| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The libpcap library can use a BIOCROTZBUF ioctl when net.bpf.zerocopy_enable
sysctl is set.
PR: 217490
|
| |
|
|
|
|
|
|
|
|
|
| |
Obtain proper capsicum rights for dump files so rotation of such files works when requested. This is equivalent to cherry picking the following upstream commits:
commit c6d472bf63488b0c2ab7ab9f4b32c68dd2c8ea2b
commit f08eb851eedf9775e6485ab75c0d8cf8d1306be6
commit d83a284abc80d3d09f6bddd087760bb1b01d9cc7
PR: 199568
Approved by: re
|
| |
|
|
| |
file descriptors
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove "capability mode sandbox enabled" messages.
These messages serve little purpose and break some consumers.
PR: 199855
Differential Revision: https://reviews.freebsd.org/D2440
Reviewed by: rwatson
Approved by: pjd
Sponsored by: DARPA, AFRL
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.
Note that a significant fraction does not apply, as FreeBSD 10 doesn't
contain a Capsicumised ping, casperd, libcasper, etc. When these features
are merged, the capsicum.h change will need to be merged with them.
Sponsored by: Google, Inc.
|
| |
|
|
|
|
|
|
|
| |
made in r263029.
Merge r257186,257215,257349,259736,261797.
These changesets split pfvar.h into several smaller headers and make
userland utilities to include only some of them.
|
| |
|
|
|
|
|
| |
Removes strict-aliasing warnings from newer GCC in tcpdump.
Corresponds to MFC r258573, but for some reason our new pre-commit hooks
will not let us merge it from there.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
tcpdump will print an error message saying rfmon is not supported.
Give a concise explanation as to how one might solve this problem by
creating a monitor mode VAP.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
|
| | |
|
| |
|
|
| |
949a22064d3534eddeb8aa2b9c36a50e45fe16fa.
|
| |\
| |
| |
| | |
MFC after: 4 weeks
|
| | |
| |
| |
| |
| | |
Submitted by: Christoph Mallon
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
|
| |\ \
| |/
| |
| | |
MFC after: 4 weeks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
doesn't mean supporting IFT_PFSYNC (which I hope will eventually
die). This means decoding packets with IP protocol of 240 caught
on any normal interface like Ethernet.
The code is based on couple of files from OpenBSD, significantly
modified by myself.
Parser differentiates for four levels of verbosity: no -v, -v,
-vv and -vvv.
We don't yet forward this code upstream, because currently it
strongly relies on if_pfsync.h and even on pfvar.h. I hope that
this can be fixed in future.
Reviewed by: gnn, delphij
|
| |\ \
| |/
| |
| | |
MFC after: 2 weeks
|
| | |
| |
| |
| |
| | |
The details of the fix can be found in the tcpdump git repository:
commit 684955d58611ee94eccdc34e82b32e676337188c
|
| | |
| |
| |
| |
| |
| |
| |
| | |
against icmp6_hdr::icmp6_type is done incorrectly. (This fix has
already been applied upstream, but we do not have the latest version of
tcpdump.)
MFC after: 1 week
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| | |
Submitted by: fangwang@
Obtained from: //depot/projects/soc2009/tcputo/
|
| | |
| |
| |
| |
| | |
Submitted by: Guy Harris
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames
Reviewed by: rpaulo
Approved by: re (kib)
|
| | |
| |
| |
| | |
Reported by: Andrzej Tobola ato at iem.pw.edu.pl
|
| |\ \
| |/ |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| | |
PR: bin/118150
Reported by: keramida
MFC after: 3 days
|
| | |
| |
| |
| |
| | |
Approved by: re (kensmith)
Obtained from: tcpdump.org
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| |
| | |
Security: FreeBSD-SA-07:06.tcpdump
Security: CVE-2007-3798
Obtained from: tcpdump.org
Approved by: re (security blanket)
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| |
| |
| | |
MFC after: 1 month
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
to vendor branch since this is already in their depot
|
| | |
| |
| |
| | |
Approved by: re (scottl)
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
Approved by: re (scottl)
|
| | | |
|
