#include <sys/errno.h>
#include <sys/sysctl.h>
#include <net/content_filter.h>
+#include <libproc.h>
#include <stdio.h>
#include <stdlib.h>
#include <err.h>
#include <unistd.h>
#include <string.h>
+#define IPPROTOCOL_TCP 6
+#define IPPROTOCOL_UDP 17
+
void
print_filter_list()
{
struct cfil_sock_stat *sock_stat;
char opass[32];
char ipass[32];
-
+ char namebuffer[256];
+ char *procName = "<not found>";
+
sock_stat = (struct cfil_sock_stat *)ptr;
if (curr_len + sock_stat->cfs_len > total_len ||
sock_stat->cfs_len < sizeof(struct cfil_sock_stat))
break;
+ if (proc_name(sock_stat->cfs_e_pid, namebuffer, sizeof(namebuffer)) > 0) {
+ procName = namebuffer;
+ }
+
sprint_offset(opass, 32, "%8llu", sock_stat->cfs_snd.cbs_pass_offset);
sprint_offset(ipass, 32, "%8llu", sock_stat->cfs_rcv.cbs_pass_offset);
- printf("%18s %10s "
+ printf("%16s %5s %10s "
"%8s %8s %8s %8s %8s %8s %8s "
"%8s %8s %8s %8s %8s %8s %8s "
- "%8s %8s\n",
- "sockid", "flags",
+ "%8s %8s %15s\n",
+ "sockid", "proto", "flags",
"ofirst", "olast", "oqlen", " ", "opass", " ", " ",
"ifirst", "ilast", "iqlen", " ", "ipass", " ", " ",
- "pid", "epid");
+ "pid", "epid", "eprocname");
- printf("0x%016llx 0x%08llx "
+ printf("%016llu %5s 0x%08llx "
"%8llu %8llu %8llu %8s %8s %8s %8s "
"%8llu %8llu %8llu %8s %8s %8s %8s "
- "%8u %8u\n",
+ "%8u %8u %15s\n",
sock_stat->cfs_sock_id,
+ sock_stat->cfs_sock_protocol == IPPROTOCOL_TCP ? "TCP" : "UDP",
sock_stat->cfs_flags,
sock_stat->cfs_snd.cbs_pending_first,
" ",
" ",
sock_stat->cfs_pid,
- sock_stat->cfs_e_pid);
+ sock_stat->cfs_e_pid,
+ procName);
+
printf("%7s %10s %10s "
"%8s %8s %8s %8s %8s %8s %8s "
/*
- * Copyright (c) 2009-2014 Apple Inc. All rights reserved.
+ * Copyright (c) 2009-2017 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
printf("dynamic ");
if ((flags6 & IN6_IFF_SECURED) != 0)
printf("secured ");
+ if ((flags6 & IN6_IFF_CLAT46) != 0)
+ printf("clat46 ");
if (scopeid)
printf("scopeid 0x%x ", scopeid);
#include <string.h>
#include <unistd.h>
#include <sysexits.h>
+#include <syslog.h>
#include "ifconfig.h"
static char *bps_to_str(unsigned long long rate);
static char *ns_to_str(unsigned long long nsec);
static void tunnel_status(int s);
+static void clat46_addr(int s, char *name);
+static void nat64_status(int s, char *name);
static void usage(void);
static char *sched2str(unsigned int s);
static char *tl2str(unsigned int s);
#endif /* defined(SIOCSQOSMARKINGMODE) && defined(SIOCSQOSMARKINGENABLED) */
+void
+setlowpowermode(const char *vname, int value, int s, const struct afswtch *afp)
+{
+ strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+ ifr.ifr_low_power_mode = !!value;
+
+ if (ioctl(s, SIOCSIFLOWPOWER, (caddr_t)&ifr) < 0)
+ Perror(vname);
+}
+
#define IFFBITS \
"\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6SMART\7RUNNING" \
"\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2" \
#define IFEFBITS \
"\020\1AUTOCONFIGURING\4PROBE_CONNECTIVITY\5FASTLN_CAP\6IPV6_DISABLED\7ACCEPT_RTADV\10TXSTART\11RXPOLL" \
-"\12VLAN\13BOND\14ARPLL\15NOWINDOWSCALE\16NOAUTOIPV6LL\17EXPENSIVE\20ROUTER4" \
+"\12VLAN\13BOND\14ARPLL\15CLAT46\16NOAUTOIPV6LL\17EXPENSIVE\20ROUTER4" \
"\21ROUTER6\22LOCALNET_PRIVATE\23ND6ALT\24RESTRICTED_RECV\25AWDL\26NOACKPRI" \
"\27AWDL_RESTRICTED\30CL2K\31ECN_ENABLE\32ECN_DISABLE\33CHANNEL_DRV\34CA" \
