#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
04e9edb5 |
|
05-Jan-2019 |
Mark Johnston <markj@FreeBSD.org> |
Capsicumize rtsol(8) and rtsold(8). These programs parse ND6 Router Advertisement messages; rtsold(8) has required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they are good candidates for sandboxing. The approach taken is to run the main executable in capability mode and use Casper services to provide functionality that cannot be implemented within the sandbox. In particular, several custom services were required. - A Casper service is used to send Router Solicitation messages on a raw ICMP6 socket. Initially I took the approach of creating a socket for each interface upon startup, and connect(2)ing it to the all-routers multicast group for the interface. This permits the use of sendmsg(2) in capability mode, but only works if the interface's link is up when rtsol(d) starts. So, instead, the rtsold.sendmsg service is used to transmit RS messages on behalf of the main process. One could alternately define a service which simply creates and connects a socket for each destination address, and returns the socket to the sandboxed process. However, to implement rtsold's -m option we also need to read the ND6 default router list, and this cannot be done in capability mode. - rtsold may execute resolvconf(8) in response to RDNSS and DNSSL options in received RA messages. A Casper service is used to fork and exec resolvconf(8), and to reap the child process. - A service is used to determine whether a given interface's link-local address is useable (i.e., not duplicated or undergoing DAD). This information is supplied by getifaddrs(3), which reads a sysctl not available in capability mode. The SIOCGIFCONF socket ioctl provides equivalent information and can be used in capability mode, but I decided against it for now because of some limitations of that interface. In addition to these new services, cap_syslog(3) is used to send messages to syslogd. Reviewed by: oshogbo Tested by: bz (previous versions) MFC after: 2 months Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17572
|
#
56160b2e |
|
06-Oct-2015 |
Xin LI <delphij@FreeBSD.org> |
Now that we own the code, use arc4random(3) unconditionally and remove the corresponding HAVE_ARC4RANDOM conditions. MFC after: 2 weeks
|
#
f74237f5 |
|
10-Sep-2015 |
Hiroki Sato <hrs@FreeBSD.org> |
- Remove #ifdef HAVE_POLL_H. - Use nitems(). MFC after: 3 days
|
#
933095de |
|
09-Apr-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
rtsold does not need to link to libkvm
|
#
c6db8143 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert usr.sbin to LIBADD Reduce overlinking
|
#
1d90532a |
|
06-Jun-2011 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Lower WARNS level to 3 to eliminate alignment warnings related to casting inherent in CMSG_DATA().
|
#
48a16a34 |
|
06-Jun-2011 |
Ed Schouten <ed@FreeBSD.org> |
Remove redundant assignments to WARNS. For these directories, WARNS is already implied to be 6.
|
#
db82af41 |
|
05-Jun-2011 |
Hiroki Sato <hrs@FreeBSD.org> |
- Implement RDNSS and DNSSL options (RFC 6106, IPv6 Router Advertisement Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS information received by rtsold(8) will go to resolv.conf(5) by resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259) but revised extensively[1]. - rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf with "noifprefix" + no "addr" generates an RA message with no prefix information option. - rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an interface is added or removed. - Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191. Reviewed by: bz[1] PR: kern/156259 [1] PR: bin/152458 [2]
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
bd2c49af |
|
27-Feb-2010 |
Ulrich Spörlein <uqs@FreeBSD.org> |
rtsol(8)/rtsold(8): make WARNS=3 clean It is actually WARNS=6 clean for non-strict alignment archs. Approved by: ed (co-mentor)
|
#
71ccf092 |
|
02-Jan-2010 |
Ed Schouten <ed@FreeBSD.org> |
The last big commit: let usr.sbin/ use WARNS=6 by default.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
064aa447 |
|
27-Jul-2006 |
Yaroslav Tykhiy <ytykhiy@gmail.com> |
These IPv6-only tools have no explicit dependency on the INET6 macro. Tested with: cmp(1)
|
#
5c706347 |
|
14-Aug-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
support poll(2). Obtained from: KAME MFC after: 1 week
|
#
5ed8c16b |
|
08-Aug-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
drop the code for the environment where getifaddrs(3) is not supported. Obtained from: KAME MFC after: 1 week
|
#
052238b1 |
|
04-Apr-2003 |
David E. O'Brien <obrien@FreeBSD.org> |
style.Makefile(5)
|
#
21c7f9f0 |
|
10-Feb-2003 |
Andrey A. Chernov <ache@FreeBSD.org> |
Add -DHAVE_ARC4RANDOM to CFLAGS
|
#
90e655ea |
|
20-Jul-2001 |
David E. O'Brien <obrien@FreeBSD.org> |
Perform a major cleanup of the usr.sbin Makefiles. These are not perfectly in agreement with each other style-wise, but they are orders of orders of magnitude more consistent style-wise than before.
|
#
33841545 |
|
10-Jun-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
345e52e7 |
|
26-Mar-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Backout botched attempt to introduce MANSECT feature. - MAN[1-9] -> MAN.
|
#
c73e22c3 |
|
20-Mar-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
Set the default manual section for usr.sbin/ to 8.
|
#
8b158403 |
|
05-Jul-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Correct style bugs
|
#
259df286 |
|
05-Jul-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Sync with latest KAME. Obtained from: KAME
|
#
7d56d374 |
|
27-Dec-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
Getaddrinfo(), getnameinfo(), and etc support in libc/net. Several udp and raw apps IPv6 support. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|