Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
- Only #include tcpd.h when LIBWRAP is true to avoid header include errors
- Only define whichaf when LIBWRAP is true to avoid -Wunused warning and
to avoid issues with structs being defined that should only be defined
when tcpd.h is included.
MFC after: 2 weeks
X-MFC with: r312105
Pointyhat to: ngie
Reported by: gcc tinderbox
Sponsored by: Dell EMC Isilon
This will allow inetd to stand by itself without libwrap.
MFC after: 2 weeks
Relnotes: yes
Reviewed by: hrs (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D9056
- Use NI_MAXHOST-long buffer for getnameinfo().
Although INET6_ADDRSTRLEN was designed to hold the longest
IPv6 address in IPv4-mapped address format a long time ago,
getnameinfo() can return scope identifier in addition to it.
MFC after: 1 day
in -a flag.
- Fix a bug that sockaddr_in was used where sockaddr_in6 should have
been used. This was not actually harmful because offsetof(struct
sockaddr_in, sin_port) is equal to offsetof(struct sockaddr_in6,
sin6_port).
MFC after: 1 day
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.
No objections from: net@
clock. In general, gettimeofday() is not appropriate interface
when accounting for elasped time because it can go backward, in
which case the policy code could errornously consider the limit
as exceeded.
MFC after: 1 week
Reported by: Mahesh Arumugam
Submitted by: Dorr H. Clark via gnn
Sponsored by: Citrix / NetScaler
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.
This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month
sockets. Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.
PR: 109315
MFC after: 2 weeks
Tested-by: Aragon Gouveia <aragon@phat.za.net>
exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.
PR: 60806
Submitted by: Jeff Ito <jeffi@rcn.com>
MFC after: 2 weeks
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.
PR: 54354
Submitted by: Claus Assmann <ca@sendmail.org>
Submitted by: Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after: 5 days
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.
PR: 47694
Submitted by: Max Okumoto <okumoto@ucsd.edu>
Obtained from: NetBSD
MFC after: 2 weeks
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.
PR: 46845
Reviewed by: David Wang <dsw@juniper.net>
MFC after: 2 weeks
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class. We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.
Pointed out by: kuriyama, max
with a class, rather than all aspects of the class when switching
classes for an inetd service. Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future. This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.
A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.
Reviewed by: ache
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
declared - it was bad style and caused a bug. v[46]bind need to be
reset whenever we go to the "more:" label.
Jean-Luc and I came up with this patch independently, so it had
better be right!
PR: 40771
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
invocations of each service from a single IP address.
Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks
