aboutsummaryrefslogtreecommitdiff
path: root/networking
AgeCommit message (Collapse)Author
2016-08-01ntpd: respond only to client and symmetric active packetsMiroslav Lichvar
The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of responses between two busybox NTP servers. Adding more packets to the loop increases the traffic between the servers until one of them has a fully loaded CPU and/or network. Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-25wget: run s_client helper with -servername HOSTDenys Vlasenko
This is necessary for multi-hosted TLSed web sites. function old new delta spawn_https_helper_openssl 334 441 +107 Based on a patch by Jeremy Chadwick <jdc@koitsu.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-25ssl_helper.sh: strip was invoked incorrectlyDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-19typo fixesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-06getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LISTDenys Vlasenko
In many cases, this aqllows to drop use of opt_complementary. Approximately -400 bytes: function old new delta getopt32 1423 1502 +79 opt_string 17 18 +1 OPT_STR 24 25 +1 uniq_main 416 406 -10 timeout_main 279 269 -10 sulogin_main 270 260 -10 readprofile_main 1825 1815 -10 ps_main 543 533 -10 pidof_main 245 235 -10 pgrep_main 611 601 -10 od_main 2600 2590 -10 mkfs_minix_main 2684 2674 -10 mkfs_ext2_main 2603 2593 -10 microcom_main 712 702 -10 makemime_main 315 305 -10 ionice_main 282 272 -10 inetd_main 2074 2064 -10 ifplugd_main 1144 1134 -10 halt_main 353 343 -10 getopt_main 636 626 -10 fdisk_main 2854 2844 -10 env_main 206 196 -10 dmesg_main 319 309 -10 conspy_main 1214 1204 -10 awk_main 981 971 -10 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/22 up/down: 81/-220) Total: -139 bytes text data bss dec hex filename 919373 906 14060 934339 e41c3 busybox_old 918969 906 14060 933935 e402f busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-06whois: implement -iDenys Vlasenko
function old new delta whois_main 654 675 +21 packed_usage 30355 30356 +1 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-06whois: make it actually workDenys Vlasenko
It was doing way too simplistic work of just querying the server, no redirects, no query massaging. This required user to know a lot about whois, and enter at least three queries for each host to get meaningful information. function old new delta whois_main 209 646 +437 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-04arp: fix buffer overflow. Closes 9071Denys Vlasenko
function old new delta arp_main 1910 1898 -12 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-03udhcpc: run "deconfig" script in manual renew state too. closes 9061Denys Vlasenko
The bug was seen when the following is done: # killall 1 udhpc; killall 2 udhpc Performing a DHCP renew state: 2 -> 5 Sending renew... Entering released state state: 5 -> 6 <<<<<<<<<<<<<< not calling script!!!! Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-03ntpd: daemonize before DNS resolutionDenys Vlasenko
This resolves the following use case problem: "I start ntpd by default from /etc/init.d There might be no working network connection (not configured properly for whatever reason, hardware problems, whatelse). With busybox 1.25 ntpd seems to loop forever if now NTP servers are found, blocking the boot process and I never get a login to solve a possible pb or to do a first time configuration." Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-23ping: populate icmp_id field for "simple" ping tooJonas Danielsson
The ICMP RFC says that identifier and sequence number may be zero. Having them zero for a Echo message, along with a data of zero's as well will result in a Echo reply message with only zero's. Some NAT implementations seem to get the checksum wrong on these packages. Setting a checksum of 0x0 instead of 0xffff. Through NAT: Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x0000 [incorrect, should be 0xffff] Identifier (BE): 0 (0x0000) Identifier (LE): 0 (0x0000) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) Data (56 bytes) Data: 000000000000000000000000000000000000000000000000... [Length: 56] Without NAT: Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0xffff [correct] Identifier (BE): 0 (0x0000) Identifier (LE): 0 (0x0000) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) [Request frame: 189] [Response time: 0.024 ms] Data (56 bytes) Data: 000000000000000000000000000000000000000000000000... [Length: 56] And this in turn will make some hardware MAC checksum offloading engines drop the packet. (This was seen with a Synopsis MAC, the same one used in for instance the stmmac Ethernet driver in the linux kernel.) This change can be seen as a workaround for bugs in other layers. But just setting an identifier for the Echo message packet will avoid prodding the hornets nest. function old new delta common_ping_main 424 500 +76 Signed-off-by: Jonas Danielsson <jonasdn@axis.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-06ntpd: retry initial DNS resolution (forever, no timeout for now).Denys Vlasenko
Some users start ntpd on boot, and don't babysit it. If it dies because DNS is not yet up and therefore NTP servers can't be found, users are not happy. Example behavior with a peer name which can't be resolved: ntpd: bad address 'qwe.rty.ghj.kl' ...5 sec... ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ntpd: bad address 'qwe.rty.ghj.kl' ... Based on the patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> function old new delta resolve_peer_hostname - 81 +81 ntpd_main 1130 1061 -69 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/1 up/down: 81/-69) Total: 12 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-05-26arping: avoid use of ether_ntoa(). Closes 8926Denys Vlasenko
This is the only non-debug use of ether_ntoa(). By not using it, we reduce bss: function old new delta arping_main 1568 1665 +97 static.asc 18 - -18 ether_ntoa 57 - -57 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 1/0 up/down: 97/-75) Total: 22 bytes text data bss dec hex filename 911020 493 7352 918865 e0551 busybox_old 911069 493 7336 918898 e0572 busybox_unstripped Also, "standard" arping zero-pads MAC. ether_ntoa() does not. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-04-24ip: fix problem on mips64 n64 big endian musl systemsSzabolcs Nagy
Use designated initializers for struct msghdr. The struct layout is non-portable and musl libc does not match what busybox expects. Signed-off-by: Szabolcs Nagy <nsz@port70.net> Tested-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-04-22*: slap on a few ALIGN1/2s where appropriateDenys Vlasenko
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map" text data bss dec hex filename 829901 4086 1904 835891 cc133 busybox_before 829665 4086 1904 835655 cc047 busybox Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-04-21udhcp: add setup_common_bufsiz() as neededDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-04-21*: hopefully all setup_common_bufsiz() are in placeDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-04-21*: add most of the required setup_common_bufsiz() callsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-04-21libbb: make bb_common_bufsiz1 1 kbyte, add capability to use bss tail for itDenys Vlasenko
The config item is FEATURE_USE_BSS_TAIL. When it is off (default): function old new delta read_config 210 228 +18 doCommands 2279 2294 +15 ipneigh_list_or_flush 763 772 +9 ipaddr_list_or_flush 1256 1261 +5 display_process_list 1301 1306 +5 conspy_main 1378 1383 +5 do_lzo_compress 352 355 +3 do_lzo_decompress 565 567 +2 push 46 44 -2 inetd_main 2136 2134 -2 uevent_main 421 418 -3 addLines 97 92 -5 bb_common_bufsiz1 8193 1024 -7169 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 8/5 up/down: 62/-7181) Total: -7119 bytes text data bss dec hex filename 829850 4086 9080 843016 cdd08 busybox_old 829901 4086 1904 835891 cc133 busybox_unstripped FEATURE_USE_BSS_TAIL=y: read_config 210 228 +18 doCommands 2279 2294 +15 ipneigh_list_or_flush 763 772 +9 ipaddr_list_or_flush 1256 1261 +5 display_process_list 1301 1306 +5 conspy_main 1378 1383 +5 do_lzo_compress 352 355 +3 do_lzo_decompress 565 567 +2 inetd_main 2136 2134 -2 bb_common_bufsiz1 8193 - -8193 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 8/1 up/down: 62/-8195) Total: -8133 bytes text data bss dec hex filename 829850 4086 9080 843016 cdd08 busybox_old 829911 4086 880 834877 cbd3d busybox_unstripped FIXME: setup_common_bufsiz() calls are missing. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-30udhcp: fix capitalization of two messagesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-30dhcpd: string reuseDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-30udhcp: get rid of bb_info_msg()Denys Vlasenko
