Accept netstat-style address.port syntax too.
OK bluhm@ deraadt@ jmc@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

use _PATH_ names for unveil if possible

tcpdrop(8) needs to access only two files, in this case /etc/hosts and
/etc/resolv.conf both with read permissions for the purpose of name resolution,
so unveil(2) both files with "r" perms and disable further filesystem access.

While here sort the headers alphabetically.

OK bluhm@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Give tcpdrop a proper usage() like other programs in the tree.

ok bluhm@

Remove an unnecessary freeaddrinfo() call, since errx() would free all
the memory including the one allocated by the earlier getaddrinfo()
(pointed out by claudio@).

feedback from claudio@
ok bluhm@

If you want <sys/queue.h>, you need to include it. Don't assume that
<sys/sysctl.h> will pull in the universe (I am working on breaking that
assumption in a gentle fashion)

Check the return values of the strdup() calls.

OK deraadt@

no need for netinet/ip_var.h (and friends)

switch the rval to 1 before loop through the linked list \
and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \
ail->ai_family != aif_family.

OK markus@

rename laddr2 to faddr2 for more consistency. OK markus@

We no longer use struct eproc for kinfo_proc in sysctl.h so there
is no direct need for sys/proc.h or sys/resource.h. Some consumers
of kinfo_proc need these for the proc flags and rlimit defines like
RLIM_INF so add the appropriate includes to them.
OK deraadt@ sthen@

tcpdrop broke with the addition of routing domains. Repair.
ok claudio@

flesh out the addresses to make it clear what they are; requested by jmc

support a 2 address format (addr:port addr:port) like fstat outputs.
also enhance ipv6 support by unpacking the [addr]:port format.
ok beck, itojun, various others

check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@

missing header

pretty

Set oldp en oldlenp to NULL; provide feedback; set exit status.
ok markus@

drop tcp connections using sysctl(2)

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

use _PATH_ names for unveil if possible

tcpdrop(8) needs to access only two files, in this case /etc/hosts and
/etc/resolv.conf both with read permissions for the purpose of name resolution,
so unveil(2) both files with "r" perms and disable further filesystem access.

While here sort the headers alphabetically.

OK bluhm@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Give tcpdrop a proper usage() like other programs in the tree.

ok bluhm@

Remove an unnecessary freeaddrinfo() call, since errx() would free all
the memory including the one allocated by the earlier getaddrinfo()
(pointed out by claudio@).

feedback from claudio@
ok bluhm@

If you want <sys/queue.h>, you need to include it. Don't assume that
<sys/sysctl.h> will pull in the universe (I am working on breaking that
assumption in a gentle fashion)

Check the return values of the strdup() calls.

OK deraadt@

no need for netinet/ip_var.h (and friends)

switch the rval to 1 before loop through the linked list \
and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \
ail->ai_family != aif_family.

OK markus@

rename laddr2 to faddr2 for more consistency. OK markus@

We no longer use struct eproc for kinfo_proc in sysctl.h so there
is no direct need for sys/proc.h or sys/resource.h. Some consumers
of kinfo_proc need these for the proc flags and rlimit defines like
RLIM_INF so add the appropriate includes to them.
OK deraadt@ sthen@

tcpdrop broke with the addition of routing domains. Repair.
ok claudio@

flesh out the addresses to make it clear what they are; requested by jmc

support a 2 address format (addr:port addr:port) like fstat outputs.
also enhance ipv6 support by unpacking the [addr]:port format.
ok beck, itojun, various others

check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@

missing header

pretty

Set oldp en oldlenp to NULL; provide feedback; set exit status.
ok markus@

drop tcp connections using sysctl(2)

use _PATH_ names for unveil if possible

tcpdrop(8) needs to access only two files, in this case /etc/hosts and
/etc/resolv.conf both with read permissions for the purpose of name resolution,
so unveil(2) both files with "r" perms and disable further filesystem access.

While here sort the headers alphabetically.

OK bluhm@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Give tcpdrop a proper usage() like other programs in the tree.

ok bluhm@

Remove an unnecessary freeaddrinfo() call, since errx() would free all
the memory including the one allocated by the earlier getaddrinfo()
(pointed out by claudio@).

feedback from claudio@
ok bluhm@

If you want <sys/queue.h>, you need to include it. Don't assume that
<sys/sysctl.h> will pull in the universe (I am working on breaking that
assumption in a gentle fashion)

Check the return values of the strdup() calls.

