Nicholas J. Kain
62d69e1909
Lists of IPs should be comma-separated rather than semicolon or
...
space-separated.
2013-05-10 13:46:58 -04:00
Nicholas J. Kain
1fc06c6e4f
ifchd: Print NYI messages to log if we received a command where the handler
...
is not yet implemented.
2013-05-10 13:45:09 -04:00
Nicholas J. Kain
cb261be045
ndhc: Subnet option is an ip, not an iplist.
2013-05-10 13:44:31 -04:00
Nicholas J. Kain
bf3de7f310
Teach the Makefile how to handle Ragel, too.
2013-05-08 09:08:47 -04:00
Nicholas J. Kain
6654ad1300
ncmlib should be tracked as an external repo.
2013-05-08 08:14:23 -04:00
Nicholas J. Kain
3d6e3a2610
Update the log file printing.
2013-05-08 08:11:15 -04:00
Nicholas J. Kain
4c52accd62
Fix the syscall whitelist to permit syscalls needed to properly log via
...
glibc syslog.
2013-05-08 08:10:57 -04:00
Nicholas J. Kain
f8773742c9
ncmlib: Cosmetic cleanups to chroot.c.
2013-05-08 06:58:55 -04:00
Nicholas J. Kain
f78ea70d71
Ifchd: Convert some tabs to spaces.
2013-05-08 06:37:33 -04:00
Nicholas J. Kain
3640c5bbf0
Ifchd: Print out log messages when commands are successfully dispatched.
2013-05-08 06:36:20 -04:00
Nicholas J. Kain
b7e6f59fc7
Use a Ragel-generated DFA parser for ifchd command dispatch.
2013-05-08 06:27:22 -04:00
Nicholas J. Kain
930b92a268
Remove strlc(at|py).
2013-05-06 07:32:02 -04:00
Nicholas J. Kain
958a57d819
Convert to using strnkc(at|py).
2013-05-06 07:07:54 -04:00
Nicholas J. Kain
7ab11e8295
Add strnkcpy() and strnkcat(). These are similar to strlcpy and strlcat,
...
but simply return a bool indicating whether the destination received
a truncated copy of the source (true if truncation occurs else false).
The change in return value semantics allows these functions to stop
scanning the source string early when truncation occurs, stopping the
program from scanning a possibly arbitrary-length source string.
I rarely use these return values in my own programs, so it won't be
very hard to bulk convert with no risk of regressions.
Further, the different namespace allows me to not depend on the presence
or absence of strlc(py|at) in the standard libraries.
2013-05-06 07:06:33 -04:00
Nicholas J. Kain
f807e10e76
Make the ARP-based lease address collision checks configurable in delay times
...
and number of probes.
2013-02-09 00:30:19 -05:00
Nicholas J. Kain
b8c77a45e8
Bump ndhc version to 1.1.
2012-07-23 13:24:15 -04:00
Nicholas J. Kain
22e5a60671
Drop packet fragments in the BPF program. No compliant stack should fragment
...
DHCP messages anyway, since the IPv4 min MTU is 576 bytes and the max DHCP
message size + IP and UDP headers is less than that, but it is still worth
checking.
2012-07-23 13:18:23 -04:00
Nicholas J. Kain
483ca6752d
Whitelist syscalls provided by vDSO.
2012-07-22 09:49:51 -04:00
Nicholas J. Kain
7d5b6ddc7e
Whitelist clock_gettime() for seccomp. Not necessary so long as vdso
...
is enabled, but otherwise...
2012-07-21 19:46:50 -04:00
Nicholas J. Kain
b53b8585d5
Use clock_gettime(CLOCK_MONOTONIC) instead of time() in ifchd.
...
Standardize license/copyright and version prints.
2012-07-21 14:02:42 -04:00
Nicholas J. Kain
87db9c70fd
Enforce minimum physical MTU in ifchd.
...
Skip zero-length commands in execute_buffer().
2012-07-20 20:37:41 -04:00
Nicholas J. Kain
2bf7306bb9
Add some more syscalls to the ndhc permit filter. Netlink sockets were
...
broken before because of too-strict filters.
Move setup_signals under the seccomp filter to give it more testing coverage.
Make the UDP datagram length check much more strict. If the read buffer
does not match up with the header lengths exactly, it is discarded.
Print a warning to syslog/stdout when ifchd execute_buffer() returns an
error.
Fix a regression introduced in ifchd that would cause the epoll handler to
spin when a client connection closed.
2012-07-20 18:48:26 -04:00
Nicholas J. Kain
f9c2059d37
Quit using malloc entirely in ifchd and reduce buffer copies.
...
This change also modifies the ndhc/ifchd wire protocol slightly. The
new protocol doesn't overload the ':' character as a key:value separator
and a statement separator. Instead ';' is now used as a statement separator.
The new format allows for more robust error-checking and reporting, and it
greatly simplifies the parser. Old versions of ndhc/ifchd will not work
properly with ones compiled after this commit.
