svn commit: r200256 - in user/eri/pf45/head: . bin/date
contrib/bind9/lib/isc/ia64/include/isc
contrib/bsnmp/snmp_mibII contrib/gcc/config
contrib/groff/tmac crypto/openssl/ssl etc etc/defaults etc...
Ermal Luçi
eri at FreeBSD.org
Tue Dec 8 13:25:01 UTC 2009
Author: eri
Date: Tue Dec 8 13:25:00 2009
New Revision: 200256
URL: http://svn.freebsd.org/changeset/base/200256
Log:
MFH to include netstat fixes.
Added:
user/eri/pf45/head/lib/csu/i386-elf/crt1_c.c
- copied unchanged from r200254, head/lib/csu/i386-elf/crt1_c.c
user/eri/pf45/head/lib/csu/i386-elf/crt1_s.S
- copied unchanged from r200254, head/lib/csu/i386-elf/crt1_s.S
user/eri/pf45/head/lib/libulog/
- copied from r200254, head/lib/libulog/
user/eri/pf45/head/libexec/ulog-helper/
- copied from r200254, head/libexec/ulog-helper/
user/eri/pf45/head/share/man/man4/man4.powerpc/adb.4
- copied unchanged from r200254, head/share/man/man4/man4.powerpc/adb.4
user/eri/pf45/head/share/man/man4/man4.powerpc/akbd.4
- copied unchanged from r200254, head/share/man/man4/man4.powerpc/akbd.4
user/eri/pf45/head/share/man/man4/man4.powerpc/ams.4
- copied unchanged from r200254, head/share/man/man4/man4.powerpc/ams.4
user/eri/pf45/head/share/man/man4/man4.powerpc/cuda.4
- copied unchanged from r200254, head/share/man/man4/man4.powerpc/cuda.4
user/eri/pf45/head/sys/compat/linux/linux_videodev.h
- copied unchanged from r200254, head/sys/compat/linux/linux_videodev.h
user/eri/pf45/head/sys/compat/linux/linux_videodev_compat.h
- copied unchanged from r200254, head/sys/compat/linux/linux_videodev_compat.h
Deleted:
user/eri/pf45/head/etc/rc.d/ip6fw
user/eri/pf45/head/etc/rc.firewall6
user/eri/pf45/head/lib/csu/i386-elf/crt1.c
Modified:
user/eri/pf45/head/MAINTAINERS
user/eri/pf45/head/ObsoleteFiles.inc
user/eri/pf45/head/bin/date/Makefile
user/eri/pf45/head/bin/date/date.c
user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h
user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt
user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c
user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h
user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c
user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def
user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h
user/eri/pf45/head/contrib/groff/tmac/doc-syms
user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c
user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c
user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c
user/eri/pf45/head/etc/Makefile
user/eri/pf45/head/etc/defaults/rc.conf
user/eri/pf45/head/etc/mtree/BSD.var.dist
user/eri/pf45/head/etc/rc.d/Makefile
user/eri/pf45/head/etc/rc.d/ipfw
user/eri/pf45/head/etc/rc.firewall
user/eri/pf45/head/lib/Makefile
user/eri/pf45/head/lib/csu/amd64/Makefile
user/eri/pf45/head/lib/csu/arm/Makefile
user/eri/pf45/head/lib/csu/i386-elf/Makefile
user/eri/pf45/head/lib/csu/ia64/Makefile
user/eri/pf45/head/lib/csu/mips/Makefile
user/eri/pf45/head/lib/csu/powerpc/Makefile
user/eri/pf45/head/lib/csu/sparc64/Makefile
user/eri/pf45/head/lib/libc/gen/exec.c
user/eri/pf45/head/lib/libc/gen/fdevname.c
user/eri/pf45/head/lib/libc/gen/getlogin.c
user/eri/pf45/head/lib/libc/gen/getttyent.c
user/eri/pf45/head/lib/libc/gen/nlist.c
user/eri/pf45/head/lib/libc/gen/pause.c
user/eri/pf45/head/lib/libc/gen/pwcache.c
user/eri/pf45/head/lib/libc/gen/raise.c
user/eri/pf45/head/lib/libc/gen/sleep.c
user/eri/pf45/head/lib/libc/gen/termios.c
user/eri/pf45/head/lib/libc/gen/timezone.c
user/eri/pf45/head/lib/libc/gen/usleep.c
user/eri/pf45/head/lib/libc/gmon/gmon.c
user/eri/pf45/head/lib/libc/nls/es_ES.ISO8859-1.msg
user/eri/pf45/head/lib/libc/posix1e/acl_to_text.c
user/eri/pf45/head/lib/libc/rpc/svc.c
user/eri/pf45/head/lib/libc/stdio/findfp.c
user/eri/pf45/head/lib/libc/stdio/funopen.c
user/eri/pf45/head/lib/libc/stdio/printf.3
user/eri/pf45/head/lib/libc/stdlib/getenv.3
user/eri/pf45/head/lib/libc/stdlib/getenv.c
user/eri/pf45/head/lib/libc/stdlib/system.c
user/eri/pf45/head/lib/libc/string/strcmp.3
user/eri/pf45/head/lib/libc/sys/__error.c
user/eri/pf45/head/lib/libutil/libutil.h
user/eri/pf45/head/libexec/Makefile
user/eri/pf45/head/release/i386/fixit_crunch.conf
user/eri/pf45/head/release/pc98/fixit-small_crunch.conf
user/eri/pf45/head/release/pc98/fixit_crunch.conf
user/eri/pf45/head/rescue/rescue/Makefile
user/eri/pf45/head/sbin/atacontrol/atacontrol.c
user/eri/pf45/head/sbin/init/Makefile
user/eri/pf45/head/sbin/init/init.c
user/eri/pf45/head/sbin/ipfw/dummynet.c
user/eri/pf45/head/sbin/ipfw/ipfw2.c
user/eri/pf45/head/sbin/reboot/Makefile
user/eri/pf45/head/sbin/reboot/reboot.c
user/eri/pf45/head/share/man/man4/man4.powerpc/Makefile
user/eri/pf45/head/share/man/man4/man4.powerpc/pmu.4
user/eri/pf45/head/share/man/man9/VOP_OPENCLOSE.9
user/eri/pf45/head/share/mk/bsd.libnames.mk
user/eri/pf45/head/share/mk/bsd.subdir.mk
user/eri/pf45/head/sys/amd64/amd64/mca.c
user/eri/pf45/head/sys/amd64/include/mca.h
user/eri/pf45/head/sys/arm/conf/AVILA
user/eri/pf45/head/sys/arm/conf/CAMBRIA
user/eri/pf45/head/sys/arm/mv/mv_sata.c
user/eri/pf45/head/sys/boot/i386/libi386/biosmem.c
