Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/dhcpcd/dist Update to dhcpcd-9.1.0 with the fol...
details: https://anonhg.NetBSD.org/src/rev/3f077fa06922
branches: trunk
changeset: 1010650:3f077fa06922
user: roy <roy%NetBSD.org@localhost>
date: Sun May 31 12:50:46 2020 +0000
description:
Update to dhcpcd-9.1.0 with the following changes:
* Leases are stored outside the chroot again
* The chroot directory can now be (and should be) empty [1]
* ARP is now per address rather than per interface
* Filter allowed ioctls in the privileged actioneer
* Filter allowed UDP ports used by sendto(2) in the privileged actioneer
* Filter allowed file paths in the privileged actioneer
* route socket is now drained on overflow as it cannot be
re-opened by the unpriviledged user
* hostname can no longer be clobbered by SLAAC
* grep is no longer used by the test hook
* Interface hardware address type changes are now picked up
* Fixed some RA timing issues
* Fixed nd_* option parsing in dhcpcd.conf
* Allow SIGPIPE in scripts
* Default dhcpcd.conf no longer sends the current hostname
* Default dhcpcd.conf no longer sends a vendorclassid
diffstat:
external/bsd/dhcpcd/dist/README.md | 2 -
external/bsd/dhcpcd/dist/hooks/01-test | 36 +-
external/bsd/dhcpcd/dist/hooks/dhcpcd-run-hooks.8.in | 6 +-
external/bsd/dhcpcd/dist/src/arp.c | 250 +---
external/bsd/dhcpcd/dist/src/arp.h | 26 +-
external/bsd/dhcpcd/dist/src/bpf.h | 33 +-
external/bsd/dhcpcd/dist/src/common.c | 113 +-
external/bsd/dhcpcd/dist/src/common.h | 5 +-
external/bsd/dhcpcd/dist/src/control.c | 41 +-
external/bsd/dhcpcd/dist/src/control.h | 4 +-
external/bsd/dhcpcd/dist/src/defs.h | 4 +-
external/bsd/dhcpcd/dist/src/dev.h | 7 +-
external/bsd/dhcpcd/dist/src/dhcp-common.c | 115 +-
external/bsd/dhcpcd/dist/src/dhcp-common.h | 7 +-
external/bsd/dhcpcd/dist/src/dhcp.h | 8 +-
external/bsd/dhcpcd/dist/src/dhcp6.h | 4 +-
external/bsd/dhcpcd/dist/src/dhcpcd-embedded.c | 904 +++++++++---------
external/bsd/dhcpcd/dist/src/dhcpcd-embedded.h | 2 +-
external/bsd/dhcpcd/dist/src/dhcpcd.conf | 27 +-
external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in | 6 +-
external/bsd/dhcpcd/dist/src/dhcpcd.h | 18 +-
external/bsd/dhcpcd/dist/src/duid.c | 57 +-
external/bsd/dhcpcd/dist/src/duid.h | 2 +-
external/bsd/dhcpcd/dist/src/eloop.c | 5 +-
external/bsd/dhcpcd/dist/src/if-options.h | 54 +-
external/bsd/dhcpcd/dist/src/if.c | 144 +-
external/bsd/dhcpcd/dist/src/if.h | 19 +-
external/bsd/dhcpcd/dist/src/ipv4.c | 3 -
external/bsd/dhcpcd/dist/src/ipv4.h | 4 -
external/bsd/dhcpcd/dist/src/ipv4ll.c | 184 +--
external/bsd/dhcpcd/dist/src/ipv4ll.h | 4 +-
external/bsd/dhcpcd/dist/src/ipv6nd.h | 5 +-
external/bsd/dhcpcd/dist/src/privsep-bpf.c | 179 +-
external/bsd/dhcpcd/dist/src/privsep-bpf.h | 9 +-
external/bsd/dhcpcd/dist/src/privsep-bsd.c | 114 ++-
external/bsd/dhcpcd/dist/src/privsep-inet.c | 263 ++++-
external/bsd/dhcpcd/dist/src/privsep-inet.h | 5 +-
external/bsd/dhcpcd/dist/src/privsep-root.c | 758 +++++++++++----
external/bsd/dhcpcd/dist/src/privsep-root.h | 21 +-
external/bsd/dhcpcd/dist/src/privsep.h | 69 +-
external/bsd/dhcpcd/dist/src/sa.c | 6 +-
external/bsd/dhcpcd/dist/src/script.h | 1 -
42 files changed, 2096 insertions(+), 1428 deletions(-)
diffs (truncated from 5531 to 300 lines):
diff -r f342e0fea786 -r 3f077fa06922 external/bsd/dhcpcd/dist/README.md
--- a/external/bsd/dhcpcd/dist/README.md Sun May 31 12:37:07 2020 +0000
+++ b/external/bsd/dhcpcd/dist/README.md Sun May 31 12:50:46 2020 +0000
@@ -97,8 +97,6 @@
dhcpcd-9 defaults the run directory to `/var/run/dhcpcd` instead of
`/var/run` and the prefix of dhcpcd has been removed from the files.
