6f6aad211e
Documentation update.
2015-01-10 18:34:51 -05:00
9f87bd8b30
udp_checksum(): Clamp the value of the UDP packet header length.
...
Without this change, it is possible for malicious UDP packets to
make the function read past the end of a buffer.
If this was ever a possibility in ndhc, the previous commit fixed
that issue, but there is no reason for udp_checksum() to have
such a subtle precondition to proper use. This change also makes
it easier to audit correctness.
2015-01-06 07:07:08 -05:00
6548b5ce54
get_raw_packet(): Perform the UDP checksum after the packet length
...
checks.
This change makes it easier to verify that there can be no reads
beyond a buffer end by udp_checksum().
2015-01-06 04:32:58 -05:00
c8dcf5a06b
Make sure that received DHCP packets have a valid options end marker.
2015-01-06 04:02:52 -05:00
94c107d465
Make sure all sockets are set NONBLOCK so that writes do not block.
2014-08-19 11:09:59 -04:00
12114c9bae
Add more explicit length checks for get_raw_packet.
2014-07-25 20:34:01 -04:00
2518e0a2bc
Use SO_LOCK_FILTER to ensure that BPF filters cannot be removed once attached.
...
This facility was added to Linux in early 2013. If it is not available,
the BPF will still be installed, but redundant checks will be performed
to guard against the BPF possibly being removed by an attacker.
2014-06-13 22:37:37 -04:00
56e30a0923
Fix the return value for nlmsg_get_error().
2014-06-13 22:35:57 -04:00
ae03b6dd8f
Move the ip checksum code out to ncmlib.
2014-06-08 20:34:34 -04:00
4a083d3367
get_dhcp_opt() didx argument should be passed as a reference rather
...
than relying on the caller re-assigning to didx. The previous
didx += get_dhcp_opt(...) was wrong and should have used =.
2014-05-10 21:38:45 -04:00
99e21004ea
arp_min_close_fd() will always force the arp fd to be equal to -1, so
...
there is no need to check force_reopen twice.
2014-05-10 21:13:24 -04:00
3721cc926b
Documentation updates.
2014-04-24 18:29:52 -04:00
6af0d26351
Remove the obsolete init script for Gentoo's network configuration system.
...
My own machines use a process supervision system, so this script is
unmaintained and doesn't work anymore.
2014-04-24 18:24:00 -04:00
2420bed259
Accept no command line arguments without error.
2014-04-21 12:04:13 -04:00
dbc91b0811
Background option in config files should be a boolval rathe than a value.
2014-04-21 09:02:58 -04:00
034e2bb1db
When sockd transfers a file descriptor to ndhc, close the fd in sockd.
...
Since the transfer is conceptually a move, this is the correct thing to
do and prevents sockets from spuriously hanging around forever and
eventually exhausting the per process limit on fds.
2014-04-17 11:04:00 -04:00
07cbd88049
Just use raw sockets for listening to DHCP requests. A UDP SO_BROADCAST
...
socket was previously used only for receiving RENEWING packets, and it
added needless complexity and was somewhat fragile.
2014-04-16 01:00:36 -04:00
ca85a6ba9f
Style cleanups in dhcp.c.
2014-04-16 00:24:40 -04:00
d8260b4e63
Print an error message when bind() fails when creating a UDP socket in sockd.
2014-04-16 00:24:13 -04:00
0884d96d1e
PR_SET_PDEATHSIG is not fully reliable, so instead maintain a pair of
...
AF_UNIX SOCK_STREAM sockets between the master processes and each subprocess,
and poll for the HUP event.
At the same time, be specific about the events that are checked in epoll
when dispatching on an event.
2014-04-15 23:19:24 -04:00
e526adce19
Make the signal handling code use safe_read() and unify ifchd and sockd
...
signals code.
2014-04-15 20:55:13 -04:00
baa394af9a
UDP listen sockets should be requested with 'U' instead of 'u'.
2014-04-15 20:54:35 -04:00
b3578737df
Update the Makefile to build cfg.c from cfg.rl.
2014-04-15 20:50:54 -04:00
b00444ab8b
Bound the subprocess lifetime using prctl(PR_SET_PDEATHSIG, ...).
