![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rebound
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.110, Fri Jan 24 06:19:01 2020 UTC (4 years, 4 months ago) by tedu
Branch: MAIN
CVS Tags: HEAD
Changes since 1.109: +1 -1 lines
FILE REMOVED
progress on rebound has been stalled long enough it's time to fade away.
Revision 1.109 / (download) - annotate - [select for diffs], Mon Oct 7 17:44:45 2019 UTC (4 years, 7 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.108: +4 -2 lines
Diff to previous 1.108 (colored)
worker should always get a conffd, and if we don't, it's an error. fixes compiler warning via deraadt
Revision 1.108 / (download) - annotate - [select for diffs], Mon Apr 1 06:40:05 2019 UTC (5 years, 2 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.107: +6 -2 lines
Diff to previous 1.107 (colored)
if inet6 is not available, warn, but carry on
Revision 1.107 / (download) - annotate - [select for diffs], Thu Dec 27 18:00:15 2018 UTC (5 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.106: +26 -8 lines
Diff to previous 1.106 (colored)
fifo isn't really the right data structure for varying expirations. convert to a simple rbtree ordered by expiration time. ok anton
Revision 1.106 / (download) - annotate - [select for diffs], Thu Dec 20 07:23:22 2018 UTC (5 years, 5 months ago) by anton
Branch: MAIN
Changes since 1.105: +3 -3 lines
Diff to previous 1.105 (colored)
zap whitespace
Revision 1.105 / (download) - annotate - [select for diffs], Tue Dec 18 21:32:21 2018 UTC (5 years, 5 months ago) by anton
Branch: MAIN
Changes since 1.104: +36 -31 lines
Diff to previous 1.104 (colored)
Rework previous: use getopt(3) to parse options passed to the worker process. ok tedu@
Revision 1.104 / (download) - annotate - [select for diffs], Tue Dec 18 20:34:32 2018 UTC (5 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.103: +200 -80 lines
Diff to previous 1.103 (colored)
Rework how socket fds are passed around internally. This will allow more flexibility in listening sockets (and fixes a bug related to inet6). Everything is in arrays now instead of discrete variables. ok anton
Revision 1.103 / (download) - annotate - [select for diffs], Thu Dec 6 16:51:19 2018 UTC (5 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.102: +55 -9 lines
Diff to previous 1.102 (colored)
add very experimental support for dns over https. (RFC 8484) performance may be less than great. ok anton
Revision 1.102 / (download) - annotate - [select for diffs], Tue Nov 20 03:42:56 2018 UTC (5 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.101: +9 -3 lines
Diff to previous 1.101 (colored)
move a magic constant into a magic define
Revision 1.101 / (download) - annotate - [select for diffs], Fri Oct 26 06:03:03 2018 UTC (5 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.100: +7 -1 lines
Diff to previous 1.100 (colored)
Unveil should work because this only opens the configuration file, and re-exec's itself. That locks the pledge 'exec' nicely.
Revision 1.100 / (download) - annotate - [select for diffs], Mon Sep 10 19:22:53 2018 UTC (5 years, 8 months ago) by anton
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)
logmsg(LOG_ERR) -> logerr(); ok tedu@
Revision 1.99 / (download) - annotate - [select for diffs], Sat Sep 8 13:17:19 2018 UTC (5 years, 8 months ago) by anton
Branch: MAIN
Changes since 1.98: +20 -6 lines
Diff to previous 1.98 (colored)
Check for malloc() failures. Initial diff from Clemens Goessnitzer on tech@ Feedback and ok tb@
Revision 1.98 / (download) - annotate - [select for diffs], Tue May 1 15:14:43 2018 UTC (6 years, 1 month ago) by anton
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
Remove extraneous new line from error message.
