| Age | Commit message (Collapse) | Author |
|---|
|
log updates|all
with
log state changes
log host checks
log connection [errors]
The first two control the logging of host check results: either changes in host state only or
all checks.
The third option controls logging of connections in relay mode:
Either log all connections, or only errors.
Additionaly, errors will be logged with LOG_WARN and good connections
will be logged with LOG_INFO, so they can be differentiated in syslog.
ok and feedback from claudio@
|
|
a password and that way it would log it when the daemon is ran in verbose mode.
Hint and OK claudio@
|
|
it. We should not trust this input too much as found by Pierre Emeriaud.
OK benno@
|
|
|
|
|
|
|
|
be shortened by 1.
OK florian@
|
|
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
While here also scramble pledge promises to their canonical form.
OK florian@
|
|
|
|
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
OK florian@
|
|
sockets cause no harm and this way we close another attack surface by not
allowing the daemon to create/delete any more files.
OK akoshibe@ florian@
|
|
that not deleting the unix control sockets cause no harm and this way we close
another attack surface by not allowing the daemon to create/delete any more
files.
tweak and OK florian@
|
|
harm if not deleted after the daemon is shutdown and at the same time we also
tackle another attack surface by not allowing the program to create/delete
any more files (by removing "cpath" promise from pledge(2)).
Discussion initiated by a question from deraadt@ OK florian@
|
|
On the other hand it is much more powerful to get rid of cpath; rad is
no longer allowed to change anything on the filesystem.
Triggered by mestre@'s work to fix unlinking in other daemons and a
question from deraadt@
OK mestre
|
|
|
|
|
|
|
|
From Ross L Richardson, thanks
ok millert@
|
|
From Ross L Richardson
ok millert@
|
|
ok millert@
|
|
From Ross L Richardson
|
|
From Ross L Richardson
|
|
struct prefix will be slowly becomming the hub of the rib.
OK phessler@ job@
|
|
output directory). If prefix isn't a directory, that would require
enumerating all prefix<sig>.<id> filenames and unveiling all of them
which isn't reasonable... for the file case can we identify whether it
starts start with '/' or not, and unveil '/' or '.' for "w"?
|
|
before unveil/pledge.
|
|
Walk each rib at most once and push it from there to all RIBs or peers
that need the update. Makes the logic more streight and so easier to run
in background.
Tested by and OK phessler@
|
|
repeated in every interface block - they can still be overwritten
on a per interface basis.
Pointed out by, tweaks & OK sthen
|
|
|
|
do the logic for manpage formatting better, so that we can't miss things
simplify filenames, fullname always has a slash
|
|
- display error message on STDERR... better
- don't extract the code twice
|
|
possible stack overflow due to recursion in ber_free_elements().
ok claudio@
|
|
that both filter lists are treated the same way. This fixes an inconsistency
with ibgp and ebgp filters as used in the example config.
OK benno@ sthen@
|
|
one must be present.
From Ross L Richardson, thanks
ok sthen@
|
|
As pointed out by sthen@, TLS isn't the only possible use.
From Ross L Richardson
ok shten@
|
|
From Ross L Richardson
ok sthen@
|
|
currently doesn't call the function control_cleanup to do so. The solution is
to simply call that function just before the program quits.
"sure" henning@
|
|
|
|
all other free functions bgpd has.
|
|
processing does. It adds the prefix to Adj-RIB-In and if "log update" is
set it will also log the addition and removal of a prefix.
OK benno@
|
|
previous commit.
heads up and OK tb@
|
|
unlink(2)ed from eigrpe engine process, the problem is that this proc is
chrooted and therefore the socket will never be deleted.
In order to solve it we need to bring control_cleanup() function, which calls
unlink(2), into the main proc which is not chrooted. This is the way it's
already done for several other daemons we have in our base.
Additionally we also need to move the "cpath" pledge(2) promise from the child
process to the main process in order for the latter to be allowed to delete the
socket and while here shuffle the promises into their canonical form.
OK florian@ and benno@
|
|
If one of the configured modules doesn't have a secret setup then
module->secret == NULL which would call strlen(NULL), within freezero(3),
and that shouldn't happen, but in this case since the call is done it
segfaults and the daemon is not properly shutdown.
cluebat stick provided by semarie@, OK tb@ and deraadt@
|
|
Pointed out by Andrew Daugherity (andrew.daugherity AT gmail), thanks!
Tweaks and OK jmc
|
|
ok claudio@
|
|
|
|
ok claudio@
|
|
This way the size is the same on all archs and 32bit should be good enough.
OK rob@
|
|
traversing the prefix list. Since a while Adj-RIB-In is fully independent
and so updating the local RIB does not modify that list.
OK benno@
|
|
ok tb@
|
|
ok tb@ (previous 3 commits to main.c as well)
|
