#
1.21 |
|
06-Feb-2023 |
millert |
Accept netstat-style address.port syntax too. OK bluhm@ deraadt@ jmc@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.20 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.19 |
|
27-Nov-2019 |
deraadt |
use _PATH_ names for unveil if possible
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
08-Nov-2018 |
mestre |
tcpdrop(8) needs to access only two files, in this case /etc/hosts and /etc/resolv.conf both with read permissions for the purpose of name resolution, so unveil(2) both files with "r" perms and disable further filesystem access.
While here sort the headers alphabetically.
OK bluhm@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.17 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.16 |
|
13-Jan-2015 |
lteo |
Give tcpdrop a proper usage() like other programs in the tree.
ok bluhm@
|
#
1.15 |
|
01-Jan-2015 |
lteo |
Remove an unnecessary freeaddrinfo() call, since errx() would free all the memory including the one allocated by the earlier getaddrinfo() (pointed out by claudio@).
feedback from claudio@ ok bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
29-Jun-2014 |
deraadt |
If you want <sys/queue.h>, you need to include it. Don't assume that <sys/sysctl.h> will pull in the universe (I am working on breaking that assumption in a gentle fashion)
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
10-Jan-2014 |
lteo |
Check the return values of the strdup() calls.
OK deraadt@
|
#
1.12 |
|
24-Oct-2013 |
deraadt |
no need for netinet/ip_var.h (and friends)
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.11 |
|
09-Jul-2013 |
gsoares |
switch the rval to 1 before loop through the linked list \ and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \ ail->ai_family != aif_family.
OK markus@
|
#
1.10 |
|
09-Jul-2013 |
gsoares |
rename laddr2 to faddr2 for more consistency. OK markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.9 |
|
18-Dec-2012 |
millert |
We no longer use struct eproc for kinfo_proc in sysctl.h so there is no direct need for sys/proc.h or sys/resource.h. Some consumers of kinfo_proc need these for the proc flags and rlimit defines like RLIM_INF so add the appropriate includes to them. OK deraadt@ sthen@
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
13-Jun-2009 |
andreas |
tcpdrop broke with the addition of routing domains. Repair. ok claudio@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.7 |
|
28-Mar-2007 |
deraadt |
flesh out the addresses to make it clear what they are; requested by jmc
|
#
1.6 |
|
25-Mar-2007 |
deraadt |
support a 2 address format (addr:port addr:port) like fstat outputs. also enhance ipv6 support by unpacking the [addr]:port format. ok beck, itojun, various others
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.5 |
|
03-Jan-2006 |
stevesk |
check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.4 |
|
22-May-2004 |
deraadt |
missing header
|
#
1.3 |
|
09-May-2004 |
deraadt |
pretty
|
#
1.2 |
|
27-Apr-2004 |
otto |
Set oldp en oldlenp to NULL; provide feedback; set exit status. ok markus@
|
#
1.1 |
|
26-Apr-2004 |
markus |
drop tcp connections using sysctl(2)
|
#
1.20 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.19 |
|
27-Nov-2019 |
deraadt |
use _PATH_ names for unveil if possible
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
08-Nov-2018 |
mestre |
tcpdrop(8) needs to access only two files, in this case /etc/hosts and /etc/resolv.conf both with read permissions for the purpose of name resolution, so unveil(2) both files with "r" perms and disable further filesystem access.
While here sort the headers alphabetically.
OK bluhm@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.17 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.16 |
|
13-Jan-2015 |
lteo |
Give tcpdrop a proper usage() like other programs in the tree.
ok bluhm@
|
#
1.15 |
|
01-Jan-2015 |
lteo |
Remove an unnecessary freeaddrinfo() call, since errx() would free all the memory including the one allocated by the earlier getaddrinfo() (pointed out by claudio@).
feedback from claudio@ ok bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
29-Jun-2014 |
deraadt |
If you want <sys/queue.h>, you need to include it. Don't assume that <sys/sysctl.h> will pull in the universe (I am working on breaking that assumption in a gentle fashion)
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
10-Jan-2014 |
lteo |
Check the return values of the strdup() calls.
OK deraadt@
|
#
1.12 |
|
24-Oct-2013 |
deraadt |
no need for netinet/ip_var.h (and friends)
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.11 |
|
09-Jul-2013 |
gsoares |
switch the rval to 1 before loop through the linked list \ and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \ ail->ai_family != aif_family.
