emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
361 Commits 1 Branch 0 Tags
84a68001d3a7fb4310de60bb379ed917594e2122
Commit Graph

361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicholas J. Kain
b8c77a45e8 Bump ndhc version to 1.1. 2012-07-23 13:24:15 -04:00
Nicholas J. Kain
22e5a60671 Drop packet fragments in the BPF program. No compliant stack should fragment 
DHCP messages anyway, since the IPv4 min MTU is 576 bytes and the max DHCP
message size + IP and UDP headers is less than that, but it is still worth
checking.
 2012-07-23 13:18:23 -04:00
Nicholas J. Kain
483ca6752d Whitelist syscalls provided by vDSO. 2012-07-22 09:49:51 -04:00
Nicholas J. Kain
7d5b6ddc7e Whitelist clock_gettime() for seccomp. Not necessary so long as vdso 
is enabled, but otherwise...
 2012-07-21 19:46:50 -04:00
Nicholas J. Kain
b53b8585d5 Use clock_gettime(CLOCK_MONOTONIC) instead of time() in ifchd. 
Standardize license/copyright and version prints.
 2012-07-21 14:02:42 -04:00
Nicholas J. Kain
87db9c70fd Enforce minimum physical MTU in ifchd. 
Skip zero-length commands in execute_buffer().
 2012-07-20 20:37:41 -04:00
Nicholas J. Kain
2bf7306bb9 Add some more syscalls to the ndhc permit filter. Netlink sockets were 
broken before because of too-strict filters.

Move setup_signals under the seccomp filter to give it more testing coverage.

Make the UDP datagram length check much more strict.  If the read buffer
does not match up with the header lengths exactly, it is discarded.

Print a warning to syslog/stdout when ifchd execute_buffer() returns an
error.

Fix a regression introduced in ifchd that would cause the epoll handler to
spin when a client connection closed.
 2012-07-20 18:48:26 -04:00
Nicholas J. Kain
f9c2059d37 Quit using malloc entirely in ifchd and reduce buffer copies. 
This change also modifies the ndhc/ifchd wire protocol slightly.  The
new protocol doesn't overload the ':' character as a key:value separator
and a statement separator.  Instead ';' is now used as a statement separator.
The new format allows for more robust error-checking and reporting, and it
greatly simplifies the parser.  Old versions of ndhc/ifchd will not work
properly with ones compiled after this commit.

The 'domain' and 'search' keywords in resolv.conf updates are now used
more precisely.  The first domain in an update is the 'domain', and the
subsequent 5 domains are 'search' domains.

There are also supporting cleanups that pass struct ifchd_client pointers
to functions instead of passing index values.

