Commit Graph

690 Commits

Author SHA1 Message Date
Julian Elischer
072a289aa4 back out a part of the previous patch that garrett objected to.. 1996-08-19 18:52:49 +00:00
Julian Elischer
aa648cf84b Submitted by: Archie@whistle.com
if making a interface route, and it's a P2P link,
then also automatically lable it as an llinfo entry so that
gated and friends don't clobber it..
1996-08-13 22:20:20 +00:00
Paul Traina
978eb210d1 Completely rewrite handling of protocol field for firewalls, things are
now completely consistent across all IP protocols and should be quite a
bit faster.

Use getprotoname() extensively, performed minor cleanups of admin utility.
The admin utility could use a good kick in the pants.

Basicly, these were the minimal changes I could make to the code
to get it up to tollerable shape.  There will be some future commits
to clean up the basic architecture of the firewall code, and if
I'm feeling ambitious, I may pull in changes like NAT from Linux
and make the firewall hooks comletely generic so that a user can
either load the ipfw module or the ipfilter module (cf Darren Reed).

Discussed with: fenner & alex
1996-08-13 19:43:24 +00:00
Paul Traina
d026a5d864 Attempt to unlink any stale .o files before relocating code.
Abort if a file is still present, and make output file mode 0600.

Reviewed by:	bde
1996-08-13 00:50:59 +00:00
Paul Traina
4e4413decd Cover a potential buffer overrun problem 1996-08-13 00:43:01 +00:00
Paul Traina
73e3fe9132 Fix tcp/udp port ranges 1996-08-13 00:41:05 +00:00
Julian Elischer
914b41c2dc Reviewed by: julian
Submitted by:	archie@whistle.com

This patch allows true interface routing to be controlled
from the command line..
you can now do:
route add default -interface ppp0
even if you have no clue what the address at the other end is..

this is part of a set of changes that allow true "unnumbered links"
such as netcom run between their sites..
In practice you should assign the address from one of your ethernet
interfaces to the local side of the P2P link so that IP doesn't
say that the packet comes from 255.255.255.255, but
there is no need whatsoever to assign an address of any kind
to the remote end of the link.. useful for frame relay links etc also.
1996-08-09 22:52:02 +00:00
Julian Elischer
5a5711612a add nextboot by default
its's proven to be quite reliable.
1996-08-09 22:44:55 +00:00
Julian Elischer
e05835cfc7 slight man page additions re: deficiencies 1996-08-09 22:41:57 +00:00
Bill Fenner
f1284d7a51 Drop setuid ASAP, to minimize code executed as root.
Reviewed by:	pst
1996-08-09 06:00:53 +00:00
Julian Elischer
ed7e548bf3 Submitted by: archie@whistle.com
slight cleanups
1996-08-07 00:39:41 +00:00
Alexander Langer
593f7481aa Filter by IP protocol.
Submitted by: fenner (with modifications by me)

Bring in the interface unit wildcard flag fix from rev 1.15.4.8.
1996-08-05 02:38:51 +00:00
Mark Murray
c76c299053 Add relevant files to the FILES section
Submitted by:	Julian H Stacey
1996-08-03 19:13:35 +00:00
Bruce Evans
6ee990e0d5 Document that the major and minor numbers are parsed by strtoul(). 1996-07-30 17:44:36 +00:00
Bruce Evans
7c9e694fa7 Use strtoul() more carefully.
Check that the major and minor are valid.

Don't print `.' at the end of error messages.

Fixed all warnings from "cc -Wall".
1996-07-30 17:43:21 +00:00
Peter Wemm
efa3853949 Limit the risk of `buf' overrun in ping.c when printing hostnames.
Note, this is not really a security risk, because the buffer in question
is a static variable in the data segment and not on the stack, and hence
cannot subert the flow of execution in any way.  About the worst case was
that if you pinged a long hostname, ping could coredump.