"\35SENDLIST\36DIRECTLINK\37FASTLN_ON\40UPDOWNCHANGE"
} else if (afp->af_af == ift->ifa_addr->sa_family)
afp->af_status(s, ift);
}
+
+/* Print CLAT46 address */
+ clat46_addr(s, name);
+
+/* Print NAT64 prefix */
+ nat64_status(s, name);
+
#if 0
if (allfamilies || afp->af_af == AF_LINK) {
const struct afswtch *lafp;
}
}
#endif /* defined(SIOCGQOSMARKINGENABLED) && defined(SIOCGQOSMARKINGMODE) */
+
+ if (verbose > 0 && ioctl(s, SIOCGIFLOWPOWER, &ifr) != -1) {
+ printf("\tlow power mode: %s\n",
+ (ifr.ifr_low_power_mode != 0) ? "enabled" : "disabled");
+ }
done:
close(s);
return;
af_all_tunnel_status(s);
}
+static void
+clat46_addr(int s, char * if_name)
+{
+ struct if_clat46req ifr;
+ char buf[MAXHOSTNAMELEN];
+
+ bzero(&ifr, sizeof (ifr));
+ strlcpy(ifr.ifclat46_name, if_name, sizeof(ifr.ifclat46_name));
+
+ if (ioctl(s, SIOCGIFCLAT46ADDR, &ifr) < 0) {
+ if (errno != ENOENT)
+ syslog(LOG_WARNING, "ioctl (SIOCGIFCLAT46ADDR): %d", errno);
+ return;
+ }
+
+ if (inet_ntop(AF_INET6, &ifr.ifclat46_addr.v6_address, buf, sizeof(buf)) != NULL)
+ printf("\tinet6 %s prefixlen %d clat46\n",
+ buf, ifr.ifclat46_addr.v6_prefixlen);
+}
+
+static void
+nat64_status(int s, char * if_name)
+{
+ int i;
+ struct if_nat64req ifr;
+ char buf[MAXHOSTNAMELEN];
+
+ bzero(&ifr, sizeof(ifr));
+ strlcpy(ifr.ifnat64_name, if_name, sizeof(ifr.ifnat64_name));
+
+ if (ioctl(s, SIOCGIFNAT64PREFIX, &ifr) < 0) {
+ if (errno != ENOENT)
+ syslog(LOG_WARNING, "ioctl(SIOCGIFNAT64PREFIX): %d", errno);
+ return;
+ }
+
+ for (i = 0; i < NAT64_MAX_NUM_PREFIXES; i++) {
+ if (ifr.ifnat64_prefixes[i].prefix_len > 0) {
+ inet_ntop(AF_INET6, &ifr.ifnat64_prefixes[i].ipv6_prefix, buf, sizeof(buf));
+ printf("\tnat64 prefix %s prefixlen %d\n",
+ buf, ifr.ifnat64_prefixes[i].prefix_len << 3);
+ }
+ }
+}
+
void
Perror(const char *cmd)
{
DEF_CMD_ARG("disable_output", setdisableoutput),
DEF_CMD("probe_connectivity", 1, setprobeconnectivity),
DEF_CMD("-probe_connectivity", 0, setprobeconnectivity),
+ DEF_CMD("lowpowermode", 1, setlowpowermode),
+ DEF_CMD("-lowpowermode", 0, setlowpowermode),
};
static __constructor void
if (prioflag >= 0)
printf(" %7.7s[%1d] %7.7s[%1d]", "rxbytes", prioflag, "txbytes", prioflag);
if (vflag > 0)
- printf(" %6.6s %6.6s %6.6s %6.6s",
- "rhiwat", "shiwat", "pid", "epid");
+ printf(" %6.6s %6.6s %6.6s %6.6s %6s %10s",
+ "rhiwat", "shiwat", "pid", "epid", "state", "options");
printf("\n");
}
first = 0;
prioflag < SO_TC_STATS_MAX ? so_stat->xst_tc_stats[prioflag].txbytes : 0);
}
if (vflag > 0) {
- printf(" %6u %6u %6u %6u",
+ printf(" %6u %6u %6u %6u 0x%04x 0x%08x",
so_rcv->sb_hiwat,
so_snd->sb_hiwat,
so->so_last_pid,
- so->so_e_pid);
+ so->so_e_pid,
+ so->so_state,
+ so->so_options);
}
putchar('\n');
}
p(tcps_sndwinup, "\t\t%u window update packet%s\n");
p(tcps_sndctrl, "\t\t%u control packet%s\n");
p(tcps_fcholdpacket, "\t\t%u data packet%s sent after flow control\n");
+ p(tcps_synchallenge, "\t\t%u challenge ACK%s sent due to unexpected SYN\n");
+ p(tcps_rstchallenge, "\t\t%u challenge ACK%s sent due to unexpected RST\n");
t_swcsum = tcpstat.tcps_snd_swcsum + tcpstat.tcps_snd6_swcsum;
if ((t_swcsum - pt_swcsum) || sflag <= 1)
printf("\t\t%u checksummed in software\n", (t_swcsum - pt_swcsum));
"\t\t%u packet%s (%u byte%s) of data after window\n");
p(tcps_rcvwinprobe, "\t\t%u window probe%s\n");
p(tcps_rcvwinupd, "\t\t%u window update packet%s\n");
+ p(tcps_recovered_pkts, "\t\t%u packet%s recovered after loss\n");
p(tcps_rcvafterclose, "\t\t%u packet%s received after close\n");
p(tcps_badrst, "\t\t%u bad reset%s\n");
p(tcps_rcvbadsum, "\t\t%u discarded for bad checksum%s\n");
"\t\t%u connection%s updated cached RTT variance on close\n");
p(tcps_cachedssthresh,
"\t\t%u connection%s updated cached ssthresh on close\n");
+ p(tcps_usedrtt, "\t\t%u connection%s initialized RTT from route cache\n");
+ p(tcps_usedrttvar,
+ "\t\t%u connection%s initialized RTT variance from route cache\n");
+ p(tcps_usedssthresh,
+ "\t\t%u connection%s initialized ssthresh from route cache\n");
p(tcps_conndrops, "\t%u embryonic connection%s dropped\n");
p2(tcps_rttupdated, tcps_segstimed,
"\t%u segment%s updated rtt (of %u attempt%s)\n");
p(tcps_rexmttimeo, "\t%u retransmit timeout%s\n");
p(tcps_timeoutdrop, "\t\t%u connection%s dropped by rexmit timeout\n");
p(tcps_rxtfindrop, "\t\t%u connection%s dropped after retransmitting FIN\n");
+ p(tcps_sndrexmitbad, "\t\t%u unnecessary packet retransmissions%s\n");
p(tcps_persisttimeo, "\t%u persist timeout%s\n");
p(tcps_persistdrop, "\t\t%u connection%s dropped by persist timeout\n");
p(tcps_keeptimeo, "\t%u keepalive timeout%s\n");
p(tcps_ecn_fallback_synloss, "\t\t%u connection%s fell back to non-ECN due to SYN-loss\n");
p(tcps_ecn_fallback_reorder, "\t\t%u connection%s fell back to non-ECN due to reordering\n");
p(tcps_ecn_fallback_ce, "\t\t%u connection%s fell back to non-ECN due to excessive CE-markings\n");
+ p(tcps_ecn_fallback_droprst, "\t\t%u connection%s fell back caused by connection drop due to RST\n");
+ p(tcps_ecn_fallback_droprxmt, "\t\t%u connection%s fell back due to drop after multiple retransmits \n");
+ p(tcps_ecn_fallback_synrst, "\t\t%u connection%s fell back due to RST after SYN\n");
+
p(tcps_detect_reordering, "\t%u time%s packet reordering was detected on a connection\n");
p(tcps_reordered_pkts, "\t\t%u time%s transmitted packets were reordered\n");
p(tcps_delay_recovery, "\t\t%u time%s fast recovery was delayed to handle reordering\n");
p(tcps_avoid_rxmt, "\t\t%u time%s retransmission was avoided by delaying recovery\n");
p(tcps_unnecessary_rxmt, "\t\t%u retransmission%s not needed \n");
+ p(tcps_tailloss_rto, "\t%u retransmission%s due to tail loss\n");
p(tcps_dsack_sent, "\t%u time%s DSACK option was sent\n");
p(tcps_dsack_recvd, "\t\t%u time%s DSACK option was received\n");
p(tcps_dsack_disable, "\t\t%u time%s DSACK was disabled on a connection\n");
p(tcps_dsack_recvd_old,"\t\t%u time%s ignored old DSACK options\n");
p(tcps_pmtudbh_reverted, "\t%u time%s PMTU Blackhole detection, size reverted\n");
p(tcps_drop_after_sleep, "\t%u connection%s were dropped after long sleep\n");
+ p(tcps_nostretchack, "\t%u connection%s had stretch ack algorithm disabled\n");
p(tcps_tfo_cookie_sent,"\t%u time%s a TFO-cookie has been announced\n");
p(tcps_tfo_syn_data_rcv,"\t%u SYN%s with data and a valid TFO-cookie have been received\n");
p(tcps_tfo_syn_data_acked,"\t\t%u time%s our SYN with data has been acknowledged\n");
p(tcps_tfo_syn_loss,"\t%u time%s a connection-attempt with TFO fell back to regular TCP\n");
p(tcps_tfo_blackhole,"\t%u time%s a TFO-connection blackhole'd\n");
+ p(tcps_tfo_cookie_wrong,"\t%u time%s a TFO-cookie we sent was wrong\n");
+ p(tcps_tfo_no_cookie_rcv,"\t%u time%s did not received a TFO-cookie we asked for\n");
+ p(tcps_tfo_heuristics_disable,"\t%u time%s TFO got disabled due to heuristicsn\n");
+ p(tcps_tfo_sndblackhole,"\t%u time%s TFO got blackholed in the sending direction\n");
+
p(tcps_mss_to_default,"\t%u time%s maximum segment size was changed to default\n");
p(tcps_mss_to_medium,"\t%u time%s maximum segment size was changed to medium\n");
p(tcps_mss_to_low,"\t%u time%s maximum segment size was changed to low\n");
/*
- * Copyright (c) 2008-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2008-2018 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
p1a(ip6s_forward_cachemiss, "\t\t%llu forward cache miss\n");
p(ip6s_pktdropcntrl,
"\t\t%llu packet%s dropped due to no bufs for control data\n");
+ /* CLAT46 input stats */
+ p(ip6s_clat464_in_tooshort_drop,
+ "\t\t%llu input packet%s dropped due to too short length \n");
+ p(ip6s_clat464_in_nov6addr_drop,
+ "\t\t%llu input packet%s dropped due to missing CLAT46 IPv6 address\n");
+ p(ip6s_clat464_in_nov4addr_drop,
+ "\t\t%llu input packet%s dropped due to missing CLAT46 IPv4 address\n");
+ p(ip6s_clat464_in_v4synthfail_drop,
+ "\t\t%llu input packet%s dropped due to CLAT46 IPv4 address derivation failure\n");
+ p(ip6s_clat464_in_64transfail_drop,
+ "\t\t%llu input packet%s dropped due to CLAT46 IP header translation failure\n");
+ p(ip6s_clat464_in_64proto_transfail_drop,
+ "\t\t%llu input packet%s dropped due to CLAT46 protocol translation failure\n");
+ p(ip6s_clat464_in_64frag_transfail_drop,
+ "\t\t%llu input packet%s dropped due to CLAT46 fragment translation failure\n");
+ p(ip6s_clat464_in_invalpbuf_drop,
+ "\t\t%llu input packet%s dropped due to invalid pbuf\n");
+ p(ip6s_clat464_in_v4_drop,
+ "\t\t%llu input IPv4 packet%s dropped on CLAT46 enabled interface\n");
+ p(ip6s_clat464_in_drop,
+ "\t\t%llu input packet%s dropped due to CLAT46 failures\n");
+ p(ip6s_clat464_in_success,
+ "\t\t%llu input packet%s successfully translated from IPv6 to IPv4\n");
#define INPERFDIFF(f) (in_net_perf.f - pin_net_perf.f)
if (INPERFDIFF(np_total_pkts) > 0 && in_net_perf.np_total_usecs > 0) {
p(ip6s_cantfrag, "\t\t%llu datagram%s that can't be fragmented\n");
p(ip6s_badscope, "\t\t%llu packet%s that violated scope rules\n");
p(ip6s_necp_policy_drop, "\t\t%llu packet%s dropped due to NECP policy\n");
+ /* CLAT46 output stats */
+ p(ip6s_clat464_out_nov6addr_drop,
+ "\t\t%llu output packet%s dropped due to missing CLAT46 IPv6 address\n");
+ p(ip6s_clat464_out_v6synthfail_drop,
+ "\t\t%llu output packet%s dropped due to CLAT46 IPv6 address synthesis failure\n");
+ p(ip6s_clat464_out_46transfail_drop,
+ "\t\t%llu output packet%s dropped due to CLAT46 IP header translation failure\n");
+ p(ip6s_clat464_out_46proto_transfail_drop,
+ "\t\t%llu output packet%s dropped due to CLAT46 protocol translation failure\n");
+ p(ip6s_clat464_out_46frag_transfail_drop,
+ "\t\t%llu output packet%s dropped due to CLAT46 fragment translation failure\n");
+ p(ip6s_clat464_out_invalpbuf_drop,
+ "\t\t%llu output packet%s dropped due to invalid pbuf\n");
+ p(ip6s_clat464_out_drop,
+ "\t\t%llu output packet%s dropped due to CLAT46 failures\n");
+ p(ip6s_clat464_out_success,
+ "\t\t%llu output packet%s successfully translated from IPv4 to IPv6\n");
