diff options
| author | Roy Marples <roy@marples.name> | 2019-11-28 16:41:15 +0000 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2019-11-28 16:41:15 +0000 |
| commit | 6502584888c432a468d8918ce04e202281cb8ef9 (patch) | |
| tree | b62b1e3a7ba544c9e842e6f595b25fdaab8059b4 /src/if.h | |
| parent | a7613391cbd1f33867446a981c6ec648d3e35278 (diff) | |
| download | dhcpcd-6502584888c432a468d8918ce04e202281cb8ef9.tar.xz | |
privsep: Add support for priviledge separation
Not enabled by default - enable with ./configure --enable-privsep
Requires a user added to the system - default _dhcpcd
Several processes will be spawned off the main state engine:
a privileged actioneer and a generic network proxy.
Only the privileged actioneer process will retain root permissions.
When required, the privileged actioneer will also spawn
BPF listeners for BOOTP (DHCP) and ARP.
The BOOTP BPF listener should be a short lived process.
On kernels with RFC 5227 support, the ARP BPF listener will only
be used for ARPing and announcing a preferred address and will
also be a short lived process.
When not running in master mode, an address listener will be
spawned for each address (with the exception of RA dervived addresses)
dhcpcd cares about.
TODO:
* Solaris support.
* ARP BPF address filtering.
Diffstat (limited to 'src/if.h')
| -rw-r--r-- | src/if.h | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -65,7 +65,6 @@ #include "dhcpcd.h" #include "ipv4.h" #include "ipv6.h" -#include "ipv6nd.h" #include "route.h" #define EUI64_ADDR_LEN 8 @@ -111,6 +110,7 @@ int if_getifaddrs(struct ifaddrs **); int if_getsubnet(struct dhcpcd_ctx *, const char *, int, void *, size_t); #endif +int if_ioctl(struct dhcpcd_ctx *, unsigned long, void *, size_t); int if_getflags(struct interface *ifp); int if_setflag(struct interface *ifp, short flag); #define if_up(ifp) if_setflag((ifp), (IFF_UP | IFF_RUNNING)) @@ -207,6 +207,9 @@ int ip6_temp_valid_lifetime(const char *ifname); #endif int ip6_forwarding(const char *ifname); +struct ra; +struct ipv6_addr; + int if_applyra(const struct ra *); int if_address6(unsigned char, const struct ipv6_addr *); int if_addrflags6(const struct interface *, const struct in6_addr *, @@ -221,4 +224,10 @@ int if_machinearch(char *, size_t); struct interface *if_findifpfromcmsg(struct dhcpcd_ctx *, struct msghdr *, int *); int xsocket(int, int, int); + +#ifdef __linux__ +int if_linksocket(struct sockaddr_nl *, int); +int if_getnetlink(struct dhcpcd_ctx *, struct iovec *, int, int, + int (*)(struct dhcpcd_ctx *, void *, struct nlmsghdr *), void *); +#endif #endif |