Commit Graph

22 Commits

Author SHA1 Message Date
Mark Johnston
04e9edb544 Capsicumize rtsol(8) and rtsold(8).
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code.  Thus, they
are good candidates for sandboxing.

The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox.  In particular, several custom services
were required.

- A Casper service is used to send Router Solicitation messages on a
  raw ICMP6 socket.  Initially I took the approach of creating a
  socket for each interface upon startup, and connect(2)ing it to
  the all-routers multicast group for the interface.  This permits
  the use of sendmsg(2) in capability mode, but only works if the
  interface's link is up when rtsol(d) starts.  So, instead, the
  rtsold.sendmsg service is used to transmit RS messages on behalf
  of the main process.  One could alternately define a service
  which simply creates and connects a socket for each destination
  address, and returns the socket to the sandboxed process.  However,
  to implement rtsold's -m option we also need to read the ND6 default
  router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
  options in received RA messages.  A Casper service is used to
  fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
  link-local address is useable (i.e., not duplicated or undergoing
  DAD).  This information is supplied by getifaddrs(3), which reads
  a sysctl not available in capability mode.  The SIOCGIFCONF socket
  ioctl provides equivalent information and can be used in capability
  mode, but I decided against it for now because of some limitations
  of that interface.

In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.

Reviewed by:	oshogbo
Tested by:	bz (previous versions)
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17572
2019-01-05 16:05:39 +00:00
Enji Cooper
22289a8c3d sbin: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:33:01 +00:00
Glen Barber
7de1daeb93 Create packages for atm, ccdconfig, devd, ipf, ipfw,
iscsi, natd, nandfs, pf, quotacheck, and routed.

Add ping6 and rtsol to the runtime package.

Sponsored by:	The FreeBSD Foundation
2016-02-09 19:30:31 +00:00
Xin LI
56160b2e67 Now that we own the code, use arc4random(3) unconditionally
and remove the corresponding HAVE_ARC4RANDOM conditions.

MFC after:	2 weeks
2015-10-06 23:42:58 +00:00
Hiroki Sato
f74237f5b6 - Remove #ifdef HAVE_POLL_H.
- Use nitems().

MFC after:	3 days
2015-09-10 06:40:28 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Kenneth D. Merry
b4775b4c1d Add dump.c to the rtsol build. It is needed now that sec2str is non-static
and used in rtsold.c.
2011-06-08 21:59:07 +00:00
Ulrich Spörlein
bd2c49af72 rtsol(8)/rtsold(8): make WARNS=3 clean
It is actually WARNS=6 clean for non-strict alignment archs.

Approved by:	ed (co-mentor)
2010-02-27 10:19:39 +00:00
Yaroslav Tykhiy
06cced4cce Add eye candy while I'm here: a blank line between
the license and the $FreeBSD$ line.
2006-07-27 18:28:14 +00:00
Yaroslav Tykhiy
b4a2047ac8 INET6 has no effect on rtsol, it's an IPv6-only tool with its
code independent of the macro.  This utility is just omitted
from the build as a whole by ../Makefile if MK_INET6 is set to false.

Pointed out by:	ume
Tested with:	cmp(1)
2006-07-27 17:56:57 +00:00
Yaroslav Tykhiy
491bafe5c6 Obey MK_INET6_SUPPORT.
This is also a good chance to apply style.Makefile(5) in some cases.
2006-07-27 13:26:29 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Hajimu UMEMOTO
5538fd1e35 -DSMALL will remove the need of dump.c (for rtsol)
Obtained from:	KAME
2004-01-14 17:59:38 +00:00
Hajimu UMEMOTO
9c6c20e632 use arc4random.
MFC after:	3 days
2003-08-22 18:59:55 +00:00
Hajimu UMEMOTO
5c706347d5 support poll(2).
Obtained from:	KAME
MFC after:	1 week
2003-08-14 18:43:57 +00:00
David E. O'Brien
2d68bf45bf Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Kris Kennaway
2dd1ffc97d Correct style bugs in previous commit 2000-07-06 01:55:21 +00:00
Kris Kennaway
9c5fbccb11 Sync with KAME
Obtained from:	KAME
2000-07-05 09:48:43 +00:00
Yoshinobu Inoue
7d56d3747c Getaddrinfo(), getnameinfo(), and etc support in libc/net.
Several udp and raw apps IPv6 support.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-12-28 02:37:14 +00:00