summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2019-02-02Show the routing address selected by "route-to" in "pfctl -s states".YASUOKA Masahiko
ok sthen
2019-02-01Don't send udp sockets that we failed to open to the frontend,Florian Obser
it will crash when it sees a -1 FD. Found the hard way by solene on a box without ::1
2019-02-01port is in network byte orderFlorian Obser
2019-01-31Make divert-packet port accept any port specificationkn
Contrary to other rules accepting a single port, this one only works with numerical values. Fix it by simply using the proper grammar. Port ranges are not accepted, but an error message on a range without start was missing in general, so add it while here. OK bluhm
2019-01-31Remove a log statement used for debugsolene
ok florian@
2019-01-31restrict commands reload and log to root onlysolene
tweaks and ok florian@
2019-01-30fix parsing of imcomplete dhclient.lease files, initialize epoch to 0.Sebastian Benoit
ok florian@
2019-01-30check that ips in the forwarder {} sections are indeed ips.Sebastian Benoit
ok florian@
2019-01-30remove not needed includes in uw_parse.ySebastian Benoit
add some to unwind.h clean up some whitespace. ok florian@
2019-01-29replace err() with yyerror/YYERROR, only leave err() where we run outSebastian Benoit
of memory and can't do anything else. This way we don't terminate on config reload with a bad config. ok florian@
2019-01-29Get rid of ugly access(2) and still be able to run without a configFlorian Obser
file. Prodded by deraadt
2019-01-29notyetFlorian Obser
2019-01-29Bring macro section in line with other config file man pages.Florian Obser
otto@ pointed out that we lost a description on HOW to use macros.
2019-01-29Make imsg processing much more paranoid.Florian Obser
If it comes from one of our processes and the size does not match what we expect call fatalx to crash and burn. We either hit a logic bug or something is fishy on the other end and we can't trust that process any longer. Not that we trust those processes to begin with. This also applies to receiving resources that we don't expect. For example if we have an open UDP listen socket and get a new one passed from the main process something is wrong and we should crash and burn. The only place where we are more lenient is on the control socket. We just ignore wrong sized messages so that users can't bring down unwind.
2019-01-29nl in forwarder line is optional, makes the grammar conform more to manualOtto Moerbeek
ok florian@
2019-01-29We don't need IMSG_SHUTDOWN, we can just close the sockets.Florian Obser
pointed out by deraadt
2019-01-29Add a dedicated sysctl(2) node for witness(4).Visa Hankala
The new node contains the subsystem's main control variable, kern.witness.watch. It is aliased by the old name, kern.witnesswatch. The alias will be removed in the future. OK anton@ mpi@
2019-01-29Reuse copy_satopfaddr() when killing entrieskn
Recently introduced in pfctl_parser.c r1.333, this helper nicely simplifies code when copying IPs based on their address family, so use it in five other places when killing state or source node entries. All addresses copied in these code paths result from either pfctl_parse_host() or pfctl_addrprefix() which guarantee the address family set to AF_INET or AF_INET6. Therefore, effectively relaxing the case of unhandled families from errx(3) in callers to warnx(3) in copy_satopfaddr() is safe since it's never reached. OK sashan
2019-01-29Make -N and -r mutually exclusivekn
Either disable DNS or enable additional reverse lookups, but not both. OK benno
2019-01-28Simplify lookups when killing entrieskn
Killing source tracking or state entries by hostname or CIDR would pass given keys twice to getaddrinfo(3): once to resolve/parse and again to parse the numerical address in case a prefix was specified. Avoid this overhead by making pfctl_addrprefix() resolve, pass and mask in one go and return the list of IPs to the callers. This notably simplifies both logic and sanity checks around prefix length and address family. While here, also pass -N along such that -k and -K can be restricted to not use DNS. Discussed with procter sashan, OK sashan
2019-01-27Implement DNS over TLS (DoT).Florian Obser
2019-01-27Add ub_ctx_set_tls() to libunbound to enable DNS over TLS on a context.Florian Obser
2019-01-27unwind(8) traces its ancestry to rad(8) and inherited all of its includeFlorian Obser
directives, some of them no longer necessary. Cleanup by Caspar Schutijser, thank you very much!
2019-01-26Rename ACTION_NONE to ACTION_USELEASE. TOK_NOACTION to TOK_USELEASE.Kenneth R Westerback
More consistent, clearer.
