| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-10-23 | unbreak by fixing obvious pastos | Christian Weisgerber | |
| 2016-10-23 | listen on inet6 sockets as well. we need this because stolen inet6 sockets | Ted Unangst | |
| can't be redirected to inet4 listeners. | |||
| 2016-10-16 | switch to a re-exec model instead of plain forking to reduce sharing. | Ted Unangst | |
| this shuffles about some of the initialization code and consolidates all the worker initialization in one place. the parent process runs the monitor loop and execs workers via -W, which then drop immediately into the worker loop. file descriptors currently inherited across exec, which probably exceeds safe magic levels, but fits the existing model without too many changes. | |||
| 2016-10-15 | refactor the worker and monitor loops a little to make room for re-exec | Ted Unangst | |
| 2016-10-15 | be more cautious about inspecting packets. use integer offsets instead of | Ted Unangst | |
| advancing pointers which may go past the end. | |||
| 2016-10-15 | implement random casing for query names, also known as 0x20 hardening. | Ted Unangst | |
| this *should* work everywhere, and i consider minimum necessary protection for a program like rebound. in the event it doesn't work, rebound can be bypassed by disabling the port stealing sysctl. | |||
| 2016-10-08 | a little more precision about reloading config. only reopen if it changed | Ted Unangst | |
| 2016-10-08 | too many blank lines | Ted Unangst | |
| 2016-10-07 | kern.dnsjacking -> kern.dnsjackport; | Jason McIntyre | |
| 2016-10-07 | the parent mostly never crashes, but the child might. or the config file | Ted Unangst | |
| disappears. in such cases, the parent will exit. make sure to always reset the jackport, not just when receiving sigterm. (doesn't protect against parent crashing, but that shouldn't happen.) | |||
| 2016-10-07 | several big changes, tied together. | Ted Unangst | |
| switch to reading resolv.conf to find upstream name servers. moitor this file and automatically restart if it changes. use the dnsjackport sysctl to steal DNS connections from libc. listen on port 54 to avoid collisions with other DNS servers. | |||
| 2016-09-01 | naming a union 'sockthing' was a bit silly. sockun will do for now. | Ted Unangst | |
| 2016-09-01 | print regular messages to stdout, not err | Ted Unangst | |
| 2016-09-01 | scan responses for minimum ttl, and cache for min(ttl, 300) instead of | Ted Unangst | |
| a fixed amount | |||
| 2016-08-21 | introduce a union of sockaddr types and eliminate a lot of casts. | Ted Unangst | |
| 2016-08-06 | reset timeout to null when relooping | Ted Unangst | |
| 2016-07-02 | check cache tree for collisions when inserting replies. | Ted Unangst | |
| if two identical requests are sent out, the first will create a cache entry. the second will not go into the cache tree, but will linger around, causing a crash when we free it and try to remove from the tree. instead, give up if insert fails. diagnosis and initial patch from Duncan. | |||
| 2016-06-05 | previous change (r1.27) converted to using non blocking sockets and | Ted Unangst | |
| spinning on them, trying to preemptively avoid kevent. i've come to conclude this is a poor design. it is exceedingly rare for there to be two requests waiting. instead, we end up burning useless syscalls. | |||
| 2016-05-31 | with the kernel perm check fixed, we can do this kevent after setuid, | Ted Unangst | |
| but still needs to be before pledge. also check for failure. | |||
| 2016-05-13 | fix logging. | Ted Unangst | |
| 1. va must be restarted before reuse. 2. don't syslog in debug. assume someone is watching stderr. | |||
| 2016-05-02 | prepare userland for removing chroot(2) from allowed syscalls under pledge(2). | Sebastien Marie | |
| in rebound(8), the worker is still chrooted (and pledged). The supervisor process remains unpledged in order to create workers. ok tedu@ | |||