user/eri/pf45/head/sys/boot/i386/libi386/libi386.h
user/eri/pf45/head/sys/boot/i386/loader/main.c
user/eri/pf45/head/sys/boot/pc98/btx/btx/btx.S
user/eri/pf45/head/sys/boot/pc98/libpc98/biosmem.c
user/eri/pf45/head/sys/boot/pc98/loader/main.c
user/eri/pf45/head/sys/cam/ata/ata_all.c
user/eri/pf45/head/sys/cam/ata/ata_all.h
user/eri/pf45/head/sys/cam/ata/ata_da.c
user/eri/pf45/head/sys/cam/ata/ata_pmp.c
user/eri/pf45/head/sys/cam/ata/ata_xpt.c
user/eri/pf45/head/sys/cam/cam_periph.h
user/eri/pf45/head/sys/cam/scsi/scsi_cd.c
user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zvol.c
user/eri/pf45/head/sys/compat/freebsd32/freebsd32_proto.h
user/eri/pf45/head/sys/compat/freebsd32/freebsd32_syscall.h
user/eri/pf45/head/sys/compat/freebsd32/freebsd32_syscalls.c
user/eri/pf45/head/sys/compat/freebsd32/freebsd32_sysent.c
user/eri/pf45/head/sys/compat/freebsd32/syscalls.master
user/eri/pf45/head/sys/compat/linux/linux_ioctl.c
user/eri/pf45/head/sys/compat/linux/linux_ioctl.h
user/eri/pf45/head/sys/conf/NOTES
user/eri/pf45/head/sys/conf/options
user/eri/pf45/head/sys/dev/aac/aac.c
user/eri/pf45/head/sys/dev/aac/aac_cam.c
user/eri/pf45/head/sys/dev/aac/aacvar.h
user/eri/pf45/head/sys/dev/ahci/ahci.c
user/eri/pf45/head/sys/dev/ata/ata-all.c
user/eri/pf45/head/sys/dev/ata/ata-all.h
user/eri/pf45/head/sys/dev/ata/ata-disk.c
user/eri/pf45/head/sys/dev/ata/ata-dma.c
user/eri/pf45/head/sys/dev/ata/ata-lowlevel.c
user/eri/pf45/head/sys/dev/ata/ata-pci.c
user/eri/pf45/head/sys/dev/ata/ata-pci.h
user/eri/pf45/head/sys/dev/ata/ata-queue.c
user/eri/pf45/head/sys/dev/ata/ata-sata.c
user/eri/pf45/head/sys/dev/ata/ata_if.m
user/eri/pf45/head/sys/dev/ata/atapi-cd.c
user/eri/pf45/head/sys/dev/ata/atapi-fd.c
user/eri/pf45/head/sys/dev/ata/atapi-tape.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-acard.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-acerlabs.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-ahci.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-amd.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-ati.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-cenatek.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-cypress.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-cyrix.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-highpoint.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-intel.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-ite.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-jmicron.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-marvell.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-micron.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-national.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-netcell.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-nvidia.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-promise.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-serverworks.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-siliconimage.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-sis.c
user/eri/pf45/head/sys/dev/ata/chipsets/ata-via.c
user/eri/pf45/head/sys/dev/bge/if_bge.c
user/eri/pf45/head/sys/dev/cxgb/common/cxgb_common.h
user/eri/pf45/head/sys/dev/cxgb/cxgb_t3fw.h
user/eri/pf45/head/sys/dev/e1000/LICENSE
user/eri/pf45/head/sys/dev/e1000/e1000_80003es2lan.c
user/eri/pf45/head/sys/dev/e1000/e1000_80003es2lan.h
user/eri/pf45/head/sys/dev/e1000/e1000_82541.c
user/eri/pf45/head/sys/dev/e1000/e1000_82571.c
user/eri/pf45/head/sys/dev/e1000/e1000_82575.c
user/eri/pf45/head/sys/dev/e1000/e1000_82575.h
user/eri/pf45/head/sys/dev/e1000/e1000_api.c
user/eri/pf45/head/sys/dev/e1000/e1000_defines.h
user/eri/pf45/head/sys/dev/e1000/e1000_hw.h
user/eri/pf45/head/sys/dev/e1000/e1000_ich8lan.c
user/eri/pf45/head/sys/dev/e1000/e1000_ich8lan.h
user/eri/pf45/head/sys/dev/e1000/e1000_mac.c
user/eri/pf45/head/sys/dev/e1000/e1000_manage.c
user/eri/pf45/head/sys/dev/e1000/e1000_osdep.h
user/eri/pf45/head/sys/dev/e1000/e1000_phy.c
user/eri/pf45/head/sys/dev/e1000/e1000_phy.h
user/eri/pf45/head/sys/dev/e1000/e1000_regs.h
user/eri/pf45/head/sys/dev/e1000/if_em.c
user/eri/pf45/head/sys/dev/e1000/if_em.h
user/eri/pf45/head/sys/dev/e1000/if_igb.c
user/eri/pf45/head/sys/dev/e1000/if_igb.h
user/eri/pf45/head/sys/dev/hwpmc/hwpmc_x86.c
user/eri/pf45/head/sys/dev/ichsmb/ichsmb_pci.c
user/eri/pf45/head/sys/dev/if_ndis/if_ndis.c
user/eri/pf45/head/sys/dev/iir/iir_ctrl.c
user/eri/pf45/head/sys/dev/isp/isp_freebsd.c
user/eri/pf45/head/sys/dev/isp/isp_freebsd.h
user/eri/pf45/head/sys/dev/ixgbe/ixgbe.c
user/eri/pf45/head/sys/dev/ixgbe/ixgbe.h
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_82598.c
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_82599.c
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_api.c
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_api.h
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_common.c
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_common.h
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_osdep.h