This commit is large, but it cannot really be broken up into smaller
chunks since the changes are dependent on each other.
 2012-07-20 17:31:15 -04:00
Nicholas J. Kain
a60a5fddb1 Remove use of dynamic memory (strlist_t) from linux.c. 2012-07-20 15:17:44 -04:00
Nicholas J. Kain
6e9d856a9d Code cleanup. Create struct ifchd_client and pull all of the global 
static arrays that are indexed by the socket slot index into an array
of struct ifchd_clients.
 2012-07-20 14:56:17 -04:00
Nicholas J. Kain
c3272f07f4 Update copyright and license print spam. 2012-07-20 09:37:41 -04:00
Nicholas J. Kain
25ce5cceaa Use seccomp system call filtering if present. 2012-07-20 09:23:18 -04:00
Nicholas J. Kain
f4f9d02afd Enforce seccomp syscall restrictions when kernel support exists. 2012-07-20 07:05:56 -04:00
Nicholas J. Kain
e990246207 Move nlbuf onto stack and don't share a single buffer for sending 
and receiving.  Move nlportid into client state structure.
 2012-04-12 20:06:05 -04:00
Nicholas J. Kain
659aafaec8 Silence new kernel warning introduced in 3.3: 'netlink: 12 bytes leftover 
after parsing attributes.' RTM_GETLINK messages should have a struct rtattr
as payload.
 2012-04-12 04:52:26 -04:00
Nicholas J. Kain
a8a761da14 Shrink stack use of nl_getifdata(). 2012-04-03 22:00:47 -04:00
Nicholas J. Kain
93b44ed48d Tidy up nl_getifdata() a bit. Eliminate some unnecessary local variables, 
and use NLMSG_LENGTH().
 2012-04-03 10:06:00 -04:00
Nicholas J. Kain
a419b85e4f Typo fix in documentation. 2012-04-03 10:04:58 -04:00
Nicholas J. Kain
c3c76e48d5 Enable stricter warnings on format strings. 2012-04-03 10:04:47 -04:00
Nicholas J. Kain
ed2ffbb862 Constify some invariant structures. 2011-09-17 02:30:52 -04:00
Nicholas J. Kain
071e91941f Unify options.[ch] with the one used in ndhs. 2011-09-02 02:12:51 -04:00
Nicholas J. Kain
c4b4938a59 Validate that server reply has the client hardware address field set 
to be equal to our MAC address.  Win7 verifies this field, so it should
be safe enough to check it, too.
 2011-09-01 23:05:56 -04:00
Nicholas J. Kain
ab4a2e0b97 Switch to using clock_gettime() rather than gettimeofday(). 2011-07-31 01:27:59 -04:00
Nicholas J. Kain
45c76dd548 More comment cleanups. Make the DHCP packet field comments more accurate. 2011-07-27 08:03:42 -04:00
Nicholas J. Kain
f864a0317c Cosmetic cleanups of comments. 2011-07-27 07:49:30 -04:00
Nicholas J. Kain
916ddf10e5 Update documentation: options concatenation is now supported. 2011-07-27 07:43:09 -04:00
Nicholas J. Kain
13f5ab56e2 Rewrite DHCP options parsing to conform to RFC 3396: options concatenation is 
now fully supported.
 2011-07-27 07:39:45 -04:00
Nicholas J. Kain
d7103c887d Move the length check in ifchd_cmd_str() before the snprintf() call, so that 
failure cannot leave the ifchd_cmd in a state with unbalanced ':'.
 2011-07-27 00:42:16 -04:00
Nicholas J. Kain
7ef7fa8a8d Fix the return value of ifchd_cmd_str() and correct its length check. 2011-07-27 00:37:11 -04:00
Nicholas J. Kain
17a2403635 Cosmetic fixes. 2011-07-26 06:43:12 -04:00
Nicholas J. Kain
f2618ef79d Delete a lot of code that is now unused thanks to the previous commit. 2011-07-26 06:24:30 -04:00
Nicholas J. Kain
0431b7d439 Replace the options -> ifchd command code with a much simpler translator. 2011-07-26 06:15:21 -04:00
Nicholas J. Kain
b935180a2f Just keep a statically constructed options request payload. It's simpler 
and more compact.
 2011-07-26 01:58:05 -04:00
Nicholas J. Kain
d00922df51 Abstract uses of get_option_data() outside of ifchange.c and options.c. 
The eventual goal is to eliminate uses of get_option_data() in ifchange.c and
will make it a static function in options.c.
 2011-07-26 01:04:59 -04:00
Nicholas J. Kain
ea5d472424 Encapsulate all string option additions into options.c. Note that these 
functions already existed, but were in dhcp.c -- this is just code motion
between compilation units.
 2011-07-25 23:48:35 -04:00
Nicholas J. Kain
286548b754 Encapsulate all numeric option additions into options.c. 2011-07-25 23:34:32 -04:00
Nicholas J. Kain
0229373378 Remove the overkill type checking for sent options. 2011-07-25 04:34:14 -04:00
Nicholas J. Kain
31d6d4cd92 Some options are never sent to ifchd, but we unfortunately would need to 
sacrifice type checking to remove them from the options table.  It may
be worth doing that, but I want to audit each call point before.
 2011-07-25 04:26:34 -04:00
Nicholas J. Kain
e4a4c58856 BADOPTION -> BAD 2011-07-25 03:45:05 -04:00
Nicholas J. Kain
8caf9e7d7a Remove support for RFC868 Time Server options. Totally obsolete, and 
ifchd just had empty hooks that never received work messages anyway.

Shorten the names of ifchd commands.  This breaks wire protocol, but
thankfully I haven't released yet!
 2011-07-25 03:39:17 -04:00
Nicholas J. Kain
544a837944 Shrink and reorder the options table. 2011-07-25 03:28:04 -04:00
Nicholas J. Kain
2cb0b9227d Consolidate DHCP option code numbers. 2011-07-25 03:11:47 -04:00
Nicholas J. Kain
77af1d81fe Relicense under New BSD (2-clause) license. I don't see any advantage to 
restricting use unnecessarily, and simple attribution is fine.
 2011-07-25 02:30:57 -04:00
Nicholas J. Kain
7e1e902b34 Share ifchd command defines between ifchd and ndhc. 2011-07-25 02:01:38 -04:00
Nicholas J. Kain
fe85e52a4b Be less harsh to udhcp in HISTORY... there was no better choice among the 
considered options at the time.
 2011-07-24 18:02:25 -04:00
Nicholas J. Kain
7f6721bb82 Pass around the DHCP message type as the literal data, not as a character 
pointer to the matching data in the options field of the DHCP packet.
 2011-07-18 10:47:35 -04:00
Nicholas J. Kain
27081be84f Make netlink action logging messages more consistent: prefix with 'nl: ' and 
always print the actual interface identifier.
 2011-07-18 10:29:36 -04:00
Nicholas J. Kain
19ad80bb57 Minor doc fix. I'm going to keep using libcap. 2011-07-13 04:54:15 -04:00
Nicholas J. Kain
24db573005 Write man pages and do some misc cleanup on old files. 
Add more documentation to the README.
 2011-07-13 02:30:10 -04:00
Nicholas J. Kain
2a1885bab4 Move the objs directory underneath the build directory when building with 
the Makefile.
 2011-07-12 18:45:29 -04:00