| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Reported by: Kevin Day <kevin@your.org>
Approved by: so
Security: FreeBSD-SA-25:12.rtsold
Security: CVE-2025-14558
|
| |
|
|
|
| |
MFC after: 1 week
Reported by: Kevin Day <kevin@your.org>
|
| |
|
|
|
|
|
| |
Add -u, remove -p from the rtsol(8) usage message.
PR: 266634
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
PR: 266634
Fixes: 231bac4ccc43 ("rtsol/rtsold: Add option to skip random delay")
MFC after: 1 week
(cherry picked from commit 9e9e64b693ab1e08cca46e26e468160542c33f3a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
|
| |
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| |
|
|
| |
Remove /^/[*/]\s*\$FreeBSD\$.*\n/
|
| |
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In addition to the 'M' and 'O' scripts (for when 'Managed' and 'Other'
flags are set) also introduce an 'always' script that is called for any
router advertisement (so even if M and O are not set).
This is primarly useful for systems like pfSense that wish to be
informed of routers for further system configuration.
See also https://redmine.pfsense.org/issues/14072
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39931
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since commit 04e9edb54428, rtsold has leaked the memory for the
argument vector of every script it runs.
Reported by: Coverity
Reviewed by: markj
Fixes: 04e9edb5442826a14616157962361ff81e4a38fe
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D34355
|
| |
|
|
|
|
|
|
|
|
|
| |
Set errno to EINVAL if the name overflows the buffer, as was done
before commit ecce515d54bc.
Reviewed by: dab, markj
Fixes: ecce515d54bcea54fea03f731aad646c87761d22
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D34354
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove reference to PCMCIA. The issue is more generic than that. Also,
it does apply to FreeBSD, so no need to hedge about some OSes. The index
won't change if no other interfaces are created after the card is
removed, so note that it may change, not will change.
Suggested by: phk
Reviewed by: gleb
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In accordance with a SHOULD in RFC 4861, rtsol and rtsold wait a
random time between zero and one (aka MAX_RTR_SOLICITATION_DELAY)
seconds before sending a Router Solicitation, in order to avoid
network congestion if many hosts come online at once. (The
question of how many hosts would be required to cause congestion
by each sending a single packet on a Gbps+ network is left to the
reader.)
The new option -i disables this wait and instructs rtsol and rtsold
to send the Router Solicitation immediately.
Reviewed by: bz, kp (earlier version)
MFC after: 1 week
Relnotes: yes
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D32956
|
| |
|
|
|
|
| |
Reviewed by: kp
Obtained from: pfsense
MFC after: 1 week
|
| |
|
|
|
|
| |
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31518
|
| |
|
|
|
|
|
|
|
| |
rtsold works fine for point to point interfaces in manual mode but will
not auto-probe them.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31517
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The header specifies the size of the option in multiples of eight bytes.
The option consists of an eight-byte header followed by one or more IPv6
addresses, so the option is invalid if the size is not equal to 1+2n for
some n>0. Check this.
The bug can cause random stack data to be formatted as an IPv6 address
and passed to resolvconf(8), but a host able to trigger the bug may also
specify arbitrary addresses this way.
Reported by: Q C <cq674350529@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
|
| |
|
|
|
| |
Reported by: hrs
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Avoid leaking a socket if llflags_get() fails.
- Avoid leaking a file handle if rtsold_init_dumpfile() fails.
- Tighten the check in if_nametosdl() which determines whether we failed
to find the specified interface.
- Fix errno handling in an error path in rtsock_open().
MFC after: 1 week
Notes:
svn path=/head/; revision=368278
|
| |
|
|
|
|
|
|
|
| |
Approved by: so
Security: CVE-2020-25577
MFC after: now
Notes:
svn path=/head/; revision=368248
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=368111
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=366972
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While we do support the "O bit" running a script (usually to start a
dhcpv6 client) we have no options for setups which set the "M bit" for,
e.g., static address assignment as in EC2.
Duplicate most of the "O bit" logic to also start a script for the
"M bit" with the one difference: if the "M bit" is set we will not
start the script for the "O bit" as well (per RFC 4861, Section 4.2).
