chiark - git - ian - secnet.git/log

Makefile.in: remove *.pyc

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

debian/changelog: Write most of changelog for 0.4.x

Makefile.in: Handle conffile.yy.h properly

This needs to be deleted by clean. And it needs to be a dependency of
the %.o pattern rule. (Since we rely on autogenerated .d header file
dependencies, are fine for manually-edited header files but not
autogenerated ones.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

debian: Fix build-depends

Add libbsd-dev and python-ipaddr

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

debian/changelog: wip 0.4.x

NEW etc.: Use NEW at non-formulaic call sites

Manually replace calls to safe_malloc with NEW. Calls where
safe_malloc was used to allocate a byte array (or a string buffer) are
left alone.

Some simple calls to allocate a single object are replaced with NEW.
(in COMM_APPLY, init_log, resolve_request, transform_cbcmac_module,
TRANSFORM_CREATE_CORE).

Some calls which were allocating arrays are replaced with NEW_ARY
(in dict_keys, ipset_new).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

NEW etc.: Replace most calls to safe_realloc_ary

Replace with REALLOC_ARY whenever the array object size is not 1

In subnet_list_set_len and ipset_set_len we abolish the unnecessary
temporary variable `nd'. In subnet_list_set_len we also simplify the
assert integer overflow condition (the division is not needed because
REALLOC_ARY and hence safe_malloc_ary will check for potential
multiplication overflow).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

NEW etc.: Use NEW_ARY

Replace all calls to safe_malloc_ary with the NEW_ARY wrapper.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

NEW etc.: Use NEW in all obvious places

Entirely automatic conversion, using the following Perl rune:

perl -i~ -pe 's#^(\s+)(\w+)=safe_malloc$sizeof\(\*\2$,"[^"]+"\);$#$1NEW($2);#' *.c conffile.fl conffile.y

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

NEW etc.: Provide size-safe wrappers for safe_malloc et al.

These automatically compute the size from the type to be assigned to,
and automatically generate a context string.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp, polypath: Log `experiencing success receiving', etc.

We want to use the `experienced' mechanism to report success while
receiving.

But, previously, the udp_socks_afterpoll function which does the
reciving didn't have a suitable description (`socksdesc') available:
in particular, for polypath, it should print the interface name.

Solve this as follows:
* Add a `desc' field to struct udpsocks, set by udp_socks_register
   (for polypath this duplicates interf->name, but we don't really
   care much about that as it's only one pointer).
* Add a new argument to udp_socks_register to ensure we catch
   all the creation sites.
* Have have udp_sock_experienced take a struct udpsocks*.

After all that, the new call to udp_sock_experienced is trivial.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

test-example: Test not specifying a port

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp, polypath: Make specifying port optional

There is no particular reason why a mobile site with no stable address
ought to have to bind to a particular port.  Doing so in those
configurations can bring in additional complications.

So, make specifying the port optional.

udp_make_socket calls getsockname to find what port number it got.
(We do this unconditionally as that's simplest.)

This has more complicated fallout than appears at first glance.
polypath needs to be able to match disappearances of the interface
address, which is mostly processed in terms of the configured rather
than obtained sockaddr.

In polypath, we need to compare just the addresses when removing an
interface address, because the port will have been assigned later.  We
also use the actual address in logging, rather than the one supplied
by the interface monitor.

To support these changes, we formalise udp_import_socket, and provide
a new `ignoreport' option to iaddr_equal.  The scope of the FAIL and
FAIL_LG macros in udp.c becomes a bit wider.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

test-example: Set `system/userid'

This means we normally test the privsep, rather than non-privsep,
version of polypath.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

test-example: Reorder a config to better test CHILDPERSIST

If we move the polypath comm before the tun netlink, the tun will
already have been set up by the time polypath spawns its privsep
helper. (Since the entries are processed in reverse order.) This
means that the CHILDPERSIST phase hook ends up closing the tun fd,
which we can see in strace.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Provide privsep mode

If secnet is going to drop privileges, it won't be able to call
setsockopt(,,SO_BINDTODEVICE,) to set up the new polypath sockets.

Provide an arrangement where this is done by a child forked before we
drop privilege.

Add some comments to the existing just-broken-down interface change
handling code, saying whether and how they are used in the non-privsep
and privsep cases.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Log pid of long-running interface monitor

This new reporting is going to be particularly useful for privsep,
which has a child and also a grandchild.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

logging: Persistent children include pid in their log messages

Use the new PHASE_CHILDPERSIST hook to discover when we fork and
become a persistent child. When that happens, we call openlog() again
to add LOG_PID, and we make a note to add the pid to messages written
directly to logfiles (or the terminal) by secnet's file logger.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

fds etc.: Support non-forking persistent children

Polypath is are going to want to spawn a persistent child process,
which will not exec.  This child ought not to hold onto the various
important fds.

Otherwise, if the main secnet process dies but the child does not (for
some reason), the network interfaces, udp sockets, etc., set up by the
old secnet will remain owned by the child.

Introduce a new PHASE for this purpose (currently never entered).
Provide a convenient common hook function for closing a single fd.

Add phase hooks to:
* Close udp sockets (in the udp and polypath comm modules);
* Close the pipes to userv-ipif (slip netlink module);
* Close the tun device (tun netlink module);
* Zero out data transport keys, to improve forward secrecy in case
   the subprocess leaks somehow.  (Sadly we can't conveniently find
   the asymmmetric crypto session key negotiation state to wipe it.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Close parent's socket in child

Previously this would happen automatically due to CLOEXEC, but we are
going to have a long-running child, which needs to not have a copy of
this fd.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Break up child process handling

This will allow us to have different child processes, and also reuse
much of the same child output processing code in a different context.

No functional change (other than a tiny change to a message).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Reorganise to break up ifaddr handling

We are going to want to do some of this processing in a different
process, and hence in a different order. So split
polypath_process_monitor_lineinto three, producing two new functions
polypath_make_socket and polypath_record_ifaddr.

We change the error handling so it can be more context-sensitive: the
BAD macros use contextual `bad' and `badctx' values. These are
function pointers.

dump_ppml becomes dump_pria because it records interface address
recording.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

process: Clear SHUTDOWN hooks in afterfork()

That allows child processes to safely use the standard fatal() calls
etc.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

test-example: Provide a polypath test

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Provide Linux interface monitor

This script monitors the local network interfaces and prints output as
interfaces and addresses appear and disappear.

Install it in $(datarootdir). Provide $(datarootdir) to C code via a
-D compiler flag. Provide the appropriate path as the default setting
for `monitor-command' in the polypath module.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

polypath: Provide polypath comm module

Provide a new name `polypath' in the global dictionary which can be
made to produce new closures of type `comm'. These comms send packets
via multiple local interfaces.

Currently this module is not very useful because we lack a suitable
`monitor-command' for enumerating local interfaces.

We disable it if we don't have CONFIG_IPV6 because then we don't have
adns_text2addr.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

util: Break out pollbadbit()

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

buffer: Provide buffer_destroy

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

util: Use BSD queue.h for phase hook lists

We are about to touch this code and would like something clearer to
work with.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

secnet: provide will_droppriv

polypath is going to want to know whether to do privsep.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

transform: Discard previously-received packets

Keep a bitmap of previously-received packets (by sequence number
offset) and discard duplicates.

This feature can only be enabled if the bitmap (32 bits) is big enough
for the sequence number window (`max-skew'), but this is true by
default, and the feature is enabled by default when available.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

transform: Break out SEQNUM_KEYED_FIELDS and SEQNUM_PARAMS_FIELDS

And provide initialiser macros SEQNUM_KEYED_INIT and
SEQNUM_PARAMS_INIT.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

transform-cbcmac: Move max_[seq]_skew into params struct

Like in transform-eax. We are going to want to share this with eac
and extend it.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Makefile.in: Move settings of various directories above CFLAGS etc.

We are going to want to -D some of these for the benefit of the secnet
executable finding its helpers.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Log transmission and reception errors, at least some of the time

We keep a bitmask for each combination of
  - receive/send
  - address family
  - success/failure
and log a message the first time each one occurs.

We also provide a new utility function `af_name()' which is going to
be used by polypath's logging.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

netlink: Use MIN rather than ?:

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

util.h etc.: Provide MAX_RAW and MIN_RAW; etc.

MAX and MIN are unsuitable for use where a constant expression is
required. Provide MAX_RAW and MIN_RAW which are suitable but might
evaluate the left argument twice.

Remove max() in ipaddr.c and replace the call with one to MAX (not
MAX_RAW. (The old max macro there is operator-priority-unsafe but
there is only one call site and it happens to be OK.)

We ae going to use MAX_RAW later.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Introduce some `us' convenience variables, etc.

* Introduce appropriate `struct udpsock *us' in a few places, and use
  them as appropriate.  We are going to make a few more places where
  these are used and this avoids some repetition.

* Introduce an `af' variable for the intended destination address
  family at one point.  We are going to want to reuse this.

* Add a comment on a line `} else {' distant from its `if (..) {'.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

cleanup: Replace a few calls to malloc/realloc with safe_malloc

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

slip: Remove an incorrect XXX comment

There is no need to strdup anything before calling exec (or exit, of
course).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

util: Provide async_linebuf_read

polypath is going to want to read output from the interface and
address reporting script.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

fds: Make many fds nonblocking

Introduce iswouldblock to cope with POSIX not specifying which of
EAGAIN or EWOULDBLOCK you get).  In various subsystems, make more fds
nonblocking and handle errors appropriately.  Specifically:

* Logging self-pipe reading end.
* Signal self-pipe reading end.
* SLIP both ends.  Fixing the writing end involves breaking out a new
  function slip_write.  We have to set these nonblocking after reading
  the confiramation byte.
* tun's network interface fd.

In various of these we add code to handle EINTR, too.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Introduce setnonblock()

This involves reworking setcloexec()'s implementation so that we can
reuse it.

We now treat a failure to set O_NONBLOCK in udp_make_socket as a
fatal, rather than recoverable, error. This is fine.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

process: Introduce afterfork()

Rework set_default_signals into afterfork, which does the sigprocmask
too.  This is necessary for processes we fork after
setup_signal_handling(), which otherwise inherit our blocking mask and
non-default handlers.

Call it after each fork() (except the ones we use for daemonising).
As a consequence:
- hackypar children will die if they get a terminating signal
- our subprocesses such as `route' and `ifconfig' will inherit
   reasonable signal setups
- it will be correct to call udp_make_socket during phase RUN
   (previously any authbind would get a strange signal setup)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Break out udp_destroy_socket

polypath is are going to want this. No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Report authbind exit status as errno value if it seems appropriate

authbind-helper is documented as indicating an errno value in its exit
status. When the exit status is small enough that it's unlikely to
have come from the runtime system, print it as an errno value instead
of using lg_exitstatus.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

slip: Report unexpected kinds of death from userv

If st->expecting_userv_exit, we are expecting userv to exit 0 or die
with SIGTERM. If anything else happens, we should at least log it.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

logging: Use lg_exitstatus

Replace two open-coded exit status checks with calls to lg_exitstatus.

In the case of slip.c and udp.c this has no significant effect other
than a slight change to message format.

In the case of process.c, we no longer log the command's first
argument. I consider this tolerable for simplifying the code.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

logging: Provide lg_exitstatus

This will allow us to remove a bunch of formulaic exit status
handling.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Provide udp_socks_deregister

polypath is going to want this.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Make udp_make_socket be able to tolerate failures

Previously, it would log errors with fatal or fatal_perror. Now it
takes a message class and uses lg_perror, and also returns a boolean
to let the caller know whether it worked.

The repetitive calls to fatal_perror in udp_make_socket have been
replaced with a couple of macros.

The one existing call site passes M_FATAL. So no substantial
functional change in this patch.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Formalise interface to udp sockets

Have the poll registration done by the udpcommon/udpsocks code, rather
than by udp.c. This means we can abolish the two wrapper functions,
but we do need an extra pointer in a udpsocks to find the udpcommon.

