Commit Graph

708 Commits

Author SHA1 Message Date
julian
521551a94c Submitted by: Archie@whistle.com
if making a interface route, and it's a P2P link,
then also automatically lable it as an llinfo entry so that
gated and friends don't clobber it..
1996-08-13 22:20:20 +00:00
pst
ec444da95f Completely rewrite handling of protocol field for firewalls, things are
now completely consistent across all IP protocols and should be quite a
bit faster.

Use getprotoname() extensively, performed minor cleanups of admin utility.
The admin utility could use a good kick in the pants.

Basicly, these were the minimal changes I could make to the code
to get it up to tollerable shape.  There will be some future commits
to clean up the basic architecture of the firewall code, and if
I'm feeling ambitious, I may pull in changes like NAT from Linux
and make the firewall hooks comletely generic so that a user can
either load the ipfw module or the ipfilter module (cf Darren Reed).

Discussed with: fenner & alex
1996-08-13 19:43:24 +00:00
pst
fb812b93df Attempt to unlink any stale .o files before relocating code.
Abort if a file is still present, and make output file mode 0600.

Reviewed by:	bde
1996-08-13 00:50:59 +00:00
pst
74116e670f Cover a potential buffer overrun problem 1996-08-13 00:43:01 +00:00
pst
bb31080cd1 Fix tcp/udp port ranges 1996-08-13 00:41:05 +00:00
julian
5d95b8a132 Reviewed by: julian
Submitted by:	archie@whistle.com

This patch allows true interface routing to be controlled
from the command line..
you can now do:
route add default -interface ppp0
even if you have no clue what the address at the other end is..

this is part of a set of changes that allow true "unnumbered links"
such as netcom run between their sites..
In practice you should assign the address from one of your ethernet
interfaces to the local side of the P2P link so that IP doesn't
say that the packet comes from 255.255.255.255, but
there is no need whatsoever to assign an address of any kind
to the remote end of the link.. useful for frame relay links etc also.
1996-08-09 22:52:02 +00:00
julian
43ca1b9897 add nextboot by default
its's proven to be quite reliable.
1996-08-09 22:44:55 +00:00
julian
d585897ef2 slight man page additions re: deficiencies 1996-08-09 22:41:57 +00:00
fenner
679c08513a Drop setuid ASAP, to minimize code executed as root.
Reviewed by:	pst
1996-08-09 06:00:53 +00:00
julian
dad27a6c10 Submitted by: archie@whistle.com
slight cleanups
1996-08-07 00:39:41 +00:00
alex
98e74c519a Filter by IP protocol.
Submitted by: fenner (with modifications by me)

Bring in the interface unit wildcard flag fix from rev 1.15.4.8.
1996-08-05 02:38:51 +00:00
markm
6be39a47d9 Add relevant files to the FILES section
Submitted by:	Julian H Stacey
1996-08-03 19:13:35 +00:00
bde
07baf622f9 Document that the major and minor numbers are parsed by strtoul(). 1996-07-30 17:44:36 +00:00
bde
5c5a23135a Use strtoul() more carefully.
Check that the major and minor are valid.

Don't print `.' at the end of error messages.

Fixed all warnings from "cc -Wall".
1996-07-30 17:43:21 +00:00
peter
ca46dbbc1c Limit the risk of `buf' overrun in ping.c when printing hostnames.
Note, this is not really a security risk, because the buffer in question
is a static variable in the data segment and not on the stack, and hence
cannot subert the flow of execution in any way.  About the worst case was
that if you pinged a long hostname, ping could coredump.

Pointed out on: bugtraq  (listserv@netspace.org)
1996-07-28 20:29:10 +00:00
joerg
2fbfe97775 Finally use strtoul() to convert the major an minor numbers, so
proper error-checking can be done, and octal and hexadecimal
numbers are allowed.
1996-07-27 17:24:55 +00:00
julian
16ad55d2ab Submitted by: archie@whistle.com
slight cleanups on yesterday's patches
1996-07-23 22:00:14 +00:00
jkh
404df68f16 When running 'rrestore foo', you get a segmentation fault because
the obsolete() function to convert dump-style args to getopt-style
args doesn't check to see that 'f' really has an argument following
the option string in argv[1].

Submitted-By: jmacd
1996-07-23 19:33:44 +00:00
peter
8159e5ab86 mount_ext2fs somehow got a stray mntopts.h, which was out of sync with
the real ../mount/getmntopts.c and ../mount/mntopts.h
Closes PR#1419

Submitted by: rhh@stealth.ct.picker.com (Randall Hopper)
1996-07-23 19:29:27 +00:00
julian
7805978130 Submitted by: archie@whistle.com
appletalk cleanups
1996-07-23 01:18:47 +00:00
jkh
c708506092 I have added a new option -p to the mount command. This was
inspired by SunOS version of mount which uses option -p to
indicate that the mount information should be printed in fstab
format.
This is a neat way to create a new fstab file to use later when
one has modified the mount points or mount options or added or
removed mount some mount points. You just type

	mount -p > /etc/fstab.new

and there is your new fstab file ready to be used though you
will of course have to add any necessary noauto flags manually.

