| Age | Commit message (Collapse) | Author |
|---|
|
configuration file.", but occasionally something else fit better; at the
same time, try to make the format for FILES more consistent;
original diff from clematis
|
|
|
|
manual pages that document the corresponding configuration files;
OK jmc@, and general direction discussed with many
|
|
error prone than manually editing rc.conf.local, and also works to
enable ipsec and accounting.
tweak from schwarze@ to use the \(dq\(dq syntax for quotes in '.Dl
foo_flags="" lines' instead of \&"\&".
while at it, fix a reference to a bogus /dev/dhclient.conf file that
recently snuck in.
ok jmc@ deraadt@ schwarze@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno
|
|
the prefixlen is never bigger than 128 for inet6.
OK remi@
|
|
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
|
the eigrp instances on shutdown.
tried to contact renato@ but he didn't answer in almost 2 months
OK benno@ claudio@
|
|
"looks good" gilles@ halex@
|
|
|
|
that not deleting the unix control sockets cause no harm and this way we close
another attack surface by not allowing the daemon to create/delete any more
files.
tweak and OK florian@
|
|
previous commit.
heads up and OK tb@
|
|
unlink(2)ed from eigrpe engine process, the problem is that this proc is
chrooted and therefore the socket will never be deleted.
In order to solve it we need to bring control_cleanup() function, which calls
unlink(2), into the main proc which is not chrooted. This is the way it's
already done for several other daemons we have in our base.
Additionally we also need to move the "cpath" pledge(2) promise from the child
process to the main process in order for the latter to be allowed to delete the
socket and while here shuffle the promises into their canonical form.
OK florian@ and benno@
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
use a more general text for the sections, and avoid the catchup issue
that was trying to document how many there were;
ok benno rob
|
|
Thanks to otto@ for the initial diff.
OK benno@
|
|
ok benno@
|
|
the desync cases. OK benno@
|
|
Use the macro from route(8) / ospf6d(8) since it works also with argument 0.
OK claudio@
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
|
|
TAILQ_FOREACH().
No intentional functional change.
ok reyk@
|
|
modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
|
with more modern TAILQ_FOREACH(). This what symget() was already
doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
|
upon successful and -1 on failure (as per POSIX). No functional change, just
improves portability.
requested by guenther@
looks correct to schwarze@
OK renato@
|
|
move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.
ok claudio@
|
|
|
|
style(9) says:
"Function prototypes for private functions (i.e., functions not used
elsewhere) go at the top of the first source module. In userland,
functions local to one source module should be declared 'static'".
The benefits of doing so include:
* clean up of the eigrpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.
Additional changes:
* Declare all extern variables in header files;
* Clean up the indentation of all function prototypes and global
variables.
ok claudio@ benno@
|
|
Also, there's no need to zero initialize global and static variables,
that's done automatically by the compiler.
ok claudio@ benno@
|
|
This reduces some code duplication and makes it easier to see the
difference between the IPv4 and IPv6 raw sockets API.
tweak + ok claudio@, ok benno@
|
|
During the initialization of the eigrpe process, use inet_pton() to
store the EIGRP multicast addresses in two global variables:
* global.mcast_addr_v4 (in_addr);
* global.mcast_addr_v6 (in6_addr).
This way we don't need to create temporary in_addr/in6_addr variables
everytime we need to use these multicast addresses for something.
"I like this" claudio@ ok benno@
|
|
This is for consistency with the other routing daemons.
ok claudio@ "earlier is better" benno@
|
|
ok claudio@ benno@
|
|
* Add missing close() calls to actually close the pipes, calling just
msgbuf_clean() is not enough;
* Bring back some NOTREACHED lint comments. style(9) says they can be
removed but in some cases they are useful to humans too;
* Add __dead to the shutdown functions;
* Some other minor changes to make eigrpd(8) more similar to the other
routing daemons.
|
|
On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.
This "pipe teardown" removes a PID reuse race condition, makes the code
simpler and allow us to remove "proc" from pledge.
OK and tweaks from claudio@
|
|
Since recently these processes call exec() after fork(), so they should
stop using _exit(2) and use exit(3) instead when shutting down.
ok claudio@
|
|
ok renato@
|
|
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@
|
|
The fork+exec diff introduced this problem where we were indirectly
calling imsg_event_add() before initializing (event_set) iev_rde and
iev_eigrpe. Fix this by moving down both main_imsg_send_ipc_sockets()
and main_imsg_send_config(), after iev_rde and iev_eigrpe are
initialized.
benno@ reported this problem for the initial ospfd fork+exec attempt,
now fix eigrpd too.
ok deraadt
|
|
For EIGRPv6, an interface only needs an link-local address in order
to be enabled in the routing daemon. So adding or removing global
unicast addresses, for example, will never trigger a state change in
the interface.
Additionally, move all address handling code to if_addr_new() and
if_addr_del() to improve readability.
|
|
The uptime was being set only when the interface was created, which is
not what we want.
|
|
For each child process (rde and eigrpe), re-exec eigrpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
ok deraadt
|
|
|
|
|
|
When a process receives an EOF on a socketpair, it removes the event
handler for that fd and then calls event_loopexit(). Once the process
leaves the main loop, it calls its shutdown function. With that said,
revert the previous patch because it was unnecessary.
Pointed out and ok by deraadt@
|
|
|
