FreeBSD currently implements the most up to date IPv6 APIs for
option and route header parsing. This checkin marks the older APIs
as deprecated and points the reader to the newer pages.
Reviewed by: Jun-ichiro Itojun
Approved by: rwatson (mentor)
Reviewed by: Kame Project (including Itojun-san, Jinmei-san and Suzuki-san)
Approved by: Robert Watson (robert at freebsd dot org)
Obtained from: Kame Project and OpenBSD
Replace manual pages that may have violated the IETF's Copyright.
All come from the Kame tree.
Several were from OpenBSD except for ip6.4, and the inet6* pages which were
rewritten by me.
All of the text is new and drawn from reading the code and
documentation.
Approved by: Robert Watson (robert at freebsd dot org)
Remove files in preparation for replacement with totally new versions
of the manual pages.
Update the Makefile to handle the new file to be added.
which doesn't end in \n, since it may be very confusing. Also this should
increase consistency, since most other config files work just fine regardless
of the presence of traling \n in the last line.
MFC After: 2 weeks
If turned on no NIS support and related programs will be built.
Lost parts rediscovered by: Danny Braniss <danny at cs.huji.ac.il>
PR: bin/68303
No objections: des, gshapiro, nectar
Reviewed by: ru
Approved by: rwatson (mentor)
MFC after: 2 weeks
Requested by: bde
o Remove unneeded sys/types.h and netinet/in.h from the synopsis and
the example.
o We do have struct in_addr in arpa/inet.h, so no need for netinet/in.h.
o Mention where AF_* constants defined are.
Educated by: bde
This is a corresponding change to bin/67994. I'll soon commit
bin/67994 into 4-STABLE. Actually, 5-CURRENT's getaddrinfo()
doesn't have the problem mentiond in bin/67994. However, it is
good to be in sync variable name with 4-STABLE and KAME.
PR: bin/67994
Submitted by: JINMEI Tatuya <jinmei@ocean.jinmei.org>
res_search only incremented got_servfail for h_errno == TRY_AGAIN *AND*
hp->rcode == SERVFAIL. However, there are cases such as timeouts where
rcode is not always set to SERVFAIL. This leads to inconsistent nameserver
operation during multi-domain and truncated dot searches, especially during
booting when portions of the network are being brought up simultanious with
dns lookups.
This patch attempts to correct the problem by unconditionally terminating
the search if TRY_AGAIN is returned (after res_query has gone through all
retries and name servers) instead of trying other domain elements in the
domain seach path.
This patch should fix reported problems (which I can reproduce) with some
NFS mounts failing during boot. This occured because mount_nfs thought the
host name lookup returned a definitive failure using a non-dotted host name
when, in fact, it timed out on the first part (host.search.domain.name) and
got a definitive host-not-found response on the second part (host.).
Generally speaking, search path name server timeouts can exceed 60 seconds
per element and most machines which consistently timeout on earlier portions
of a search path are effectively non-operational due to the imposed delays.
It is more important for DNS lookups to return the proper error code then
to be able to recover a valid lookup in later portions of the search path
in these situations.
Obtained from: DragonFly
MFC after: 3 weeks
on temporary nameserver failure. This is necessary to get
getipnodebyname(3) to correctly return h_errno=TRY_AGAIN instead
of HOST_NOT_FOUND.
Reviewed by: green, thomas
MFC after: 1 week
case where an /etc/nsswitch.conf file was present, but could not
be opened (e.g. due to permissions). Previously, the open failure
condition was suppressed, and the built-in defaults were used. In
revision 1.11, however, propagated the open failure causing all
nsdispatch() invocations to return NS_UNAVAIL, and thus many APIs
including getpwnam and gethostbyname unconditionally failed.
This commit restores the previous behavior.
Pointy hat: nectar (+1 for obstinance; ache had to use clue bat)
Reported by: ache
library, it may pull in that thread library at run time. If the
process started out single-threaded, this could cause attempts to
release locks that do not exist. Guard against this possibility by
checking __isthreaded before invoking thread primitives.
A similar problem remains if the process is linked against one thread
library, but the NSS module is linked against another. This can only
be avoided by careful design of the NSS module.
Submitted by: Sean McNeil <sean@mcneil.com> (mostly; bugs are mine)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).
There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.
Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".
Tested on: i386 sparc64
The getaddrinfo(3), getipnodebyname(3) and resolver(3) can coincide now
with what should be totally reentrant, and h_errno values will now
be preserved correctly, but this does not affect interfaces such as
gethostbyname(3) which are still mostly non-reentrant.
In all of these relevant functions, the thread-safety has been pushed
down as far as it seems possible right now. This means that operations
that are selected via nsdispatch(3) (i.e. files, yp, dns) are protected
still under global locks that getaddrinfo(3) defines, but where possible
the locking is greatly reduced. The most noticeable improvement is
that multiple DNS lookups can now be run at the same time, and this
shows major improvement in performance of DNS-lookup threaded programs,
and solves the "Mozilla tab serialization" problem.
No single-threaded applications need to be recompiled. Multi-threaded
applications that reference "_res" to change resolver(3) options will
need to be recompiled, and ones which reference "h_errno" will also
if they desire the correct h_errno values. If the applications already
understood that _res and h_errno were not thread-safe and had their own
locking, they will see no performance improvement but will not
actually break in any way.
Please note that when NSS modules are used, or when nsdispatch(3)
defaults to adding any lookups of its own to the individual libc
_nsdispatch() calls, those MUST be reentrant as well.
incorrectly when encountering `large' groups (many members and/or many
long member names). The reporter tracked this down to the glibc NSS
module compatibility code (nss_compat.c): it would prematurely record
that a NSS module was finished iterating through its database in some
cases.
