emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1222f4f22a
ndhc/ndhc/ifset.c

322 lines
9.9 KiB
C
Raw Normal View History

Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
/* ifset.c - Linux-specific net interface settings include
Initial commit.
2010-11-12 14:32:18 +05:30
*
Mark function prototypes in ifchd/linux.h as extern. Update copyright dates and do some cosmetic changes, too.
2014-03-09 22:02:30 +05:30
* Copyright (c) 2004-2014 Nicholas J. Kain <njkain at gmail dot com>
Relicense under New BSD (2-clause) license. I don't see any advantage to restricting use unnecessarily, and simple attribution is fine.
2011-07-25 12:00:57 +05:30
* All rights reserved.
Initial commit.
2010-11-12 14:32:18 +05:30
*
Relicense under New BSD (2-clause) license. I don't see any advantage to restricting use unnecessarily, and simple attribution is fine.
2011-07-25 12:00:57 +05:30
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
Initial commit.
2010-11-12 14:32:18 +05:30
*
Relicense under New BSD (2-clause) license. I don't see any advantage to restricting use unnecessarily, and simple attribution is fine.
2011-07-25 12:00:57 +05:30
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
Initial commit.
2010-11-12 14:32:18 +05:30
*
Relicense under New BSD (2-clause) license. I don't see any advantage to restricting use unnecessarily, and simple attribution is fine.
2011-07-25 12:00:57 +05:30
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
Initial commit.
2010-11-12 14:32:18 +05:30
*/
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define __USE_GNU 1
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/route.h>
#include <net/if.h>
#include <netpacket/packet.h>
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
Initial commit.
2010-11-12 14:32:18 +05:30
#include <pwd.h>
#include <grp.h>
#include <errno.h>
Fix warnings in ifset.c.
2014-03-11 05:01:46 +05:30
#include "ifset.h"
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
#include "ifchd.h"
#include "config.h"
Initial commit.
2010-11-12 14:32:18 +05:30
#include "log.h"
Share ifchd command defines between ifchd and ndhc.
2011-07-25 11:31:38 +05:30
#include "ifch_proto.h"
Convert to using shared ncmlib.
2010-11-12 16:12:07 +05:30
#include "strl.h"
Initial commit.
2010-11-12 14:32:18 +05:30
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
static int set_if_flag(short flag)
Initial commit.
2010-11-12 14:32:18 +05:30
{
int fd, ret = -1;
struct ifreq ifrt;
Constant correctness: socket(PF_*, ...) -> socket(AF_*, ...)
2011-06-25 20:41:48 +05:30
fd = socket(AF_INET, SOCK_DGRAM, 0);
Initial commit.
2010-11-12 14:32:18 +05:30
if (fd == -1) {
Use a Ragel-generated DFA parser for ifchd command dispatch.
2013-05-08 15:57:22 +05:30
log_line("%s: (set_if_flag) failed to open interface socket: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, strerror(errno));
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
goto out0;
Initial commit.
2010-11-12 14:32:18 +05:30
}
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
strnkcpy(ifrt.ifr_name, client_config.interface, IFNAMSIZ);
Initial commit.
2010-11-12 14:32:18 +05:30
if (ioctl(fd, SIOCGIFFLAGS, &ifrt) < 0) {
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
log_line("%s: unknown interface: %s", client_config.interface, strerror(errno));
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
goto out1;
Initial commit.
2010-11-12 14:32:18 +05:30
}
Add a -V --verbose flag to enable the overly verbose list reciept logging. Update interface flags only if it would provoke an actual change.
2011-04-30 17:00:07 +05:30
if (((ifrt.ifr_flags & flag ) ^ flag) & flag) {
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
strnkcpy(ifrt.ifr_name, client_config.interface, IFNAMSIZ);
Add a -V --verbose flag to enable the overly verbose list reciept logging. Update interface flags only if it would provoke an actual change.
2011-04-30 17:00:07 +05:30
ifrt.ifr_flags |= flag;
if (ioctl(fd, SIOCSIFFLAGS, &ifrt) < 0) {
Use a Ragel-generated DFA parser for ifchd command dispatch.