OK markus@
|
#
1.10 |
|
09-Jul-2013 |
gsoares |
rename laddr2 to faddr2 for more consistency. OK markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.9 |
|
18-Dec-2012 |
millert |
We no longer use struct eproc for kinfo_proc in sysctl.h so there is no direct need for sys/proc.h or sys/resource.h. Some consumers of kinfo_proc need these for the proc flags and rlimit defines like RLIM_INF so add the appropriate includes to them. OK deraadt@ sthen@
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
13-Jun-2009 |
andreas |
tcpdrop broke with the addition of routing domains. Repair. ok claudio@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.7 |
|
28-Mar-2007 |
deraadt |
flesh out the addresses to make it clear what they are; requested by jmc
|
#
1.6 |
|
25-Mar-2007 |
deraadt |
support a 2 address format (addr:port addr:port) like fstat outputs. also enhance ipv6 support by unpacking the [addr]:port format. ok beck, itojun, various others
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.5 |
|
03-Jan-2006 |
stevesk |
check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.4 |
|
22-May-2004 |
deraadt |
missing header
|
#
1.3 |
|
09-May-2004 |
deraadt |
pretty
|
#
1.2 |
|
27-Apr-2004 |
otto |
Set oldp en oldlenp to NULL; provide feedback; set exit status. ok markus@
|
#
1.1 |
|
26-Apr-2004 |
markus |
drop tcp connections using sysctl(2)
|
#
1.19 |
|
27-Nov-2019 |
deraadt |
use _PATH_ names for unveil if possible
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
08-Nov-2018 |
mestre |
tcpdrop(8) needs to access only two files, in this case /etc/hosts and /etc/resolv.conf both with read permissions for the purpose of name resolution, so unveil(2) both files with "r" perms and disable further filesystem access.
While here sort the headers alphabetically.
OK bluhm@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.17 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.16 |
|
13-Jan-2015 |
lteo |
Give tcpdrop a proper usage() like other programs in the tree.
ok bluhm@
|
#
1.15 |
|
01-Jan-2015 |
lteo |
Remove an unnecessary freeaddrinfo() call, since errx() would free all the memory including the one allocated by the earlier getaddrinfo() (pointed out by claudio@).
feedback from claudio@ ok bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
29-Jun-2014 |
deraadt |
If you want <sys/queue.h>, you need to include it. Don't assume that <sys/sysctl.h> will pull in the universe (I am working on breaking that assumption in a gentle fashion)
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
10-Jan-2014 |
lteo |
Check the return values of the strdup() calls.
OK deraadt@
|
#
1.12 |
|
24-Oct-2013 |
deraadt |
no need for netinet/ip_var.h (and friends)
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.11 |
|
09-Jul-2013 |
gsoares |
switch the rval to 1 before loop through the linked list \ and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \ ail->ai_family != aif_family.
OK markus@
|
#
1.10 |
|
09-Jul-2013 |
gsoares |
rename laddr2 to faddr2 for more consistency. OK markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.9 |
|
18-Dec-2012 |
millert |
We no longer use struct eproc for kinfo_proc in sysctl.h so there is no direct need for sys/proc.h or sys/resource.h. Some consumers of kinfo_proc need these for the proc flags and rlimit defines like RLIM_INF so add the appropriate includes to them. OK deraadt@ sthen@
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
13-Jun-2009 |
andreas |
tcpdrop broke with the addition of routing domains. Repair. ok claudio@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.7 |
|
28-Mar-2007 |
deraadt |
flesh out the addresses to make it clear what they are; requested by jmc
|
#
1.6 |
|
25-Mar-2007 |
deraadt |
support a 2 address format (addr:port addr:port) like fstat outputs. also enhance ipv6 support by unpacking the [addr]:port format. ok beck, itojun, various others
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.5 |
|
03-Jan-2006 |
stevesk |
check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.4 |
|
22-May-2004 |
deraadt |
missing header
|
#
1.3 |
|
09-May-2004 |
deraadt |
pretty
|
#
1.2 |
|
27-Apr-2004 |
otto |
Set oldp en oldlenp to NULL; provide feedback; set exit status. ok markus@
|
#
1.1 |
|
26-Apr-2004 |
markus |
drop tcp connections using sysctl(2)
|
#
1.18 |
|
08-Nov-2018 |
mestre |
tcpdrop(8) needs to access only two files, in this case /etc/hosts and /etc/resolv.conf both with read permissions for the purpose of name resolution, so unveil(2) both files with "r" perms and disable further filesystem access.
While here sort the headers alphabetically.
OK bluhm@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.17 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.16 |
|
13-Jan-2015 |
lteo |
Give tcpdrop a proper usage() like other programs in the tree.
ok bluhm@
|
#
1.15 |
|
01-Jan-2015 |
lteo |
Remove an unnecessary freeaddrinfo() call, since errx() would free all the memory including the one allocated by the earlier getaddrinfo() (pointed out by claudio@).
feedback from claudio@ ok bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
29-Jun-2014 |
deraadt |
If you want <sys/queue.h>, you need to include it. Don't assume that <sys/sysctl.h> will pull in the universe (I am working on breaking that assumption in a gentle fashion)
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
10-Jan-2014 |
lteo |
Check the return values of the strdup() calls.