-dhcpcd-9 may also run in a chroot, `/var/chroot/dhcpcd` so all the files
-could be relative to that.
## ChangeLog
We no longer supply a ChangeLog.
diff -r f342e0fea786 -r 3f077fa06922 external/bsd/dhcpcd/dist/hooks/01-test
--- a/external/bsd/dhcpcd/dist/hooks/01-test Sun May 31 12:37:07 2020 +0000
+++ b/external/bsd/dhcpcd/dist/hooks/01-test Sun May 31 12:50:46 2020 +0000
@@ -1,9 +1,37 @@
# Echo the interface flags, reason and message options
if [ "$reason" = "TEST" ]; then
- set | grep \
- "^\(interface\|pid\|reason\|protocol\|profile\|skip_hooks\)=" | sort
- set | grep "^if\(carrier\|flags\|mtu\|wireless\|ssid\)=" | sort
- set | grep "^\(new_\|old_\|nd[0-9]*_\)" | sort
+ # General variables at the top
+ set | while read line; do
+ case "$line" in
+ interface=*|pid=*|reason=*|protocol=*|profile=*|skip_hooks=*)
+ echo "$line";;
+ esac
+ done
+ # Interface flags
+ set | while read line; do
+ case "$line" in
+ ifcarrier=*|ifflags=*|ifmetric=*|ifmtu=*|ifwireless=*|ifssid=*)
+ echo "$line";;
+ esac
+ done
+ # Old lease
+ set | while read line; do
+ case "$line" in
+ old_*) echo "$line";;
+ esac
+ done
+ # New lease
+ set | while read line; do
+ case "$line" in
+ new_*) echo "$line";;
+ esac
+ done
+ # Router Advertisements
+ set | while read line; do
+ case "$line" in
+ nd[0-9]*_*) echo "$line";;
+ esac
+ done
exit 0
fi
diff -r f342e0fea786 -r 3f077fa06922 external/bsd/dhcpcd/dist/hooks/dhcpcd-run-hooks.8.in
--- a/external/bsd/dhcpcd/dist/hooks/dhcpcd-run-hooks.8.in Sun May 31 12:37:07 2020 +0000
+++ b/external/bsd/dhcpcd/dist/hooks/dhcpcd-run-hooks.8.in Sun May 31 12:50:46 2020 +0000
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd April 3, 2020
+.Dd May 24, 2020
.Dt DHCPCD-RUN-HOOKS 8
.Os
.Sh NAME
@@ -84,8 +84,6 @@
.Nm
could be invoked:
.Bl -tag -width EXPIREXXXEXPIRE6
-.It Dv CHROOT
-dhcpcd is starting up and needs to configure a chroot environment.
.It Dv PREINIT
dhcpcd is starting up and any pre-initialisation should be done.
.It Dv CARRIER
@@ -95,7 +93,7 @@
dhcpcd lost the carrier.
The cable may have been unplugged or association to the wireless point lost.
.It Dv INFORM | Dv INFORM6
-dhcpcd informed a DHCP server about it's address and obtained other
+dhcpcd informed a DHCP server about its address and obtained other
configuration details.