2013-05-08 15:57:22 +05:30
log_line("%s: failed to set interface flags: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, strerror(errno));
Add a -V --verbose flag to enable the overly verbose list reciept logging. Update interface flags only if it would provoke an actual change.
2011-04-30 17:00:07 +05:30
goto out1;
}
} else
ret = 0;
Initial commit.
2010-11-12 14:32:18 +05:30
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
out1:
Initial commit.
2010-11-12 14:32:18 +05:30
close(fd);
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
out0:
Initial commit.
2010-11-12 14:32:18 +05:30
return ret;
}
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
#define NLMSG_TAIL(nmsg) \
((struct rtattr *) (((uint8_t*) (nmsg)) + \
NLMSG_ALIGN((nmsg)->nlmsg_len)))
static int add_rtattr(struct nlmsghdr *n, size_t max_length, int type,
const void *data, size_t data_length)
{
size_t length;
struct rtattr *rta;
length = RTA_LENGTH(data_length);
if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(length) > max_length)
return -E2BIG;
rta = NLMSG_TAIL(n);
rta->rta_type = type;
rta->rta_len = length;
memcpy(RTA_DATA(rta), data, data_length);
n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(length);
return 0;
}
// 32-bit position values are relatively prime to 37, so the residue mod37
// gives a unique mapping for each value. Gives correct result for v=0.
static int trailz(uint32_t v)
{
static const int bpm37[] = {
32, 0, 1, 26, 2, 23, 27, 0, 3, 16, 24, 30, 28, 11, 0, 13, 4, 7, 17,
0, 25, 22, 31, 15, 29, 10, 12, 6, 0, 21, 14, 9, 5, 20, 8, 19, 18
};
return bpm37[(-v & v) % 37];
}
// sn must be in network order
static inline int subnet4_to_prefixlen(uint32_t sn)
{
return 32 - trailz(sn);
}
// str_bcast is optional.
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
void perform_ip_subnet_bcast(const char *str_ipaddr,
Mark function prototypes in ifchd/linux.h as extern. Update copyright dates and do some cosmetic changes, too.
2014-03-09 22:02:30 +05:30
const char *str_subnet, const char *str_bcast)
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
{
uint8_t request[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
NLMSG_ALIGN(sizeof(struct ifaddrmsg)) +
RTA_LENGTH(sizeof(struct in6_addr))];
struct in_addr ipaddr, subnet, bcast;
struct sockaddr_nl nl_addr;
struct nlmsghdr *header;
struct ifaddrmsg *ifaddrmsg;
Store the interface index in the client_config before forking off the subprocesses. ndhc-ifch can then use the stored interface index when setting the interface ip/subnet/broadcast via netlink instead of having to use ioctl to re-fetch the interface index.
2014-03-13 00:37:37 +05:30
int nls, r;
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
uint8_t prefixlen;
if (!str_ipaddr) {
log_line("%s: (%s) interface ip address is NULL",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
if (!str_subnet) {
log_line("%s: (%s) interface subnet address is NULL",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
if (inet_pton(AF_INET, str_ipaddr, &ipaddr) <= 0) {
log_line("%s: (%s) bad interface ip address: '%s'",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__, str_ipaddr);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
if (inet_pton(AF_INET, str_subnet, &subnet) <= 0) {
log_line("%s: (%s) bad interface subnet address: '%s'",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__, str_subnet);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
prefixlen = subnet4_to_prefixlen(subnet.s_addr);
if (str_bcast) {
if (inet_pton(AF_INET, str_bcast, &bcast) <= 0) {
log_line("%s: (%s) bad interface broadcast address: '%s'",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__, str_bcast);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
} else {
// Generate the standard broadcast address if unspecified.
bcast.s_addr = ipaddr.s_addr | htonl(0xfffffffflu >> prefixlen);
}
memset(&request, 0, sizeof request);
header = (struct nlmsghdr *)request;
header->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
header->nlmsg_type = RTM_NEWADDR;
header->nlmsg_flags = NLM_F_REPLACE | NLM_F_ACK | NLM_F_REQUEST;
header->nlmsg_seq = 1;
ifaddrmsg = NLMSG_DATA(header);
ifaddrmsg->ifa_family = AF_INET;
ifaddrmsg->ifa_prefixlen = prefixlen;
ifaddrmsg->ifa_flags = IFA_F_PERMANENT;
ifaddrmsg->ifa_scope = RT_SCOPE_UNIVERSE;
Store the interface index in the client_config before forking off the subprocesses. ndhc-ifch can then use the stored interface index when setting the interface ip/subnet/broadcast via netlink instead of having to use ioctl to re-fetch the interface index.
