sthen [Sat, 24 Oct 2015 16:32:52 +0000 (16:32 +0000)]
Carry out additional length/size checks in DECnet packet printing, avoiding a
segfault with malformed packets. Adapted from
f61639179282 in tcpdump.org git
by Kevin Reay, but not including the header no-copy optimization that was in
the upstream patch. ok benno@
florian [Sat, 24 Oct 2015 16:32:26 +0000 (16:32 +0000)]
Sync ping6 output to ping. ping has been around for longer and so
defines the canonical output format. Having different output is
getting in the way of a merge.
This moves the output of the src address to the -v option. With the
overly complicated IPv6 address selection it's sometimes usefull to
have this information.
OK benno@, sthen@ can live with it.
mpi [Sat, 24 Oct 2015 16:24:21 +0000 (16:24 +0000)]
Convert to rt_ifidx.
ok bluhm@
mpi [Sat, 24 Oct 2015 16:08:48 +0000 (16:08 +0000)]
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
benno [Sat, 24 Oct 2015 16:02:04 +0000 (16:02 +0000)]
clarify use of "bgpctl show rib in|out neighbor FOO"
feedback from jmc@
tedu [Sat, 24 Oct 2015 15:59:51 +0000 (15:59 +0000)]
the last user of gensalt has been removed. remove the file.
reyk [Sat, 24 Oct 2015 15:46:10 +0000 (15:46 +0000)]
Add CAVEATS section and explain why pair(4) is not like vether(4).
With OK and input from jmc@
zhuk [Sat, 24 Oct 2015 15:32:50 +0000 (15:32 +0000)]
Make it more obvious what exact csplit commands will do.
With much help & okay from jmc@
jca [Sat, 24 Oct 2015 15:31:00 +0000 (15:31 +0000)]
Fix pledge request to allow for setgroups.
setgroups needed "proc" before the introduction of "id" on 2015/10/17.
Initial patch from Gregor Best, from which I further removed "proc".
millert [Sat, 24 Oct 2015 15:19:01 +0000 (15:19 +0000)]
The default modifier should be copied for empty keys even if -b is
specified. From Cedric Krier.
millert [Sat, 24 Oct 2015 15:16:53 +0000 (15:16 +0000)]
Add test for -b and -r when -k is specified.
benno [Sat, 24 Oct 2015 15:15:55 +0000 (15:15 +0000)]
"bgpctl sh rib in" and "bgpctl sh rib out" require a neighbor argument
to work. send an error if none is given.
ok claudio@
stsp [Sat, 24 Oct 2015 14:01:40 +0000 (14:01 +0000)]
Wait a short while between setting a USB device's address and reloading
its descriptor. Fixes flaky attach of USB devices (most importantly the
detachable keyboard) on the Thinkpad Helix 2, and perhaps elsewhere.
Problem diagnosed by mpi; ok mpi@
ajacoutot [Sat, 24 Oct 2015 13:57:24 +0000 (13:57 +0000)]
"enable" and "disable" are here to stay now that they have a real added value
(possibility to pass several enable|disable daemons at once); so document them.
While here, add a check to make sure a service|daemon exists when running "order".
"Yay" and ok sthen@
ajacoutot [Sat, 24 Oct 2015 13:53:20 +0000 (13:53 +0000)]
Don't compile pwd_gensalt, it's not needed since we use crypt_checkpass.
ok tedu@
jmc [Sat, 24 Oct 2015 13:35:33 +0000 (13:35 +0000)]
various fixes;
jmc [Sat, 24 Oct 2015 13:32:45 +0000 (13:32 +0000)]
various clean up;
bentley [Sat, 24 Oct 2015 13:32:18 +0000 (13:32 +0000)]
nl_langinfo(3) conforms to POSIX.
ok jmc@
bluhm [Sat, 24 Oct 2015 12:58:32 +0000 (12:58 +0000)]
Handling of bogus CA file has changed in syslogd. Adapt tests to
new error messages.
bluhm [Sat, 24 Oct 2015 12:49:37 +0000 (12:49 +0000)]
If loading the CA certificates at startup had failed, the syslogd
child tried to load the default CA file when it was connecting to
a TLS server. The latter has never worked as the child is chrooted
to /var/empty. Set the CA storage to an empty string to avoid this
behavior. As a benefit pledge "rpath" can be removed.