OK deraadt@

no need for netinet/ip_var.h (and friends)

switch the rval to 1 before loop through the linked list \
and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \
ail->ai_family != aif_family.

OK markus@

rename laddr2 to faddr2 for more consistency. OK markus@

We no longer use struct eproc for kinfo_proc in sysctl.h so there
is no direct need for sys/proc.h or sys/resource.h. Some consumers
of kinfo_proc need these for the proc flags and rlimit defines like
RLIM_INF so add the appropriate includes to them.
OK deraadt@ sthen@

tcpdrop broke with the addition of routing domains. Repair.
ok claudio@

flesh out the addresses to make it clear what they are; requested by jmc

support a 2 address format (addr:port addr:port) like fstat outputs.
also enhance ipv6 support by unpacking the [addr]:port format.
ok beck, itojun, various others

check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@

missing header

pretty

Set oldp en oldlenp to NULL; provide feedback; set exit status.
ok markus@

drop tcp connections using sysctl(2)

tcpdrop(8) needs to access only two files, in this case /etc/hosts and
/etc/resolv.conf both with read permissions for the purpose of name resolution,
so unveil(2) both files with "r" perms and disable further filesystem access.

While here sort the headers alphabetically.

OK bluhm@

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Give tcpdrop a proper usage() like other programs in the tree.

ok bluhm@

Remove an unnecessary freeaddrinfo() call, since errx() would free all
the memory including the one allocated by the earlier getaddrinfo()
(pointed out by claudio@).

feedback from claudio@
ok bluhm@

If you want <sys/queue.h>, you need to include it. Don't assume that
<sys/sysctl.h> will pull in the universe (I am working on breaking that
assumption in a gentle fashion)

Check the return values of the strdup() calls.

OK deraadt@

no need for netinet/ip_var.h (and friends)

switch the rval to 1 before loop through the linked list \
and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \
ail->ai_family != aif_family.

OK markus@

rename laddr2 to faddr2 for more consistency. OK markus@

We no longer use struct eproc for kinfo_proc in sysctl.h so there
is no direct need for sys/proc.h or sys/resource.h. Some consumers
of kinfo_proc need these for the proc flags and rlimit defines like
RLIM_INF so add the appropriate includes to them.
OK deraadt@ sthen@

tcpdrop broke with the addition of routing domains. Repair.
ok claudio@

flesh out the addresses to make it clear what they are; requested by jmc

support a 2 address format (addr:port addr:port) like fstat outputs.
also enhance ipv6 support by unpacking the [addr]:port format.
ok beck, itojun, various others

check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@

missing header

pretty

Set oldp en oldlenp to NULL; provide feedback; set exit status.
ok markus@

drop tcp connections using sysctl(2)

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Give tcpdrop a proper usage() like other programs in the tree.

ok bluhm@

Remove an unnecessary freeaddrinfo() call, since errx() would free all
the memory including the one allocated by the earlier getaddrinfo()
(pointed out by claudio@).

feedback from claudio@
ok bluhm@

If you want <sys/queue.h>, you need to include it. Don't assume that
<sys/sysctl.h> will pull in the universe (I am working on breaking that
assumption in a gentle fashion)

Check the return values of the strdup() calls.

OK deraadt@

no need for netinet/ip_var.h (and friends)

switch the rval to 1 before loop through the linked list \
and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \
ail->ai_family != aif_family.

OK markus@

rename laddr2 to faddr2 for more consistency. OK markus@

We no longer use struct eproc for kinfo_proc in sysctl.h so there
is no direct need for sys/proc.h or sys/resource.h. Some consumers
of kinfo_proc need these for the proc flags and rlimit defines like
RLIM_INF so add the appropriate includes to them.
OK deraadt@ sthen@

tcpdrop broke with the addition of routing domains. Repair.
ok claudio@

flesh out the addresses to make it clear what they are; requested by jmc

support a 2 address format (addr:port addr:port) like fstat outputs.
also enhance ipv6 support by unpacking the [addr]:port format.
ok beck, itojun, various others

check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@

missing header

pretty

Set oldp en oldlenp to NULL; provide feedback; set exit status.
ok markus@

drop tcp connections using sysctl(2)