emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Commit Graph

  • 6f6aad211e Documentation update. Nicholas J. Kain 2015-01-10 18:34:51 -05:00
  • 9f87bd8b30 udp_checksum(): Clamp the value of the UDP packet header length. Nicholas J. Kain 2015-01-06 07:07:08 -05:00
  • 6548b5ce54 get_raw_packet(): Perform the UDP checksum after the packet length checks. Nicholas J. Kain 2015-01-06 04:32:58 -05:00
  • c8dcf5a06b Make sure that received DHCP packets have a valid options end marker. Nicholas J. Kain 2015-01-06 04:02:52 -05:00
  • 94c107d465 Make sure all sockets are set NONBLOCK so that writes do not block. Nicholas J. Kain 2014-08-19 11:09:59 -04:00
  • 12114c9bae Add more explicit length checks for get_raw_packet. Nicholas J. Kain 2014-07-25 20:34:01 -04:00
  • 2518e0a2bc Use SO_LOCK_FILTER to ensure that BPF filters cannot be removed once attached. Nicholas J. Kain 2014-06-13 22:37:37 -04:00
  • 56e30a0923 Fix the return value for nlmsg_get_error(). Nicholas J. Kain 2014-06-13 22:35:57 -04:00
  • ae03b6dd8f Move the ip checksum code out to ncmlib. Nicholas J. Kain 2014-06-08 20:34:34 -04:00
  • 4a083d3367 get_dhcp_opt() didx argument should be passed as a reference rather than relying on the caller re-assigning to didx. The previous didx += get_dhcp_opt(...) was wrong and should have used =. Nicholas J. Kain 2014-05-10 21:32:15 -04:00
  • 99e21004ea arp_min_close_fd() will always force the arp fd to be equal to -1, so there is no need to check force_reopen twice. Nicholas J. Kain 2014-05-10 21:13:24 -04:00
  • 3721cc926b Documentation updates. Nicholas J. Kain 2014-04-24 18:29:52 -04:00
  • 6af0d26351 Remove the obsolete init script for Gentoo's network configuration system. Nicholas J. Kain 2014-04-24 18:24:00 -04:00
  • 2420bed259 Accept no command line arguments without error. Nicholas J. Kain 2014-04-21 12:04:13 -04:00
  • dbc91b0811 Background option in config files should be a boolval rathe than a value. Nicholas J. Kain 2014-04-21 09:02:58 -04:00
  • 034e2bb1db When sockd transfers a file descriptor to ndhc, close the fd in sockd. Since the transfer is conceptually a move, this is the correct thing to do and prevents sockets from spuriously hanging around forever and eventually exhausting the per process limit on fds. Nicholas J. Kain 2014-04-17 11:04:00 -04:00
  • 07cbd88049 Just use raw sockets for listening to DHCP requests. A UDP SO_BROADCAST socket was previously used only for receiving RENEWING packets, and it added needless complexity and was somewhat fragile. Nicholas J. Kain 2014-04-16 01:00:36 -04:00
  • ca85a6ba9f Style cleanups in dhcp.c. Nicholas J. Kain 2014-04-16 00:24:40 -04:00
  • d8260b4e63 Print an error message when bind() fails when creating a UDP socket in sockd. Nicholas J. Kain 2014-04-16 00:24:13 -04:00
  • 0884d96d1e PR_SET_PDEATHSIG is not fully reliable, so instead maintain a pair of AF_UNIX SOCK_STREAM sockets between the master processes and each subprocess, and poll for the HUP event. Nicholas J. Kain 2014-04-15 23:19:24 -04:00
  • e526adce19 Make the signal handling code use safe_read() and unify ifchd and sockd signals code. Nicholas J. Kain 2014-04-15 20:55:13 -04:00
  • baa394af9a UDP listen sockets should be requested with 'U' instead of 'u'. Nicholas J. Kain 2014-04-15 20:54:35 -04:00
  • b3578737df Update the Makefile to build cfg.c from cfg.rl. Nicholas J. Kain 2014-04-15 20:50:54 -04:00
  • b00444ab8b Bound the subprocess lifetime using prctl(PR_SET_PDEATHSIG, ...). Nicholas J. Kain 2014-04-15 18:01:01 -04:00