OK benno@
mpi [Sat, 24 Oct 2015 12:33:16 +0000 (12:33 +0000)]
Convert some if_ref() to if_get().
ok claudio@
mpi [Sat, 24 Oct 2015 11:58:46 +0000 (11:58 +0000)]
Some rt_ifp to rt_ifidx conversions.
ok bluhm@
claudio [Sat, 24 Oct 2015 11:54:50 +0000 (11:54 +0000)]
Implement the missing bits to parse the other MRT message types.
Printing bgp messages is still missing lots but at least it is a start.
I onced abused tcpdump's bgp protocol handler for this but that is an ugly hack.
bluhm [Sat, 24 Oct 2015 11:53:41 +0000 (11:53 +0000)]
Removing xresolve from generating script has been forgotten.
OK mpi@
mpi [Sat, 24 Oct 2015 11:47:07 +0000 (11:47 +0000)]
Define ``rt_ifidx'' as rt_ifp->if_index to ease the transtion towards
getting rid of interface pointers in route entries.
ok bluhm@
claudio [Sat, 24 Oct 2015 11:41:03 +0000 (11:41 +0000)]
Print if a route is redistributed or not at least for static & connected.
With phessler@
jung [Sat, 24 Oct 2015 11:38:39 +0000 (11:38 +0000)]
add -h flag to SYNOPSIS as well
prodded and ok jmc
benno [Sat, 24 Oct 2015 11:37:17 +0000 (11:37 +0000)]
clarify where "with tls" can be used.
ok jmc@
reyk [Sat, 24 Oct 2015 11:01:39 +0000 (11:01 +0000)]
Remove superfluous assignment.
Pointed out by and OK mikeb@
reyk [Sat, 24 Oct 2015 10:52:05 +0000 (10:52 +0000)]
Add pair(4), a vether-based virtual Ethernet driver to interconnect
rdomains and bridges on the local system. This can be used to route
through local rdomains, to create L2 devices (like trunks) between
them, and many other things.
Discussed with many, with input from mpi@
OK sthen@ phessler@ yasuoka@ mikeb@
bluhm [Sat, 24 Oct 2015 10:42:02 +0000 (10:42 +0000)]
Unify all the errno names in
- include comment
- libc errlist
- nls C msg
- man page
OK tedu@
jmc [Sat, 24 Oct 2015 08:46:05 +0000 (08:46 +0000)]
remove a paste error and get section numbers right for sysctl(3);
jmc [Sat, 24 Oct 2015 08:44:49 +0000 (08:44 +0000)]
change one instance of Dl to a display and provide a teeny indent
to avoid line wrap; tj mailed me a diff to make this example work
more generally, but i prefer to try and avoid the line wrap;
jmc [Sat, 24 Oct 2015 08:42:57 +0000 (08:42 +0000)]
normalise TUNNEL synopsis; ok dlg
sthen [Sat, 24 Oct 2015 08:34:09 +0000 (08:34 +0000)]
Handle the split of tun(4) "link0" into tap(4) in ssh tun-forwarding.
Adapted from portable (using separate devices for this is the normal case
in most OS). ok djm@
claudio [Sat, 24 Oct 2015 08:06:45 +0000 (08:06 +0000)]
Introduce msgtypenames to print bgp msg types (which will be used by bgpctl)
claudio [Sat, 24 Oct 2015 08:02:24 +0000 (08:02 +0000)]
In all other cases of rde_filter_match() we ensure that asp is valid so
do it here as well.
claudio [Sat, 24 Oct 2015 08:00:42 +0000 (08:00 +0000)]
seg_type is only set but never used. So remove it. Someone reported this
long time ago.
deraadt [Sat, 24 Oct 2015 07:05:50 +0000 (07:05 +0000)]
sync
mmcc [Sat, 24 Oct 2015 06:07:43 +0000 (06:07 +0000)]
Cast isxdigit()'s argument to unsigned char.
ok guenther@
visa [Sat, 24 Oct 2015 05:35:42 +0000 (05:35 +0000)]
Make use of hardware RX checksum validation.
ok naddy@
mmcc [Sat, 24 Oct 2015 05:26:00 +0000 (05:26 +0000)]
Cast ctype function arguments to unsigned char.