2014-03-13 00:37:37 +05:30
ifaddrmsg->ifa_index = client_config.ifindex;
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
if (add_rtattr(header, sizeof request, IFA_LOCAL,
&ipaddr, sizeof ipaddr) < 0) {
log_line("%s: (%s) couldn't add IFA_LOCAL to nlmsg",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
if (add_rtattr(header, sizeof request, IFA_BROADCAST,
&bcast, sizeof bcast) < 0) {
log_line("%s: (%s) couldn't add IFA_BROADCAST to nlmsg",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__);
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
nls = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
if (nls < 0) {
log_line("%s: (%s) netlink socket open failed: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__, strerror(errno));
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
memset(&nl_addr, 0, sizeof nl_addr);
nl_addr.nl_family = AF_NETLINK;
retry_sendto:
r = sendto(nls, request, header->nlmsg_len, 0,
(struct sockaddr *)&nl_addr, sizeof nl_addr);
if (r < 0) {
if (errno == EINTR)
goto retry_sendto;
else {
log_line("%s: (%s) netlink sendto socket failed: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, __func__, strerror(errno));
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
close(nls);
return;
}
}
close(nls);
log_line("Interface IP set to: '%s'", str_ipaddr);
log_line("Interface subnet set to: '%s'", str_subnet);
if (str_bcast)
log_line("Broadcast address set to: '%s'", str_bcast);
// XXX: Would be nice to do this via netlink, too.
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
if (set_if_flag(IFF_UP | IFF_RUNNING))
Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets to set the interface ip, subnet, and broadcast address simultaneously. The advantage of this approach is that a single netlink notification will be sent rather than multiple messages as the ip, subnet, and broadcast address are set one at a time. Currently this function is not used, as it will require a wire format change that will be introduced in a subsequent commit.
2014-03-09 19:16:05 +05:30
return;
}
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
void perform_router(const char *str, size_t len)
Initial commit.
2010-11-12 14:32:18 +05:30
{
struct rtentry rt;
struct sockaddr_in *dest;
struct sockaddr_in *gateway;
struct sockaddr_in *mask;
struct in_addr router;
int fd;
if (!str)
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
return;
Fix warnings in ifset.c.
2014-03-11 05:01:46 +05:30
if (len < 4)
return;
inet_pton() can return 0 or -1 as errors. We wern't likely to see -1 in practice (it's documented to be only emitted when inet_pton is provided an unrecognized address family), but best to be completely correct.
2014-03-09 19:12:49 +05:30
if (inet_pton(AF_INET, str, &router) <= 0)
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
return;
Initial commit.
2010-11-12 14:32:18 +05:30
memset(&rt, 0, sizeof(struct rtentry));
dest = (struct sockaddr_in *) &rt.rt_dst;
dest->sin_family = AF_INET;
dest->sin_addr.s_addr = 0x00000000;
gateway = (struct sockaddr_in *) &rt.rt_gateway;
gateway->sin_family = AF_INET;
gateway->sin_addr = router;
mask = (struct sockaddr_in *) &rt.rt_genmask;
mask->sin_family = AF_INET;
mask->sin_addr.s_addr = 0x00000000;
rt.rt_flags = RTF_UP | RTF_GATEWAY;
if (mask->sin_addr.s_addr == 0xffffffff) rt.rt_flags |= RTF_HOST;
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
rt.rt_dev = client_config.interface;
Initial commit.
2010-11-12 14:32:18 +05:30
rt.rt_metric = 1;
Constant correctness: socket(PF_*, ...) -> socket(AF_*, ...)