  • b3ce601f20 state.c: Print error messages if we fail to send DHCP packets. Nicholas J. Kain 2014-04-15 17:59:15 -04:00
  • 18604c5245 get_udp_unicast_socket() needs to have the client address as an argument when sending the request to sockd. Nicholas J. Kain 2014-04-15 17:55:28 -04:00
  • a9055b5ca5 Update more message prints to prefix with the interface name. Nicholas J. Kain 2014-04-15 15:24:22 -04:00
  • 58b4ba768c If the IP header length does not match the size of the UDP packet received via the raw socket, print both lengths in the warning message. Nicholas J. Kain 2014-04-15 15:23:52 -04:00
  • 730e5ef310 setpgid() can return EPERM if we are already a process group leader. Nicholas J. Kain 2014-04-15 15:02:20 -04:00
  • e5834da6d3 Permit sendmsg in the seccomp syscall whitelist for all daemons. Nicholas J. Kain 2014-04-15 14:57:07 -04:00
  • b5f0ccd88d In cfg.rl, when performing clear action, don't clear the cs member in ccfg. Nicholas J. Kain 2014-04-15 14:56:35 -04:00
  • a777766cc6 Fix stupid typo in ndhc.c that would cause the clientid option to corrupt the start of the hostname option if both were specified. Nicholas J. Kain 2014-04-15 14:55:50 -04:00
  • 8a9fbb6f09 Documentation updates. Nicholas J. Kain 2014-04-14 18:32:08 -04:00
  • 74ad01a086 Update the manual page. Nicholas J. Kain 2014-04-14 15:52:39 -04:00
  • a501789e04 Parse config options with ragel and support a configuration file. Nicholas J. Kain 2014-04-14 15:06:31 -04:00
  • 51033d3664 Detect the glibc version in CMake and link librt if it is required. Nicholas J. Kain 2014-04-07 19:14:31 -04:00
  • d267c2c44b Use the raw capability interface via updated ncmlib rather than linking to libcap. Nicholas J. Kain 2014-04-07 15:05:34 -04:00
  • bb1ff7a506 arp.c: Make logging messages print the associated interface name. Nicholas J. Kain 2014-04-07 04:43:21 -04:00
  • 74678ef510 Use safe_recvmsg(). Nicholas J. Kain 2014-04-07 04:22:32 -04:00
  • 6804be2277 Use safe_sendto where necessary, and check for short writes. Nicholas J. Kain 2014-04-07 04:15:02 -04:00
  • 650da6a7fd Add recvfrom to the seccomp syscall whitelist. Nicholas J. Kain 2014-04-07 03:54:30 -04:00
  • cab9162d8d Remove socketpair from the seccomp syscall filter whitelist. Nicholas J. Kain 2014-04-07 03:44:53 -04:00
  • 5fa2030bab Use a socketpair rather than a pair of pipes for communication between ndhc and ifch, similar to sockd. A single pipe is also maintained so that SIGPIPE can bound the lifetime of an orphaned ifch process. Nicholas J. Kain 2014-04-07 03:44:02 -04:00
  • e2ee728982 Consolidate all of the global static variables in arp.c into a single struct, and use booleans where appropriate. Nicholas J. Kain 2014-04-06 22:12:31 -04:00
  • a86363f248 Create a new process ID group for ndhc. Nicholas J. Kain 2014-04-06 22:07:12 -04:00
  • b761889025 Move source from ndhc/ to src/ since ifchd is no longer a separate program. Nicholas J. Kain 2014-04-06 16:57:06 -04:00
  • b511d45c2f Change most error comparisons from == -1 to < 0. Some were not changed, as the different negative values equate to different errors. Nicholas J. Kain 2014-04-06 06:33:14 -04:00
  • c03be059f5 writeordie() was buggy; delete the == 1 which makes no sense. Nicholas J. Kain 2014-04-06 06:31:40 -04:00
  • 3d76fbeedc Make sure that all safe_* return values use ssize_t. Nicholas J. Kain 2014-04-06 06:24:13 -04:00
