| Age | Commit message (Collapse) | Author |
|---|
|
|
|
that not deleting the unix control sockets cause no harm and this way we close
another attack surface by not allowing the daemon to create/delete any more
files.
tweak and OK florian@
|
|
previous commit.
heads up and OK tb@
|
|
unlink(2)ed from eigrpe engine process, the problem is that this proc is
chrooted and therefore the socket will never be deleted.
In order to solve it we need to bring control_cleanup() function, which calls
unlink(2), into the main proc which is not chrooted. This is the way it's
already done for several other daemons we have in our base.
Additionally we also need to move the "cpath" pledge(2) promise from the child
process to the main process in order for the latter to be allowed to delete the
socket and while here shuffle the promises into their canonical form.
OK florian@ and benno@
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
use a more general text for the sections, and avoid the catchup issue
that was trying to document how many there were;
ok benno rob
|
|
Thanks to otto@ for the initial diff.
OK benno@
|
|
ok benno@
|
|
the desync cases. OK benno@
|
|
Use the macro from route(8) / ospf6d(8) since it works also with argument 0.
OK claudio@
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
|
|
TAILQ_FOREACH().
No intentional functional change.
ok reyk@
|
|
modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
|
with more modern TAILQ_FOREACH(). This what symget() was already
doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
|
upon successful and -1 on failure (as per POSIX). No functional change, just
improves portability.
requested by guenther@
looks correct to schwarze@
OK renato@
|
|
move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.
ok claudio@
|
|
|
|
style(9) says:
"Function prototypes for private functions (i.e., functions not used
elsewhere) go at the top of the first source module. In userland,
functions local to one source module should be declared 'static'".
The benefits of doing so include:
* clean up of the eigrpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.
Additional changes:
* Declare all extern variables in header files;
* Clean up the indentation of all function prototypes and global
variables.
ok claudio@ benno@
|
|
Also, there's no need to zero initialize global and static variables,
that's done automatically by the compiler.
ok claudio@ benno@
|
|
This reduces some code duplication and makes it easier to see the
difference between the IPv4 and IPv6 raw sockets API.
tweak + ok claudio@, ok benno@
|
|
During the initialization of the eigrpe process, use inet_pton() to
store the EIGRP multicast addresses in two global variables:
* global.mcast_addr_v4 (in_addr);
* global.mcast_addr_v6 (in6_addr).
This way we don't need to create temporary in_addr/in6_addr variables
everytime we need to use these multicast addresses for something.
"I like this" claudio@ ok benno@
|
|
This is for consistency with the other routing daemons.
ok claudio@ "earlier is better" benno@
|
|
ok claudio@ benno@
|
|
* Add missing close() calls to actually close the pipes, calling just
msgbuf_clean() is not enough;
* Bring back some NOTREACHED lint comments. style(9) says they can be
removed but in some cases they are useful to humans too;
* Add __dead to the shutdown functions;
* Some other minor changes to make eigrpd(8) more similar to the other
routing daemons.
|
|
On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.
This "pipe teardown" removes a PID reuse race condition, makes the code
simpler and allow us to remove "proc" from pledge.
OK and tweaks from claudio@
|
|
Since recently these processes call exec() after fork(), so they should
stop using _exit(2) and use exit(3) instead when shutting down.
ok claudio@
|
|
ok renato@
|
|
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@
|
|
The fork+exec diff introduced this problem where we were indirectly
calling imsg_event_add() before initializing (event_set) iev_rde and
iev_eigrpe. Fix this by moving down both main_imsg_send_ipc_sockets()
and main_imsg_send_config(), after iev_rde and iev_eigrpe are
initialized.
benno@ reported this problem for the initial ospfd fork+exec attempt,
now fix eigrpd too.
ok deraadt
|
|
For EIGRPv6, an interface only needs an link-local address in order
to be enabled in the routing daemon. So adding or removing global
unicast addresses, for example, will never trigger a state change in
the interface.
Additionally, move all address handling code to if_addr_new() and
if_addr_del() to improve readability.
|
|
The uptime was being set only when the interface was created, which is
not what we want.
|
|
For each child process (rde and eigrpe), re-exec eigrpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
ok deraadt
|
|
|
|
|
|
When a process receives an EOF on a socketpair, it removes the event
handler for that fd and then calls event_loopexit(). Once the process
leaves the main loop, it calls its shutdown function. With that said,
revert the previous patch because it was unnecessary.
Pointed out and ok by deraadt@
|
|
|
|
There's no point on keeping eigrpd running if any of its processes
dies unexpectedly.
|
|
|
|
We need to free the internal pointers of the eigrpd_conf struct, not
only the main struct. This avoids memory leaks when a config reload
happens to fail (e.g. due to a syntax error).
|
|
Now eigrpd_conf contains only variables that can be modified via a
config reload. The other variables were moved to a new struct called
eigrpd_global, which is now a central point for storing global variables.
|
|
into an own flag field since these can't be modified via a
config reload.
Pulled from bgpd. Original author: claudio@
|
|
From the EIGRP draft:
"The Feasibility Condition is met when a neighbor's advertised cost, (RD)
to a destination is less than the Feasible Distance for that destination".
So, according to the draf, when the Reported Distance is EQUAL to the
Feasible Distance, the Feasible Condition is NOT met.
|
|
* whitespace cleanup;
* copy in_addr structs directly;
* add more malloc return value checks;
* fix some log messages;
* turn ifacecnt into a static variable;
* use eigrp_addrcmp() on if_deladdr() to avoid code duplication;
* s/route_print_origin/log_route_origin/
* more smaller issues.
|
|
pledge(2) call to make "reload",
without that, daemon will crash on SIGHUP signal....
as discurssed/OK renato@
commit it now, deraadt@
|
|
|
|
The sooner we do these changes the better. This rearrangement will make
the code easier to read.
|
|
The C standard says: "A pointer to a union object, suitably converted,
points to each of its members".
This means that we can use the same code to process both v4 and v6
addresses.
|