Revision 1.97 / (download) - annotate - [select for diffs], Tue May 1 15:11:42 2018 UTC (6 years, 1 month ago) by anton
Branch: MAIN
Changes since 1.96: +3 -2 lines
Diff to previous 1.96 (colored)
The length field of a DNS packet must be network byte order encoded; ok tedu@
Revision 1.96 / (download) - annotate - [select for diffs], Mon Apr 30 17:43:36 2018 UTC (6 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.95: +155 -23 lines
Diff to previous 1.95 (colored)
allow limited setting of permanent A records. like unbound local-data. some code and help from anton
Revision 1.95 / (download) - annotate - [select for diffs], Sun Feb 11 01:23:40 2018 UTC (6 years, 3 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.94: +1 -2 lines
Diff to previous 1.94 (colored)
sysctl.h is no longer needed ok tedu
Revision 1.94 / (download) - annotate - [select for diffs], Sat Feb 10 17:51:37 2018 UTC (6 years, 3 months ago) by anton
Branch: MAIN
Changes since 1.93: +4 -1 lines
Diff to previous 1.93 (colored)
Pledge monitoring process; ok tedu@
Revision 1.93 / (download) - annotate - [select for diffs], Wed Feb 7 01:02:46 2018 UTC (6 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.92: +3 -20 lines
Diff to previous 1.92 (colored)
remove the magic dns port hijacking feature. it's complicated and brittle, and never quite made the next step to being useful.
Revision 1.92 / (download) - annotate - [select for diffs], Tue Feb 6 20:38:47 2018 UTC (6 years, 3 months ago) by tedu
Branch: MAIN
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
when we get SIGHUP, close conffd so it's reopened (and rewound). problem and early fix by anton
Revision 1.91 / (download) - annotate - [select for diffs], Tue Aug 22 15:47:13 2017 UTC (6 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.90: +5 -2 lines
Diff to previous 1.90 (colored)
Use waitpid()/EINTR idiom for the specific pid, rather than generic wait(), in case the parent process was started with a dangling child. This style ensures any potential parent:child interlock isn't disrupted due to the "wrong" child being waited on first. Then the other other childs can safely zombie. ok millert jca brynet
Revision 1.90 / (download) - annotate - [select for diffs], Sat Aug 12 00:24:13 2017 UTC (6 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.89: +29 -30 lines
Diff to previous 1.89 (colored)
stop pretending that qnames are always strings. treat everything as a dname always.
Revision 1.89 / (download) - annotate - [select for diffs], Wed Jul 19 22:51:30 2017 UTC (6 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.88: +22 -5 lines
Diff to previous 1.88 (colored)
there's no nul byte after a name that ends in a crazy compression pointer.
Revision 1.88 / (download) - annotate - [select for diffs], Thu Jul 13 17:12:51 2017 UTC (6 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.87: +15 -8 lines
Diff to previous 1.87 (colored)
add an option to listen to an address other than localhost, upgrading to a mini recursive resolver for small networks.
Revision 1.87 / (download) - annotate - [select for diffs], Tue Jul 4 00:30:45 2017 UTC (6 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.86: +59 -2 lines
Diff to previous 1.86 (colored)
properly adjust the ttl of replies instead of freezing them in time
Revision 1.86 / (download) - annotate - [select for diffs], Mon Jul 3 16:36:48 2017 UTC (6 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.85: +7 -6 lines
Diff to previous 1.85 (colored)
don't bother caching invalid or very short lived responses
Revision 1.85 / (download) - annotate - [select for diffs], Mon Jul 3 09:39:48 2017 UTC (6 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.84: +19 -14 lines
Diff to previous 1.84 (colored)
check that a cachehit hasn't expired before using it.
Revision 1.84 / (download) - annotate - [select for diffs], Wed May 31 04:52:11 2017 UTC (7 years ago) by deraadt
Branch: MAIN
Changes since 1.83: +3 -3 lines
Diff to previous 1.83 (colored)
use strerror; from Edgar Pettijohn
Revision 1.83 / (download) - annotate - [select for diffs], Thu Apr 27 16:09:32 2017 UTC (7 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.82: +13 -7 lines
Diff to previous 1.82 (colored)
clang warns about some of the strlcpy arguments here, which aren't the typical idiom because there's invisible size dependencies. rewrite some of it to use memcpy, which makes clear the lengths are the same.
