summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2000-08-03fd == 0 is perfectly valid (and likely); spotted by Steve Williams ↵Jason Wright
<steve@genie96.com>
2000-08-03udp source validation: drop v4 mapped altogether.Jun-ichiro itojun Hagino
2000-08-02update other obsoleted rfcsNiels Provos
2000-08-02$HOME paranoia: never use getenv("HOME") w/o checking for NULL and non-zeroTodd C. Miller
2000-08-01unused variableJun-ichiro itojun Hagino
2000-08-01be more paranoid about UDP-based echo services validation. namely,Jun-ichiro itojun Hagino
reject the following sources: 0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8 ff00::/8 ::/128 ::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule. reserved port, or NFS port. hint from deraadt.
2000-08-01for datagram services, support IPv6.Jun-ichiro itojun Hagino
2000-07-31before, we blocked non-root from changing mappings pointed at reserved ports.Theo de Raadt
Now, block non-root from setting them up in the first place. Also, check that pm_port is not > 65536
2000-07-31KNFTheo de Raadt
2000-07-31prettyJason Wright
2000-07-21Mod_SSL 2.6.5 - from brad@, thanks.Bob Beck
2000-07-21Deal with a bunch of dhcp issues, ok fries@:Bob Beck
- some minor cleanup (syscall return codes, dead code, use strlcpy, etc) - sanity check dhcp option values recieved by dhclient so that things that should look like a hostname look like a hostname, and things that should look like an ip address look like an ip address, if they don't ignore the lease offer because it's bogus. - Make the dhcp server attempt to ping an address when it recieves a RELEASE from it. If the address answers a ping, ignore the release offer. This helps make spoofing releases to liberate addresses more difficult.
2000-07-20Don't mis-interpret sockaddr_in6 structures as sockaddr_in structuresbrian
when purging routes.
2000-07-20add openbsd tag, fix cpp warning about SSIZE redefinitionJason Wright
2000-07-20Move ws* command man pages to arch-dependent subdirs.Marc Espie
2000-07-19Support link identification from rfc1570brian
Add VERSION and COMPILATIONDATE macros Two new commands are available; ``ident'' and ``sendident''.
2000-07-18Summarily explain about the playpen and PKG_TMPDIR, so that guysMarc Espie
with no room in /var/tmp or weird installations (/var/tmp mounted noexec can find out what to do)
2000-07-15When modifying users and not specifying a new GID, don't arbitrarilyHakan Olsson
reset it to the default GID, keep the old one. Further, when given a new home dir, actually use it. Fixes PR #1318.
2000-07-15sync with latest kame.Jun-ichiro itojun Hagino
- correct possible realloc memory leak. - remove obsolete non-advanced api support (!ADVAPI) - do not overwrite routing entry, when -A is specified (exit with error).
2000-07-12Permit multiple ``allow user'' lines in any given sectionbrian
This avoids line length limits when large numbers of users are allowed access to ppp.
2000-07-12Correct ``set filter'' usagebrian
Spotted by: sheldonh@FreeBSD.org CVS: ---------------------------------------------------------------------- CVS: PR: Fill this in if a GNATS PR is affected by the change. CVS: Submitted by: Fill this in if someone else sent in the change. CVS: Reviewed by: Fill this in if someone else reviewed your modification. CVS: Approved by: Fill this in if you needed approval for this commit. CVS: Obtained from: Fill this in if the change is from third party software. CVS: ---------------------------------------------------------------------- CVS: Enter Log. Lines beginning with `CVS:' are removed automatically CVS: CVS: Committing in . CVS: CVS: Modified Files: CVS: ppp.8 CVS: ----------------------------------------------------------------------
2000-07-12Fix a rather nasty latency problem that occurs with single tcp sessionsbrian
thorough an MP setup with only a single link.
2000-07-11Allow a ``timeout secs'' filter option to let specific packet typesbrian
effect the idle timer in different ways. Submitted by: Stefan Esser <se@freebsd.org> With adjustments by me to document the option in the man page and to give the same semantics for outgoing traffic as incoming. I made the style more consistent in ip.c - this should really have been done as a separate commit.
2000-07-11Fix -auto breakage introduced with the last commitbrian
2000-07-09When a null password has been entered, default to ``no'' instead of ``yes''Aaron Campbell
for the confirmation.
2000-07-08handle IPv6 address in first element.Jun-ichiro itojun Hagino
permit square bracket notation in first element of inetd.conf, like RFC2732. otherwise colon is slightly ambiguous. sync with kame. [::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -US -h
2000-07-07document timezone command, as in boot_config(8)Theo de Raadt
2000-07-07pass CFLAGS to build process, so that optimization happens; ↵Theo de Raadt
js3guj@gold.ocn.ne.jp
2000-07-07o Log the (payload/size) of all packet types, not just TCP packetsbrian
o If the new ``filter-decapsulation'' is enabled, delve into UDP packets that contain 0xff 0x03 as the first two bytes, and if we recognise it as PROTO_IP, decapsulate it for the purpose of filter checking. If we recognise it as PROTO_<anything else> mention this for logging purposes only. This change is aimed at people running PPPoUDP where the UDP traffic is being sent over another PPP link. It's desireable to have the top level link connected all the time, but to have the bottom level link capable of decapsulating the traffic and comparing the payload against the filters, thus allowing ``set filter dial ...'' to work in tunnelled environments. The caveat here is that the top ppp cannot employ any compression layers without making the data unreadable for the bottom ppp. ``disable deflate pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
2000-07-06remove mobile-ip option description, merged in by mitsakeJun-ichiro itojun Hagino
2000-07-06sync with router renumber struct decl change.Jun-ichiro itojun Hagino
more logs. make it very sure to close temporary socket.
2000-07-06Don't write password lines longer than 1023 chars.Hakan Olsson
Change two instances of err() to errx().
2000-07-06Insert missing .El directives.Aaron Campbell
2000-07-05setproctitle with %sTheo de Raadt
2000-07-04File of the week :-) If Tertiary Loader data link size might not be set.Mats O Jansson
Since Ethernet is the only data link supported assume datalink to be 1492. Found when ragge@ludd.luth.se tried to boot a VAX 6000/400. -moj
2000-07-04Fix stupid bug in extraction through playpen.Marc Espie
2000-07-04If the spec allows 128-character filenames, our buffer has to be at least 129Aaron Campbell
characters to hold the trailing NULL. This also fixes a one-byte overflow.
2000-07-03typoNiklas Hallqvist
2000-07-03arp(8) invocations fixedNiklas Hallqvist
2000-07-03Ignore filenames that are longer than spec allows (128 for MOP V4.0.0).Mats O Jansson
Matt Power <mhpower@mit.edu>. -moj
2000-07-03Correct the number of src/dst ports and add some FreeBSD specificbrian
firewall punching fixes. Obtained from: FreeBSD
2000-07-03add warning on rsh/rlogin relayJun-ichiro itojun Hagino
2000-07-02OpenBSD'ify these man pages.Aaron Campbell
2000-07-02correct use of route(8) in sample.Jun-ichiro itojun Hagino
2000-07-02wscons toolsMichael Shalayeff
2000-07-02make it compiling only for alpha and hppaMichael Shalayeff
2000-07-02wscons font loader; initial import from netbsd treeMichael Shalayeff
2000-07-02wscons vt config tool; initial import from netbsd treeMichael Shalayeff
2000-06-30warnx?/errx? paranoia (use "%s" not a bare string unless it is aTodd C. Miller
constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales).
2000-06-30mod_ssl 2.6.4 mergeBob Beck
From brad@