chiark / gitweb /
Ian Jackson [Sun, 23 Apr 2017 19:59:18 +0000 (20:59 +0100)]
When turning on debug, turn on verbose too.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 19:58:22 +0000 (20:58 +0100)]
When printing messages about dropping IPv6, do not print anything about ihl.
Check the IP version field first !
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 17:14:11 +0000 (18:14 +0100)]
fixup! polypath: Introduce comm-info/dedicated
Ian Jackson [Sun, 23 Apr 2017 17:13:55 +0000 (18:13 +0100)]
fixup! polypath: Plumb ifname_wanted
Ian Jackson [Sun, 23 Apr 2017 17:12:20 +0000 (18:12 +0100)]
fixup! polypath: change return type of ifname_wanted
Ian Jackson [Sun, 23 Apr 2017 16:25:15 +0000 (17:25 +0100)]
changelog: mention hippotat
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 11:36:09 +0000 (12:36 +0100)]
polypath: Introduce comm-info/dedicated-interface-addr
Also, rename `interfs' to `interfs_general' in struct polypath, to
ensure we found everywhere this list is processed.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 13:25:58 +0000 (14:25 +0100)]
polypath: Break out polypath_sendmsg_interf
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 13:07:57 +0000 (14:07 +0100)]
polypath: Plumb ifname_wanted `want' through privsep etc.
Prepare for there being multiple interface lists, and for a new kind
of `want'. Specifically:
* Arrange to declare the type `struct interf_list'.
* Pass the want via the privsep protocol, as a character.
* Pass the want in lots of command line arguments.
* Move assert for rogue values to the use site, which is now in
a different process so it can't be an assert.
* Introduce a variable `interfs' in polypath_record_ifaddr to allow
it to manipulate a different list.
* Introduce a variable `max_interfs' in polypath_record_ifaddr to
allow a different check.
* Print the relevant want in debugging output.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 12:46:05 +0000 (13:46 +0100)]
polypath: change return type of ifname_wanted, to char
We are going to want to provide other answers besides just
yes (True, '+') and no (False, '!'). Prepare for this.
No functional change just yet.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 12:11:43 +0000 (13:11 +0100)]
comm clientinfo: site: Pass comm-info to comm
Call each comm's clientinfo_fn on the comm-info dict, if any.
Pass the resulting struct clientinfo to sendmsg.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 11:36:44 +0000 (12:36 +0100)]
comm clientinfo: Provide clientinfo interface
This will allow a comm client to provide information from its
configuration dicts to the comm, so that a comm can be shared by
multiple clients but still have client-specific configuration.
Currently, this new interface has no callers, and no consumers.
No comm clients call comm_if->_clientinfo(); they all just pass NULL.
No comms take any notice of the clientinfo information; they always
return NULL for the clientinfo*.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 12:17:37 +0000 (13:17 +0100)]
site: Introduce comm_addr_sendmsg
This helper function currently simply sends a packet to an comm_addr,
using the addr's comm. It will do more in a bit.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 23 Apr 2017 12:09:36 +0000 (13:09 +0100)]
conffile: Provide dict_read_dict
No callers yet.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 19 Apr 2016 21:46:12 +0000 (22:46 +0100)]
Makefile.in: turn of -Wsign-compare for bison output
conffile.yy.c: In function `yy_get_next_buffer':
conffile.yy.c:1228:44: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
if ((int) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
^
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 12 Sep 2015 23:56:06 +0000 (00:56 +0100)]
Keepalive option: Start trying to rekey as soon as peer shuts down
This avoids us ending up in state RUN with no keys and no key
initiation attempt, which with keepalive is a forbidden.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 12 Sep 2015 15:17:51 +0000 (16:17 +0100)]
Implement `keepalive' site option, to try to keep link always up.
