Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Hoped this can make cdn.kernel.org to like us more. Nope.
While at it, made error reporting more useful.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
A new applet, ssl_client, is the TLS debug thing now.
It doubles as wget's NOMMU helper.
In MMU mode, wget still forks, but then directly calls TLS code,
without execing.
This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support)
and nc --ssl (ncat, nmap's nc clone, has such option).
function old new delta
tls_handshake - 1691 +1691
tls_run_copy_loop - 443 +443
ssl_client_main - 128 +128
packed_usage 30978 31007 +29
wget_main 2508 2535 +27
applet_names 2553 2560 +7
...
xwrite_encrypted 360 342 -18
tls_main 2127 - -2127
------------------------------------------------------------------------------
(add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195) Total: 156 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Was:
Usage: ip [OPTIONS] address|route|link|tunnel|neigh|rule [COMMAND]
ip [OPTIONS] OBJECT [COMMAND]
where OBJECT := address|route|link|tunnel|neigh|rule
OPTIONS := -f[amily] inet|inet6|link | -o[neline]
User: instead of repeating list of OBJECTs twice, you could at least
show available COMMANDs...
Now:
Usage: ip [OPTIONS] address|route|link|tunnel|neigh|rule [COMMAND]
OPTIONS := -f[amily] inet|inet6|link | -o[neline]
COMMAND :=
ip addr add|del IFADDR dev IFACE | show|flush [dev IFACE] [to PREFIX]
ip route list|flush|add|del|change|append|replace|test ROUTE
ip link set IFACE [up|down] [arp on|off] | show [IFACE]
ip tunnel add|change|del|show [NAME]
[mode ipip|gre|sit]
[remote ADDR] [local ADDR] [ttl TTL]
ip neigh show|flush [to PREFIX] [dev DEV] [nud STATE]
ip rule [list] | add|del SELECTOR ACTION
While at it, tweak tc --help too (it stays disabled, thus no effect)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
As it turns out, it goes only up to "inbuf_size:4608"
for kernel.org - fixed 18kb buffer was x4 larger than necessary.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
With tls_has_buffered_record(), entire kernel.org response
is printed at once, without 6 second pause to see its delayed EOF.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
For the first time
printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org
successfully reads entire server response and TLS shutdown.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is particularly useful if hostname resolution is triggered by
host non-reachability: I saw this in real-life, without the message
it is not at all obvious that IP that we use for a specific host
has changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Successfully finishes handshake with test servers using NULL-SHA256
cipher.
The "only" thing remaining before there is a chance
this can actually work with real servers is AES encrypt/decrypt.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4406
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30
entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30
skipped der 0x30, next byte 0x03
entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00
copying key bytes:399, first:0x00
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
Now need to teach it to send ClientKeyExchange...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
shutdown(3, SHUT_WR) = 0
alarm(900) = 900
read(3, "", 1024) = 0
write(2, "wget: error getting response\n", 29) = 29
exit(1)
The peer simply does not return anything. It closes its connection.
Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
The point it, closing write side of the socket is _valid_ for HTTP.
wget sent the full request, it won't be sending anything more:
it will only receive the response, and that's it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Redundant help texts (one which only repeats the description)
are deleted.
Descriptions and help texts are trimmed.
Some config options are moved, even across menus.
No config option _names_ are changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When httpd proxies a request to another server, it first creates
an AF_INET socket, then resolves the server name to a sockaddr,
then connects to it. This fails if the server name resolves to
an IPv6 address.
This patch ensures that the socket is created with the correct
address family (AF_INET6 if the server resolves to an IPv6 address
and AF_INET otherwise).
Signed-off-by: Laurent Bercot <ska-dietlibc@skarnet.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run the namelookup from the main loop so a misspelled first ntp server
name does not block everything forever.
This fixes the following situation which would block forever:
$ sudo ./busybox ntpd -dn -p foobar -p pool.ntp.org
ntpd: bad address 'foobar'
ntpd: bad address 'foobar'
ntpd: bad address 'foobar'
...