Revision 1.82 / (download) - annotate - [select for diffs], Thu Apr 13 15:32:15 2017 UTC (7 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.81: +4 -3 lines
Diff to previous 1.81 (colored)
moving some code into a switch meant that break no longer stopped the loop. try harder with a goto. diagnosis and original fix by tb.
Revision 1.81 / (download) - annotate - [select for diffs], Thu Apr 6 21:16:14 2017 UTC (7 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.80: +57 -43 lines
Diff to previous 1.80 (colored)
replace some long if/else chains with a switch
Revision 1.80 / (download) - annotate - [select for diffs], Sun Oct 23 17:06:41 2016 UTC (7 years, 7 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.79: +3 -3 lines
Diff to previous 1.79 (colored)
unbreak by fixing obvious pastos
Revision 1.79 / (download) - annotate - [select for diffs], Sun Oct 23 00:40:39 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.78: +46 -21 lines
Diff to previous 1.78 (colored)
listen on inet6 sockets as well. we need this because stolen inet6 sockets can't be redirected to inet4 listeners.
Revision 1.78 / (download) - annotate - [select for diffs], Sun Oct 16 00:08:31 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.77: +75 -48 lines
Diff to previous 1.77 (colored)
switch to a re-exec model instead of plain forking to reduce sharing. this shuffles about some of the initialization code and consolidates all the worker initialization in one place. the parent process runs the monitor loop and execs workers via -W, which then drop immediately into the worker loop. file descriptors currently inherited across exec, which probably exceeds safe magic levels, but fits the existing model without too many changes.
Revision 1.77 / (download) - annotate - [select for diffs], Sat Oct 15 22:09:51 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.76: +101 -90 lines
Diff to previous 1.76 (colored)
refactor the worker and monitor loops a little to make room for re-exec
Revision 1.76 / (download) - annotate - [select for diffs], Sat Oct 15 21:56:40 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.75: +20 -20 lines
Diff to previous 1.75 (colored)
be more cautious about inspecting packets. use integer offsets instead of advancing pointers which may go past the end.
Revision 1.75 / (download) - annotate - [select for diffs], Sat Oct 15 21:50:59 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.74: +74 -13 lines
Diff to previous 1.74 (colored)
implement random casing for query names, also known as 0x20 hardening. this *should* work everywhere, and i consider minimum necessary protection for a program like rebound. in the event it doesn't work, rebound can be bypassed by disabling the port stealing sysctl.
Revision 1.74 / (download) - annotate - [select for diffs], Sat Oct 8 06:33:59 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.73: +6 -4 lines
Diff to previous 1.73 (colored)
a little more precision about reloading config. only reopen if it changed
Revision 1.73 / (download) - annotate - [select for diffs], Sat Oct 8 03:46:58 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.72: +1 -3 lines
Diff to previous 1.72 (colored)
too many blank lines
Revision 1.72 / (download) - annotate - [select for diffs], Fri Oct 7 19:14:56 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.71: +11 -4 lines
Diff to previous 1.71 (colored)
the parent mostly never crashes, but the child might. or the config file disappears. in such cases, the parent will exit. make sure to always reset the jackport, not just when receiving sigterm. (doesn't protect against parent crashing, but that shouldn't happen.)
Revision 1.71 / (download) - annotate - [select for diffs], Fri Oct 7 19:07:36 2016 UTC (7 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.70: +99 -48 lines
Diff to previous 1.70 (colored)
several big changes, tied together. switch to reading resolv.conf to find upstream name servers. moitor this file and automatically restart if it changes. use the dnsjackport sysctl to steal DNS connections from libc. listen on port 54 to avoid collisions with other DNS servers.
Revision 1.70 / (download) - annotate - [select for diffs], Thu Sep 1 10:57:24 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.69: +7 -7 lines
Diff to previous 1.69 (colored)
naming a union 'sockthing' was a bit silly. sockun will do for now.
