Add support for MD5 message authentication as described in RFC 5905.
This patch also supports SHA1 authentication.
The key file format is the same file format as used by ntpd.
The configuration file format follows standard Unix conventions
(# comments) with lines consist of the following fields separated by whitespace:
<key identifier, [1,65535]> <SHA1|MD5> <an ASCII string of up to 20 characters|an octet string [a-zA-F0-9] of up to 40 characters>.
https://www.ietf.org/rfc/rfc5905.txt
function old new delta
ntp_init 473 987 +514
hash - 125 +125
recv_and_process_peer_pkt 889 961 +72
packed_usage 33066 33130 +64
ntpd_main 1226 1277 +51
find_key_entry - 29 +29
add_peers 195 207 +12
recv_and_process_client_pkt 509 514 +5
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 6/0 up/down: 872/0) Total: 872 bytes
Signed-off-by: Brandon P. Enochs <enochs.brandon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Support the "source-directory" stanza from ifupdown[1]. source-directory
will include all files in the named directory. Similar to the Busybox
version of the "source" stanza, this version of source-directory does
not currently support shell wildcards.
We only check that the stanza starts with "source-dir" as ifupdown does[2].
[1] https://manpages.debian.org/stretch/ifupdown/interfaces.5.en.html#INCLUDING_OTHER_FILES
[2] https://salsa.debian.org/debian/ifupdown/blob/0.8.33/config.c#L498
function old new delta
read_interfaces 1150 1241 +91
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The caps were inconsistent: timeout to renew was capped at 20 seconds,
and any renews with timeout <= 60 seconds were forced to broadcast.
function old new delta
udhcpc_main 2683 2680 -3
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Managed to make ntpd on one of my machines to be stuck getting
"root distance too high" all the time, but log is not giving me
more informatin what exactly is happening...
function old new delta
select_and_cluster 1045 1095 +50
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If fgets() returns incomplete string, we replace NUL with
'\n', and then trim() runs on a non-NUL-terminated buffer.
Prevent that.
While at it, bump buffer from 1k to 2k.
function old new delta
query 519 524 +5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
On fast network, I've seen "delay:0.002000" shown for all packets,
thus completely losing information on what real delays are.
The new code is careful to not reject packets with tiny delays
if the delay "grows a lot" but is still tiny:
0.000009 is "much larger" than 0.000001 (nine times larger),
but is still very good small delay.
function old new delta
recv_and_process_peer_pkt 863 889 +26
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This means we'll start correcting frequency ~5 minutes after start,
not ~3.5 ones.
With previos settings I still often see largish ~0.7s initial offsets
only about 1/2 corrected before frequency correction kicks in,
resulting in ~200ppm "correction" which is then slowly undone.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The "fix fetching of https URLs with http proxy" commit
broke the usual http-to-https redirect:
$ wget http://busybox.net/downloads/busybox-1.29.0.tar.bz2
Connecting to busybox.net (140.211.167.122:80)
Connecting to busybox.net (140.211.167.122:443)
wget: server returned error: HTTP/1.1 400 Bad Request
Fixing...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The syntax of public key certificates can be found in RFC 5280 section
4.1. The relevant part of the syntax is the following:
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
... remaining fields omitted ...
}
The version field has a default value of v1. RFC 5280 section 4.1.2.1
says the following:
If only basic fields are present, the version SHOULD be 1 (the value
is omitted from the certificate as the default value); however, the
version MAY be 2 or 3.
To help detect if the version field is present or not, the type of the
version field has an explicit tag of [0]. Due to this tag, if the
version field is present, its encoding will have an identifier octet
that is distinct from that of the serialNumber field.
ITU-T X.690 specifies how a value of such a type should be encoded with
DER. There is a PDF of X.690 freely available from ITU-T. X.690 section
8.1.2 specifies the format of identifier octets which is the first
component of every encoded value. Identifier octets encode the tag of a
type. Bits 8 and 7 encode the tag class. Bit 6 will be 0 if the encoding
is primitive and 1 if the encoding is constructed. Bits 5 to 1 encode
the tag number.