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_phy.c
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_phy.h
user/eri/pf45/head/sys/dev/ixgbe/ixgbe_type.h
user/eri/pf45/head/sys/dev/puc/pucdata.c
user/eri/pf45/head/sys/dev/siis/siis.c
user/eri/pf45/head/sys/dev/siis/siis.h
user/eri/pf45/head/sys/dev/uart/uart_bus_pci.c
user/eri/pf45/head/sys/dev/usb/controller/ehci_pci.c
user/eri/pf45/head/sys/dev/usb/controller/uhci_pci.c
user/eri/pf45/head/sys/dev/usb/input/atp.c
user/eri/pf45/head/sys/fs/nfs/nfs_commonacl.c
user/eri/pf45/head/sys/fs/nfs/nfs_commonport.c
user/eri/pf45/head/sys/fs/nfs/nfs_commonsubs.c
user/eri/pf45/head/sys/fs/nfs/nfs_var.h
user/eri/pf45/head/sys/fs/nfs/nfsport.h
user/eri/pf45/head/sys/fs/nfsclient/nfs_clrpcops.c
user/eri/pf45/head/sys/fs/nfsclient/nfs_clvnops.c
user/eri/pf45/head/sys/fs/ntfs/ntfs.h
user/eri/pf45/head/sys/fs/ntfs/ntfs_subr.c
user/eri/pf45/head/sys/fs/ntfs/ntfs_vfsops.c
user/eri/pf45/head/sys/fs/portalfs/portal_vnops.c
user/eri/pf45/head/sys/geom/mirror/g_mirror.c
user/eri/pf45/head/sys/geom/mirror/g_mirror.h
user/eri/pf45/head/sys/gnu/fs/reiserfs/reiserfs_vfsops.c
user/eri/pf45/head/sys/i386/conf/NOTES
user/eri/pf45/head/sys/i386/i386/mca.c
user/eri/pf45/head/sys/i386/include/mca.h
user/eri/pf45/head/sys/ia64/ia64/clock.c
user/eri/pf45/head/sys/ia64/ia64/exception.S
user/eri/pf45/head/sys/ia64/ia64/genassym.c
user/eri/pf45/head/sys/ia64/ia64/interrupt.c
user/eri/pf45/head/sys/ia64/ia64/machdep.c
user/eri/pf45/head/sys/ia64/ia64/mp_machdep.c
user/eri/pf45/head/sys/ia64/ia64/pmap.c
user/eri/pf45/head/sys/ia64/include/bus.h
user/eri/pf45/head/sys/ia64/include/cpufunc.h
user/eri/pf45/head/sys/ia64/include/ia64_cpu.h
user/eri/pf45/head/sys/ia64/include/kdb.h
user/eri/pf45/head/sys/ia64/include/param.h
user/eri/pf45/head/sys/ia64/include/pcpu.h
user/eri/pf45/head/sys/ia64/include/pmap.h
user/eri/pf45/head/sys/kern/kern_sig.c
user/eri/pf45/head/sys/kern/vfs_acl.c
user/eri/pf45/head/sys/net80211/ieee80211_hostap.c
user/eri/pf45/head/sys/netinet/in.h
user/eri/pf45/head/sys/netinet/ip_carp.c
user/eri/pf45/head/sys/netinet/ip_fw.h
user/eri/pf45/head/sys/netinet/ipfw/ip_dummynet.c
user/eri/pf45/head/sys/netinet/ipfw/ip_fw2.c
user/eri/pf45/head/sys/netinet/raw_ip.c
user/eri/pf45/head/sys/nfsserver/nfs_serv.c
user/eri/pf45/head/sys/pc98/conf/NOTES
user/eri/pf45/head/sys/powerpc/aim/machdep.c
user/eri/pf45/head/sys/powerpc/include/vmparam.h
user/eri/pf45/head/sys/powerpc/powermac/ata_dbdma.c
user/eri/pf45/head/sys/powerpc/powermac/ata_kauai.c
user/eri/pf45/head/sys/powerpc/powermac/ata_macio.c
user/eri/pf45/head/sys/powerpc/psim/ata_iobus.c
user/eri/pf45/head/sys/sparc64/sparc64/trap.c
user/eri/pf45/head/sys/sys/ata.h
user/eri/pf45/head/sys/sys/param.h
user/eri/pf45/head/sys/vm/uma_int.h
user/eri/pf45/head/tools/regression/bin/sh/parser/for1.0
user/eri/pf45/head/tools/tools/sysbuild/sysbuild.sh
user/eri/pf45/head/usr.bin/Makefile
user/eri/pf45/head/usr.bin/make/proc.c
user/eri/pf45/head/usr.bin/systat/Makefile
user/eri/pf45/head/usr.bin/systat/vmstat.c
user/eri/pf45/head/usr.bin/users/Makefile
user/eri/pf45/head/usr.bin/users/users.c
user/eri/pf45/head/usr.bin/w/Makefile
user/eri/pf45/head/usr.bin/w/w.c
user/eri/pf45/head/usr.bin/wall/Makefile
user/eri/pf45/head/usr.bin/wall/wall.c
user/eri/pf45/head/usr.bin/who/Makefile
user/eri/pf45/head/usr.bin/who/who.c
user/eri/pf45/head/usr.bin/write/Makefile
user/eri/pf45/head/usr.bin/write/write.c
user/eri/pf45/head/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
user/eri/pf45/head/usr.sbin/freebsd-update/freebsd-update.sh
user/eri/pf45/head/usr.sbin/mountd/exports.5
user/eri/pf45/head/usr.sbin/nfsd/nfsv4.4
user/eri/pf45/head/usr.sbin/nfsd/stablerestart.5
user/eri/pf45/head/usr.sbin/pw/pw_user.c
user/eri/pf45/head/usr.sbin/repquota/repquota.c
user/eri/pf45/head/usr.sbin/ypserv/yp_main.c
user/eri/pf45/head/usr.sbin/ypserv/yp_server.c
Directory Properties:
user/eri/pf45/head/ (props changed)
Modified: user/eri/pf45/head/MAINTAINERS
==============================================================================
--- user/eri/pf45/head/MAINTAINERS Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/MAINTAINERS Tue Dec 8 13:25:00 2009 (r200256)
@@ -124,6 +124,8 @@ usr.bin/bluetooth emax Pre-commit review
usr.sbin/bluetooth emax Pre-commit review preferred.
gnu/usr.bin/send-pr bugmaster Pre-commit review requested.
ncurses rafan Heads-up appreciated, try not to break it.
+*env(3) secteam Due to the problematic security history of this
+ code, please have patches reviewed by secteam.
Following are the entries from the Makefiles, and a few other sources.
Please remove stale entries from both their origin, and this file.
Modified: user/eri/pf45/head/ObsoleteFiles.inc
==============================================================================
--- user/eri/pf45/head/ObsoleteFiles.inc Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/ObsoleteFiles.inc Tue Dec 8 13:25:00 2009 (r200256)
@@ -14,8 +14,14 @@
# The file is partitioned: OLD_FILES first, then OLD_LIBS and OLD_DIRS last.
#
+# 20091202: unify rc.firewall and rc.firewall6.