Revision 1.69 / (download) - annotate - [select for diffs], Thu Sep 1 10:55:21 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.68: +3 -3 lines
Diff to previous 1.68 (colored)
print regular messages to stdout, not err
Revision 1.68 / (download) - annotate - [select for diffs], Thu Sep 1 10:54:36 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.67: +53 -10 lines
Diff to previous 1.67 (colored)
scan responses for minimum ttl, and cache for min(ttl, 300) instead of a fixed amount
Revision 1.67 / (download) - annotate - [select for diffs], Sun Aug 21 21:23:48 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.66: +27 -22 lines
Diff to previous 1.66 (colored)
introduce a union of sockaddr types and eliminate a lot of casts.
Revision 1.66 / (download) - annotate - [select for diffs], Sat Aug 6 19:56:51 2016 UTC (7 years, 9 months ago) by tedu
Branch: MAIN
Changes since 1.65: +2 -1 lines
Diff to previous 1.65 (colored)
reset timeout to null when relooping
Revision 1.65 / (download) - annotate - [select for diffs], Sat Jul 2 17:09:09 2016 UTC (7 years, 11 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.64: +11 -3 lines
Diff to previous 1.64 (colored)
check cache tree for collisions when inserting replies. if two identical requests are sent out, the first will create a cache entry. the second will not go into the cache tree, but will linger around, causing a crash when we free it and try to remove from the tree. instead, give up if insert fails. diagnosis and initial patch from Duncan.
Revision 1.64 / (download) - annotate - [select for diffs], Sun Jun 5 22:41:41 2016 UTC (7 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.63: +25 -32 lines
Diff to previous 1.63 (colored)
previous change (r1.27) converted to using non blocking sockets and spinning on them, trying to preemptively avoid kevent. i've come to conclude this is a poor design. it is exceedingly rare for there to be two requests waiting. instead, we end up burning useless syscalls.
Revision 1.63 / (download) - annotate - [select for diffs], Tue May 31 16:50:11 2016 UTC (8 years ago) by tedu
Branch: MAIN
Changes since 1.62: +8 -4 lines
Diff to previous 1.62 (colored)
with the kernel perm check fixed, we can do this kevent after setuid, but still needs to be before pledge. also check for failure.
Revision 1.62 / (download) - annotate - [select for diffs], Fri May 13 00:19:02 2016 UTC (8 years ago) by tedu
Branch: MAIN
Changes since 1.61: +15 -7 lines
Diff to previous 1.61 (colored)
fix logging. 1. va must be restarted before reuse. 2. don't syslog in debug. assume someone is watching stderr.
Revision 1.61 / (download) - annotate - [select for diffs], Mon May 2 06:21:26 2016 UTC (8 years, 1 month ago) by semarie
Branch: MAIN
Changes since 1.60: +1 -4 lines
Diff to previous 1.60 (colored)
prepare userland for removing chroot(2) from allowed syscalls under pledge(2). in rebound(8), the worker is still chrooted (and pledged). The supervisor process remains unpledged in order to create workers. ok tedu@
Revision 1.60 / (download) - annotate - [select for diffs], Sun Jan 3 18:15:17 2016 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.59: +2 -1 lines
Diff to previous 1.59 (colored)
forgot to call RB_INIT. but yet things mostly worked...
Revision 1.59 / (download) - annotate - [select for diffs], Thu Dec 17 18:24:57 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.58: +15 -10 lines
Diff to previous 1.58 (colored)
add return code to newrequest to distinguish between cache hit and error. we want to keep looping for more requests after a hit, not stop. (though i'm reconsidering if the looping is worthwhile. maybe should just return to kevent() after each request.)
Revision 1.58 / (download) - annotate - [select for diffs], Sat Dec 12 17:19:51 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.57: +2 -3 lines
Diff to previous 1.57 (colored)
correct comment
Revision 1.57 / (download) - annotate - [select for diffs], Fri Dec 11 13:47:08 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.56: +7 -27 lines
Diff to previous 1.56 (colored)
it's not necessary to use a tree to track requests if kevent can do this.
Revision 1.56 / (download) - annotate - [select for diffs], Tue Dec 8 18:03:49 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.55: +4 -3 lines
Diff to previous 1.55 (colored)
more better fake replies. servfail is the correct response.