Pointed out on: bugtraq  (listserv@netspace.org)
1996-07-28 20:29:10 +00:00
Joerg Wunsch
ce6bb53745 Finally use strtoul() to convert the major an minor numbers, so
proper error-checking can be done, and octal and hexadecimal
numbers are allowed.
1996-07-27 17:24:55 +00:00
Julian Elischer
e56dd1bb4f Submitted by: archie@whistle.com
slight cleanups on yesterday's patches
1996-07-23 22:00:14 +00:00
Jordan K. Hubbard
1eb5b41ec8 When running 'rrestore foo', you get a segmentation fault because
the obsolete() function to convert dump-style args to getopt-style
args doesn't check to see that 'f' really has an argument following
the option string in argv[1].

Submitted-By: jmacd
1996-07-23 19:33:44 +00:00
Peter Wemm
9622579d80 mount_ext2fs somehow got a stray mntopts.h, which was out of sync with
the real ../mount/getmntopts.c and ../mount/mntopts.h
Closes PR#1419

Submitted by: rhh@stealth.ct.picker.com (Randall Hopper)
1996-07-23 19:29:27 +00:00
Julian Elischer
3a67d2bc37 Submitted by: archie@whistle.com
appletalk cleanups
1996-07-23 01:18:47 +00:00
Jordan K. Hubbard
a257a45ecd I have added a new option -p to the mount command. This was
inspired by SunOS version of mount which uses option -p to
indicate that the mount information should be printed in fstab
format.
This is a neat way to create a new fstab file to use later when
one has modified the mount points or mount options or added or
removed mount some mount points. You just type

	mount -p > /etc/fstab.new

and there is your new fstab file ready to be used though you
will of course have to add any necessary noauto flags manually.

[Committers note:  This also seems to do the wrong thing for AMD
 mounts, but in the more average case this is a nifty feature nonetheless
 and one can always edit the bogus entries out]

Submitted-By: Jukka Ukkonen <jau@jau.csc.fi>
1996-07-21 23:34:04 +00:00
Alexander Langer
c6c1bba8d4 Grammar fix described by wollman in response to PR 1363. 1996-07-14 17:51:08 +00:00
Jordan K. Hubbard
526195ad0d General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 19:08:36 +00:00
Julian Elischer
93e0e11657 Adding changes to ipfw and the kernel to support ip packet diversion..
This stuff should not be too destructive if the IPDIVERT is not compiled in..
 be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
1996-07-10 19:44:30 +00:00
Nate Williams
265c33c027 Now that we have a manpage, don't have the 'clean' target be a NO-OP. 1996-07-10 18:36:41 +00:00
Julian Elischer
144b35344c changes to allow route to manipulate appletalk routes. 1996-07-09 19:02:28 +00:00
Julian Elischer
e05f2836d9 Submitted by: Archie@whistle.com
Obtained from: Whistle Communications
patches to allow ifconfig to work with appletalk addresses etc.
1996-07-09 02:38:13 +00:00
Julian Elischer
7fa6a28f66 oops, make the magic number match that used in the bootblock..
I guess we should have a single place for this??
1996-07-09 02:10:16 +00:00
Julian Elischer
dc8b29f140 Obtained from: Whistle Communications
control program to control the facility of the bootblocks
to fetch a default bootstring from a fixed location on the disk.

See the manpage for more info.
1996-07-09 02:04:32 +00:00
Wolfram Schneider
b23472acb2 Document that suid wrapper like suidperl(1) break option 'nosuid'. 1996-07-02 23:18:38 +00:00
Alexander Langer
f8cc1596e7 Correct definition of 'established' keyword. 1996-07-02 00:29:22 +00:00
Alexander Langer
97842144e3 Formatting fixes for 'in' and 'out' while listing.
Prevent ALL protocol from being used with port specifications.

