summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2015-01-06Remove the NOINET6 interface flag, a left-over from the times when IPv6Stefan Sperling
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only). New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over). Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
2015-01-04Sort wireless nodes by signal strength, from Simon Nicolussi.Martin Pieuchot
ok stsp@, deraadt@
2015-01-03Add support for creating a protective MBR for GPT.Joel Sing
Part of a diff by Markus Mueller, which was derived from Bitrig during Google Summer of Code, with further tweaks by me. ok krw@ miod@
2015-01-03move the list_cloners() prototype out of #ifndef SMALLJonathan Gray
missed in rev 1.290
2015-01-02PFS stands for Perfect Forward Secrecy.Igor Sobrado
ok reyk@
2015-01-01Enable 'ifconfig -C' (list dynamic interface types) on installKenneth R Westerback
media. Use this feature in install scripts to eliminate manually maintained list of dynamic interface types. '-C' brought to my attention by reyk@, tweaks to install script to use -C in get_ifdevs() from rpe@. ok rpe@ deraadt@
2014-12-28Unbreak the tree. Looks like tedu did not tedu enough when killing KPDKClaudio Jeker
support.
2014-12-22Out out you evil network daemon.Florian Obser
OK deraadt@ some time ago
2014-12-19Support source-hash and random with tables and dynifs; not just pools.Reyk Floeter
This finally allows to use source-hash for dynamic loadbalancing, eg. "rdr-to <hosts> source-hash", instead of just round-robin and least-states. An older pre-siphash version of this diff was tested by many people. OK tedu@ benno@
2014-12-16Replace setpgrp(0, getpid()) with setpgid(0, 0). OK deraadt@ tedu@Todd C. Miller
2014-12-12put global_ptrace here too so users know how to spell it. poke by jmcTed Unangst
2014-12-10If pfctl cannot set a limit in the kernel, print the name of theAlexander Bluhm
limit and the requested value. OK henning@
2014-12-10Reusing the same field for different things in different contexts mayKenneth R Westerback
be clever, but it is definitely confusing. Use a flag IFI_VALID_LLADDR to indicate that the ifi->hw_address field is valid, rather than assuming ifi->linkstat does that. Add startup_time to record client startup rather than using first_sending and hoping nobody else needs it until link is complete.
2014-12-10The consensus is that RTM_IFINFO messages do not always carry theKenneth R Westerback
latest information. So back off to using interface_status() to directly query the interface when link status is in question. Partly from Nathanael Rensen's original diff. Also, while waiting for initial link, keep checking every second rather than backing off to checking every (default) 60 seconds after (default) 10 seconds.
2014-12-09Move the initial link status check and possible forceup back beforeKenneth R Westerback
the routing socket initialization. Otherwise certain combinations of UP/RUNNING/active will generate the deadly RTM_IFINFO with RTF_UP == 0 and kill the client. Add comment to nail this section in place.
2014-12-08Try harder to avoid displaying "no link ... got link" when initialKenneth R Westerback
link comes up and nothing has yet been displayed.
2014-12-07Do not move from S_PREBOOT to S_REBOOT just because link_timeoutKenneth R Westerback
has expired. In S_REBOOT state_reboot() assumes link is present and starts sending REQUEST/DISCOVER packets and doing the backoff dance after retry_interval expires. Stay in S_PREBOOT until link appears. Pointed out by and initial diff from Nathanael Rensen.
2014-12-07Ensure we grab the interface LLADDR as soon as the link state isKenneth R Westerback
noted as being up. Thus avoiding a premature exit if extra RTM_IFINFO messages arrive before state_reboot() gets a chance to run.
2014-12-07Retract check for IFF_RUNNING when checking for link state. At leastKenneth R Westerback
some interfaces (e.g. em(4) in qemu) do not have this flag set in the RTM_IFINFO message dhclient gets. Problem found & fix tested by Nathanael Rensen. Thanks!
2014-12-06Do not define the variable pid twice to avoid a compiler warning.Alexander Bluhm
OK millert@
2014-12-05Move initial wait for network link into the state machine by addingKenneth R Westerback
state S_PREBOOT and associated state_preboot() function. This results in routing socket messages being processed even while the link is being waited for. Thus the RTM_IFINFO message announcing the link is ready can be reacted to immediately, rather than waiting for the sleep(1)'ing process to wake up and look at the link state. Some interfaces seem to lose the first packet sent when the RTM_IFINFO message is reacted to so quickly, so temporarily leave in place an explicit delay before sending the first packet.