Revision 1.55 / (download) - annotate - [select for diffs], Sat Dec 5 11:51:23 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.54: +7 -11 lines
Diff to previous 1.54 (colored)
all the signal ignoring can be done in one place
Revision 1.54 / (download) - annotate - [select for diffs], Sat Dec 5 10:24:17 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.53: +16 -14 lines
Diff to previous 1.53 (colored)
pull the config file opening up considerably earlier to fail fast. parsing is still done in the child, so we can't guarantee success, but if the file is missing entirely we won't daemonize in that state.
Revision 1.53 / (download) - annotate - [select for diffs], Fri Dec 4 16:44:20 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.52: +17 -15 lines
Diff to previous 1.52 (colored)
refine some logging and error messages. errors will now always go to stderr until daemonized and syslog as well. make logerr() work more like err().
Revision 1.52 / (download) - annotate - [select for diffs], Fri Dec 4 16:33:40 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.51: +3 -4 lines
Diff to previous 1.51 (colored)
push daemon call a little later so if the address is in use we see the error message
Revision 1.51 / (download) - annotate - [select for diffs], Fri Dec 4 10:59:36 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.50: +1 -2 lines
Diff to previous 1.50 (colored)
one signal.h should suffice
Revision 1.50 / (download) - annotate - [select for diffs], Fri Dec 4 09:13:05 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.49: +3 -1 lines
Diff to previous 1.49 (colored)
ignore SIGPIPE. i don't see any way for it to happen, but nevertheless we definitely don't want to receive it unexpectedly.
Revision 1.49 / (download) - annotate - [select for diffs], Fri Dec 4 04:50:43 2015 UTC (8 years, 6 months ago) by gsoares
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
- sync usage - add a bit more detail about config alternative file and add -d while here. manpage help from jmc@ schwarze@ thanks a lot! OK tedu jmc schwarze
Revision 1.48 / (download) - annotate - [select for diffs], Thu Dec 3 08:19:25 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.47: +13 -1 lines
Diff to previous 1.47 (colored)
when running on a machine without net, rebound will still receive queries from localhost, but then fail to forward them. this causes the resolver to stall waiting for timeouts in situations where it would otherwise fail quickly. we don't know this happens until it's too late, but we can push the resolver forward by sending back empty replies. ok deraadt
Revision 1.47 / (download) - annotate - [select for diffs], Tue Dec 1 23:43:55 2015 UTC (8 years, 6 months ago) by gsoares
Branch: MAIN
Changes since 1.46: +4 -2 lines
Diff to previous 1.46 (colored)
add missing fclose(3) ok tedu@
Revision 1.46 / (download) - annotate - [select for diffs], Fri Nov 27 21:12:08 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
add getpw to pledge. rpath would normally suffice, but there's some double checking code in snapshots, and it serves as a useful annotation. from Carlin Bingham
Revision 1.45 / (download) - annotate - [select for diffs], Tue Nov 24 00:21:55 2015 UTC (8 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
use canonical pledge argument ordering
Revision 1.44 / (download) - annotate - [select for diffs], Mon Nov 16 21:27:42 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.43: +5 -3 lines
Diff to previous 1.43 (colored)
improve logging slightly
Revision 1.43 / (download) - annotate - [select for diffs], Mon Nov 16 20:56:56 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.42: +9 -5 lines
Diff to previous 1.42 (colored)
the list insertion needs to occur right after we get a valid socket, as that is the hint that the request is on the list.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Nov 10 07:24:38 2015 UTC (8 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
kill the whitespace.. kill the whitespace..
