Commit Graph

692 Commits

Author SHA1 Message Date
Nicholas J. Kain
e5c7493bc8 Fix warnings in arp.c. 2014-03-10 19:25:06 -04:00
Nicholas J. Kain
e7838d542b Fix the remaining signed/unsigned comparison warnings. Nothing stands out
as being dangerous or buggy.
2014-03-10 19:00:08 -04:00
Nicholas J. Kain
e50bd431d6 dhcp.c: handle_packet() calls get_(raw|cooked)_packet(), which returns a
signed value where values <0 are errors and >= 0 are lengths.  Convert
to an unsigned length value if the return is a length.

Further, there is a real bug if get_(raw|cooked)_packet() returns
an error.  handle_packet() should return rather than continuing to validate
the packet.  The packet validation will almost surely fail, and the
negative values of len are constrained to [-1,-2], and the values are
determined by errors that are hard to control, so it is extremely
unlikely that there are any security issues with this bug.

The fix is trivial; the obviously-missing return statement bails out when
there's a problem fetching a packet and ndhc immediately goes back to
listening for another packet.
2014-03-10 18:58:53 -04:00
Nicholas J. Kain
85fcc1e8f0 Use stricter gcc warning flags by default. 2014-03-10 18:34:53 -04:00
Nicholas J. Kain
df0898dfb6 Change the thread name of the various ndhc processes so that they can
be identified via ps/top.
2014-03-10 14:44:12 -04:00
Nicholas J. Kain
47dbf3e24d Rename dhcp-hostname cmdarg to dhcp-set-hostname. 2014-03-10 14:43:37 -04:00
Nicholas J. Kain
94d6b1fb2e The 'ip', 'snet', and 'bcast' commands have been replaced by 'ip4'. Remove
them.
2014-03-10 01:13:38 -04:00
Nicholas J. Kain
a130448d46 Update the README. 2014-03-10 01:09:25 -04:00
Nicholas J. Kain
1824802fb2 Merge ifchd into ndhc. Rather than function as entirely separate daemons,
ndhc will fork off an ifchd child that it will communicate with via
pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket.

The advantages include:

1. Simpler configuration.  Much easier for users and packagers to set up.
2. Drastically less complex code for the ifch functionality.  More code
   is removed than added, and the result is a lot less complex.
3. Potentially better security.  The ifch can only service the parent
   ndhc process, and it is restricted to issuing modifications to
   the single interface that ndhc manages.
4. Less memory used on systems that allow overcommit.

The downsides:

1. Possibly more memory used on systems that run multiple ndhcs and use
   strict commit limits.

At the same time, use netlink rather than ioctls so that the
interface ip, subnet, and broadcast address can be set simultaneously.
This change reduces the netlink notification spam greatly.

The current code builds but isn't yet complete.  Subsequent commits will
flesh things out and polish out some remaining issues.
2014-03-10 00:52:56 -04:00
Nicholas J. Kain
06ff60bb6b Make ndhc use the new 'ip4' ifchd command. 2014-03-09 13:57:37 -04:00
Nicholas J. Kain
c4f09b1a9a Use the standard defines for ipv4 printable address max string length. 2014-03-09 13:51:49 -04:00
Nicholas J. Kain
d7ea5d9b0d Add the 'ip4' command to the ifchd wire protocol. 2014-03-09 12:33:20 -04:00
Nicholas J. Kain
520ba6fd31 Mark function prototypes in ifchd/linux.h as extern.
Update copyright dates and do some cosmetic changes, too.
2014-03-09 12:32:30 -04:00
Nicholas J. Kain
06b65de08c Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets
to set the interface ip, subnet, and broadcast address simultaneously.

The advantage of this approach is that a single netlink notification
will be sent rather than multiple messages as the ip, subnet,
and broadcast address are set one at a time.

Currently this function is not used, as it will require a wire format
change that will be introduced in a subsequent commit.
2014-03-09 09:46:05 -04:00
Nicholas J. Kain
81a9fe1c8e inet_pton() can return 0 or -1 as errors. We wern't likely to see -1
in practice (it's documented to be only emitted when inet_pton is provided
an unrecognized address family), but best to be completely correct.
2014-03-09 09:42:49 -04:00
Nicholas J. Kain
3ef87c1f26 ifchd: Make the command parser much more strict. It now has a concept of
argument types and command types.
2013-05-11 10:59:04 -04:00
Nicholas J. Kain
62d69e1909 Lists of IPs should be comma-separated rather than semicolon or
space-separated.
2013-05-10 13:46:58 -04:00
Nicholas J. Kain
1fc06c6e4f ifchd: Print NYI messages to log if we received a command where the handler
is not yet implemented.
2013-05-10 13:45:09 -04:00
Nicholas J. Kain
cb261be045 ndhc: Subnet option is an ip, not an iplist. 2013-05-10 13:44:31 -04:00
Nicholas J. Kain
bf3de7f310 Teach the Makefile how to handle Ragel, too. 2013-05-08 09:08:47 -04:00
Nicholas J. Kain
6654ad1300 ncmlib should be tracked as an external repo. 2013-05-08 08:14:23 -04:00
Nicholas J. Kain
3d6e3a2610 Update the log file printing. 2013-05-08 08:11:15 -04:00
Nicholas J. Kain
4c52accd62 Fix the syscall whitelist to permit syscalls needed to properly log via
glibc syslog.
2013-05-08 08:10:57 -04:00
Nicholas J. Kain
f8773742c9 ncmlib: Cosmetic cleanups to chroot.c. 2013-05-08 06:58:55 -04:00
Nicholas J. Kain
f78ea70d71 Ifchd: Convert some tabs to spaces. 2013-05-08 06:37:33 -04:00
Nicholas J. Kain
3640c5bbf0 Ifchd: Print out log messages when commands are successfully dispatched. 2013-05-08 06:36:20 -04:00
Nicholas J. Kain
b7e6f59fc7 Use a Ragel-generated DFA parser for ifchd command dispatch. 2013-05-08 06:27:22 -04:00
Nicholas J. Kain
930b92a268 Remove strlc(at|py). 2013-05-06 07:32:02 -04:00
Nicholas J. Kain
958a57d819 Convert to using strnkc(at|py). 2013-05-06 07:07:54 -04:00
Nicholas J. Kain
7ab11e8295 Add strnkcpy() and strnkcat(). These are similar to strlcpy and strlcat,
but simply return a bool indicating whether the destination received
a truncated copy of the source (true if truncation occurs else false).