OK deraadt@
|
#
1.12 |
|
24-Oct-2013 |
deraadt |
no need for netinet/ip_var.h (and friends)
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.11 |
|
09-Jul-2013 |
gsoares |
switch the rval to 1 before loop through the linked list \ and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \ ail->ai_family != aif_family.
OK markus@
|
#
1.10 |
|
09-Jul-2013 |
gsoares |
rename laddr2 to faddr2 for more consistency. OK markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.9 |
|
18-Dec-2012 |
millert |
We no longer use struct eproc for kinfo_proc in sysctl.h so there is no direct need for sys/proc.h or sys/resource.h. Some consumers of kinfo_proc need these for the proc flags and rlimit defines like RLIM_INF so add the appropriate includes to them. OK deraadt@ sthen@
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
13-Jun-2009 |
andreas |
tcpdrop broke with the addition of routing domains. Repair. ok claudio@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.7 |
|
28-Mar-2007 |
deraadt |
flesh out the addresses to make it clear what they are; requested by jmc
|
#
1.6 |
|
25-Mar-2007 |
deraadt |
support a 2 address format (addr:port addr:port) like fstat outputs. also enhance ipv6 support by unpacking the [addr]:port format. ok beck, itojun, various others
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.5 |
|
03-Jan-2006 |
stevesk |
check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.4 |
|
22-May-2004 |
deraadt |
missing header
|
#
1.3 |
|
09-May-2004 |
deraadt |
pretty
|
#
1.2 |
|
27-Apr-2004 |
otto |
Set oldp en oldlenp to NULL; provide feedback; set exit status. ok markus@
|
#
1.1 |
|
26-Apr-2004 |
markus |
drop tcp connections using sysctl(2)
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.17 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.16 |
|
13-Jan-2015 |
lteo |
Give tcpdrop a proper usage() like other programs in the tree.
ok bluhm@
|
#
1.15 |
|
01-Jan-2015 |
lteo |
Remove an unnecessary freeaddrinfo() call, since errx() would free all the memory including the one allocated by the earlier getaddrinfo() (pointed out by claudio@).
feedback from claudio@ ok bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
29-Jun-2014 |
deraadt |
If you want <sys/queue.h>, you need to include it. Don't assume that <sys/sysctl.h> will pull in the universe (I am working on breaking that assumption in a gentle fashion)
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
10-Jan-2014 |
lteo |
Check the return values of the strdup() calls.
OK deraadt@
|
#
1.12 |
|
24-Oct-2013 |
deraadt |
no need for netinet/ip_var.h (and friends)
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.11 |
|
09-Jul-2013 |
gsoares |
switch the rval to 1 before loop through the linked list \ and finally change back to 0 afterwards. so teach tcpdrop to exit 1 if \ ail->ai_family != aif_family.
OK markus@
|
#
1.10 |
|
09-Jul-2013 |
gsoares |
rename laddr2 to faddr2 for more consistency. OK markus@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.9 |
|
18-Dec-2012 |
millert |
We no longer use struct eproc for kinfo_proc in sysctl.h so there is no direct need for sys/proc.h or sys/resource.h. Some consumers of kinfo_proc need these for the proc flags and rlimit defines like RLIM_INF so add the appropriate includes to them. OK deraadt@ sthen@
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.8 |
|
13-Jun-2009 |
andreas |
tcpdrop broke with the addition of routing domains. Repair. ok claudio@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.7 |
|
28-Mar-2007 |
deraadt |
flesh out the addresses to make it clear what they are; requested by jmc
|
#
1.6 |
|
25-Mar-2007 |
deraadt |
support a 2 address format (addr:port addr:port) like fstat outputs. also enhance ipv6 support by unpacking the [addr]:port format. ok beck, itojun, various others
|
Revision tags: OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.5 |
|
03-Jan-2006 |
stevesk |
check getnameinfo() return for 0 and use errx() vs. err(); old ok markus@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.4 |
|
22-May-2004 |
deraadt |
missing header
|
#
1.3 |
|
09-May-2004 |
deraadt |
pretty
|
#
1.2 |
|
27-Apr-2004 |
otto |
Set oldp en oldlenp to NULL; provide feedback; set exit status. ok markus@
|
#
1.1 |
|
26-Apr-2004 |
markus |
drop tcp connections using sysctl(2)
|