diff options
| author |   claudio <claudio@openbsd.org> | 2015-12-05 12:20:13 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2015-12-05 12:20:13 +0000 |
| commit | 358269bbfcc3257b062a23fe654ebefa242ea0d5 (patch) | |
| tree | da84905b9624c90b755a880c29a32c6764069115 | |
| parent | ifq_deq_rollback without a preceding ifq_deq_begin is fail. (diff) | |
| download | wireguard-openbsd-358269bbfcc3257b062a23fe654ebefa242ea0d5.tar.xz wireguard-openbsd-358269bbfcc3257b062a23fe654ebefa242ea0d5.zip | |
Pledge ospfd SE ("stdio inet mcast") and RDE ("stdio") move some code
around to make it possible. Parent can't be pledged at the moment because
of carp ioctl (carp demote). Putting it in so that people can test.
OK benno@
| -rw-r--r-- | usr.sbin/ospfd/interface.c | 18 | ||||
| -rw-r--r-- | usr.sbin/ospfd/kroute.c | 13 | ||||
| -rw-r--r-- | usr.sbin/ospfd/ospfd.c | 7 | ||||
| -rw-r--r-- | usr.sbin/ospfd/ospfd.h | 7 | ||||
| -rw-r--r-- | usr.sbin/ospfd/ospfe.c | 9 | ||||
| -rw-r--r-- | usr.sbin/ospfd/parse.y | 25 | ||||
| -rw-r--r-- | usr.sbin/ospfd/rde.c | 9 |
7 files changed, 52 insertions, 36 deletions
diff --git a/usr.sbin/ospfd/interface.c b/usr.sbin/ospfd/interface.c index 069da3d5b47..328c46c532e 100644 --- a/usr.sbin/ospfd/interface.c +++ b/usr.sbin/ospfd/interface.c @@ -1,4 +1,4 @@ -/* $OpenBSD: interface.c,v 1.80 2015/11/22 13:09:10 claudio Exp $ */ +/* $OpenBSD: interface.c,v 1.81 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -198,6 +198,7 @@ if_new(struct kif *kif, struct kif_addr *ka) /* get mtu, index and flags */ iface->mtu = kif->mtu; iface->ifindex = kif->ifindex; + iface->rdomain = kif->rdomain; iface->flags = kif->flags; iface->linkstate = kif->link_state; iface->if_type = kif->if_type; @@ -241,9 +242,6 @@ if_del(struct iface *iface) void if_init(struct ospfd_conf *xconf, struct iface *iface) { - struct ifreq ifr; - u_int rdomain; - /* init the dummy local neighbor */ iface->self = nbr_new(ospfe_router_id(), iface, 1); @@ -254,18 +252,6 @@ if_init(struct ospfd_conf *xconf, struct iface *iface) iface->fd = xconf->ospf_socket; - strlcpy(ifr.ifr_name, iface->name, sizeof(ifr.ifr_name)); - if (ioctl(iface->fd, SIOCGIFRDOMAIN, (caddr_t)&ifr) == -1) - rdomain = 0; - else { - rdomain = ifr.ifr_rdomainid; - if (setsockopt(iface->fd, SOL_SOCKET, SO_RTABLE, - &rdomain, sizeof(rdomain)) == -1) - fatal("failed to set rdomain"); - } - if (rdomain != xconf->rdomain) - fatalx("interface rdomain mismatch"); - ospfe_demote_iface(iface, 0); } diff --git a/usr.sbin/ospfd/kroute.c b/usr.sbin/ospfd/kroute.c index d566b21de66..3a99acfb0d4 100644 --- a/usr.sbin/ospfd/kroute.c +++ b/usr.sbin/ospfd/kroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kroute.c,v 1.105 2015/10/26 11:46:25 claudio Exp $ */ +/* $OpenBSD: kroute.c,v 1.106 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2004 Esben Norby <norby@openbsd.org> @@ -85,7 +85,6 @@ void kroute_clear(void); struct kif_node *kif_find(u_short); struct kif_node *kif_insert(u_short); int kif_remove(struct kif_node *); -void kif_clear(void); struct kif *kif_update(u_short, int, struct