History log of /freebsd-head/contrib/tcp_wrappers/socket.c
Revision Date Author Comments
58d8ce329e6167f29a6b56e256f7a0c059bc432f 17-Jul-2019 brooks <brooks@FreeBSD.org> Use ANSI C function definitions and declerations.

Obtained from: CheriBSD
MFC after: 1 week
Sponsored by: DARPA, AFRL
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
19b6af98ec71398e77874582eb84ec5310c7156f 22-Nov-2008 dfr <dfr@FreeBSD.org> Clone Kip's Xen on stable/6 tree so that I can work on improving FreeBSD/amd64
performance in Xen's HVM mode.
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
e33ba033454acbec171e04edba1395842e412b5c 13-May-2005 ume <ume@FreeBSD.org> NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
8470721e5533578b8888e12e98d1322ea4eea9ef 27-Dec-2003 ceri <ceri@FreeBSD.org> Correct compilation with "#define really_paranoid".

PR: bin/59674
Submitted by: Vaclav Rehak <vasek@zoom-int.cz>
76f9847f71069e068130183f9680bc5213c8b54f 04-Jul-2001 kris <kris@FreeBSD.org> Unbreak "paranoid" host checking, which was broken with the IPv6 code

Submitted by: Tony Finch <dot@dotat.at>
6070b584b18ee19e5ada826ab8471dcb68004f54 25-Sep-2000 ume <ume@FreeBSD.org> - reject numeric address
- validate scope in sockaddr comparison logic

patch was originally submitted by itojun and slightly modified by me.

Reviewed by: itojun, kris
7478417f78b0803432f1cc1834c60b5b9c594d3d 23-Sep-2000 ume <ume@FreeBSD.org> Don't touch ai_canonname without checking NULL. Current
implementation of getaddrinfo() may return NULL ai_canonname.
There is no consensus how getaddrinfo() should fill ai_canonname
when numeric hostname is given.

Reported by: kris
70f27cd4dd7e1d1d852cba36b094d6dc066d927d 14-Jul-2000 ume <ume@FreeBSD.org> Add IPv6 scoped address support.
It enables us to control link-local connections by interface like

ALL : [fe80::%ed0]/10 : allow
ALL : [fe80::]/10 : deny
b42951578188c5aab5c9f8cbcde4a743f8092cdc 02-Apr-2000 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'ALSA'.
225d233deb08e4006d8cabd0a6572f76d729f90d 03-Feb-2000 shin <shin@FreeBSD.org> Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.

Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostname is used to decide the host to be allowed.
IPv6 users will be just upset.

About security related concern.
-All extensions are wrapped by #ifdef INET6, so people can completely
disable the extension by recompile libwrap without INET6 option.
-Access via IPv6 is not enabled by default.
People need to enable IPv6 access by changing /etc/inetd.conf at first,
by adding tcp6 and/or tcp46 entries.
-The base of patches are from KAME package and are actually daily used
for more than a year in several Japanese IPv6 environments.
-Patches are reviewed by markm.

Approved by: jkh

Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
06c148304a969b7ab848c2ae00bc474c2f6b87b6 14-Mar-1999 markm <markm@FreeBSD.org> Clean import of TCP-wrappers by Wietse Venema.
Rest of build to follow.