New behavior:
ntpd: bad address 'foobar'
ntpd: sending query to 137.190.2.4
ntpd: reply from 137.190.2.4: offset:-1.009775 delay:0.175550 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x01
ntpd: sending query to 137.190.2.4
ntpd: reply from 137.190.2.4: offset:-1.009605 delay:0.175461 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x03
ntpd: sending query to 137.190.2.4
ntpd: reply from 137.190.2.4: offset:-1.005327 delay:0.167027 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x07
ntpd: sending query to 137.190.2.4
ntpd: bad address 'foobar'
ntpd: reply from 137.190.2.4: offset:-1.046349 delay:0.248705 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x0f
This patch is based on Kaarle Ritvanens work.
http://lists.busybox.net/pipermail/busybox/2016-May/084197.html
function old new delta
ntpd_main 1061 1079 +18
ntp_init 556 560 +4
resolve_peer_hostname 81 75 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 22/-6) Total: 16 bytes
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
All other applets are listed simply by their name, no reason why
dumpleases doesn't do that.
Group all udhcpd feature options directly after it.
Put "NOT READY" into udhcpc6 item (some users actually tried to use it,
and complained).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit a8c696bf09 makes ifup and ifdown
individually selectable, but forgets to update the dependency to
IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore.
This patch fixes the dependency by checking for IFUP or IFDOWN, instead
of the obsolete IFUPDOWN.
Also, it drops dependency on UDHCPC: udhcpc on the target system
does not have to come from the _same_ binary.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
musl does not like including linux/netfilter_ipv4.h
(enum / #define collision in two headers, resulting in "3 = 3"
type situation in enum definition).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
They merely enable ip or ifconfig/route. There is already a way to do this
on the same menuconfig page.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Linux kernel, starting from 2.6.19 allows ip table ids to have 32-bit values.
In order to preserve compatibility, the old 8-bit field: rtm_table is still
in use when table id is lower than 256.
Add support for the 32-bit table id (RTA_TABLE attribute) in:
- ip route print
- ip route modify
- ip rule print
- ip rule modify
Add printing of table ids to ip route.
Changes are compatible with the mainline iproute2 utilities.
These changes are required for compatibility with ConnMan, which by default
uses table ids greater than 255.
function old new delta
print_route 1588 1637 +49
do_iproute 2187 2222 +35
do_iprule 955 987 +32
print_rule 617 630 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/0 up/down: 129/0) Total: 129 bytes
Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
While at it, fix a pathological case where it is not fine:
-r REALM with some 8-kbyte long REALM would overflow the buffer.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
function old new delta
udhcp_get_option 215 220 +5
udhcp_run_script 802 803 +1
Signed-off-by: Brian Foley <bpfoley@google.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Here, not handling the error is would just eat one input 0xff char.
Correct handling would need even more corner case handling,
as-is buggy handling corrupts the buffer.
Since we just been told by kernel that pty is ready,
EAGAIN should not be happening here anyway.
function old new delta
telnetd_main 1798 1785 -13
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
put_iac2(w,c) is mostly used with constants, fold them into one arg
function old new delta
put_iac2_merged - 46 +46
telnet_main 1603 1583 -20
con_escape 285 257 -28
put_iac2 50 - -50
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 0/2 up/down: 46/-98) Total: -52 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
A bit of future-proofing. Some of them can stand just being ignored.
function old new delta
telnetd_main 1791 1798 +7
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
I managed to reproduce the bug, with some difficulty.
function old new delta
telnetd_main 1780 1791 +11
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If a write to pty is short, remove_iacs() can be run on a buffer repeatedly.
This, for example, can eat 0xff chars (IACs, in telnet terms).
Rework the logic to handle IACs in a special "write to pty" function.
function old new delta
telnetd_main 1662 1750 +88
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
By user's request.
Decided to not use fcntl(F_SETLKW) in lieu of problems with locking
on networked filesystems. The existence of /var/run/ifstate.new
is treated as a write lock. rename() provides atomicity.
function old new delta
ifupdown_main 1019 1122 +103
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Also, much improved help text.
function old new delta
packed_usage 30652 30851 +199
tcpudpsvd_main 1782 1784 +2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Added NOINLINE to two function, since my version of gcc would actualy increase
code size otherwise.