.It Dv BOUND | Dv BOUND6
dhcpcd obtained a new lease from a DHCP server.
diff -r f342e0fea786 -r 3f077fa06922 external/bsd/dhcpcd/dist/src/arp.c
--- a/external/bsd/dhcpcd/dist/src/arp.c Sun May 31 12:37:07 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.c Sun May 31 12:50:46 2020 +0000
@@ -67,16 +67,17 @@
__CTASSERT(sizeof(struct arphdr) == 8);
static ssize_t
-arp_request(const struct interface *ifp,
- const struct in_addr *sip, const struct in_addr *tip)
+arp_request(const struct arp_state *astate,
+ const struct in_addr *sip)
{
+ const struct interface *ifp = astate->iface;
+ const struct in_addr *tip = &astate->addr;
uint8_t arp_buffer[ARP_LEN];
struct arphdr ar;
size_t len;
uint8_t *p;
- const struct iarp_state *state;
- ar.ar_hrd = htons(ifp->family);
+ ar.ar_hrd = htons(ifp->hwtype);
ar.ar_pro = htons(ETHERTYPE_IP);
ar.ar_hln = ifp->hwlen;
ar.ar_pln = sizeof(tip->s_addr);
@@ -107,12 +108,11 @@
#ifdef PRIVSEP
if (ifp->ctx->options & DHCPCD_PRIVSEP)
- return ps_bpf_sendarp(ifp, arp_buffer, len);
+ return ps_bpf_sendarp(ifp, tip, arp_buffer, len);
#endif
- state = ARP_CSTATE(ifp);
/* Note that well formed ethernet will add extra padding
* to ensure that the packet is at least 60 bytes (64 including FCS). */
- return bpf_send(ifp, state->bpf_fd, ETHERTYPE_ARP, arp_buffer, len);
+ return bpf_send(astate->bpf, ETHERTYPE_ARP, arp_buffer, len);
eexit:
errno = ENOBUFS;
@@ -134,12 +134,12 @@
hwaddr_ntoa(amsg->sha, astate->iface->hwlen, abuf, sizeof(abuf));
if (bpf_frame_header_len(astate->iface) == 0) {
- logerrx("%s: %s claims %s",
+ logwarnx("%s: %s claims %s",
astate->iface->name, abuf, inet_ntoa(astate->addr));
return;
}
- logerrx("%s: %s(%s) claims %s",
+ logwarnx("%s: %s(%s) claims %s",
astate->iface->name, abuf,
hwaddr_ntoa(amsg->fsha, astate->iface->hwlen, fbuf, sizeof(fbuf)),
inet_ntoa(astate->addr));
@@ -179,7 +179,7 @@
eloop_timespec_diff(&now, &astate->defend, NULL) < DEFEND_INTERVAL)
logwarnx("%s: %d second defence failed for %s",
ifp->name, DEFEND_INTERVAL, inet_ntoa(astate->addr));
- else if (arp_request(ifp, &astate->addr, &astate->addr) == -1)
+ else if (arp_request(astate, &astate->addr) == -1)
logerr(__func__);
else {
logdebugx("%s: defended address %s",
@@ -197,8 +197,8 @@
arp_validate(const struct interface *ifp, struct arphdr *arp)
{
- /* Families must match */
- if (arp->ar_hrd != htons(ifp->family))
+ /* Address type must match */
+ if (arp->ar_hrd != htons(ifp->hwtype))
return false;
/* Protocol must be IP. */
@@ -222,7 +222,8 @@
}
void
-arp_packet(struct interface *ifp, uint8_t *data, size_t len)
+arp_packet(struct interface *ifp, uint8_t *data, size_t len,
+ unsigned int bpf_flags)
{
size_t fl = bpf_frame_header_len(ifp), falen;
const struct interface *ifn;
@@ -292,108 +293,39 @@
if (IN_ARE_ADDR_EQUAL(&arm.sip, &astate->addr) ||
(IN_IS_ADDR_UNSPECIFIED(&arm.sip) &&
IN_ARE_ADDR_EQUAL(&arm.tip, &astate->addr) &&
- state->bpf_flags & BPF_BCAST))
+ bpf_flags & BPF_BCAST))