2019-01-26Zap trailing space that stuck its head up.Kenneth R Westerback
2019-01-26Mention that -r does reverse DNS lookups for tables as wellkn
OK benno
2019-01-26Add 'uselease' statement to allow the disabling of built-in orKenneth R Westerback
previously specified 'append', 'default', 'ignore', 'prepend', or 'supersede' actions on the values provided in leases.
2019-01-26fix trustanchor path; from Caspar Schutijser. Thanks!Florian Obser
2019-01-26hook up unwind(8) to the build; OK deraadtFlorian Obser
2019-01-25We are not holding on to a ref to the resolver if ub_resolve_event fails.Florian Obser
2019-01-25configparser.c gets generated by the build infrastructure even thoughFlorian Obser
the .y file is not hooked up to the build. But since it works out just fine remove configparser.c and hook up configparser.y. (The same does not hold true for configlexer.lex though.) With this obj/configparser.c is not left behind on make clean.
2019-01-25make sure resolver exists before sending detailed infoFlorian Obser
2019-01-25typoFlorian Obser
2019-01-25We also need to check the rcode in the wire paket.Florian Obser
This lets us get past the broken Dutch railway wifi that responds NXDOMAIN if an edns0 option is present.
2019-01-25fix dhclient.conf syntaxFlorian Obser
2019-01-25pasto; from Caspar Schutijser, thanks!Florian Obser
2019-01-25The correct spelling is AF_ROUTE; from Caspar Schutijser, thanks!Florian Obser
2019-01-25I am retiring my old email address; replace it with my OpenBSD one.Todd C. Miller
2019-01-24Open and close listening sockets on localhost:53 depending on if we canFlorian Obser
resolve at all. We come up without listening and open IPv4 and IPv6 sockets once the resolver process has determinded that we can speak DNS to the outside world. Furthermore close the listening sockets when the resolver process notices that we can no longer speak DNS to the outside. This is a last-ditch effort to get out of libc resolver's way and let it speak directly to e.g. dhcp provided resolvers. With the recomended configuration of having 127.0.0.1 first in /etc/resolv.conf and then add dhcp provided resolvers after that our libc resolver will receive a port unreachable error and immediately switch to the next one if unwind is not listening on port 53. (Networks have been observed in the wild that intercept DNS packets and answer NXDOMAIN if an edns0 option is send with the query.)
2019-01-24fix shift/reduce conflictFlorian Obser
2019-01-24Fix a bunch of shadow and missing prototype compiler warnings.Florian Obser
2019-01-24Switch to libunbound internals for packet parsing.Florian Obser
These functions / macros (from (s)ldns) are not part of the public libunbound API so we couldn't use them before. Due to the way we use libunbound (a local copy) we now have access.
2019-01-24When we switched from the fork based ub_resolve_async() toFlorian Obser
ub_resolve_event() the heuristic to detect if the authoritative server is unreachable was adapted in the wrong way. Turns out when using ub_resolve_event() we get the correct rcode passed in (SERVFAIL). The rcode in the wire format answer_packet is still wrong though (NOERROR). But that doesn't matter since we can just check the passed in rcode.
2019-01-23Make route(8) show the same flags in RTM_IFINFO messages asKenneth R Westerback
ifconfig(8) shows in its display of interface information. ok bluhm@
2019-01-23Nuke unused variable.Kenneth R Westerback
ok phessler@
2019-01-23Import unwind(8).Florian Obser
unwind(8) is a hybrid validating stub & recursive resolver. It actively observes the local net to decide how to best resolve names. It can chose to recurse on it's own or talk to dhcp provided forwardes or statically defined forwarders in the config file. The intention is to be able to run it on localhost on every machine. "toss it in man" deraadt@
2019-01-23Import bits from (lib)unbound that we need for unwind(8).Florian Obser
This is probably too much but allows us to keep in sync with usr.sbin/unbound to be able to easily apply updates.
2019-01-22Don't use dangerous idiom for qsort comparison function; ok deraadt@Otto Moerbeek
2019-01-22PF_ROUTE -> AF_ROUTE in the scattered sock()/setsockopt() callsKenneth R Westerback
where the "wrong" #define was used. ok dlg@
2019-01-22Simply the logic translating 'egress' into an interface name.Kenneth R Westerback