if_data *, struct sockaddr_dl *); int kif_validate(u_short); @@ -110,22 +109,17 @@ int rtmsg_process(char *, size_t); void kr_fib_reload_timer(int, short, void *); void kr_fib_reload_arm_timer(int); -RB_HEAD(kroute_tree, kroute_node) krt; +RB_HEAD(kroute_tree, kroute_node) krt = RB_INITIALIZER(&krt); RB_PROTOTYPE(kroute_tree, kroute_node, entry, kroute_compare) RB_GENERATE(kroute_tree, kroute_node, entry, kroute_compare) -RB_HEAD(kif_tree, kif_node) kit; +RB_HEAD(kif_tree, kif_node) kit = RB_INITIALIZER(&kit); RB_PROTOTYPE(kif_tree, kif_node, entry, kif_compare) RB_GENERATE(kif_tree, kif_node, entry, kif_compare) int kif_init(void) { - RB_INIT(&kit); - /* init also krt tree so that we can call kr_shutdown() */ - RB_INIT(&krt); - kr_state.fib_sync = 0; /* decoupled */ - if (fetchifs(0) == -1) return (-1); @@ -886,6 +880,7 @@ kif_update(u_short ifindex, int flags, struct if_data *ifd, kif->k.if_type = ifd->ifi_type; kif->k.baudrate = ifd->ifi_baudrate; kif->k.mtu = ifd->ifi_mtu; + kif->k.rdomain = ifd->ifi_rdomain; if (sdl && sdl->sdl_family == AF_LINK) { if (sdl->sdl_nlen >= sizeof(kif->k.ifname)) diff --git a/usr.sbin/ospfd/ospfd.c b/usr.sbin/ospfd/ospfd.c index a00fde04229..358a8e6ac58 100644 --- a/usr.sbin/ospfd/ospfd.c +++ b/usr.sbin/ospfd/ospfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfd.c,v 1.87 2015/12/03 11:41:06 claudio Exp $ */ +/* $OpenBSD: ospfd.c,v 1.88 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -192,13 +192,12 @@ main(int argc, char *argv[]) opts |= OSPFD_OPT_STUB_ROUTER; } - /* fetch interfaces early */ kif_init(); /* parse config file */ if ((ospfd_conf = parse_config(conffile, opts)) == NULL) { - kr_shutdown(); + kif_clear(); exit(1); } ospfd_conf->csock = sockname; @@ -208,7 +207,7 @@ main(int argc, char *argv[]) print_config(ospfd_conf); else fprintf(stderr, "configuration OK\n"); - kr_shutdown(); + kif_clear(); exit(0); } diff --git a/usr.sbin/ospfd/ospfd.h b/usr.sbin/ospfd/ospfd.h index a225fd6830d..6569bb50238 100644 --- a/usr.sbin/ospfd/ospfd.h +++ b/usr.sbin/ospfd/ospfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfd.h,v 1.93 2015/11/22 13:09:10 claudio Exp $ */ +/* $OpenBSD: ospfd.h,v 1.94 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2004 Esben Norby <norby@openbsd.org> @@ -336,6 +336,7 @@ struct iface { u_int32_t crypt_seq_num; time_t uptime; unsigned int ifindex; + u_int rdomain; int fd; int state; int mtu; @@ -416,7 +417,8 @@ struct kif { u_int64_t baudrate; int flags; int mtu; - u_short ifindex; + unsigned int ifindex; + u_int rdomain; u_int8_t if_type; u_int8_t link_state; u_int8_t nh_reachable; /* for nexthop verification */ @@ -554,6 +556,7 @@ u_int16_t iso_cksum(void *, u_int16_t, u_int16_t); /* kroute.c */ int kif_init(void); +void kif_clear(void); int kr_init(int, u_int); int kr_change(struct kroute *, int); int kr_delete(struct kroute *); diff --git a/usr.sbin/ospfd/ospfe.c b/usr.sbin/ospfd/ospfe.c index c2b68adb133..5349fb06333 100644 --- a/usr.sbin/ospfd/ospfe.c +++ b/usr.sbin/ospfd/ospfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfe.c,v 1.93 2015/12/03 