I see no size changes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Remove FEATURE_TRACEROUTE_SOURCE_ROUTE: it's off by default, and
source routing is not used in real world.
Tested that "traceroute -n ::1 100" and "traceroute -n 127.0.0.1 100"
both send 100 byte IP packets (this matches what traceroute on Fedora
Rawhide is doing).
function old new delta
common_traceroute_main 3731 3738 +7
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
User report:
or our board we setup eth0:0 on a 10.10.10.x/29 netwrok.
The problem is ip addr flush dev eth0:0 removes all ip addresses from
eth0. You can see this if you run
ip -stat -stat addr flush dev eth0:0
2: eth0 inet 172.27.105.10/22 brd 172.27.107.255 scope global eth0
valid_lft forever preferred_lft forever
2: eth0 inet 10.10.10.9/29 scope global eth0:0
valid_lft forever preferred_lft forever
2: eth0 inet6 fe80::a2f6:fdff:fe18:2b13/64 scope link
valid_lft forever preferred_lft forever
*** Round 1, deleting 3 addresses ***
*** Flush is complete after 1 round ***
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
A padding to align a message should not only be added between
different attributes of a netlink message, but also at the end of the
message to pad it to the correct size.
Without this patch the following command does not work and returns an
error code:
ip link add type nlmon
Without this ip from busybox sends this:
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base={{len=45, ...},
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\22\0\t\0\1nlmon"}, iov_len=45}],
msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 45
return value: 2
The normal ip utile from iproute2 sends this:
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base={{len=48, ...},
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\22\0\t\0\1nlmon\0\0\0"}, iov_len=48}],
msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
return value: 0
With this patch ip from busybox sends this:
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base={{len=48, ...},
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\22\0\t\0\1nlmon\0\0\0"}, iov_len=48}],
msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
return value: 0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The udhcpc script may be used to setup fallback configuration (E.G. IPv4LL,
fixed IP address, ..) that also needs to be cleaned up on release (E.G.
when SIGUSR2 is called or on shutdown with -R), so unconditionally call
deconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some user managed to hit a race where iface is gone between SIOCGIFFLAGS
and SIOCSIFFLAGS (!). If SIOCSIFFLAGS fails, treat it the same as failed
SIOCGIFFLAGS
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is necessary for multi-hosted TLSed web sites.
function old new delta
spawn_https_helper_openssl 334 441 +107
Based on a patch by Jeremy Chadwick <jdc@koitsu.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
It was doing way too simplistic work of just querying the server,
no redirects, no query massaging. This required user to know a lot about whois,
and enter at least three queries for each host to get meaningful information.
function old new delta
whois_main 209 646 +437
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The bug was seen when the following is done:
# killall 1 udhpc; killall 2 udhpc
Performing a DHCP renew
state: 2 -> 5
Sending renew...
Entering released state
state: 5 -> 6 <<<<<<<<<<<<<< not calling script!!!!
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This resolves the following use case problem:
"I start ntpd by default from /etc/init.d
There might be no working network connection (not configured properly for
whatever reason, hardware problems, whatelse).
With busybox 1.25 ntpd seems to loop forever if now NTP servers are found,
blocking the boot process and I never get a login to solve a possible pb or
to do a first time configuration."
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The ICMP RFC says that identifier and sequence number may be zero.
Having them zero for a Echo message, along with a data of zero's
as well will result in a Echo reply message with only zero's.
Some NAT implementations seem to get the checksum wrong on these
packages. Setting a checksum of 0x0 instead of 0xffff.
Through NAT:
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x0000 [incorrect, should be 0xffff]
Identifier (BE): 0 (0x0000)
Identifier (LE): 0 (0x0000)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
Data: 000000000000000000000000000000000000000000000000...
[Length: 56]
Without NAT:
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xffff [correct]
Identifier (BE): 0 (0x0000)
Identifier (LE): 0 (0x0000)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 189]
[Response time: 0.024 ms]
Data (56 bytes)
Data: 000000000000000000000000000000000000000000000000...