X.690 section 8.14 specifies what the identifier octet should be for
explicitly tagged types. Section 8.14.3 says if implicit tagging is not
used, then the encoding shall be constructed. The version field uses
explicit tagging and not implicit tagging, so its encoding will be
constructed. This means bit 6 of the identifier octet should be 1.
X.690 section 8.14 and Annex A provide examples. Note from their
examples that the notation for tags could look like [APPLICATION 2]
where both the tag class and tag number are given. For this example, the
tag class is 1 (application) and the tag number is 2. For notation like
[0] where the tag class is omitted and only the tag number is given, the
tag class will be context-specific.
Putting this all together, the identifier octet for the DER encoding of
the version field should have a tag class of 2 (context-specific), bit 6
as 1 (constructed), and a tag number of 0.
Signed-off-by: Ivan Abrea <ivan@algosolutions.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Update QoS markers.
Use DSCP AF21 for interactive traffic. DSCP is defined in RFC2474.
Many modern equipment no longer support IPTOS.
Signed-off-by: Codarren Velvindron <codarren@hackers.mu>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This reverts "udhcpc: paranoia when using kernel UDP mode
for sending renew: server ID may be bogus".
Users complain that they do have servers behind routers
(with DHCP relays).
function old new delta
send_packet 168 166 -2
bcast_or_ucast 25 23 -2
udhcp_send_kernel_packet 301 295 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-10) Total: -10 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Kconfig-language.txt was deleted in commit 4fa499a17b back in 2006.
Move to docs/ as suggested by Xabier Oneca:
http://lists.busybox.net/pipermail/busybox/2014-May/080914.html
Also update references to it everywhere.
Signed-off-by: Kartik Agaram <akkartik@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is to avoid parsing garbage past packet's actual end.
Also const-ize params to a few functions.
function old new delta
d6_run_script_no_option - 12 +12
option_to_env 791 798 +7
d6_run_script 253 255 +2
perform_d6_release 95 93 -2
udhcpc6_main 2596 2592 -4
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/2 up/down: 21/-6) Total: 15 bytes
Signed-off-by: David Decotigny <ddecotig@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add support for the PXELINUX options 209 ("ConfigFile") and 210
("PathPrefix") in the DHCPv6 client.
See also: RFC5071, "Dynamic Host Configuration Protocol Options Used by
PXELINUX".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add support for 'bootfile-url' and 'bootfile-params' as defined by
RFC5970 "DHCPv6 Options for Network Boot".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add string_option_to_env() to easily generate environment variables for
known simple options.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
trim() modifies the string in place if needed and returns a pointer to
the end of the resulting string. Update udhcp_str2optset() so it no
longer sets the value of 'val' to the return value of trim().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If server replied with 302 and
Location: ?foo
we used to underflow the allocated space while trying to form the "@foo"
filename. Switch to forming "foo" filename.
function old new delta
packed_usage 32795 32799 +4
parse_url 387 352 -35
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 4/-35) Total: -31 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Usage: nslookup [-type=QUERY_TYPE] [-debug] HOST [DNS_SERVER]
Query DNS about HOST
QUERY_TYPE: soa,ns,a,aaaa,cname,mx,txt,ptr,any
function old new delta
packed_usage 32189 32258 +69
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Instead, simply don't send this header.
On Mon, Apr 2, 2018 at 8:17 PM, xisd <xisd-dev@riseup.net> wrote:
> I had some trouble using busybox httpd to serve a static website and I
> thought the issue might be of interest.
>
> My problem is related to something that seem quite common for static
> site generator : the use of html files without the '.html' extension
> (it is called 'clean url'...)
>
> Most web server guess that these files are html and display them like
> any other .html files.