Reviewed by: hrs, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26099
Notes:
svn path=/head/; revision=364771
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Notes:
svn path=/head/; revision=355617
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
Notes:
svn path=/head/; revision=355616
|
| |
|
|
|
|
|
|
| |
Reported by: sjg
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=354926
|
| |
|
|
|
|
|
|
|
|
|
| |
This ensures that the program name is included in the output, which
makes it easy to identify the source of error messages printed
during boot.
MFC after: 1 week
Notes:
svn path=/head/; revision=344629
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for sandboxing.
The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox. In particular, several custom services
were required.
- A Casper service is used to send Router Solicitation messages on a
raw ICMP6 socket. Initially I took the approach of creating a
socket for each interface upon startup, and connect(2)ing it to
the all-routers multicast group for the interface. This permits
the use of sendmsg(2) in capability mode, but only works if the
interface's link is up when rtsol(d) starts. So, instead, the
rtsold.sendmsg service is used to transmit RS messages on behalf
of the main process. One could alternately define a service
which simply creates and connects a socket for each destination
address, and returns the socket to the sandboxed process. However,
to implement rtsold's -m option we also need to read the ND6 default
router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
options in received RA messages. A Casper service is used to
fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
link-local address is useable (i.e., not duplicated or undergoing
DAD). This information is supplied by getifaddrs(3), which reads
a sysctl not available in capability mode. The SIOCGIFCONF socket
ioctl provides equivalent information and can be used in capability
mode, but I decided against it for now because of some limitations
of that interface.
In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.
Reviewed by: oshogbo
Tested by: bz (previous versions)
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17572
Notes:
svn path=/head/; revision=342788
|
| |
|
|
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339747
|
| |
|
|
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339745
|
| |
|
|
|
|
|
|
|
| |
CID: 1007418
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339687
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We would fail to clear DNS search list configuration if a router
stopped specifying the DNSSL RA option. I suspect that the bug
was mostly harmless, as the RDNSS and DNSSL options are typically used
together and omitting the RDNSS option would have the same effect.
CID: 1006219
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339460
|
| |
|
|
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339456
|
| |
|
|
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339455
|
| |
|
|
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339453
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Notes:
svn path=/head/; revision=326025
|
| |
|
|
|
|
|
| |
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=325188
|
| |
|
|
|
|
|
|
|
|
|
| |
This interface type ("a parent interface of wlanX") is not used since
r287197
Reviewed by: adrian, glebius
Differential Revision: https://reviews.freebsd.org/D9308
Notes:
svn path=/head/; revision=312929
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Because rtsold listens for RAs on a raw socket, it may receive RAs from
interfaces that it does not manage. Such events can result in excessive
logging.
Submitted by: Franco Fichtner <franco@opnsense.org>
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8108
Notes:
svn path=/head/; revision=306571
|
| |
|
|
|
|
|
|
|
|
|
|
| |
that it is NUL terminated. Additional NUL padding is not required
for short names.
Reported by: Coverity
CID: 99186, 991864, 991865
MFC after: 1 week
Notes:
svn path=/head/; revision=299868
|
| |
|
|
|
|
|
|
| |
PR: 207146
MFC after: 3 days
Notes:
svn path=/head/; revision=295737
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is rather pedantic, as for most architectures it holds that
sizeof(type *) == sizeof(type **)
Found by: clang static analyzer
Reviewed by: ed
Differential Revision: https://reviews.freebsd.org/D4722
Notes:
svn path=/head/; revision=292864
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove -a from the usage message example dealing with specific
interfaces. -a only makes sense when not specifying an interface,
such that it's to be run on all interfaces
- Fix the pidfile option (it's -p, not -P)
- Change `interfaces` to `interface` to match the manpage
MFC after: 3 days
PR: 173744
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=290182
|
| |
|
|
|
|
|
|
|
|
| |
arc lint is helpful
Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com
Differential Revision: https://reviews.freebsd.org/D3337
Notes:
svn path=/head/; revision=289677
|
| |
|
|
|
|
|
|
|
| |
and remove the corresponding HAVE_ARC4RANDOM conditions.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=288963
|
| |
|
|
|
|
|
|
|
| |
- Use nitems().
MFC after: 3 days
Notes:
svn path=/head/; revision=287612
|
| |
|
|
|
|
|
|
|
|
| |
The socket created by rtsol/rtsold is not a connection-based socket,
meaning that we should not attempt to call shutdown() on it.
Reported by: kan
Notes:
svn path=/head/; revision=286566
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
Notes:
svn path=/head/; revision=284345
|