Ian Jackson [Sat, 28 Feb 2015 15:26:03 +0000 (15:26 +0000)]
Finalise 0.4.0
Ian Jackson [Sat, 28 Feb 2015 15:02:32 +0000 (15:02 +0000)]
Report when transport peers updated as a result of transmit.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 28 Feb 2015 15:01:21 +0000 (15:01 +0000)]
site: Packet-level debugging notes errors from transmit.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 31 Jan 2015 09:03:36 +0000 (09:03 +0000)]
Release process notes from 0.4.0~beta2
Ian Jackson [Sun, 28 Dec 2014 17:14:27 +0000 (17:14 +0000)]
Finalise changelog for 0.4.0~beta2
Ian Jackson [Sun, 28 Dec 2014 17:11:38 +0000 (17:11 +0000)]
Finalise changelog for beta2~ test build
Ian Jackson [Sun, 28 Dec 2014 17:10:59 +0000 (17:10 +0000)]
Makefile.in: Putative dual (backport and not) release build process doc.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 16:48:19 +0000 (16:48 +0000)]
Sort out changelog
Ian Jackson [Sun, 28 Dec 2014 16:42:06 +0000 (16:42 +0000)]
Build system: Use -lnsl only if inet_ntoa is not found otherwise.
Ian Jackson [Sun, 28 Dec 2014 16:37:44 +0000 (16:37 +0000)]
Build system: Break out SECNET_C_GETFUNC macro
No functional change.
Verified with `git diff -b' that there is no significant change to the
generated configure.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 16:34:10 +0000 (16:34 +0000)]
Build system: Use -lresolv only if inet_aton is not found otherwise.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 16:22:05 +0000 (16:22 +0000)]
Build system: debian/rules: Do not run build for *-indep (!)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 16:21:08 +0000 (16:21 +0000)]
Build system: debian/rules: Provide build-arch and build-indep targets.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 16:16:54 +0000 (16:16 +0000)]
Build system: debian/rules: Support dpkg-buildflags.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 15:55:32 +0000 (15:55 +0000)]
Copyright updates - update to GPLv3, etc.
Update to GPLv3. secnet as actually installed is GPLv3+ anyway
because it depends on python-ipaddr (Apache 2.0, which is
GPLv2-incompatible), adns (now GPLv3+), and libgmp (now LGPLv3+).
Also:
* Add missing copyright notices and credits.
* Get rid of old FSF street address; use URL instead.
* Remove obsolete LICENCE.txt (which was for snprintf reimplementation).
* Remove obsolete references to Cendio (for old ipaddr.py, now gone).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 16:02:13 +0000 (16:02 +0000)]
Build system: Fix check for <linux/if_tun.h> and remove our copy
* Check for <linux/if_tun.h>, not <linux/if.h>, since the former is
what we include.
* Remove our embedded copy of linux/if_tun.h. We have no need of
this any more as all recent Linux platforms will provide this as
part of the system. This is good because linux/if_tun.h is
GPLv2-only and secnet as a whole has to be GPLv3+ when built
because it contains and depends on a few GPLv3+ things.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 28 Dec 2014 12:38:05 +0000 (12:38 +0000)]
Build system: Install ipaddrset.py and secnet.8 with correct perms
Do not install them as executables; use INSTALL_DATA instead.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Dec 2014 21:35:39 +0000 (21:35 +0000)]
Build system: debian/rules: set DESTDIR (not prefix).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Dec 2014 21:35:02 +0000 (21:35 +0000)]
Build system: Makefile: support DESTDIR.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Dec 2014 21:29:00 +0000 (21:29 +0000)]
Changelog update.
Ian Jackson [Sun, 2 Nov 2014 15:40:32 +0000 (15:40 +0000)]
polypath: "address to remove not found" not an error
Reduce the log severity of this message. This can happen due to a
previous error, and does not then want to be reported again (unless
debugging is turned up).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 2 Nov 2014 15:38:09 +0000 (15:38 +0000)]
polypath: Make message class an argument to bad() callbacks
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Mon, 27 Oct 2014 01:42:28 +0000 (01:42 +0000)]
Portability fix: Build where sizeof is not compatible with int
On Debian amd64, for example:
util.c: In function 'iaddr_to_string':
util.c:575:3: error: field precision specifier '.*' expects argument
of type 'int', but argument 3 has type 'long unsigned int'
Thanks to Jonathan Amery for the report.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 26 Oct 2014 19:50:50 +0000 (19:50 +0000)]
polypath-interface-monitor-linux: Skip "tentative" IPv6 local addrs
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 26 Oct 2014 19:50:37 +0000 (19:50 +0000)]
polypath-interface-monitor-linux: Debugging output
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 26 Oct 2014 18:26:54 +0000 (18:26 +0000)]
polypath: Ignore IPv6 Unique Local unicast addresses.