>
> From what I understood, the MIME type for files without extension in
> busybox htttp default settings is 'application/octet-stream', and
> because of that 'clean url' pages are not displayed.
>
> It is only trouble because I wanted to deploy my website on freshly
> installed linux without editing any configuration.
>
> The default MIME setting make sense to me as it is, I just thought that
> might be worth mentioning since the use of 'clean url' seem to be a
> common practice for static sites generators (the one I use is callled
> 'yellow' (https://github.com/datenstrom/yellow))
>
> Here is a link for the related issue on github :
> https://github.com/datenstrom/yellow/issues/317
function old new delta
send_headers 702 718 +16
send_headers_and_exit 23 20 -3
handle_incoming_and_exit 2794 2791 -3
send_file_and_exit 772 756 -16
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/3 up/down: 16/-22) Total: -6 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When using ifplugd on a RNDIS interface with monitor mode, using
SIOCSIFFLAGS seems to fail with EADDRNOTAVAIL. Treat it the same
as if iface disappeared again.
This has been observed on a Tegra TK1 using Linux 4.14. There seem
to be a race when the kernel is creating the device:
ifplugd(usb0): started: BusyBox v1.24.1 (2018-03-27 09:47:48 CEST)
ifplugd(usb0): interface doesn't exist, waiting
ifplugd(usb0): interface appeared
ifplugd(usb0): upping interface
ifplugd(usb0): setting interface flags failed: Cannot assign requested address
<exit>
With this patch ifplugd is successful in upping the device the second
time around:
ifplugd(usb0): upping interface
ifplugd(usb0): using SIOCETHTOOL detection mode
ifplugd(usb0): interface appeared
ifplugd(usb0): upping interface
ifplugd(usb0): setting interface flags failed: Cannot assign requested address
ifplugd(usb0): interface appeared
ifplugd(usb0): upping interface
ifplugd(usb0): using SIOCETHTOOL detection mode
ifplugd(usb0): link is up
ifplugd(usb0): executing '/etc/ifplugd/ifplugd.usb.action usb0 up'
ifplugd up
ifplugd(usb0): exit code: 0
function old new delta
up_iface 120 127 +7
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Interface may not exist because it got deleted by an ifdown hook script
earlier. This may happen when a virtual interface, such as VLAN, has multiple
iface blocks defined.
function old new delta
static_down6 14 40 +26
static_down 54 70 +16
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 42/0) Total: 42 bytes
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If we don't ask for numerical output, and the symbolic look-up failed
we used to get "(null)", but the numeric output would be better.
function old new delta
ip_port_str 109 121 +12
Signed-off-by: Mark Marshall <mark.marshall@omicronenergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The wrong character was used to indicate options taking an integer
parameter.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
EINTR _should_ only happen on two signals we trap, and safe_poll
_should_ work here just fine, but there were kernel bugs where spurious EINTRs
happen (e.g. on ptrace attach). Be safe.
function old new delta
udhcpd_main 1437 1468 +31
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Fixes:
commit 52a515d187
"udhcp: use poll() instead of select()"
Feb 16 2017
udhcp_sp_read() is meant to check whether signal pipe indeed has some data to read.
In the above commit, it was changed as follows:
- if (!FD_ISSET(signal_pipe.rd, rfds))
+ if (!pfds[0].revents)
return 0;
The problem is, the check was working for select() purely by accident.
Caught signal interrupts select()/poll() syscalls, they return with EINTR
(regardless of SA_RESTART flag in sigaction). _Then_ signal handler is invoked.
IOW: they can't see any changes to fd state caused by signal haldler
(in our case, signal handler makes signal pipe ready to be read).
For select(), it means that rfds[] bit array is unmodified, bit of signal
pipe's read fd is still set, and the above check "works": it thinks select()
says there is data to read.
