| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
previous commit.
|
| |
|
|
| |
OK millert
|
| |
|
|
| |
OK millert
|
| |
|
|
|
|
|
| |
of assembly code. It's used for various statistics gathering in the
bind daemon which we won't need in dig etc.
OK millert
|
| |
|
|
|
|
| |
calls to libc's arc4random. Minus about 3k lines.
prodding deraadt@
|
| |
|
|
|
|
|
|
|
| |
#define OPENSSL
#undef OPENSSL_LEAKS
#undef USE_ENGINE
#undef DNS_CRYPTO_LEAKS
prodding deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#define ISC_PLATFORM_NEEDSYSSELECTH 1
#define ISC_PLATFORM_HAVESTATNSEC 1
#define ISC_PLATFORM_RLIMITTYPE rlim_t
#define ISC_PLATFORM_HAVELONGLONG 1
#undef ISC_PLATFORM_BRACEPTHREADONCEINIT
#undef ISC_PLATFORM_USEDECLSPEC
#define ISC_PLATFORM_HAVESYSUNH 1
#define ISC_PLATFORM_HAVESTRINGSH 1
#define ISC_PLATFORM_WANTAES 1
#define ISC_PLATFORM_USESIT 1
#define LIBISC_EXTERNAL_DATA
#define LIBDNS_EXTERNAL_DATA
#define LIBISCCFG_EXTERNAL_DATA
#define LIBBIND9_EXTERNAL_DATA
#define LIBTESTS_EXTERNAL_DATA
prodding deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
#undef GSSAPI
#undef HAVE_GSSAPI_GSSAPI_H
#undef HAVE_GSSAPI_GSSAPI_KRB5_H
#undef HAVE_GSSAPI_H
#undef HAVE_GSSAPI_KRB5_H
prodding deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#undef USE_PKCS11
#undef PKCS11_TOOLS
#undef PKCS11CRYPTO
#undef HAVE_PKCS11_GOST
#undef HAVE_PKCS11_ECDSA
#undef HAVE_PKCS11_ED25519
#undef HAVE_PKCS11_ED448
#define PK11_DH_DISABLE
#define PK11_DSA_DISABLE
#define PK11_FLAVOR
#define PK11_MD5_DISABLE
#undef PK11_SOFTHSMV2_FLAVOR
prodding deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
#undef ISC_PLATFORM_NEEDVSNPRINTF
#undef ISC_PLATFORM_NEEDSPRINTF
#undef ISC_PLATFORM_NEEDPRINTF
#undef ISC_PLATFORM_NEEDFPRINTF
#define ISC_PLATFORM_QUADFORMAT "ll"
#undef ISC_PLATFORM_NEEDSTRSEP
#undef ISC_PLATFORM_NEEDSTRLCPY
#undef ISC_PLATFORM_NEEDSTRLCAT
#undef ISC_PLATFORM_NEEDSTRTOUL
#undef ISC_PLATFORM_NEEDMEMMOVE
#undef ISC_PLATFORM_NEEDSTRCASESTR
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#define ISC_PLATFORM_HAVESALEN 1
#define ISC_PLATFORM_HAVEIPV6 1
#undef ISC_PLATFORM_NEEDIN6ADDRANY
#undef ISC_PLATFORM_NEEDIN6ADDRLOOPBACK
#define ISC_PLATFORM_HAVEIN6PKTINFO 1
#undef ISC_PLATFORM_HAVEINADDR6
#define ISC_PLATFORM_HAVESCOPEID 1
#undef ISC_PLATFORM_NEEDNTOP
#undef ISC_PLATFORM_NEEDPTON
#undef ISC_PLATFORM_NEEDPORTT
#undef ISC_PLATFORM_HAVELIFCONF
#undef ISC_PLATFORM_HAVEIF_LADDRCONF
#undef ISC_PLATFORM_HAVEIF_LADDRREQ
#define ISC_NET_BSD44MSGHDR 1
#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1
#undef ISC_PLATFORM_FIXIN6ISADDR
#define ISC_PLATFORM_HAVESOCKADDRSTORAGE 1
#define ISC_PLATFORM_HAVEKQUEUE 1
#undef ISC_PLATFORM_HAVEEPOLL
#undef ISC_PLATFORM_HAVEDEVPOLL
prodding deraadt@
|
| |
|
|
| |
OK millert
|
| |
|
|
| |
OK millert
|
| |
|
|
| |
OK millert
|
| |
|
|
| |
OK sthen
|
| |
|
|
|
|
| |
crazy random port allocation for dns 'security' in USERLAND because the
KERNEL has automatically done port-randomization since 1996 (wow the year
of BSE in Britain)
|
| | |
|
| |
|
|
|
|
|
|
| |
defines, but is trying to determine if the kernel has it enabled/disabled,
mostly by performing tests against localhost. instead, just declare dscp
works.