+OLD_FILES+=etc/rc.d/ip6fw
+OLD_FILES+=etc/rc.firewall6
+OLD_FILES+=usr/share/examples/etc/rc.firewall6
# 20091117: removal of rc.early(8) link
OLD_FILES+=usr/share/man/man8/rc.early.8.gz
+# 20091117: usr/share/zoneinfo/GMT link removed
+OLD_FILES+=usr/share/zoneinfo/GMT
# 20091027: pselect.3 implemented as syscall
OLD_FILES+=usr/share/man/man3/pselect.3.gz
# 20091005: fusword.9 and susword.9 removed
Modified: user/eri/pf45/head/bin/date/Makefile
==============================================================================
--- user/eri/pf45/head/bin/date/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/bin/date/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -3,7 +3,7 @@
PROG= date
SRCS= date.c netdate.c vary.c
-DPADD= ${LIBUTIL}
-LDADD= -lutil
+DPADD= ${LIBULOG}
+LDADD= -lulog
.include <bsd.prog.mk>
Modified: user/eri/pf45/head/bin/date/date.c
==============================================================================
--- user/eri/pf45/head/bin/date/date.c Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/bin/date/date.c Tue Dec 8 13:25:00 2009 (r200256)
@@ -48,11 +48,12 @@ __FBSDID("$FreeBSD$");
#include <ctype.h>
#include <err.h>
#include <locale.h>
-#include <libutil.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
+#define _ULOG_POSIX_NAMES
+#include <ulog.h>
#include <unistd.h>
#include "extern.h"
@@ -181,6 +182,7 @@ main(int argc, char *argv[])
static void
setthetime(const char *fmt, const char *p, int jflag, int nflag)
{
+ struct utmpx utx;
struct tm *lt;
struct timeval tv;
const char *dot, *t;
@@ -271,12 +273,16 @@ setthetime(const char *fmt, const char *
if (!jflag) {
/* set the time */
if (nflag || netsettime(tval)) {
- logwtmp("|", "date", "");
+ utx.ut_type = OLD_TIME;
+ gettimeofday(&utx.ut_tv, NULL);
+ pututxline(&utx);
tv.tv_sec = tval;
tv.tv_usec = 0;
if (settimeofday(&tv, (struct timezone *)NULL))
err(1, "settimeofday (timeval)");
- logwtmp("{", "date", "");
+ utx.ut_type = NEW_TIME;
+ gettimeofday(&utx.ut_tv, NULL);
+ pututxline(&utx);
}
if ((p = getlogin()) == NULL)
Modified: user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h
==============================================================================
--- user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h Tue Dec 8 13:25:00 2009 (r200256)
@@ -41,7 +41,7 @@ isc_atomic_xadd(isc_int32_t *p, isc_int3
for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) {
swapped = prev + val;
__asm__ volatile(
- "mov ar.ccv=%2;"
+ "mov ar.ccv=%2;;"
"cmpxchg4.acq %0=%4,%3,ar.ccv"
: "=r" (swapped), "=m" (*p)
: "r" (prev), "r" (swapped), "m" (*p)
@@ -84,7 +84,7 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_i
isc_int32_t ret;
__asm__ volatile(
- "mov ar.ccv=%2;"
+ "mov ar.ccv=%2;;"
"cmpxchg4.acq %0=%4,%3,ar.ccv"
: "=r" (ret), "=m" (*p)
: "r" (cmpval), "r" (val), "m" (*p)
Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt
==============================================================================
--- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt Tue Dec 8 13:25:00 2009 (r200256)
@@ -39,7 +39,7 @@ IMPORTS
FROM BEGEMOT-IP-MIB;
begemotMib2 MODULE-IDENTITY
- LAST-UPDATED "200602130000Z"
+ LAST-UPDATED "200908030000Z"
ORGANIZATION "German Aerospace Center"
CONTACT-INFO
" Hartmut Brandt
@@ -54,6 +54,12 @@ begemotMib2 MODULE-IDENTITY
E-mail: harti at freebsd.org"
DESCRIPTION
"The MIB for private mib2 stuff."
+ REVISION "200908030000Z"
+ DESCRIPTION
+ "Second edition adds begemotIfDataPoll object."
+ REVISION "200602130000Z"
+ DESCRIPTION
+ "Initial revision."
::= { begemotIp 1 }
begemotIfMaxspeed OBJECT-TYPE
@@ -87,4 +93,14 @@ begemotIfForcePoll OBJECT-TYPE
bit rate in its MIB."
::= { begemotMib2 3 }
+begemotIfDataPoll OBJECT-TYPE
+ SYNTAX TimeTicks
+ UNITS "deciseconds"
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The rate at which the mib2 module will poll interface data."
+ DEFVAL { 100 }
+ ::= { begemotMib2 4 }
+
END
Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c
==============================================================================
--- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c Tue Dec 8 13:25:00 2009 (r200256)
@@ -117,6 +117,15 @@ u_int mibif_hc_update_interval;
/* HC update timer handle */
static void *hc_update_timer;
+/* Idle poll timer */
+static void *mibII_poll_timer;
+
+/* interfaces' data poll interval */
+u_int mibII_poll_ticks;
+
+/* Idle poll hook */
+static void mibII_idle(void *arg __unused);
+
/*****************************/
static const struct asn_oid oid_ifMIB = OIDX_ifMIB;
@@ -410,6 +419,20 @@ mibif_reset_hc_timer(void)
mibif_hc_update_interval = ticks;
}
+/**
+ * Restart the idle poll timer.
+ */
+void
+mibif_restart_mibII_poll_timer(void)
+{
+ if (mibII_poll_timer != NULL)
+ timer_stop(mibII_poll_timer);
+
+ if ((mibII_poll_timer = timer_start_repeat(mibII_poll_ticks * 10,
+ mibII_poll_ticks * 10, mibII_idle, NULL, module)) == NULL)
+ syslog(LOG_ERR, "timer_start(%u): %m", mibII_poll_ticks);
+}
+
/*
* Fetch new MIB data.
