| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
fd == -1 check suggested by deraadt@, ok florian@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
rdaemon() works like daemon(3) but requires its caller to pre-open
/dev/null. This makes it possible to go in the background after
a chroot(2), allowing for more error checking. The pattern is basically
- open /dev/null
- chroot
- privdrop
- rdaemon
"design" initialy discussed with semarie@ a while ago, ok dlg@
|
| |
|
|
|
|
|
|
|
| |
rc.d waiting up to 30 secs when starting ftp-proxy right after updating from 5.8
because at that point sysmerge(8) would not have had a chance to run yet and the
unpriv user would not exist.
issue reported by sthen@
ok sthen@ benno@ jca@
|
| | |
|
| |
|
|
|
|
|
| |
that. Problem introduced since tftp-proxy and ftp-proxy have separate
nonpriv users.
OK deraadt@
|
| | |
|
| |
|
|
| |
ports is ready, <net/pfvar.h> will stop including a pile of balony.
|
| |
|
|
|
|
|
|
| |
CIRCLEQ_* is deprecated and not called in the tree. The other queue types
have *_END macros which were added for symmetry with CIRCLEQ_END. They are
defined as NULL. There's no reason to keep the other *_END macro calls.
ok millert@
|
| |
|
|
| |
need it.
|
| |
|
|
|
| |
ignored silently and without aborting, much like EINTR and EWOULDBLOCK are.
ok's from various maintainers of these directories...
|
| |
|
|
|
| |
done in relayd.
ok sthen, deraadt
|
| |
|
|
|
|
| |
fd exhaustion.
ok deraadt mikeb
|
| |
|
|
|
| |
occurrences to get_line().
Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
| | |
|
| |
|
|
|
| |
an expensive state lookup (via natlook ioctl) and shrinks the code.
tested by me and sthen, ok reyk sthen
|
| |
|
|
|
|
| |
nat-to and rdr-to rules with correct rtable rule attributes. This
allows to use ftp-proxy to proxy accross rdomains.
Tested and OK phessler@, OK henning@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the way the rdr/nat rules are added to pf. Now only a single
anchor is needed (the other ones do no longer exist).
To convert your ruleset you need something like this at the start of your
ruleset:
# filter rules and anchors for ftp-proxy(8)
anchor "ftp-proxy/*"
pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
This was tested by myself, sthen@, dlg@ and I think many more. OK by the same
people plus henning.
|
| |
|
|
|
| |
include the program name in logmsg() plus exit_daemon() does not return so
make it a void function. OK mpf@
|
| |
|
|
|
|
|
|
|
|
| |
the proxy would eat the 221 response coming from the server towards the
client.
Patch from camield@. Tested by Camiel and myself.
ok camield@
|
| |
|
|
|
|
|
| |
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
|
| |
|
|
|
|
| |
the ftp-proxy anchor. Exotic setups with route-to etc.
can be implemented this way.
from camield, ok reyk beck canacar and manpage polished by jmc
|
| |
|
|
|
|
|
|
|
|
|
|
| |
immediately after the client sends the PORT command. The "normal"
behaviour is to wait for the client to actually request a transfer.
Make ftp-proxy add the active mode rules immediately too, so that
both scenario's work.
ok david pyr
Tested by Frank Denis, Stephan A. Rickauer, Ingo Schwarze, Stuart
Henderson. Thanks.
|
| |
|
|
| |
clever, nice and easy diff from bsd@openbsd.rutgers.edu, ok pyr reyk
|
| | |
|
| |
|
|
|
|
| |
Triggered by Rik/harry Bobbaers on bugs@.
ok mbalmer@ ray@
|
| |
|
|
|
|
|
|
|
| |
provos.
Fixes race condition where ftp-proxy would silently exit if a write was
attempted on a socket that was closed by an RST. Should fix PR 5260.
ok claudio@
|
| |
|
|
| |
otherwise.
|
| |
|
|
| |
from Andrey Matveev
|
| |
|
|
| |
ok claudio henning
|
| |
|
|
| |
ok henning deraadt
|
| | |
|
| | |
|
| |
|
|
| |
ok beck mpf
|
| | |
|
| |
|
|
| |
ok beck
|
|
|
previously known as pftpx.
Not connected to the builds yet.
ok beck
|
jca
ajacoutot
mmcc
sebastia
deraadt
doug
benno
camield
fgsch
mikeb
claudio
joel
djm
henning