No overall functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Break out some common udp parts

Provide a section in comm-common.h which allows other comms to share
some of the work done in udp.c. Specifically, we provide the new
concepts of `udpsocks' and `udpcommon'.

The port configuration parameter is lifted into the udp struct.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Break out common code in comm

We are going to want to introduce a new kind of comm. Currently we
only have one comm, udp, in udp.c - much of whose code we will want to
reuse.

Break that generic comm-handling code out into new files, functions
and macros.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Use BUF_GET_BYTES

There are two calls in udp_afterpoll which could use BUF_GET_BYTES.
Convert them.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm: Rename a lot of state pointer variables

We are going to split `struct udp' into a bunch of substructures with
their own types, to assist with reuse of the udp code in a new comm.
This is going to involve members at different levels of abstraction
being accessed through different pointer variable names.

So change the names now to aliases of the standard `struct udp *st'.
This will much reduce noise in subsequent patches.

Also rename udp.c's MAX_SOCKETS to UDP_MAX_SOCKETS.

No functional change in this patch.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

logging: Provide lg_perror and lg_vperror

These are convenience functions for logging module, config location,
errno value, etc., along with a full formatted message.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

poll: Document reentrancy restriction on before()

If the before() callback might modify the wanted fds or timeouts of
other poll users, the loop over poll users in run() might produce
wrong answers. Therefore, document that this is not permitted. (All
of the existing before() implementations are indeed fine.)

Also, document a couple of features of the afterpoll_fn interface.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

poll: Support deregistration from the main event loop

The logic here is slightly subtle because of reentrancy hazards. See
the comment in deregister_for_poll.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

poll: Abolish max_nfds

We do not need to be advised of a static maximum, since we dynamically
size the array now. Abolish the variable (which is unused) and change
all the callers.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

poll: Avoid duplicate array index counting

Calculate remain from idx at the top of the loop. This avoids having
to keep both remain and idx in step.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

poll: Make handling of fds array actually dynamic

Previously we relied on the max_fds argument to register_for_poll
being big enough and allocated an array at startup. But we are going
to want to be more dynamic, so actually do the dynamic array resizing.

We now start with a zero-sized array and increase it as needed.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

realloc: Provide safe_realloc_ary

Also, make it OK to call safe_malloc(0).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

poll: Introduce and use BEFOREPOLL_WANT_FDS

This helper macro provides a convenient implementation of the
beforepoll_fn interface for *nfds_io.  Use it everywhere.

This produces one bugfix: log_from_fd_beforepoll would fail to set
*nfds_io if it was finished,

This also arranges for many beforepoll callbacks to actually fail
properly with ERANGE if there is not enough space.  Previously they
would blithely write the next fd entry or two.  In practice the
provided fd array never runs out in the current code, so in these
cases we are just fixing latent bugs.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

main loop: Use <bsd/sys/queue.h> for poll interest list

This makes the code clearer, shorter and more typesafe.

It is also going to make it easier to introduce deregistration.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Use <bsd/sys/queue.h> for notify lists

This makes the code clearer, shorter and more typesafe.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

hackypar: Fix coding style

For some reason I didn't use the standard secnet coding style for this
file. Fix this by reindenting, and moving functions' opening braces.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: Support multiple addresses

The `address' parameter to a site closure can now contain multiple
`address' strings, which may be multiple domain names or multiple
address literals, or some combination.

We run all the resolutions in parallel, and keep a count of how many
we have outstanding, combining the results as they come in.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Provide dict_read_string_array

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

resolver: Provide input name as argument to callback

This is going to be convenient for our one call site.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

test-example: Switch to testing IPv6 too

Make the published address of `outside' be ::1, rather than 127.0.0.1.
This means we can test both IPv4 and IPv6.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Python IP addresses: Remove sys.path hacking from test script

Now that we no longer have ipaddr.py in our tree, we can get rid of
this messing about with sys.path. We use the system's ipaddr.py and
our own ipaddrset.py.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Python IP addresses: Check for and maybe delete stale ipaddr.py

If ipaddr.py (or .pyc) from a previous secnet installation still
exists in /usr/share/secnet or /usr/local/share/secnet, this version
won't work. Check for this situation in `make install' and bomb out.
Provide a `make install-force' which deletes the spurious files.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Python IP addresses: Use modern ipaddr.py - supports IPv6

Switch to using the modern ipaddr.py from Scott Kitterman, and our own
ipaddrset.py.