  • 745e9e8923 If we encounter read errors reading the duid or iaid after successfully opening the file, print an error and exit. Nicholas J. Kain 2014-04-06 06:06:53 -04:00
  • 7b0db5b8d3 arp.c: If the safe_read that fetches arp responses encounters a return of -1 with errno == EAGAIN or EWOULDBLOCK, then report the error, as it should never happen given that the function is called only once after polling for ready-reads. Nicholas J. Kain 2014-04-06 06:02:03 -04:00
  • 8b4c7f05b2 arp.c: Check for < 0 for invalid fds and function errors instead of == -1. Nicholas J. Kain 2014-04-06 05:54:21 -04:00
  • 8af6bee46d arp_switch_state() was far too confusing and buggy. Pass the target state as an argument, and only switch the global state after a change is successfully made. Nicholas J. Kain 2014-04-06 05:51:52 -04:00
  • 1e52914f2e Remove a lot of permitted syscalls from the seccomp filter list. Nicholas J. Kain 2014-04-06 05:21:56 -04:00
  • 812912126e ifch doesn't need to save a pidfile because its lifetime is strictly bounded by that of ndhc by the shared pipe, so remove that option. Nicholas J. Kain 2014-04-06 02:27:52 -04:00
  • 6b1d422d6f arp_min_close_fd() and arp_close_fd() can return void. Nicholas J. Kain 2014-04-05 23:40:18 -04:00
  • 1c30247c36 arp_reopen_fd() can be return void. Nicholas J. Kain 2014-04-05 23:37:44 -04:00
  • 6750209e12 Have sockd apply BPF filters to ARP sockets. Nicholas J. Kain 2014-04-05 21:39:27 -04:00
  • 5212e0dfc5 Switch to using a socket for ndhc/sockd IPC so that fd passing works. Nicholas J. Kain 2014-04-05 05:25:56 -04:00
  • 9622640698 Add command line help for the sockd-user option. Nicholas J. Kain 2014-04-05 05:23:37 -04:00
  • ef51971a6d Update to latest ncmlib privilege.[ch]. Nicholas J. Kain 2014-04-05 05:23:18 -04:00
  • 09d6f7dfb8 Introduce a ndhc-sockd daemon that separates out the remaining elevated capabilities from the ndhc master process. Nicholas J. Kain 2014-04-04 04:12:25 -04:00
  • 65c3cd4fd9 Make many more logging prints specify the interface and function, and make the return checks for safe_(read|write) stricter. Nicholas J. Kain 2014-04-04 04:01:49 -04:00
  • 2200b68aff Print a warning if the BPF is not installed for an ARP socket. Nicholas J. Kain 2014-04-04 03:55:32 -04:00
  • dc2ac46fd4 Update to latest ncmlib and remove some dead preprocessor defines. Nicholas J. Kain 2014-03-31 16:06:41 -04:00
  • 2f54ff75f3 Use nk_uidgidbyname(). Nicholas J. Kain 2014-03-30 22:18:04 -04:00
  • 2d8654ae59 Update copyright dates. Nicholas J. Kain 2014-03-30 17:23:35 -04:00
  • 1abf8462d3 Convert logging messages to suicide() where appropriate and clean up the logging messages a bit. Nicholas J. Kain 2014-03-30 17:21:27 -04:00
  • 82d9682ed8 Update to latest ncmlib changes. Nicholas J. Kain 2014-03-30 17:02:48 -04:00
  • abda60e0e9 Remove unused defines. Nicholas J. Kain 2014-03-28 11:17:52 -04:00
  • 1b6b52d2eb Don't background the daemon by default. Process supervision is finally catching on and becoming the norm. Nicholas J. Kain 2014-03-28 00:12:33 -04:00
  • 704e414171 Add nl_sendgetaddr and nl_sendgetaddrs variants for v4/v6. Nicholas J. Kain 2014-03-28 00:09:53 -04:00
  • 77ce7b9a6c printf 'hh' length modifier is a gnu extension. Don't use it. Nicholas J. Kain 2014-03-25 05:27:47 -04:00
  • 00e7e2a61b Remove an implicit narrowing cast from void* in nl.h. Nicholas J. Kain 2014-03-24 09:55:55 -04:00
  • 4b92b10f32 ifch doesn't need chmod or unlink whitelisted for seccomp-filter. Nicholas J. Kain 2014-03-22 23:39:50 -04:00
  • 71db577ed5 Replace the remaining calls to rand() with nk_random_u32(). Nicholas J. Kain 2014-03-22 02:08:23 -04:00
  • 009f80b428 x86 has a slightly different syscall interface, so some changes are necessary for the seccomp filters to work. Nicholas J. Kain 2014-03-22 01:32:55 -04:00
  • 22dcfc00ee Enable seccomp-filter if CMake detects that host is x86_64 or x86. Nicholas J. Kain 2014-03-21 23:52:15 -04:00
  • 2d79465eed Enforce field width for MAC address prints. Nicholas J. Kain 2014-03-21 21:29:25 -04:00
  • ab68966442 ifchange.c: Fix ifcmd_iplist so that it works properly. Nicholas J. Kain 2014-03-20 23:50:58 -04:00
  • 6cfb1eb340 duiaid.c: Fix trivial errors found from testing so that it works. Nicholas J. Kain 2014-03-20 23:26:19 -04:00
  • a73a28588f Factor out copy_cmdarg() to common ncmlib header. Nicholas J. Kain 2014-03-20 05:25:40 -04:00
  • f365498188 Convert the remaining strnk* calls to use snprintf instead, and make sure to detect truncations and failures in all cases. Nicholas J. Kain 2014-03-20 04:07:12 -04:00
  • daadae0bf5 Switch to using snprintf in dhcp.c and ifch.c so that truncations can be easily detected. Nicholas J. Kain 2014-03-19 19:32:45 -04:00
  • f5281ee7ab ifchange.c: inet_ntop won't fail so long as we always use a statically determined valid address family and sufficiently long destination buffer. Nicholas J. Kain 2014-03-19 19:14:38 -04:00
  • fa801fbec4 ifchange.c doesn't need strl.h included anymore. Nicholas J. Kain 2014-03-19 06:42:39 -04:00
  • 17f1889d4d ifchd_cmd() had a lot of helper macros that were more obfuscating than helpful. Remove them. Nicholas J. Kain 2014-03-19 06:40:42 -04:00
  • db6169e099 Rename ifchd_cmd_* to ifcmd_*. Nicholas J. Kain 2014-03-19 06:34:29 -04:00
  • 4b78acb65a Remove an intermediate buffer in options.c after all of the functions operating on that buffer now always leave the buffer so that it has a valid list of commands. Nicholas J. Kain 2014-03-19 06:32:13 -04:00
  • 2de848f2c7 If the snprintf in ifcmd_raw() fails, then we can restore the buffer to its original state by zeroing out the data that was appended to the buffer by the failed snprintf. Nicholas J. Kain 2014-03-19 06:14:50 -04:00
  • a2e8136bc9 options.c: Rewrite the ifchd_cmd_* options command generation functions. Nicholas J. Kain 2014-03-19 06:07:01 -04:00
  • 89d4649439 options.c: Conditionalize some functions to only be compiled for ndhs, as ndhc does not use them. Nicholas J. Kain 2014-03-19 06:00:45 -04:00
  • 861ab28186 Reduce the scope of a static variable, and zero-initialize a structure just to satisfy cppcheck even though it should be safe. Nicholas J. Kain 2014-03-19 06:00:08 -04:00
  • 597c858f44 duiaid.c: Trivial style cleanups. No functional change. Nicholas J. Kain 2014-03-19 05:58:29 -04:00
  • e188658c4c Store the leasefile in the state directory by default, since a state directory is now the normal mode of operation because of RFC4361. Nicholas J. Kain 2014-03-19 04:12:24 -04:00
  • b1e1ccf7c3 Add support for setting the metric for the default GW route. Nicholas J. Kain 2014-03-19 01:13:11 -04:00
  • ce99b0a6d7 Update documentation and add '-s' switch to change the state directory. Nicholas J. Kain 2014-03-19 00:46:54 -04:00
  • 15598c9207 Support RFC4361. Nicholas J. Kain 2014-03-19 00:42:32 -04:00
  • aad83608d1 Add a lot of const annotations to options.[ch]. Nicholas J. Kain 2014-03-18 03:38:32 -04:00
  • cd269c7261 Make ndhc RFC6842-compliant. Nicholas J. Kain 2014-03-18 03:13:51 -04:00