*/
@@ -1553,7 +1576,7 @@ get_cloners(void)
* Idle function
*/
static void
-mibII_idle(void)
+mibII_idle(void *arg __unused)
{
struct mibifa *ifa;
@@ -1608,6 +1631,10 @@ mibII_start(void)
ipForward_reg = or_register(&oid_ipForward,
"The MIB module for the display of CIDR multipath IP Routes.",
module);
+
+ mibII_poll_timer = NULL;
+ mibII_poll_ticks = MIBII_POLL_TICKS;
+ mibif_restart_mibII_poll_timer();
}
/*
@@ -1651,6 +1678,11 @@ mibII_init(struct lmodule *mod, int argc
static int
mibII_fini(void)
{
+ if (mibII_poll_timer != NULL ) {
+ timer_stop(mibII_poll_timer);
+ mibII_poll_timer = NULL;
+ }
+
if (route_fd != NULL)
fd_deselect(route_fd);
if (route != -1)
@@ -1690,7 +1722,7 @@ const struct snmp_module config = {
"This module implements the interface and ip groups.",
mibII_init,
mibII_fini,
- mibII_idle, /* idle */
+ NULL, /* idle */
NULL, /* dump */
NULL, /* config */
mibII_start,
Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h
==============================================================================
--- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h Tue Dec 8 13:25:00 2009 (r200256)
@@ -211,6 +211,14 @@ extern u_int mibif_hc_update_interval;
/* re-compute update interval */
void mibif_reset_hc_timer(void);
+/* interfaces' data poll interval */
+extern u_int mibII_poll_ticks;
+
+/* restart the data poll timer */
+void mibif_restart_mibII_poll_timer(void);
+
+#define MIBII_POLL_TICKS 100
+
/* get interfaces and interface addresses. */
void mib_fetch_interfaces(void);
Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c
==============================================================================
--- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c Tue Dec 8 13:25:00 2009 (r200256)
@@ -59,6 +59,11 @@ op_begemot_mibII(struct snmp_context *ct
ctx->scratch->int1 = mibif_force_hc_update_interval;
mibif_force_hc_update_interval = value->v.uint32;
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ ctx->scratch->int1 = mibII_poll_ticks;
+ mibII_poll_ticks = value->v.uint32;
+ return (SNMP_ERR_NOERROR);
}
abort();
@@ -68,6 +73,10 @@ op_begemot_mibII(struct snmp_context *ct
case LEAF_begemotIfForcePoll:
mibif_force_hc_update_interval = ctx->scratch->int1;
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ mibII_poll_ticks = ctx->scratch->int1;
+ return (SNMP_ERR_NOERROR);
}
abort();
@@ -78,6 +87,10 @@ op_begemot_mibII(struct snmp_context *ct
mibif_force_hc_update_interval = ctx->scratch->int1;
mibif_reset_hc_timer();
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ mibif_restart_mibII_poll_timer();
+ return (SNMP_ERR_NOERROR);
}
abort();
}
@@ -98,6 +111,10 @@ op_begemot_mibII(struct snmp_context *ct
case LEAF_begemotIfForcePoll:
value->v.uint32 = mibif_force_hc_update_interval;
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ value->v.uint32 = mibII_poll_ticks;
+ return (SNMP_ERR_NOERROR);
}
abort();
}
Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def
==============================================================================
--- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def Tue Dec 8 13:25:00 2009 (r200256)
@@ -240,6 +240,7 @@
(1 begemotIfMaxspeed COUNTER64 op_begemot_mibII GET)
(2 begemotIfPoll TIMETICKS op_begemot_mibII GET)
(3 begemotIfForcePoll TIMETICKS op_begemot_mibII GET SET)
+ (4 begemotIfDataPoll TIMETICKS op_begemot_mibII GET SET)
)
)
)
Modified: user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h
==============================================================================
--- user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h Tue Dec 8 13:25:00 2009 (r200256)
@@ -103,9 +103,10 @@ Boston, MA 02110-1301, USA. */
%{p:gcrt1.o%s} \
%{!p: \
%{profile:gcrt1.o%s} \
- %{!profile:crt1.o%s}}}} \
+ %{!profile: \
+ %{pie: Scrt1.o%s;:crt1.o%s}}}}} \
crti.o%s \
- %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}"
+ %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
/* Provide an ENDFILE_SPEC appropriate for FreeBSD/i386. Here we tack on
our own magical crtend.o file (see crtstuff.c) which provides part of
@@ -113,8 +114,7 @@ Boston, MA 02110-1301, USA. */
entering `main', followed by the normal "finalizer" file, `crtn.o'. */
#define FBSD_ENDFILE_SPEC "\
- %{!shared:crtend.o%s} \
- %{shared:crtendS.o%s} \
+ %{shared|pie:crtendS.o%s;:crtend.o%s} \
crtn.o%s "
/* Provide a LIB_SPEC appropriate for FreeBSD as configured and as
Modified: user/eri/pf45/head/contrib/groff/tmac/doc-syms
==============================================================================
--- user/eri/pf45/head/contrib/groff/tmac/doc-syms Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/contrib/groff/tmac/doc-syms Tue Dec 8 13:25:00 2009 (r200256)
@@ -777,6 +777,7 @@
.ds doc-str-Lb-librt \*[Px] \*[doc-str-Lb]Real-time Library (librt, \-lrt)
.ds doc-str-Lb-libtermcap Termcap Access Library (libtermcap, \-ltermcap)
.ds doc-str-Lb-libusbhid USB Human Interface Devices Library (libusbhid, \-lusbhid)
+.ds doc-str-Lb-libulog User Login Record Library (libulog, \-lulog)
.ds doc-str-Lb-libutil System Utilities Library (libutil, \-lutil)
.ds doc-str-Lb-libx86_64 x86_64 Architecture Library (libx86_64, \-lx86_64)
.ds doc-str-Lb-libz Compression Library (libz, \-lz)
Modified: user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c Tue Dec 8 13:25:00 2009 (r200256)
@@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (1)
+ return(0);
+
s->s3->renegotiate=1;
return(1);
}
Modified: user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c Tue Dec 8 13:25:00 2009 (r200256)
@@ -983,9 +983,7 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
+ if (0)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1116,8 +1114,7 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ if (0)
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c Tue Dec 8 13:25:00 2009 (r200256)
@@ -718,6 +718,13 @@ int ssl3_get_client_hello(SSL *s)
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s->new_session)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Modified: user/eri/pf45/head/etc/Makefile
==============================================================================
--- user/eri/pf45/head/etc/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/etc/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -15,7 +15,7 @@ BIN1= auth.conf \
inetd.conf libalias.conf login.access login.conf mac.conf motd \
netconfig network.subr networks newsyslog.conf nsswitch.conf \
phones profile protocols \
- rc rc.bsdextended rc.firewall rc.firewall6 rc.initdiskless \
+ rc rc.bsdextended rc.firewall rc.initdiskless \
rc.sendmail rc.shutdown \
rc.subr remote rpc services shells \
sysctl.conf syslog.conf
Modified: user/eri/pf45/head/etc/defaults/rc.conf
==============================================================================
--- user/eri/pf45/head/etc/defaults/rc.conf Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/etc/defaults/rc.conf Tue Dec 8 13:25:00 2009 (r200256)
@@ -118,7 +118,10 @@ firewall_type="UNKNOWN" # Firewall type
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
-firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
+firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client"
+ # firewall.