ok guenther@
dlg [Sat, 24 Oct 2015 04:12:24 +0000 (04:12 +0000)]
lookup tap devices in tapkqfilter, not tun devices.
libevent likes this more.
nicm [Fri, 23 Oct 2015 23:46:36 +0000 (23:46 +0000)]
Pasting mouse escape sequences is unlikely, so skip them when working
out whether the user is pasting.
sthen [Fri, 23 Oct 2015 22:55:49 +0000 (22:55 +0000)]
ypcipher isn't supported any more - it was already removed from login.conf(5)
and pwd_gensalt.c - so remove it from the default /etc/login.conf files as well.
ok millert@
bluhm [Fri, 23 Oct 2015 22:50:09 +0000 (22:50 +0000)]
Test syslogd with empty or non existing server certificates and
keys.
zhuk [Fri, 23 Oct 2015 19:56:10 +0000 (19:56 +0000)]
Fix a couple of issues in Russian calendar entries:
* Fix #ifndef safeguards (rename/add where missing);
* Use consistent spelling for year when it's mentioned in day desc;
* Tweak some wrong casing cases;
* Remove calendar.msk since Moscow doesn't have summer time anymore,
and that was the only thing this file was about;
* A few other corrections.
Some corrections from Mikhail on tech@, thanks!
Small fix & okay from mikeb@.
mmcc [Fri, 23 Oct 2015 18:50:54 +0000 (18:50 +0000)]
Cast isdigit() argument to unsigned char.
tobias [Fri, 23 Oct 2015 18:49:07 +0000 (18:49 +0000)]
Verify that opened message catalog is valid, i.e. avoid integer overflows
and out of boundary accesses.
with input by miod, ok stsp
mmcc [Fri, 23 Oct 2015 18:47:21 +0000 (18:47 +0000)]
Cast ctype functions' arguments to unsigned char.
mmcc [Fri, 23 Oct 2015 18:44:15 +0000 (18:44 +0000)]
Cast isspace() argument to unsigned char.
tedu [Fri, 23 Oct 2015 18:42:55 +0000 (18:42 +0000)]
remove some more ifdef maziness
krw [Fri, 23 Oct 2015 18:04:37 +0000 (18:04 +0000)]
Fix renaming in the root directory by correctly setting directory
offset.
From Serguey Parkhomovsky via bugs@, in response to problem report
from matthieu@. Same fix is in NetBSD for one.
ok tedu@
mmcc [Fri, 23 Oct 2015 17:22:43 +0000 (17:22 +0000)]
Remove three strange and unused preproc defines. Submitted by Ilya
Kaliman.
ok nicm@
krw [Fri, 23 Oct 2015 17:21:34 +0000 (17:21 +0000)]
Fix printf() types so kernel compiles with or w/o MSDOSFS_DEBUG.
e.g. print pointers with %p instead of %08x. No changes outside of
MSDOSFS_DEBUG.
claudio [Fri, 23 Oct 2015 16:45:51 +0000 (16:45 +0000)]
From jmc@ "the exclusive open propery" does not make sense. Try with 'an'.
claudio [Fri, 23 Oct 2015 16:44:25 +0000 (16:44 +0000)]
Forgot to install the new tap.4 man page.
deraadt [Fri, 23 Oct 2015 16:39:13 +0000 (16:39 +0000)]
Rather than re-opening the driftfile to write, keep it open; rewinding
and coping with error conditions... that lets us avoid a pledge "wpath".
Putting it all together, this lets the master ntpd pledge "stdio rpath
inet settime proc id". It works like this: "rpath" to load the
certificates, "proc" to create constraint processes, "id" to chroot
and lock the constraint processes into a jail, then "inet" to open a
https session. "settime" is used by the master to manage the system
time when the ntp-speaking engine instructs the master.
with help from naddy
nicm [Fri, 23 Oct 2015 16:30:15 +0000 (16:30 +0000)]
Remove some unnecessary checks before free().
nicm [Fri, 23 Oct 2015 16:29:07 +0000 (16:29 +0000)]
If $TMUX is set, and we are unsure about the session, use it.
bluhm [Fri, 23 Oct 2015 16:28:52 +0000 (16:28 +0000)]
If writing to a tty blocks, syslogd forked and tried to write again
in a background process. A potential fork(2) at every message is
bad, so replace this with an event. As a bonus the syslogd child
process does not need to pledge "proc" anymore. Also limit the
number of delayed write events.
