Commit Graph

469 Commits

Author SHA1 Message Date
Nicholas J. Kain
2de848f2c7 If the snprintf in ifcmd_raw() fails, then we can restore the buffer to
its original state by zeroing out the data that was appended to the buffer
by the failed snprintf.

This trick allows ifcmd_raw() to never fail in a way that would attach
corrupt commands to the output buffer.
2014-03-19 06:14:50 -04:00
Nicholas J. Kain
a2e8136bc9 options.c: Rewrite the ifchd_cmd_* options command generation functions.
The old functions were harder to audit.  The new ones factor out most
of the work into a common ifcmd_raw() helper, and make sure to perform
the updates atomically wrt the output buffer.

snprintf is used heavily, as the C99 semantics should be on any targetted
system.

The atomicity will be improved in the next patch, allowing the number
of command buffers to be reduced.
2014-03-19 06:07:01 -04:00
Nicholas J. Kain
89d4649439 options.c: Conditionalize some functions to only be compiled for ndhs, as
ndhc does not use them.
2014-03-19 06:00:45 -04:00
Nicholas J. Kain
861ab28186 Reduce the scope of a static variable, and zero-initialize a structure just
to satisfy cppcheck even though it should be safe.
2014-03-19 06:00:08 -04:00
Nicholas J. Kain
597c858f44 duiaid.c: Trivial style cleanups. No functional change. 2014-03-19 05:58:29 -04:00
Nicholas J. Kain
e188658c4c Store the leasefile in the state directory by default, since a state
directory is now the normal mode of operation because of RFC4361.
2014-03-19 04:12:24 -04:00
Nicholas J. Kain
b1e1ccf7c3 Add support for setting the metric for the default GW route. 2014-03-19 01:13:11 -04:00
Nicholas J. Kain
ce99b0a6d7 Update documentation and add '-s' switch to change the state directory. 2014-03-19 00:46:54 -04:00
Nicholas J. Kain
15598c9207 Support RFC4361.
RFC4361 requires clients to send a clientid, and specifies that by default
that clientid should be a combination of a machine-static DUID and an
interface-static IAID.

There are several RFC-compliant DUIDs.  ndhc uses RFC6355's DUID-UUID,
but chooses not to follow RFC4122 for the UUID and instead simply uses
random bytes from its combined Tausworthe PRNG.

RFC4122 is excessively complex, and 128-bit random values are more than
sufficiently collision-resistant on even large DHCP segments.

ndhc requires a read/writable directory to store the DUID/IAID states.  By
default this directory is /etc/ndhc.  It exists outside the chroot.  The DUID
will be stored in a single file, DUID.  The IAIDs exist per-interface and are
stored in files with names similar to IAID-xx:xx:xx:xx:xx:xx, where the xx
values are replaced by the Ethernet hardware address of the interface.

If it is impossible to read or store the DUIDs or IAIDs, ndhc will
fail at start time before it performs any network activity or forks any
subprocesses.

If the host system lacks volatile storage, then a clientid should manually
be specified using the -c or --clientid command arguments.
2014-03-19 00:42:32 -04:00
Nicholas J. Kain
aad83608d1 Add a lot of const annotations to options.[ch]. 2014-03-18 03:38:32 -04:00
Nicholas J. Kain
cd269c7261 Make ndhc RFC6842-compliant.
All this entails is that ndhc needs to check to make sure that if the remote
server sends a dhcp packet with a client identifier, the client identifier
of that packet matches the client identifier that ndhc uses to identify
itself.

If the remote server does not attach a client identifier to its dhcp packets,
then the behavior of ndhc does not change.
2014-03-18 03:13:51 -04:00
Nicholas J. Kain
3d0f46580a options.c: Add an add_option_clientid() variant for ndhs to use, and silence
an unused function warning that triggers when compiling ndhs.
2014-03-18 01:51:58 -04:00
Nicholas J. Kain
742baf6d7b get_end_option_idx() has a useless conditional that always evaluates to
the same value.  Remove it, and introduce a slightly less useless
conditional that prevents a possible one-byte-read past the end of
packet.

