| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is given when the OS supports the concept of wireless roaming
or the IP setup can be persisted when the carrier drops.
When this happens, routes are moved to a higher metric (if supported)
to support non preferred but non roaming routes.
The `interface_order` hook variable will now order the interfaces
according to priority and move roaming interfaces to the back of the
list.
If resolvconf is present then it is called with the -C option
to deprecate DNS and if carrier comes back it is called again with the
-c option to activate it once more.
As part of this change, default route metrics have been changed to
support a larger number of interfaces.
base metric 1000 (was 200)
wireless offset 2000 (was 100)
IPv4LL offset 1000000 (was 10000)
roaming offset 2000000
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Move the IS_LINK_UP macro to if_is_link_up function to reduce
binary size.
Rather than DHCPCD_LINK option controlling the carrier state,
use it in if_is_link_up to determine the outcome.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vastly improve and simplify link detection on BSD.
dhcpcd either examines the whole system via getifaddrs(3) or
reacts to events via route(4).
In both cases we have struct if_data which has ifi_link_state.
Armed with this knowledge, we no longer need SIOCGIFDATA or
SIOCGIFMEDIA.
To solve the issue of newly attached interfaces having
LINK_STATE_UNKNOWN or some interfaces not even changing it,
we only change the local knowledge of interface flags when
reports them by getifaddrs(3) or route(4) when we change them.
For example, if we set IFF_UP and it succeeds we don't set this
internally until reported by the kernel as above.
This keeps flags and link state in sync with each other.
The hope is that the kernel can set the real link state before
it reports IFF_UP.
As such, we no longer require the poll option or need to enter a
tight loop for old interfaces.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Not all interfaces report media state to get the link state.
However, link state is available from getifaddrs(3) ifa_data
for AF_LINK addresses.
Testing shows that link state is also sent correctly via
route(4) messages for the same interface.
This makes pppoe(4) interfaces more reliable on FreeBSD and OpenBSD.
|
| |
|
|
| |
the interface or not.
|
| |
|
|
|
|
|
|
|
|
| |
udev says whether an interface name is stable or not.
In a network namespace, udev claims the interface does not exist.
This makes sense because udev only operates in the root namespace.
As such disable udev in a network namespace.
While here correctly spell initialise.
|
| | |
|
| |
|
|
|
| |
Old systems don't have SOCK_CLOEXEC, etc, this makes it easy.
While here, right limit the sockets.
|
| |
|
|
| |
Suck sucky sucky, but it fixes PPP links again.
|
| | |
|
| |
|
|
|
| |
Only to be used if the interface does not report carrier state
changes for whatever reason.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
You never know when another sandbox tech comes around.
While here, add limits for every socket in the unpriviledged
processes. Some were absent before.
Also, note that RLIMIT_NOFILE breaks our control socket so
temporary disable that.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Saves opening it and closing it each time we discover interfaces.
|
| | |
|
| |
|
|
| |
So we can't use the BSD/Linux methodology
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Except for the priviledged process.
This is quite an in-depth change:
* ARP is now one process per address
* BPF flags are now returned via privsep
* BPF write filters are locked when supported
* The root process sends to the network
The last step is done by opening RAW sockets and then sending a UDP
header (where applicable) to avoid binding to an address
which is already in use by the reader sockets.
This is slightly wasteful for OS's without sandboxing but does
have the very nice side effect of not needing a source address
to unicast DHCPs replies from which makes the code smaller.
|
| |
|
|
|
|
|
|
| |
Although this is only for Capsicum, the getifaddrs interface is
quite portable although not POSIX.
With this final change, the Master process can now enter Capsicum
Capabilites Mode and this completes the Capsicum integration.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Otherwise we stupidly drop IFF_MULTICAST on Linux.
|
| |
|
|
| |
This just clarifies the former fix
|
| | |
|
| |
|
|
| |
This will greatly aid debugging.
|
| | |
|
| |
|
|
|
|
| |
This allows downstream implementions to inject their own data
into the log message and/or supply new logging targets whilst
preserving macros such as __FILE__ and __LINE__.
|
| |
|
|
| |
For more anonymity.
|
| |
|
|
| |
While here, include fcntl.h in if.c for older environments.
|
| | |
|
| |
|
|
| |
Otherwise SSP complains.
|
| |
|
|
| |
And copy back the actual length of it, not the whole buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This works by randomising the hardware address when carrier is down
and using this to construct a DUID LL which is used over any saved
DUID. IAID is defaulted to zero and hostname + FQDN are disabled.
Then every possible option is masked out except for essential ones.
It's possible to request options *after* anonymous option which
will enable it. This is RFC compliant and allows 100% flexability
in letting the user decide what, if any, details leek out.
This is disabled by default.
Only works on NetBSD, other OS coming shortly.
|
| |
|
|
|
|
|
|
|
|
| |
BSD and glibc have the signature for request as unsigned long.
musl and Solaris have a signed int.
As such, we need to detect this at compile time and adjust the
signature of our internal ioctl functions to match.
To keep the onwire format the same, memcpy the request to the
unsigned long request and back again, thus preserving the signedness.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not enabled by default - enable with ./configure --enable-privsep
Requires a user added to the system - default _dhcpcd
Several processes will be spawned off the main state engine:
a privileged actioneer and a generic network proxy.
Only the privileged actioneer process will retain root permissions.
When required, the privileged actioneer will also spawn
BPF listeners for BOOTP (DHCP) and ARP.
The BOOTP BPF listener should be a short lived process.
On kernels with RFC 5227 support, the ARP BPF listener will only
be used for ARPing and announcing a preferred address and will
also be a short lived process.
When not running in master mode, an address listener will be
spawned for each address (with the exception of RA dervived addresses)
dhcpcd cares about.
TODO:
* Solaris support.
* ARP BPF address filtering.
|
| |
|
|
|
|
|
|
|
| |
IP_RECVIF is supported on all BSD platforms as well as Solaris,
so it's more widely available than IP_PKTINFO.
This allows us to ensure that all platforms can retrieve the
receving interface from UDP network packets and thus make the code
paths a lot easier.
|