Allow 'via' keyword at any point in the options list.  Disallow
multiple 'via' specifications.
1996-06-29 01:28:19 +00:00
Alexander Langer
700061451a Fix port specification syntax.
Submitted by:	nate
1996-06-29 01:21:07 +00:00
Alexander Langer
c06c129887 Fix address mask calculation when using ':' syntax. Allow a mask
of /0 to have the desired effect.  Normalize IP addresses that
won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24).
Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za>

Code formatting and "frag" display fixes.
1996-06-23 20:47:51 +00:00
Peter Wemm
7976d4aa4f Fix a couple of bogus casts to off_t that caused dumpfs to lseek negative
on filesystems > 2GB (which causes the disk slice code to call Debugger!!)
1996-06-23 00:05:04 +00:00
Alexander Langer
4be1e61baf Code clean up. Prototypes, parentheses around assignments used in
if statements, #if 0 some unused code, use off_t in calls to read/
write_disk, fix a printf format, remove unused variables, and
#include necessary files.
1996-06-21 02:39:19 +00:00
Alexander Langer
b7a8c0221f Add #include <err.h>. 1996-06-19 01:49:01 +00:00
Alexander Langer
2a7a2545a4 Set the program name before trying to use it.
Found by: Aage Robekk <aagero@aage.priv.no>
1996-06-18 01:46:34 +00:00
Bruce Evans
43be698cb6 Moved initialization of defaults for the label for the whole disk from
disklabel(8) to the kernel (dsopen()).  Drivers should initialize the
hardware values (rpm, interleave, skews).  Drivers currently don't do
this, but it usually doesn't matter since rotational position stuff is
normally disabled.
1996-06-17 14:43:54 +00:00
Alexander Langer
a85b3068a1 Fix a typo in the view accounting records example. 1996-06-15 23:01:44 +00:00
Alexander Langer
3f21e4122d Bring the man page more into line with reality. 1996-06-15 01:38:51 +00:00
Satoshi Asami
4924f5c24f Our kernel is not called /netbsd. ;)
Submitted by:	"Philippe Charnier" <charnier@lirmm.fr>
1996-06-14 10:51:47 +00:00
Alexander Langer
b55b9e3f1d Big sweep over ipfw, picking up where Poul left off:
- Filter based on ICMP types.
  - Accept interface wildcards (e.g. ppp*).
  - Resolve service names with the -N option.
  - Accept host names in 'from' and 'to' specifications
  - Display chain entry time stamps with the -t option.
  - Added URG to tcpflags.
  - Print usage if an unknown tcpflag is used.
  - Ability to zero individual accounting entries.
  - Clarify usage of port ranges.
  - Misc code cleanup.

Closes PRs: 1193, 1220, and 1266.
1996-06-09 23:46:22 +00:00
Andrey A. Chernov
9b273b7f01 Return make_union, s-bit removed 1996-05-19 17:24:10 +00:00
Paul Traina
b667dc9a51 Disable setuid permission for mount_union(1).
This covers the security problem descibed in SA-96:10 and Jeff says that
when we upgrade to Lite2 (which fixes this problem), mount no longer needs
to be setuid, so we'll never be going back.

Submitted by:	hsu
Reviewed by:    pst
1996-05-17 22:46:01 +00:00
Jordan K. Hubbard
bf8788a4bd Large security hole in mount_union, the underlying filesystem for which doesn't
even work.  Until pst wakes up, best action deemed to be the simple disabling
of this command.
1996-05-17 08:48:50 +00:00
Garrett Wollman
0d0a40202c Accept mount(8)'s calling convention of passing just the filesystem type
as argv[0].
1996-05-14 15:16:49 +00:00
Garrett Wollman
ae387fc9af One program I missed in removing MOUNT_* constants. 1996-05-13 17:56:34 +00:00
Garrett Wollman
5e074e31a2 Get rid of the last vestiges of the old MOUNT_* constants in the
mount_* programs.  While we're at it, collapse the four now-identical
mount programs for devfs, fdesc, kernfs, and procfs into links to
a new mount_std(8) which can mount any really generic filesystem
such as these when called with the appropriate argv[0].

Also, convert the mount programs to use sysexits.h.
1996-05-13 17:43:19 +00:00