broken before because of too-strict filters.
Move setup_signals under the seccomp filter to give it more testing coverage.
Make the UDP datagram length check much more strict. If the read buffer
does not match up with the header lengths exactly, it is discarded.
Print a warning to syslog/stdout when ifchd execute_buffer() returns an
error.
Fix a regression introduced in ifchd that would cause the epoll handler to
spin when a client connection closed.
This change also modifies the ndhc/ifchd wire protocol slightly. The
new protocol doesn't overload the ':' character as a key:value separator
and a statement separator. Instead ';' is now used as a statement separator.
The new format allows for more robust error-checking and reporting, and it
greatly simplifies the parser. Old versions of ndhc/ifchd will not work
properly with ones compiled after this commit.
The 'domain' and 'search' keywords in resolv.conf updates are now used
more precisely. The first domain in an update is the 'domain', and the
subsequent 5 domains are 'search' domains.
There are also supporting cleanups that pass struct ifchd_client pointers
to functions instead of passing index values.
This commit is large, but it cannot really be broken up into smaller
chunks since the changes are dependent on each other.
ifchd just had empty hooks that never received work messages anyway.
Shorten the names of ifchd commands. This breaks wire protocol, but
thankfully I haven't released yet!
Define _GNU_SOURCE in the CFLAGS.
Update the README.
Remove the duplicate Gentoo init script ndhc.sh that is in the root.
Remove DESIGN -- it's outdated.
Handle EAGAIN and EWOULDBLOCK more gracefully when dealing with safe_read().
All occurrences of safe_read() should only be invoked on fds that have signaled
ready-to-read state via the epoll() mechanism, so this change should not
result in any observable difference, but it is best to be safe.
Additionally, a constant stack variable is converted to an equivalent
macro define for cleanliness.
Finally, print the error type encountered if reading data from an ARP response
fails with a read error.
jail and change configuration instructions as well.
Change default configuration instructions to specify setting root
of the chroot jail as owned by root.root.
