Commit Graph

106 Commits

Author SHA1 Message Date
itojun de3a065dcc CPPFLAGS, not CFLAGS, for -D. 2001-09-13 13:02:20 +00:00
wiz 14dbdf5518 Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
fair 1cab78c82a Document TCPmux internal service, per additional discussion of PR 12325.
The text was snatched directly from the comment about it in inetd.c and
modified for better clarity.
2001-03-16 08:19:13 +00:00
fair 232ed76f81 Add text to more clearly document that tcpd is not needed, per PR 10754.
Add a FILES section. Add a few more references to SEE ALSO.
Clean up nroff nits (e.g. spaces at end of line).
2001-03-10 11:52:51 +00:00
bjh21 e4fc14ba1d Mention relevant RFCs in "SEE ALSO". 2001-03-04 14:18:32 +00:00
cgd 25bdbb661e convert to use getprogname() 2001-02-19 23:22:40 +00:00
jlam c5d65e2d74 Improve grammar slightly in the description for IPsec policy settings. 2001-01-25 21:49:31 +00:00
lukem 0645f2f67b use explicit name rather than __progname in openlog 2001-01-11 01:34:28 +00:00
hubertf 1e2914d00b Document that the path to the configuration file given on the command
line must be absolute, unless the -d option is given on the command line.
2000-12-02 02:15:34 +00:00
ad b8bb84a3b0 Clean one paragraph. 2000-09-19 16:28:52 +00:00
itojun 51156effd6 be more paranoid about UDP-based echo services validation. namely,
reject the following sources:
	0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8
	ff00::/8 ::/128
	::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule.
hint from deraadt.
2000-08-01 18:42:08 +00:00
mycroft 70c4e41552 Remove bogus typeof hack, and just use the type directly. 2000-07-23 22:54:51 +00:00
itojun b44d184dec permit square-bracket notation (as in RFC2732) for the first element
in inetd.conf.  otherwise, we'll have (minor) problem putting IPv6 address in.
sync with kame.

[::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
2000-07-08 01:55:24 +00:00
itojun 7bf16d3ecc explicitly check if the address family is supported, by using socket(2). 2000-07-07 14:56:45 +00:00
itojun 358c3cf8dc more change on getaddrinfo error handling.
XXX enami, I admit it is not a good thing to check the error code from
getaddrinfo.  it is sometimes mandatory, however.  gai_strerror message
can be too generic in some cases.  we can't really extend getaddrinfo,
as it was not invented by kame (see RFC2553)
2000-07-05 12:43:06 +00:00
itojun 798ee6865c add faithd(8) support. with "faith/tcp6" protocol specification,
it will open a socket with setsockopt(IPV6_FAITH).
2000-07-04 13:25:39 +00:00
itojun 9282955dca emit more friendly message on nonexistent service name.
From: enami
2000-07-04 09:33:55 +00:00
itojun 0f20cdad3f check for mux service by ISMUX(), not by != NORM_TYPE
(the assumption can bite us if we extend se_type to have more cases).
2000-07-03 23:40:59 +00:00
itojun ee1989a0d1 remove duplicated ipsec setup code. we always call setup() on
socket reinitialization (like SIGHUP).
sync with kame.
2000-07-03 23:37:17 +00:00
itojun 80a16c051d typo 2000-06-14 16:06:43 +00:00
itojun 59996dbc2b clarify tcp4/tcp6 interaction. 2000-06-14 15:57:26 +00:00
fvdl 2db4d2fdfe Modify to support RPC over IPv6. 2000-06-02 23:17:55 +00:00
itojun 2e33d275dc use LOG_WARNING for syslog output for address family mismatch.
suggested by: thorpej
2000-05-13 06:42:13 +00:00
itojun 31eb929ec0 correct extremely unfriendly error message when the kernel does not
support the address family (like including "tcp6" in inetd.conf, on
non-IPv6 kernel).

was:
inetd[185]: ftp/tcp6: *: hostname nor servname provided, or not known
now:
inetd[315]: ftp/tcp6: *: the address family is not supported by the kernel
2000-05-13 02:56:47 +00:00
itojun 8fb9de8e46 fix IPsec policy parser. #@ should affect multiple lines as documented. 2000-03-06 19:52:13 +00:00
itojun 4b061adfdb sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".
2000-01-31 14:28:17 +00:00
itojun 55ffb1ce63 make error check against getnameinfo(). 2000-01-27 19:52:43 +00:00
itojun a31f62a92c call sigsetmask() on ipsec initialization failure. 2000-01-13 15:53:00 +00:00
itojun ad663a8d32 refrain using non-standard .Sh. use .Ss. 1999-11-21 17:28:23 +00:00
kristerw 2220c68654 Typos (from OpenBSD) 1999-11-18 19:02:31 +00:00
ad d3f47cfba9 A colon is the preferred way to split a user and group name pair; make this
possible and depreciate the use of dot.
1999-10-06 21:54:10 +00:00
itojun f7c22e9eaa fix internal servers (like echo) so that they can accept AF_INET6 connections.
add AF_INET6 support for port_good_dg().
1999-09-15 09:59:41 +00:00
simonb fd8040a031 s/acknowledgment/acknowledgement/ 1999-09-10 03:24:14 +00:00
itojun 35a68ecb71 avoid multiple BUGS section. 1999-08-13 13:57:52 +00:00
sommerfeld fdadab8fc8 Fix PR7739: correct -DRPC rot in inetd.c 1999-08-02 01:12:21 +00:00
itojun e1b53de44e query service name properly on libwrap warnings.
NetBSD PR: 8101
1999-07-28 10:58:31 +00:00
ghudson 113b4934fe se_wait stores pids; make it a pid_t. 1999-07-19 15:49:39 +00:00
itojun 93de5675b3 be more friendly with non-IPsec kernel (hide warnings). 1999-07-04 00:31:57 +00:00
itojun d161ab0018 clearify and woring fix. 1999-07-02 16:55:45 +00:00
itojun 0d5c089973 document tcp4/tcp6 manipulation. 1999-07-02 16:49:34 +00:00
itojun a77871b871 dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
(the style is the rough consensus among v6 implementers so it will be
the standard style)

TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.
1999-07-02 04:48:19 +00:00
thorpej 78688ba793 Use pidfile(3). 1999-06-06 01:50:23 +00:00
hwr f6aa0f509c Prevent sending udp data to the obvious bad ports that are used for
DoS attacks (e.g. looping packets between two echo ports).
This should "fix" PR bin/2455.
Could please anyone with an appropriate "hacker tools" check this?
1999-04-11 15:40:58 +00:00
garbled d1407362ba More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:43:46 +00:00
tsarna c51f63ace5 Clarify the syntax a bit 1999-01-29 19:41:47 +00:00
mycroft e37d13ec69 Revert previous. 1999-01-20 09:24:06 +00:00
mycroft 24285e691d Make all listening sockets non-blocking. 1999-01-20 04:42:17 +00:00
lukem 786b86d71b use AF_LOCAL instead of AF_UNIX 1998-07-18 05:04:35 +00:00
tron ec7c8ec161 From "buqtraq": avoid file descriptor leak if service is looping. 1998-07-16 08:55:43 +00:00
lukem fc90756956 Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)
1998-06-08 12:41:41 +00:00