Commit Graph

303 Commits

Author SHA1 Message Date
Kristof Provost
e9eb09414a libpfctl: Switch to pfctl_rule
Stop using the kernel's struct pf_rule, switch to libpfctl's pfctl_rule.
Now that we use nvlists to communicate with the kernel these structures
can be fully decoupled.

Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29644
2021-04-10 11:16:02 +02:00
Kristof Provost
956e7d2325 bsnmp: Use libpfctl
Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29642
2021-04-10 11:16:02 +02:00
Gordon Bergling
dbac569b41 snmp_wlan(3): Fix mandoc warnings
- new sentence, new line
2020-11-20 16:46:51 +00:00
Stefan Eßer
1f474190fc Replace literal uses of /usr/local in C sources with _PATH_LOCALBASE
Literal references to /usr/local exist in a large number of files in
the FreeBSD base system. Many are in contributed software, in configuration
files, or in the documentation, but 19 uses have been identified in C
source files or headers outside the contrib and sys/contrib directories.

This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
a different prefix for locally installed software.

In order to avoid changes to openssh source files, LOCALBASE is passed to
the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
been used here, there is precedent in the construction of the path used to
a xauth program which depends on the LOCALBASE value passed on the compiler
command line to select a non-default directory.

This could be changed in a later commit to make the openssh build
consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
commit.

Reviewed by:	imp
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D26942
2020-10-27 11:29:11 +00:00
Gordon Bergling
3d265fce43 Fix a few mandoc issues
- skipping paragraph macro: Pp after Sh
- sections out of conventional order: Sh EXAMPLES
- whitespace at end of input line
- normalizing date format
2020-10-09 19:12:44 +00:00
Kyle Evans
7cc42f6d25 Do a sweep and remove most WARNS=6 settings
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.

Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
2020-10-01 01:10:51 +00:00
Eugene Grosbein
dca51295b2 bsnmptools: make it print protocol errors to stderr instead of stdout
Reviewed by:		syrinx, bz
MFC after:		1 week
Differential Revision:	https://reviews.freebsd.org/D25911
2020-08-05 09:19:41 +00:00
Warner Losh
0d94b31ad3 Fix a comment for the SUN geom class.
Reivewed by: cy@, bcr@
Differential Revision: https://reviews.freebsd.org/D23593
2020-02-10 17:16:50 +00:00
Warner Losh
f8f33808c0 Fix comment. It mentioned sparc64 specifically, but alignment issues
are present elsewhere.

Reivewed by: cy@, bcr@
Differential Revision: https://reviews.freebsd.org/D23593
2020-02-10 17:16:45 +00:00
Dimitry Andric
303c0aad7d Fix the following -Werror warning from clang 10.0.0 in bsnmpd:
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1661:4: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
                        return (-1);
                        ^
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1658:5: note: previous statement is here
                } else
                  ^

The intent was to group the return statement with the previous syslog()
call.

MFC after:	3 days
2020-01-31 18:09:27 +00:00
Dimitry Andric
3fd49cf90e Fix the following -Werror warning from clang 10.0.0 in bsnmpd:
usr.sbin/bsnmpd/modules/snmp_bridge/bridge_port.c:1235:43: error: overlapping comparisons always evaluate to true [-Werror,-Wtautological-overlap-compare]
                            begemotBridgeStpPortEnable_enabled ||
                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~

Work around it by casting the enum values to the type of val->v.integer.