| 2016-01-03 | forgot to call RB_INIT. but yet things mostly worked... | Ted Unangst | |
| 2015-12-17 | add return code to newrequest to distinguish between cache hit and error. | Ted Unangst | |
| we want to keep looping for more requests after a hit, not stop. (though i'm reconsidering if the looping is worthwhile. maybe should just return to kevent() after each request.) | |||
| 2015-12-12 | correct comment | Ted Unangst | |
| 2015-12-11 | it's not necessary to use a tree to track requests if kevent can do this. | Ted Unangst | |
| 2015-12-08 | more better fake replies. servfail is the correct response. | Ted Unangst | |
| 2015-12-05 | all the signal ignoring can be done in one place | Ted Unangst | |
| 2015-12-05 | pull the config file opening up considerably earlier to fail fast. | Ted Unangst | |
| parsing is still done in the child, so we can't guarantee success, but if the file is missing entirely we won't daemonize in that state. | |||
| 2015-12-04 | refine some logging and error messages. errors will now always go to stderr | Ted Unangst | |
| until daemonized and syslog as well. make logerr() work more like err(). | |||
| 2015-12-04 | push daemon call a little later so if the address is in use we see the | Ted Unangst | |
| error message | |||
| 2015-12-04 | one signal.h should suffice | Ted Unangst | |
| 2015-12-04 | ignore SIGPIPE. i don't see any way for it to happen, but nevertheless we | Ted Unangst | |
| definitely don't want to receive it unexpectedly. | |||
| 2015-12-04 | - sync usage | Gleydson Soares | |
| - add a bit more detail about config alternative file and add -d while here. manpage help from jmc@ schwarze@ thanks a lot! OK tedu jmc schwarze | |||
| 2015-12-03 | when running on a machine without net, rebound will still receive queries | Ted Unangst | |
| from localhost, but then fail to forward them. this causes the resolver to stall waiting for timeouts in situations where it would otherwise fail quickly. we don't know this happens until it's too late, but we can push the resolver forward by sending back empty replies. ok deraadt | |||
| 2015-12-02 | tell readers about config reloads. | Sebastian Benoit | |
| ok tedu | |||
| 2015-12-01 | add missing fclose(3) | Gleydson Soares | |
| ok tedu@ | |||
| 2015-11-27 | add getpw to pledge. rpath would normally suffice, but there's some double | Ted Unangst | |
| checking code in snapshots, and it serves as a useful annotation. from Carlin Bingham | |||
| 2015-11-24 | use canonical pledge argument ordering | Theo de Raadt | |
| 2015-11-16 | improve logging slightly | Ted Unangst | |
| 2015-11-16 | the list insertion needs to occur right after we get a valid socket, | Ted Unangst | |
| as that is the hint that the request is on the list. | |||
| 2015-11-10 | kill the whitespace.. kill the whitespace.. | Theo de Raadt | |
| 2015-11-01 | chroot to pw_dir instead of the hard-coded /var/empty. Also make the | Reyk Floeter | |
| chroot+chdir step look more like in the other privsep daemons. OK tedu@ | |||
| 2015-10-30 | it is necessary to call tzset() to get syslog timestamps correct. | Ted Unangst | |
| i am quite surprised by this, but it's the way things are, so do it. reported by naddy | |||
| 2015-10-29 | put timeout nullification in correct spot | Ted Unangst | |
| 2015-10-29 | be a little more precise about checking filters | Ted Unangst | |
| 2015-10-29 | refold a few lines | Ted Unangst | |
| 2015-10-29 | collect some cool stats and print them out with SIGUSR1 | Ted Unangst | |
| 2015-10-28 | impose some limit on the cache size as well. | Ted Unangst | |
| 2015-10-28 | if accept() fails due to fd exhaustion, stop accepting for one second. | Ted Unangst | |
| should only happen for ENFILE, but check for EMFILE too. | |||
| 2015-10-28 | bug in the request tree code: requests were being added to the tree before | Ted Unangst | |
| the socket (the key) was being set. move the enqueue code later, and fix freerequest to only dequeue if socket is set. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |