Date: Tue, 8 Dec 2009 13:25:01 +0000 (UTC) From: Ermal Luçi <eri@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r200256 - in user/eri/pf45/head: . bin/date contrib/bind9/lib/isc/ia64/include/isc contrib/bsnmp/snmp_mibII contrib/gcc/config contrib/groff/tmac crypto/openssl/ssl etc etc/defaults etc... Message-ID: <200912081325.nB8DP1s9089088@svn.freebsd.org>
index | next in thread | raw e-mail
Author: eri Date: Tue Dec 8 13:25:00 2009 New Revision: 200256 URL: http://svn.freebsd.org/changeset/base/200256 Log: MFH to include netstat fixes. Added: user/eri/pf45/head/lib/csu/i386-elf/crt1_c.c - copied unchanged from r200254, head/lib/csu/i386-elf/crt1_c.c user/eri/pf45/head/lib/csu/i386-elf/crt1_s.S - copied unchanged from r200254, head/lib/csu/i386-elf/crt1_s.S user/eri/pf45/head/lib/libulog/ - copied from r200254, head/lib/libulog/ user/eri/pf45/head/libexec/ulog-helper/ - copied from r200254, head/libexec/ulog-helper/ user/eri/pf45/head/share/man/man4/man4.powerpc/adb.4 - copied unchanged from r200254, head/share/man/man4/man4.powerpc/adb.4 user/eri/pf45/head/share/man/man4/man4.powerpc/akbd.4 - copied unchanged from r200254, head/share/man/man4/man4.powerpc/akbd.4 user/eri/pf45/head/share/man/man4/man4.powerpc/ams.4 - copied unchanged from r200254, head/share/man/man4/man4.powerpc/ams.4 user/eri/pf45/head/share/man/man4/man4.powerpc/cuda.4 - copied unchanged from r200254, head/share/man/man4/man4.powerpc/cuda.4 user/eri/pf45/head/sys/compat/linux/linux_videodev.h - copied unchanged from r200254, head/sys/compat/linux/linux_videodev.h user/eri/pf45/head/sys/compat/linux/linux_videodev_compat.h - copied unchanged from r200254, head/sys/compat/linux/linux_videodev_compat.h Deleted: user/eri/pf45/head/etc/rc.d/ip6fw user/eri/pf45/head/etc/rc.firewall6 user/eri/pf45/head/lib/csu/i386-elf/crt1.c Modified: user/eri/pf45/head/MAINTAINERS user/eri/pf45/head/ObsoleteFiles.inc user/eri/pf45/head/bin/date/Makefile user/eri/pf45/head/bin/date/date.c user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h user/eri/pf45/head/contrib/groff/tmac/doc-syms user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c user/eri/pf45/head/etc/Makefile user/eri/pf45/head/etc/defaults/rc.conf user/eri/pf45/head/etc/mtree/BSD.var.dist user/eri/pf45/head/etc/rc.d/Makefile user/eri/pf45/head/etc/rc.d/ipfw user/eri/pf45/head/etc/rc.firewall user/eri/pf45/head/lib/Makefile user/eri/pf45/head/lib/csu/amd64/Makefile user/eri/pf45/head/lib/csu/arm/Makefile user/eri/pf45/head/lib/csu/i386-elf/Makefile user/eri/pf45/head/lib/csu/ia64/Makefile user/eri/pf45/head/lib/csu/mips/Makefile user/eri/pf45/head/lib/csu/powerpc/Makefile user/eri/pf45/head/lib/csu/sparc64/Makefile user/eri/pf45/head/lib/libc/gen/exec.c user/eri/pf45/head/lib/libc/gen/fdevname.c user/eri/pf45/head/lib/libc/gen/getlogin.c user/eri/pf45/head/lib/libc/gen/getttyent.c user/eri/pf45/head/lib/libc/gen/nlist.c user/eri/pf45/head/lib/libc/gen/pause.c user/eri/pf45/head/lib/libc/gen/pwcache.c user/eri/pf45/head/lib/libc/gen/raise.c user/eri/pf45/head/lib/libc/gen/sleep.c user/eri/pf45/head/lib/libc/gen/termios.c user/eri/pf45/head/lib/libc/gen/timezone.c user/eri/pf45/head/lib/libc/gen/usleep.c user/eri/pf45/head/lib/libc/gmon/gmon.c user/eri/pf45/head/lib/libc/nls/es_ES.ISO8859-1.msg user/eri/pf45/head/lib/libc/posix1e/acl_to_text.c user/eri/pf45/head/lib/libc/rpc/svc.c user/eri/pf45/head/lib/libc/stdio/findfp.c user/eri/pf45/head/lib/libc/stdio/funopen.c user/eri/pf45/head/lib/libc/stdio/printf.3 user/eri/pf45/head/lib/libc/stdlib/getenv.3 user/eri/pf45/head/lib/libc/stdlib/getenv.c user/eri/pf45/head/lib/libc/stdlib/system.c user/eri/pf45/head/lib/libc/string/strcmp.3 user/eri/pf45/head/lib/libc/sys/__error.c user/eri/pf45/head/lib/libutil/libutil.h user/eri/pf45/head/libexec/Makefile user/eri/pf45/head/release/i386/fixit_crunch.conf user/eri/pf45/head/release/pc98/fixit-small_crunch.conf user/eri/pf45/head/release/pc98/fixit_crunch.conf user/eri/pf45/head/rescue/rescue/Makefile user/eri/pf45/head/sbin/atacontrol/atacontrol.c user/eri/pf45/head/sbin/init/Makefile user/eri/pf45/head/sbin/init/init.c user/eri/pf45/head/sbin/ipfw/dummynet.c user/eri/pf45/head/sbin/ipfw/ipfw2.c user/eri/pf45/head/sbin/reboot/Makefile user/eri/pf45/head/sbin/reboot/reboot.c user/eri/pf45/head/share/man/man4/man4.powerpc/Makefile user/eri/pf45/head/share/man/man4/man4.powerpc/pmu.4 user/eri/pf45/head/share/man/man9/VOP_OPENCLOSE.9 user/eri/pf45/head/share/mk/bsd.libnames.mk user/eri/pf45/head/share/mk/bsd.subdir.mk user/eri/pf45/head/sys/amd64/amd64/mca.c user/eri/pf45/head/sys/amd64/include/mca.h user/eri/pf45/head/sys/arm/conf/AVILA user/eri/pf45/head/sys/arm/conf/CAMBRIA user/eri/pf45/head/sys/arm/mv/mv_sata.c user/eri/pf45/head/sys/boot/i386/libi386/biosmem.c user/eri/pf45/head/sys/boot/i386/libi386/libi386.h user/eri/pf45/head/sys/boot/i386/loader/main.c user/eri/pf45/head/sys/boot/pc98/btx/btx/btx.S user/eri/pf45/head/sys/boot/pc98/libpc98/biosmem.c user/eri/pf45/head/sys/boot/pc98/loader/main.c user/eri/pf45/head/sys/cam/ata/ata_all.c user/eri/pf45/head/sys/cam/ata/ata_all.h user/eri/pf45/head/sys/cam/ata/ata_da.c user/eri/pf45/head/sys/cam/ata/ata_pmp.c user/eri/pf45/head/sys/cam/ata/ata_xpt.c user/eri/pf45/head/sys/cam/cam_periph.h user/eri/pf45/head/sys/cam/scsi/scsi_cd.c user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zvol.c user/eri/pf45/head/sys/compat/freebsd32/freebsd32_proto.h user/eri/pf45/head/sys/compat/freebsd32/freebsd32_syscall.h user/eri/pf45/head/sys/compat/freebsd32/freebsd32_syscalls.c user/eri/pf45/head/sys/compat/freebsd32/freebsd32_sysent.c user/eri/pf45/head/sys/compat/freebsd32/syscalls.master user/eri/pf45/head/sys/compat/linux/linux_ioctl.c user/eri/pf45/head/sys/compat/linux/linux_ioctl.h user/eri/pf45/head/sys/conf/NOTES user/eri/pf45/head/sys/conf/options user/eri/pf45/head/sys/dev/aac/aac.c user/eri/pf45/head/sys/dev/aac/aac_cam.c user/eri/pf45/head/sys/dev/aac/aacvar.h user/eri/pf45/head/sys/dev/ahci/ahci.c user/eri/pf45/head/sys/dev/ata/ata-all.c user/eri/pf45/head/sys/dev/ata/ata-all.h user/eri/pf45/head/sys/dev/ata/ata-disk.c user/eri/pf45/head/sys/dev/ata/ata-dma.c user/eri/pf45/head/sys/dev/ata/ata-lowlevel.c user/eri/pf45/head/sys/dev/ata/ata-pci.c user/eri/pf45/head/sys/dev/ata/ata-pci.h user/eri/pf45/head/sys/dev/ata/ata-queue.c user/eri/pf45/head/sys/dev/ata/ata-sata.c user/eri/pf45/head/sys/dev/ata/ata_if.m user/eri/pf45/head/sys/dev/ata/atapi-cd.c user/eri/pf45/head/sys/dev/ata/atapi-fd.c user/eri/pf45/head/sys/dev/ata/atapi-tape.