src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-10-09	hook pledge	Sebastien Marie

2015-10-09	follow tame->pledge in regress	Sebastien Marie

2015-10-08	allow a test to manage itself the tame(2) call.	Sebastien Marie

2015-10-06	update "cmsg" tests: it lost TAME_SELF flag.	Sebastien Marie

2015-10-06	add some tests for rpath, wpath, cpath	Sebastien Marie

2015-09-30	implement new "prot_exec" tame(2) request:	Sebastien Marie
	- by default, a tamed-program don't have the possibility to use PROT_EXEC for mmap(2) or mprotect(2) - for that, use the request "prot_exec" (that could be dropped later) initial idea from deraadt@ and kettenis@ "make complete sense" beck@ ok deraadt@
2015-09-28	make using tame path "/" work.	Sebastien Marie
	and add a regress test for that. ok deraadt@
2015-09-27	add a tame(2) regress for stat(2) and realpath(3)	Sebastien Marie

2015-09-24	tame("xxx", NULL) and tame("xxx", {NULL}) are not the same	Sebastien Marie
	- change output of regress to reflect that - add test
2015-09-24	refactor a bit regress tame	Sebastien Marie
	- unit tests are functions in main.c - use test name in output - add grabbing stdout output of tests
2015-09-18	remove check for LD_BIND_NOW as kbind(2) is available on almost (all ?) arch	Sebastien Marie
	where LD_BIND_NOW was in use.
2015-09-11	fter fixing poll(2) semantics in dynamic TCP buffer size update,	Alexander Bluhm
	making netcat non-blocking and fixing ip6_forward() ICMP6 checksum, this test can be made more aggressive. Delete the path MTU route before sending TCP streams through the pf firewall. This checks that PMTU discovery works with outgoing interface MTU and router MTU. Test IPv4 and IPv6 protocols ICMP echo, UDP, TCP with pf nat-to, rdr-to, af-to, route-to, reply-to. Some af-to cases seem to be broken.
2015-09-10	enable generic regress for tame(2)	Sebastien Marie

2015-09-10	convert tame(2) regress to new API	Sebastien Marie

2015-09-10	convert tame(2) regress to new API	Sebastien Marie

2015-08-28	Add obviously missing #includes	Philip Guenther

2015-08-24	Extend the pf forward and fragment tests with a second challenge	Alexander Bluhm
	for path MTU discovery. The router behind the pf machine has MTU 1300. The ICMP packet generated by the router matches the pf state and is NATed correctly. Additionally the pf machine itself has an interface MTU 1400. So when pf is sending a packet is has to generate a correct "fragmentation needed" or "packet too big" ICMP response. This is done with pf route-to and reply-to.
2015-08-24	Enable path MTU test with ping for IPv6. Scapy srp1() does not	Alexander Bluhm
	accept inner IPv6 packets in ICMP6 with bad checksum created by pf. Use same workaround as in pf_forward tests and fork a process for sniffing.
2015-08-24	add a missing header	Sebastien Marie

2015-08-24	add new (extensible) testsuite for tame(2)	Sebastien Marie

2015-08-23	remove tame/sys_exit in favor of more generic approch (soon)	Sebastien Marie

2015-08-23	convert to new tame(2) ABI/API	Sebastien Marie

2015-08-17	Add forwarding tests for pf route-to and reply-to. Keep pf forward	Alexander Bluhm
	and pf fragment tests in sync.
2015-08-13	Add IPv6 fragment tests for pf route-to. A big ping packet is sent	Alexander Bluhm
	in fragments to a machine running pf. From there it is forwarded with route-to to a router with a smaller MTU. Path MTU discovery has to make successive fragments shorter and pf route-to has to preserve the fragment size.
2015-08-13	NOTE_FORK\|NOTE_TRACK knote can track grandchild processes. Wait for	Masao Uebayashi
	both child/grandchild process events.
2015-08-13	Zero-clear test buffers. Close fds.	Masao Uebayashi

2015-08-13	Close an fd.	Masao Uebayashi

2015-08-13	Zero-clear test buffer. Close fds.	Masao Uebayashi

2015-08-13	Zero-clear test buffer.	Masao Uebayashi

2015-08-13	Zero-clear test buffer. KNF while here.	Masao Uebayashi

2015-08-02	Kill a useless assignment.	Masao Uebayashi

2015-08-02	Refactor to prepare a future change; no functional changes.	Masao Uebayashi

2015-08-01	SPC -> TAB	Masao Uebayashi

2015-07-28	Add more and deeper tests for pf divert-reply rules. Especially	Alexander Bluhm
	the combination of sending and receiving multiple packets over one socket is tested for UDP, raw IP and ICMP.
2015-07-28	check that flags value of 0 restricts the process to the _exit(2) system call.	Sebastien Marie
	note that it isn't the case currently.
2015-07-27	add some regress for tame. just a starting point for now	Sebastien Marie

2015-07-21	Extend the setup with another address for testing pf route-to.	Alexander Bluhm

2015-07-20	When test pf.conf changes, check its syntax and use the new one.	Alexander Bluhm

2015-06-29	Make this pass again on 32-bit platforms.	Miod Vallat

2015-06-25	Align the three variants of Remote.pm.	Alexander Bluhm

2015-05-12	Race less.	Todd C. Miller

2015-05-05	Updated fifotest.out	Todd C. Miller

2015-05-05	fifofs now respects the flags a descriptor was opened with.	Todd C. Miller
	Also add tests for when no FD events are specified. A few tests still don't pass which will be addressed shortly.
2015-04-25	Disable kq-tun test, as it's been broken for a while and not because of kq	Philip Guenther

2015-04-15	Test that ping6 fragments with ethernet padding get reassembled	Alexander Bluhm
	correctly.
2015-02-10	Add bind regress test	Claudio Jeker

2015-02-10	Test that bind works the way it should. This fails at the moment because	Claudio Jeker
	of the garbage in sin_zero.
2015-02-09	sort includes correctly	Theo de Raadt

2015-02-06	SIZE_MAX is standard, we should be using it in preference to the	Todd C. Miller
	obsolete SIZE_T_MAX. OK miod@ beck@
2015-01-19	The kernel doesn't actually care what a sockaddr's sa_len is on input,	Philip Guenther
	so don't waste code setting it