summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2017-07-20Restore RTM_DELADDR/RTM_NEWADDR monitoring to theKenneth R Westerback
minimum required to ensure that resolv.conf is written out on startup/HUP. Noticed by and fix tested by jmc@
2017-07-20"no-route" is also shown by -sinfo;Jason McIntyre
2017-07-19Allow HFSC classes to use flow queuesMike Belopuhov
The FQ-CoDel related configuration (flows, quantum) becomes available for the regular bandwidth queue. Internally the kernel will pick the FQ-CoDel for use as a queue manager for the specified class instead of the FIFO. Discussed with and OK henning@ at d2k17 as a part of a larger diff.
2017-07-19Rework HFSC vs FQ-CoDel checksMike Belopuhov
The selection mechanism introduced in pf_ioctl.c -r1.316 suffers from being too ambiguous and lacks robustness. Instead of relying on composition of multiple flags in the queue specification, it's easier to identify the root class (if it exists) and derive all further checks from it.
2017-07-19more depends gc / yacc rules overhaulMarc Espie
okay millert@
2017-07-19revert previous; the code this was supposed to be used for is movingFlorian Obser
in the wrong direction.
2017-07-18Prevent a NULL dereference when comparing incomplete SAs.Martin Pieuchot
This deference can occur because sa_find() is called from a timer and iterates over all existing `sa'. At that time the corresponding `finalize_exchange' might not have been called, in which case it is unsafe to dereference `src_net', `dst_net' & co. Issue reported by Michał Koc. ok hshoexer@, markus@
2017-07-17Nuke unused variables 'deleting' and 'adding'.Kenneth R Westerback
2017-07-17Nuke findproto() and get_ifa(). They are unused now thatKenneth R Westerback
RTM_DELADDR and RTM_NEWADDR are no longer of interest. Pointed out by jca@
2017-07-17Remove some magic formerly used to detect the presence of anotherKenneth R Westerback
dhclient taking control of the interface. In particular do not exit when addresses are manually added to or deleted from the interface dhclient(8) is concerned about. Note that such changes will still be removed whenever dhclient(8) is re-started or gets a different lease during renewal.
2017-07-17Overhaul handling of vltime and pltime processingFlorian Obser
- make sure to not send solicitations at a very high rate indefinitely if pltime is 0 (we still need some sort of rate limiting here) - implement RFC 4862 5.5.3 two hours rule wrt vltime - allow pltime of 0 so that a router can withdraw a prefix
2017-07-17add support for binary sysctl payloads by handling them as hex strings.David Gwynne
this was part of a demo showing how to implement the kernel side of sysctl(3) for setting Semantically Opaque Interface Identifier key material, but it seems to be the most straightforward path toward integrating soiikey handling and rc. ok florian@ sthen@ naddy@ tb@
2017-07-15sbin/pfctl: void functions and exit(3) on errorAdam Wolk
Changes: voided: - pfctl_clear_tables - pfctl_show_tables - pfctl_show_ifaces Those functions now exit(3) in case of error instead of passing it up to the callers (where it was ignored). OK mikeb@, sashan@
2017-07-14"ioctl() < 0" ==> "ioctl() == -1" as god and guenther@Kenneth R Westerback
intended.
2017-07-14Replace remaining "!var" expressions withKenneth R Westerback
"<var> == 0", "!(<var> & FLAG)" with "(<var> & FLAG) == 0", "!<func()>" with "<func()> == 0" and "!<define>" with "<define> == 0". And the positive cases as well. A few stray == NULL and != NULL as well.
2017-07-14Replace remaining "!<pointer>" expressions withKenneth R Westerback
"<pointer> == NULL". And of course "<pointer>" expressions with "<pointer> != NULL".
2017-07-14Pour the few relevant bits of the current lease and the offeredKenneth R Westerback
renewal lease into canonical forms and compare those rather than the leases themselves. Eliminates spurious interface and route manipulation when irrelevant aspects of the leases are changed by the DHCP server. Problem found by Paul de Weerd when his DHCP server returned renewed leases differing only by a decremented dhcp-lease-time option. ok mpi@
2017-07-14bpf(4) *may* deliver more than one captured packet at a time. So whenKenneth R Westerback
the bpf socket signals that it has data, call packethandler() in a loop until no more bpf packets are available.
2017-07-14run IMSG_UPDATE_IF through the main process, reduces upcomming diffFlorian Obser
for RFC 7217 support
2017-07-10remove misc. depend and yacc nits that no longer matter.Marc Espie
okay millert@
2017-07-10zap depend ghost.Marc Espie
add a comment explaining why keywords.h is in the source tree even though it's exactly what keywords.sh generates, so that people don't try adding the generating rule again. okay millert@
2017-07-10Take some of the mystery out of who does what byKenneth R Westerback
renaming "if_register_bpf()" to "get_bpf_sock()", "if_register_send()" to "get_udp_sock()" and "if_register_receive()" to "configure_bpf_sock()". Pull back interface_info knowledge and just pass the interface name, rdomain and bpf socket fd as required.
2017-07-10Use ioctlfd/routefd sockets rather than rolling one's ownKenneth R Westerback
for resolving 'egress' and adding a route. Move creation of main()'s ioctlfd up so it can be used for the 'egress' resolution.