MFC after:	3 days
2020-01-29 21:40:35 +00:00
Simon J. Gerraty
2c9a9dfc18 Update Makefile.depend files
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files

Reviewed by:	 bdrewery
MFC after:	1 week
Sponsored by:   Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D22494
2019-12-11 17:37:53 +00:00
Simon J. Gerraty
5ab1c5846f Add Makefile.depend.options
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend

DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options

See share/mk/dirdeps-options.mk

Reviewed by:	 bdrewery
MFC after:	1 week
Sponsored by:   Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D22469
2019-12-11 17:37:37 +00:00
Shteryana Shopova
9a8070808e No need for each bsnmpd(1) module to open connection to syslog
bsnmpd(1) main does that early on init and the connection is available
to all loaded modules

Event:		Vienna Hackathon 2019
PR:		233431 , 221487
MFC after:	2 weeks
2019-06-21 07:45:58 +00:00
Shteryana Shopova
65a184e091 Unbreak snmp_pf(3) after the changes introduced in r338209
PR:		237011
Event:		Vienna Hackathon 2019
MFC after:	2 weeks
2019-06-21 07:29:02 +00:00
Andrey V. Elsukov
04d1781439 Add IPv6 transport for bsnmp.
This patch adds a new table begemotSnmpdTransInetTable that uses the
InetAddressType textual convention and can be used to create listening
ports for IPv4, IPv6, zoned IPv6 and based on DNS names. It also supports
future extension beyond UDP by adding a protocol identifier to the table
index. In order to support this gensnmptree had to be modified.

Submitted by:   harti
MFC after:      1 month
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D16654
2019-04-02 12:50:01 +00:00
Andriy Voskoboinyk
e5cb99d5a2 snmp_hostres(3): fix a typo in sanity checks in handle_chunk()
PR:		204253
Submitted by:	David Binderman <dcb314@hotmail.com>
MFC after:	5 days
2019-02-18 03:23:10 +00:00
Patrick Kelsey
249cc75fd1 Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of
2^32 bps or greater to be used.  Prior to this, bandwidth parameters
would simply wrap at the 2^32 boundary.  The computations in the HFSC
scheduler and token bucket regulator have been modified to operate
correctly up to at least 100 Gbps.  No other algorithms have been
examined or modified for correct operation above 2^32 bps (some may
have existing computation resolution or overflow issues at rates below
that threshold).  pfctl(8) will now limit non-HFSC bandwidth
parameters to 2^32 - 1 before passing them to the kernel.

The extensions to the pf(4) ioctl interface have been made in a
backwards-compatible way by versioning affected data structures,
supporting all versions in the kernel, and implementing macros that
will cause existing code that consumes that interface to use version 0
without source modifications.  If version 0 consumers of the interface
are used against a new kernel that has had bandwidth parameters of
2^32 or greater configured by updated tools, such bandwidth parameters
will be reported as 2^32 - 1 bps by those old consumers.

All in-tree consumers of the pf(4) interface have been updated.  To
update out-of-tree consumers to the latest version of the interface,
define PFIOC_USE_LATEST ahead of any includes and use the code of
pfctl(8) as a guide for the ioctls of interest.

PR:	211730
Reviewed by:	jmallett, kp, loos
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	RG Nets
Differential Revision:	https://reviews.freebsd.org/D16782
2018-08-22 19:38:48 +00:00
Brad Davis
c2d948fa77 Move snmpd.config to usr.sbin/bsnmpd/bsnmpd/
This helps with pkgbase as this config file will now be tagged as a config
file

Approved by:	allanjude (mentor)
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16674
2018-08-11 13:47:28 +00:00
Hartmut Brandt
8e9b3e7071 Update bsnmp to version 1.13. This does not bring user-visible changes.
For developers gensnmptree can now generate functions for enums to convert
between enums and strings and to check the validity of a value.
The sources in FreeBSD are now in sync with the upstream which allows to
bring in IPv6 modifications.
2018-07-03 08:44:40 +00:00
Pedro F. Giffuni
64de3fdd58 SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Bryan Drewery
04760bd70d These values already set by src.libnames.mk.
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-10-31 00:03:25 +00:00
Pedro F. Giffuni
7e7315b542 bsnmpd: Only refresh devtree if devd event is a new or removed device.
It makes sense to refresh the tree only when a device is inserted or
removed, otherwise bsnmpd wastes lot of CPU.

PR:		209368
MFC after:	1 week
2017-10-28 21:26:49 +00:00
Bryan Drewery
07676084ec DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:23 +00:00
Brooks Davis
a7dc31283a Remove the NATM framework including the en(4), fatm(4), hatm(4), and
patm(4) devices.

