Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/faithd sync with the latest kame.
details: https://anonhg.NetBSD.org/src/rev/7ec88078579b
branches: trunk
changeset: 514548:7ec88078579b
user: itojun <itojun%NetBSD.org@localhost>
date: Wed Sep 05 01:22:24 2001 +0000
description:
sync with the latest kame.
- select() with the right maxfd.
- don't write() with len <= 0.
- no wacky macro ERRSTR.
diffstat:
usr.sbin/faithd/faithd.8 | 7 +-
usr.sbin/faithd/faithd.c | 66 ++++++++-------
usr.sbin/faithd/faithd.h | 6 +-
usr.sbin/faithd/ftp.c | 189 ++++++++++++++++++++++++++++++++--------------
usr.sbin/faithd/prefix.c | 8 +-
usr.sbin/faithd/rsh.c | 25 ++++-
usr.sbin/faithd/tcp.c | 15 +-
7 files changed, 202 insertions(+), 114 deletions(-)
diffs (truncated from 932 to 300 lines):
diff -r 411b85b3a111 -r 7ec88078579b usr.sbin/faithd/faithd.8
--- a/usr.sbin/faithd/faithd.8 Wed Sep 05 01:17:31 2001 +0000
+++ b/usr.sbin/faithd/faithd.8 Wed Sep 05 01:22:24 2001 +0000
@@ -1,5 +1,5 @@
-.\" $NetBSD: faithd.8,v 1.15 2001/06/30 01:01:36 itojun Exp $
-.\" $KAME: faithd.8,v 1.31 2001/06/30 00:57:01 itojun Exp $
+.\" $NetBSD: faithd.8,v 1.16 2001/09/05 01:22:24 itojun Exp $
+.\" $KAME: faithd.8,v 1.32 2001/08/02 02:37:20 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
@@ -273,6 +273,9 @@
.Pp
The directives are evaluated in sequence,
and the first matching entry will be effective.
+If there is no match
+.Pq if we reach the end of the ruleset
+the traffic will be denied.
.Pp
With inetd mode,
traffic may be filtered by using access control functionality in
diff -r 411b85b3a111 -r 7ec88078579b usr.sbin/faithd/faithd.c
--- a/usr.sbin/faithd/faithd.c Wed Sep 05 01:17:31 2001 +0000
+++ b/usr.sbin/faithd/faithd.c Wed Sep 05 01:22:24 2001 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: faithd.c,v 1.19 2001/04/25 11:25:51 itojun Exp $ */
-/* $KAME: faithd.c,v 1.39 2001/04/25 11:20:42 itojun Exp $ */
+/* $NetBSD: faithd.c,v 1.20 2001/09/05 01:22:24 itojun Exp $ */
+/* $KAME: faithd.c,v 1.40 2001/07/02 14:36:48 itojun Exp $ */
/*
* Copyright (C) 1997 and 1998 WIDE Project.
@@ -97,7 +97,7 @@
struct sockaddr *addr;
};
struct myaddrs *myaddrs = NULL;
-static char *service;
+static const char *service;
#ifdef USE_ROUTE
static int sockfd = 0;
#endif
@@ -177,19 +177,19 @@
sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC);
if (sockfd < 0) {
- exit_failure("socket(PF_ROUTE): %s", ERRSTR);
+ exit_failure("socket(PF_ROUTE): %s", strerror(errno));
/*NOTREACHED*/
}
#endif
melen = sizeof(me);
if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) {
- exit_failure("getsockname: %s", ERRSTR);
+ exit_failure("getsockname: %s", strerror(errno));
/*NOTREACHED*/
}
fromlen = sizeof(from);
if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
- exit_failure("getpeername: %s", ERRSTR);
+ exit_failure("getpeername: %s", strerror(errno));
/*NOTREACHED*/
}
if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0,
@@ -217,7 +217,7 @@
error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on,
sizeof(on));
if (error < 0) {
- exit_failure("setsockopt(SO_OOBINLINE): %s", ERRSTR);
+ exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