The change in return value semantics allows these functions to stop
scanning the source string early when truncation occurs, stopping the
program from scanning a possibly arbitrary-length source string.

I rarely use these return values in my own programs, so it won't be
very hard to bulk convert with no risk of regressions.

Further, the different namespace allows me to not depend on the presence
or absence of strlc(py|at) in the standard libraries.
2013-05-06 07:06:33 -04:00
Nicholas J. Kain
f807e10e76 Make the ARP-based lease address collision checks configurable in delay times
and number of probes.
2013-02-09 00:30:19 -05:00
Nicholas J. Kain
b8c77a45e8 Bump ndhc version to 1.1. 2012-07-23 13:24:15 -04:00
Nicholas J. Kain
22e5a60671 Drop packet fragments in the BPF program. No compliant stack should fragment
DHCP messages anyway, since the IPv4 min MTU is 576 bytes and the max DHCP
message size + IP and UDP headers is less than that, but it is still worth
checking.
2012-07-23 13:18:23 -04:00
Nicholas J. Kain
483ca6752d Whitelist syscalls provided by vDSO. 2012-07-22 09:49:51 -04:00
Nicholas J. Kain
7d5b6ddc7e Whitelist clock_gettime() for seccomp. Not necessary so long as vdso
is enabled, but otherwise...
2012-07-21 19:46:50 -04:00
Nicholas J. Kain
b53b8585d5 Use clock_gettime(CLOCK_MONOTONIC) instead of time() in ifchd.
Standardize license/copyright and version prints.
2012-07-21 14:02:42 -04:00
Nicholas J. Kain
87db9c70fd Enforce minimum physical MTU in ifchd.
Skip zero-length commands in execute_buffer().
2012-07-20 20:37:41 -04:00
Nicholas J. Kain
2bf7306bb9 Add some more syscalls to the ndhc permit filter. Netlink sockets were
broken before because of too-strict filters.

Move setup_signals under the seccomp filter to give it more testing coverage.

Make the UDP datagram length check much more strict.  If the read buffer
does not match up with the header lengths exactly, it is discarded.

Print a warning to syslog/stdout when ifchd execute_buffer() returns an
error.

Fix a regression introduced in ifchd that would cause the epoll handler to
spin when a client connection closed.
2012-07-20 18:48:26 -04:00
Nicholas J. Kain
f9c2059d37 Quit using malloc entirely in ifchd and reduce buffer copies.
This change also modifies the ndhc/ifchd wire protocol slightly.  The
new protocol doesn't overload the ':' character as a key:value separator
and a statement separator.  Instead ';' is now used as a statement separator.
The new format allows for more robust error-checking and reporting, and it
greatly simplifies the parser.  Old versions of ndhc/ifchd will not work
properly with ones compiled after this commit.

The 'domain' and 'search' keywords in resolv.conf updates are now used
more precisely.  The first domain in an update is the 'domain', and the
subsequent 5 domains are 'search' domains.

There are also supporting cleanups that pass struct ifchd_client pointers
to functions instead of passing index values.

This commit is large, but it cannot really be broken up into smaller
chunks since the changes are dependent on each other.
2012-07-20 17:31:15 -04:00
Nicholas J. Kain
a60a5fddb1 Remove use of dynamic memory (strlist_t) from linux.c. 2012-07-20 15:17:44 -04:00
Nicholas J. Kain
6e9d856a9d Code cleanup. Create struct ifchd_client and pull all of the global
static arrays that are indexed by the socket slot index into an array
of struct ifchd_clients.
2012-07-20 14:56:17 -04:00
Nicholas J. Kain
c3272f07f4 Update copyright and license print spam. 2012-07-20 09:37:41 -04:00
Nicholas J. Kain
25ce5cceaa Use seccomp system call filtering if present. 2012-07-20 09:23:18 -04:00
Nicholas J. Kain
f4f9d02afd Enforce seccomp syscall restrictions when kernel support exists. 2012-07-20 07:05:56 -04:00
Nicholas J. Kain
e990246207 Move nlbuf onto stack and don't share a single buffer for sending
and receiving.  Move nlportid into client state structure.
2012-04-12 20:06:05 -04:00
Nicholas J. Kain
659aafaec8 Silence new kernel warning introduced in 3.3: 'netlink: 12 bytes leftover
after parsing attributes.' RTM_GETLINK messages should have a struct rtattr
as payload.
2012-04-12 04:52:26 -04:00
Nicholas J. Kain
a8a761da14 Shrink stack use of nl_getifdata(). 2012-04-03 22:00:47 -04:00
Nicholas J. Kain
93b44ed48d Tidy up nl_getifdata() a bit. Eliminate some unnecessary local variables,
and use NLMSG_LENGTH().
2012-04-03 10:06:00 -04:00
Nicholas J. Kain
a419b85e4f Typo fix in documentation. 2012-04-03 10:04:58 -04:00
Nicholas J. Kain
c3c76e48d5 Enable stricter warnings on format strings. 2012-04-03 10:04:47 -04:00