project/relayd.git
4 years agodhcp.c: further improve validation
Kevin Darbyshire-Bryant [Fri, 24 Apr 2020 10:18:26 +0000 (11:18 +0100)]
dhcp.c: further improve validation

Add 2 more length/bounds checks with thanks to
Guido Vranken <guido@guidovranken.com>

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
4 years agodhcp.c: improve input validation & length checks
Kevin Darbyshire-Bryant [Mon, 13 Apr 2020 08:14:43 +0000 (09:14 +0100)]
dhcp.c: improve input validation & length checks

Improve data & structure length validation.

Addresses CVE-2020-11752

Thanks to Guido Vranken <guido@guidovranken.com> for the report who
requested credit be given to 'ForAllSecure Mayhem'.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
8 years agorelayd: put rule requests on stack
Felix Fietkau [Sun, 7 Feb 2016 20:34:33 +0000 (21:34 +0100)]
relayd: put rule requests on stack

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agofix attribute alignment for rules
Felix Fietkau [Sun, 7 Feb 2016 19:46:03 +0000 (20:46 +0100)]
fix attribute alignment for rules

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agorules: process rules after the local table to ensure that local access still works
Felix Fietkau [Fri, 5 Feb 2016 15:43:53 +0000 (16:43 +0100)]
rules: process rules after the local table to ensure that local access still works

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agomain: avoid adding redundant interfaces
Markus [Wed, 3 Feb 2016 13:29:48 +0000 (14:29 +0100)]
main: avoid adding redundant interfaces

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agomain: fix ip address copy length in send_arp_request
Felix Fietkau [Thu, 29 Oct 2015 14:25:03 +0000 (15:25 +0100)]
main: fix ip address copy length in send_arp_request

Detected by Coverity CID 133115313311521331125

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agoroute: fix an uninitialized variable
Felix Fietkau [Thu, 29 Oct 2015 14:18:52 +0000 (15:18 +0100)]
route: fix an uninitialized variable

Detected by Coverity CID 1331189

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agomain: fix uninitialized variable
Felix Fietkau [Thu, 29 Oct 2015 14:18:03 +0000 (15:18 +0100)]
main: fix uninitialized variable

Detected by Coverity CID 1331190

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agoAdd command line argument to disable DHCP options parsing
Alejandro Enrique [Tue, 17 Feb 2015 11:06:30 +0000 (12:06 +0100)]
Add command line argument to disable DHCP options parsing

Default routes added when parsing DHCP options are problematic on
setups where there are more interfaces than those being managed by
relayd. A default route on the routing table used for locally
generated traffic makes the traffic addressed to not managed local
networks to be sent out using that default route instead of being
properly routed.

Disabling DHCP options parsing prevents the introduction of a default
route, that way the traffic addressed to not managed local networks is
routed using the main routing table.

Signed-off-by: Alejandro Enrique <alejandro.enrique@fon.com>
9 years agoFix deletion of routing policy rules when terminating due to a signal
Alejandro Enrique [Wed, 11 Feb 2015 16:44:38 +0000 (17:44 +0100)]
Fix deletion of routing policy rules when terminating due to a signal

This patch fix routing policy rules not being deleted on termination
due to SIGTERM, SIGHUP, SIGUSR1 or SIGUSR2.
Calling uloop_end makes the call to uloop_run on main to finish and
the process to exit calling the proper cleaning functions.

Signed-off-by: Alejandro Enrique <alejandro.enrique@fon.com>
9 years agoimprove host detection on interface change
Alejandro Enrique [Wed, 11 Feb 2015 10:02:47 +0000 (11:02 +0100)]
improve host detection on interface change

This patch improve host detection and refresh when it moves from and
interface to another by pinging for it on all managed interfaces.

Previous to this patch host expiration was done by pinging for it on
the last interface it was known to be. If it does not reply after a
number of retries it will be expired and its entries
deleted. Nevertheless, if the host has moved to another managed
interface it will not be detected until there is some ARP packet sent
by the host.

This detection can be improved by pinging for the host on all managed
interfaces instead of just the one where it is supposed to be
connected, as it will reply to the ARP ping on the new interface it is
connected to and a host refresh will be triggered.

Signed-off-by: Alejandro Enrique <alejandro.enrique@fon.com>
9 years agofix missing -p command line argument
Alejandro Enrique [Wed, 11 Feb 2015 10:02:46 +0000 (11:02 +0100)]
fix missing -p command line argument

Option -p was not being accepted as it was missing in getopt parameter
list

Signed-off-by: Alejandro Enrique <alejandro.enrique@fon.com>
9 years agoadd host route on local ip arp request
Alejandro Enrique [Wed, 11 Feb 2015 10:02:45 +0000 (11:02 +0100)]
add host route on local ip arp request

This patch fixes relayd not adding a host on an ARP request for the local
IP address.
When relayd is launched using the -L option, it was not adding the
necessary host routes when it receives an ARP request for the local
IP address.

This issue makes a host not able to connect to the device running
relayd until there is ARP traffic involving a third host.

Signed-off-by: Alejandro Enrique <alejandro.enrique@fon.com>
10 years agoroute: fix an error with strict-aliasing
Felix Fietkau [Sun, 5 Oct 2014 11:01:12 +0000 (13:01 +0200)]
route: fix an error with strict-aliasing

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
10 years agodhcp.c: add _GNU_SOURCE define to fix build error with musl
Felix Fietkau [Sun, 29 Jun 2014 20:59:05 +0000 (22:59 +0200)]
dhcp.c: add _GNU_SOURCE define to fix build error with musl

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
10 years agorelay multicast packets along with broadcast packets
Felix Fietkau [Fri, 13 Jun 2014 10:09:04 +0000 (12:09 +0200)]
relay multicast packets along with broadcast packets

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
13 years agoroute.c: include time.h, required for eglibc and glibc based systems
Jo-Philipp Wich [Mon, 24 Oct 2011 16:52:05 +0000 (18:52 +0200)]
route.c: include time.h, required for eglibc and glibc based systems

13 years agodo not include linux/neighbour.h, it is unused
Felix Fietkau [Sun, 28 Aug 2011 16:21:59 +0000 (18:21 +0200)]
do not include linux/neighbour.h, it is unused

13 years agoadd cmake, use libubox for uloop and list.h
Felix Fietkau [Mon, 7 Feb 2011 18:11:44 +0000 (19:11 +0100)]
add cmake, use libubox for uloop and list.h

14 years agouloop timer: update the timeout->next->prev when adding timeout to the list
Felix Fietkau [Mon, 11 Oct 2010 15:12:03 +0000 (17:12 +0200)]
uloop timer: update the timeout->next->prev when adding timeout to the list

14 years agoimprove the reliability of gratuitous arp by sending both request and reply, also...
Felix Fietkau [Mon, 30 Aug 2010 12:56:25 +0000 (14:56 +0200)]
improve the reliability of gratuitous arp by sending both request and reply, also set the target hardware address to broadcast

14 years agoreset mac addresses when relaying arp requests
Felix Fietkau [Mon, 30 Aug 2010 09:19:10 +0000 (11:19 +0200)]
reset mac addresses when relaying arp requests

14 years agosend gratuitous ARP whenever a host entry is refreshed
Felix Fietkau [Fri, 27 Aug 2010 19:55:36 +0000 (21:55 +0200)]
send gratuitous ARP whenever a host entry is refreshed

14 years agouse requests only for creating new host entries, not for refreshing them
Felix Fietkau [Fri, 27 Aug 2010 19:43:39 +0000 (21:43 +0200)]
use requests only for creating new host entries, not for refreshing them

14 years agodecrease host timeout, add more ping tries and make them configurable
Felix Fietkau [Fri, 27 Aug 2010 19:34:16 +0000 (21:34 +0200)]
decrease host timeout, add more ping tries and make them configurable

14 years agosend gratuitous arp on refresh cycles
Felix Fietkau [Fri, 27 Aug 2010 19:30:50 +0000 (21:30 +0200)]
send gratuitous arp on refresh cycles

14 years agorespond to arp requests to the local address
Felix Fietkau [Fri, 27 Aug 2010 19:09:36 +0000 (21:09 +0200)]
respond to arp requests to the local address

14 years agoimplement local ip access through policy routing
Felix Fietkau [Fri, 27 Aug 2010 18:50:18 +0000 (20:50 +0200)]
implement local ip access through policy routing

