wireguard-openbsd/libexec/spamlogd, branch jd/queueboosts WireGuard implementation for the OpenBSD kernel https://git.zx2c4.com/wireguard-openbsd/atom/libexec/spamlogd?h=jd%2Fqueueboosts 2019-07-25T17:32:33Z Fix copy pasto, re-add missing goto in error path. 2019-07-25T17:32:33Z brynet brynet@openbsd.org 2019-07-25T17:32:33Z urn:sha1:49f581ec404d0f363e4fe168598b97b652566817 Yet another workaround for crappy libpcap API design 2019-07-25T14:53:21Z brynet brynet@openbsd.org 2019-07-25T14:53:21Z urn:sha1:4053af6133ce1545a5e87acec29fae4cbe62e66a Add an internal version of pcap_open_live that ensures bpf(4) devices are opened read-only before locking. Neither pflogd(8) or spamlogd(8) require write access to bpf(4). Inspired by similar solution in OpenBSD tcpdump(8). pflogd(8) was safe since being unveiled last year, but spamlogd(8) was having /dev/bpf opened O_RDWR. Issue discovered by bluhm@'s unveil(2) accounting commit. ok deraadt@, mestre@ (thanks for testing spamlogd!) When system calls indicate an error they return -1, not some arbitrary 2019-06-28T13:32:41Z deraadt deraadt@openbsd.org 2019-06-28T13:32:41Z urn:sha1:df69c215c7c66baf660f3f65414fd34796c96152 value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. The only file that spamlogd(8) needs to access after calling pledge(2) is 2018-10-25T06:41:50Z mestre mestre@openbsd.org 2018-10-25T06:41:50Z urn:sha1:222d93a52f12801b4efd7108b4e889f694dd9c8f PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions. OK millert@ beck@ add missing ${LIBCRYPTO} to DPADD 2018-06-28T02:23:27Z gsoares gsoares@openbsd.org 2018-06-28T02:23:27Z urn:sha1:e88f0f1e5d17ee9b610eb62651aff392a239f2f6 OK deraadt@ millert@ jca@ - Check if user running spamlogd(8) has root privileges and if not then stop 2016-03-16T14:47:04Z mestre mestre@openbsd.org 2016-03-16T14:47:04Z urn:sha1:e7066a17a6f313030c2274ea3bfd53983590f392 program early - #define SPAMD_USER "_spamd" and use it on getpwnam(3) call - Set usage() as __dead void - Remove lint-style comments OK beck@ pledge spamlogd - again from Ricardo Mestre <serial@helheim.mooo.com> - Thanks! 2015-12-11T17:16:52Z beck beck@openbsd.org 2015-12-11T17:16:52Z urn:sha1:f87e39af99a8d5349736df79bc9376379bc87e31 Include <netinet/in.h> before <net/pfvar.h>. In a future change when 2015-01-21T21:50:32Z deraadt deraadt@openbsd.org 2015-01-21T21:50:32Z urn:sha1:68928c43a99c1507757b46fa476c5482a4d9e547 ports is ready, <net/pfvar.h> will stop including a pile of balony. Replace <sys/param.h> with <limits.h> and other less dirty headers where 2015-01-16T06:39:28Z deraadt deraadt@openbsd.org 2015-01-16T06:39:28Z urn:sha1:b9fc9a728fce9c4289b7e9a992665e28d5629a54 possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol) Remove unnecessary netinet/in_systm.h include. 2014-10-25T03:19:22Z lteo lteo@openbsd.org 2014-10-25T03:19:22Z urn:sha1:5f665e96f554b29999e49f1ef88a1ef0a9dd3ccc ok millert@