arp_found(astate, &arm);
}
}
static void
-arp_close(struct interface *ifp)
-{
- struct dhcpcd_ctx *ctx = ifp->ctx;
- struct iarp_state *state;
-
-#ifdef PRIVSEP
- if (IN_PRIVSEP(ctx)) {
- if (IN_PRIVSEP_SE(ctx) &&
- ps_bpf_closearp(ifp) == -1)
- logerr(__func__);
- return;
- }
-#endif
-
- if ((state = ARP_STATE(ifp)) == NULL)
- return;
-
- if (state->bpf_fd == -1)
- return;
- eloop_event_delete(ctx->eloop, state->bpf_fd);
- bpf_close(ifp, state->bpf_fd);
- state->bpf_fd = -1;
- state->bpf_flags |= BPF_EOF;
-}
-
-static void
-arp_tryfree(struct iarp_state *state)
-{
- struct interface *ifp = state->ifp;
-
- /* If there are no more ARP states, close the socket. */
- if (TAILQ_FIRST(&state->arp_states) == NULL) {
- arp_close(ifp);
- if (state->bpf_flags & BPF_READING)
- state->bpf_flags |= BPF_EOF;
- else {
- free(state);
- ifp->if_data[IF_DATA_ARP] = NULL;
- }
- } else if (state->bpf_fd != -1) {
- if (bpf_arp(ifp, state->bpf_fd) == -1)
- logerr(__func__);
- }
-}
-
-static void
arp_read(void *arg)
{
- struct iarp_state *state = arg;
- struct interface *ifp = state->ifp;
+ struct arp_state *astate = arg;
+ struct bpf *bpf = astate->bpf;
+ struct interface *ifp = astate->iface;
uint8_t buf[ARP_LEN];
ssize_t bytes;
+ struct in_addr addr = astate->addr;
/* Some RAW mechanisms are generic file descriptors, not sockets.
* This means we have no kernel call to just get one packet,
* so we have to process the entire buffer. */
- state->bpf_flags &= ~BPF_EOF;
- state->bpf_flags |= BPF_READING;
- while (!(state->bpf_flags & BPF_EOF)) {
- bytes = bpf_read(ifp, state->bpf_fd, buf, sizeof(buf),
- &state->bpf_flags);
+ bpf->bpf_flags &= ~BPF_EOF;
+ while (!(bpf->bpf_flags & BPF_EOF)) {
+ bytes = bpf_read(bpf, buf, sizeof(buf));
if (bytes == -1) {
logerr("%s: %s", __func__, ifp->name);
- arp_close(ifp);
- break;
+ arp_free(astate);
+ return;
}
- arp_packet(ifp, buf, (size_t)bytes);
+ arp_packet(ifp, buf, (size_t)bytes, bpf->bpf_flags);
/* Check we still have a state after processing. */
- if ((state = ARP_STATE(ifp)) == NULL)
+ if ((astate = arp_find(ifp, &addr)) == NULL)
+ break;
+ if ((bpf = astate->bpf) == NULL)
break;
}
- if (state != NULL) {
- state->bpf_flags &= ~BPF_READING;
- /* Try and free the state if nothing left to do. */
- arp_tryfree(state);
- }
-}
-
-static int
-arp_open(struct interface *ifp)
-{
- struct iarp_state *state;
-
-#ifdef PRIVSEP
- if (IN_PRIVSEP_SE(ifp->ctx))
- return ps_bpf_openarp(ifp) == -1 ? -1 : 0;
-#endif
-
- state = ARP_STATE(ifp);
- if (state->bpf_fd == -1) {
- state->bpf_fd = bpf_open(ifp, bpf_arp);
- if (state->bpf_fd == -1)
- return -1;
- eloop_event_add(ifp->ctx->eloop, state->bpf_fd, arp_read, state);
- }
- return state->bpf_fd;
}
static void
@@ -425,7 +357,7 @@
ifp->name, inet_ntoa(astate->addr),
astate->probes ? astate->probes : PROBE_NUM, PROBE_NUM,
(float)delay / MSEC_PER_SEC);
- if (arp_request(ifp, NULL, &astate->addr) == -1)
Home |
Main Index |
Thread Index |
Old Index