2014-12-05Store return value of i2d_X509_NAME in a signed integer to makeMike Belopuhov
sure the negative error gets treated correctly and doesn't get accidentally promoted to a huge unsigned value. From Pedro Martelletto, thanks! OK reyk
2014-12-05Specify correct number of iovecs when sending replies to the ikev2 procMike Belopuhov
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
2014-12-03Init SPI using arc4random_buf, rather than (r << 32) | rTheo de Raadt
ok matthew
2014-12-03Use arc4random_buf() rather than iterating word by wordoTheo de Raadt
itk florian
2014-12-03ifconfig $if inet6 autoconf sends periodic router solicitations.Florian Obser
input jmc@
2014-12-03rtsol is goneFlorian Obser
OK deraadt@
2014-12-03Unhook rtsol(8) and rtsold(8) from the build.Florian Obser
OK deraadt@
2014-12-03Correct comment to state that the BPF program is patched inKenneth R Westerback
if_register_receive.
2014-12-01memcpy abort found an overlap. from dsp at 2f30. ok deraadtTed Unangst
2014-11-30Don't check for hardware address change unless link was up. DelayKenneth R Westerback
construction of default client identifier until link is up (i.e. do it in state_reboot()).
2014-11-29Explicitly initialize client->state to S_REBOOTING rather thanKenneth R Westerback
relying on S_REBOOTING being 0.
2014-11-27Use if_nametoindex() to get the interface index, and thereby checkKenneth R Westerback
the validity of the interface name as soon the actual name is known. i.e. right after 'egress' is expanded. One less thing for get_hw_address() to do.
2014-11-26Reset ifi->errors after a successful receive_packet(), rather thanKenneth R Westerback
incrementing sporadic errors until the limit is exceeded. i.e. only exit dhclient when enough consecutive errors occur. Tweak error messages. Don't bother checking interface_status() when receive_packet() fails. Let other status checks function on their own.
2014-11-26Prefer setvbuf() to setlinebuf() for portability; ok deraadt@Todd C. Miller
2014-11-26'ifi' is successfully calloc'd during initialization or dhclientKenneth R Westerback
exits, so there is no need to constantly check if 'ifi' is NULL. Similarly 'ifi->bfdesc' is successfully opened during initialization or dhclient exits, so there is no point in constantly checking if it has regressed to -1. Finally, no need to check 'ifi->linkstat' before trying to read a packet. If there is a packet it should just as well be read immediately rather than waiting for the link to reappear and confuse things. No intentional functional change.
2014-11-26Rename 'got_one()' to 'packethandler()'.Kenneth R Westerback
2014-11-25r1.118 starting using LINK_STATE_IS_UP() to check the link statusKenneth R Westerback
info provided in RTM_IFINFO messages. But it didn't replicate the checks for IFI_NOMEDIA and (IFF_UP | IFF_RUNNING) used in interface_status() to set ifi->linkstat. So the test (LINK_STATE_IS_UP() != ifi->linkstat) was comparing kiwi fruit and hairballs. Do the additional checks using info present in the RTM_IFINFO message. As a result interface_status() need not be called to update ifi->linkstat. Thus avoiding opening/closing a socket and some ioctls to re-obtain the info already provided in the RTM_IFINFO message. Using RTM_IFINFO data ok mpi@
2014-11-23Rename discover_interface() to more meaningful get_hw_address().Kenneth R Westerback
Hoist one-time initialization of client identifier out of get_hw_address() to the one-time initialization code in main(). No intentional functional change.
2014-11-23Cleanup some struct interface_info fields. Make 'nomedia' a flag. ReplaceKenneth R Westerback
the two copies of the bpf socket descriptor (rfdesc, wfdesc) with just one (bfdesc). No need to keep a struct ifreq (ifp) since it's only used once and can be constructed there and discarded. Nuke unused 'primary_address' member. No intentional functional change.
2014-11-20A little too agressive reordering. Must initialize the client structKenneth R Westerback
before filling it in with read_client_conf(). Fixes seg fault when lease {} statement is used. Problem reported by Alessandro de Laurenzis via misc@. Thanks!
2014-11-20remove sys/file.h includes in favor of fcntl.h where needed.Ted Unangst
ok deraadt guenther
2014-11-20Yet more #include de-duplication.Kenneth R Westerback
ok deraadt@ tedu@
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
2014-11-20remove nt and lanman functions which aren't used. ok reyk yasuokaTed Unangst
2014-11-19delete the KERN_VNODE sysctl. it fails to provide any isolation from theTed Unangst
kernel struct vnode defintion, and the only consumer (pstat) still needs kvm to read much of the required information. no great loss to always use kvm until there's a better replacement interface. ok deraadt millert uebayasi
2014-11-19Nuke yet more obvious #include duplications.Kenneth R Westerback
ok deraadt@
2014-11-18Nuke some obvious #include duplications.Kenneth R Westerback
ok espie@ deraadt@ millert@ tedu@
2014-11-17Further juggle startup code, putting config file reading after forkingKenneth R Westerback
the priv child but before getting hardware link. Reducing further the possibly inappropriate information the priv child could read.
2014-11-16Move some memory allocations/initialization and file reading toKenneth R Westerback
after forking the privileged process, which should not be reading those bits. No intentional functional change.