There are cases where binding to source IP and
destination IP is insufficient to guarantee sane
xmit netdev.
One case where this can fail is when
route-matching netdev carrier is down (cable
unplugged, wifi disconnected), or the netdev is
admin down. Then all the IP based bindings (bind()
+ connect()) will seemingly succeed but the actual
packet can go out through a default gw path.
Depending on the network this happens on
it can create issues or false alarms. It can
also leak some subnet info across networks that
shouldn't be routed.
As such better be safe than sorry and bind to a
netdev to be sure it's used for xmit.
function old new delta
udhcp_send_kernel_packet 293 336 +43
send_packet 182 188 +6
bcast_or_ucast 37 43 +6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 55/0) Total: 55 bytes
Signed-off-by: Michal Kazior <michal@plume.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Do not pass "from" and "to" addresses as parameters, keep them in globals
function old new delta
common_traceroute_main 3426 3391 -35
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Do not byteswap ident (why we were doing it?)
function old new delta
common_traceroute_main 3544 3426 -118
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Use decode_base64() from uuencode.c when uudecode/base64 applets are included.
That function is bigger than httpd's decodeBase64(), so we use the old one when
those applets are disabled. Bloat-o-meter when one of those is enabled:
function old new delta
handle_incoming_and_exit 2371 2265 -106
Signed-off-by: Xabier Oneca <xoneca@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This adds support for fwmark/fwmask in ip rule which is needed, for example, in
OpenWrt's mwan3. Masks are supported since Linux 2.6.19.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11621
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
"error: taking address of packed member of 'struct ip_udp_dhcp_packet'
may result in an unaligned pointer value" here:
udhcp_dump_packet(&packet.data);
and in other places.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If server responds with ETag then next time client can resend it via If-None-Match header.
Then httpd will check if file wasn't modified and if not return 304 Not Modified status code.
The ETag value is constructed from file's last modification date in unix epoch and it's size:
"hex(last_mod)-hex(file_size)" e.g. "5e132e20-417" (with quotes).
That means that it's not completely reliable as hash functions but fair enough.
The same form of ETag is used by Nginx so load balancing of static content is safe.
function old new delta
handle_incoming_and_exit 2135 2201 +66
http_response 88 96 +8
send_headers 676 683 +7
parse_conf 1362 1365 +3
http_response_type 22 24 +2
send_file_and_exit 847 841 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 5/1 up/down: 86/-6) Total: 80 bytes
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The Last-Modified header is used for caching.
The client (browser) will send back the received date to server via If-Modified-Since request header.
But both headers MUST be an RFC 1123 formatted string.
And the formatting consumes resources on request parsing and response generation.
Instead we can use ETag header.
This simplifies logic and the only downside is that in JavaScript the document.lastModified will return null.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
RFC 2616 sec. 14.18 says that server MUST send Date header.
But in fact the header make sense only for Cache-Control and can be omitted.
In the same time the Date eats power, CPU and network resources which are critical for embedded systems.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
HTTP v1.1 was released in 1999 year and it's time to update BB HTTPD.
Browsers may behave badly with HTTP/1.0
E.g. Chrome does not send the If-None-Match header with ETag.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
PLATFORM_LINUX is a hidden configuration option which is disabled by
default and enabled at over a hundred locations for features that are
deemed to be Linux specific.
The only effect of PLATFORM_LINUX is to control compilation of
libbb/match_fstype.c. This file is only needed by mount and umount.
Remove all references to PLATFORM_LINUX and compile match_fstype.c
if mount or umount is enabled.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Duplicate options are currently overridden (only the last option is kept).
This leads to unexpected behavior when using long options.
The patch adds support for long options in compliance with RFC 3396.
Fixes#13136.
function old new delta
udhcp_run_script 601 725 +124
optitem_unset_env_and_free - 38 +38
putenvp 46 59 +13
static.xmalloc_optname_optval 718 717 -1
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/1 up/down: 175/-1) Total: 174 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The "noprefixroute" option suppresses automatic generation of a routing
table entry based on the interface's ip address.
The ifa_flags field has only 8 bit. If higher bits are set,
rta_tb[IFA_FLAGS] has to be used instead.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Remove new lines \n and some semicolons ;. This minimize page style size from 655 to 604
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Patch by Baruch Burstein <bmburstein@gmail.com>
function old new delta
parse_pasv_epsv 153 181 +28
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
dname_dec: now iterates over the packet only once.
convert_dname: remove redundant checks and code shrink.
While testing I've noticed that some of the tests didn't compile
properly, so I fixed them.
function old new delta
dname_dec 286 267 -19
dname_enc 166 143 -23
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-42) Total: -42 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fill_envp now iterates over the packet only once instead of a few hundred times
using the new option scanner.
function old new delta
udhcp_scan_options - 189 +189
putenvp - 46 +46
init_scan_state - 22 +22
udhcp_get_option 227 104 -123
udhcp_run_script 835 601 -234
------------------------------------------------------------------------------
(add/remove: 3/0 grow/shrink: 0/2 up/down: 257/-357) Total: -100 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Added an option scanner to udhcp to enable iteration over packet options.
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit d1b75e184 (httpd: permit non-default home directory with NOMMU
enabled) only works when used with the '-f' (foreground) option.
When '-f' isn't specified and NOMMU is enabled bb_daemonize_or_rexec()
is called to daemonize the server. Since the server process has been
re-execed the previous patch results in the xchdir() not being called.
Fix this by resetting the re_execed variable in this case.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Incorporated valid_domain_label into good_hostname to simplify the implementation.
function old new delta
static.xmalloc_optname_optval 973 958 -15
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-15) Total: -15 bytes
text data bss dec hex filename
993144 16915 1872 1011931 f70db busybox_old
993129 16915 1872 1011916 f70cc busybox_unstripped
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When ENABLE_FEATURE_WGET_OPENSSL is enabled, correctly implement TLS
verification by default. And only ignore verification errors, if
--no-check-certificate was passed.
Also note, that previously OPENSSL implementation did not implement
TLS verification, nor printed any warning messages that verification
was not performed.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1879533
CVE-2018-1000500
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When BusyBox is compiled with NOMMU enabled running httpd with
the '-h' option fails even if the specified directory exists:
$ ls -d www
www
$ busybox httpd -fvvvp 8080 -h www
...
... try to access http://localhost:8080/www
...
httpd: can't change directory to 'www': No such file or directory
The parent process executes xchdir("www"). When a connection is accepted
it's handled by re-executing httpd in inetd mode. The child process
inherits the current directory "www" and tries to change directory again
to "www", which fails.
Omit the call to xchdir() when httpd is re-executed.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> 2018-07-25:
> ntpd: increase MIN_FREQHOLD by 3
> This means we'll start correcting frequency ~5 minutes after start,
> not ~3.5 ones.
> With previous settings I still often see largish ~0.7s initial offsets
> only about 1/2 corrected before frequency correction kicks in,
> resulting in ~200ppm "correction" which is then slowly undone.
Review of real-world results of the above shows that with small
initial offsets, freq correction can be allowed to kick in sooner,
whereas with large (~0.8s) offsets, we still start freq correction
a bit too soon.
Let's rebalance this a bit.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add support for querying and parsing SRV DNS records.
function old new delta
send_queries 1711 1865 +154
qtypes 72 80 +8
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Under some circumstances, a DNS reply might contain no resource records,
e.g. when a valid domain is queried that does not have records of the
requested type.
Example with nslookup from BIND dnsutils:
$ nslookup -q=SRV example.org
Server: 10.11.12.13
Address: 10.11.12.13#53
Non-authoritative answer:
*** Can't find example.org: No answer
Currently the busybox nslookup applet simply prints nothing after the
"Non-authoritative answer:" line in the same situation.
This change modifies nslookup to either print "Parse error" or "No answer"
diagnostics, depending on the parse_reply() return value.
function old new delta
send_queries 1676 1711 +35
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> I'm trying to connect to a Korenix 3005 switch through telnet
> for management purposes, and all is well except for the backspace character
> - seems like my switch doesn't handle it too well and instead of erasing
> the last character all it does is print some garbage to the screen.
> I've had the same issue before while using putty, but saw a solution that
> suggests to enable "Telnet special commands" in the options menu, and it
> worked.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The following caused udhcpc to segfault:
busybox udhcpc -i lo -s /dev/null -x 0x3d:
function old new delta
udhcp_str2optset 629 641 +12
Signed-off-by: Michal Kazior <michal@plume.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The output of the command "route -n -A inet6" may be corrupted
due to partially initialized structure snaddr6 in the function
INET6_displayroutes.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some hosting services like sourceforge perform a lot of relocations
before actually serving the file. Example of current limitation:
busybox wget http://sourceforge.net/projects/fluxbox/files/fluxbox/1.3.7/fluxbox-1.3.7.tar.xz
Connecting to sourceforge.net (216.105.38.13:80)
Connecting to sourceforge.net (216.105.38.13:443)
Connecting to sourceforge.net (216.105.38.13:443)
Connecting to sourceforge.net (216.105.38.13:443)
Connecting to downloads.sourceforge.net (216.105.38.13:443)
wget: too many redirections
Signed-off-by: David Demelier <markand@malikania.fr>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Back in 2007, commit 0c97c9d437 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().
This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.
Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.
This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.
The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):
Arm: -92 bytes
MIPS: -52 bytes
PPC: -1836 bytes
x86_64: -938 bytes
Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Resolved a TODO by adding support for gateway_nip parameter.
function old new delta
udhcp_run_script 792 835 +43
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map"
text data bss dec hex filename
952537 485 7296 960318 ea73e busybox_old
952527 485 7296 960308 ea734 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
gcc accepts
__asm__ ( "" : : : "%cc");
but cc is not a real register and clang does not like it.
networking/tls_pstm_montgomery_reduce.c:385:4: error: unknown register name '%cc' in asm
| INNERMUL;
| ^
The % syntax nominally goes before a register, in this case cc,
like "memory" isn't a true register it's just a way of specifying that
the condition code registers for the target are clobbered
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Between Busybox 1.24.2 and 1.25.0 the bb_info_msg() function was
eliminated and calls to it changed to be bb_error_msg(). The downside of
this is that daemons now log all messages to syslog at the LOG_ERR level
which makes it hard to filter errors from informational messages.
This change optionally re-introduces bb_info_msg(), controlled by a new
option FEATURE_SYSLOG_INFO, restores all the calls to bb_info_msg() that
were removed (only in applets that set logmode to LOGMODE_SYSLOG or
LOGMODE_BOTH), and also changes informational messages in ifplugd and
ntpd.
The code size change of this is as follows (using 'defconfig' on x86_64
with gcc 7.3.0-27ubuntu1~18.04)
function old new delta
bb_info_msg - 182 +182
bb_vinfo_msg - 27 +27
static.log7 194 198 +4
log8 190 191 +1
log5 190 191 +1
crondlog 45 - -45
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 3/0 up/down: 215/-45) Total: 170 bytes
If you don't care about everything being logged at LOG_ERR level
then when FEATURE_SYSLOG_INFO is disabled Busybox actually gets smaller:
function old new delta
static.log7 194 200 +6
log8 190 193 +3
log5 190 193 +3
syslog_level 1 - -1
bb_verror_msg 583 581 -2
crondlog 45 - -45
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/1 up/down: 12/-48) Total: -36 bytes
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Pass the Authorization header to CGI if not of type Basic. This will
make it possible for CGI to verify authorization headers of type
Bearer <token>.
function old new delta
handle_incoming_and_exit 2370 2379 +9
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Today for gzipped content httpd is using a header with name
Transfer-Length. However I can't find a header with that name in the
standards. Instead use Content-Length.
function old new delta
.rodata 157940 157936 -4
send_headers 980 939 -41
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-45) Total: -45 bytes
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Set up environment variables before running the CGI script.