OK deraadt@
nicm [Fri, 23 Oct 2015 16:07:29 +0000 (16:07 +0000)]
tmux can call pledge() in main with large set and then reduce it
slightly in the server to "stdio rpath wpath cpath fattr unix recvfd
proc exec tty ps".
nicm [Fri, 23 Oct 2015 16:02:21 +0000 (16:02 +0000)]
Format for scroll position, from Jorge Morante.
deraadt [Fri, 23 Oct 2015 15:53:49 +0000 (15:53 +0000)]
Allow SIOCGIFINFO_IN6
nicm [Fri, 23 Oct 2015 15:52:54 +0000 (15:52 +0000)]
Use tty_term_flag not _has for XT, and make -2 force direct use of
256-colour escape sequences (so setaf/setab can be bypassed if needed).
jung [Fri, 23 Oct 2015 15:48:16 +0000 (15:48 +0000)]
document -h flag and add a .Xr
ok sunil millert
benno [Fri, 23 Oct 2015 15:47:54 +0000 (15:47 +0000)]
ndp -n -d <addr> does dns lookups, even with -n. it should not.
found through pledge. ok deraadt@
claudio [Fri, 23 Oct 2015 15:22:49 +0000 (15:22 +0000)]
netstart bits for tap(4)
claudio [Fri, 23 Oct 2015 15:18:01 +0000 (15:18 +0000)]
Sync (MAKEDEV addition of tap)
claudio [Fri, 23 Oct 2015 15:17:24 +0000 (15:17 +0000)]
Adjust tun(4) and tap(4) after the split.
Note: "pseudo-device tun" is used by both devices this is not a typo
OK dlg@ mpi@
claudio [Fri, 23 Oct 2015 15:14:46 +0000 (15:14 +0000)]
Sync (after tap addition)
claudio [Fri, 23 Oct 2015 15:14:11 +0000 (15:14 +0000)]
MAKEDEV bits for tap(4)
OK dlg@ mpi@
claudio [Fri, 23 Oct 2015 15:10:52 +0000 (15:10 +0000)]
Allocate a new major for tap(4) also note that pseudo-device tun is for tap
as well. OK dlg@ mpi@
claudio [Fri, 23 Oct 2015 15:08:24 +0000 (15:08 +0000)]
Split up tun(4) into tun(4) & tap(4). Killing the link0 magic to switch
between modes. The two drivers still share most of the code but the mode
switcher is gone.
OK dlg@ mpi@
deraadt [Fri, 23 Oct 2015 15:03:25 +0000 (15:03 +0000)]
route has 3 code paths: monitor (listening on route socket); show
(sysctl and then print), change (getsocket, then read/write on that).
Refactor lightly and insert pledge "stdio rpath dns" in each case.
ok claudio benno phessler
phessler [Fri, 23 Oct 2015 14:52:20 +0000 (14:52 +0000)]
Allowing upstream servers of ntp being in multiple routing tables is
non-sensical. The dns lookups happened in the process routing table
(usually '0'), which is very likely to have different results from the
other routing domains. If you do depend on having this behaviour,
you'll need to use pf to cross the rtable boundary.
"listen on * rtable X" is still supported.
Users of "server * rtable X" will need to switch to launching ntpd with
"route -T X exec /usr/sbin/ntpd"
OK deraadt@
mpi [Fri, 23 Oct 2015 14:49:36 +0000 (14:49 +0000)]
rtfree(9) and rtalloc(9) no longer need to be called under KERNEL_LOCK.
schwarze [Fri, 23 Oct 2015 14:49:13 +0000 (14:49 +0000)]
apply bold and italic to all non-ASCII Unicode codepoints,
fixing input like \fB\('e; issue reported by bentley@
mpi [Fri, 23 Oct 2015 14:48:22 +0000 (14:48 +0000)]
Update route entries reference counters atomically.
This allows us to only grab the KERNEL_LOCK when the last reference
of an entry has been dropped.