Ian Jackson [Sun, 26 Oct 2014 15:28:39 +0000 (15:28 +0000)]
Finalise 0.4.0~beta1
Ian Jackson [Sat, 25 Oct 2014 18:22:01 +0000 (19:22 +0100)]
udp: Print more info in our comm_addr representations
Include an index number (starting at 0) and the line number (but not
filename) at which we were defined. This is allows the user to more
easily see (for example) which comm_addrs actually belong to the same
udp, even if they might have a different ix and thus be reported with
different local addresses.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 18:20:14 +0000 (19:20 +0100)]
site: When reporting resolution complete, print only iaddr
For any particular site, the comm (and ix) are always going to be the
same. Printing only the address and port produces less clutter in the
log.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 18:04:31 +0000 (19:04 +0100)]
Static buffers: Provide new rotating static buffer macros
Provide new macros SBUF_DEFINE and SBUF which replace the open coded
rotating static buffers in ipaddr_getbuf (ipaddr_to_string and
subnet_to_string) and iaddr_to_string.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 17:27:34 +0000 (18:27 +0100)]
Static buffers: Replace references to bufs[b]
Introduce a new macro SBUF which currently refers to bufs[b]. We are
going to change its definition in a moment. Splitting the patches up
this way makes it easier to see that they're right.
No functional change in this patch.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 17:56:32 +0000 (18:56 +0100)]
Static buffers: ipaddr_getbuf: Rename some variables
Rename ipaddr_bufnum to b and ipaddr_bufs to bufs. That makes the
naming consistent with the other ad-hoc rotating buffers in
iaddr_to_string.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 15:56:50 +0000 (16:56 +0100)]
udp: Insist on only one successful default socket setup
If we default the addresses to use, we only insist that at least one
of them can be successfully set up.
(This is particularly significant when upgrading an existing secnet
installation to the new secnet, with IPv6 support, but on a host with
no IPv6, and no address configured in the config file. Without this
patch, secnet would fail to start up because it would try, and fail,
to bind the IPv6 address.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 14:00:38 +0000 (15:00 +0100)]
udp: Provide st->addr_configured
We are going to use it in udp_phase_hook.
Rewrite the tests on caddrl in terms of this new boolean.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 11:09:46 +0000 (12:09 +0100)]
udp, polypath: Log destination address in `some success' messages
Replace the boolean parameter with a pointer to the destination
address. (Conveniently this means that the calls relating to
reception can remain unchanged and the ones relating to transmission
produce a compile error until converted.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 25 Oct 2014 11:02:02 +0000 (12:02 +0100)]
authbind: Better logging of authbind failures
Report the address and the authbind helper pathname.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 23 Oct 2014 22:50:45 +0000 (23:50 +0100)]
string_item_to_iaddr: Actually set port if !CONFIG_IPV6
This bug was introduced along with this function in
bb839899 `Provide
string_item_to_iaddr', which simply forgot to set the port.
The practical implications are that the port number of a locally bound
socket would not be specified, if an address was supplied, but only in
builds without IPv6 support. (This might result in the kernel picking
a port nmber; if authbind is in use it would probably cause authbind
to refuse.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 23 Oct 2014 22:49:17 +0000 (23:49 +0100)]
resolver: Actually set port in resulting ca's
This got broken in
2093fb5c `comm etc.: Provide comm_addr_equal'.
We mistakenly removed the code that copied the port from q, along with
the code that copied the adns answer from ra. (The sockaddr that
comes back from adns obviously doesn't have a port number in it.)
As a result all actual DNS resolutions would result in an unuseable
sockaddr with port==0.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 23 Oct 2014 18:04:57 +0000 (19:04 +0100)]
udp: Print `&' in address descriptions only if multiple sockets
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 21 Oct 2014 00:20:12 +0000 (01:20 +0100)]
Makefile.in: remove *.pyc
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 21 Oct 2014 00:05:53 +0000 (01:05 +0100)]
debian/changelog: Write most of changelog for 0.4.x
Ian Jackson [Mon, 20 Oct 2014 23:33:49 +0000 (00:33 +0100)]
Makefile.in: Handle conffile.yy.h properly
This needs to be deleted by clean. And it needs to be a dependency of
the %.o pattern rule. (Since we rely on autogenerated .d header file
dependencies, are fine for manually-edited header files but not
autogenerated ones.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 9 Oct 2014 18:23:31 +0000 (19:23 +0100)]
debian: Fix build-depends
Add libbsd-dev and python-ipaddr
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 9 Oct 2014 18:20:32 +0000 (19:20 +0100)]
debian/changelog: wip 0.4.x
Ian Jackson [Tue, 7 Oct 2014 19:51:05 +0000 (20:51 +0100)]
NEW etc.: Use NEW at non-formulaic call sites
Manually replace calls to safe_malloc with NEW. Calls where
safe_malloc was used to allocate a byte array (or a string buffer) are
left alone.
