Age | Commit message (Collapse) | Author |
|
<steve@genie96.com>
|
|
|
|
|
|
|
|
|
|
reject the following sources:
0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8
ff00::/8 ::/128
::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule.
reserved port, or NFS port.
hint from deraadt.
|
|
|
|
Now, block non-root from setting them up in the first place.
Also, check that pm_port is not > 65536
|
|
|
|
|
|
|
|
- some minor cleanup (syscall return codes, dead code, use strlcpy,
etc)
- sanity check dhcp option values recieved by dhclient
so that things that should look like a hostname look like a
hostname, and things that should look like an ip address look
like an ip address, if they don't ignore the lease
offer because it's bogus.
- Make the dhcp server attempt to ping an address when it recieves
a RELEASE from it. If the address answers a ping, ignore the
release offer. This helps make spoofing releases to liberate
addresses more difficult.
|
|
when purging routes.
|
|
|
|
|
|
Add VERSION and COMPILATIONDATE macros
Two new commands are available; ``ident'' and ``sendident''.
|
|
with no room in /var/tmp or weird installations (/var/tmp mounted noexec
can find out what to do)
|
|
reset it to the default GID, keep the old one.
Further, when given a new home dir, actually use it.
Fixes PR #1318.
|
|
- correct possible realloc memory leak.
- remove obsolete non-advanced api support (!ADVAPI)
- do not overwrite routing entry, when -A is specified (exit with error).
|
|
This avoids line length limits when large numbers of users are allowed
access to ppp.
|
|
Spotted by: sheldonh@FreeBSD.org
CVS: ----------------------------------------------------------------------
CVS: PR: Fill this in if a GNATS PR is affected by the change.
CVS: Submitted by: Fill this in if someone else sent in the change.
CVS: Reviewed by: Fill this in if someone else reviewed your modification.
CVS: Approved by: Fill this in if you needed approval for this commit.
CVS: Obtained from: Fill this in if the change is from third party software.
CVS: ----------------------------------------------------------------------
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically
CVS:
CVS: Committing in .
CVS:
CVS: Modified Files:
CVS: ppp.8
CVS: ----------------------------------------------------------------------
|
|
thorough an MP setup with only a single link.
|
|
effect the idle timer in different ways.
Submitted by: Stefan Esser <se@freebsd.org>
With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.
I made the style more consistent in ip.c - this should really have
been done as a separate commit.
|
|
|
|
for the confirmation.
|
|
permit square bracket notation in first element of inetd.conf, like RFC2732.
otherwise colon is slightly ambiguous. sync with kame.
[::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -US -h
|
|
|
|
js3guj@gold.ocn.ne.jp
|
|
o If the new ``filter-decapsulation'' is enabled, delve into UDP packets
that contain 0xff 0x03 as the first two bytes, and if we recognise it
as PROTO_IP, decapsulate it for the purpose of filter checking.
If we recognise it as PROTO_<anything else> mention this for logging
purposes only.
This change is aimed at people running PPPoUDP where the UDP traffic is
being sent over another PPP link. It's desireable to have the top level
link connected all the time, but to have the bottom level link capable
of decapsulating the traffic and comparing the payload against the filters,
thus allowing ``set filter dial ...'' to work in tunnelled environments.
The caveat here is that the top ppp cannot employ any compression layers
without making the data unreadable for the bottom ppp. ``disable deflate
pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
|
|
|
|
more logs. make it very sure to close temporary socket.
|
|
Change two instances of err() to errx().
|
|
|
|
|
|
Since Ethernet is the only data link supported assume datalink to be
1492. Found when ragge@ludd.luth.se tried to boot a VAX 6000/400. -moj
|
|
|
|
characters to hold the trailing NULL. This also fixes a one-byte overflow.
|
|
|
|
|
|
Matt Power <mhpower@mit.edu>. -moj
|
|
firewall punching fixes.
Obtained from: FreeBSD
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
constant). These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).
|
|
From brad@
|