This accident does not work for poll(): .revents stays clear, and we do not
try reading signal pipe as we should. In udhcpd, we fall through and block
in socket read. Further SIGTERM signals simply cause socket read to be
interrupted and then restarted (since SIGTERM handler has SA_RESTART=1).
Fixing this as follows: remove the check altogether. Set signal pipe read fd
to nonblocking mode. Always read it in udhcp_sp_read().
If read fails, assume it's EAGAIN and return 0 ("no signal seen").
udhcpd avoids reading signal pipe on every recvd packet by looping if EINTR
(using safe_poll()) - thus ensuring we have correct .revents for all fds -
and calling udhcp_sp_read() only if pfds[0].revents!=0.
udhcpc performs much fewer reads (typically it sleeps >99.999% of the time),
there is no need to optimize it: can call udhcp_sp_read() after each poll
unconditionally.
To robustify socket reads, unconditionally set pfds[1].revents=0
in udhcp_sp_fd_set() (which is before poll), and check it before reading
network socket in udhcpd.
TODO:
This might still fail: if pfds[1].revents=POLLIN, socket read may still block.
There are rare cases when select/poll indicates that data can be read,
but then actual read still blocks (one such case is UDP packets with
wrong checksum). General advise is, if you use a poll/select loop,
keep all your fds nonblocking.
Maybe we should also do that to our network sockets?
function old new delta
udhcp_sp_setup 55 65 +10
udhcp_sp_fd_set 54 60 +6
udhcp_sp_read 46 36 -10
udhcpd_main 1451 1437 -14
udhcpc_main 2723 2708 -15
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/3 up/down: 16/-39) Total: -23 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When fetching a https:// URL with HTTP proxy configured
(e.g. with environment variable http_proxy=http://your-proxy:3128)
busybox was making a https connection to the proxy.
This was because the protocol scheme for the target URL was used to determine whether to connect to the proxy over SSL or not.
When the proxy is in use, the decision on whether to connect to the proxy over https
should based on the proxy URL not on the target URL.
function old new delta
wget_main 2381 2387 +6
Signed-off-by: Peter Lloyd <l-busybox@pgl22.co.uk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Attaching an interface to a VRF is done by setting the interface's
master. Besides VRF, this can also be used for bridges.
function old new delta
set_master - 142 +142
do_iplink 1262 1357 +95
packed_usage 32546 32539 -7
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/1 up/down: 237/-7) Total: 230 bytes
Signed-off-by: Jan Luebbe <jluebbe@debian.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
VRF interfaces have a mandatory table parameter, which needs to be
specified using a RTNL attribute.
function old new delta
do_add_or_delete 1150 1254 +104
packed_usage 32444 32546 +102
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 206/0) Total: 206 bytes
Signed-off-by: Jan Luebbe <jluebbe@debian.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This way, we can zero them all in one go.
We do malloc() anyway, thus nothing is lost by mallocing "globals"
function old new delta
arping_main 1683 1686 +3
finish 100 86 -14
catcher 350 310 -40
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/2 up/down: 3/-54) Total: -51 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
ARPING 192.168.1.1 from 192.168.1.172 wlan0
Unicast reply from 192.168.1.1 [F4:F2:6D:52:A8:DE] 1.672ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
ARPING 192.168.1.1 from 192.168.1.172 wlan0
Unicast reply from 192.168.1.1 [f4:f2:6d:52:a8:de] 1.152ms
Sent 1 probe(s) (1 broadcast(s))
Received 1 response(s) (0 request(s), 0 broadcast(s))
function old new delta
finish 120 100 -20
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Do not clear extra bits on option_mask32, it's not necessary.
Move DAD bit to 2, this makes exit logic simpler.
function old new delta
arping_main 1655 1629 -26
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Since bb_info_msg() was eliminated type of buffering on stdout is not important
function old new delta
udhcpd_main 1463 1451 -12
udhcpc_main 2735 2723 -12
setlinebuf 19 - -19
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 0/2 up/down: 0/-43) Total: -43 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
