Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-07-23 | Don't hit pledge(2) restrictions on interface departure | Jeremie Courreges-Anglas | |
if_exists() can't be used after dropping privileges, since it uses socket(2) and ioctl(SIOCGIFDATA). We're just trying to know whether an interface exists, and if_nametoindex(3) is enough for that. ok deraadt@ | |||
2017-07-04 | Revert back previous, pledge cannot be enabled on the privsep'd proc yet, at | Ricardo Mestre | |
least not as is Reported by tim@, OK deraadt@ to backout the pledge for now | |||
2017-06-12 | pledge(2) bpf has been in use for some time now on tcpdump(8), this will enable | Ricardo Mestre | |
it also for pflogd(8)'s priv proc. OK deraadt@ | |||
2017-05-30 | Fix escaping: .Nm Op Fl "Dx" turning into "pflogd [-DragonFly]" | Ingo Schwarze | |
is funny, but not useful, so say .Nm Op Fl \&Dx as required. | |||
2017-01-23 | Split pledge "ioctl" into "tape" and "bpf", and allow SIOCGIFGROUP only | Theo de Raadt | |
upon "inet". Adjust the 4 programs that care about this. | |||
2017-01-23 | pflogd will need pledge(proc), still disabled because of bfd | Sebastian Benoit | |
ok deraadt@ | |||
2016-01-16 | Interface status printing (at exit and USR1) was broken for a while. | Can Erkin Acar | |
Remove it completely to simplify the code. even better deraadt@ | |||
2015-10-10 | pflogd contained the same "privsep error" as tcpdump -- assuming that | Theo de Raadt | |
it can ioctl()'s against a bpf device node. Privsep that operation via a message to the parent process. Unfortunately "rpath wpath cpath" is still needed due to SIGHUP handling, but I have asked canacar the expert to look into this. | |||
2015-04-28 | Someone went to the trouble of vertically aligning a set of parameters but | Mike Larkin | |
missed one. This diff is only a spacing change. | |||
2015-02-15 | Use "In" to mark up include files, instead of wrongly wrapping with Aq. | Anthony J. Bentley | |
Aq is not the same as <> in non-ASCII situations, so this caused incorrect output in some places. And it provided no semantics besides. ok schwarze@ | |||
2015-02-07 | When getopt processing flags, many should be flag=1 instead of flag++ | Theo de Raadt | |
ok tedu miod | |||
2014-11-20 | remove sys/file.h includes in favor of fcntl.h where needed. | Ted Unangst | |
ok deraadt guenther | |||
2014-11-18 | Nuke some obvious #include duplications. | Kenneth R Westerback | |
ok espie@ deraadt@ millert@ tedu@ | |||
2014-06-26 | Create temporary file with mkstemp and unlink if rename operation fails. | Tobias Stoeckmann | |
ok deraadt@, henning@ | |||
2014-01-21 | obvious .Pa fixes; found with mandocdb(8) | Ingo Schwarze | |
2013-09-13 | errx() provides its own newline, so remove it from the string here | Bret Lambert | |
ok henning@ | |||
2013-07-16 | Add missing .Mt macros for AUTHORS email addresses. | Ingo Schwarze | |
From Jan Stary <hans at stare dot cz>. ok jmc@ | |||
2013-06-19 | Do not install pcap-int.h to /usr/include as it is an internal library | Lawrence Teo | |
header (pointed out by matthew@). Let only pflogd and tcpdump include pcap-int.h directly since they need it for privilege separation. "looks good" sthen feedback/ok deraadt matthew millert | |||
2012-12-04 | remove some unnecessary sys/param.h inclusions | Theo de Raadt | |
2012-11-06 | Ensure that if_exists() always closes its socket before returning. | Lawrence Teo | |
Also fix a bug where the return value of if_exists() was not checked correctly if the interface disappears while pflogd is running. ok beck henning | |||
2012-06-25 | log all, not log-all; ok henning | Jason McIntyre | |
2012-04-04 | Return an error much earlier if recvmsg fails | Theo de Raadt | |
2012-03-05 | fix format string: | Henning Brauer | |