11:41:06 claudio Exp $ */ +/* $OpenBSD: ospfe.c,v 1.94 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -87,6 +87,9 @@ ospfe(struct ospfd_conf *xconf, int pipe_parent2ospfe[2], int pipe_ospfe2rde[2], return (pid); } + /* cleanup a bit */ + kif_clear(); + /* create ospfd control socket outside chroot */ if (control_init(xconf->csock) == -1) fatalx("control socket setup failed"); @@ -126,6 +129,9 @@ ospfe(struct ospfd_conf *xconf, int pipe_parent2ospfe[2], int pipe_ospfe2rde[2], setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + if (pledge("stdio inet mcast", NULL) == -1) + fatal("pledge"); + event_init(); nbr_init(NBR_HASHSIZE); lsa_cache_init(LSA_HASHSIZE); @@ -224,7 +230,6 @@ ospfe_shutdown(void) } nbr_del(nbr_find_peerid(NBR_IDSELF)); - kr_shutdown(); close(oeconf->ospf_socket); /* clean up */ diff --git a/usr.sbin/ospfd/parse.y b/usr.sbin/ospfd/parse.y index 48dd1c1a3ca..9b886ad1851 100644 --- a/usr.sbin/ospfd/parse.y +++ b/usr.sbin/ospfd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.79 2014/11/20 05:51:20 jsg Exp $ */ +/* $OpenBSD: parse.y,v 1.80 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> @@ -107,6 +107,7 @@ struct config_defaults *defs; struct area *conf_get_area(struct in_addr); struct iface *conf_get_if(struct kif *, struct kif_addr *); +int conf_check_rdomain(unsigned int); typedef struct { union { @@ -1133,6 +1134,9 @@ parse_config(char *filename, int opts) /* free global config defaults */ md_list_clr(&globaldefs.md_list); + /* check that all interfaces belong to the configured rdomain */ + errors += conf_check_rdomain(conf->rdomain); + if (errors) { clear_config(conf); return (NULL); @@ -1255,6 +1259,25 @@ conf_get_if(struct kif *kif, struct kif_addr *ka) return (i); } +int +conf_check_rdomain(unsigned int rdomain) +{ + struct area *a; + struct iface *i; + int errs = 0; + + LIST_FOREACH(a, &conf->area_list, entry) + LIST_FOREACH(i, &a->iface_list, entry) + if (i->rdomain != rdomain) { + logit(LOG_CRIT, + "interface %s not in rdomain %u", + i->name, rdomain); + errs++; + } + + return (errs); +} + void clear_config(struct ospfd_conf *xconf) { diff --git a/usr.sbin/ospfd/rde.c b/usr.sbin/ospfd/rde.c index d68109201b9..6d53eb3a953 100644 --- a/usr.sbin/ospfd/rde.c +++ b/usr.sbin/ospfd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.99 2015/12/03 11:41:06 claudio Exp $ */ +/* $OpenBSD: rde.c,v 1.100 2015/12/05 12:20:13 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org> @@ -111,6 +111,9 @@ rde(struct ospfd_conf *xconf, int pipe_parent2rde[2], int pipe_ospfe2rde[2], return (pid); } + /* cleanup a bit */ + kif_clear(); + rdeconf = xconf; if ((pw = getpwnam(OSPFD_USER)) == NULL) @@ -129,6 +132,9 @@ rde(struct ospfd_conf *xconf, int pipe_parent2rde[2], int pipe_ospfe2rde[2], setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + if (pledge("stdio", NULL) == -1) + fatal("pledge"); + event_init(); rde_nbr_init(NBR_HASHSIZE); lsa_init(&asext_tree); @@ -211,7 +217,6 @@ rde_shutdown(void) } rde_asext_free(); rde_nbr_free(); - kr_shutdown(); msgbuf_clear(&iev_ospfe->ibuf.w); free(iev_ospfe); |