[Committers note:  This also seems to do the wrong thing for AMD
 mounts, but in the more average case this is a nifty feature nonetheless
 and one can always edit the bogus entries out]

Submitted-By: Jukka Ukkonen <jau@jau.csc.fi>
1996-07-21 23:34:04 +00:00
alex
b3eaec8941 Grammar fix described by wollman in response to PR 1363. 1996-07-14 17:51:08 +00:00
jkh
730964efd2 General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 19:08:36 +00:00
julian
9277e63302 Adding changes to ipfw and the kernel to support ip packet diversion..
This stuff should not be too destructive if the IPDIVERT is not compiled in..
 be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
1996-07-10 19:44:30 +00:00
nate
366bddd7f5 Now that we have a manpage, don't have the 'clean' target be a NO-OP. 1996-07-10 18:36:41 +00:00
julian
ba8d9388bd changes to allow route to manipulate appletalk routes. 1996-07-09 19:02:28 +00:00
julian
37f1fda73b Submitted by: Archie@whistle.com
Obtained from: Whistle Communications
patches to allow ifconfig to work with appletalk addresses etc.
1996-07-09 02:38:13 +00:00
julian
a6648ed792 oops, make the magic number match that used in the bootblock..
I guess we should have a single place for this??
1996-07-09 02:10:16 +00:00
julian
6afeabc6cb Obtained from: Whistle Communications
control program to control the facility of the bootblocks
to fetch a default bootstring from a fixed location on the disk.

See the manpage for more info.
1996-07-09 02:04:32 +00:00
wosch
2d49fb598e Document that suid wrapper like suidperl(1) break option 'nosuid'. 1996-07-02 23:18:38 +00:00
alex
911873413d Correct definition of 'established' keyword. 1996-07-02 00:29:22 +00:00
alex
edea64b844 Formatting fixes for 'in' and 'out' while listing.
Prevent ALL protocol from being used with port specifications.

Allow 'via' keyword at any point in the options list.  Disallow
multiple 'via' specifications.
1996-06-29 01:28:19 +00:00
alex
153deea5fa Fix port specification syntax.
Submitted by:	nate
1996-06-29 01:21:07 +00:00
alex
3a18399d4f Fix address mask calculation when using ':' syntax. Allow a mask
of /0 to have the desired effect.  Normalize IP addresses that
won't match a given mask (i.e. 1.2.3.4/24 becomes 1.2.3.0/24).
Submitted by R. Bezuidenhout <rbezuide@mikom.csir.co.za>

Code formatting and "frag" display fixes.
1996-06-23 20:47:51 +00:00
peter
052dfa09a1 Fix a couple of bogus casts to off_t that caused dumpfs to lseek negative
on filesystems > 2GB (which causes the disk slice code to call Debugger!!)
1996-06-23 00:05:04 +00:00
alex
cd53830060 Code clean up. Prototypes, parentheses around assignments used in
if statements, #if 0 some unused code, use off_t in calls to read/
write_disk, fix a printf format, remove unused variables, and
#include necessary files.
1996-06-21 02:39:19 +00:00
alex
2eab68c044 Add #include <err.h>. 1996-06-19 01:49:01 +00:00
alex
26ad2004f9 Set the program name before trying to use it.
Found by: Aage Robekk <aagero@aage.priv.no>
1996-06-18 01:46:34 +00:00
bde
69a59390f6 Moved initialization of defaults for the label for the whole disk from
disklabel(8) to the kernel (dsopen()).  Drivers should initialize the
hardware values (rpm, interleave, skews).  Drivers currently don't do
this, but it usually doesn't matter since rotational position stuff is
normally disabled.
1996-06-17 14:43:54 +00:00
alex
46fc3f9b35 Fix a typo in the view accounting records example. 1996-06-15 23:01:44 +00:00
alex
595f5f5875 Bring the man page more into line with reality. 1996-06-15 01:38:51 +00:00
asami
5fa995752f Our kernel is not called /netbsd. ;)
Submitted by:	"Philippe Charnier" <charnier@lirmm.fr>
1996-06-14 10:51:47 +00:00
alex
9a01ae8a2a Big sweep over ipfw, picking up where Poul left off:
- Filter based on ICMP types.
  - Accept interface wildcards (e.g. ppp*).
  - Resolve service names with the -N option.
  - Accept host names in 'from' and 'to' specifications
  - Display chain entry time stamps with the -t option.
  - Added URG to tcpflags.
  - Print usage if an unknown tcpflag is used.
  - Ability to zero individual accounting entries.
  - Clarify usage of port ranges.
  - Misc code cleanup.

Closes PRs: 1193, 1220, and 1266.
1996-06-09 23:46:22 +00:00
ache
b473b9f03d Return make_union, s-bit removed 1996-05-19 17:24:10 +00:00
pst
3c6405efe5 Disable setuid permission for mount_union(1).
This covers the security problem descibed in SA-96:10 and Jeff says that
when we upgrade to Lite2 (which fixes this problem), mount no longer needs
to be setuid, so we'll never be going back.

Submitted by:	hsu
Reviewed by:    pst
1996-05-17 22:46:01 +00:00
jkh
5cac466951 Large security hole in mount_union, the underlying filesystem for which doesn't
even work.  Until pst wakes up, best action deemed to be the simple disabling
of this command.
1996-05-17 08:48:50 +00:00
wollman
421bfb351a Accept mount(8)'s calling convention of passing just the filesystem type
as argv[0].
1996-05-14 15:16:49 +00:00
wollman
0a548aa7d3 One program I missed in removing MOUNT_* constants. 1996-05-13 17:56:34 +00:00
wollman
5eea098aaa Get rid of the last vestiges of the old MOUNT_* constants in the
mount_* programs.  While we're at it, collapse the four now-identical
mount programs for devfs, fdesc, kernfs, and procfs into links to
a new mount_std(8) which can mount any really generic filesystem
such as these when called with the appropriate argv[0].

Also, convert the mount programs to use sysexits.h.
1996-05-13 17:43:19 +00:00
jkh
d9d34595e1 Document LFS as broken. 1996-05-12 11:12:17 +00:00