| Age | Commit message (Collapse) | Author |
|---|
|
restoring pre-1.190 behaviour. ok millert@ mpi@
|
|
Found by David Hill <dhill@mindcry.org> with clang.
|
|
|
|
ok mpi@
|
|
to get rid of the now useless foreign address and ports parameters.
ok mpi@
|
|
INPLOOKUP_IPV6 when applicable. Bug introduced in revision 1.197 by
yours truly.
Ok bluhm@
|
|
Kill old comments while at it.
Ok mpi@ bluhm@
|
|
as needed.
Ok bluhm@
|
|
From Florian Riehm, ok bluhm@
|
|
in6_pcbbind() into in_pcbbind().
Ok jca@ mpi@
|
|
ok jca@
|
|
regression observed on avahi.
ok benno@
|
|
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
|
required.
ok bluhm@ mpi@.
|
|
pf_inp_...() lookup, link and unlink functions as an interface.
Locking can be added to them later. Remove the first linking at
the beginning of tcp_input() and udp_input() as it is not necessary.
It will be done later anyway. That code was a relict, from the
time before I had added the second linking.
Input from mikeb@ and sashan@; OK sashan@
|
|
collide with the statekey to inp unlinking.
OK sashan@ mpi@
|
|
ok sthen@
|
|
OK mpi@, bluhm@
|
|
OK mpi@
|
|
function to take an interface index.
discussed with mpi@; OK claudio@
|
|
ok claudio@
|
|
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
|
|
While here add a missing ``rtableid'' check in in_selectsrc().
ok bluhm@
|
|
ok mpi@
|
|
SS_DNS tagged socket which has limited functionality (for example, you
cannot accept on them...) The libc resolver will switch to using these,
therefore pledge can identify a DNS transaction better.
ok tedu guenther kettenis beck and others
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
in in_pcbbind() and in6_pcbsetport()
ok claudio@, with input from David Hill
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
Ok mpi@
|
|
ok deraadt@ miod@
|
|
ok mpi@
|
|
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
into a common pattern. In the man page clarify the usage of the
returned route.
OK mpi@ mikeb@ jmc@
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
ok stsp mpi
|
|
ok mikeb
|
|
This code is largely unfinished and is not used for anything. The change
leaves identities as only objects referenced by ipsec_ref structure and
their handling requires some changes to support more advanced matching of
IPsec connections.
No objections from reyk and hshoexer, with and OK markus.
|
|
Requested by reyk@, dlg@ and OK mpi@, henning@
|
|
way garbage in the pad bytes does not perturb the outcome.
This fixes regress/sys/kern/bind.
OK mpi@, phessler@, reyk@
|
|
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
|
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
attacks.
this is a textbook use of siphash.
the idea of using siphash for this came from yasuoka-san, but i had
the time to do it. he also tested and tweaked this diff.
ok yasuoka@ mikeb@
|
|
INADDR_BROADCAST the same as INADDR_ANY.
ok mpi
|
|
kill the macro.
ok mikeb@, henning@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
|
|
when the number of the hash entries reaches 75% of the table size.
ok dlg henning, 'commit in' claudio
|