#define OUTPERFDIFF(f) (out_net_perf.f - pout_net_perf.f)
if (OUTPERFDIFF(np_total_pkts) > 0 && out_net_perf.np_total_usecs > 0) {
int qflag; /* classq stats display */
int Qflag; /* opportunistic polling stats display */
int xflag; /* show extended link-layer reachability information */
+int zflag; /* show only entries with non zero rtt metrics */
int cq = -1; /* send classq index (-1 for all) */
int interval; /* repeat interval for i/f stats */
af = AF_UNSPEC;
- while ((ch = getopt(argc, argv, "Aabc:dFf:gI:ikLlmnP:p:qQrRsStuvWw:x")) != -1)
+ while ((ch = getopt(argc, argv, "Aabc:dFf:gI:ikLlmnP:p:qQrRsStuvWw:xz")) != -1)
switch(ch) {
case 'A':
Aflag = 1;
iflag = 1;
break;
case 'l':
- lflag = 1;
+ lflag += 1;
break;
case 'L':
Lflag = 1;
xflag = 1;
Rflag = 1;
break;
+ case 'z':
+ zflag = 1;
+ break;
case '?':
default:
usage();
.Fl l
is also present,
.Nm
-assumes more columns are there and the maximum transmission unit
+assumes more columns are there and the maximum transmission unit.
+More detailed information about the route metrics are displayed with
+.Fl ll
+for TCP round trip times
+.Fl lll
+for all metrics.
+Use the
+.Fl z
+flags to display only entries with non-zero RTT values.
.Pq Dq mtu
are also displayed.
.It Fl R
to show link-layer reachability information for a given interface.
.It Fl s
Show per-protocol statistics. If this option is repeated, counters with a value of
-zero are suppressed.
+zero are suppressed. For security reasons, root privileges are required to read TCP statistics and in the absence of such privileges all TCP counters will be reported as zero.
.It Fl S
Show interface link status and interface state information about the specified interface. This option requires specifying an interface with
.Fl I
extern int qflag; /* Display ifclassq stats */
extern int Qflag; /* Display opportunistic polling stats */
extern int xflag; /* show extended link-layer reachability information */
+extern int zflag; /* show only entries with non zero rtt metrics */
extern int cq; /* send classq index (-1 for all) */
extern int interval; /* repeat interval for i/f stats */
if (Aflag)
printf("%-8.8s ","Address");
- if (af == AF_INET || lflag)
- if (lflag)
+ if (af == AF_INET || lflag) {
+ if (lflag > 2)
+ printf("%-*.*s %-*.*s %-10.10s %6.6s %8.8s %6.6s %*.*s %6s "
+ "%10s %10s %8s %8s %8s\n",
+ WID_DST(af), WID_DST(af), "Destination",
+ WID_GW(af), WID_GW(af), "Gateway",
+ "Flags", "Refs", "Use", "Mtu",
+ WID_IF(af), WID_IF(af), "Netif", "Expire",
+ "rtt(ns)", "rttvar(ns)", "recvpipe", "sendpipe", "ssthresh");
+ else if (lflag > 1)
+ printf("%-*.*s %-*.*s %-10.10s %6.6s %8.8s %6.6s %*.*s %6s "
+ "%10s %10s\n",
+ WID_DST(af), WID_DST(af), "Destination",
+ WID_GW(af), WID_GW(af), "Gateway",
+ "Flags", "Refs", "Use", "Mtu",
+ WID_IF(af), WID_IF(af), "Netif", "Expire",
+ "rtt(ns)", "rttvar(ns)");
+ else if (lflag == 1)
printf("%-*.*s %-*.*s %-10.10s %6.6s %8.8s %6.6s %*.*s %6s\n",
WID_DST(af), WID_DST(af), "Destination",
WID_GW(af), WID_GW(af), "Gateway",
WID_GW(af), WID_GW(af), "Gateway",
"Flags", "Refs", "Use",
WID_IF(af), WID_IF(af), "Netif", "Expire");
- else
+ } else {
printf("%-*.*s %-*.*s %-10.10s %8.8s %6s\n",
WID_DST(af), WID_DST(af), "Destination",
WID_GW(af), WID_GW(af), "Gateway",
"Flags", "Netif", "Expire");
}
+}
/*
* Print routing tables.
