when looking for configured addresses.
This change is based upon the code from the submitter, and made
following changes:
- Exclude addresses assigned on interfaces which are down, like NetBSD
does.
- Exclude addresses assigned on interfaces which are ifdisabled.
PR: 190824
Submitted by: Justin McOmie
MFC after: 1 week
are unaware of RFC 3542 can construct control messages.
The kernel disallows mixing RFC 2292 behaviour with RFC 3542 behaviour.
Only sockets that have specifically been marked as using the RFC 2292
API can use RFC 2292 specific options. This is all good and well, but
libc itself seems inconsistent with this.
The root cause of this inconsistency seems to relate to the definitions
of IPV6_HOPOPTS and IPV6_DSTOPTS. They are defined in RFC 2292 and re-used
in RFC 3542, yet have distinct values in the kernel. It's for this reason
that the kernel also has definitions for IPV6_2292HOPOPTS and
IPV6_2292DSTOPTS. Not so in libc.
For example: some program calls inet6_option_init() (defined by RFC 2292)
with the RFC 2292 defined IPV6_HOPOPTS and IPV6_DSTOPTS. Before RFC 3542,
this was translated to values of 22 and 23 (resp.) The libc implementation
correctly checks that only options IPV6_HOPOPTS and IPV6_DSTOPTS are given
(as per RFC 2292) but since these defines have taken on the values defined
by RFC 3542 (values 49 and 50 resp,) rejects the correct option values
(22 and 23) passed said program and returns -1.
The precisie fix is to have inet6_option_init() and friends only accept the
RFC 2292 defined IPV6_HOPOPTS & IPV6_DSTOPTS, but that breaks other code
(like mld6query(8)), which seem to not be aware of RFC 3542 and how it
hi-jacked the option names. So the best fix is to accept the options from
both.
Obtained from: Juniper Networks, Inc.
MFC after: 1 week
The previous code failed to return an error condition when the whole input
was invalid due to improper handling of the sscanf return value. Actually,
this failure was properly being caught by a test in
tools/regression/lib/libc/net/test-ether.t but was not noticed because
these tests are never run. (On my way to fixing that ;-)
The fix applied here resembles the implementation of ether_line in NetBSD
modulo the setting of an errno value (which is not documented as an
expectation in the manpage anyway).
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.
A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.
Obtained from: Juniper Networks, Inc.
* The RFC says (in section 10.1) that only when extbuf is not NULL,
extlen shall be checked, so don't perform this check when NULL is
passed.
* socklen_t is unsigned, so checking extlen for less than zero is
not needed.
Submitted by: swildner@dragonflybsd.org
Reviewed by: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
Reviewed by: hrs
Obtained by: DragonFlyBSD
* Set errno to EAFNOSUPPORT if an address is provided which is neither
AF_INET nor AF_INET6.
* Don't modify the arguments.
* Don't smash the stack when provided with a non-zero port.
* Handle the case correctly where the first address provided is
an IPv6 address.
MFC after: 3 days
This change avoids undesirably passing some internal file descriptors to a
process created (fork+exec) by another thread.
Kernel support for SOCK_CLOEXEC was added in r248534, March 19, 2013.
Per the NetBSD Foundation statement
Third parties are encouraged to change the license on any files which
have a 4-clause license contributed to the NetBSD Foundation to a
2-clause license.
It is almost always a bug if nscd closes the connection unexpectedly but
programs should not be killed with SIGPIPE for it.
Reviewed by: bushman
Tested by: Jan Beich
MFC after: 1 week
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.
I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.
MFC after: 1 month
conditional code parts not used by or applicable to FreeBSD.
The new implementation is supposed to be able to cope with changes to
the 'l' versions of the msghdr structs now used as well as to if_data
allowing future changes without breaking things.
This restores carp(4) config support in HEAD after r231504.
Reviewed by: glebius, brooks
MFC After: 3 months
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.
This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
* Decouple the path supervision using a separate HB timer per path.
* Add support for potentially failed state.
* Bring back RTO.min to 1 second.
* Accept packets on IP-addresses already announced via an ASCONF
* While there: do some cleanups.
Approved by: re@
MFC after: 2 months.
* Cleanup usage of iov's.
* Add support for SCTP_TIMEOUTS socketoption.
* Fix a bug in sctp_recvmsg(): return the msg_flags in case of an error.
* Fix a bug in the error handling of sctp_peeloff(): return the -1.
have to return ERANGE and terminate with NS_RETURN.
- When gethostbyname_r(3) and the friends end with an error,
set errno to the value nss backend returns, and return errno
value.
PR: kern/131623
MFC after: 2 weeks
