This makes proxy work for any type of requests.
function old new delta
handle_incoming_and_exit 2240 2172 -68
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This allows to fix a problem that we wait for renew replies
for up to half the lease (!!!) if they never come.
Make it so that lease of 60 seconds is not "rounded up" to 120 seconds -
set lower "sanity limit" to 30 seconds.
After 3 failed renew attempts, switch to rebind.
After this change, we can have more flexible choice of when to do
the first renew - does not need to be equal to lease / 2.
function old new delta
udhcpc6_main 2568 2576 +8
.rodata 103339 103294 -45
udhcpc_main 2609 2550 -59
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/2 up/down: 8/-104) Total: -96 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This resolves failures like
wget: server returned error: HTTP/1.1 307 Temporary Redirect
Signed-off-by: Jeremy Lin <jeremy.lin@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Discovered that the DHCP server on a TrendNet router (unknown model)
provides a zero-length option 12 (Host Name) in the DHCP ACK message. This
has the effect of causing udhcpc to drop the rest of the options, including
option 51 (IP Address Lease Time), 3 (Router), and 6 (Domain Name Server),
most importantly leaving the OpenWrt device with no default gateway.
The TrendNet behavior violates RFC 2132, which in Section 3.14 declares that
option 12 has a minimum length of 1 octet. It is perhaps not a cosmic coincidence
that I found this behavior on Pi Day.
This patch allows zero length options without bailing out, by simply skipping them.
function old new delta
udhcp_scan_options 183 172 -11
Signed-off-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This reduces initial traffic to NTP servers when a lot of devices boot at once.
Log inspection tells me we agressively burst-poll servers about 5 times
at startup, even though we usually already update clock after second replies.
INITIAL_SAMPLES can probably be even lower, e.g. 2, but let's be conservative
when changing this stuff.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This patch addressing 2 issues:
1. Replacing source/dest with uh_sport/uh_dport. It seems that uh_* members are
defined on both Linux and BSD, so no #ifdef here
2. Use SOL_IPV6 instead of SOL_RAW on the FreeBSD to fix IPV6_CHECKSUM setsockopt
Signed-off-by: Alex Samorukov <samm@os2.kiev.ua>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
FreeBSD using different constant names, defining them inline
Signed-off-by: Alex Samorukov <samm@os2.kiev.ua>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
FreeBSD is not exporting s6_addr32 by default, but has it.
Signed-off-by: Alex Samorukov <samm@os2.kiev.ua>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If the Range: header is not present it the request,
the offset passed to sendfile is wrong,
and httpd falls back to the read-write loop.
function old new delta
send_file_and_exit 857 865 +8
handle_incoming_and_exit 2239 2230 -9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 8/-9) Total: -1 bytes
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is safe: it's not a setuid applet, the attempt to set time
will simply fail if attempted by non-root
From openwrt 600-allow-ntpd-non-root.patch
function old new delta
ntp_init 1049 1005 -44
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
There are cases where binding to source IP and
destination IP is insufficient to guarantee sane
xmit netdev.
One case where this can fail is when
route-matching netdev carrier is down (cable
unplugged, wifi disconnected), or the netdev is
admin down. Then all the IP based bindings (bind()
+ connect()) will seemingly succeed but the actual
packet can go out through a default gw path.
Depending on the network this happens on
it can create issues or false alarms. It can
also leak some subnet info across networks that
shouldn't be routed.
As such better be safe than sorry and bind to a
netdev to be sure it's used for xmit.
function old new delta
udhcp_send_kernel_packet 293 336 +43
send_packet 182 188 +6
bcast_or_ucast 37 43 +6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 55/0) Total: 55 bytes
Signed-off-by: Michal Kazior <michal@plume.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Do not pass "from" and "to" addresses as parameters, keep them in globals
function old new delta
common_traceroute_main 3426 3391 -35
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Do not byteswap ident (why we were doing it?)
function old new delta
common_traceroute_main 3544 3426 -118
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Use decode_base64() from uuencode.c when uudecode/base64 applets are included.
That function is bigger than httpd's decodeBase64(), so we use the old one when
those applets are disabled. Bloat-o-meter when one of those is enabled:
function old new delta
handle_incoming_and_exit 2371 2265 -106
Signed-off-by: Xabier Oneca <xoneca@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This adds support for fwmark/fwmask in ip rule which is needed, for example, in
OpenWrt's mwan3. Masks are supported since Linux 2.6.19.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11621
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
"error: taking address of packed member of 'struct ip_udp_dhcp_packet'
may result in an unaligned pointer value" here:
udhcp_dump_packet(&packet.data);
and in other places.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If server responds with ETag then next time client can resend it via If-None-Match header.
Then httpd will check if file wasn't modified and if not return 304 Not Modified status code.
The ETag value is constructed from file's last modification date in unix epoch and it's size:
"hex(last_mod)-hex(file_size)" e.g. "5e132e20-417" (with quotes).
That means that it's not completely reliable as hash functions but fair enough.
The same form of ETag is used by Nginx so load balancing of static content is safe.
function old new delta
handle_incoming_and_exit 2135 2201 +66
http_response 88 96 +8
send_headers 676 683 +7
parse_conf 1362 1365 +3
http_response_type 22 24 +2
send_file_and_exit 847 841 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 5/1 up/down: 86/-6) Total: 80 bytes
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The Last-Modified header is used for caching.
The client (browser) will send back the received date to server via If-Modified-Since request header.