[Length: 56]
And this in turn will make some hardware MAC checksum offloading
engines drop the packet.
(This was seen with a Synopsis MAC, the same one used in for instance the
stmmac Ethernet driver in the linux kernel.)
This change can be seen as a workaround for bugs in other layers.
But just setting an identifier for the Echo message packet will
avoid prodding the hornets nest.
function old new delta
common_ping_main 424 500 +76
Signed-off-by: Jonas Danielsson <jonasdn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some users start ntpd on boot, and don't babysit it. If it dies because
DNS is not yet up and therefore NTP servers can't be found, users are
not happy.
Example behavior with a peer name which can't be resolved:
ntpd: bad address 'qwe.rty.ghj.kl'
...5 sec...
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
...
Based on the patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
function old new delta
resolve_peer_hostname - 81 +81
ntpd_main 1130 1061 -69
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/1 up/down: 81/-69) Total: 12 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is the only non-debug use of ether_ntoa(). By not using it,
we reduce bss:
function old new delta
arping_main 1568 1665 +97
static.asc 18 - -18
ether_ntoa 57 - -57
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 1/0 up/down: 97/-75) Total: 22 bytes
text data bss dec hex filename
911020 493 7352 918865 e0551 busybox_old
911069 493 7336 918898 e0572 busybox_unstripped
Also, "standard" arping zero-pads MAC. ether_ntoa() does not.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Use designated initializers for struct msghdr.
The struct layout is non-portable and musl libc does not match what busybox expects.
Signed-off-by: Szabolcs Nagy <nsz@port70.net>
Tested-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map"
text data bss dec hex filename
829901 4086 1904 835891 cc133 busybox_before
829665 4086 1904 835655 cc047 busybox
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Otherwise, "-t 0" usage may end up sending them forever
if server does not respond.
function old new delta
udhcpc_main 2846 2836 -10
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
RFC2131 paragraph 4.1 states DHCP messages broadcast by a client prior to
that client obtaining its IP address must have the source IP address
field in the header set to 0.
Request messages transmitted in renewing and rebinding state need to use
the obtained IP address as source IP address in the header; this behavior
lines up with other implementations like ISC dhcp client.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Let udhcpd retain the information about expired leases when restarting
so that the leases are reserved until they possibly become the oldest
expired lease.
This reduces the frequency of IP address changes for example when the
DHCP server and a group of clients, who do not store and request their
previously offered IP address across restarts, are collectively restarted
and the startup order of the clients are not guaranteed.
Signed-off-by: Christian Lindeberg <christian.lindeberg@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This patch allow to have multiple interface definitions, much like
Debian's ifupdown. More specifically, it removes the check for a
duplicate definition, so the impact on binary size should be fairly
minimal.
This configuration:
iface eth0 inet static
address 192.168.0.15
netmask 255.255.0.0
gateway 192.168.0.1
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
Will add two addresses to eth0 if ip is used. If ifconfig is used,
the standards methods will likely not stack, but the administrator may
still use the manual method. The DHCP method may work depending on the
DHCP client in use.
This is a fairly advanced feature for power users who knows what they
are doing. There are not many other network configuration systems that
allows multiple addresses on an interface.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
After commit 8e74adab01
("libbb: make INET[6]_rresolve use sockaddr2{host,dotted}_noport")
INET_sprint6 uses more than just sin6_addr, it also tries to display the
scope id, which is uninitialized when called from ife_print6.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The -H NAME is deprecated in udhcpc. See commit
2017d48c0d
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
IPv6 routes need the device argument for link-local routes, or they
cannot be used at all. E.g. "gateway fe80::def" seems to be used in
some places, but kernel refuses to insert the route unless device
name is explicitly specified in the route addition.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Saves 87 bytes. Assuming, of course, all platforms have it.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
invarg(a,b) - "invalid argument", but how a and b enter the message?
invarg_1_to_2(a,b) is somewhat easier to read: "invalid argument 'a' to 'b'"
Audit of usage revealed a number of bad uses, with too long messages.
text data bss dec hex filename
938848 932 17448 957228 e9b2c busybox_old
938788 932 17448 957168 e9af0 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This patch ports the 'ip neigh' command, originally written by Alexey
Kuznetsov, <kuznet@ms2.inr.ac.ru>, to busybox.
