf6341ec 2024-07-13 16:06:34 Reduce if_indextoname(3) usage. Don't ask the kernel to translate an if_index to a name if we are not running with verbose logging, it's not free.
65246e30 2024-07-13 14:28:27 NULL check must be inside the loop. found tobhe ok tobhe
4fa86b90 2024-07-13 14:19:09 Fix radius.c again^2. Cancel previous and revert the latest one (sent to tech@).
a07498b0 2024-07-13 14:08:53 Fix radius.c again. Previous was old one.
260e310e 2024-07-13 12:58:51 grammar/macro fixes for the radius text;
37e26f97 2024-07-13 12:25:07 Fix radius.c. Previous it was broken.
f36db9c4 2024-07-13 12:22:46 Add RADIUS support. Authentication, accounting, and "Dynamic Authorization Extensions"(DAE) are supported. feedback markus stu ok tobhe
7520e8fa 2024-07-11 13:38:03 Make sure we are interested in an interface that shows up.
0498f896 2024-07-11 10:48:51 Be a bit more noisy in syslog on what is going on. So far dhcp6leased(8) has been completely silent. Prodding by Brian Conway.
cc3e93c2 2024-07-11 10:38:57 Write lease after we configured prefixes. While here, do not claim we have a ::/0 lease, it confuses the parser.
8e130894 2024-07-11 10:37:47 Do not show expired lease information in dhcp6leasectl.
363167f4 2024-07-11 09:39:13 Forgot to initialize status_code in previous. No STATUS_CODE option from the server means "success", but we are now using stack garbage, which is usually not "success".
70eb162f 2024-07-10 12:52:51 Pass status option up. If we are in state "renewing" and the DHCPv6 server returns an unsuccessful status go to "rebinding", i.e. ask any DHCPv6 server for a lease not just the one we got the lease from. This likely fixes a problem reported by Brian Conway where the ISP returned "NoBinding - Prefix not bound to this interface." for a renew. dhcp6leased recovered once T1 expired and we went to "rebinding" after some time.
7571100d 2024-07-10 12:44:46 Pass int to the *2str functions, we don't need anything fancy.
7580ae52 2024-07-10 10:30:46 Only vis(3) the option, not the rest of the packet. Lots of head scratching and help from the hackroom ensued because of a inconveniently placed \r that truncated a string and placed garbage at a weird place.
0da4c31d 2024-07-09 16:24:57 Track configured and new prefix delegations in iface. When the DHCPv6 server renumbers and hands us new delegations we have to deconfigure the old prefixes. To prevent situations where we have no IPv6 at all, first configure the new prefixes and then remove the old prefixes.
10da7d5d 2024-07-09 16:15:42 Skip prefixes with vltime 0. Servers indicate unusable prefixes with vltime 0 when we are in state reboot and probably hand us new, valid prefixes. In IPv4 dhcp we would receive a NACK instead...
38e980d7 2024-07-09 13:27:18 remove unnused prototype
ce9c2690 2024-07-09 05:19:41 point mount -> mount point; from netbsd -r1.46/pgoyette