| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Fix the function signatures when MK_CRYPT == no for snmp_get_local_keys and
snmp_passwd_to_keys
Reported by: Beeblebrox <zaphod@berentweb.com>
|
| |
|
|
|
|
|
|
|
| |
Fix bsnmpd remote denial of service vulnerability.
Reported by: dinoex
Submitted by: harti
Security: FreeBSD-SA-14:01.bsnmpd
Security: CVE-2014-1452
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
| |
in the r186119.
Submitted by: Konstantin Kukushkin <dark rambler-co.ru>
|
| |
|
|
|
| |
Submitted by: Christoph Mallon
MFC after: 3 days
|
| | |
|
| | |
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
| |
- Set IP_RECVDSTADDR sockopt on the socket only in case if
it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
IP_RECVDSTADDR control message.
This fixes operation of snmpd bound to a specific local IP address.
PR: bin/171279
|
| |
|
|
|
|
|
|
| |
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.
PR: bin/171279
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.
The SCM_CREDS control messages is received only in two cases:
1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
syscall. In this case the message is struct cmsgcred.
We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:
o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
instead use correct search cycle through control messages.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Timeout from: current, syrinx
MFC after: 1 week
|
| |
|
|
|
|
| |
PR: 167734
Submitted by: Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after: 3 days
|
| |
|
|
|
|
| |
of the pointer to it.
Submitted by: Pawel Worach
|
| |
|
|
| |
by copying rather than casting.
|
| |
|
|
|
| |
PR: bin/153153
MFC after: 2 weeks
|
| |
|
|
|
| |
Found by: manlint
Approved by: re (kib)
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
| |
by protocol family" when processing requests received from the
UNIX domain socket.
MFC after: 3 days
|
| | |
|
| |
|
|
|
| |
bsnmpd(1)' def files, until bsd.snmpmod.mk & Makefiles are fixed to
pass proper include path flags to gensnmptree.
|
| |
|
|
|
|
| |
Sponsored by: The FreeBSD Foundation
Reviewed by: philip
Approved by: philip
|
| |
|
|
|
|
|
| |
unsed parameters.
Sponsored by: The FreeBSD Foundation
Reviewed by: philip@
|
| |
|
|
|
|
| |
Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@
|
| |
|
|
|
|
|
|
| |
message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).
Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
| |
No change in rendered output, less mandoc lint warnings.
Tool provided by: Nobuyuki Koganemaru n-kogane at syd.odn.ne.jp
|
| | |
|
| |
|
|
| |
Pointy hat to: uqs
|
| |
|
|
|
|
| |
PR: docs/149157
Submitted by: Warren Block <wblock@wonkity.com>
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
|
|
| |
use a different interface type (IFT_L2VLAN vs IFT_ETHER). Treat IFT_L2VLAN
interfaces like IFT_ETHER interfaces when handling link layer addresses.
Reviewed by: syrinx (bsnmpd)
MFC after: 1 week
|
| |
|
|
|
| |
Reviewed by: ru
Approved by: harti
|
| |
|
|
|
|
|
| |
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
Approved by: harti@
|
| |
|
|
|
|
| |
Found by: make manlint
Reviewed by: ru
Approved by: harti, philip (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
system.
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.
Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
alignment requirement, while rt_msghdr has a 4 byte alignment
requirement. The root cause is that if_msghdr has an struct if_data
which has an 8-byte alignment requirement due to a time_t that's
embedded in it. On MIPS, time_t is a 64-bit number, so must be 64-bit
aligned.
Since we don't access ifm_data.ifi_epoch, a simple cast is all that's
necessary here. It is likely the case that ifi_epoch should *NOT* be
a time_t because it is an uptime (time delta) an not an absolute time
since 1970. u_long is likely sufficient there since that gives an
uptime of 136 years will suffice for the foreseeable future.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| | |
returns an error.
Approved by: bz (mentor), harti
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| |
| | |
of uname -r in FreeBSD. This value can be overwritten in the configuration
file.
Suggested by: phk
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
Submitted by: glebius
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| | |
gensnmpdef and gensnmptree. Add include and typedef directives to gensnmptree.
Submitted by: soc-sheryana (partly)
|
| | | |
|