The base of the port is the version of iproute that shipped with
Debian Squeeze, taken from:
http://http.debian.net/debian/pool/main/i/iproute/iproute_20100519.orig.tar.gz
This patch has actively been used by the Open Network Install
Environment (ONIE) project for over 3 years without incident.
function old new delta
print_neigh - 933 +933
ipneigh_list_or_flush - 742 +742
get_hz - 109 +109
do_ipneigh - 62 +62
do_iproute 2112 2153 +41
packed_usage 30647 30667 +20
ipneigh_main - 14 +14
static.ip_neigh_commands - 12 +12
static.nuds - 9 +9
static.ip_func_ptrs 32 36 +4
print_route 1858 1727 -131
------------------------------------------------------------------------------
(add/remove: 8/0 grow/shrink: 3/1 up/down: 1946/-131) Total: 1815 bytes
Signed-off-by: Curt Brune <curt@cumulusnetworks.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If FEATURE_WGET_OPENSSL and FEATURE_WGET_SSL_HELPER are both disabled
there's no point in checking for https URLs.
function old new delta
P_HTTPS 6 - -6
.rodata 155501 155469 -32
parse_url 476 423 -53
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/2 up/down: 0/-91) Total: -91 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Unfortunately, chroot() works only for root user, because of attacks
on setuid binaries (make DIR/lib/ld-linux.so a shell, hardlink to
a setuid binary, chroot to DIR, execute it and get root shell).
function old new delta
ftpd_main 2160 2180 +20
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Allows using an alternate path for config files.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Christoph J. Thompson <cjsthompson@gmail.com>
Signed-off-by: Michael Bestas <mikeioannina@gmail.com>
When a static interface with explicit gateway and metric in /etc/network/interfaces
is enabled using 'ifup', and further, the BusyBox 'ip' applet is enabled, the
following error message appears at the console (and no default route is added):
ip: either "to" is duplicate, or "prio" is garbage
Tracing ifup reveals that it is attempting to run the following shell command:
ip route add default via <GW> dev <DEVICE> prio <METRIC>
'ip' does not understand the 'prio' argument, causing this error. With 'metric',
it works fine.
Signed-off-by: Alex Dowad <alexinbeijing@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
While RFC1035 recommends a label not to start with a number, there is
actually no such limitation in dns. One may buy a domain name like
0x1.net and use it.
This commit remove this check and allow a user to use such domains.
Signed-off-by: Arthur Gautier <baloo@gandi.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Introduce a library routine to package the idiom:
p = xmalloc(b, n);
memcpy(p, b, n);
and use it where possible. The example in traceroute used xzalloc
but it didn't need to.
function old new delta
xmemdup - 32 +32
last_main 834 826 -8
make_device 2321 2311 -10
common_traceroute_main 3698 3685 -13
readtoken1 3182 3168 -14
procps_scan 1222 1206 -16
forkchild 655 638 -17
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/6 up/down: 32/-78) Total: -46 bytes
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit "zcip: fix link-local IP conflict detection" has introduced
wrong comparsion of source IP with our IP. This leads to a new IP
being picked unnecessarily on every incoming ARP packet.
Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When 'if -a' runs into an failure on an interface all further
interfaces won't be correctly updated in ifstate. This patch
inserts a new variable that only tracks the current interfaces
failure so that the write to ifstate can rely on this and not
the one for the functions return value.
Fixes https://bugs.busybox.net/show_bug.cgi?id=6212
Signed-off-by: Frank Bergmann <frank.frajasalo@googlemail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
arping: interface eth0 not found: No such device
^^^^
This is because error template is formed before parsing command line arguments,
so it always uses default interface name "eth0".
