check the domain-name parameter according to the rules for "search"
strings as documented in resolv.conf(5). Specifically, the string must
be no more than 256 bytes long and contain no more than six valid domain
names separated by white space.
The previous unchecked values could result in a mangled resolv.conf
file which could effectively deny access to local sites. This is not
a security issue as rogue dhcp servers could already do this without
sending invalid strings.
Reviewed by: cperciva
MFC After: 3 days
device be created read+write, check to see if the backing store is read only
through the use of the access(2) system call. If this check fails returning
EACCES, EPERM or EROFS then gracefully downgrade the access to read only. Also
print a warning message to stderr, informing the user that the access mode
they requested is not available.
This behavior used to be handled by md(4) but was changed in revision 1.154
Discussed with: pjd, phk, Dario Freni <saturnero at freesbie dot org>
Reviewed by: phk
serves no apparent purpose (we commented this out ages ago in the ISC
scripts) and cases problems with some ADSL setups.
Reported by: Rostislav Krasny <rosti dot bsd at gmail dot com>
/boot.config or on the "boot:" prompt line via a "-S<speed>" flag,
e.g. "-h -S19200". This adds about 50 bytes to the size of boot2
and required a few other small changes to limit the size impact.
This changes only affects boot2; there are further loader changes
to follow.
example on how to obtain information on devices on an ata channel.
PR: 84676
Submitted by: Kevin Oberman <oberman@es.net>
Jeremie Le Hen <jeremie@le-hen.org>
MFC after: 3 days
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.
PR: bin/82625
Submitted by: Chris Hellberg <chellberg juniper.net> (with some cleanups)
to take into account the new default of starting the first partition
after the boot blocks instead of at sector 0. If you used automatic
sizing when the first partition did not start at 0, you would get
an error that the automatically sized partition extended beyond the
end of the disk.
Note that there are probably still many more complex cases where
automatic sizing and placement will not work (e.g. non-contiguous
or out of order partitions).
ignore "no such file" errors only, which I wanted to do.
Because of this I ignored all other errors on dlopen(3) failure as well,
which isn't good.
Fix this situation by calling access(2) on library file first and ignore
only ENOENT error. This allows to report all the rest of dlopen(3) errors.
MFC after: 3 days
metadata is equal to -1. if we then wanted to attach provider (or change
keys) and forget about '-p' flag it failed on assertion (quite ok, without
assertion it could call PKCS#5v2 with 4294967295 iterations).
Instead of failing on assertion, remind about '-p' flag.
MFC after: 3 days
* Correct handling of IPv6 Extension Headers.
* Add unreach6 code.
* Add logging for IPv6.
Submitted by: sysctl handling derived from patch from ume needed for ip6fw
Obtained from: is_icmp6_query and send_reject6 derived from similar
functions of netinet6,ip6fw
Reviewed by: ume, gnn; silence on ipfw@
Test setup provided by: CK Software GmbH
MFC after: 6 days
capture. Zero length captures caused an infinte loop and short captures
probably caused memory corruption and a crash.
Reported by: many
MFC After: 3 days
accept NUL-terminated strings as required by RFC 2132.
This solution is not perfect as it removes the ability to send
NUL-terminated host-name options which may be required by some broken
servers. Given the current lack of an existance proof of such servers
and the fact that servers that send NUL-terminated domain names do
exist, this seems like an acceptable compromise. A discussion of these
issues can be found at:
http://marc.theaimsgroup.com/?l=dhcp-client&m=96837107208382&w=2
PR: bin/83468
Reported by: Sean Winn <sean at gothic dot net dot au>
MFC-after: 3 days
print potentially sensitive keying material to stdout. With the new
802.11 support, ifconfig(8) is now capable of printing 802.11 keys,
and did by default for the root user, which is undesirable in some
environments. Now it will not print keying material unless requested
(and available to the user).
MFC after: 1 week
from this socket
* Enable non-blocking I/O on devd.pipe to keep clients from wedging devd.
If a write(2) on devd.pipe would block, the client in question will be
removed [1]
Requested by: rwatson [1]
Approved by: imp
Change communication protocol to be much more resistant on network
problems and to allow for much better performance.
Better performance is achieved by creating two connections between
ggatec and ggated one for sending the data and one for receiving it.
Every connection is handled by separeted thread, so there is no more
synchronous data flow (send and wait for response), now one threads
sends all requests and another receives the data.
Use two threads in ggatec(8):
- sendtd, which takes I/O requests from the kernel and sends them to the
ggated daemon on the other end;
- recvtd, which waits for ggated responses and forwards them to the kernel.
Use three threads in ggated(8):
- recvtd, which waits for I/O requests and puts them onto incoming queue;
- disktd, which takes requests from the incoming queue, does disk operations
and puts finished requests onto outgoing queue;
- sendtd, which takes finished requests from the outgoing queue and sends
responses back to ggatec.
Because there were major changes in communication protocol, there is no
backward compatibility, from now on, both client and server has to run
on 5.x or 6.x (or at least ggated should be from the same FreeBSD version
on which ggatec is running).
For Gbit networks some buffers need to be increased. I use those settings:
kern.ipc.maxsockbuf=16777216
net.inet.tcp.sendspace=8388608
net.inet.tcp.recvspace=8388608
and I use '-S 4194304 -R 4194304' options for both, ggatec and ggated.
Approved by: re (scottl)
include a space seperated list of domains instead of the domain of the
host. This is supported on too many platforms to break for now so,
remove validation of this option for the moment.
The correct solution longer term is to implement RFC 3397 support and
then treat domain-name options containing space seperated lists of
domains as domain-search options for backwards compatability.
Approved by: re (dhclient blanket)
