Commit Graph

50 Commits

Author SHA1 Message Date
lukem
d877c4c3c0 Enable WARNS=4 by default, except for:
cpuctl  dumplfs  hprop  ipf  iprop-log  kadmin  kcm  kdc  kdigest
	kimpersonate  kstash  ktutil  makefs  ndbootd  ntp  pppd  quot
	racoon  racoonctl  rtadvd  sntp  sup  tcpdchk  tcpdmatch  tcpdump
	traceroute  traceroute6  user  veriexecgen  wsmoused  zic
(Mostly third-party applications)
2009-04-22 15:23:01 +00:00
is
11927f0b16 synchronize error flags with own comment and with traceroute, as discussed
on tech-net.
2009-02-16 20:36:11 +00:00
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
elad
e35f123530 PR/19069: Jun-ichiro itojun Hagino: traceroute(8) and traceroute6(8) can
send packet to udp port 0, which is illegal
2006-10-07 10:23:33 +00:00
rpaulo
de8db47547 Add support for RFC 3542 Adv. Socket API for IPv6 (which obsoletes 2292).
* RFC 3542 isn't binary compatible with RFC 2292.
* RFC 2292 support is on by default but can be disabled.
* update ping6, telnet and traceroute6 to the new API.

From the KAME project (www.kame.net).
Reviewed by core.
2006-05-05 00:03:21 +00:00
ginsbach
85dd62aa2a Add description for -r option. Description taken from traceroute man page. 2005-09-17 15:16:11 +00:00
wiz
18b59e97b5 Fix -m description position. From YOMURA Masanori in private mail. 2005-09-11 23:46:39 +00:00
itojun
2a4c071a4f do not disclose endian/pid. henning@openbsd 2004-04-22 01:41:22 +00:00
itojun
c0819ecd5d do not disclose endian/alignment by probe packet. from dreaadt@openbsd
via kame
2004-01-25 03:26:30 +00:00
agc
326b2259b7 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22366, verified by myself.
2003-08-07 11:25:11 +00:00
itojun
9c298b2da2 sysctl/setsockopt takes int, not u_long. 2003-01-21 09:15:54 +00:00
itojun
8a8d344fd5 fix arg size to IPV6_UNICAST_HOPS socket option. Hiroki Sato 2003-01-21 07:55:17 +00:00
itojun
22a4160612 be more picky about argument parsing (check ERANGE from strtoul). sync w/kame 2002-10-24 12:54:14 +00:00
itojun
f062d0205a make args u_long not to lose accuracy due to conversion/overflow.
from mark@openbsd
2002-10-23 03:48:07 +00:00
itojun
52c469ffaa socklen_t audit. from deraadt, sync w/kame 2002-09-08 01:41:12 +00:00
onoe
b719e19a2f Fixed trivial bugs in previous commit:
unnecessary socket is opened, and non-root user failed to execute...
2002-08-30 04:02:44 +00:00
onoe
4a58d16e34 Add -I (use icmp) option as traceroute.
sync w/kame
2002-08-30 03:57:20 +00:00
itojun
dcbc05cef8 warn if multiple addresses are returned from DNS, like traceroute(8) does.
sync w/kame
2002-08-27 00:34:52 +00:00
itojun
d36c8b47de no need for struct timezone. From: Kevin Steves <kevin@atomicgears.com> 2002-08-09 02:57:09 +00:00
itojun
304d46f942 check port number range. sync w/kame, pointed out by deraadt 2002-06-29 07:49:25 +00:00
itojun
ba39243377 use strchr not index 2002-06-09 02:45:26 +00:00
itojun
c264025d4e grab max hlim/ttl from kernel via sysctl. sync w/openbsd 2002-05-26 14:45:43 +00:00
itojun
00c1d95307 typo in port number setting 2002-05-26 13:14:03 +00:00
itojun
ef38c9fcf1 KNF and other cleanups. from openbsd via kame 2002-05-26 05:32:13 +00:00
itojun
c38970800e sizeof pedant 2002-02-19 02:29:58 +00:00
ross
2a76afae02 Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:36:18 +00:00
kleink
a0649bd297 getopt(3): EOF -> -1. 2001-05-07 14:00:22 +00:00
itojun
48110adac6 correct fd_set allocation. from deraadt 2001-01-12 18:53:20 +00:00
itojun
8537da23ad use strlcpy/at throughout the code. more strct argument validation.
revoke setuid privilege earlier.

sync with kame.
2000-12-22 15:12:04 +00:00
itojun
50ac5d898b move rcsid to the top 2000-11-24 07:42:07 +00:00
itojun
ffa892c2d7 use poll(2). 2000-10-08 06:40:42 +00:00
itojun
829f1b8451 avoid fd_set size overflow. from deraadt@openbsd, sync with kame. 2000-10-07 06:41:37 +00:00
kleink
4918722a89 For commands and utilities, use EXIT STATUS rather than RETURN VALUES or
DIAGNOSTICS as appropriate (and documented in mdoc(7)).
2000-09-04 07:35:15 +00:00
itojun
fed1a1bf38 warnx?/errx? audit (don't pass variable alone). from openbsd. 2000-07-07 12:22:32 +00:00
itojun
a847ca3ad6 be more careful about arg to errx?/warnx? (do not pass variable directly,
it may contain "%").  from openbsd, via kame.
2000-06-30 18:58:42 +00:00
itojun
5a2c8d59e9 print source address of query. support -f (skip first N hops).
do not choke on unexpected ND messages.
2000-06-12 16:31:52 +00:00
itojun
1e22bb586e correct use of perror(). 2000-03-12 02:42:43 +00:00
itojun
9c971f7c4d typo fix (s/Ridirect/Redirect/) 2000-03-02 07:43:32 +00:00
itojun
970a04ff88 do not assume CMSG_xx are constant. (sync with latest kame) 2000-02-28 07:03:58 +00:00
mycroft
fdf456b5f0 Nuke gratuitous setting of BINOWN and BINGRP. 2000-02-25 08:52:03 +00:00
itojun
7414be8dd0 add missing command line arguments (target and datalen) 2000-02-16 06:10:15 +00:00
itojun
e00a204ac4 use getnameinfo(), not inet_ntop(), as much as possible.
(sync with recent kame)
2000-02-16 00:38:14 +00:00
itojun
a58fc4d3b8 sync with latest libipsec/kernel. 2000-01-31 14:25:42 +00:00
enami
82d7115cf2 Don't pass so many args to .Nd macro. It just overflows. 1999-11-19 01:12:39 +00:00
itojun
1c73836310 do not bark even if IPsec is turned off in kernel. 1999-09-03 01:49:16 +00:00
itojun
656cf2dd52 allow "traceroute6 -q1 foo".
KAME PR: 135
1999-07-30 01:19:58 +00:00
itojun
b7ee9c3863 add NetBSD RCS ID. 1999-07-04 02:43:39 +00:00
itojun
9a6abc8c5d s/CFLAGS/CPPFLAGS/ for -D and -I. 1999-07-03 06:26:25 +00:00
thorpej
8cc65d3aa6 Squash some NULL printf format warnings, providing better error messages
to the user in the process.
1999-07-02 18:13:45 +00:00
itojun
2447462b5e traceroute6: traceroute for IPv6.
TODO: better to be separate, or merged?
1999-07-01 20:55:03 +00:00