Signed-off-by: Alexander Korolkov <alexander.korolkov@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on the patch by Zheng Junling <zhengjunling@huawei.com>
and Chen Gang <cg.chen@huawei.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
(re-sending this as it got ignored completey and the format of the
previous mail was probably not correct - please let me know if there's
anything else I can do to get this trivial fix applied)
for telnetd to work, we only need CONFIG_UNIX98_PTYS to be enabled
in the Linux kernel - DEVPTS_FS has been obsolete for some time
Signed-off-by: Martin Kaiser <lists@kaiser.cx>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This speeds up syncing - now happens only just
two replies from a peer. Especially useful for "ntpd -q".
Shouldn't have ill effects: if we chose a bad peer,
we will discover it later and switch to another one.
The code is even smaller this way.
Suggested by Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We wanted to detect when tv_sec = unsigned1 - unsigned2
underflows by looking at tv_sec's sign. But if tv_sec
is long and it is wider than unsigned, we get unsigned -> long
conversion which is in this case never negative.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
OpenNTPd is licensed under ISC-style license so it's good idea to keep
ntpd applet under same license to avoid mess, instead of having
our changes to be under GPL.
Names of original code's authors are added.
Signed-off-by: Adam Tkac <vonsch@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Prevent nasty surprises if script runs longer than lease time / 2.
Signed-off-by: John Schroeder <jschroed@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on the following user report:
I ran into an issue where I was seeing a long delay in the scripts called
in udhcp_run_script. I was using an old version of OpenWrt (kamikaze)
and a satellite modem. An NTP script was being called and the modem
would sometimes take a long time to respond to the DNS lookup when
it was offline.
This delay started affecting my lease time. The lease that I would
get from my satellite modem before it was online would be short:
only 60 seconds. The delay with NTP and the modem would typically
be about 18 seconds. This would cause the first DHCP renew request
from dhcpc to be a little late. Under certain circumstances,
I could even see the first DHCP renew to occur after the lease
had expired!
function old new delta
udhcpc_main 2816 2837 +21
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Busybox already uses sendfile in httpd. This patch proposes to use it
globally to copy data between file descriptors.
It speeds up the copying on slow systems a lot - below are the times needed
to copy a 450Mb file with and without this option enabled on a BeagleBone
Black:
sendfile:
user 0m0.000s
sys 0m8.170s
read/write 4k:
user 0m0.470s
sys 0m16.300s
function old new delta
bb_full_fd_action 394 474 +80
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
169.254 may already be used by a local network. This patch allows
specifying your own IP range.
Our particular use case is a mesh network, in which the nodes partaking
were using an IP range specifically assigned for the meshing purpose.
As the LAN side of the mesh node could use 169.254, this default range
was not an option.
function old new delta
zcip_main 1342 1426 +84
pick_nip - 40 +40
packed_usage 29974 29969 -5
pick 34 - -34
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 1/1 up/down: 124/-39) Total: 85 bytes
Signed-off-by: Michel Stam <m.stam@fugro.nl>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some clients have a very short timeout for sending the DHCP
DISCOVER, shorter than the arpping timeout of 2000 milliseconds
that udhcpd uses by default.
This patch allows tweaking the timeout, or disabling of arpping
altogether, at the risk of handing out addresses which are
already in use.
function old new delta
udhcpd_main 1460 1501 +41
udhcpc_main 2814 2851 +37
packed_usage 29957 29974 +17
arpping 477 493 +16
find_free_or_expired_nip 161 174 +13
send_offer 285 292 +7
nobody_responds_to_arp 85 89 +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 7/0 up/down: 135/0) Total: 135 bytes
Signed-off-by: Michel Stam <m.stam@fugro.nl>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The offset to jitter ratio is now calculated before updating
jitter to make the test more sensitive.
function old new delta
ntp_init 460 474 +14
update_local_clock 752 764 +12
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 26/0) Total: 26 bytes
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
To avoid polling servers frequently slowly increase the interval up
to BIGPOLL when
- no replies are received from a peer
- no source can be selected
- peer claims to be unsynchronized (e.g. we are polling it too
frequently)
When recv() returns with an error, drop code to try to continue
on network errors: I'm not convinced those cases happen in real life.