/*NOTREACHED*/
}
@@ -328,13 +328,14 @@
s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s_wld == -1)
- exit_stderr("socket: %s", ERRSTR);
+ exit_stderr("socket: %s", strerror(errno));
#ifdef IPV6_FAITH
if (res->ai_family == AF_INET6) {
error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on));
if (error == -1)
- exit_stderr("setsockopt(IPV6_FAITH): %s", ERRSTR);
+ exit_stderr("setsockopt(IPV6_FAITH): %s",
+ strerror(errno));
}
#endif
#ifdef FAITH4
@@ -342,31 +343,32 @@
if (res->ai_family == AF_INET) {
error = setsockopt(s_wld, IPPROTO_IP, IP_FAITH, &on, sizeof(on));
if (error == -1)
- exit_stderr("setsockopt(IP_FAITH): %s", ERRSTR);
+ exit_stderr("setsockopt(IP_FAITH): %s",
+ strerror(errno));
}
#endif
#endif /* FAITH4 */
error = setsockopt(s_wld, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
if (error == -1)
- exit_stderr("setsockopt(SO_REUSEADDR): %s", ERRSTR);
+ exit_stderr("setsockopt(SO_REUSEADDR): %s", strerror(errno));
error = setsockopt(s_wld, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on));
if (error == -1)
- exit_stderr("setsockopt(SO_OOBINLINE): %s", ERRSTR);
+ exit_stderr("setsockopt(SO_OOBINLINE): %s", strerror(errno));
error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen);
if (error == -1)
- exit_stderr("bind: %s", ERRSTR);
+ exit_stderr("bind: %s", strerror(errno));
error = listen(s_wld, 5);
if (error == -1)
- exit_stderr("listen: %s", ERRSTR);
+ exit_stderr("listen: %s", strerror(errno));
#ifdef USE_ROUTE
sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC);
if (sockfd < 0) {
- exit_stderr("socket(PF_ROUTE): %s", ERRSTR);
+ exit_stderr("socket(PF_ROUTE): %s", strerror(errno));
/*NOTREACHED*/
}
#endif
@@ -418,7 +420,7 @@
if (error < 0) {
if (errno == EINTR)
goto again;
- exit_failure("select: %s", ERRSTR);
+ exit_failure("select: %s", strerror(errno));
/*NOTREACHED*/
}
@@ -432,7 +434,7 @@
s_src = accept(s_wld, (struct sockaddr *)&srcaddr,
&len);
if (s_src == -1) {
- exit_failure("socket: %s", ERRSTR);
+ exit_failure("socket: %s", strerror(errno));
/*NOTREACHED*/
}
@@ -479,7 +481,7 @@
error = getsockname(s_src, (struct sockaddr *)&dstaddr6, &len);
if (error == -1) {
- exit_failure("getsockname: %s", ERRSTR);
+ exit_failure("getsockname: %s", strerror(errno));
/*NOTREACHED*/
}
@@ -500,7 +502,8 @@
dup2(0, 2);
}
execv(serverpath, serverarg);
- syslog(LOG_ERR, "execv %s: %s", serverpath, ERRSTR);
+ syslog(LOG_ERR, "execv %s: %s", serverpath,
+ strerror(errno));
_exit(EXIT_FAILURE);
} else {
close(s_src);
@@ -578,38 +581,38 @@
break;
}
if (s_dst < 0) {
- exit_failure("socket: %s", ERRSTR);
+ exit_failure("socket: %s", strerror(errno));
/*NOTREACHED*/
}
if (conf->src.a.ss_family) {
- if (bind(s_dst, (struct sockaddr *)&conf->src.a,
+ if (bind(s_dst, (const struct sockaddr *)&conf->src.a,
conf->src.a.ss_len) < 0) {
- exit_failure("bind: %s", ERRSTR);
+ exit_failure("bind: %s", strerror(errno));
/*NOTREACHED*/
}
}
error = setsockopt(s_dst, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on));
if (error < 0) {
- exit_failure("setsockopt(SO_OOBINLINE): %s", ERRSTR);
+ exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
/*NOTREACHED*/
}