Some simple calls to allocate a single object are replaced with NEW.
(in COMM_APPLY, init_log, resolve_request, transform_cbcmac_module,
TRANSFORM_CREATE_CORE).
Some calls which were allocating arrays are replaced with NEW_ARY
(in dict_keys, ipset_new).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 7 Oct 2014 19:41:20 +0000 (20:41 +0100)]
NEW etc.: Replace most calls to safe_realloc_ary
Replace with REALLOC_ARY whenever the array object size is not 1
In subnet_list_set_len and ipset_set_len we abolish the unnecessary
temporary variable `nd'. In subnet_list_set_len we also simplify the
assert integer overflow condition (the division is not needed because
REALLOC_ARY and hence safe_malloc_ary will check for potential
multiplication overflow).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 7 Oct 2014 19:36:17 +0000 (20:36 +0100)]
NEW etc.: Use NEW_ARY
Replace all calls to safe_malloc_ary with the NEW_ARY wrapper.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 7 Oct 2014 19:31:26 +0000 (20:31 +0100)]
NEW etc.: Use NEW in all obvious places
Entirely automatic conversion, using the following Perl rune:
perl -i~ -pe 's#^(\s+)(\w+)=safe_malloc\(sizeof\(\*\2\),"[^"]+"\);$#$1NEW($2);#' *.c conffile.fl conffile.y
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 7 Oct 2014 19:28:33 +0000 (20:28 +0100)]
NEW etc.: Provide size-safe wrappers for safe_malloc et al.
These automatically compute the size from the type to be assigned to,
and automatically generate a context string.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 23:55:28 +0000 (00:55 +0100)]
udp, polypath: Log `experiencing success receiving', etc.
We want to use the `experienced' mechanism to report success while
receiving.
But, previously, the udp_socks_afterpoll function which does the
reciving didn't have a suitable description (`socksdesc') available:
in particular, for polypath, it should print the interface name.
Solve this as follows:
* Add a `desc' field to struct udpsocks, set by udp_socks_register
(for polypath this duplicates interf->name, but we don't really
care much about that as it's only one pointer).
* Add a new argument to udp_socks_register to ensure we catch
all the creation sites.
* Have have udp_sock_experienced take a struct udpsocks*.
After all that, the new call to udp_sock_experienced is trivial.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 23:24:24 +0000 (00:24 +0100)]
test-example: Test not specifying a port
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 23:19:34 +0000 (00:19 +0100)]
udp, polypath: Make specifying port optional
There is no particular reason why a mobile site with no stable address
ought to have to bind to a particular port. Doing so in those
configurations can bring in additional complications.
So, make specifying the port optional.
udp_make_socket calls getsockname to find what port number it got.
(We do this unconditionally as that's simplest.)
This has more complicated fallout than appears at first glance.
polypath needs to be able to match disappearances of the interface
address, which is mostly processed in terms of the configured rather
than obtained sockaddr.
In polypath, we need to compare just the addresses when removing an
interface address, because the port will have been assigned later. We
also use the actual address in logging, rather than the one supplied
by the interface monitor.
To support these changes, we formalise udp_import_socket, and provide
a new `ignoreport' option to iaddr_equal. The scope of the FAIL and
FAIL_LG macros in udp.c becomes a bit wider.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 17:22:57 +0000 (18:22 +0100)]
test-example: Set `system/userid'
This means we normally test the privsep, rather than non-privsep,
version of polypath.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 22:33:39 +0000 (23:33 +0100)]
test-example: Reorder a config to better test CHILDPERSIST
If we move the polypath comm before the tun netlink, the tun will
already have been set up by the time polypath spawns its privsep
helper. (Since the entries are processed in reverse order.) This
means that the CHILDPERSIST phase hook ends up closing the tun fd,
which we can see in strace.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 17:19:20 +0000 (18:19 +0100)]
polypath: Provide privsep mode
If secnet is going to drop privileges, it won't be able to call
setsockopt(,,SO_BINDTODEVICE,) to set up the new polypath sockets.
