Commit Graph

49 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
hubertf 889da1779b * Don't include headers twice
* Remove a few trailing whitespaces
 * Rearrange and join to one #if for some headers

Patch contributed by Slava Semushin <slava.semushin@gmail.com>
in private mail.
2007-01-16 17:32:04 +00:00
christos 9881dfaad3 c99 initializer 2006-10-22 21:24:44 +00:00
christos 01caf31f3a Cleanup KNF, WARNS=4.
Phew, this started just to make set() static so that coverity does not get
confused.
2006-05-13 20:46:15 +00:00
rpaulo 8c2379fd97 NDP-related improvements:
RFC4191
	- supports host-side router-preference

	RFC3542
	- if DAD fails on a interface, disables IPv6 operation on the
          interface
	- don't advertise MLD report before DAD finishes

	Others
	- fixes integer overflow for valid and preferred lifetimes
	- improves timer granularity for MLD, using callout-timer.
	- reflects rtadvd's IPv6 host variable information into kernel
	  (router only)
	- adds a sysctl option to enable/disable pMTUd for multicast
          packets
	- performs NUD on PPP/GRE interface by default
	- Redirect works regardless of ip6_accept_rtadv
	- removes RFC1885-related code

From the KAME project via SUZUKI Shinsuke.
Reviewed by core.
2006-03-05 23:47:08 +00:00
rpaulo 78678b130a Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
  entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 00:15:35 +00:00
itojun e5802101b4 change description of -I to meet the current implementation. bump date 2004-10-26 06:42:14 +00:00
itojun 62eb5fae68 close(2) missing. Andrey Matveev 2004-05-24 03:51:04 +00:00
itojun 5d2c970d68 fflush(stdout) on -A. KAME-PR-584 2004-02-10 14:44:32 +00:00
itojun 71ee6e8bea typo (struct member name - has to be rtm_addrs). from fujitsu 2004-01-08 06:56:25 +00:00
agc 326b2259b7 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22366, verified by myself.
2003-08-07 11:25:11 +00:00
itojun da2e0c851d err() cleanup, from openbsd-current via kame 2003-06-27 07:49:40 +00:00
itojun aa5672d8c5 sscanf overrun 2003-05-17 01:02:01 +00:00
lukem 17d72c8a6b use NETBSDSRCDIR as appropriate 2002-09-18 03:54:26 +00:00
itojun d650d1adac with -i, flag on command line and flag displayed are different, and it does
nothing but confuse users.  sync them.

for -nud and such, you need "-- -nud" due to posix arg parsing.

sync w/kame
2002-07-17 13:08:27 +00:00
itojun 61ef51d198 comment out paragraph that does not fit to NetBSD 2002-06-08 21:19:08 +00:00
itojun 47af351cc9 recover backward compatibility in -I behavior. sync w/kame 2002-06-03 19:27:39 +00:00
itojun d3583acf8c more KNF/nroff. from deraadt via kame 2002-06-03 04:41:34 +00:00
itojun b21f26fdc1 typo 2002-06-03 04:31:29 +00:00
itojun 016477e967 more posix-compliant arg parsing. sync with kame. help from deraadt 2002-06-03 03:34:36 +00:00
itojun 4bb986ded2 KNF, from openbsd via kame 2002-06-02 23:43:21 +00:00
itojun 1675bb6f17 more strlcpy. from openbsd via kame 2002-05-29 22:23:06 +00:00
wiz 8b32b6b12c Drop a space, and two grammar fixes. 2002-05-29 08:51:28 +00:00
itojun b09ce00be9 use new SIOCGIFINFO_IN6. random other cleanups. 2002-05-29 08:04:39 +00:00
ross 2a76afae02 Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:36:18 +00:00
wiz ca3452180b Punctuation nits. 2002-02-02 01:21:44 +00:00
itojun e6ccd47666 use strncpy() to set ifname arg to ioctl. 2001-11-08 09:45:34 +00:00
bjh21 d5a914aad0 Use getnameinfo() to format link-layer addresses rather than doing it
ourselves.
2001-10-06 19:39:23 +00:00
itojun 2dde33d97b sync with latest kame code. ndp -i won't print info for yet-to-be-initialized
interface.
2001-07-23 14:47:43 +00:00
itojun d54eb3a39d change tcpdump dir to refer to. Daniel Carosone <dan@geek.com.au> 2001-06-26 13:43:29 +00:00
kleink a0649bd297 getopt(3): EOF -> -1. 2001-05-07 14:00:22 +00:00
wiz 9ce3f772a3 Xref tcpdump 8, not 1. 2001-04-03 11:27:42 +00:00
itojun 205669dc96 avoid dereferencing null pointer. from kame. 2001-03-21 15:28:29 +00:00
itojun 5cb09b1c66 sync with latest kame tree. ndp -n -a is prettier with longer addresses.
-l is obsolete (igored).
2001-02-08 07:37:18 +00:00
itojun 45c9804017 avoid memory leak. sync with kame 2001-01-21 07:51:17 +00:00
itojun 0d592a8998 nuke link-locals correctly on -c. sync with kame 2000-10-10 10:14:36 +00:00
kleink 4918722a89 For commands and utilities, use EXIT STATUS rather than RETURN VALUES or
DIAGNOSTICS as appropriate (and documented in mdoc(7)).
2000-09-04 07:35:15 +00:00
matt 3ab02a8704 More #include <stdlib.h> string, etc. cleanup 2000-07-04 20:27:35 +00:00
itojun f42e218016 sync with more recent kame code.
accept scoped address notation.
2000-06-20 22:23:01 +00:00
itojun 3e34240544 perform neighbor unreachability detection on p2p links (spec requires
it for bidir p2p links).
improve -i in ndp(8) to allow tweaking per-interface ND flag on.
fix ndp(8) infinite loop on certain routing table setup.
2000-04-16 15:27:59 +00:00
simonb f4be79ac40 Don't declare 'extern opt*' getopt variables.
Don't declare 'extern int h_errno;' - it's in <netdb.h>.
2000-04-14 06:28:18 +00:00
kleink 1e9ca23a0d Typo. 2000-03-07 19:40:54 +00:00
itojun 6a433be509 remove net.inet6.ip6.nd6_proxyall sysctl.
support "ndp -s <ip6> <mac> proxy" for proxy NDP.
2000-02-26 08:48:21 +00:00
tron 932885638e Remove bogus declaration of "errno". 2000-01-22 10:18:07 +00:00
itojun 644cf51b1e add -I and -l. cleanup on screen formatting.
(sync with latest KAME)
1999-12-13 15:30:25 +00:00
itojun 6827022dc7 fix routing socket alignment issue on alpha.
sync with more recent KAME code.

PR: 8305
1999-09-03 03:54:47 +00:00
itojun 26c3d764fd add NetBSD RCS ID. 1999-07-06 13:14:54 +00:00
itojun 9a6abc8c5d s/CFLAGS/CPPFLAGS/ for -D and -I. 1999-07-03 06:26:25 +00:00
itojun 4b8a1fec7e ndp, "arp"-alike command for IPv6. 1999-07-01 20:33:55 +00:00