Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
102,286 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

83 Commits

Author SHA1 Message Date
itojun 181c9736b9 correct udp-from-broadcast check. From: andre@ae-35.com 2002-07-04 12:35:19 +00:00
itojun 00a0a65271 on internal udp echoback service, reject request if source address is a 
broadcast address.
 2002-06-05 10:03:31 +00:00
itojun 0c16d570ac no need for inetd_dummy variable. from openbsd 2002-06-01 03:41:33 +00:00
itojun 0062113f7e minor KNF 2002-06-01 00:32:41 +00:00
itojun 2dc34bbe40 cleanup main() by splitting it up in two. inspired by openbsd change 2002-06-01 00:28:52 +00:00
itojun 69c161be36 socklen_t cleanup. make MULOG code actually compile (is there anyone using 
it?  otherwise, i'd like to nuke it)
 2002-06-01 00:15:08 +00:00
christos 1d1ced8220 use setproctitle(3); from itojun. 2002-05-31 14:28:20 +00:00
wiz b36c0a5406 deamon -> daemon 2002-01-21 14:42:26 +00:00
abs dd94d9b295 Convert some 'long's to 'uint32_t's. Now rdate works against an LP64 box. 2001-12-26 17:01:39 +00:00
wiz 14dbdf5518 Negative exit code cleanup: Replace exit(-x) with exit(x). 
As seen on tech-userlevel.
 2001-04-06 11:13:45 +00:00
cgd 25bdbb661e convert to use getprogname() 2001-02-19 23:22:40 +00:00
lukem 0645f2f67b use explicit name rather than __progname in openlog 2001-01-11 01:34:28 +00:00
itojun 51156effd6 be more paranoid about UDP-based echo services validation. namely, 
reject the following sources:
	0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8
	ff00::/8 ::/128
	::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule.
hint from deraadt.
 2000-08-01 18:42:08 +00:00
mycroft 70c4e41552 Remove bogus typeof hack, and just use the type directly. 2000-07-23 22:54:51 +00:00
itojun b44d184dec permit square-bracket notation (as in RFC2732) for the first element 
in inetd.conf.  otherwise, we'll have (minor) problem putting IPv6 address in.
sync with kame.

[::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
 2000-07-08 01:55:24 +00:00
itojun 7bf16d3ecc explicitly check if the address family is supported, by using socket(2). 2000-07-07 14:56:45 +00:00
itojun 358c3cf8dc more change on getaddrinfo error handling. 
XXX enami, I admit it is not a good thing to check the error code from
getaddrinfo.  it is sometimes mandatory, however.  gai_strerror message
can be too generic in some cases.  we can't really extend getaddrinfo,
as it was not invented by kame (see RFC2553)
 2000-07-05 12:43:06 +00:00
itojun 798ee6865c add faithd(8) support. with "faith/tcp6" protocol specification, 
it will open a socket with setsockopt(IPV6_FAITH).
 2000-07-04 13:25:39 +00:00
itojun 9282955dca emit more friendly message on nonexistent service name. 
From: enami
 2000-07-04 09:33:55 +00:00
itojun 0f20cdad3f check for mux service by ISMUX(), not by != NORM_TYPE 
(the assumption can bite us if we extend se_type to have more cases).
 2000-07-03 23:40:59 +00:00
itojun ee1989a0d1 remove duplicated ipsec setup code. we always call setup() on 
socket reinitialization (like SIGHUP).
sync with kame.
 2000-07-03 23:37:17 +00:00
fvdl 2db4d2fdfe Modify to support RPC over IPv6. 2000-06-02 23:17:55 +00:00
itojun 2e33d275dc use LOG_WARNING for syslog output for address family mismatch. 
suggested by: thorpej
 2000-05-13 06:42:13 +00:00
itojun 31eb929ec0 correct extremely unfriendly error message when the kernel does not 
support the address family (like including "tcp6" in inetd.conf, on
non-IPv6 kernel).