2017-07-10Use a modern spacious idiom on all function local variableKenneth R Westerback
declarations.
2017-07-09Be consistent. "return (e);" -> "return e;"Kenneth R Westerback
2017-07-09remove redundant variable declarations in Makefiles, since those areMarc Espie
the default. okay millert@
2017-07-09Be consistent. "return (e);" -> "return e;"Kenneth R Westerback
2017-07-09Some parsing code cleanup: add parse_boolean(); pass literal formatKenneth R Westerback
chars to parse_decimal() instead of less obvious *fmt; refactor to eliminate need for the 'alloc:' and 'bad_flag:' labels and the invidious backwards goto's to them.
2017-07-09have bsd.prog.mk/bsd.lib.mk generate .y -> .c/.h rules without intermediateMarc Espie
files. This fixes up parallel builds in the default case. FreeBSD does something similar. okay millert@
2017-07-09Whitespace tweaks to assuage auto-indent.Kenneth R Westerback
2017-07-09Ignore prefixes with a pltime < ND6_PRIV_MAX_DESYNC_FACTOR secondsFlorian Obser
(512 in our case) for privacy addresses as per RFC 4941.
2017-07-09If we lower the pltime for privacy addresses skew it byFlorian Obser
ND6_PRIV_MAX_DESYNC_FACTOR like RFC 4941 tells us to. Toss in a arc4random_uniform for good measure like the kernel always did.
2017-07-08Fold tables.c into options.c and stop exporting the oneKenneth R Westerback
table (dhcp_options) involved. Provide functions code_to_name(), name_to_code(), code_to_format() and replace direct access to dhcp_options with them. Eliminate unneeded 'struct option'. Unhook tables.c from Makefile.
2017-07-08Consistently use if ((option & F_FOO) && (option & F_BAR)) instead ofFlorian Obser
if (option & F_FOO && option & F_BAR). Prompted by a reverse diff from Klemens Nanni. Both forms are equivalent due to operator precedence, I consider the later to be easier on the eyes.
2017-07-08Consistently use if (option & F_FOO); from Klemens Nanni, thanks!Florian Obser
2017-07-08Always use strcasecmp() when comparing user input to optionKenneth R Westerback
names, not just 2 out of 3.
2017-07-08Always use uintNN_t instead of sometimes u_intNN_tKenneth R Westerback
and sometimes uintNN_t.
2017-07-07Replace the many occurances of '256' with a new #defineKenneth R Westerback
DHO_COUNT.
2017-07-07dispatch_imsg() only needs to know name and rdomain.Kenneth R Westerback
No more struct interface_info knowledge in privsep.[ch]
2017-07-07assemble_eh_header() needs only to know about hw_addr.Kenneth R Westerback
No more struct interface_info knowledge in packet.c
2017-07-07Rename cons_options() to pack_options(), and do_packet() toKenneth R Westerback
unpack_options(). Store the unpacked options in a static variable. Move remaining raw packet processing from unpack_options() to packethandler(). No more struct interface_info knowledge in options.c
2017-07-06cons_options() only needs to know a buffer and a length toKenneth R Westerback
pack options into. Not all the gory details of interface_info. Move some of the raw packet processing out of options.c's do_packet() and into the more obvious dispatch.c's packethandler(). Mention that RFC791 is why we use 576-byte UDP packets.
2017-07-06Sprinkel in some #ifndef SMALL to make slaacd smaller for theFlorian Obser
installer. This removes the control socket handling which is useless because we won't have slaacctl in the installer. Also deraadt@ pointed out that this would be the first use of log.c in the installer where we don't have syslogd running so it's rather pointless. So this completely neuters logging. The log.h change doesn't interfere with benno@'s efforts of unifying log.c The installer version of slaacd won't even compile control.c and log.c
2017-07-06reorder imsg_type enum so that we can #ifndef SMALL all the controlFlorian Obser
related imsg types
2017-07-06move rpref enum definition up so that we can #ifndef SMALL a big blockFlorian Obser
2017-07-05Validate prefix information in router advertisements according to RFCFlorian Obser
4862 Section 5.5.3. This very likely solves the problem of slaacd generating privacy addresses at a very high rate as reported by Matthias Schmidt on bugs@; thanks! The problem is that we constantly generate new privacy addresses if we receive a router advertisement with a pltime of 0 since that address will immediately be deprecated. This needs revisiting since we will run into the same problem with other low pltimes.
2017-07-05Remove knowledge of struct interface_info from clparse.c. JustKenneth R Westerback
pass the interface name and the TAILQ to put static leases into. Add a TAILQ for static leases to struct client_config to hold the static leases until it's time to add them to ifi. Add add_lease() to add leases to a TAILQ while checking for leases that are superseded by the new lease.
2017-07-05remove useless (void)printf casts, diff from Klemens Nanni, massagedFlorian Obser
by me.
2017-07-04Revert back previous, pledge cannot be enabled on the privsep'd proc yet, atRicardo Mestre
least not as is Reported by tim@, OK deraadt@ to backout the pledge for now
2017-07-04calculate multiples of 4 smarter; from Klemens NanniFlorian Obser