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-acard.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-acerlabs.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-ahci.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-amd.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-ati.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-cenatek.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-cypress.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-cyrix.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-highpoint.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-intel.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-ite.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-jmicron.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-marvell.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-micron.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-national.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-netcell.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-nvidia.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-promise.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-serverworks.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-siliconimage.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-sis.c user/eri/pf45/head/sys/dev/ata/chipsets/ata-via.c user/eri/pf45/head/sys/dev/bge/if_bge.c user/eri/pf45/head/sys/dev/cxgb/common/cxgb_common.h user/eri/pf45/head/sys/dev/cxgb/cxgb_t3fw.h user/eri/pf45/head/sys/dev/e1000/LICENSE user/eri/pf45/head/sys/dev/e1000/e1000_80003es2lan.c user/eri/pf45/head/sys/dev/e1000/e1000_80003es2lan.h user/eri/pf45/head/sys/dev/e1000/e1000_82541.c user/eri/pf45/head/sys/dev/e1000/e1000_82571.c user/eri/pf45/head/sys/dev/e1000/e1000_82575.c user/eri/pf45/head/sys/dev/e1000/e1000_82575.h user/eri/pf45/head/sys/dev/e1000/e1000_api.c user/eri/pf45/head/sys/dev/e1000/e1000_defines.h user/eri/pf45/head/sys/dev/e1000/e1000_hw.h user/eri/pf45/head/sys/dev/e1000/e1000_ich8lan.c user/eri/pf45/head/sys/dev/e1000/e1000_ich8lan.h user/eri/pf45/head/sys/dev/e1000/e1000_mac.c user/eri/pf45/head/sys/dev/e1000/e1000_manage.c user/eri/pf45/head/sys/dev/e1000/e1000_osdep.h user/eri/pf45/head/sys/dev/e1000/e1000_phy.c user/eri/pf45/head/sys/dev/e1000/e1000_phy.h user/eri/pf45/head/sys/dev/e1000/e1000_regs.h user/eri/pf45/head/sys/dev/e1000/if_em.c user/eri/pf45/head/sys/dev/e1000/if_em.h user/eri/pf45/head/sys/dev/e1000/if_igb.c user/eri/pf45/head/sys/dev/e1000/if_igb.h user/eri/pf45/head/sys/dev/hwpmc/hwpmc_x86.c user/eri/pf45/head/sys/dev/ichsmb/ichsmb_pci.c user/eri/pf45/head/sys/dev/if_ndis/if_ndis.c user/eri/pf45/head/sys/dev/iir/iir_ctrl.c user/eri/pf45/head/sys/dev/isp/isp_freebsd.c user/eri/pf45/head/sys/dev/isp/isp_freebsd.h user/eri/pf45/head/sys/dev/ixgbe/ixgbe.c user/eri/pf45/head/sys/dev/ixgbe/ixgbe.h user/eri/pf45/head/sys/dev/ixgbe/ixgbe_82598.c user/eri/pf45/head/sys/dev/ixgbe/ixgbe_82599.c user/eri/pf45/head/sys/dev/ixgbe/ixgbe_api.c user/eri/pf45/head/sys/dev/ixgbe/ixgbe_api.h user/eri/pf45/head/sys/dev/ixgbe/ixgbe_common.c user/eri/pf45/head/sys/dev/ixgbe/ixgbe_common.h user/eri/pf45/head/sys/dev/ixgbe/ixgbe_osdep.h user/eri/pf45/head/sys/dev/ixgbe/ixgbe_phy.c user/eri/pf45/head/sys/dev/ixgbe/ixgbe_phy.h user/eri/pf45/head/sys/dev/ixgbe/ixgbe_type.h user/eri/pf45/head/sys/dev/puc/pucdata.c user/eri/pf45/head/sys/dev/siis/siis.c user/eri/pf45/head/sys/dev/siis/siis.h user/eri/pf45/head/sys/dev/uart/uart_bus_pci.c user/eri/pf45/head/sys/dev/usb/controller/ehci_pci.c user/eri/pf45/head/sys/dev/usb/controller/uhci_pci.c user/eri/pf45/head/sys/dev/usb/input/atp.c user/eri/pf45/head/sys/fs/nfs/nfs_commonacl.c user/eri/pf45/head/sys/fs/nfs/nfs_commonport.c user/eri/pf45/head/sys/fs/nfs/nfs_commonsubs.c user/eri/pf45/head/sys/fs/nfs/nfs_var.h user/eri/pf45/head/sys/fs/nfs/nfsport.h user/eri/pf45/head/sys/fs/nfsclient/nfs_clrpcops.c user/eri/pf45/head/sys/fs/nfsclient/nfs_clvnops.c user/eri/pf45/head/sys/fs/ntfs/ntfs.h user/eri/pf45/head/sys/fs/ntfs/ntfs_subr.c user/eri/pf45/head/sys/fs/ntfs/ntfs_vfsops.c user/eri/pf45/head/sys/fs/portalfs/portal_vnops.c user/eri/pf45/head/sys/geom/mirror/g_mirror.c user/eri/pf45/head/sys/geom/mirror/g_mirror.h user/eri/pf45/head/sys/gnu/fs/reiserfs/reiserfs_vfsops.c user/eri/pf45/head/sys/i386/conf/NOTES user/eri/pf45/head/sys/i386/i386/mca.c user/eri/pf45/head/sys/i386/include/mca.h user/eri/pf45/head/sys/ia64/ia64/clock.c user/eri/pf45/head/sys/ia64/ia64/exception.S user/eri/pf45/head/sys/ia64/ia64/genassym.c user/eri/pf45/head/sys/ia64/ia64/interrupt.c user/eri/pf45/head/sys/ia64/ia64/machdep.c user/eri/pf45/head/sys/ia64/ia64/mp_machdep.c user/eri/pf45/head/sys/ia64/ia64/pmap.c user/eri/pf45/head/sys/ia64/include/bus.h user/eri/pf45/head/sys/ia64/include/cpufunc.h user/eri/pf45/head/sys/ia64/include/ia64_cpu.h user/eri/pf45/head/sys/ia64/include/kdb.h user/eri/pf45/head/sys/ia64/include/param.h user/eri/pf45/head/sys/ia64/include/pcpu.h user/eri/pf45/head/sys/ia64/include/pmap.h