summaryrefslogtreecommitdiff
path: root/usr.sbin/rebound
AgeCommit message (Expand)Author
2017-04-06replace some long if/else chains with a switchTed Unangst
2016-10-23unbreak by fixing obvious pastosChristian Weisgerber
2016-10-23listen on inet6 sockets as well. we need this because stolen inet6 socketsTed Unangst
2016-10-16switch to a re-exec model instead of plain forking to reduce sharing.Ted Unangst
2016-10-15refactor the worker and monitor loops a little to make room for re-execTed Unangst
2016-10-15be more cautious about inspecting packets. use integer offsets instead ofTed Unangst
2016-10-15implement random casing for query names, also known as 0x20 hardening.Ted Unangst
2016-10-08a little more precision about reloading config. only reopen if it changedTed Unangst
2016-10-08too many blank linesTed Unangst
2016-10-07kern.dnsjacking -> kern.dnsjackport;Jason McIntyre
2016-10-07the parent mostly never crashes, but the child might. or the config fileTed Unangst
2016-10-07several big changes, tied together.Ted Unangst
2016-09-01naming a union 'sockthing' was a bit silly. sockun will do for now.Ted Unangst
2016-09-01print regular messages to stdout, not errTed Unangst
2016-09-01scan responses for minimum ttl, and cache for min(ttl, 300) instead ofTed Unangst
2016-08-21introduce a union of sockaddr types and eliminate a lot of casts.Ted Unangst
2016-08-06reset timeout to null when reloopingTed Unangst
2016-07-02check cache tree for collisions when inserting replies.Ted Unangst
2016-06-05previous change (r1.27) converted to using non blocking sockets andTed Unangst
2016-05-31with the kernel perm check fixed, we can do this kevent after setuid,Ted Unangst
2016-05-13fix logging.Ted Unangst
2016-05-02prepare userland for removing chroot(2) from allowed syscalls under pledge(2).Sebastien Marie
2016-01-03forgot to call RB_INIT. but yet things mostly worked...Ted Unangst
2015-12-17add return code to newrequest to distinguish between cache hit and error.Ted Unangst
2015-12-12correct commentTed Unangst
2015-12-11it's not necessary to use a tree to track requests if kevent can do this.Ted Unangst
2015-12-08more better fake replies. servfail is the correct response.Ted Unangst
2015-12-05all the signal ignoring can be done in one placeTed Unangst
2015-12-05pull the config file opening up considerably earlier to fail fast.Ted Unangst
2015-12-04refine some logging and error messages. errors will now always go to stderrTed Unangst
2015-12-04push daemon call a little later so if the address is in use we see theTed Unangst
2015-12-04one signal.h should sufficeTed Unangst
2015-12-04ignore SIGPIPE. i don't see any way for it to happen, but nevertheless weTed Unangst
2015-12-04- sync usageGleydson Soares
2015-12-03when running on a machine without net, rebound will still receive queriesTed Unangst
2015-12-02tell readers about config reloads.Sebastian Benoit
2015-12-01add missing fclose(3)Gleydson Soares
2015-11-27add getpw to pledge. rpath would normally suffice, but there's some doubleTed Unangst
2015-11-24use canonical pledge argument orderingTheo de Raadt
2015-11-16improve logging slightlyTed Unangst
2015-11-16the list insertion needs to occur right after we get a valid socket,Ted Unangst
2015-11-10kill the whitespace.. kill the whitespace..Theo de Raadt
2015-11-01chroot to pw_dir instead of the hard-coded /var/empty. Also make theReyk Floeter
2015-10-30it is necessary to call tzset() to get syslog timestamps correct.Ted Unangst
2015-10-29put timeout nullification in correct spotTed Unangst
2015-10-29be a little more precise about checking filtersTed Unangst
2015-10-29refold a few linesTed Unangst
2015-10-29collect some cool stats and print them out with SIGUSR1Ted Unangst
2015-10-28impose some limit on the cache size as well.Ted Unangst
2015-10-28if accept() fails due to fd exhaustion, stop accepting for one second.Ted Unangst