+#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for
+ # "client" firewall.
firewall_simple_iif="ed1" # Inside network interface for "simple"
# firewall.
firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
@@ -127,12 +130,22 @@ firewall_simple_oif="ed0" # Outside netw
# firewall.
firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
# firewall.
+#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple"
+ # firewall.
+#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix
+ # for "simple" firewall.
+#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple"
+ # firewall.
+#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix
+ # for "simple" firewall.
firewall_myservices="" # List of TCP ports on which this host
# offers services for "workstation" firewall.
firewall_allowservices="" # List of IPs which have access to
# $firewall_myservices for "workstation"
# firewall.
-firewall_trusted="" # List of IPs which have full access to this
+firewall_trusted="" # List of IPv4s which have full access to this
+ # host for "workstation" firewall.
+firewall_trusted_ipv6="" # List of IPv6s which have full access to this
# host for "workstation" firewall.
firewall_logdeny="NO" # Set to YES to log default denied incoming
# packets for "workstation" firewall.
@@ -472,13 +485,6 @@ ipv6_faith_prefix="NO" # Set faith pref
# faithd(8) setup.
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
# communication. (like ::ffff:a.b.c.d)
-ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall
- # functionality
-ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall
-ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6)
-ipv6_firewall_quiet="NO" # Set to YES to suppress rule display
-ipv6_firewall_logging="NO" # Set to YES to enable events logging
-ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file
ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
# see /usr/src/contrib/ipfilter/rules
# for examples
Modified: user/eri/pf45/head/etc/mtree/BSD.var.dist
==============================================================================
--- user/eri/pf45/head/etc/mtree/BSD.var.dist Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/etc/mtree/BSD.var.dist Tue Dec 8 13:25:00 2009 (r200256)
@@ -32,7 +32,7 @@
db
entropy uname=operator gname=operator mode=0700
..
- freebsd-update
+ freebsd-update mode=0700
..
ipf mode=0700
..
Modified: user/eri/pf45/head/etc/rc.d/Makefile
==============================================================================
--- user/eri/pf45/head/etc/rc.d/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/etc/rc.d/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -15,7 +15,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKI
hcsecd \
hostapd hostid hostid_save hostname \
inetd initrandom \
- ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \
+ ip6addrctl ipfilter ipfs ipfw ipmon \
ipnat ipsec ipxrouted \
jail \
kadmind kerberos keyserv kldxref kpasswdd \
Modified: user/eri/pf45/head/etc/rc.d/ipfw
==============================================================================
--- user/eri/pf45/head/etc/rc.d/ipfw Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/etc/rc.d/ipfw Tue Dec 8 13:25:00 2009 (r200256)
@@ -17,6 +17,8 @@ start_precmd="ipfw_prestart"
stop_cmd="ipfw_stop"
required_modules="ipfw"
+set_rcvar_obsolete ipv6_firewall_enable
+
ipfw_prestart()
{
if checkyesno dummynet_enable; then
@@ -61,7 +63,13 @@ ipfw_start()
# Enable the firewall
#
if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then
- warn "failed to enable firewall"
+ warn "failed to enable IPv4 firewall"
+ fi
+ if afexists inet6; then
+ if ! ${SYSCTL_W} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1
+ then
+ warn "failed to enable IPv6 firewall"
+ fi
fi
}
@@ -70,6 +78,9 @@ ipfw_stop()
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
+ if afexists inet6; then
+ ${SYSCTL_W} net.inet6.ip6.fw.enable=0
+ fi
if [ -f /etc/rc.d/natd ] ; then
/etc/rc.d/natd quietstop
fi
Modified: user/eri/pf45/head/etc/rc.firewall
==============================================================================
--- user/eri/pf45/head/etc/rc.firewall Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/etc/rc.firewall Tue Dec 8 13:25:00 2009 (r200256)
@@ -85,12 +85,42 @@ setup_loopback () {
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add 400 deny all from any to ::1
+ ${fwcmd} add 500 deny all from ::1 to any
+ fi
+}
+
+setup_ipv6_mandatory () {
+ [ $ipv6_available -eq 0 ] || return 0
+
+ ############
+ # Only in rare cases do you want to change these rules
+ #
+ # ND
+ #
+ # DAD
+ ${fwcmd} add pass ipv6-icmp from :: to ff02::/16
+ # RS, RA, NS, NA, redirect...
+ ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10
+ ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16
+
+ # Allow ICMPv6 destination unreach
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1
+
+ # Allow NS/NA/toobig (don't filter it out)
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136
}
if [ -n "${1}" ]; then
firewall_type="${1}"
fi
+. /etc/rc.subr
+. /etc/network.subr
+afexists inet6
+ipv6_available=$?
+
############
# Set quiet mode if requested
#
@@ -109,6 +139,7 @@ esac
${fwcmd} -f flush
setup_loopback
+setup_ipv6_mandatory
############
# Network Address Translation. All packets are passed to natd(8)
@@ -166,11 +197,13 @@ case ${firewall_type} in
# against people from outside your own network.
#
# Configuration:
- # firewall_client_net: Network address of local network.
+ # firewall_client_net: Network address of local IPv4 network.
+ # firewall_client_net_ipv6: Network address of local IPv6 network.
############
# set this to your local network
net="$firewall_client_net"
+ net6="$firewall_client_net_ipv6"
# Allow limited broadcast traffic from my own net.
${fwcmd} add pass all from ${net} to 255.255.255.255
@@ -178,6 +211,16 @@ case ${firewall_type} in
# Allow any traffic to or from my own net.
${fwcmd} add pass all from me to ${net}
${fwcmd} add pass all from ${net} to me
+ if [ -n "$net6" ]; then
+ ${fwcmd} add pass all from me6 to ${net6}
+ ${fwcmd} add pass all from ${net6} to me6
+ fi
+
+ if [ -n "$net6" ]; then
+ # Allow any link-local multicast traffic
+ ${fwcmd} add pass all from fe80::/10 to ff02::/16
+ ${fwcmd} add pass all from ${net6} to ff02::/16
+ fi
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
@@ -212,23 +255,38 @@ case ${firewall_type} in
# on the inside at this machine for those services.
#
# Configuration:
- # firewall_simple_iif: Inside network interface.
- # firewall_simple_inet: Inside network address.
- # firewall_simple_oif: Outside network interface.
- # firewall_simple_onet: Outside network address.
+ # firewall_simple_iif: Inside IPv4 network interface.
+ # firewall_simple_inet: Inside IPv4 network address.
+ # firewall_simple_oif: Outside IPv4 network interface.
+ # firewall_simple_onet: Outside IPv4 network address.
