![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / pflogd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.8 / (download) - annotate - [select for diffs], Tue May 21 05:00:47 2024 UTC (2 weeks, 4 days ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.7: +1 -3 lines
Diff to previous 1.7 (colored)
remove prototypes with no matching function and externs with no var partly checked by millert@
Revision 1.7 / (download) - annotate - [select for diffs], Sat Sep 9 13:02:52 2017 UTC (6 years, 9 months ago) by brynet
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.6: +2 -3 lines
Diff to previous 1.6 (colored)
Rework pflogd(8)'s fork+exec model; re-exec the unpriv child, not the privileged parent. Based on feedback from deraadt@ and bluhm@ (worked on syslogd). ok deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Tue Sep 5 15:41:25 2017 UTC (6 years, 9 months ago) by brynet
Branch: MAIN
Changes since 1.5: +5 -3 lines
Diff to previous 1.5 (colored)
fork+exec model for pflogd(8); move pcap init to the re-exec'd privsep parent and use 'legit' fdpassing primitives to send the bpf fd to the unprivileged child process. Also reduces the pledge(2) promises in the unpriv child to just "stdio recvfd" with help from deraadt, pcap feedback from canacar ok deraadt@
Revision 1.5 / (download) - annotate - [select for diffs], Sat Oct 10 22:36:06 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
pflogd contained the same "privsep error" as tcpdump -- assuming that it can ioctl()'s against a bpf device node. Privsep that operation via a message to the parent process. Unfortunately "rpath wpath cpath" is still needed due to SIGHUP handling, but I have asked canacar the expert to look into this.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Sep 21 05:56:58 2010 UTC (13 years, 8 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
bump default snaplen so that pfloghdr + ip hdr + prot hdr usually fit
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jan 15 16:38:04 2006 UTC (18 years, 4 months ago) by canacar
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
If the log file is invalid/incompatible, try to rename the bad log file and continue with a new name instead of suspending. ok mcbride@
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 15 20:15:14 2004 UTC (20 years, 4 months ago) by canacar
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.1: +7 -1 lines
Diff to previous 1.1 (colored)
Try to preserve the integrity of the log file in case of errors/unexpected shutdowns etc. Also check logfile integrity on startup and suspend logging if an inconsistency is detected. ok dhartmei@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 22 18:51:55 2003 UTC (20 years, 7 months ago) by canacar
Branch: MAIN
privilege seperated pflogd _pflogd user and group must be created for proper operation. ok frantzen@ henning@ mcbride@ deraadt@