user/eri/pf45/head/sys/kern/kern_sig.c user/eri/pf45/head/sys/kern/vfs_acl.c user/eri/pf45/head/sys/net80211/ieee80211_hostap.c user/eri/pf45/head/sys/netinet/in.h user/eri/pf45/head/sys/netinet/ip_carp.c user/eri/pf45/head/sys/netinet/ip_fw.h user/eri/pf45/head/sys/netinet/ipfw/ip_dummynet.c user/eri/pf45/head/sys/netinet/ipfw/ip_fw2.c user/eri/pf45/head/sys/netinet/raw_ip.c user/eri/pf45/head/sys/nfsserver/nfs_serv.c user/eri/pf45/head/sys/pc98/conf/NOTES user/eri/pf45/head/sys/powerpc/aim/machdep.c user/eri/pf45/head/sys/powerpc/include/vmparam.h user/eri/pf45/head/sys/powerpc/powermac/ata_dbdma.c user/eri/pf45/head/sys/powerpc/powermac/ata_kauai.c user/eri/pf45/head/sys/powerpc/powermac/ata_macio.c user/eri/pf45/head/sys/powerpc/psim/ata_iobus.c user/eri/pf45/head/sys/sparc64/sparc64/trap.c user/eri/pf45/head/sys/sys/ata.h user/eri/pf45/head/sys/sys/param.h user/eri/pf45/head/sys/vm/uma_int.h user/eri/pf45/head/tools/regression/bin/sh/parser/for1.0 user/eri/pf45/head/tools/tools/sysbuild/sysbuild.sh user/eri/pf45/head/usr.bin/Makefile user/eri/pf45/head/usr.bin/make/proc.c user/eri/pf45/head/usr.bin/systat/Makefile user/eri/pf45/head/usr.bin/systat/vmstat.c user/eri/pf45/head/usr.bin/users/Makefile user/eri/pf45/head/usr.bin/users/users.c user/eri/pf45/head/usr.bin/w/Makefile user/eri/pf45/head/usr.bin/w/w.c user/eri/pf45/head/usr.bin/wall/Makefile user/eri/pf45/head/usr.bin/wall/wall.c user/eri/pf45/head/usr.bin/who/Makefile user/eri/pf45/head/usr.bin/who/who.c user/eri/pf45/head/usr.bin/write/Makefile user/eri/pf45/head/usr.bin/write/write.c user/eri/pf45/head/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c user/eri/pf45/head/usr.sbin/freebsd-update/freebsd-update.sh user/eri/pf45/head/usr.sbin/mountd/exports.5 user/eri/pf45/head/usr.sbin/nfsd/nfsv4.4 user/eri/pf45/head/usr.sbin/nfsd/stablerestart.5 user/eri/pf45/head/usr.sbin/pw/pw_user.c user/eri/pf45/head/usr.sbin/repquota/repquota.c user/eri/pf45/head/usr.sbin/ypserv/yp_main.c user/eri/pf45/head/usr.sbin/ypserv/yp_server.c Directory Properties: user/eri/pf45/head/ (props changed) Modified: user/eri/pf45/head/MAINTAINERS ============================================================================== --- user/eri/pf45/head/MAINTAINERS Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/MAINTAINERS Tue Dec 8 13:25:00 2009 (r200256) @@ -124,6 +124,8 @@ usr.bin/bluetooth emax Pre-commit review usr.sbin/bluetooth emax Pre-commit review preferred. gnu/usr.bin/send-pr bugmaster Pre-commit review requested. ncurses rafan Heads-up appreciated, try not to break it. +*env(3) secteam Due to the problematic security history of this + code, please have patches reviewed by secteam. Following are the entries from the Makefiles, and a few other sources. Please remove stale entries from both their origin, and this file. Modified: user/eri/pf45/head/ObsoleteFiles.inc ============================================================================== --- user/eri/pf45/head/ObsoleteFiles.inc Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/ObsoleteFiles.inc Tue Dec 8 13:25:00 2009 (r200256) @@ -14,8 +14,14 @@ # The file is partitioned: OLD_FILES first, then OLD_LIBS and OLD_DIRS last. # +# 20091202: unify rc.firewall and rc.firewall6. +OLD_FILES+=etc/rc.d/ip6fw +OLD_FILES+=etc/rc.firewall6 +OLD_FILES+=usr/share/examples/etc/rc.firewall6 # 20091117: removal of rc.early(8) link OLD_FILES+=usr/share/man/man8/rc.early.8.gz +# 20091117: usr/share/zoneinfo/GMT link removed +OLD_FILES+=usr/share/zoneinfo/GMT # 20091027: pselect.3 implemented as syscall OLD_FILES+=usr/share/man/man3/pselect.3.gz # 20091005: fusword.9 and susword.9 removed Modified: user/eri/pf45/head/bin/date/Makefile ============================================================================== --- user/eri/pf45/head/bin/date/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/bin/date/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -3,7 +3,7 @@ PROG= date SRCS= date.c netdate.c vary.c -DPADD= ${LIBUTIL} -LDADD= -lutil +DPADD= ${LIBULOG} +LDADD= -lulog .include <bsd.prog.mk> Modified: user/eri/pf45/head/bin/date/date.c ============================================================================== --- user/eri/pf45/head/bin/date/date.c Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/bin/date/date.c Tue Dec 8 13:25:00 2009 (r200256) @@ -48,11 +48,12 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <err.h> #include <locale.h> -#include <libutil.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <syslog.h> +#define _ULOG_POSIX_NAMES +#include <ulog.h> #include <unistd.h> #include "extern.h" @@ -181,6 +182,7 @@ main(int argc, char *argv[]) static void setthetime(const char *fmt, const char *p, int jflag, int nflag) { + struct utmpx utx; struct tm *lt; struct timeval tv; const char *dot, *t; @@ -271,12 +273,16 @@ setthetime(const char *fmt, const char * if (!jflag) { /* set the time */ if (nflag || netsettime(tval)) { - logwtmp("|", "date", ""); + utx.ut_type = OLD_TIME; + gettimeofday(&utx.ut_tv, NULL); + pututxline(&utx); tv.tv_sec = tval; tv.tv_usec = 0; if (settimeofday(&tv, (struct timezone *)NULL)) err(1, "settimeofday (timeval)"); - logwtmp("{", "date", ""); + utx.ut_type = NEW_TIME; + gettimeofday(&utx.ut_tv, NULL); + pututxline(&utx); } if ((p = getlogin()) == NULL) Modified: user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h ============================================================================== --- user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/bind9/lib/isc/ia64/include/isc/atomic.h Tue Dec 8 13:25:00 2009 (r200256) @@ -41,7 +41,7 @@ isc_atomic_xadd(isc_int32_t *p, isc_int3 for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) { swapped = prev + val; __asm__ volatile( - "mov