This bug could possibly cause ndhc to segfault on some architectures
with extremely unlikely memory layouts and a very pathological crafted
input packet.
2014-03-18 01:38:58 -04:00
Nicholas J. Kain
e8687ba29f Make validate_dhcp_packet()'s magic cookie length check clearer by using
offsetof().
2014-03-18 01:36:14 -04:00
Nicholas J. Kain
0e12b4620b Cosmetic cleanups. 2014-03-17 22:58:55 -04:00
Nicholas J. Kain
128dbfba21 Remove ifch_proto.h. 2014-03-17 22:20:32 -04:00
Nicholas J. Kain
1e2c40eb81 Functions don't need explicit extern linkage in headers in C99, as it is the
default.  Standardize on leaving out the extern keyword as it is less clutter.
2014-03-17 22:10:58 -04:00
Nicholas J. Kain
3f267576ac Use RTA_DATA() instead of rtattr_get_data(). 2014-03-17 20:28:26 -04:00
Nicholas J. Kain
f7de4a14fd Use NLMSG_DATA() instead of nlmsg_get_data(). 2014-03-17 20:26:37 -04:00
Nicholas J. Kain
a052d069b7 nlattr was being used where rtattr should have been used. Happily, the
types are almost identical (same number of fields, each field has the
same length), so the code worked anyway, but nlattr and rtattr are
distinct.

nlattr is the type/length part of the nlmsg header.  rtattr is the
type/length part of the individual rt attribute items attached after
a nlmsg.

Use the correct rtattr type, and use the standard macros where appropriate.
2014-03-17 20:22:20 -04:00
Nicholas J. Kain
8416d5a633 Make nl.c:nl_rtattr_parse() use the standard NLMSG_* and RTA_* macros.
It's easier to verify correct behavior this way.
2014-03-17 20:02:22 -04:00
Nicholas J. Kain
268e88dc24 Make nl_getifdata() use a netlink sequence number generated from the
tv_nsec field from clock_gettime(CLOCK_REALTIME), and actually check
that the sequence number matches that of the netlink replies.
2014-03-17 06:15:59 -04:00
Nicholas J. Kain
6460346bb6 Fix the NLMSG_LENGTH() arguments in nl.c. Somehow it worked before by
lucky coincidence, but the types provided to the sizeof were wrong.
2014-03-17 06:14:14 -04:00
Nicholas J. Kain
22fede861f Netlink is pickier than the ioctl interfaces and requires the link to
manually be set to an 'up' state before much of anything can be changed.
Ensure that this is done very early in ndhc's lifetime, and record the
link status at startup time so that the hardware link status monitoring
will not get confused.  A perform_ifup() function is added to faciliate
this need.

Handle nl_getifdata() and get_if_index_and_mac() separately from the
hardware link status monitoring; don't call get_if_index_and_mac() from
nl_process_msgs().

Create the permanent ndhc-master cs.nlFd socket for hardware link status
monitoring after forking subprocesses.
2014-03-17 05:56:30 -04:00
Nicholas J. Kain
13aa5e6403 Remove some commented-out debugging code. 2014-03-17 05:43:31 -04:00
Nicholas J. Kain
3de2f42f4c If we get a NLMSG_DONE in response to trying to delete the existing ip
addresses associated with a link, then there are no existing ip addresses
to delete; don't print an error in this case.
2014-03-17 05:41:48 -04:00
Nicholas J. Kain
83610972c3 If link_(un|)set_flags() does not need to change the existing flags to
satisfy the request, then return 1 rather than 0 and do not ask
netlink to perform any changes.
2014-03-17 05:35:34 -04:00
Nicholas J. Kain
b0a5132d72 Cosmetic cleanups to ifchd.c. No functional change. 2014-03-17 05:33:00 -04:00
Nicholas J. Kain
3e78ffd576 We don't need to disable hardware link status while ifch is working; if
the link status goes down, we will fail horribly anyway because ARP
will fail, so we must keep track of the link status to be safe.
2014-03-17 03:17:24 -04:00
Nicholas J. Kain
03bd10ed88 When setting the MTU via netlink, we must be careful to preserve the link
flags or bad things will happen (such as the link being set down).
2014-03-17 03:16:02 -04:00
Nicholas J. Kain
6fcc43d169 Hardware link status can 'bounce' erratically while link properties are
being updated, so perform status debouncing.