...
The pipes wouldn't do this job anymore because they were unused and thus
never performed writes that would generate SIGPIPEs, so the pipes are
removed, too.
2014-04-15 18:01:01 -04:00
b3ce601f20
state.c: Print error messages if we fail to send DHCP packets.
2014-04-15 17:59:15 -04:00
18604c5245
get_udp_unicast_socket() needs to have the client address as an argument
...
when sending the request to sockd.
Also, print error messages if sockd returns an invalid fd (< 0).
2014-04-15 17:55:28 -04:00
a9055b5ca5
Update more message prints to prefix with the interface name.
2014-04-15 15:24:22 -04:00
58b4ba768c
If the IP header length does not match the size of the UDP packet received
...
via the raw socket, print both lengths in the warning message.
2014-04-15 15:23:52 -04:00
730e5ef310
setpgid() can return EPERM if we are already a process group leader.
2014-04-15 15:02:20 -04:00
e5834da6d3
Permit sendmsg in the seccomp syscall whitelist for all daemons.
2014-04-15 14:57:07 -04:00
b5f0ccd88d
In cfg.rl, when performing clear action, don't clear the cs member in ccfg.
2014-04-15 14:56:35 -04:00
a777766cc6
Fix stupid typo in ndhc.c that would cause the clientid option to
...
corrupt the start of the hostname option if both were specified.
2014-04-15 14:55:50 -04:00
8a9fbb6f09
Documentation updates.
2014-04-14 18:32:08 -04:00
74ad01a086
Update the manual page.
2014-04-14 15:52:39 -04:00
a501789e04
Parse config options with ragel and support a configuration file.
2014-04-14 15:06:31 -04:00
51033d3664
Detect the glibc version in CMake and link librt if it is required.
...
For the Makefile, unconditionally link librt with no detection.
2014-04-07 19:14:31 -04:00
d267c2c44b
Use the raw capability interface via updated ncmlib rather than linking
...
to libcap.
2014-04-07 15:05:34 -04:00
bb1ff7a506
arp.c: Make logging messages print the associated interface name.
2014-04-07 04:43:21 -04:00
74678ef510
Use safe_recvmsg().
2014-04-07 04:22:32 -04:00
6804be2277
Use safe_sendto where necessary, and check for short writes.
...
Also, change many log_lines to log_errors, mostly in ifset.c.
2014-04-07 04:15:02 -04:00
650da6a7fd
Add recvfrom to the seccomp syscall whitelist.
2014-04-07 03:54:30 -04:00
cab9162d8d
Remove socketpair from the seccomp syscall filter whitelist.
...
socketpair() is called only before privileges are dropped, so it does
not need to be in the whitelist.
2014-04-07 03:44:53 -04:00
5fa2030bab
Use a socketpair rather than a pair of pipes for communication between
...
ndhc and ifch, similar to sockd. A single pipe is also maintained so
that SIGPIPE can bound the lifetime of an orphaned ifch process.
2014-04-07 03:44:02 -04:00
e2ee728982
Consolidate all of the global static variables in arp.c into a single
...
struct, and use booleans where appropriate.
2014-04-06 22:12:31 -04:00
a86363f248
Create a new process ID group for ndhc.
2014-04-06 22:07:12 -04:00
b761889025
Move source from ndhc/ to src/ since ifchd is no longer a separate program.
2014-04-06 16:57:06 -04:00
b511d45c2f
Change most error comparisons from == -1 to < 0. Some were not changed,
...
as the different negative values equate to different errors.
Tests against syscall returns and fds are very common and mostly fit
the pattern of this change.
The gain is increased range-exclusion.
2014-04-06 06:33:14 -04:00
c03be059f5
writeordie() was buggy; delete the == 1 which makes no sense.
2014-04-06 06:31:40 -04:00
3d76fbeedc
Make sure that all safe_* return values use ssize_t.
2014-04-06 06:24:13 -04:00
745e9e8923
If we encounter read errors reading the duid or iaid after successfully
...
opening the file, print an error and exit.
2014-04-06 06:06:53 -04:00
Nicholas J. Kain