14 years agorule: two boolean parameters with a flags field
Felix Fietkau [Fri, 27 Aug 2010 17:20:11 +0000 (19:20 +0200)]
rule: two boolean parameters with a flags field

14 years agosplit off code for sending an rtnl dump request
Felix Fietkau [Thu, 26 Aug 2010 22:01:23 +0000 (00:01 +0200)]
split off code for sending an rtnl dump request

14 years agoImplement an option for setting static routes with gateway
Felix Fietkau [Tue, 17 Aug 2010 17:46:41 +0000 (19:46 +0200)]
Implement an option for setting static routes with gateway

14 years agoImplement a workaround for the policy routing gateway bug
Felix Fietkau [Tue, 17 Aug 2010 15:53:24 +0000 (17:53 +0200)]
Implement a workaround for the policy routing gateway bug

A host route must be reachable from the default rule lookup when using it
to set a gateway, so before we can add a route with a gateway, we temporarily
inject a bogus IP rule pointing at the correct table.
As soon as the route is set, we can remove the bogus IP rule.

14 years agoAdd default gateway and DHCP handling (not fully working yet because of a kernel...
Felix Fietkau [Mon, 16 Aug 2010 22:48:23 +0000 (00:48 +0200)]
Add default gateway and DHCP handling (not fully working yet because of a kernel bug)

14 years agoSplit DHCP code off into a separate source code file
Felix Fietkau [Mon, 16 Aug 2010 19:45:52 +0000 (21:45 +0200)]
Split DHCP code off into a separate source code file

14 years agoUse policy routing to limit the scope of the host routes to affected interfaces
Felix Fietkau [Wed, 11 Aug 2010 16:56:01 +0000 (18:56 +0200)]
Use policy routing to limit the scope of the host routes to affected interfaces

14 years agoCancel pending timeouts before freeing hosts
Felix Fietkau [Wed, 11 Aug 2010 16:41:43 +0000 (18:41 +0200)]
Cancel pending timeouts before freeing hosts

14 years agoFix interface list definition
Felix Fietkau [Wed, 11 Aug 2010 15:56:21 +0000 (17:56 +0200)]
Fix interface list definition

14 years agoPreinitialize more fields of the RTNL request
Felix Fietkau [Wed, 11 Aug 2010 15:53:07 +0000 (17:53 +0200)]
Preinitialize more fields of the RTNL request

14 years agoFlush the route cache after changing routes
Felix Fietkau [Wed, 11 Aug 2010 15:44:21 +0000 (17:44 +0200)]
Flush the route cache after changing routes

14 years agoMove the rtnl code to a separate source file
Felix Fietkau [Wed, 11 Aug 2010 10:41:21 +0000 (12:41 +0200)]
Move the rtnl code to a separate source file

14 years agoMove some data structures and definitions to a header file
Felix Fietkau [Wed, 11 Aug 2010 10:31:02 +0000 (12:31 +0200)]
Move some data structures and definitions to a header file

14 years agoDo not forward ARP responses to the interface that they came from
Felix Fietkau [Wed, 11 Aug 2010 09:12:12 +0000 (11:12 +0200)]
Do not forward ARP responses to the interface that they came from

14 years agoLearn the ARP entry of the DHCP server directly from the DHCP response
Felix Fietkau [Wed, 11 Aug 2010 02:12:17 +0000 (04:12 +0200)]
Learn the ARP entry of the DHCP server directly from the DHCP response

14 years agoCFLAGS: use -Os instead of -O2
Felix Fietkau [Tue, 10 Aug 2010 23:58:37 +0000 (01:58 +0200)]
CFLAGS: use -Os instead of -O2

14 years agoAdd a copyright header (GPL v2)
Felix Fietkau [Tue, 10 Aug 2010 23:57:37 +0000 (01:57 +0200)]
Add a copyright header (GPL v2)

14 years agoAdd LDFLAGS to the Makefile
Felix Fietkau [Tue, 10 Aug 2010 23:49:11 +0000 (01:49 +0200)]
Add LDFLAGS to the Makefile

14 years agoInitial import
Felix Fietkau [Tue, 10 Aug 2010 23:44:32 +0000 (01:44 +0200)]
Initial import