The upshot is that make-secnet-sites now supports IPv6.

Aside from adjusting the code in make-secnet-sites to conform to the
new API, we also delete the old Cendio ipaddr.py, and delete the code
to install it, and document the new dependency both in INSTALL and in
the Debian package metadata.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Python IP addresses: Provide ipaddrset.py library

This library module provides a class for a set of IP addresses, stored
as a list of netmasks.  This is in terms of the modern `ipaddr' module
by Scott Kitterman.

In this commit we introduce the ipaddrset.py module and its test
module.  We also patch the Makefile to install it, and test in `make
check' that it produces the expected output.

However, due to the presence of the old Cendio ipaddr.py alongside,
the provided ipaddrset-test.py needs some hideous hacking of sys.path
if it is to work when run in the ordinary way inside the secnet source
tree.  This will be removed in a later patch.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

resolver: Support IPv6 literals

With CONFIG_IPV6, use adns_addr2text instead of inet_ntoa.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

resolver: Log reason for DNS resolution failure

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

resolver: Support IPv6 name resolution

Tell adns (via ADNS_FEATURE_MANYAF) that we want mixed address
families in the results, and handle any IPv6 addresses we find.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Support IPv6 when using authbind

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Support IPv6 (mostly)

Specifically:

* struct udp now contains an array of (up to three) pairs of iaddr,
   fd.  Code which deals with the fd and addr has been updated to use
   loops etc. as appropriate.

* The sockets are created with the right protocol family value.
   For AF_INET6, we set IPV6_V6ONLY.

* Specifically, when transmitting, we try all appropriate sockets and
   compute the persistent-failure indication as required.

* And a comm_addr now contains an `int ix' for udp.c's benefit,
   particularly when logging.

* We use string_item_to_iaddr to convert the string to a socket
   address, rather than string_item_to_ipaddr.  The latter can cope
   only with IPv4 (and is now used only for private vpn addrs,
   proxies, etc.).

* The default is now to create both IPv6 and IPv4 sockets.

Left undone are:

* The special secnet proxy protocol has a 4-byte address prepended
   which implies IPv4.  I don't intend to fix this.

* The authbind support for IPv6 will be in a future patch.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp.c: Remove some (ab)use of variable name `i'

I find it very odd to find `item_t *i' etc. I would like to be able
to use `int i'. So change some uses of `i' to `item'. (`j' in this
function will go away in the next patch so isn't worth renaming.)

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Provide string_item_to_iaddr

This will be used shortly.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Provide ARRAY_SIZE

No call sites yet.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Make list_length and string_item_to_ipaddr const-correct.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

udp: Break out udp_make_socket

Make this into a function by itself and adjust its arguments so that
when we support multiple sockets (for multiple addresses so that we
can have multiple AFs) we can just call it for each one.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

ipv6: Support printing, comparing, etc. IPv6 addresses

If we support IPv6, convert addresses with adns_addr2text. Otherwise
stick with inet_ntoa.

With these changes, there is nothing remaining that will actually
crash secnet if it is passed an IPv6 address. However, it is not yet
possible to mention IPv6 addresses in the configuration, and the udp
transport needs dual stack support.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

ipv6: check for support in system and in adns

We #define CONFIG_IPV6 if the system has AF_INET6 and adns has
adns_addr2text (which only the IPv6-capable adns has).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

autoconf: Update to autoconf 2.69

Rerun autoconf (Debian 2.69-1 i386) to update the configure script.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

ipv6: More buffers in iaddr_to_string

We are going to have addresses of multiple address families in various
places, which will mean more calls to iaddr_to_string for the benefit
of the same logging statement.

