upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-03 00:15:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netinet6
History
Mark Johnston 274579831b capsicum: Limit socket operations in capability mode 
Capsicum did not prevent certain privileged networking operations,
specifically creation of raw sockets and network configuration ioctls.
However, these facilities can be used to circumvent some of the
restrictions that capability mode is supposed to enforce.

Add capability mode checks to disallow network configuration ioctls and
creation of sockets other than PF_LOCAL and SOCK_DGRAM/STREAM/SEQPACKET
internet sockets.

Reviewed by:	oshogbo
Discussed with:	emaste
Reported by:	manu
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D29423
2021-04-07 14:32:56 -04:00
..
dest6.c Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. 2019-12-01 00:22:04 +00:00
frag6.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
icmp6.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
icmp6.h
in6.c capsicum: Limit socket operations in capability mode 2021-04-07 14:32:56 -04:00
in6.h Expose nonstandard IPv6 kernel definitions to standalone builds. 2020-12-04 21:51:47 +00:00
in6_cksum.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
in6_fib.c Fix unused-function waring when compiling with FIB_ALGO. 2021-01-30 23:25:56 +00:00
in6_fib.h Add modular fib lookup framework. 2020-12-25 11:33:17 +00:00
in6_fib_algo.c Fix dpdk/ldradix fib lookup algorithm preference calculation. 2021-03-07 22:17:53 +00:00
in6_gif.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
in6_ifattach.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
in6_ifattach.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
in6_jail.c Move most of the contents of opt_compat.h to opt_global.h. 2018-04-06 17:35:35 +00:00
in6_mcast.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
in6_pcb.c Enforce net epoch in in6_selectsrc(). 2021-02-15 22:33:12 +00:00
in6_pcb.h Filter TCP connections to SO_REUSEPORT_LB listen sockets by NUMA domain 2020-12-19 22:04:46 +00:00
in6_pcbgroup.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
in6_proto.c capsicum: Limit socket operations in capability mode 2021-04-07 14:32:56 -04:00
in6_rmx.c Introduce scalable route multipath. 2020-10-03 10:47:17 +00:00
in6_rss.c Implement flowid calculation for outbound connections to balance 2020-10-18 17:15:47 +00:00
in6_rss.h Implement flowid calculation for outbound connections to balance 2020-10-18 17:15:47 +00:00
in6_src.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
in6_var.h Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
ip6.h
ip6_ecn.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip6_fastfwd.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ip6_forward.c ipv6: quit dropping packets looping back on p2p interfaces 2020-08-31 01:45:48 +00:00
ip6_gre.c Introduce NET_EPOCH_CALL() macro and use it everywhere where we free 2020-01-15 06:05:20 +00:00
ip6_id.c ip6_randomflowlabel: Avoid blocking if random(4) is not available 2019-04-23 17:18:20 +00:00
ip6_input.c Flush remaining routes from the routing table during VNET shutdown. 2021-03-10 21:10:14 +00:00
ip6_mroute.c Revert "SO_RERROR indicates that receive buffer overflows should be handled as errors." 2021-02-08 22:32:32 +00:00
ip6_mroute.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip6_output.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
ip6_var.h Convert route caching to nexthop caching. 2020-04-25 09:06:11 +00:00
ip6protosw.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip_fw_nat64.h Reapply r345274 with build fixes for 32-bit architectures. 2019-03-19 10:57:03 +00:00
ip_fw_nptv6.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
mld6.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
mld6.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
mld6_var.h icmpv6: Fix mbuf change in mld 2019-11-18 21:59:47 +00:00
nd6.c base: remove if_wg(4) and associated utilities, manpage 2021-03-17 09:14:48 -05:00
nd6.h Switch inet6 default route subscription to the new rib subscription api. 2020-07-12 11:24:23 +00:00
nd6_nbr.c Enforce net epoch in in6_selectsrc(). 2021-02-15 22:33:12 +00:00
nd6_rtr.c Fix crash with rtadv-originated multipath IPv6 routes. 2021-02-24 16:44:10 +00:00
pim6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
pim6_var.h Rework IP encapsulation handling code. 2018-06-05 20:51:01 +00:00
raw_ip6.c Enforce net epoch in in6_selectsrc(). 2021-02-15 22:33:12 +00:00
raw_ip6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
route6.c Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. 2019-12-01 00:22:04 +00:00
scope6.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
scope6_var.h Make net.inet6.ip6.deembed_scopeid behaviour default & remove sysctl. 2020-08-15 11:37:44 +00:00
sctp6_usrreq.c net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
sctp6_var.h Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
send.c Remove per-packet ifa refcounting from IPv6 fast path. 2021-02-15 22:33:12 +00:00
send.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
tcp6_var.h Remove tcp_rtlookup6() function signature. 2020-04-13 08:26:11 +00:00
udp6_usrreq.c [udp6] fix possible panic due to lack of locking. 2021-02-11 12:00:25 +03:00
udp6_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00