Maintaining an address family and framework has real costs when we make
infrastructure improvements.  In the case of NATM we support no devices
manufactured in the last 20 years and some will not even work in modern
motherboards (some newer devices that patm(4) could be updated to
support apparently exist, but we do not currently have support).

With this change, support remains for some netgraph modules that don't
require NATM support code. It is unclear if all these should remain,
though ng_atmllc certainly stands alone.

Note well: FreeBSD 11 supports NATM and will continue to do so until at
least September 30, 2021.  Improvements to the code in FreeBSD 11 are
certainly welcome.

Reviewed by:	philip
Approved by:	harti
2017-04-24 21:21:49 +00:00
Marcelo Araujo
21a973f499 Use nitems() from sys/param.h.
Reviewed by:	ngie
Differential Revision:	https://reviews.freebsd.org/D9943
2017-03-12 03:43:28 +00:00
Enji Cooper
64a0982bee usr.sbin: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:38:03 +00:00
Yoshihiro Takahashi
2b375b4edd Remove pc98 support completely.
I thank all developers and contributors for pc98.

Relnotes:	yes
2017-01-28 02:22:15 +00:00
Enji Cooper
489b7fc0a4 Add smilint target to subdir targets so "make smilint" here will run
the smilint target in subdirs

While here, convert a path that's .CURDIR relative to SRCTOP

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-01-17 03:44:45 +00:00
Enji Cooper
0acfb04bce Remove ad hoc smilint targets made standard in bsd.snmpmod.mk in r312328
MFC after:	1 week
X-MFC with:	r312328
Sponsored by:	Dell EMC Isilon
2017-01-17 03:41:23 +00:00
Enji Cooper
e9fcca6a8e Add a REVISION section to track changes for the BEGEMOT-NETGRAPH MIB file
This change also documents the modification harti made to a handful of
objects in r122758 (the max OCTET STRING width was increased from 15 to
31 octets)

MFC after:	1 week
2017-01-09 06:36:17 +00:00
Enji Cooper
0dc92aeeb0 Add a REVISION section to track changes for the BEGEMOT-ATM-FREEBSD-MIB MIB file
There haven't been any changes to the MIB definition, so the REVISION
remains static at the version it was imported at

MFC after:	1 week
2017-01-09 06:19:20 +00:00
Enji Cooper
3fab006f0b Add a REVISION section to track changes for the hostres module
There haven't been any changes to the MIB definition, so the REVISION remains
static at the version it was imported at

MFC after:	1 week
2017-01-09 03:18:19 +00:00
Enji Cooper
6fec23edd3 Improve the smilint target in the hostres and mibII modules
- Mark the smilint target .PHONY so it's always executed when requested
- Leverage .PATH for BMIBS instead of spelling the path out longhand
  for them

MFC after:	1 week
2017-01-09 03:14:04 +00:00
Enji Cooper
306324d7f2 Use SRCTOP instead of spelling out the full path with .CURDIR
This helps condense the output for CFLAGS and .PATH

MFC after:	3 days
2017-01-09 03:08:21 +00:00
Enji Cooper
18d124d977 OS_getSystemUptime: use nitems for calculating the number of elements
in a sysctl mib instead of hardcoding the number 2

MFC after:	3 days
2017-01-05 09:28:38 +00:00
Enji Cooper
640b69be3a style cleanup
- bridge_pf_dump: use nitems instead of spelling it out longhand
- bridge_do_pfctl: sort variables by alignment for type

MFC after:	1 week
2017-01-04 17:54:44 +00:00
Enji Cooper
9577c300d8 bridge_do_pfctl: allocate mib_name dynamically using asprintf
This is being done to reduce wasted space, simplify complexity in
the code, and to quell a Coverity warning about buffer overruns.
warning about buffer overruns.