Two aspects are corrected:
1. nss_compat.c recorded that a NSS module was finished iterating
whenever the module reported something other than SUCCESS. The
correct logic is to continue iteration when the module reports
either SUCCESS or RETURN. The __nss_compat_getgrent_r and
__nss_compat_getpwent_r routines are updated to reflect this.
2. An internal helper macro __nss_compat_result is used to map glibc
NSS status codes to BSD NSS status codes (e.g. NSS_STATUS_SUCCESS ->
NS_SUCCESS). It provided the obvious mapping.
When a NSS routine is called with a too-small buffer, the
convention in the BSD NSS code is to report RETURN. (This is used
to implement reentrant APIs such as getpwnam_r(3).) However, the
convention in glibc for this case is to set errno = ERANGE and
overload TRYAGAIN. __nss_compat_result is updated to handle this
case.
PR: bin/60287
Reported by: Lachlan O'Dea <odela01@ca.com>
in KAME implementation, even when no policy is installed
into kernel, getaddrinfo(3) sorts addresses. Since it
causes POLA violation, I modified to don't sort addresses
when no policy is installed into kernel,
Obtained from: KAME
(aka RFC2292bis). Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.
Obtained from: KAME
always widen the imputed netmask if it is narrower than the specified octets.
fixes a strange behaviour where inet_net_pton would always return 4 (bits)
for multicast addresses no matter how many octets were specified.
negotiated with Paul Vixie, original author of this function.
PR: standards/53151
Submitted by: Max Laier <max@love2party.net>
Optained from: OpenBSD
technique) so that we don't wind up calling into an application's
version if the application defines them.
Inspired by: qpopper's interfering and buggy version of strlcpy
may be built into libc (`static NSS modules') or dynamically loaded
via dlopen (`dynamic NSS modules'). Modules are loaded/initialized
at configuration time (i.e. when nsdispatch is called and nsswitch.conf
is read or re-read).
= Make the nsdispatch(3) core thread-safe.
= New status code for nsdispatch(3) `NS_RETURN', currently used to
signal ERANGE-type issues.
= syslog(3) problems, don't warn/err/abort.
= Try harder to avoid namespace pollution.
= Implement some shims to assist in porting NSS modules written for
the GNU C Library nsswitch interface.
Sponsored by: DARPA, Network Associates Laboratories
Only warnings that could be fixed without changing the generated object
code and without restructuring the source code have been handled.
Reviewed by: /sbin/md5
- port range check need to be done before htons. from deraadt
- %d/%u audit
- correct bad practice in the code - it uses two changing variables
to manage buffer (buf and buflen). we eliminate buflen and use
fixed point (ep) as the ending pointer.
- use snprintf, not sprintf
- pass correct name into q.name. from lukem@netbsd
- sync comment
Obtained from: KAME
MFC after: 1 week
and getipnodeby*() thread-safe.
Our res_*() is not thread-safe. So, we share lock between
getaddrinfo() and getipnodeby*(). Still, we cannot use
getaddrinfo() and getipnodeby*() in conjunction with other
functions which call res_*().
Requested by: many people
KAME did the modification only to _dns_getaddrinfo(). However,
it is not sufficient, and res_queryN() should be modified, too.
So, I did same modification to res_queryN().
Obtained from: KAME
insure enough space is available for the response, or be prepared
to resize the buffer and retry as necessary.
Do the conservative thing and make sure enough space is available.
Reviewed by: silence on freebsd-audit
to fail needlessly if a reverse DNS lookup of the IP address didn't
come up with a hostname. As a comment in the code clearly stated,
the "damn hostname" was looked up only for the purpose of netgroup
matching. But if that lookup failed, the function bailed out
immediately even though in many cases netgroup matching would not
be used.
This change marks the hostname as unknown but continues. Where
netgroup matching is performed, an unknown hostname is handled
conservatively. I.e., for "+@netgroup" (accept) entries an unknown
hostname never matches, and for "-@netgroup" (reject) entries an
unknown hostname always matches.
In the lines affected (only), I also fixed a few bogus casts. There
are others, and in fact this entire file would be a good candidate
for a cleanup sweep.
Reviewed by: imp (wearing his flourescent yellow Security Team cap)
MFC after: 2 days
supplied buffer in case the size of it was equal to
the number of characters the converted address consumed.
The bug occurred when converting an AF_INET address.
- Remove the SPRINTF macro and use sprintf instead.
- Do not do string formatting using sprintf(3) and a
temporary buffer which is copied when the supplied
buffer provides enough space. Instead, use snprintf(3)
and the real destination buffer, thus avoid the copy.
Reported by: Stefan Farfeleder <e0026813@stud3.tuwien.ac.at> (1)
PR: misc/41289
of our __restrict macro to the prototypes and function
definitions of inet_pton and inet_ntop.
- Use ANSI-C function argument lists.
- Adjust the prototypes in the manual page.
This will make the behavior robuster if many addresses are added
after the size estimation of storage at the first sysctl.
Reviewed by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after: 1 week
- use strlcpy.
- snprintf can return negative value, so cope with it.
- tweak interface index on interface locals (ff01::/16).
- removed unused macros.
- removed a macro that uses only once (in a trivial context).
- explicitly say goodbye to ENI_xxx.
- constify struct afd.
Obtained from: KAME
MFC after: 1 week
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
change prototypes to be the same as in the original sun tirpc code.
Remove ()P macro in a file where the mayority had ()P already removed.
Add them if the mayority use ()P macros.
Submitted by: mbr
Requested by: bde