+ # firewall_simple_iif_ipv6: Inside IPv6 network interface.
+ # firewall_simple_inet_ipv6: Inside IPv6 network prefix.
+ # firewall_simple_oif_ipv6: Outside IPv6 network interface.
+ # firewall_simple_onet_ipv6: Outside IPv6 network prefix.
############
# set these to your outside interface network
oif="$firewall_simple_oif"
onet="$firewall_simple_onet"
+ oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}"
+ onet6="$firewall_simple_onet_ipv6"
# set these to your inside interface network
iif="$firewall_simple_iif"
inet="$firewall_simple_inet"
+ iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}"
+ inet6="$firewall_simple_inet_ipv6"
# Stop spoofing
${fwcmd} add deny all from ${inet} to any in via ${oif}
${fwcmd} add deny all from ${onet} to any in via ${iif}
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add deny all from ${inet6} to any in via ${oif6}
+ if [ -n "$onet6" ]; then
+ ${fwcmd} add deny all from ${onet6} to any in \
+ via ${iif6}
+ fi
+ fi
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
@@ -254,7 +312,7 @@ case ${firewall_type} in
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
- ${fwcmd} add divert natd all from any to any via ${natd_interface}
+ ${fwcmd} add divert natd ip4 from any to any via ${natd_interface}
fi
;;
esac
@@ -273,6 +331,55 @@ case ${firewall_type} in
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
+ if [ -n "$inet6" ]; then
+ # Stop unique local unicast address on the outside interface
+ ${fwcmd} add deny all from fc00::/7 to any via ${oif6}
+ ${fwcmd} add deny all from any to fc00::/7 via ${oif6}
+
+ # Stop site-local on the outside interface
+ ${fwcmd} add deny all from fec0::/10 to any via ${oif6}
+ ${fwcmd} add deny all from any to fec0::/10 via ${oif6}
+
+ # Disallow "internal" addresses to appear on the wire.
+ ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \
+ via ${oif6}
+ ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \
+ via ${oif6}
+
+ # Disallow packets to malicious IPv4 compatible prefix.
+ ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6}
+ ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6}
+ ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6}
+ ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6}
+
+ ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6}
+
+ # Disallow packets to malicious 6to4 prefix.
+ ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6}
+ ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6}
+
+ ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6}
+ ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6}
+
+ ${fwcmd} add deny all from ff05::/16 to any via ${oif6}
+ ${fwcmd} add deny all from any to ff05::/16 via ${oif6}
+ fi
+
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
@@ -291,7 +398,11 @@ case ${firewall_type} in
${fwcmd} add pass tcp from any to me 80 setup
# Reject&Log all setup of incoming connections from the outside
- ${fwcmd} add deny log tcp from any to any in via ${oif} setup
+ ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add deny log ip6 from any to any in via ${oif6} \
+ setup proto tcp
+ fi
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
@@ -313,7 +424,7 @@ case ${firewall_type} in
# offers services.
# firewall_allowservices: List of IPs which has access to
# $firewall_myservices.
- # firewall_trusted: List of IPs which has full access
+ # firewall_trusted: List of IPv4s which has full access
# to this host. Be very carefull
# when setting this. This option can
# seriously degrade the level of
@@ -324,25 +435,44 @@ case ${firewall_type} in
# firewall_nologports: List of TCP/UDP ports for which
# denied incomming packets are not
# logged.
-
+ # firewall_trusted_ipv6: List of IPv6s which has full access
+ # to this host. Be very carefull
+ # when setting this. This option can
+ # seriously degrade the level of
+ # protection provided by the firewall.
+
# Allow packets for which a state has been built.
${fwcmd} add check-state
# For services permitted below.
${fwcmd} add pass tcp from me to any established
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass tcp from me6 to any established
+ fi
# Allow any connection out, adding state for each.
${fwcmd} add pass tcp from me to any setup keep-state
${fwcmd} add pass udp from me to any keep-state
${fwcmd} add pass icmp from me to any keep-state
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass tcp from me6 to any setup keep-state
+ ${fwcmd} add pass udp from me6 to any keep-state
+ ${fwcmd} add pass ipv6-icmp from me6 to any keep-state
+ fi
# Allow DHCP.
${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out
${fwcmd} add pass udp from any 67 to me 68 in
${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass udp from fe80::/10 to me6 546 in
+ fi
# Some servers will ping the IP while trying to decide if it's
# still in use.
${fwcmd} add pass icmp from any to any icmptype 8
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129
+ fi
# Allow "mandatory" ICMP in.
${fwcmd} add pass icmp from any to any icmptype 3,4,11
@@ -361,6 +491,9 @@ case ${firewall_type} in
for i in ${firewall_allowservices} ; do
for j in ${firewall_myservices} ; do
${fwcmd} add pass tcp from $i to me $j
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass tcp from $i to me6 $j
+ fi
done
done
@@ -370,7 +503,10 @@ case ${firewall_type} in
for i in ${firewall_trusted} ; do
${fwcmd} add pass ip from $i to me
done
-
+ for i in ${firewall_trusted_ipv6} ; do
+ ${fwcmd} add pass all from $i to me6
+ done
+
${fwcmd} add 65000 count ip from any to any