was:
inetd[185]: ftp/tcp6: *: hostname nor servname provided, or not known
now:
inetd[315]: ftp/tcp6: *: the address family is not supported by the kernel
 2000-05-13 02:56:47 +00:00
itojun 8fb9de8e46 fix IPsec policy parser. #@ should affect multiple lines as documented. 2000-03-06 19:52:13 +00:00
itojun 4b061adfdb sync with latest libipsec. 
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".
 2000-01-31 14:28:17 +00:00
itojun 55ffb1ce63 make error check against getnameinfo(). 2000-01-27 19:52:43 +00:00
itojun a31f62a92c call sigsetmask() on ipsec initialization failure. 2000-01-13 15:53:00 +00:00
ad d3f47cfba9 A colon is the preferred way to split a user and group name pair; make this 
possible and depreciate the use of dot.
 1999-10-06 21:54:10 +00:00
itojun f7c22e9eaa fix internal servers (like echo) so that they can accept AF_INET6 connections. 
add AF_INET6 support for port_good_dg().
 1999-09-15 09:59:41 +00:00
sommerfeld fdadab8fc8 Fix PR7739: correct -DRPC rot in inetd.c 1999-08-02 01:12:21 +00:00
itojun e1b53de44e query service name properly on libwrap warnings. 
NetBSD PR: 8101
 1999-07-28 10:58:31 +00:00
ghudson 113b4934fe se_wait stores pids; make it a pid_t. 1999-07-19 15:49:39 +00:00
itojun 93de5675b3 be more friendly with non-IPsec kernel (hide warnings). 1999-07-04 00:31:57 +00:00
itojun a77871b871 dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field. 
(the style is the rough consensus among v6 implementers so it will be
the standard style)

TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.
 1999-07-02 04:48:19 +00:00
thorpej 78688ba793 Use pidfile(3). 1999-06-06 01:50:23 +00:00
hwr f6aa0f509c Prevent sending udp data to the obvious bad ports that are used for 
DoS attacks (e.g. looping packets between two echo ports).
This should "fix" PR bin/2455.
Could please anyone with an appropriate "hacker tools" check this?
 1999-04-11 15:40:58 +00:00
mycroft e37d13ec69 Revert previous. 1999-01-20 09:24:06 +00:00
mycroft 24285e691d Make all listening sockets non-blocking. 1999-01-20 04:42:17 +00:00
lukem 786b86d71b use AF_LOCAL instead of AF_UNIX 1998-07-18 05:04:35 +00:00
tron ec7c8ec161 From "buqtraq": avoid file descriptor leak if service is looping. 1998-07-16 08:55:43 +00:00
thorpej 723fb3cccc Add support for specifying the send and receive socket buffer sizes. This 
is especially useful for TCP servers which must specify the receive
socket buffer size before the connection is made so that the connection's
window scale factor can be properly advertised.

Example /etc/inetd.conf configuration line:

shell stream tcp,rcvbuf=1m nowait root /usr/libexec/rshd rshd

That line will cause the rshd to advertise a 1 megabyte window, which could
improve the performance of an rcp in some situations.
 1998-05-01 01:57:26 +00:00
mycroft b4d89784ef Reset the SIGPIPE handler to SIG_DFL after forking. 1998-03-21 06:25:37 +00:00
christos 9fab7a4ffa PR/4837: Jeff Thieleke: inetd does not compile without libwrap. 1998-01-20 16:44:22 +00:00
mycroft a88cef6970 Ignore SIGPIPE, which may be caused by non-forking internal TCP services if 
the remote side closes the connection before we answer.
 1997-12-04 06:39:02 +00:00
lukem a352e573d5 fix use of unix domain socketname length, and signal error if this 
is exceeded. from enami tsugutomo <enami@ba2.so-net.or.jp> [bin/3369]
 1997-10-17 13:53:30 +00:00
mycroft c5aacdd3b3 Don't sleep if we get EINTR from select(2) (e.g. because we got 
a SIGCHLD when something died).  From PR 4056, by David Holland.
 1997-10-08 07:15:59 +00:00
mrg 2d06dcebcd WARNS?=1 1997-10-05 16:40:24 +00:00
mrg 7d7091ccdd merge lite2 [actually, just update ucb sccs id's] 1997-10-05 16:16:10 +00:00
mycroft 52aae8dc8a Don't do libwrap checking for UDP services; they must do it internally on 
every packet to be correct.
 1997-04-20 22:04:59 +00:00