Provide an arrangement where this is done by a child forked before we
drop privilege.
Add some comments to the existing just-broken-down interface change
handling code, saying whether and how they are used in the non-privsep
and privsep cases.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 22:42:04 +0000 (23:42 +0100)]
polypath: Log pid of long-running interface monitor
This new reporting is going to be particularly useful for privsep,
which has a child and also a grandchild.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 22:31:36 +0000 (23:31 +0100)]
logging: Persistent children include pid in their log messages
Use the new PHASE_CHILDPERSIST hook to discover when we fork and
become a persistent child. When that happens, we call openlog() again
to add LOG_PID, and we make a note to add the pid to messages written
directly to logfiles (or the terminal) by secnet's file logger.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 22:21:56 +0000 (23:21 +0100)]
fds etc.: Support non-forking persistent children
Polypath is are going to want to spawn a persistent child process,
which will not exec. This child ought not to hold onto the various
important fds.
Otherwise, if the main secnet process dies but the child does not (for
some reason), the network interfaces, udp sockets, etc., set up by the
old secnet will remain owned by the child.
Introduce a new PHASE for this purpose (currently never entered).
Provide a convenient common hook function for closing a single fd.
Add phase hooks to:
* Close udp sockets (in the udp and polypath comm modules);
* Close the pipes to userv-ipif (slip netlink module);
* Close the tun device (tun netlink module);
* Zero out data transport keys, to improve forward secrecy in case
the subprocess leaks somehow. (Sadly we can't conveniently find
the asymmmetric crypto session key negotiation state to wipe it.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 17:20:44 +0000 (18:20 +0100)]
polypath: Close parent's socket in child
Previously this would happen automatically due to CLOEXEC, but we are
going to have a long-running child, which needs to not have a copy of
this fd.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 30 Sep 2014 17:33:59 +0000 (18:33 +0100)]
polypath: Break up child process handling
This will allow us to have different child processes, and also reuse
much of the same child output processing code in a different context.
No functional change (other than a tiny change to a message).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 30 Sep 2014 16:36:44 +0000 (17:36 +0100)]
polypath: Reorganise to break up ifaddr handling
We are going to want to do some of this processing in a different
process, and hence in a different order. So split
polypath_process_monitor_lineinto three, producing two new functions
polypath_make_socket and polypath_record_ifaddr.
We change the error handling so it can be more context-sensitive: the
BAD macros use contextual `bad' and `badctx' values. These are
function pointers.
dump_ppml becomes dump_pria because it records interface address
recording.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 30 Sep 2014 17:22:14 +0000 (18:22 +0100)]
process: Clear SHUTDOWN hooks in afterfork()
That allows child processes to safely use the standard fatal() calls
etc.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 17:13:57 +0000 (18:13 +0100)]
test-example: Provide a polypath test
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Mon, 29 Sep 2014 14:17:13 +0000 (15:17 +0100)]
polypath: Provide Linux interface monitor
This script monitors the local network interfaces and prints output as
interfaces and addresses appear and disappear.
Install it in $(datarootdir). Provide $(datarootdir) to C code via a
-D compiler flag. Provide the appropriate path as the default setting
for `monitor-command' in the polypath module.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 26 Feb 2014 14:19:01 +0000 (14:19 +0000)]
polypath: Provide polypath comm module
Provide a new name `polypath' in the global dictionary which can be
made to produce new closures of type `comm'. These comms send packets
via multiple local interfaces.
Currently this module is not very useful because we lack a suitable
`monitor-command' for enumerating local interfaces.
We disable it if we don't have CONFIG_IPV6 because then we don't have
adns_text2addr.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 17:02:19 +0000 (18:02 +0100)]
util: Break out pollbadbit()
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Wed, 1 Oct 2014 17:00:00 +0000 (18:00 +0100)]
buffer: Provide buffer_destroy
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 30 Sep 2014 17:17:43 +0000 (18:17 +0100)]
util: Use BSD queue.h for phase hook lists
We are about to touch this code and would like something clearer to
work with.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 30 Sep 2014 17:07:10 +0000 (18:07 +0100)]
secnet: provide will_droppriv
polypath is going to want to know whether to do privsep.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 23:40:04 +0000 (00:40 +0100)]
transform: Discard previously-received packets
Keep a bitmap of previously-received packets (by sequence number
offset) and discard duplicates.