error = setsockopt(s_src, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
if (error < 0) {
- exit_failure("setsockopt(SO_SNDTIMEO): %s", ERRSTR);
+ exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno));
/*NOTREACHED*/
}
error = setsockopt(s_dst, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
if (error < 0) {
- exit_failure("setsockopt(SO_SNDTIMEO): %s", ERRSTR);
+ exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno));
/*NOTREACHED*/
}
error = connect(s_dst, sa4, sa4->sa_len);
if (error < 0) {
- exit_failure("connect: %s", ERRSTR);
+ exit_failure("connect: %s", strerror(errno));
/*NOTREACHED*/
}
@@ -652,7 +655,7 @@
mib[3] = IPV6CTL_FAITH_PREFIX;
size = sizeof(struct in6_addr);
if (sysctl(mib, 4, &faith_prefix, &size, NULL, 0) < 0) {
- exit_failure("sysctl: %s", ERRSTR);
+ exit_failure("sysctl: %s", strerror(errno));
/*NOTREACHED*/
}
@@ -748,7 +751,8 @@
hints.ai_protocol = 0;
if ((ai_errno = getaddrinfo(host, serv, &hints, &res)) != 0) {
- syslog(LOG_INFO, "%s %s: %s", host, serv, gai_strerror(ai_errno));
+ syslog(LOG_INFO, "%s %s: %s", host, serv,
+ gai_strerror(ai_errno));
return 0;
}
@@ -786,7 +790,7 @@
#endif
if (daemon(0, 0) == -1)
- exit_stderr("daemon: %s", ERRSTR);
+ exit_stderr("daemon: %s", strerror(errno));
#ifdef SA_NOCLDWAIT
memset(&sa, 0, sizeof(sa));
@@ -796,13 +800,13 @@
sigaction(SIGCHLD, &sa, (struct sigaction *)0);
#else
if (signal(SIGCHLD, sig_child) == SIG_ERR) {
- exit_failure("signal CHLD: %s", ERRSTR);
+ exit_failure("signal CHLD: %s", strerror(errno));
/*NOTREACHED*/
}
#endif
if (signal(SIGTERM, sig_terminate) == SIG_ERR) {
- exit_failure("signal TERM: %s", ERRSTR);
+ exit_failure("signal TERM: %s", strerror(errno));
/*NOTREACHED*/
}
}
diff -r 411b85b3a111 -r 7ec88078579b usr.sbin/faithd/faithd.h
--- a/usr.sbin/faithd/faithd.h Wed Sep 05 01:17:31 2001 +0000
+++ b/usr.sbin/faithd/faithd.h Wed Sep 05 01:22:24 2001 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: faithd.h,v 1.6 2000/10/06 00:13:02 itojun Exp $ */
-/* $KAME: faithd.h,v 1.6 2000/10/05 22:20:37 itojun Exp $ */
+/* $NetBSD: faithd.h,v 1.7 2001/09/05 01:22:24 itojun Exp $ */
+/* $KAME: faithd.h,v 1.7 2001/07/02 14:36:48 itojun Exp $ */
/*
* Copyright (C) 1997 and 1998 WIDE Project.
@@ -68,6 +68,4 @@
#define UC(b) (((int)b)&0xff)
-#define ERRSTR strerror(errno)
-
#define FAITH_TIMEOUT (30 * 60) /*second*/
diff -r 411b85b3a111 -r 7ec88078579b usr.sbin/faithd/ftp.c
--- a/usr.sbin/faithd/ftp.c Wed Sep 05 01:17:31 2001 +0000
+++ b/usr.sbin/faithd/ftp.c Wed Sep 05 01:22:24 2001 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: ftp.c,v 1.6 2000/09/14 00:36:10 itojun Exp $ */
-/* $KAME: ftp.c,v 1.10 2000/09/14 00:23:39 itojun Exp $ */
+/* $NetBSD: ftp.c,v 1.7 2001/09/05 01:22:24 itojun Exp $ */
+/* $KAME: ftp.c,v 1.13 2001/09/05 01:10:30 itojun Exp $ */
/*
* Copyright (C) 1997 and 1998 WIDE Project.
@@ -84,25 +84,39 @@
syslog(LOG_INFO, "starting ftp control connection");
for (;;) {
+ int maxfd = 0;
+
FD_ZERO(&readfds);
FD_SET(ctl4, &readfds);
FD_SET(ctl6, &readfds);
- if (0 <= port4)
+ if (0 <= port4) {
FD_SET(port4, &readfds);
- if (0 <= port6)
+ if (port4 > maxfd)
+ maxfd = port4;
Home |
Main Index |
Thread Index |
Old Index