ar.ccv=%2;" + "mov ar.ccv=%2;;" "cmpxchg4.acq %0=%4,%3,ar.ccv" : "=r" (swapped), "=m" (*p) : "r" (prev), "r" (swapped), "m" (*p) @@ -84,7 +84,7 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_i isc_int32_t ret; __asm__ volatile( - "mov ar.ccv=%2;" + "mov ar.ccv=%2;;" "cmpxchg4.acq %0=%4,%3,ar.ccv" : "=r" (ret), "=m" (*p) : "r" (cmpval), "r" (val), "m" (*p) Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt ============================================================================== --- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt Tue Dec 8 13:25:00 2009 (r200256) @@ -39,7 +39,7 @@ IMPORTS FROM BEGEMOT-IP-MIB; begemotMib2 MODULE-IDENTITY - LAST-UPDATED "200602130000Z" + LAST-UPDATED "200908030000Z" ORGANIZATION "German Aerospace Center" CONTACT-INFO " Hartmut Brandt @@ -54,6 +54,12 @@ begemotMib2 MODULE-IDENTITY E-mail: harti@freebsd.org" DESCRIPTION "The MIB for private mib2 stuff." + REVISION "200908030000Z" + DESCRIPTION + "Second edition adds begemotIfDataPoll object." + REVISION "200602130000Z" + DESCRIPTION + "Initial revision." ::= { begemotIp 1 } begemotIfMaxspeed OBJECT-TYPE @@ -87,4 +93,14 @@ begemotIfForcePoll OBJECT-TYPE bit rate in its MIB." ::= { begemotMib2 3 } +begemotIfDataPoll OBJECT-TYPE + SYNTAX TimeTicks + UNITS "deciseconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The rate at which the mib2 module will poll interface data." + DEFVAL { 100 } + ::= { begemotMib2 4 } + END Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c ============================================================================== --- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.c Tue Dec 8 13:25:00 2009 (r200256) @@ -117,6 +117,15 @@ u_int mibif_hc_update_interval; /* HC update timer handle */ static void *hc_update_timer; +/* Idle poll timer */ +static void *mibII_poll_timer; + +/* interfaces' data poll interval */ +u_int mibII_poll_ticks; + +/* Idle poll hook */ +static void mibII_idle(void *arg __unused); + /*****************************/ static const struct asn_oid oid_ifMIB = OIDX_ifMIB; @@ -410,6 +419,20 @@ mibif_reset_hc_timer(void) mibif_hc_update_interval = ticks; } +/** + * Restart the idle poll timer. + */ +void +mibif_restart_mibII_poll_timer(void) +{ + if (mibII_poll_timer != NULL) + timer_stop(mibII_poll_timer); + + if ((mibII_poll_timer = timer_start_repeat(mibII_poll_ticks * 10, + mibII_poll_ticks * 10, mibII_idle, NULL, module)) == NULL) + syslog(LOG_ERR, "timer_start(%u): %m", mibII_poll_ticks); +} + /* * Fetch new MIB data. */ @@ -1553,7 +1576,7 @@ get_cloners(void) * Idle function */ static void -mibII_idle(void) +mibII_idle(void *arg __unused) { struct mibifa *ifa; @@ -1608,6 +1631,10 @@ mibII_start(void) ipForward_reg = or_register(&oid_ipForward, "The MIB module for the display of CIDR multipath IP Routes.", module); + + mibII_poll_timer = NULL; + mibII_poll_ticks = MIBII_POLL_TICKS; + mibif_restart_mibII_poll_timer(); } /* @@ -1651,6 +1678,11 @@ mibII_init(struct lmodule *mod, int argc static int mibII_fini(void) { + if (mibII_poll_timer != NULL ) { + timer_stop(mibII_poll_timer); + mibII_poll_timer = NULL; + } + if (route_fd != NULL) fd_deselect(route_fd); if (route != -1) @@ -1690,7 +1722,7 @@ const struct snmp_module config = { "This module implements the interface and ip groups.", mibII_init, mibII_fini, - mibII_idle, /* idle */ + NULL, /* idle */ NULL, /* dump */ NULL, /* config */ mibII_start, Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h ============================================================================== --- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII.h Tue Dec 8 13:25:00 2009 (r200256) @@ -211,6 +211,14 @@ extern u_int mibif_hc_update_interval; /* re-compute update interval */ void mibif_reset_hc_timer(void); +/* interfaces' data poll interval */ +extern u_int mibII_poll_ticks; + +/* restart the data poll timer */ +void mibif_restart_mibII_poll_timer(void); + +#define MIBII_POLL_TICKS 100 + /* get interfaces and interface addresses. */ void mib_fetch_interfaces(void); Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c ============================================================================== --- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_begemot.c Tue Dec 8 13:25:00 2009 (r200256) @@ -59,6 +59,11 @@ op_begemot_mibII(struct snmp_context *ct ctx->scratch->int1 = mibif_force_hc_update_interval; mibif_force_hc_update_interval = value->v.uint32; return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + ctx->scratch->int1 = mibII_poll_ticks; + mibII_poll_ticks = value->v.uint32; + return (SNMP_ERR_NOERROR); } abort(); @@ -68,6 +73,10 @@ op_begemot_mibII(struct snmp_context *ct case LEAF_begemotIfForcePoll: mibif_force_hc_update_interval = ctx->scratch->int1; return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + mibII_poll_ticks = ctx->scratch->int1; + return (SNMP_ERR_NOERROR); } abort(); @@ -78,6 +87,10 @@ op_begemot_mibII(struct snmp_context *ct mibif_force_hc_update_interval = ctx->scratch->int1; mibif_reset_hc_timer(); return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + mibif_restart_mibII_poll_timer(); + return (SNMP_ERR_NOERROR); } abort(); } @@ -98,6 +111,10 @@ op_begemot_mibII(struct snmp_context *ct case LEAF_begemotIfForcePoll: value->v.uint32 = mibif_force_hc_update_interval; return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + value->v.uint32 = mibII_poll_ticks; + return (SNMP_ERR_NOERROR); } abort(); } Modified: user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def ============================================================================== --- user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/bsnmp/snmp_mibII/mibII_tree.def Tue Dec 8 13:25:00 2009 (r200256) @@ -240,6 +240,7 @@ (1 