Administrivia: Fix erroneous GPL3+ licence notices "version d or later" (!) Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Copyright updates - update to GPLv3, etc. Update to GPLv3. secnet as actually installed is GPLv3+ anyway because it depends on python-ipaddr (Apache 2.0, which is GPLv2-incompatible), adns (now GPLv3+), and libgmp (now LGPLv3+). Also: * Add missing copyright notices and credits. * Get rid of old FSF street address; use URL instead. * Remove obsolete LICENCE.txt (which was for snprintf reimplementation). * Remove obsolete references to Cendio (for old ipaddr.py, now gone). Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
NEW etc.: Use NEW in all obvious places Entirely automatic conversion, using the following Perl rune: perl -i~ -pe 's#^(\s+)(\w+)=safe_malloc\(sizeof\(\*\2\),"[^"]+"\);$#$1NEW($2);#' *.c conffile.fl conffile.y Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
fds etc.: Support non-forking persistent children Polypath is are going to want to spawn a persistent child process, which will not exec. This child ought not to hold onto the various important fds. Otherwise, if the main secnet process dies but the child does not (for some reason), the network interfaces, udp sockets, etc., set up by the old secnet will remain owned by the child. Introduce a new PHASE for this purpose (currently never entered). Provide a convenient common hook function for closing a single fd. Add phase hooks to: * Close udp sockets (in the udp and polypath comm modules); * Close the pipes to userv-ipif (slip netlink module); * Close the tun device (tun netlink module); * Zero out data transport keys, to improve forward secrecy in case the subprocess leaks somehow. (Sadly we can't conveniently find the asymmmetric crypto session key negotiation state to wipe it.) Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
process: Clear SHUTDOWN hooks in afterfork() That allows child processes to safely use the standard fatal() calls etc. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
fds: Make many fds nonblocking Introduce iswouldblock to cope with POSIX not specifying which of EAGAIN or EWOULDBLOCK you get). In various subsystems, make more fds nonblocking and handle errors appropriately. Specifically: * Logging self-pipe reading end. * Signal self-pipe reading end. * SLIP both ends. Fixing the writing end involves breaking out a new function slip_write. We have to set these nonblocking after reading the confiramation byte. * tun's network interface fd. In various of these we add code to handle EINTR, too. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Introduce setnonblock() This involves reworking setcloexec()'s implementation so that we can reuse it. We now treat a failure to set O_NONBLOCK in udp_make_socket as a fatal, rather than recoverable, error. This is fine. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
process: Introduce afterfork() Rework set_default_signals into afterfork, which does the sigprocmask too. This is necessary for processes we fork after setup_signal_handling(), which otherwise inherit our blocking mask and non-default handlers. Call it after each fork() (except the ones we use for daemonising). As a consequence: - hackypar children will die if they get a terminating signal - our subprocesses such as `route' and `ifconfig' will inherit reasonable signal setups - it will be correct to call udp_make_socket during phase RUN (previously any authbind would get a strange signal setup) Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
logging: Use lg_exitstatus Replace two open-coded exit status checks with calls to lg_exitstatus. In the case of slip.c and udp.c this has no significant effect other than a slight change to message format. In the case of process.c, we no longer log the command's first argument. I consider this tolerable for simplifying the code. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
poll: Abolish max_nfds We do not need to be advised of a static maximum, since we dynamically size the array now. Abolish the variable (which is unused) and change all the callers. No functional change. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
poll: Introduce and use BEFOREPOLL_WANT_FDS This helper macro provides a convenient implementation of the beforepoll_fn interface for *nfds_io. Use it everywhere. This produces one bugfix: log_from_fd_beforepoll would fail to set *nfds_io if it was finished, This also arranges for many beforepoll callbacks to actually fail properly with ERANGE if there is not enough space. Previously they would blithely write the next fd entry or two. In practice the provided fd array never runs out in the current code, so in these cases we are just fixing latent bugs. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
fds: Introduce pipe_cloexec() Replace all calls to pipe() with this new function, which checks errors for us, and also sets both fds to close-on-exec. There are some minor functional changes: * Error messages from pipe() failing are now less detailed about the context. This is not important. * The signal self-pipe is now cloexec too. This is at worst harmless. * When execing userv-ipif we rely on cloexec to close the spare copies of the pipe ends. * The stderr self-pipe spare writing end is redudantly made cloexec even though it is about to be closed shortly afterwards. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
messages: add some missing newlines Message and cfgfatal must be called with a message containing a newline (or, a newline sent in a later call). Fix a few call sites. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
cleanup: build on Ubuntu Lucid The discard() idiom is chosen because Clang tolerates it. Signed-off-by: Richard Kettlewell <rjk@terraraq.org.uk>
sys_cmd error handling improved. (1) If the subprocess exits nonzero then the exit status is unpicked and logged. (2) If the exec in the child fails, the command and errno string are written to stderr (which should end up in secnet's usual log output). (3) _exit() is used instead of exit(), to avoid any possibility of craziness with stdio/atexit/etc. Signed-off-by: Richard Kettlewell <rjk@terraraq.org.uk>
event loop: remove now and tv_now from before/afterpoll API beforepoll/afterpoll routines now use the global variables provided. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Import release 0.1.15
Import release 0.1.14
Import release 0.1.13
Import release 0.1.11