MFC after:	1 week
Reported by:	Coverity
CID:		1006736
2017-01-04 17:50:52 +00:00
Enji Cooper
758268dcae bridge_get_pfval: use nitems instead of spelling it out longhand
MFC after:	3 days
2017-01-04 17:38:18 +00:00
Enji Cooper
a0cc1855e3 Use strlcpy instead of strcpy when copying the bridge name to ifr.ifr_name
to avoid buffer overflows

MFC after:	1 week
Reported by:	Coverity
CID:		1006735, 1006737, 1006738
2017-01-04 17:33:18 +00:00
Enji Cooper
b85e09dbf1 Fix logical inversion when checking result from calloc
in snmp_output_err_resp(..)

X-MFC with:	r310987
MFC after:	3 days
Reported by:	Coverity
CID:		1368195
2017-01-04 01:44:45 +00:00
Enji Cooper
30dcd18b90 Swap parameters around with parse_syntax_strval(..) for consistency with
other parse_* APIs in bsnmp*

MFC after:	3 days
Noted by:	bz
2017-01-03 22:33:07 +00:00
Enji Cooper
71aa1443ea Make /usr/lib/libbsnmptools.so.0 into an INTERRNALLIB
Although it increases the size of the bsnmp{get,set,walk} binaries by
four on my [amd64] system, it removes the need for producing .debug
files, profiled libraries, and for installing the library itself,
reducing the overall size use on disk by the utilities noted
previously.

Plus, it guards against ABI/API compatibility issues with the library
as it's only used internal to the tools themselves.

MFC after:	3 weeks
2017-01-03 22:31:05 +00:00
Enji Cooper
570afb920c Call snmp_pdu_free on req/resp with a consistent, correct pattern
- snmp_pdu_free should be called before snmp_pdu_create is called
  again
- snmp_pdu_free should be called on the resp to snmp_dialog when
  successful

Tested with the following bsnmp commands:

  % export SNMPUSER=bsnmp SNMPPASSWD=bsnmptest
  % SNMP_ARGS="-A proto=sha -C context='' -K -P proto=des -v 3 -r 0"
  % bsnmpset $SNMP_ARGS sysLocation="MyAgent"
  % bsnmpget $SNMP_ARGS sysLocation
  % bsnmpwalk $SNMP_ARGS

MFC after:	12 days
X-MFC with:	r310729, r310892, r310894
2017-01-01 00:23:43 +00:00
Enji Cooper
86b3c16952 snmp_output_err_resp, snmp_output_resp: allocate object using calloc, not
on the stack

Some of the callers try to determine whether or not `object` is valid by
testing the value for NULL, which will never be true if it's a stack value,
so in order to be clear and correct down the call stack, use a heap
allocated object.

This also addresses a Coverity issue by initializing all of `object` via
calloc

MFC after:	1 week
Reported by:	Coverity
CID:		1006392
2016-12-31 22:46:17 +00:00
Enji Cooper
09fe010ecf snmp_output_resp: style(9): sort variables by alignment
MFC after:	3 days
2016-12-31 22:18:33 +00:00
Enji Cooper
c4114bd1f5 Set value->v.octetstring.len to a correct value on malloc success/failure
The previous code always set value->v.octetstring.len to len, regardless
of the result from the malloc call. This misleads the caller on malloc
failure. Set .len to len on success and 0 on failure.

MFC after:	1 week
Reported by:	Coverity
CID:		1007590
2016-12-31 12:14:25 +00:00
Enji Cooper
1b135e4f47 snmp_pdu_free the right object at the right time in snmptool_walk
r310892 was on the right track, but unfortunately it was resolving
the problem incorrectly and accidentally leaking memory in the
process.

- Call snmp_pdu_free on req before calling snmp_pdu_create on it
  at the bottom of the outer while loop
- Call snmp_pdu_free on resp after calling snmpwalk_nextpdu_create
  in the inner loop

MFC after:	12 days
X-MFC with:	r310729, r310892
Reported by:	valgrind
2016-12-31 10:01:25 +00:00