function old new delta
recv_and_process_peer_pkt 919 838 -81
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* on step, poll interval drops to 8.5 mins instead of 32 seconds
* on total loss of all replies (no replies from any peer
for last 8 requests), also drop poll interval to 8.5 mins
instead of 32 seconds
* on send abd recv errors, RETRY_INTERVAL is now 32 seconds,
not 5 seconds
* on timing out listening to reply, instead of unconditional
shortening poll interval by x4, clamp it to NOREPLY_INTERVAL
(512 seconds)
* if a largish offset is seen, clamp nexp poll interval
to 128 seconds, not 64 seconds
function old new delta
clamp_pollexp_and_set_MAXSTRAT - 37 +37
recv_and_process_peer_pkt 861 869 +8
poll_interval 52 48 -4
update_local_clock 762 752 -10
ntpd_main 1063 1050 -13
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/3 up/down: 45/-27) Total: 18 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The burst mode needs to be stopped even when no replies are received.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some HP PA-RISC firmware always sends fixed 512-byte requests,
with trailing garbage.
function old new delta
tftpd_main 578 572 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
During link-local IP resolution, if a regular ARP request is received
during the ARP probe period, it will incorrectly cause a target IP
conflict. This then leads to a new IP being picked unnecessarily.
Per RFC 3927, section 2.2.1, we should flag a target IP conflict only if
the source IP is null, the target IP matches our IP, and the source
hw addr does not match our hw addr.
function old new delta
zcip_main 1354 1322 -32
Signed-off-by: Ken Sharp <ken.sharp@ni.com>
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Like d3092c99, this change adds support for the DHCP "path-prefix"
option, as defined in RFC 5071. We use the string identifer
"pxepathprefix".
Adding this option makes string parsing in the hook scripts simpler.
function old new delta
dhcp_option_strings 255 269 +14
dhcp_optflags 72 74 +2
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When we merely chdir to saved "real" root fd,
exec("proc/self/exe") works for static executables but not
for dynamic ones (they can't find their interpreter).
With this patch, we also *chroot* to real root.
As a bonus, this gives us proper usernames, timezone conversion
etc.
function old new delta
popen_ls 203 259 +56
ftpd_main 2362 2366 +4
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Before this cahnge, sometimes they were used after the next packet
from another peer was received, because we did updare some peer stats
from high delay packet before dropping it.
function old new delta
recv_and_process_peer_pkt 922 966 +44
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
rand() is the most standard C library function,
and on uclibc they are the same. I guess
they are the same in most todays' libc...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Does not configure anything. L2 configuration hook scripts should do
their job on receiving ADDRFAM=link. Configuration will be done only
once, irrespective of L3 protocols used.
Using the 'link' family in the interfaces file conforms to the Debian
implementation:
http://sources.debian.net/src/ifupdown/0.7.47.1/link.defn
function old new delta
link_methods - 12 +12
addr_link - 12 +12
link_up_down - 6 +6
static.addr_fams 12 16 +4
------------------------------------------------------------------------------
(add/remove: 3/0 grow/shrink: 1/0 up/down: 34/0) Total: 34 bytes
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
GCC complained about since_last_update being set but not used.
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
There's no reason to call gethostbyname() on the value returned
by uname() when asked just for a short name of a host. This may
also be wrong, when uname is set to one value, but in /etc/hosts
(or elsewhere) the "canonical" name is different. This is often
the case for localhost entry in /etc/hosts:
127.0.0.1 localhost myname
With this content of /etc/hosts, and uname being set to myname,
busybox hostname -s will return localhost, while regular
hostname utility returns myname.
Fix this by not calling gethostbyname() for the simple
'hostname -s' use.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
GNU wget: wget google.com // ok
bb before: wget google.com // wget: not an http or ftp url
function old new delta
parse_url 317 339 +22
Signed-off-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Used to set p->filter_datapoint[i].d_dispersion = MAXDISP
and clear reachable bits, but this proved to be too agressive:
after step (tested with suspinding laptop for ~30 secs),
this caused all previous data to be considered invalid,
making us needing to collect full ~8 datapoins per peer
after step in order to start trusting them.