# Drop packets to ports where we don't want logging
Modified: user/eri/pf45/head/lib/Makefile
==============================================================================
--- user/eri/pf45/head/lib/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/lib/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -40,8 +40,8 @@ SUBDIR= ${_csu} libc libbsm libauditd li
${_libpmc} libproc librt ${_libsdp} ${_libsm} ${_libsmb} \
${_libsmdb} \
${_libsmutil} libstand ${_libtelnet} ${_libthr} libthread_db libufs \
- libugidfw ${_libusbhid} ${_libusb} ${_libvgl} libwrap liby libz \
- ${_bind}
+ libugidfw libulog ${_libusbhid} ${_libusb} ${_libvgl} libwrap \
+ liby libz ${_bind}
.if exists(${.CURDIR}/csu/${MACHINE_ARCH}-elf)
_csu=csu/${MACHINE_ARCH}-elf
Modified: user/eri/pf45/head/lib/csu/amd64/Makefile
==============================================================================
--- user/eri/pf45/head/lib/csu/amd64/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/lib/csu/amd64/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -4,7 +4,7 @@
SRCS= crt1.c crti.S crtn.S
OBJS= ${SRCS:N*.h:R:S/$/.o/g}
-OBJS+= gcrt1.o
+OBJS+= Scrt1.o gcrt1.o
CFLAGS+= -I${.CURDIR}/../common \
-I${.CURDIR}/../../libc/include
CFLAGS+= -fno-omit-frame-pointer
@@ -16,6 +16,9 @@ CLEANFILES= ${OBJS}
gcrt1.o: crt1.c
${CC} ${CFLAGS} -DGCRT -c -o gcrt1.o ${.CURDIR}/crt1.c
+Scrt1.o: crt1.c
+ ${CC} ${CFLAGS} -fPIC -DPIC -c -o Scrt1.o ${.CURDIR}/crt1.c
+
realinstall:
${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
${OBJS} ${DESTDIR}${LIBDIR}
Modified: user/eri/pf45/head/lib/csu/arm/Makefile
==============================================================================
--- user/eri/pf45/head/lib/csu/arm/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/lib/csu/arm/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -4,7 +4,7 @@
SRCS= crt1.c crti.S crtn.S
OBJS= ${SRCS:N*.h:R:S/$/.o/g}
-OBJS+= gcrt1.o
+OBJS+= Scrt1.o gcrt1.o
CFLAGS+= -Wall -Wno-unused \
-I${.CURDIR}/../common \
-I${.CURDIR}/../../libc/include
@@ -16,6 +16,9 @@ CLEANFILES= ${OBJS}
gcrt1.o: crt1.c
${CC} ${CFLAGS} -DGCRT -c -o gcrt1.o ${.ALLSRC}
+Scrt1.o: crt1.c
+ ${CC} ${CFLAGS} -fPIC -DPIC -c -o Scrt1.o ${.ALLSRC}
+
realinstall:
${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
${OBJS} ${DESTDIR}${LIBDIR}
Modified: user/eri/pf45/head/lib/csu/i386-elf/Makefile
==============================================================================
--- user/eri/pf45/head/lib/csu/i386-elf/Makefile Tue Dec 8 13:06:35 2009 (r200255)
+++ user/eri/pf45/head/lib/csu/i386-elf/Makefile Tue Dec 8 13:25:00 2009 (r200256)
@@ -2,8 +2,8 @@
.PATH: ${.CURDIR}/../common
-SRCS= crt1.c crti.S crtn.S
-FILES= ${SRCS:N*.h:R:S/$/.o/g} gcrt1.o
+SRCS= crti.S crtn.S
+FILES= ${SRCS:N*.h:R:S/$/.o/g} gcrt1.o crt1.o Scrt1.o
FILESOWN= ${LIBOWN}
FILESGRP= ${LIBGRP}
FILESMODE= ${LIBMODE}
@@ -11,9 +11,23 @@ FILESDIR= ${LIBDIR}
WARNS?= 6
CFLAGS+= -I${.CURDIR}/../common \
-I${.CURDIR}/../../libc/include
-CLEANFILES= ${FILES}
+CLEANFILES= ${FILES} crt1_c.o crt1_s.o gcrt1_c.o Scrt1_c.o
-gcrt1.o: crt1.c
- ${CC} ${CFLAGS} -DGCRT -c -o gcrt1.o ${.CURDIR}/crt1.c
+gcrt1_c.o: crt1_c.c
+ ${CC} ${CFLAGS} -DGCRT -c -o gcrt1_c.o ${.CURDIR}/crt1_c.c
+
+gcrt1.o: gcrt1_c.o crt1_s.o
+ ${LD} ${LDFLAGS} -o gcrt1.o -r crt1_s.o gcrt1_c.o
+
+crt1.o: crt1_c.o crt1_s.o
+ ${LD} ${LDFLAGS} -o crt1.o -r crt1_s.o crt1_c.o
+ objcopy --localize-symbol _start1 crt1.o
+
+Scrt1_c.o: crt1_c.c
+ ${CC} ${CFLAGS} -DGCRT -fPIC -DPIC -c -o Scrt1_c.o ${.CURDIR}/crt1_c.c
+
+Scrt1.o: Scrt1_c.o crt1_s.o
+ ${LD} ${LDFLAGS} -o Scrt1.o -r crt1_s.o Scrt1_c.o
+ objcopy --localize-symbol _start1 Scrt1.o
.include <bsd.prog.mk>
Copied: user/eri/pf45/head/lib/csu/i386-elf/crt1_c.c (from r200254, head/lib/csu/i386-elf/crt1_c.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/eri/pf45/head/lib/csu/i386-elf/crt1_c.c Tue Dec 8 13:25:00 2009 (r200256, copy of r200254, head/lib/csu/i386-elf/crt1_c.c)
@@ -0,0 +1,95 @@
+/* LINTLIBRARY */
+/*-
+ * Copyright 1996-1998 John D. Polstra.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef lint
+#ifndef __GNUC__
+#error "GCC is needed to compile this file"
+#endif
+#endif /* lint */
+
+#include <stdlib.h>
+
+#include "libc_private.h"
+#include "crtbrand.c"
+
+extern int _DYNAMIC;
+#pragma weak _DYNAMIC
+
+typedef void (*fptr)(void);
+
+extern void _fini(void);
+extern void _init(void);
+extern int main(int, char **, char **);
+extern void _start(char *, ...);
+
+#ifdef GCRT
+extern void _mcleanup(void);
+extern void monstartup(void *, void *);
+extern int eprol;
+extern int etext;
+#endif
+
+char **environ;
+const char *__progname = "";
+
+void _start1(fptr, int, char *[]) __dead2;
+
+/* The entry function, C part. */
+void
+_start1(fptr cleanup, int argc, char *argv[])
+{
+ char **env;
+ const char *s;
+
+ env = argv + argc + 1;
+ environ = env;
+ if (argc > 0 && argv[0] != NULL) {
+ __progname = argv[0];
+ for (s = __progname; *s != '\0'; s++)
+ if (*s == '/')
+ __progname = s + 1;
+ }
+
+ if (&_DYNAMIC != NULL)
+ atexit(cleanup);
+ else
+ _init_tls();
+
+#ifdef GCRT
+ atexit(_mcleanup);
+#endif
+ atexit(_fini);
+#ifdef GCRT
+ monstartup(&eprol, &etext);
+__asm__("eprol:");
+#endif
+ _init();
+ exit( main(argc, argv, env) );
+}
+
+__asm(".hidden _start1");
Copied: user/eri/pf45/head/lib/csu/i386-elf/crt1_s.S (from r200254, head/lib/csu/i386-elf/crt1_s.S)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/eri/pf45/head/lib/csu/i386-elf/crt1_s.S Tue Dec 8 13:25:00 2009 (r200256, copy of r200254, head/lib/csu/i386-elf/crt1_s.S)
@@ -0,0 +1,44 @@
+/*-
+ * Copyright 2009 Konstantin Belousov.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list