While ifch is doing work, the netlink events are ignored.  Once ifch has
finished its work, netlink events are no longer ignored.  Making this
work requires ifch to communicate back to ndhc, but it is no problem
since the necessary pipes are already in place for IPC.
2014-03-17 02:55:47 -04:00
Nicholas J. Kain
d8e3dc61ea Make the netlink link flags and router setting code work properly.
MTU setting still needs some fixes; it sets the link mtu correctly, but
has a bad interaction with the hardware link status detection.
2014-03-17 02:07:30 -04:00
Nicholas J. Kain
d2f413d46e Update log prints in nl.c. 2014-03-16 23:39:41 -04:00
Nicholas J. Kain
3220cb90ac Use recvmsg rather than recv in ifset.c. 2014-03-16 23:39:24 -04:00
Nicholas J. Kain
1ff3adef3a Update documentation and remove unused ioctl.h header. 2014-03-16 21:16:06 -04:00
Nicholas J. Kain
8a24f74a11 Use netlink when setting the default ipv4 gateway. 2014-03-16 21:05:50 -04:00
Nicholas J. Kain
9de62e7b75 Use netlink when setting the link MTU. 2014-03-16 18:07:09 -04:00
Nicholas J. Kain
987bffe157 Clean up some error prints in ifset.c. 2014-03-16 18:06:42 -04:00
Nicholas J. Kain
50d6284fee Use netlink for setting link flags instead of ioctl. 2014-03-16 05:10:21 -04:00
Nicholas J. Kain
cce93139d0 Delete old IP addresses associated with the interface when setting the
DHCP-assigned IP, broadcast, and subnet.

The nl_foreach_nlmsg() gains a seq parameter that when set to non-0 will
cause nl_foreach_nlmsg() to ignore any nlmsg that has a seq number
that does not match the caller-supplied seq argument.
2014-03-15 04:43:29 -04:00
Nicholas J. Kain
7bf1cc419e nl_recv_buf() must be non-blocking; enforce it with the MSG_DONTWAIT
flag.  At the same time, properly handle EINTR.
2014-03-15 04:35:07 -04:00
Nicholas J. Kain
7627298c07 The ip4 protocol change broke on the send side; fix it by explicitly
zeroing the send buffer.  It's less finicky than special-casing the
ip4 command to use strnkcpy instead of strnkcat.

At the same time, centralize the command print code on the send side.
It can just live in pipewrite() rather than the callers.
2014-03-15 04:32:44 -04:00
Nicholas J. Kain
19d009891a When updating the IP and broadcast addresses, clear out any old IP and
broadcast addresses that may be still bound to the interface.
2014-03-15 02:44:43 -04:00
Nicholas J. Kain
4d1cfe8586 Add a nl_sendgetaddr() function. 2014-03-15 00:30:39 -04:00
Nicholas J. Kain
e5d9f4acf2 Move nl_sendgetlink() to nl.c. 2014-03-14 23:54:21 -04:00
Nicholas J. Kain
180ee36626 Update plain Makefile and README. 2014-03-14 23:51:11 -04:00
Nicholas J. Kain
8faae4a0fd Check that the return message type is not NLMSG_ERROR when setting
the ip and broadcast addresses.
2014-03-14 23:28:56 -04:00
Nicholas J. Kain
6a9e8c5a57 Disable seccomp-filter unless ENABLE_SECCOMP_FILTER is defined.
It is very likely to fail on untested architectures.  I can only test it
adequately on x64.
2014-03-14 23:24:22 -04:00
Nicholas J. Kain
3af0a7824d subnet4_to_prefixlen() should use ntohl(). 2014-03-14 23:22:23 -04:00
Nicholas J. Kain
b6444fa806 Don't strip the generated executables by default. 2014-03-14 20:49:03 -04:00