|
Revision tags: release/14.0.0 |
|
| #
b3e76948 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
| #
476babae |
| 02-May-2023 |
Kristof Provost <kp@FreeBSD.org> |
rtsol: introduce an 'always' script
In addition to the 'M' and 'O' scripts (for when 'Managed' and 'Other'
flags are set) also introduce an 'always' script that is called for any
router advertisemen
rtsol: introduce an 'always' script
In addition to the 'M' and 'O' scripts (for when 'Managed' and 'Other'
flags are set) also introduce an 'always' script that is called for any
router advertisement (so even if M and O are not set).
This is primarly useful for systems like pfSense that wish to be
informed of routers for further system configuration.
See also https://redmine.pfsense.org/issues/14072
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39931
show more ...
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0 |
|
| #
02508a3d |
| 14-Aug-2021 |
Franco Fitchner <franco@opnsense.org> |
rtsold: pass sending router address to other and managed script
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31518
|
|
Revision tags: release/13.0.0 |
|
| #
1af332a7 |
| 21-Mar-2021 |
Mark Johnston <markj@FreeBSD.org> |
rtsold: Fix validation of RDNSS options
The header specifies the size of the option in multiples of eight bytes.
The option consists of an eight-byte header followed by one or more IPv6
addresses, s
rtsold: Fix validation of RDNSS options
The header specifies the size of the option in multiples of eight bytes.
The option consists of an eight-byte header followed by one or more IPv6
addresses, so the option is invalid if the size is not equal to 1+2n for
some n>0. Check this.
The bug can cause random stack data to be formatted as an IPv6 address
and passed to resolvconf(8), but a host able to trigger the bug may also
specify arbitrary addresses this way.
Reported by: Q C <cq674350529@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
show more ...
|
| #
f2fb8af1 |
| 01-Dec-2020 |
Mark Johnston <markj@FreeBSD.org> |
rtsold: Fix multiple buffer overflows
Approved by: so
Security: CVE-2020-25577
MFC after: now
|
|
Revision tags: release/12.2.0 |
|
| #
e2515283 |
| 27-Aug-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
60e7f669 |
| 25-Aug-2020 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
rtsol(d): add script for "M bit"
While we do support the "O bit" running a script (usually to start a
dhcpv6 client) we have no options for setups which set the "M bit" for,
e.g., static address ass
rtsol(d): add script for "M bit"
While we do support the "O bit" running a script (usually to start a
dhcpv6 client) we have no options for setups which set the "M bit" for,
e.g., static address assignment as in EC2.
Duplicate most of the "O bit" logic to also start a script for the
"M bit" with the one difference: if the "M bit" is set we will not
start the script for the "O bit" as well (per RFC 4861, Section 4.2).
Reviewed by: hrs, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26099
show more ...
|
|
Revision tags: release/11.4.0, release/12.1.0, release/11.3.0 |
|
| #
04e9edb5 |
| 05-Jan-2019 |
Mark Johnston <markj@FreeBSD.org> |
Capsicumize rtsol(8) and rtsold(8).
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for
Capsicumize rtsol(8) and rtsold(8).
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for sandboxing.
The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox. In particular, several custom services
were required.
- A Casper service is used to send Router Solicitation messages on a
raw ICMP6 socket. Initially I took the approach of creating a
socket for each interface upon startup, and connect(2)ing it to
the all-routers multicast group for the interface. This permits
the use of sendmsg(2) in capability mode, but only works if the
interface's link is up when rtsol(d) starts. So, instead, the
rtsold.sendmsg service is used to transmit RS messages on behalf
of the main process. One could alternately define a service
which simply creates and connects a socket for each destination
address, and returns the socket to the sandboxed process. However,
to implement rtsold's -m option we also need to read the ND6 default
router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
options in received RA messages. A Casper service is used to
fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
link-local address is useable (i.e., not duplicated or undergoing
DAD). This information is supplied by getifaddrs(3), which reads
a sysctl not available in capability mode. The SIOCGIFCONF socket
ioctl provides equivalent information and can be used in capability
mode, but I decided against it for now because of some limitations
of that interface.
In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.
Reviewed by: oshogbo
Tested by: bz (previous versions)
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17572
show more ...
|
|
Revision tags: release/12.0.0 |
|
| #
fda9adaf |
| 27-Oct-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r339670 through r339812.
|
| #
2b2135b8 |
| 25-Oct-2018 |
Mark Johnston <markj@FreeBSD.org> |
Minor style fixes around script execution.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
|
| #
c6879c6c |
| 23-Oct-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r339015 through r339669.
|
| #
618703b5 |
| 20-Oct-2018 |
Mark Johnston <markj@FreeBSD.org> |
Fix a dead store.
We would fail to clear DNS search list configuration if a router
stopped specifying the DNSSL RA option. I suspect that the bug
was mostly harmless, as the RDNSS and DNSSL options
Fix a dead store.
We would fail to clear DNS search list configuration if a router
stopped specifying the DNSSL RA option. I suspect that the bug
was mostly harmless, as the RDNSS and DNSSL options are typically used
together and omitting the RDNSS option would have the same effect.
CID: 1006219
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/11.2.0 |
|
| #
82725ba9 |
| 23-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r325999 through r326131.
|
| #
8a16b7a1 |
| 20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier f
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
242b2482 |
| 09-Oct-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r306412 through r306905.
|
| #
5c3f6d49 |
| 02-Oct-2016 |
Mark Johnston <markj@FreeBSD.org> |
rtsold: Log messages about unexpected RAs at LOG_DEBUG.
Because rtsold listens for RAs on a raw socket, it may receive RAs from
interfaces that it does not manage. Such events can result in excessiv
rtsold: Log messages about unexpected RAs at LOG_DEBUG.
Because rtsold listens for RAs on a raw socket, it may receive RAs from
interfaces that it does not manage. Such events can result in excessive
logging.
Submitted by: Franco Fichtner <franco@opnsense.org>
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8108
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0 |
|
| #
9268022b |
| 19-Nov-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge from head@274682
|
|
Revision tags: release/10.1.0 |
|
| #
5c9ef378 |
| 04-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Sync to HEAD@r274095.
|
| #
2a382033 |
| 14-Oct-2014 |
Glen Barber <gjb@FreeBSD.org> |
Reintegrate head@r273095
Sponsored by: The FreeBSD Foundation
|
| #
f1a52b69 |
| 14-Oct-2014 |
Neel Natu <neel@FreeBSD.org> |
IFC @r273066
|
| #
e58fde50 |
| 11-Oct-2014 |
Hiroki Sato <hrs@FreeBSD.org> |
Fix buffer overrun.
MFC after: 1 day
|
|
Revision tags: release/9.3.0, release/10.0.0 |
|
| #
0bfd163f |
| 18-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r233826 through r256722.
|
| #
1ccca3b5 |
| 10-Oct-2013 |
Alan Somers <asomers@FreeBSD.org> |
IFC @256277
Approved by: ken (mentor)
|
|
Revision tags: release/9.2.0 |
|
| #
ef90af83 |
| 20-Sep-2013 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r255692
Comment out IA32_MISC_ENABLE MSR access - this doesn't exist on AMD.
Need to sort out how arch-specific MSRs will be handled.
|
| #
d1d01586 |
| 05-Sep-2013 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge from head
|