The 'domain' and 'search' keywords in resolv.conf updates are now used
more precisely. The first domain in an update is the 'domain', and the
subsequent 5 domains are 'search' domains.
There are also supporting cleanups that pass struct ifchd_client pointers
to functions instead of passing index values.
This commit is large, but it cannot really be broken up into smaller
chunks since the changes are dependent on each other.
2012-07-20 17:31:15 -04:00
Nicholas J. Kain
a60a5fddb1
Remove use of dynamic memory (strlist_t) from linux.c.
2012-07-20 15:17:44 -04:00
Nicholas J. Kain
6e9d856a9d
Code cleanup. Create struct ifchd_client and pull all of the global
...
static arrays that are indexed by the socket slot index into an array
of struct ifchd_clients.
2012-07-20 14:56:17 -04:00
Nicholas J. Kain
c3272f07f4
Update copyright and license print spam.
2012-07-20 09:37:41 -04:00
Nicholas J. Kain
25ce5cceaa
Use seccomp system call filtering if present.
2012-07-20 09:23:18 -04:00
Nicholas J. Kain
f4f9d02afd
Enforce seccomp syscall restrictions when kernel support exists.
2012-07-20 07:05:56 -04:00
Nicholas J. Kain
e990246207
Move nlbuf onto stack and don't share a single buffer for sending
...
and receiving. Move nlportid into client state structure.
2012-04-12 20:06:05 -04:00
Nicholas J. Kain
659aafaec8
Silence new kernel warning introduced in 3.3: 'netlink: 12 bytes leftover
...
after parsing attributes.' RTM_GETLINK messages should have a struct rtattr
as payload.
2012-04-12 04:52:26 -04:00
Nicholas J. Kain
a8a761da14
Shrink stack use of nl_getifdata().
2012-04-03 22:00:47 -04:00
Nicholas J. Kain
93b44ed48d
Tidy up nl_getifdata() a bit. Eliminate some unnecessary local variables,
...
and use NLMSG_LENGTH().
2012-04-03 10:06:00 -04:00
Nicholas J. Kain
a419b85e4f
Typo fix in documentation.
2012-04-03 10:04:58 -04:00
Nicholas J. Kain
c3c76e48d5
Enable stricter warnings on format strings.
2012-04-03 10:04:47 -04:00
Nicholas J. Kain
ed2ffbb862
Constify some invariant structures.
2011-09-17 02:30:52 -04:00
Nicholas J. Kain
071e91941f
Unify options.[ch] with the one used in ndhs.
2011-09-02 02:12:51 -04:00
Nicholas J. Kain
c4b4938a59
Validate that server reply has the client hardware address field set
...
to be equal to our MAC address. Win7 verifies this field, so it should
be safe enough to check it, too.
2011-09-01 23:05:56 -04:00
Nicholas J. Kain
ab4a2e0b97
Switch to using clock_gettime() rather than gettimeofday().
2011-07-31 01:27:59 -04:00
Nicholas J. Kain
45c76dd548
More comment cleanups. Make the DHCP packet field comments more accurate.
2011-07-27 08:03:42 -04:00
Nicholas J. Kain
f864a0317c
Cosmetic cleanups of comments.
2011-07-27 07:49:30 -04:00
Nicholas J. Kain
916ddf10e5
Update documentation: options concatenation is now supported.
2011-07-27 07:43:09 -04:00
Nicholas J. Kain
13f5ab56e2
Rewrite DHCP options parsing to conform to RFC 3396: options concatenation is
...
now fully supported.
2011-07-27 07:39:45 -04:00
Nicholas J. Kain
d7103c887d
Move the length check in ifchd_cmd_str() before the snprintf() call, so that
...
failure cannot leave the ifchd_cmd in a state with unbalanced ':'.
2011-07-27 00:42:16 -04:00
Nicholas J. Kain
7ef7fa8a8d
Fix the return value of ifchd_cmd_str() and correct its length check.
2011-07-27 00:37:11 -04:00
Nicholas J. Kain
17a2403635
Cosmetic fixes.
2011-07-26 06:43:12 -04:00
Nicholas J. Kain
f2618ef79d
Delete a lot of code that is now unused thanks to the previous commit.
2011-07-26 06:24:30 -04:00
Nicholas J. Kain
0431b7d439
Replace the options -> ifchd command code with a much simpler translator.
2011-07-26 06:15:21 -04:00
Nicholas J. Kain
b935180a2f
Just keep a statically constructed options request payload. It's simpler
...
and more compact.
2011-07-26 01:58:05 -04:00
Nicholas J. Kain
d00922df51
Abstract uses of get_option_data() outside of ifchange.c and options.c.
...
The eventual goal is to eliminate uses of get_option_data() in ifchange.c and
will make it a static function in options.c.
2011-07-26 01:04:59 -04:00
Nicholas J. Kain
ea5d472424
Encapsulate all string option additions into options.c. Note that these
...
functions already existed, but were in dhcp.c -- this is just code motion
between compilation units.
2011-07-25 23:48:35 -04:00