This feature can only be enabled if the bitmap (32 bits) is big enough
for the sequence number window (`max-skew'), but this is true by
default, and the feature is enabled by default when available.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 23:27:19 +0000 (00:27 +0100)]
transform: Break out SEQNUM_KEYED_FIELDS and SEQNUM_PARAMS_FIELDS
And provide initialiser macros SEQNUM_KEYED_INIT and
SEQNUM_PARAMS_INIT.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 23:45:01 +0000 (00:45 +0100)]
transform-cbcmac: Move max_[seq]_skew into params struct
Like in transform-eax. We are going to want to share this with eac
and extend it.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 14:37:20 +0000 (15:37 +0100)]
Makefile.in: Move settings of various directories above CFLAGS etc.
We are going to want to -D some of these for the benefit of the secnet
executable finding its helpers.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 14:03:34 +0000 (15:03 +0100)]
udp: Log transmission and reception errors, at least some of the time
We keep a bitmask for each combination of
- receive/send
- address family
- success/failure
and log a message the first time each one occurs.
We also provide a new utility function `af_name()' which is going to
be used by polypath's logging.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Fri, 3 Oct 2014 20:16:49 +0000 (21:16 +0100)]
netlink: Use MIN rather than ?:
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Fri, 3 Oct 2014 19:22:18 +0000 (20:22 +0100)]
util.h etc.: Provide MAX_RAW and MIN_RAW; etc.
MAX and MIN are unsuitable for use where a constant expression is
required. Provide MAX_RAW and MIN_RAW which are suitable but might
evaluate the left argument twice.
Remove max() in ipaddr.c and replace the call with one to MAX (not
MAX_RAW. (The old max macro there is operator-priority-unsafe but
there is only one call site and it happens to be OK.)
We ae going to use MAX_RAW later.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 14:01:05 +0000 (15:01 +0100)]
udp: Introduce some `us' convenience variables, etc.
* Introduce appropriate `struct udpsock *us' in a few places, and use
them as appropriate. We are going to make a few more places where
these are used and this avoids some repetition.
* Introduce an `af' variable for the intended destination address
family at one point. We are going to want to reuse this.
* Add a comment on a line `} else {' distant from its `if (..) {'.
No functional change.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Thu, 2 Oct 2014 00:16:47 +0000 (01:16 +0100)]
cleanup: Replace a few calls to malloc/realloc with safe_malloc
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 13:28:20 +0000 (14:28 +0100)]
slip: Remove an incorrect XXX comment
There is no need to strdup anything before calling exec (or exit, of
course).
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Tue, 23 Sep 2014 23:33:52 +0000 (00:33 +0100)]
util: Provide async_linebuf_read
polypath is going to want to read output from the interface and
address reporting script.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 12:56:35 +0000 (13:56 +0100)]
fds: Make many fds nonblocking
Introduce iswouldblock to cope with POSIX not specifying which of
EAGAIN or EWOULDBLOCK you get). In various subsystems, make more fds
nonblocking and handle errors appropriately. Specifically:
* Logging self-pipe reading end.
* Signal self-pipe reading end.
* SLIP both ends. Fixing the writing end involves breaking out a new
function slip_write. We have to set these nonblocking after reading
the confiramation byte.
* tun's network interface fd.
In various of these we add code to handle EINTR, too.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 12:26:17 +0000 (13:26 +0100)]
Introduce setnonblock()
This involves reworking setcloexec()'s implementation so that we can
reuse it.
We now treat a failure to set O_NONBLOCK in udp_make_socket as a
fatal, rather than recoverable, error. This is fine.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 27 Sep 2014 10:10:06 +0000 (11:10 +0100)]
process: Introduce afterfork()
Rework set_default_signals into afterfork, which does the sigprocmask
too. This is necessary for processes we fork after
setup_signal_handling(), which otherwise inherit our blocking mask and
non-default handlers.
Call it after each fork() (except the ones we use for daemonising).
As a consequence:
- hackypar children will die if they get a terminating signal
- our subprocesses such as `route' and `ifconfig' will inherit
reasonable signal setups
- it will be correct to call udp_make_socket during phase RUN
(previously any authbind would get a strange signal setup)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>