Revision 1.41 / (download) - annotate - [select for diffs], Sun Nov 1 13:59:44 2015 UTC (8 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.40: +4 -2 lines
Diff to previous 1.40 (colored)
chroot to pw_dir instead of the hard-coded /var/empty. Also make the chroot+chdir step look more like in the other privsep daemons. OK tedu@
Revision 1.40 / (download) - annotate - [select for diffs], Fri Oct 30 15:44:12 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.39: +2 -1 lines
Diff to previous 1.39 (colored)
it is necessary to call tzset() to get syslog timestamps correct. i am quite surprised by this, but it's the way things are, so do it. reported by naddy
Revision 1.39 / (download) - annotate - [select for diffs], Thu Oct 29 14:01:01 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.38: +3 -2 lines
Diff to previous 1.38 (colored)
put timeout nullification in correct spot
Revision 1.38 / (download) - annotate - [select for diffs], Thu Oct 29 14:00:06 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.37: +18 -17 lines
Diff to previous 1.37 (colored)
be a little more precise about checking filters
Revision 1.37 / (download) - annotate - [select for diffs], Thu Oct 29 13:54:43 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.36: +16 -18 lines
Diff to previous 1.36 (colored)
refold a few lines
Revision 1.36 / (download) - annotate - [select for diffs], Thu Oct 29 12:58:10 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.35: +22 -4 lines
Diff to previous 1.35 (colored)
collect some cool stats and print them out with SIGUSR1
Revision 1.35 / (download) - annotate - [select for diffs], Wed Oct 28 20:56:43 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.34: +11 -2 lines
Diff to previous 1.34 (colored)
impose some limit on the cache size as well.
Revision 1.34 / (download) - annotate - [select for diffs], Wed Oct 28 20:43:12 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.33: +21 -3 lines
Diff to previous 1.33 (colored)
if accept() fails due to fd exhaustion, stop accepting for one second. should only happen for ENFILE, but check for EMFILE too.
Revision 1.33 / (download) - annotate - [select for diffs], Wed Oct 28 20:25:46 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.32: +15 -10 lines
Diff to previous 1.32 (colored)
bug in the request tree code: requests were being added to the tree before the socket (the key) was being set. move the enqueue code later, and fix freerequest to only dequeue if socket is set.
Revision 1.32 / (download) - annotate - [select for diffs], Wed Oct 28 20:20:35 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.31: +35 -8 lines
Diff to previous 1.31 (colored)
twiddle with rlimit to give us a few more files. use rlimit as a hint as to how many requests to allow open at once. start closing old ones as we approach the limit, which means we track the number of outstanding requests (and count tcp as two). also rename tcp "phase" to tcp, and use it as a more direct indicator.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Oct 28 19:32:29 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.30: +4 -1 lines
Diff to previous 1.30 (colored)
add pledge to main process, though it needs a few more options
Revision 1.30 / (download) - annotate - [select for diffs], Wed Oct 28 19:09:58 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.29: +27 -13 lines
Diff to previous 1.29 (colored)
use an rb tree for the cache too. modelled after the reqtree.
Revision 1.29 / (download) - annotate - [select for diffs], Wed Oct 28 18:48:03 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.28: +21 -15 lines
Diff to previous 1.28 (colored)
use an rb tree for finding requests. from Dimitris Papastamos
Revision 1.28 / (download) - annotate - [select for diffs], Mon Oct 26 12:24:48 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.27: +3 -1 lines
Diff to previous 1.27 (colored)
one second amnesty for timeouts so we don't spin with short timeouts
Revision 1.27 / (download) - annotate - [select for diffs], Mon Oct 26 12:23:40 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.26: +7 -9 lines
Diff to previous 1.26 (colored)
set listening sockets to nonblocking, then handle as many incoming requests as we can in the loop instead of keventing per request.
Revision 1.26 / (download) - annotate - [select for diffs], Sat Oct 17 00:38:57 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.25: +2 -5 lines
Diff to previous 1.25 (colored)
don't need fcntl for non blocking socket, just ask for it upfront
Revision 1.25 / (download) - annotate - [select for diffs], Fri Oct 16 20:25:09 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.24: +15 -20 lines
Diff to previous 1.24 (colored)
save some file descriptors. instead of a pipe, use kevent to watch parent
Revision 1.24 / (download) - annotate - [select for diffs], Fri Oct 16 20:12:06 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.23: +15 -5 lines
Diff to previous 1.23 (colored)
naddy would like the child to exit when the parent dies. hook up a pipe between them and watch for eof in the child.
Revision 1.23 / (download) - annotate - [select for diffs], Fri Oct 16 18:47:52 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.22: +32 -39 lines
Diff to previous 1.22 (colored)
life is simpler if all requests go in the fifo, and then just remove them in the error case instead of duplicating code.