In turn, this was making poll interval decrease even after
step was done. (Poll interval decreases already before step
in this scenario, because we see large offsets and end up with
no good peer to select).
function old new delta
reset_peer_stats 157 139 -18
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This change adds a definition for DHCP option 209. RFC 5071 defines code
209 as a configuration file for a PXE bootloader; this change uses
the string "pxeconffile" as its text identifier.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit b8b72f02 removed all padding from DHCP packets
to fix operation with buggy servers which can't handle
maximum sized packets. But it introduced a regression
with buggy routers which drop DHCP packets smaller
than 300 bytes (i.e. 342 byte ethernet packets).
Add back some padding to work around.
function old new delta
udhcp_send_kernel_packet 268 292 +24
udhcp_send_raw_packet 462 473 +11
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 35/0) Total: 35 bytes
Signed-off-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
function old new delta
open_socket 33 64 +31
wget_main 2182 2194 +12
Signed-off-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Fron bug report:
If a CGI or proxied connection is rudely aborted (SIG_{KILL,BUS,SEGV})
then httpd will spin madly the poll loop in:
networking/httpd.c:1080
cgi_io_loop_and_exit()
Upon investigation I found that pfd[0].revents == 0x0018 (POLLHUP|POLLERR),
which leads to empty read, but the pfd[0].fd (STDIN_FILENO) is left open,
and in the FD list given to poll() which immediately returns to once
again inform the loop of (POLLHUP|POLLERR) condition of pfd[0].fd.
This continues until pfd[FROM_CGI].revents != 0
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
iplink.c includes net/if_packet.h, which (on GLIBC)
only defines struct sockaddr_pkt. this struct is not
used anywhere in the code, and removing the #include
makes compilation succeed with musl libc.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
devname is used by fscanf to store a string specified by '%20s'.
Extract from the man for the '%s' specifier:
Matches a sequence of non-white-space characters; the next pointer must be a
pointer to character array that is long enough to hold the input sequence and
the terminating null byte ('\0'), which is added automatically. The input
string stops at white space or at the maximum field width, whichever occurs
first.
Hence, the right length is 20 + 1 for the '\0'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
HTTP standard doesn't allow it and no sane clients should ever use it.
function old new delta
handle_incoming_and_exit 2795 2785 -10
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This makes reading the logic (as well as adding new code) a lot simpler,
and fixes one or two cases that were broken due to incorrect sub-version
tests.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
While at it, shrank code.
function old new delta
arp_main 1558 1487 -71
Signed-off-by: Kuleshov Aleksey <rndfax@yandex.ru>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When using busybox ntpd with an NTPv3 client and NTPv4 server (or vice
versa), the version numbers can be incorrectly ORed together, yielding
the bogus value of "NTPv7". This makes ntpd unusable with clients
such as Chrony and Windows "Internet Time".
This patch avoids the version mangling, by copying only the Leap
Indicator bits from the server's status field.
Signed-off-by: Paul Marks <paul@pmarks.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We set a default path for the directory where pidfiles are create
when FEATURE_PIDFILE is selected. The default has no effect on
applets which must specify a pidfile path on the command line to
run, and it can be overridden by applets which optionally allow
the user to specify the pidfile path.
We also add pidfile write/remove support for klogd, ntpd and watchdog.
For syslogd, we add a missing remove_pidfile() for better cleanup
on daemon exit.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
brctl uncorrectly displays the "showmacs" command as being supported while
it is not, remove it from the usage and Config.src file.
Signed-off-by: Nicolas Thill <nico@openwrt.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We use functions from sys/resource.h in misc applets, but don't include
the header. This breaks building with newer glibc versions, so add the
include where needed.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
function old new delta
static.wget_longopts 155 166 +11
packed_usage 29259 29231 -28
Signed-off-by: Vladimir Dronnikov <dronnikov@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Set environment variable 'PHASE'.
Treat post-up and pre-down as aliases for up and down.
Uses the same logic as ifupdown.nw from ifupdown-0.6.16.
Makes it possible to execute Debian's ifupdown script for
wpa-supplicant.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>