Commit Graph

3751 Commits

Author SHA1 Message Date
itojun
bbef2fbaac errx?/warnx? audit. do not pass variable alone, use %s. idea from openbsd 2000-07-07 15:10:32 +00:00
itojun
7bf16d3ecc explicitly check if the address family is supported, by using socket(2). 2000-07-07 14:56:45 +00:00
enami
2fffbc9c4c No space is allowed between owner and optional :group. 2000-07-07 13:21:32 +00:00
itojun
fed1a1bf38 warnx?/errx? audit (don't pass variable alone). from openbsd. 2000-07-07 12:22:32 +00:00
itojun
7ebfc079d9 syslog() audit - do not use it with a variable alone. from openbsd 2000-07-07 11:39:41 +00:00
hubertf
0379a1727a remove/hide some debugging code 2000-07-06 16:06:36 +00:00
itojun
19a4d0910c sync with sys/netinet/icmp6.h change (no bitfield for router renumber).
more logging.  improve error handling/garbage collection.  sync with kame.
2000-07-06 12:37:56 +00:00
enami
3268786888 - Process all passed option rather than ignoring silently except the first one.
- Centerize the check whether an interface is specified.
- Print maximum data length.
- Swap wi_type and wi_code in struct wi_table so that wi_type matches with
  wi_type in wi_req.
2000-07-06 03:37:26 +00:00
itojun
4941865cd4 setproctitle fix. from openbsd 2000-07-05 22:21:15 +00:00
hubertf
7ca7a7f658 Only calculate MD5 checksum for plain files.
As a side effect, fixes handlink of links to dirs.
2000-07-05 20:18:16 +00:00
hubertf
2b35b3d322 * Move comment around a bit
* Document some return code
2000-07-05 20:17:04 +00:00
itojun
31431ac193 always use %s for setproctitle. from openbsd-current 2000-07-05 17:59:58 +00:00
msaitoh
f6f00e2615 remove extra period in SEE ALL section 2000-07-05 15:45:28 +00:00
itojun
358c3cf8dc more change on getaddrinfo error handling.
XXX enami, I admit it is not a good thing to check the error code from
getaddrinfo.  it is sometimes mandatory, however.  gai_strerror message
can be too generic in some cases.  we can't really extend getaddrinfo,
as it was not invented by kame (see RFC2553)
2000-07-05 12:43:06 +00:00
matt
3ab02a8704 More #include <stdlib.h> string, etc. cleanup 2000-07-04 20:27:35 +00:00
thorpej
6851dd879b Update ifconfig example to show that the interface has to be created. 2000-07-04 20:08:32 +00:00
itojun
e9bf9cf7a1 allow faithd(8) to be invoked via inetd(8), just like tcpd (of tcp_wrappers).
sync with kame.

benefits: allows us to access-control inbound traffic by using hosts.allow(5).
possible drawbacks: inetd mode has no chance for multi-connection-per-single-
process enhancement.  current faithd(8) needs 1 process per 1 connection
anyways.
2000-07-04 13:28:13 +00:00
itojun
798ee6865c add faithd(8) support. with "faith/tcp6" protocol specification,
it will open a socket with setsockopt(IPV6_FAITH).
2000-07-04 13:25:39 +00:00
itojun
9282955dca emit more friendly message on nonexistent service name.
From: enami
2000-07-04 09:33:55 +00:00
enami
e9aaacc880 If the line wasn't for the client we are looking for, skip it.
While I'm here, I indented the continuation line properly.
2000-07-04 08:18:44 +00:00
itojun
0b740ef377 beautify SYNOPSIS section with .Bk - .Ek pair.
correctly describe "no option" behavior (show 802.11 setting).
add comment about statistics update delay (-o).

TODO: should put \n after sentences
2000-07-04 05:20:03 +00:00
itojun
0f20cdad3f check for mux service by ISMUX(), not by != NORM_TYPE
(the assumption can bite us if we extend se_type to have more cases).
2000-07-03 23:40:59 +00:00
itojun
ee1989a0d1 remove duplicated ipsec setup code. we always call setup() on
socket reinitialization (like SIGHUP).
sync with kame.
2000-07-03 23:37:17 +00:00
enami
6412403c8a Fix few typos. 2000-07-03 10:16:10 +00:00
enami
8ab9946e10 Substitute the cross reference to portmap(8) with rpcbind(8). 2000-07-03 10:06:24 +00:00
itojun
1f62fd302f add more security notice about relaying rsh/rlogin taffic. (sync with kame) 2000-07-03 08:37:20 +00:00
enami
d985c8daa6 Don't hardcode like "[ -v 1|2|3|4 ]". 2000-07-03 08:31:22 +00:00
enami
511d11787c Use .Ar macro for the flag arguments. 2000-07-03 05:21:19 +00:00
itojun
f244aa6821 correct usage of route(8) in example. 2000-07-02 09:17:30 +00:00
jwise
ea7e9f5176 Fix minor thinko in previous. Make sure we close and keep closed all
sockets in the situation where all of the following are true:

	* /etc/syslogd.conf contained forwarding actions when we were
	  started up or when we last received a HUP

	* /etc/syslogd.conf has had all forwarding actions removed

	* we are running with -s

and we receive a HUP.
2000-07-02 02:15:34 +00:00
augustss
826490bf58 Indicate that the device argument is not mandatory. 2000-07-02 00:55:47 +00:00
itojun
a847ca3ad6 be more careful about arg to errx?/warnx? (do not pass variable directly,
it may contain "%").  from openbsd, via kame.
2000-06-30 18:58:42 +00:00
jwise
37b8137c99 Remove caveat about behavior of `syslogd -s' when forwarding rules are
present -- this behavior has been fixed.
2000-06-30 18:52:24 +00:00
jwise
9b22831fbc Fix opening/closing of sockets when receiving a HUP, and /etc/syslog.conf
has been changed from having forwarding actions to having none, or vice versa.
2000-06-30 18:45:04 +00:00
jwise
ccb04760be Improve behavior of `syslogd -s'.
Even if we are forwarding, don't bind to udp/514 if running with `-s'.
2000-06-30 18:22:54 +00:00
jwise
20abf1785a Back out and redo previous at Bill Sommerfeld's <sommerfeld@netbsd.org>
request:

	instead of the -S flag, fix the -s flag to not open a socket
	if there are no forwarding rules in /etc/syslog.conf

The behavior of syslogd when -s is specified and there are forwarding rules
should still be made cleaner.
2000-06-30 18:03:50 +00:00
thorpej
0ef2c35ee6 gifconfig(8) is obsolete; functionality has been added to
ifconfig(8).
2000-06-30 18:02:32 +00:00
jwise
3258a51b03 1.) bring usage text up to date, and clarify description of `-s' option
in man page and comments -- for some time it has no longer prevents
    an inet socket from being opened, just caused it to be ignored

2.) Fix this problem with `-s' -- syslogd always opens an inet socket, even if
    -s is specified and it has nowhere to send to.  This socket is then
    shutdown(), but there is no way to not have this socket open.

    Users setting up paranoid installations can now specify `-S' which
    prevents any non-unix-domain sockets from being opened, even if
    forwarding is specified in /etc/syslogd.conf.

    As per the previous fix, this is not made the default for `-s', as it
    also prevents syslogd from forwarding log messages.

3.) document the above in the man page and usage.

Justification:  in light of the possibility of future DoS attacks, or the
desire to set up a machine which is relatively uninformative in the face
of port scans, users may quite legitimately want to control what sockets
are open on their machine.  Telling such users that they cannot run
syslogd is non-ideal.
2000-06-30 17:32:43 +00:00
itojun
7f153848ab use %s with syslog, to prevent abuse. from: deraadt (sync with kame) 2000-06-29 01:24:11 +00:00
onoe
cb94bf1d45 Update the description of available channel for Japan.
The regulations has been changed to adopt 802.11b since Oct. 99.
For 11Mbps NICs sold in Japan, all DS channels (1..14) are available.
2000-06-28 10:07:05 +00:00
thorpej
c1b4b34401 Add support for globbing when matching the host name in the
bootparams(5) file, a'la Solaris.  This is extremely useful
for configuring Jumpstart servers.

From Dan Mercer <dmercer@zembu.com>.
2000-06-28 01:30:56 +00:00
thorpej
3a1d089614 Add some extra instrumentation in the `debug' case. 2000-06-27 20:32:28 +00:00
ragge
ca2ae6b635 Need special tweaking for VAX8200 etc... 2000-06-27 18:57:41 +00:00
briggs
72e9fc0fb5 If both SMALL and NSUPDATE are defined, undefine NSUPDATE. The NSUPDATE
option pulls in a set of symbols that increases the size of dhclient
with functionality that is not required for installation media.
This was discussed with Ted Lemon, and the patch is being submitted to him
for inclusion in his source tree.
2000-06-26 12:33:14 +00:00
perseant
4e02de35d3 use -s option to shorten the list of SEGUSEs printed as well as whole segments 2000-06-25 21:36:16 +00:00
mellon
cb94aaa4bf Delete some debugging statements that got included accidentally. 2000-06-24 19:05:50 +00:00
mellon
61f43e2b27 Allocate command line interface using interface_allocate (pr#10378) 2000-06-24 16:21:02 +00:00
mellon
770dd9d3d3 Merge latest version, fix conflicts. 2000-06-24 06:57:05 +00:00
mellon
11e02a2cec Merge latest version, fix conflicts. 2000-06-24 06:50:01 +00:00
mellon
cbcf186604 3.0b2 as of June 23 - fixes two important glitches. 2000-06-24 06:38:26 +00:00