2011-06-25 20:41:48 +05:30
fd = socket(AF_INET, SOCK_DGRAM, 0);
Initial commit.
2010-11-12 14:32:18 +05:30
if (fd == -1) {
Use a Ragel-generated DFA parser for ifchd command dispatch.
2013-05-08 15:57:22 +05:30
log_line("%s: (perform_router) failed to open interface socket: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, strerror(errno));
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
return;
Initial commit.
2010-11-12 14:32:18 +05:30
}
When setting route, don't print an error if EEXIST is returned by the ioctl(). This 'error' merely means that the installed route already exists.
2011-05-31 21:25:26 +05:30
if (ioctl(fd, SIOCADDRT, &rt)) {
if (errno != EEXIST)
Use a Ragel-generated DFA parser for ifchd command dispatch.
2013-05-08 15:57:22 +05:30
log_line("%s: failed to set route: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, strerror(errno));
Ifchd: Print out log messages when commands are successfully dispatched.
2013-05-08 16:06:20 +05:30
} else
log_line("Gateway router set to: '%s'", str);
Initial commit.
2010-11-12 14:32:18 +05:30
close(fd);
}
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
void perform_mtu(const char *str, size_t len)
Initial commit.
2010-11-12 14:32:18 +05:30
{
int fd;
unsigned int mtu;
struct ifreq ifrt;
if (!str)
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
return;
Fix warnings in ifset.c.
2014-03-11 05:01:46 +05:30
if (len < 2)
return;
Initial commit.
2010-11-12 14:32:18 +05:30
mtu = strtol(str, NULL, 10);
Enforce minimum physical MTU in ifchd. Skip zero-length commands in execute_buffer().
2012-07-21 06:07:41 +05:30
// Minimum MTU for physical IPv4 links is 576 octets.
if (mtu < 576)
return;
Initial commit.
2010-11-12 14:32:18 +05:30
ifrt.ifr_mtu = mtu;
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
strnkcpy(ifrt.ifr_name, client_config.interface, IFNAMSIZ);
Initial commit.
2010-11-12 14:32:18 +05:30
Constant correctness: socket(PF_*, ...) -> socket(AF_*, ...)
2011-06-25 20:41:48 +05:30
fd = socket(AF_INET, SOCK_DGRAM, 0);
Initial commit.
2010-11-12 14:32:18 +05:30
if (fd == -1) {
Use a Ragel-generated DFA parser for ifchd command dispatch.
2013-05-08 15:57:22 +05:30
log_line("%s: (perform_mtu) failed to open interface socket: %s",
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
client_config.interface, strerror(errno));
Whitespace and indentation normalization.
2010-11-13 01:03:17 +05:30
return;
Initial commit.
2010-11-12 14:32:18 +05:30
}
if (ioctl(fd, SIOCSIFMTU, &ifrt) < 0)
Merge ifchd into ndhc. Rather than function as entirely separate daemons, ndhc will fork off an ifchd child that it will communicate with via pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket. The advantages include: 1. Simpler configuration. Much easier for users and packagers to set up. 2. Drastically less complex code for the ifch functionality. More code is removed than added, and the result is a lot less complex. 3. Potentially better security. The ifch can only service the parent ndhc process, and it is restricted to issuing modifications to the single interface that ndhc manages. 4. Less memory used on systems that allow overcommit. The downsides: 1. Possibly more memory used on systems that run multiple ndhcs and use strict commit limits. At the same time, use netlink rather than ioctls so that the interface ip, subnet, and broadcast address can be set simultaneously. This change reduces the netlink notification spam greatly. The current code builds but isn't yet complete. Subsequent commits will flesh things out and polish out some remaining issues.
2014-03-10 10:22:56 +05:30
log_line("%s: failed to set MTU (%d): %s", client_config.interface, mtu,
Ifchd: Convert some tabs to spaces.
2013-05-08 16:07:33 +05:30
strerror(errno));
Ifchd: Print out log messages when commands are successfully dispatched.
2013-05-08 16:06:20 +05:30
else
log_line("MTU set to: '%s'", str);
Initial commit.
2010-11-12 14:32:18 +05:30
close(fd);
}
Reference in New Issue Copy Permalink