begemotIfMaxspeed COUNTER64 op_begemot_mibII GET) (2 begemotIfPoll TIMETICKS op_begemot_mibII GET) (3 begemotIfForcePoll TIMETICKS op_begemot_mibII GET SET) + (4 begemotIfDataPoll TIMETICKS op_begemot_mibII GET SET) ) ) ) Modified: user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h ============================================================================== --- user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/gcc/config/freebsd-spec.h Tue Dec 8 13:25:00 2009 (r200256) @@ -103,9 +103,10 @@ Boston, MA 02110-1301, USA. */ %{p:gcrt1.o%s} \ %{!p: \ %{profile:gcrt1.o%s} \ - %{!profile:crt1.o%s}}}} \ + %{!profile: \ + %{pie: Scrt1.o%s;:crt1.o%s}}}}} \ crti.o%s \ - %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}" + %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}" /* Provide an ENDFILE_SPEC appropriate for FreeBSD/i386. Here we tack on our own magical crtend.o file (see crtstuff.c) which provides part of @@ -113,8 +114,7 @@ Boston, MA 02110-1301, USA. */ entering `main', followed by the normal "finalizer" file, `crtn.o'. */ #define FBSD_ENDFILE_SPEC "\ - %{!shared:crtend.o%s} \ - %{shared:crtendS.o%s} \ + %{shared|pie:crtendS.o%s;:crtend.o%s} \ crtn.o%s " /* Provide a LIB_SPEC appropriate for FreeBSD as configured and as Modified: user/eri/pf45/head/contrib/groff/tmac/doc-syms ============================================================================== --- user/eri/pf45/head/contrib/groff/tmac/doc-syms Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/contrib/groff/tmac/doc-syms Tue Dec 8 13:25:00 2009 (r200256) @@ -777,6 +777,7 @@ .ds doc-str-Lb-librt \*[Px] \*[doc-str-Lb]Real-time Library (librt, \-lrt) .ds doc-str-Lb-libtermcap Termcap Access Library (libtermcap, \-ltermcap) .ds doc-str-Lb-libusbhid USB Human Interface Devices Library (libusbhid, \-lusbhid) +.ds doc-str-Lb-libulog User Login Record Library (libulog, \-lulog) .ds doc-str-Lb-libutil System Utilities Library (libutil, \-lutil) .ds doc-str-Lb-libx86_64 x86_64 Architecture Library (libx86_64, \-lx86_64) .ds doc-str-Lb-libz Compression Library (libz, \-lz) Modified: user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c ============================================================================== --- user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/crypto/openssl/ssl/s3_lib.c Tue Dec 8 13:25:00 2009 (r200256) @@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); + if (1) + return(0); + s->s3->renegotiate=1; return(1); } Modified: user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/crypto/openssl/ssl/s3_pkt.c Tue Dec 8 13:25:00 2009 (r200256) @@ -983,9 +983,7 @@ start: if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) + if (0) { ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) @@ -1116,8 +1114,7 @@ start: /* Unexpected handshake message (Client Hello, or protocol violation) */ if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + if (0) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Modified: user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/crypto/openssl/ssl/s3_srvr.c Tue Dec 8 13:25:00 2009 (r200256) @@ -718,6 +718,13 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Modified: user/eri/pf45/head/etc/Makefile ============================================================================== --- user/eri/pf45/head/etc/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/etc/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -15,7 +15,7 @@ BIN1= auth.conf \ inetd.conf libalias.conf login.access login.conf mac.conf motd \ netconfig network.subr networks newsyslog.conf nsswitch.conf \ phones profile protocols \ - rc rc.bsdextended rc.firewall rc.firewall6 rc.initdiskless \ + rc rc.bsdextended rc.firewall rc.initdiskless \ rc.sendmail rc.shutdown \ rc.subr remote rpc services shells \ sysctl.conf syslog.conf Modified: user/eri/pf45/head/etc/defaults/rc.conf ============================================================================== --- user/eri/pf45/head/etc/defaults/rc.conf Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/etc/defaults/rc.conf Tue Dec 8 13:25:00 2009 (r200256) @@ -118,7 +118,10 @@ firewall_type="UNKNOWN" # Firewall type firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file -firewall_client_net="192.0.2.0/24" # Network address for "client" firewall. +firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" + # firewall. +#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for + # "client" firewall. firewall_simple_iif="ed1" # Inside network interface for "simple" # firewall. firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple" @@ -127,12 +130,22 @@ firewall_simple_oif="ed0" # Outside netw # firewall. firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple" # firewall. +#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple" + # firewall. +#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix + # for "simple" firewall. +#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple" + # firewall. +#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix + # for "simple" firewall. firewall_myservices="" # List of TCP ports on which this host # offers services for "workstation" firewall. firewall_allowservices="" # List of IPs which have access to # $firewall_myservices for "workstation" # firewall. -firewall_trusted="" # List of IPs which have full access to this +firewall_trusted="" # List of IPv4s which have full access to this + # host for "workstation" firewall. +firewall_trusted_ipv6="" # List of IPv6s which have full access to this # host for "workstation" firewall. firewall_logdeny="NO" # Set to YES to log default denied incoming # packets for "workstation" firewall. @@ -472,13 +485,6 @@ ipv6_faith_prefix="NO" # Set faith pref # faithd(8) setup. ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr # communication. (like ::ffff:a.b.c.d) -ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall - # functionality -ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall -ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6) -ipv6_firewall_quiet="NO" # Set to YES to suppress rule display -ipv6_firewall_logging="NO" # Set to YES to enable events logging -ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, # see /usr/src/contrib/ipfilter/rules # for examples Modified: user/eri/pf45/head/etc/mtree/BSD.var.dist ============================================================================== --- user/eri/pf45/head/etc/mtree/BSD.var.dist Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/etc/mtree/BSD.var.dist Tue Dec 8 13:25:00 2009 (r200256) @@ -32,7 +32,7 @@ db entropy uname=operator gname=operator mode=0700 .. - freebsd-update + freebsd-update mode=0700 .. ipf mode=0700 .. Modified: user/eri/pf45/head/etc/rc.d/Makefile ============================================================================== --- user/eri/pf45/head/etc/rc.d/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/etc/rc.d/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -15,7 +15,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKI hcsecd \ hostapd hostid hostid_save hostname \ inetd initrandom \ - ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \ + ip6addrctl ipfilter ipfs ipfw ipmon \ ipnat ipsec ipxrouted \ jail \ kadmind kerberos keyserv kldxref kpasswdd \ Modified: user/eri/pf45/head/etc/rc.d/ipfw ============================================================================== --- user/eri/pf45/head/etc/rc.d/ipfw Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/etc/rc.d/ipfw Tue Dec 8 13:25:00 2009 (r200256) @@ -17,6 +17,8 @@ start_precmd="ipfw_prestart" stop_cmd="ipfw_stop" required_modules="ipfw" +set_rcvar_obsolete ipv6_firewall_enable + ipfw_prestart() { if checkyesno dummynet_enable; then @@ -61,7 +63,13 @@ ipfw_start() # Enable the firewall # if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then - warn "failed to enable firewall" + warn "failed to enable IPv4 firewall" + fi + if afexists inet6; then + if ! ${SYSCTL_W} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1 + then + warn "failed to enable IPv6 firewall" + fi fi } @@ -70,6 +78,9 @@ ipfw_stop() # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 + if afexists inet6; then + ${SYSCTL_W} net.inet6.ip6.fw.enable=0 + fi if [ -f /etc/rc.d/natd ] ; then /etc/rc.d/natd quietstop fi Modified: user/eri/pf45/head/etc/rc.firewall ============================================================================== --- user/eri/pf45/head/etc/rc.firewall Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/etc/rc.firewall Tue Dec 8 13:25:00 2009 (r200256) @@ -85,12 +85,42 @@ setup_loopback () { ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add 400 deny all from any to ::1 + ${fwcmd} add 500 deny all from ::1 to any + fi +} + +setup_ipv6_mandatory () { + [ $ipv6_available -eq 0 ] || return 0 + + ############ + # Only in rare cases do you want to change these rules + # + # ND + # + # DAD + ${fwcmd} add pass ipv6-icmp from :: to ff02::/16 + # RS, RA, NS, NA, redirect... + ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10 + ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16 + + # Allow ICMPv6 destination unreach + ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1 + + # Allow NS/NA/toobig (don't filter it out) + ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136 } if [ -n "${1}" ]; then firewall_type="${1}" fi +. /etc/rc.subr +. /etc/network.subr +afexists inet6 +ipv6_available=$? + ############ # Set quiet mode if requested # @@ -109,6 +139,7 @@ esac ${fwcmd} -f flush setup_loopback +setup_ipv6_mandatory ############ # Network Address Translation. All packets are passed to natd(8) @@ -166,11 +197,13 @@ case ${firewall_type} in # against people from outside your own network. # # Configuration: - # firewall_client_net: Network address of local network. + # firewall_client_net: Network address of local IPv4 network. + # firewall_client_net_ipv6: Network address of local IPv6 network. ############ # set this to your local network net="$firewall_client_net" + net6="$firewall_client_net_ipv6" # Allow limited broadcast traffic from my own net. ${fwcmd} add pass all from ${net} to 255.255.255.255 @@ -178,6 +211,16 @@ case ${firewall_type} in # Allow any traffic to or from my own net. ${fwcmd} add pass all from me to ${net} ${fwcmd} add pass all from ${net} to me + if [ -n "$net6" ]; then + ${fwcmd} add pass all from me6 to ${net6} + ${fwcmd} add pass all from ${net6} to me6 + fi + + if [ -n "$net6" ]; then + # Allow any link-local multicast traffic + ${fwcmd} add pass all from fe80::/10 to ff02::/16 + ${fwcmd} add pass all from ${net6} to ff02::/16 + fi # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established @@ -212,23 +255,38 @@ case ${firewall_type} in # on the inside at this machine for those services. # # Configuration: - # firewall_simple_iif: Inside network interface. - # firewall_simple_inet: Inside network address. - # firewall_simple_oif: Outside network interface. - # firewall_simple_onet: Outside network address. + # firewall_simple_iif: Inside IPv4 network interface. + # firewall_simple_inet: Inside IPv4 network address. + # firewall_simple_oif: Outside IPv4 network interface. + # firewall_simple_onet: Outside IPv4 network address. + # firewall_simple_iif_ipv6: Inside IPv6 network interface. + # firewall_simple_inet_ipv6: Inside IPv6 network prefix. + # firewall_simple_oif_ipv6: Outside IPv6 network interface. + # firewall_simple_onet_ipv6: Outside IPv6 network prefix. ############ # set these to your outside