since dscp probing happens late, it runs into problems with pledge. we
prefer pledge over this lovecraftian horror.
|
| |
|
|
| |
here (since this codebase will only support dig & nslookup)
|
| | |
|
| |
|
|
|
| |
(last ISC licensed release) but that has an issue with dig -6 so I'm breaking
it out for now
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We only use this tree to build dig and nslookup. Our previous version
predated edns0 support in those tools, and we want that. This is the worst
code I've looked at in years, with layers and layers of spaghetti abstraction
clearly unfit for reuse, but then reused anyways, and the old ones remain
behind. So this is a 8MB diff.
florian, sthen, and otto tried this merge before but failed.
|
| |
|
|
|
|
|
|
|
| |
We only use this tree to build dig and nslookup. Our previous version
predated edns0 support in those tools, and we want that. This is the worst
code I've looked at in years, with layers and layers of spaghetti abstraction
clearly unfit for reuse, but then reused anyways, and the old ones remain
behind. So this is a 8MB diff.
florian, sthen, and otto tried this merge before but failed.
|
| |
|
|
|
|
| |
No functional change.
ok millert@
|
| |
|
|
|
|
|
| |
ISC library to use socket(2) with the SOCK_DNS flag. As a result, the
port commands are disabled (such practice is rare in the wild these days,
and pretty incompatible with the DNS vs regular socket concept in pledge..)
ok bluhm phessler reyk, etc
|
| |
|
|
| |
ok henning
|
| |
|
|
| |
stupid seed that bind has decided on..
|
| | |
|
| |
|
|
|
|
| |
due to sizeof pointer instead of sizeof of type
with tedu; some quibbles spotted by miod, ok tedu miod jsg
jakob -- please push this upstream
|
| | |
|
| | |
|
| |
|
|
| |
ok djm@
|
| |
|
|
| |
connections. With help from djm@. OK djm@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
| |
Jinmei_Tatuya AT isc.org via jakob@
empirically verified for entire domain of upper_bound
|
| |
|
|
|
|
|
| |
(2^30,2^31). Nothing in the tree yet requests random numbers bounded
by this range.
report jakob!deraadt; ok deraadt@
|
| |
|
|
|
|
|
| |
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
|
| |
|
|
|
|
| |
are going to allocate/free a block of memory for the message contents,
you have to calculate and track the sizes seperately. This change is
just like all the other CMSG changes...
|
| |
|
|
|
| |
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
|
| |
|
|
|
|
|
|
|
| |
a set of incrementing integers (and not an arbitrary set of values) it
is possible to populate the array as we shuffle it in a single forward
pass. Clever optimisation from didickman AT gmail.com;
ok deraadt@ mcbride@
(same change as netinet/ip_id.c)
|
| |
|
|
| |
an extensive discussion with otto, kettenis, millert, and hshoexer
|
| |
|
|
|
|
|
| |
number 0 < x <= upper_bound and use it to correct the last tiny bias in the
shuffle initialisation
feedback & ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
shuffle. Upon allocation, swap-permute the new value to a random slot in
the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness
but also satisfying the non-repeating property we need. Inspired by Dillon's
implementation for ip id.
We believe this is easier to read though, initializes with less bias and wins
speed tests.
Thanks a lot to mcbride and djm for doing a bunch of statistical and speed
analysis, and comments from nordin
ok jakob djm mcbride
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok deraadt millert
|
| | |
|
florian
deraadt
sthen
krw
pelikan
tedu
jmc
millert
beck
reyk
djm
jakob