The variables will be named HTTP_<filtered_name> where the <filtered_name>
is the header name capitalized and all characters not matching
[a-z] | [A-Z] | [0-9] replaced with '_'.
function old new delta
http_response 80 88 +8
http_response_type 20 22 +2
send_headers 718 715 -3
parse_conf 1481 1478 -3
get_line 128 110 -18
cgi_io_loop_and_exit 599 569 -30
send_cgi_and_exit 882 738 -144
handle_incoming_and_exit 2793 2592 -201
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/6 up/down: 10/-399) Total: -389 bytes
text data bss dec hex filename
982178 485 7296 989959 f1b07 busybox_old
981675 485 7296 989456 f1910 busybox_unstripped
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The proxying is documented as follows:
P:/url:[http://]hostname[:port]/new/path
Howeverm urlcopy is not a true copy anymore when it is fdprint'ed
to proxy_fd, this is because percent_decode_in_place() is called
after the copy is created.
This breaks reverse proxying all URIs containing percent
encoded spaces, e.g. - because a decoded URI will be printed out
to proxy_fd instead of the original.
The fix keeps the logic in place to canonicalize the uri first,
before reverse proxying (one could argue that the uri
should be proxied completely unaltered, except for the prefix
rewrite).
function old new delta
handle_incoming_and_exit 2752 2792 +40
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Support for the IEEE timezone string and timezone database strings (100
and 101 options respectively) is added for ipv4, conforming to RFC-4833.
The two options are passed to hook scripts in the variables tzstr and
tzdbstr.
function old new delta
dhcp_option_strings 280 294 +14
dhcp_optflags 76 80 +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 18/0) Total: 18 bytes
Signed-off-by: Antoine Girard-Vallée <antoine.girard-vallee@savoirfairelinux.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
ipaddress.c: In function ‘ipaddr_list_or_flush’:
ipaddress.c:427:6: warning: variable ‘no_link’ set but not used [-Wunused-but-set-variable]
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Fixed a TODO in AYT IAC handling by replying back with a NOP.
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit db169f2538 breaks the "ip -o link"
command, no output is displayed.. Fix by only excluding the link info if
in oneline mode and if the address family is not AF_PACKET.
function old new delta
ipaddr_list_or_flush 1232 1202 -30
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Currently, running "udhcpc -n -b" causes udhcpc to go to background and
then exit after some time unless a lease is obtained.
It's not very useful to do so
as the calling process doesn't know
if the lease was obtained or not anyway.
The code actually tries to favor "-b" over "-n",
but doesn't clear "-n" flag while clearing "-b" after backgrounding.
So, clear "-n" flag after going into background.
This effectively makes "-b" override "-n" completely
and "-n -b" behave the same as "-b".
This allows to override default "-n" option, passed to udhcpc by ifupdown,
without recompiling busybox.
URL: https://bugs.busybox.net/11691
Signed-off-by: Andrey Mazo <ahippo@yandex.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The proto has to be passed in network byte-order.
While at it allow for
ip link add link eth0 name eth0.2.24 type vlan proto 802.1ad id 24
ip link del link eth0 name eth0.2.24 type vlan proto 802.1ad id 24
The del was lacking a dev_str and thus errored out. Fix by using
name/dev counterpart as fallback.
The proto identifier 802.1Q was not recognized, just it's lowercase
variant, fix that too.
function old new delta
do_add_or_delete 1275 1376 +101
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/0 up/down: 101/0) Total: 101 bytes
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
When printing notification on download start and end,
mistakenly, it didn't respect the quiet option
function old new delta
retrieve_file_data 561 579 +18
wget_main 2432 2437 +5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 23/0) Total: 23 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The real telnet provides some feedback:
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
We should do this to, because people are sitting there and think
a firewall is dropping packets.
function old new delta
telnet_main 1270 1279 +9
Signed-off-by: Danijel Tasov <m@rbfh.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When using -o to file the progress meter is not displayed, so write that
we started the download and that we finished it.
function old new delta
retrieve_file_data 465 561 +96
wget_main 2412 2432 +20
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 116/0) Total: 116 bytes
text data bss dec hex filename
979022 485 7296 986803 f0eb3 busybox_old
979224 485 7296 987005 f0f7d busybox_unstripped
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>