recv() and send()'s calls to recvfrom() and sendto() are much like
waitpid()'s call to wait4(), and likewise need not allow PLT interposing on
the called function.
On FreeBSD socklen_t is unsigned so the check negative len
in inet6_opt_append() is redundant and likely to be optimized
away by the compiler.
On other operating systems this is not necessarily so, and
in the future we may want to sign it so leave the check in
but place it in a secondary position as a subtle indication
that the bogus check is intentional.
Discussed with: rpaulo
CID: 1017783
b64_pton would sometimes erroneously fail to decode a base64 string into
a precisely sized buffer. The overflow check was a little too greedy.
Reported by: Ted Unangst on freebsd-hackers@
Reviewed by: loos, trasz
Obtained from: OpenBSD
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D1218
getgroupmembership() from invoking the correct backend in the compat case.
Replace it with a nesting depth counter so it only blocks one level (the
first is the group -> group_compat translation, the second is the actual
backend). This is one of two bugs that break getgrouplist() in the compat
case, the second being that the backend's own getgroupmembership() method
is ignored. Unfortunately, that is not easily fixable without a redesign
of our nss implementation (which is also needed to implement the +@group
syntax in /etc/passwd).
PR: 190055
MFC after: 1 week
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.
No objections from: net@
NSS configuration state.
As a side effect, this fixes a race condition which can occur if multiple
threads call nsdispatch(3) concurrently before nsswitch.conf has been
parsed. Previously, the thread holding conf_lock could cause other threads
to return from nss_configure() before nsswitch.conf had been parsed, forcing
them to fall back to the default sources for their NSS methods.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D994
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
socket options. This includes managing the correspoing stat counters.
Add the SCTP_DETAILED_STR_STATS kernel option to control per policy
counters on every stream. The default is off and only an aggregated
counter is available. This is sufficient for the RTCWeb usecase.
MFC after: 1 week
NRSACK extension. The default will still be off, since it
it not an RFC (yet).
Changing the sysctl name will be in a separate commit.
MFC after: 1 week
option for controlling ECN on future associations and get the
status on current associations.
A simialar pattern will be used for controlling SCTP extensions in
upcoming commits.
Ensure that lex errors fail the build instead of being silently ignored
due to the piped call. Also postpone the update of the nslexer.c file
until we are sure we have generated it properly.
These changes fix some very obscure build failures I encountered while
building FreeBSD within a chroot that did not have devfs mounted. The
specific errors looked like:
.../libc.so.7: undefined reference to `_nsyyerror'
.../libc.so.7: undefined reference to `_nsyyin'
.../libc.so.7: undefined reference to `_nsyylex'
.../libc.so.7: undefined reference to `_nsyylineno'
.../libc.so.7: undefined reference to `_nsyytext'
and were caused due to a mangled nslexer.c being linked into libc.
- style(9)
TODO: When AI_ADDRCONFIG is specified, getaddrinfo() can
be quite slow for system with many interfaces. We should
have some kernel sysctls to report IPv4/IPv6 status.
Spotted by: melifaro
MFC after: 1 week
when looking for configured addresses.
This change is based upon the code from the submitter, and made
following changes:
- Exclude addresses assigned on interfaces which are down, like NetBSD
does.
- Exclude addresses assigned on interfaces which are ifdisabled.
PR: 190824
Submitted by: Justin McOmie
MFC after: 1 week
are unaware of RFC 3542 can construct control messages.
The kernel disallows mixing RFC 2292 behaviour with RFC 3542 behaviour.
Only sockets that have specifically been marked as using the RFC 2292
API can use RFC 2292 specific options. This is all good and well, but
libc itself seems inconsistent with this.
The root cause of this inconsistency seems to relate to the definitions
of IPV6_HOPOPTS and IPV6_DSTOPTS. They are defined in RFC 2292 and re-used
in RFC 3542, yet have distinct values in the kernel. It's for this reason
that the kernel also has definitions for IPV6_2292HOPOPTS and
IPV6_2292DSTOPTS. Not so in libc.
For example: some program calls inet6_option_init() (defined by RFC 2292)
with the RFC 2292 defined IPV6_HOPOPTS and IPV6_DSTOPTS. Before RFC 3542,
this was translated to values of 22 and 23 (resp.) The libc implementation
correctly checks that only options IPV6_HOPOPTS and IPV6_DSTOPTS are given
(as per RFC 2292) but since these defines have taken on the values defined
by RFC 3542 (values 49 and 50 resp,) rejects the correct option values
(22 and 23) passed said program and returns -1.
The precisie fix is to have inet6_option_init() and friends only accept the
RFC 2292 defined IPV6_HOPOPTS & IPV6_DSTOPTS, but that breaks other code
(like mld6query(8)), which seem to not be aware of RFC 3542 and how it
hi-jacked the option names. So the best fix is to accept the options from
both.
Obtained from: Juniper Networks, Inc.
MFC after: 1 week
The previous code failed to return an error condition when the whole input
was invalid due to improper handling of the sscanf return value. Actually,
this failure was properly being caught by a test in
tools/regression/lib/libc/net/test-ether.t but was not noticed because
these tests are never run. (On my way to fixing that ;-)
The fix applied here resembles the implementation of ether_line in NetBSD
modulo the setting of an errno value (which is not documented as an
expectation in the manpage anyway).
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.
A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.
Obtained from: Juniper Networks, Inc.
* The RFC says (in section 10.1) that only when extbuf is not NULL,
extlen shall be checked, so don't perform this check when NULL is
passed.
* socklen_t is unsigned, so checking extlen for less than zero is
not needed.
Submitted by: swildner@dragonflybsd.org
Reviewed by: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
Reviewed by: hrs
Obtained by: DragonFlyBSD
* Set errno to EAFNOSUPPORT if an address is provided which is neither
AF_INET nor AF_INET6.
* Don't modify the arguments.
* Don't smash the stack when provided with a non-zero port.
* Handle the case correctly where the first address provided is
an IPv6 address.
MFC after: 3 days
This change avoids undesirably passing some internal file descriptors to a
process created (fork+exec) by another thread.
Kernel support for SOCK_CLOEXEC was added in r248534, March 19, 2013.