But both headers MUST be an RFC 1123 formatted string.
And the formatting consumes resources on request parsing and response generation.
Instead we can use ETag header.
This simplifies logic and the only downside is that in JavaScript the document.lastModified will return null.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
RFC 2616 sec. 14.18 says that server MUST send Date header.
But in fact the header make sense only for Cache-Control and can be omitted.
In the same time the Date eats power, CPU and network resources which are critical for embedded systems.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
HTTP v1.1 was released in 1999 year and it's time to update BB HTTPD.
Browsers may behave badly with HTTP/1.0
E.g. Chrome does not send the If-None-Match header with ETag.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
PLATFORM_LINUX is a hidden configuration option which is disabled by
default and enabled at over a hundred locations for features that are
deemed to be Linux specific.
The only effect of PLATFORM_LINUX is to control compilation of
libbb/match_fstype.c. This file is only needed by mount and umount.
Remove all references to PLATFORM_LINUX and compile match_fstype.c
if mount or umount is enabled.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Duplicate options are currently overridden (only the last option is kept).
This leads to unexpected behavior when using long options.
The patch adds support for long options in compliance with RFC 3396.
Fixes#13136.
function old new delta
udhcp_run_script 601 725 +124
optitem_unset_env_and_free - 38 +38
putenvp 46 59 +13
static.xmalloc_optname_optval 718 717 -1
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/1 up/down: 175/-1) Total: 174 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The "noprefixroute" option suppresses automatic generation of a routing
table entry based on the interface's ip address.
The ifa_flags field has only 8 bit. If higher bits are set,
rta_tb[IFA_FLAGS] has to be used instead.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Remove new lines \n and some semicolons ;. This minimize page style size from 655 to 604
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Patch by Baruch Burstein <bmburstein@gmail.com>
function old new delta
parse_pasv_epsv 153 181 +28
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
dname_dec: now iterates over the packet only once.
convert_dname: remove redundant checks and code shrink.
While testing I've noticed that some of the tests didn't compile
properly, so I fixed them.
function old new delta
dname_dec 286 267 -19
dname_enc 166 143 -23
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-42) Total: -42 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fill_envp now iterates over the packet only once instead of a few hundred times
using the new option scanner.
function old new delta
udhcp_scan_options - 189 +189
putenvp - 46 +46
init_scan_state - 22 +22
udhcp_get_option 227 104 -123
udhcp_run_script 835 601 -234
------------------------------------------------------------------------------
(add/remove: 3/0 grow/shrink: 0/2 up/down: 257/-357) Total: -100 bytes
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Added an option scanner to udhcp to enable iteration over packet options.
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit d1b75e184 (httpd: permit non-default home directory with NOMMU
enabled) only works when used with the '-f' (foreground) option.
When '-f' isn't specified and NOMMU is enabled bb_daemonize_or_rexec()
is called to daemonize the server. Since the server process has been
re-execed the previous patch results in the xchdir() not being called.
Fix this by resetting the re_execed variable in this case.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Incorporated valid_domain_label into good_hostname to simplify the implementation.
function old new delta
static.xmalloc_optname_optval 973 958 -15
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-15) Total: -15 bytes
text data bss dec hex filename
993144 16915 1872 1011931 f70db busybox_old
993129 16915 1872 1011916 f70cc busybox_unstripped
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When ENABLE_FEATURE_WGET_OPENSSL is enabled, correctly implement TLS
verification by default. And only ignore verification errors, if
--no-check-certificate was passed.
Also note, that previously OPENSSL implementation did not implement
TLS verification, nor printed any warning messages that verification
was not performed.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1879533
CVE-2018-1000500
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When BusyBox is compiled with NOMMU enabled running httpd with
the '-h' option fails even if the specified directory exists:
$ ls -d www
www
$ busybox httpd -fvvvp 8080 -h www
...
... try to access http://localhost:8080/www
...
httpd: can't change directory to 'www': No such file or directory
The parent process executes xchdir("www"). When a connection is accepted
it's handled by re-executing httpd in inetd mode. The child process
inherits the current directory "www" and tries to change directory again
to "www", which fails.
Omit the call to xchdir() when httpd is re-executed.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> 2018-07-25:
> ntpd: increase MIN_FREQHOLD by 3
> This means we'll start correcting frequency ~5 minutes after start,
> not ~3.5 ones.
> With previous settings I still often see largish ~0.7s initial offsets
> only about 1/2 corrected before frequency correction kicks in,
> resulting in ~200ppm "correction" which is then slowly undone.
Review of real-world results of the above shows that with small
initial offsets, freq correction can be allowed to kick in sooner,
whereas with large (~0.8s) offsets, we still start freq correction
a bit too soon.
Let's rebalance this a bit.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add support for querying and parsing SRV DNS records.
function old new delta
send_queries 1711 1865 +154
qtypes 72 80 +8
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Under some circumstances, a DNS reply might contain no resource records,
e.g. when a valid domain is queried that does not have records of the
requested type.
Example with nslookup from BIND dnsutils:
$ nslookup -q=SRV example.org
Server: 10.11.12.13
Address: 10.11.12.13#53
Non-authoritative answer:
*** Can't find example.org: No answer
Currently the busybox nslookup applet simply prints nothing after the
"Non-authoritative answer:" line in the same situation.
This change modifies nslookup to either print "Parse error" or "No answer"
diagnostics, depending on the parse_reply() return value.
function old new delta
send_queries 1676 1711 +35
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