Revision 1.22 / (download) - annotate - [select for diffs], Fri Oct 16 18:38:53 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.21: +8 -1 lines
Diff to previous 1.21 (colored)
deraadt tells me i'm supposed to check if connect() actually worked.
Revision 1.21 / (download) - annotate - [select for diffs], Fri Oct 16 18:29:05 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.20: +58 -16 lines
Diff to previous 1.20 (colored)
two phase handling for tcp so that slow connects don't stall the process
Revision 1.20 / (download) - annotate - [select for diffs], Fri Oct 16 15:35:05 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)
save request length in cache. naddy noticed we weren't getting any hits.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Oct 16 02:09:31 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.18: +8 -1 lines
Diff to previous 1.18 (colored)
fine tune the logging some more
Revision 1.18 / (download) - annotate - [select for diffs], Fri Oct 16 01:58:28 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.17: +19 -23 lines
Diff to previous 1.17 (colored)
simplify logging functions. once a daemon, always a daemon
Revision 1.17 / (download) - annotate - [select for diffs], Fri Oct 16 01:55:19 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.16: +5 -2 lines
Diff to previous 1.16 (colored)
safety check that we're dealing with the filter we expect
Revision 1.16 / (download) - annotate - [select for diffs], Fri Oct 16 01:50:39 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.15: +15 -15 lines
Diff to previous 1.15 (colored)
most things should be static
Revision 1.15 / (download) - annotate - [select for diffs], Fri Oct 16 01:37:14 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.14: +3 -2 lines
Diff to previous 1.14 (colored)
exit(1) is better for the impossible condition
Revision 1.14 / (download) - annotate - [select for diffs], Thu Oct 15 22:21:28 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.13: +12 -6 lines
Diff to previous 1.13 (colored)
it is perhaps better style to not call close() on -1, even if harmless
Revision 1.13 / (download) - annotate - [select for diffs], Thu Oct 15 22:17:43 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
make sure req is zeroed in tcp case
Revision 1.12 / (download) - annotate - [select for diffs], Thu Oct 15 22:12:26 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.11: +23 -9 lines
Diff to previous 1.11 (colored)
better memory handling of the request/cache chain
Revision 1.11 / (download) - annotate - [select for diffs], Thu Oct 15 21:59:54 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
do not insert entry into cache until it's fully formed
Revision 1.10 / (download) - annotate - [select for diffs], Thu Oct 15 21:56:52 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.9: +3 -2 lines
Diff to previous 1.9 (colored)
doh, not all requests are the same size. check len first.
Revision 1.9 / (download) - annotate - [select for diffs], Thu Oct 15 21:39:15 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored)
assert is the wrong tool
Revision 1.8 / (download) - annotate - [select for diffs], Thu Oct 15 21:35:27 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
the inet sockets don't work well with inet6 addrs. pick family from addr. detected by naddy
Revision 1.7 / (download) - annotate - [select for diffs], Thu Oct 15 21:25:05 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.6: +36 -33 lines
Diff to previous 1.6 (colored)
introduce logerr, since most logging is followed by exit
Revision 1.6 / (download) - annotate - [select for diffs], Thu Oct 15 21:20:09 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.5: +11 -3 lines
Diff to previous 1.5 (colored)
now with _rebound user, we can try a little harder at privdrop
Revision 1.5 / (download) - annotate - [select for diffs], Thu Oct 15 20:58:14 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.4: +24 -10 lines
Diff to previous 1.4 (colored)
make the HUP interlocking in the parent work better.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Oct 15 20:47:11 2015 UTC (8 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +5 -3 lines
Diff to previous 1.3 (colored)
trivial KNF
Revision 1.3 / (download) - annotate - [select for diffs], Thu Oct 15 20:13:57 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
just a space in usage, from deraadt
Revision 1.2 / (download) - annotate - [select for diffs], Thu Oct 15 19:49:22 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.1: +6 -1 lines
Diff to previous 1.1 (colored)
child can be pledged down a bit to just sockets and io
Revision 1.1 / (download) - annotate - [select for diffs], Thu Oct 15 19:43:30 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
import rebound, a lightweight dns proxy, for further polishing