Increase the number of static buffers used by iaddr_to_string from 2
to 8.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm etc.: Provide comm_addr_equal

Abolish the rule that a comm_addr has zeroes in all its holes.
Provide comm_addr_equal instead.

We can get rid of a lot of calls to FILLZERO.

In resolver.c we no longer need to copy the fields of ia individually.
We still need to look at the incoming address family since util.c
aborts on unknown AFs and adns (perhaps a new version or something)
might have sent us things we don't understand. (Also reorganise the
loop/switch a little to get `wslot++' out of the `case'.)

We have to move the declaration of iaddr_equal.

Abolish transport_addrs_equal and replace it at call sites with the
new comm_addr_equal.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

ipv6: introduce union iaddr

Replace many occurrences of sockaddr_in by a new union, iaddr.

Everywhere that fills in an address has been modified to look into the
subfields of iaddr.  Also, replace references to the size of a
sockaddr_in by the new function iaddr_socklen.

But there is not yet any support for a union iaddr to contain anything
other than a sockaddr_in.  This will be added gradually in forthcoming
patches, starting at consumers and working back.

Additionally, a couple of places that specified a port and address as
a uint16_t and uint32_t have been converted.

We have changed only transport addresses - that is, addresses on the
public network.  VPN addresses remain IPv4 only.

We provide a few helper functions for manipulating union iaddr, such
as iaddr_to_string (which replaces saddr_to_string).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: Remove "wishful thinking" from transport address handling comment

We have now completed the implementation of the algorithms described
in the comment.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: Change default number of mobile peers

As the comment has it:

   - The default number of addrs to keep is 3, or 4 if we have a
     configured name or address.  That's space for two configured
     addresses (one IPv6 and one IPv4), plus two received addresses.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: Permit multiple peer addresses even if peer is static

This is necessary to permit multiple addresses of multiple address
families. We (arbitrarily) set the default limit to 3.

Abolish the MAX_MOBILE_PEERS_MAX constant and size the peer addresses
array by MAX_PEER_ADDRS directly.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

resolver: construct comm_addr; honour multiple addresses from the resolver

We move construction of the comm_addr into the resolver. The comm_if
and port are supplied to it by site and filled in by the resolver.
This allows the resolver to return a complete comm_addr array.

While we're here, we make an adns_r_addr query instead of an adns_r_a
query.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: transport peers: Update bulk of code for multiple addresses

Make the transport_peers functions which receive name resolution
information cope with multiple addresses.

(We cannot yet receive multiple addresses from the resolver. That
will come next.)

This is just plumbing: no functional change (other than tiny
changes to log messages) in this patch.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: Provide transport_record_peers to cope with multiple addresses

This is a complete replacement of transport_record_peer by this new
function. The semantics are similar to the old function, except that
the new one copes with multiple addresses at once (ensuring that they
arrive, in order, at the front of the array). It now needs its
caller to call transport_peers_expire.

We provide a convenience function transport_expire_record_peers for
the various call sites that want to call expire and then record.

As yet, there are no callers of transport_record_peers which pass
naddrs!=1 so there is no overall functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: transport peers: Delete or demote unsuitable peers addresses

If comm signals that the address is unuseable (ie we have no IPv4 or
IPv6 interface or routing), delete the address. Or, if we are mobile,
demote it to the end of the list (since we might gain appropriate
routing in the future).

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

comm_if: Define the meaning of ->sendmsg returning false

site's transport logic is going to want to know when a failure occurs
which is attributable to the address being unsuitable for the local
network environment (eg v4 address on v6-only host).

Use the boolean return value from sendmsg for that.

At the moment all the callers ignore the return value, and the only
actual sendmsg function always returns true. This is consistent with
the new semantics.

Therefore, no functional change in this patch.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

site: transport peers: Notes on multi-address-family (IPv6) support

Update the comment about transport peer address handling. This
defines the new regime for dual-stack support, which are going to
implement in the following patches.

No functional change.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>