interface network oif="$firewall_simple_oif" onet="$firewall_simple_onet" + oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}" + onet6="$firewall_simple_onet_ipv6" # set these to your inside interface network iif="$firewall_simple_iif" inet="$firewall_simple_inet" + iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}" + inet6="$firewall_simple_inet_ipv6" # Stop spoofing ${fwcmd} add deny all from ${inet} to any in via ${oif} ${fwcmd} add deny all from ${onet} to any in via ${iif} + if [ -n "$inet6" ]; then + ${fwcmd} add deny all from ${inet6} to any in via ${oif6} + if [ -n "$onet6" ]; then + ${fwcmd} add deny all from ${onet6} to any in \ + via ${iif6} + fi + fi # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} @@ -254,7 +312,7 @@ case ${firewall_type} in case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then - ${fwcmd} add divert natd all from any to any via ${natd_interface} + ${fwcmd} add divert natd ip4 from any to any via ${natd_interface} fi ;; esac @@ -273,6 +331,55 @@ case ${firewall_type} in ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} + if [ -n "$inet6" ]; then + # Stop unique local unicast address on the outside interface + ${fwcmd} add deny all from fc00::/7 to any via ${oif6} + ${fwcmd} add deny all from any to fc00::/7 via ${oif6} + + # Stop site-local on the outside interface + ${fwcmd} add deny all from fec0::/10 to any via ${oif6} + ${fwcmd} add deny all from any to fec0::/10 via ${oif6} + + # Disallow "internal" addresses to appear on the wire. + ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \ + via ${oif6} + ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \ + via ${oif6} + + # Disallow packets to malicious IPv4 compatible prefix. + ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6} + ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6} + ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6} + ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6} + ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6} + ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6} + ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6} + ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6} + + ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6} + ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6} + + # Disallow packets to malicious 6to4 prefix. + ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6} + ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6} + ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6} + ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6} + + ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6} + ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6} + ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6} + ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6} + + ${fwcmd} add deny all from ff05::/16 to any via ${oif6} + ${fwcmd} add deny all from any to ff05::/16 via ${oif6} + fi + # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established @@ -291,7 +398,11 @@ case ${firewall_type} in ${fwcmd} add pass tcp from any to me 80 setup # Reject&Log all setup of incoming connections from the outside - ${fwcmd} add deny log tcp from any to any in via ${oif} setup + ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp + if [ -n "$inet6" ]; then + ${fwcmd} add deny log ip6 from any to any in via ${oif6} \ + setup proto tcp + fi # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup @@ -313,7 +424,7 @@ case ${firewall_type} in # offers services. # firewall_allowservices: List of IPs which has access to # $firewall_myservices. - # firewall_trusted: List of IPs which has full access + # firewall_trusted: List of IPv4s which has full access # to this host. Be very carefull # when setting this. This option can # seriously degrade the level of @@ -324,25 +435,44 @@ case ${firewall_type} in # firewall_nologports: List of TCP/UDP ports for which # denied incomming packets are not # logged. - + # firewall_trusted_ipv6: List of IPv6s which has full access + # to this host. Be very carefull + # when setting this. This option can + # seriously degrade the level of + # protection provided by the firewall. + # Allow packets for which a state has been built. ${fwcmd} add check-state # For services permitted below. ${fwcmd} add pass tcp from me to any established + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass tcp from me6 to any established + fi # Allow any connection out, adding state for each. ${fwcmd} add pass tcp from me to any setup keep-state ${fwcmd} add pass udp from me to any keep-state ${fwcmd} add pass icmp from me to any keep-state + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass tcp from me6 to any setup keep-state + ${fwcmd} add pass udp from me6 to any keep-state + ${fwcmd} add pass ipv6-icmp from me6 to any keep-state + fi # Allow DHCP. ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out ${fwcmd} add pass udp from any 67 to me 68 in ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass udp from fe80::/10 to me6 546 in + fi # Some servers will ping the IP while trying to decide if it's # still in use. ${fwcmd} add pass icmp from any to any icmptype 8 + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 + fi # Allow "mandatory" ICMP in. ${fwcmd} add pass icmp from any to any icmptype 3,4,11 @@ -361,6 +491,9 @@ case ${firewall_type} in for i in ${firewall_allowservices} ; do for j in ${firewall_myservices} ; do ${fwcmd} add pass tcp from $i to me $j + if [ $ipv6_available -eq 0 ]; then + ${fwcmd} add pass tcp from $i to me6 $j + fi done done @@ -370,7 +503,10 @@ case ${firewall_type} in for i in ${firewall_trusted} ; do ${fwcmd} add pass ip from $i to me done - + for i in ${firewall_trusted_ipv6} ; do + ${fwcmd} add pass all from $i to me6 + done + ${fwcmd} add 65000 count ip from any to any # Drop packets to ports where we don't want logging Modified: user/eri/pf45/head/lib/Makefile ============================================================================== --- user/eri/pf45/head/lib/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/lib/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -40,8 +40,8 @@ SUBDIR= ${_csu} libc libbsm libauditd li ${_libpmc} libproc librt ${_libsdp} ${_libsm} ${_libsmb} \ ${_libsmdb} \ ${_libsmutil} libstand ${_libtelnet} ${_libthr} libthread_db libufs \ - libugidfw ${_libusbhid} ${_libusb} ${_libvgl} libwrap liby libz \ - ${_bind} + libugidfw libulog ${_libusbhid} ${_libusb} ${_libvgl} libwrap \ + liby libz ${_bind} .if exists(${.CURDIR}/csu/${MACHINE_ARCH}-elf) _csu=csu/${MACHINE_ARCH}-elf Modified: user/eri/pf45/head/lib/csu/amd64/Makefile ============================================================================== --- user/eri/pf45/head/lib/csu/amd64/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/lib/csu/amd64/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -4,7 +4,7 @@ SRCS= crt1.c crti.S crtn.S OBJS= ${SRCS:N*.h:R:S/$/.o/g} -OBJS+= gcrt1.o +OBJS+= Scrt1.o gcrt1.o CFLAGS+= -I${.CURDIR}/../common \ -I${.CURDIR}/../../libc/include CFLAGS+= -fno-omit-frame-pointer @@ -16,6 +16,9 @@ CLEANFILES= ${OBJS} gcrt1.o: crt1.c ${CC} ${CFLAGS} -DGCRT -c -o gcrt1.o ${.CURDIR}/crt1.c +Scrt1.o: crt1.c + ${CC} ${CFLAGS} -fPIC -DPIC -c -o Scrt1.o ${.CURDIR}/crt1.c + realinstall: ${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ ${OBJS} ${DESTDIR}${LIBDIR} Modified: user/eri/pf45/head/lib/csu/arm/Makefile ============================================================================== --- user/eri/pf45/head/lib/csu/arm/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/lib/csu/arm/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -4,7 +4,7 @@ SRCS= crt1.c crti.S crtn.S OBJS= ${SRCS:N*.h:R:S/$/.o/g} -OBJS+= gcrt1.o +OBJS+= Scrt1.o gcrt1.o CFLAGS+= -Wall -Wno-unused \ -I${.CURDIR}/../common \ -I${.CURDIR}/../../libc/include @@ -16,6 +16,9 @@ CLEANFILES= ${OBJS} gcrt1.o: crt1.c ${CC} ${CFLAGS} -DGCRT -c -o gcrt1.o ${.ALLSRC} +Scrt1.o: crt1.c + ${CC} ${CFLAGS} -fPIC -DPIC -c -o Scrt1.o ${.ALLSRC} + realinstall: ${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ ${OBJS} ${DESTDIR}${LIBDIR} Modified: user/eri/pf45/head/lib/csu/i386-elf/Makefile ============================================================================== --- user/eri/pf45/head/lib/csu/i386-elf/Makefile Tue Dec 8 13:06:35 2009 (r200255) +++ user/eri/pf45/head/lib/csu/i386-elf/Makefile Tue Dec 8 13:25:00 2009 (r200256) @@ -2,8 +2,8 @@ .PATH: ${.CURDIR}/../common -SRCS= crt1.c crti.S crtn.S -FILES= ${SRCS:N*.h:R:S/$/.o/g} gcrt1.o +SRCS= crti.S crtn.S +FILES= ${SRCS:N*.h:R:S/$/.o/g} gcrt1.o crt1.o Scrt1.o FILESOWN= ${LIBOWN} FILESGRP= ${LIBGRP} FILESMODE= ${LIBMODE} @@ -11,9 +11,23 @@ FILESDIR= ${LIBDIR} WARNS?= 6 CFLAGS+= -I${.CURDIR}/../common \ -I${.CURDIR}/../../libc/include -CLEANFILES= ${FILES} +CLEANFILES= ${FILES} crt1_c.o crt1_s.o gcrt1_c.o Scrt1_c.o -gcrt1.o: crt1.c - ${CC} ${CFLAGS} -DGCRT -c -o gcrt1.o ${.CURDIR}/crt1.c +gcrt1_c.o: crt1_c.c + ${CC} ${CFLAGS} -DGCRT -c -o gcrt1_c.o ${.CURDIR}/crt1_c.c + +gcrt1.o: gcrt1_c.o crt1_s.o + ${LD} ${LDFLAGS} -o gcrt1.o -r crt1_s.o gcrt1_c.o + +crt1.o: crt1_c.o crt1_s.o + ${LD} ${LDFLAGS} -o crt1.o -r crt1_s.o crt1_c.o + objcopy --localize-symbol _start1 crt1.o + +Scrt1_c.o: crt1_c.c + ${CC} ${CFLAGS} -DGCRT -fPIC -DPIC -c -o Scrt1_c.o ${.CURDIR}/crt1_c.c + +Scrt1.o: Scrt1_c.o crt1_s.o + ${LD} ${LDFLAGS} -o Scrt1.o -r crt1_s.o Scrt1_c.o + objcopy --localize-symbol _start1 Scrt1.o .include <bsd.prog.mk> Copied: user/eri/pf45/head/lib/csu/i386-elf/crt1_c.c (from r200254, head/lib/csu/i386-elf/crt1_c.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/eri/pf45/head/lib/csu/i386-elf/crt1_c.c Tue Dec 8 13:25:00 2009 (r200256, copy of r200254, head/lib/csu/i386-elf/crt1_c.c) @@ -0,0 +1,95 @@ +/* LINTLIBRARY */ +/*- + * Copyright 1996-1998 John D. Polstra. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef lint +#ifndef __GNUC__ +#error "GCC is needed to compile this file" +#endif +#endif /* lint */ + +#include <stdlib.h> + +#include "libc_private.h" +#include "crtbrand.c" + +extern int _DYNAMIC; +#pragma weak _DYNAMIC + +typedef void (*fptr)(void); + +extern void _fini(void); +extern void _init(void); +extern int main(int, char **, char **); +extern void _start(char *, ...); + +#ifdef GCRT +extern void _mcleanup(void); +extern void monstartup(void *, void *); +extern int eprol; +extern int etext; +#endif + +char **environ; +const char *__progname = ""; + +void _start1(fptr, int, char *[]) __dead2; + +/* The entry function, C part. */ +void +_start1(fptr cleanup, int argc, char *argv[]) +{ + char **env; + const char *s; + + env = argv + argc + 1; + environ = env; + if (argc > 0 && argv[0] != NULL) { + __progname = argv[0]; + for (s = __progname; *s != '\0'; s++) + if (*s == '/') + __progname = s + 1; + } + + if (&_DYNAMIC != NULL) + atexit(cleanup); + else + _init_tls(); + +#ifdef GCRT + atexit(_mcleanup); +#endif + atexit(_fini); +#ifdef GCRT + monstartup(&eprol, &etext); +__asm__("eprol:"); +#endif + _init(); + exit( main(argc, argv, env) ); +} + +__asm(".hidden _start1"); Copied: user/eri/pf45/head/lib/csu/i386-elf/crt1_s.S (from r200254, head/lib/csu/i386-elf/crt1_s.S) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/eri/pf45/head/lib/csu/i386-elf/crt1_s.S Tue Dec 8 13:25:00 2009 (r200256, copy of r200254, head/lib/csu/i386-elf/crt1_s.S) @@ -0,0 +1,44 @@ +/*- + * Copyright 2009 Konstantin Belousov. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912081325.nB8DP1s9089088>