return;
}
+ if (lflag > 1 && zflag != 0 && rtm->rtm_rmx.rmx_rtt == 0 && rtm->rtm_rmx.rmx_rttvar == 0)
+ return;
fam = sa->sa_family;
if (af != AF_UNSPEC && af != fam)
return;
if ((expire_time =
rtm->rtm_rmx.rmx_expire - time((time_t *)0)) > 0)
printf(" %6d", (int)expire_time);
+ else
+ printf(" %6s", "!");
+ } else {
+ printf(" %6s", "");
+ }
+ if (lflag > 1) {
+ if (rtm->rtm_rmx.rmx_rtt != 0)
+ printf(" %6u.%03u", rtm->rtm_rmx.rmx_rtt / 1000,
+ rtm->rtm_rmx.rmx_rtt % 1000);
+ else
+ printf(" %10s", "");
+ if (rtm->rtm_rmx.rmx_rttvar != 0)
+ printf(" %6u.%03u", rtm->rtm_rmx.rmx_rttvar / 1000,
+ rtm->rtm_rmx.rmx_rttvar % 1000);
+ else
+ printf(" %10s", "");
+ if (lflag > 2) {
+ if (rtm->rtm_rmx.rmx_recvpipe != 0)
+ printf(" %8u", rtm->rtm_rmx.rmx_recvpipe);
+ else
+ printf(" %8s", "");
+ if (rtm->rtm_rmx.rmx_sendpipe != 0)
+ printf(" %8u", rtm->rtm_rmx.rmx_sendpipe);
+ else
+ printf(" %8s", "");
+ if (rtm->rtm_rmx.rmx_ssthresh != 0)
+ printf(" %8u", rtm->rtm_rmx.rmx_ssthresh);
+ else
+ printf(" %8s", "");
+ }
}
putchar('\n');
}
03B2DBF1100BE71D005349BC /* Ignore Me */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = YES;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
GCC_PREPROCESSOR_DEFINITIONS = (
INSTALL_MODE_FLAG = 0555;
INSTALL_PATH = /usr/sbin;
PRODUCT_NAME = rtadvd;
+ USE_HEADERMAP = NO;
WARNING_CFLAGS = (
"$(inherited)",
"-Wno-deprecated-declarations",
isa = XCBuildConfiguration;
buildSettings = {
ALTERNATE_MODE = 0555;
- ALWAYS_SEARCH_USER_PATHS = NO;
COPY_PHASE_STRIP = NO;
GCC_DYNAMIC_NO_PIC = NO;
GCC_ENABLE_FIX_AND_CONTINUE = YES;
4D2B04F61208C2050004A3F3 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
COPY_PHASE_STRIP = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
GCC_ENABLE_FIX_AND_CONTINUE = NO;
4D2B04F71208C2050004A3F3 /* Ignore Me */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_MODEL_TUNING = G5;
INSTALL_PATH = /usr/local/bin;
565825A11339218F003E5FA5 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
COPY_PHASE_STRIP = NO;
565825A21339218F003E5FA5 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
COPY_PHASE_STRIP = YES;
565825A31339218F003E5FA5 /* Ignore Me */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
GCC_ENABLE_FIX_AND_CONTINUE = YES;
690D978312DE6035004323A7 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
COPY_PHASE_STRIP = NO;
690D978412DE6035004323A7 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
COPY_PHASE_STRIP = YES;
690D978512DE6035004323A7 /* Ignore Me */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
"DEBUG_INFORMATION_FORMAT[sdk=iphoneos*][arch=*]" = dwarf;
7132976C1A93C743002359CF /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = YES;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
- CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = macosx.internal;
SUPPORTED_PLATFORMS = macosx;
- "USER_HEADER_SEARCH_PATHS[arch=*]" = unbound/;
+ USER_HEADER_SEARCH_PATHS = "$(SRCROOT)/unbound";
+ USE_HEADERMAP = NO;
VALID_ARCHS = "x86_64 x86_64h";
};
name = Debug;
7132976D1A93C743002359CF /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = YES;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
- CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = macosx.internal;
SUPPORTED_PLATFORMS = macosx;
- "USER_HEADER_SEARCH_PATHS[arch=*]" = unbound;
+ USER_HEADER_SEARCH_PATHS = "$(SRCROOT)/unbound";
+ USE_HEADERMAP = NO;
VALID_ARCHS = "x86_64 x86_64h";
};