For symmetry also grab the KERNEL_LOCK inside rtalloc(9).
ok dlg@, bluhm@
tedu [Fri, 23 Oct 2015 14:17:24 +0000 (14:17 +0000)]
don't need MMAP to compile now
tedu [Fri, 23 Oct 2015 14:16:02 +0000 (14:16 +0000)]
correct spelling of statistic in function name, from Pablo Hernandez
bluhm [Fri, 23 Oct 2015 14:06:55 +0000 (14:06 +0000)]
Check that syslogd delays a blocking write to tty and that that all
messages still appear on the tty.
bluhm [Fri, 23 Oct 2015 13:41:41 +0000 (13:41 +0000)]
It was possible to create a gateway route pointing to another gateway
route by changing the gateway. Despite the error message when doing
so, the route did actually change. The gateway is modified by
rt_setgate(), the error is created by rt_getifa(). Do these
operations the other way around.
OK mpi@
mpi [Fri, 23 Oct 2015 13:26:07 +0000 (13:26 +0000)]
``rt_ifp'' cannot be NULL.
ok claudio@
deraadt [Fri, 23 Oct 2015 13:21:10 +0000 (13:21 +0000)]
getnameinfo() no longer needs pledge "route". this drops to
pledge "stdio rpath".
claudio [Fri, 23 Oct 2015 13:09:19 +0000 (13:09 +0000)]
Switch if_nameindex(3) to use the new NET_RT_IFNAMES sysctl to get the
list of interface names. At the same time switch if_nametoindex(3) and
if_indextoname(3) to use if_nameindex(3) instead of getifaddrs(3).
if_nameindex(3) exposes much less then getifaddrs(3) and is allowed by
pledge(2).
With and OK deraadt@
claudio [Fri, 23 Oct 2015 12:59:12 +0000 (12:59 +0000)]
Add ifnameindex to te libc regress tests
deraadt [Fri, 23 Oct 2015 12:36:23 +0000 (12:36 +0000)]
delete ) that jumped in
benno [Fri, 23 Oct 2015 12:22:02 +0000 (12:22 +0000)]
let the icmp check use getsockopt IP_IPDEFTTL to get the default ttl
instead of using sysctl. makes it possible to pledge hce.
zhuk [Fri, 23 Oct 2015 11:43:16 +0000 (11:43 +0000)]
A bit of whitespace cleanup, to make further diffs smaller.
zhuk [Fri, 23 Oct 2015 11:01:30 +0000 (11:01 +0000)]
Fix BODUN handling after switch to UTF-8.
Still wondering if this functionality should be removed, but I'll leave
the decision to those who drink alcohol.
Input from & okay tedu@.
krw [Fri, 23 Oct 2015 10:45:31 +0000 (10:45 +0000)]
Nuke a bunch of leading/embedded/trailing whitespace so the code can be
read without generating spurious headaches.
tedu [Fri, 23 Oct 2015 10:33:52 +0000 (10:33 +0000)]
forgot to commit makefile change for utf-8 calendars
claudio [Fri, 23 Oct 2015 10:22:29 +0000 (10:22 +0000)]
Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex
mappings. This will be used by if_nameindex(3), if_nametoindex(3) and
if_indextoname(3) soon to fix the issues in pledge because of inet6 link
local addressing.
OK mpi@ benno@ deraadt@
The libc version will follow soon so better start updating your kernels
renato [Fri, 23 Oct 2015 10:11:20 +0000 (10:11 +0000)]
Make use of pledge(2).
ok deraadt@
renato [Fri, 23 Oct 2015 10:10:17 +0000 (10:10 +0000)]
Add pledge(2) to the child processes.
This is almost identical to the eigrpd(8) pledge diff, with the exception
that the parent process can not be pledged bacause of a SIOCSETMPWCFG
ioctl used to configure pseudowires.
Looks good to deraadt@.
kettenis [Fri, 23 Oct 2015 09:36:09 +0000 (09:36 +0000)]
Zap pv allocation abstraction layer.
ok mlarkin@
tedu [Fri, 23 Oct 2015 09:35:52 +0000 (09:35 +0000)]
i assume this file needs a LANG like all the rest
tedu [Fri, 23 Oct 2015 09:32:14 +0000 (09:32 +0000)]
translate calendar files to utf-8
tedu [Fri, 23 Oct 2015 09:13:00 +0000 (09:13 +0000)]
push LDSTATIC line down so it's not overridden by makefile.inc. ok reyk