use %zu for size_t and %d for signed ints first one triggered by a mail from joerg @ netbsd, thanks. ok millert dlg | |||
2011-10-12 | default snaplen is 160 these days | Henning Brauer | |
From: giovanni <qgiovanni at gmail dot com> | |||
2011-05-06 | put the tcpdump-specific stuff in a sane place (that is, not EXAMPLES); | Jason McIntyre | |
ok sthen henning | |||
2010-09-21 | bump default snaplen so that pfloghdr + ip hdr + prot hdr usually fit | Henning Brauer | |
2010-05-14 | nowadays, .Dx is callable, so we need to quote it; | Ingo Schwarze | |
ok jmc@ millert@ henning@ kristaps@ | |||
2009-12-24 | spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.h | Igor Sobrado | |
as neither arrayified not arrayfied exist -- sanctioned dictionaries like Merriam-Webster ones suggest a few alternatives (e.g., arrayed), however these made up words are easy to understand and we are not certain that current ones are not ok. ok jmc@ | |||
2009-12-03 | Adjust pflog BPF descriptions, problem pointed out by jmc@ | Stuart Henderson | |
- sync actions with PF changes (pass/block/match not just pass/block, and remove some binat/nat/rdr entries) - list all reason codes in tcpdump(8) ok henning jmc | |||
2009-11-16 | pflogd no longer needs libutil; ok deraadt@ | Otto Moerbeek | |
2009-11-04 | tweak previous; | Jason McIntyre | |
2009-11-03 | Get rid of pflogd.pid because the privsep child cannot delete the pidfile; | Theo de Raadt | |
use pkill(1) in /etc/newsyslog.conf instead together with otto and suggestions from tedu | |||
2008-10-22 | log pcap stats upon SIGUSR1; ok canacar | Henning Brauer | |
From: Dave Harrison <dave@nullcube.com> | |||
2008-03-24 | msg_controllen has to be CMSG_SPACE so that the kernel can account for | Theo de Raadt | |
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis | |||
2008-03-15 | Repair the simple cases for msg_controllen where it should just be | Theo de Raadt | |
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer | |||
2008-03-13 | Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to | Theo de Raadt | |
an extensive discussion with otto, kettenis, millert, and hshoexer | |||
2008-01-14 | clear up pidfile(-p) option form | Okan Demirmen | |
tweaked by jmc, ok henning | |||
2007-06-06 | fix oups, mlist@scapa.dnsalias.net | Henning Brauer | |
2007-06-06 | reverse logic of if_exists so that if_exists(interface) is true if | Henning Brauer | |
interface exists and !if_exists(interface) is when it doesn't | |||
2007-06-04 | use warn() where warn() is intended, not err() | Henning Brauer | |
exit nonzero if the inetrface does not exist From: tbert <bret.lambert@gmail.com> | |||
2007-06-02 | do not shadow globals (in if_exists) | Henning Brauer | |
2007-06-02 | on pcap error, check wether the interface went away and exit if it did. | Henning Brauer | |
spinning and flooding syslog in that case was not so nice. | |||
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-05-27 | Complain to stderr if cloned pflog interface doesn't exist. Previously only ↵ | Jason Dixon | |
logged LOG_ERR to syslog. ok henning@ | |||
2007-04-07 | - use .Bk/.Ek to avoid SYNOPSIS splitting | Jason McIntyre | |
- put -p in the correct place - sync the -p argument name and tweak its description - add -p to usage() | |||
2007-04-06 | Adds a pidfile argument to pflogd so that individual | Can Erkin Acar | |
instances can be rotated via newsyslog. From Berk Demir < bdd at mindcast org > ok henning@ | |||
2006-12-08 | state that if the log file is bad, it is first moved out of the way. if | Joel Knight | |
that fails, then logging is suspended. | |||
2006-12-06 | style | Michael Knudsen | |
2006-11-26 | repair missing DPADD requests | Theo de Raadt | |
2006-11-19 | Default snaplen has been 116 for a while now. | Joel Knight | |