name = Release;
7132976E1A93C743002359CF /* Ignore Me */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = YES;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
- CLANG_ENABLE_MODULES = YES;
CLANG_ENABLE_OBJC_ARC = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = macosx.internal;
SUPPORTED_PLATFORMS = macosx;
+ USER_HEADER_SEARCH_PATHS = "$(SRCROOT)/unbound";
+ USE_HEADERMAP = NO;
VALID_ARCHS = "x86_64 x86_64h";
};
name = "Ignore Me";
7216D2CF0EE89B7A00AE70E4 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = YES;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
GCC_PREPROCESSOR_DEFINITIONS = (
7216D2D00EE89B7A00AE70E4 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = YES;
CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist";
CODE_SIGN_IDENTITY = "-";
GCC_PREPROCESSOR_DEFINITIONS = (
INSTALL_MODE_FLAG = 0555;
INSTALL_PATH = /usr/sbin;
PRODUCT_NAME = rtadvd;
+ USE_HEADERMAP = NO;
WARNING_CFLAGS = (
"$(inherited)",
"-Wno-deprecated-declarations",
INSTALL_MODE_FLAG = 0555;
INSTALL_PATH = /usr/sbin;
PRODUCT_NAME = rtadvd;
+ USE_HEADERMAP = NO;
WARNING_CFLAGS = (
"$(inherited)",
"-Wno-deprecated-declarations",
free(rc);
return NULL;
}
- /* no SSLv2, SSLv3 because has defects */
- if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
- log_crypto_err("could not set SSL_OP_NO_SSLv2");
- daemon_remote_delete(rc);
- return NULL;
- }
- if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
- log_crypto_err("could not set SSL_OP_NO_SSLv3");
- daemon_remote_delete(rc);
- return NULL;
- }
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
s_key = fname_after_chroot(cfg->server_key_file, cfg, 1);
if(!s_cert || !s_key) {
ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx)
ssl_err("could not allocate SSL_CTX pointer");
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
- ssl_err("could not set SSL_OP_NO_SSLv2");
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
- ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
{
SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
if(!ctx) print_exit("out of memory");
- (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
- (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
if(!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM))
print_exit("cannot read cert");
if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
log_crypto_err("could not SSL_CTX_new");
return NULL;
}
- /* no SSLv2, SSLv3 because has defects */
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
- log_crypto_err("could not set SSL_OP_NO_SSLv2");
- SSL_CTX_free(ctx);
- return NULL;
- }
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
- log_crypto_err("could not set SSL_OP_NO_SSLv3");
- SSL_CTX_free(ctx);
- return NULL;
- }
if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
log_err("error for cert file: %s", pem);
log_crypto_err("error in SSL_CTX use_certificate_file");
log_crypto_err("could not allocate SSL_CTX pointer");
return NULL;
}
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) {
- log_crypto_err("could not set SSL_OP_NO_SSLv2");
- SSL_CTX_free(ctx);
- return NULL;
- }
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) {
- log_crypto_err("could not set SSL_OP_NO_SSLv3");
- SSL_CTX_free(ctx);
- return NULL;
- }
if(key && key[0]) {
if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
log_err("error in client certificate %s", pem);
projects / apple / network_cmds.git / commitdiff
