summaryrefslogtreecommitdiff
path: root/usr.sbin/rebound
AgeCommit message (Expand)Author
2016-06-05previous change (r1.27) converted to using non blocking sockets andTed Unangst
2016-05-31with the kernel perm check fixed, we can do this kevent after setuid,Ted Unangst
2016-05-13fix logging.Ted Unangst
2016-05-02prepare userland for removing chroot(2) from allowed syscalls under pledge(2).Sebastien Marie
2016-01-03forgot to call RB_INIT. but yet things mostly worked...Ted Unangst
2015-12-17add return code to newrequest to distinguish between cache hit and error.Ted Unangst
2015-12-12correct commentTed Unangst
2015-12-11it's not necessary to use a tree to track requests if kevent can do this.Ted Unangst
2015-12-08more better fake replies. servfail is the correct response.Ted Unangst
2015-12-05all the signal ignoring can be done in one placeTed Unangst
2015-12-05pull the config file opening up considerably earlier to fail fast.Ted Unangst
2015-12-04refine some logging and error messages. errors will now always go to stderrTed Unangst
2015-12-04push daemon call a little later so if the address is in use we see theTed Unangst
2015-12-04one signal.h should sufficeTed Unangst
2015-12-04ignore SIGPIPE. i don't see any way for it to happen, but nevertheless weTed Unangst
2015-12-04- sync usageGleydson Soares
2015-12-03when running on a machine without net, rebound will still receive queriesTed Unangst
2015-12-02tell readers about config reloads.Sebastian Benoit
2015-12-01add missing fclose(3)Gleydson Soares
2015-11-27add getpw to pledge. rpath would normally suffice, but there's some doubleTed Unangst
2015-11-24use canonical pledge argument orderingTheo de Raadt
2015-11-16improve logging slightlyTed Unangst
2015-11-16the list insertion needs to occur right after we get a valid socket,Ted Unangst
2015-11-10kill the whitespace.. kill the whitespace..Theo de Raadt
2015-11-01chroot to pw_dir instead of the hard-coded /var/empty. Also make theReyk Floeter
2015-10-30it is necessary to call tzset() to get syslog timestamps correct.Ted Unangst
2015-10-29put timeout nullification in correct spotTed Unangst
2015-10-29be a little more precise about checking filtersTed Unangst
2015-10-29refold a few linesTed Unangst
2015-10-29collect some cool stats and print them out with SIGUSR1Ted Unangst
2015-10-28impose some limit on the cache size as well.Ted Unangst
2015-10-28if accept() fails due to fd exhaustion, stop accepting for one second.Ted Unangst
2015-10-28bug in the request tree code: requests were being added to the tree beforeTed Unangst
2015-10-28twiddle with rlimit to give us a few more files. use rlimit as a hint asTed Unangst
2015-10-28add pledge to main process, though it needs a few more optionsTed Unangst
2015-10-28use an rb tree for the cache too. modelled after the reqtree.Ted Unangst
2015-10-28use an rb tree for finding requests. from Dimitris PapastamosTed Unangst
2015-10-26one second amnesty for timeouts so we don't spin with short timeoutsTed Unangst
2015-10-26set listening sockets to nonblocking, then handle as many incoming requestsTed Unangst
2015-10-17don't need fcntl for non blocking socket, just ask for it upfrontTed Unangst
2015-10-16save some file descriptors. instead of a pipe, use kevent to watch parentTed Unangst
2015-10-16naddy would like the child to exit when the parent dies.Ted Unangst
2015-10-16life is simpler if all requests go in the fifo, and then just remove themTed Unangst
2015-10-16deraadt tells me i'm supposed to check if connect() actually worked.Ted Unangst
2015-10-16two phase handling for tcp so that slow connects don't stall the processTed Unangst
2015-10-16save request length in cache. naddy noticed we weren't getting any hits.Ted Unangst
2015-10-16fine tune the logging some moreTed Unangst
2015-10-16simplify logging functions. once a daemon, always a daemonTed Unangst
2015-10-16safety check that we're dealing with the filter we expectTed Unangst
2015-10-16most things should be staticTed Unangst