function old new delta udhcpd_main 1501 1531 +30 d6_recv_raw_packet 251 264 +13 perform_d6_release 188 198 +10 udhcpc6_main 2443 2449 +6 udhcp_recv_raw_packet 582 588 +6 udhcp_recv_kernel_packet 132 138 +6 send_d6_renew 140 146 +6 d6_recv_kernel_packet 118 124 +6 send_renew 77 82 +5 send_discover 85 90 +5 send_decline 84 89 +5 send_d6_select 97 102 +5 send_d6_discover 174 179 +5 perform_release 167 172 +5 count_lines 72 74 +2 udhcpc_main 2836 2837 +1 bb_info_msg 125 - -125 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 17/4 up/down: 117/-180) Total: -63 bytes text data bss dec hex filename 924935 906 17160 943001 e6399 busybox_old 924736 906 17160 942802 e62d2 busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-30zcip: use bb_error_msg for logging, not bb_info_msgDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-30Replace a few more bb_info_msg's by bb_error_msg or printfDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-30Use bb_error_msg instead of bb_info_msg in all commented-out debug printoutsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-29Revert "networking: properly initialize ipv6 scope id for printing it"Denys Vlasenko
This reverts commit 2fb63292f7083fb259a3f8d8ee70ef8acdaed626. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-28networking: properly initialize ipv6 scope id for printing itTimo Teräs
Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-17wget: make -T timeout work on header reads too. Closes 8636Denys Vlasenko
function old new delta set_alarm - 27 +27 fgets_and_trim 76 92 +16 wget_main 2610 2616 +6 open_socket 64 54 -10 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-11udhcpc: fix a warning in debug codeDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-10udhcp: fix a SEGV on malformed RFC1035-encoded domain nameDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-04udhcpc: do not use -t NUM for counting "select" packets, use 3Denys Vlasenko
Otherwise, "-t 0" usage may end up sending them forever if server does not respond. function old new delta udhcpc_main 2846 2836 -10 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-04ntpd: add experimental patchDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-04ntpd: if peer does not reply anymore, try re-resolving its hostnameDenys Vlasenko
function old new delta ntpd_main 1053 1130 +77 add_peers 166 195 +29 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-04ntpd: do not use a peer more than once (say, if two peers resolve to the ↵Denys Vlasenko
same IP) function old new delta add_peers 98 166 +68 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-03ntpd: more informative poll lowering messageDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-03ifupdowm: fix "warning: unused variable 'iface_list'"Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-03dhcpc: Use client IP address as source address for DHCP renew/rebind messagesHans Dedecker
RFC2131 paragraph 4.1 states DHCP messages broadcast by a client prior to that client obtaining its IP address must have the source IP address field in the header set to 0. Request messages transmitted in renewing and rebinding state need to use the obtained IP address as source IP address in the header; this behavior lines up with other implementations like ISC dhcp client. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-01udhcpd: keep expired leases at startupChristian Lindeberg
Let udhcpd retain the information about expired leases when restarting so that the leases are reserved until they possibly become the oldest expired lease. This reduces the frequency of IP address changes for example when the DHCP server and a group of clients, who do not store and request their previously offered IP address across restarts, are collectively restarted and the startup order of the clients are not guaranteed. Signed-off-by: Christian Lindeberg <christian.lindeberg@axis.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-03-01ifupdown: allow duplicate interface definitionsNicolas Cavallari
This patch allow to have multiple interface definitions, much like Debian's ifupdown. More specifically, it removes the check for a duplicate definition, so the impact on binary size should be fairly minimal. This configuration: iface eth0 inet static address 192.168.0.15 netmask 255.255.0.0 gateway 192.168.0.1 iface eth0 inet static address 10.0.0.1 netmask 255.255.255.0 Will add two addresses to eth0 if ip is used. If ifconfig is used, the standards methods will likely not stack, but the administrator may still use the manual method. The DHCP method may work depending on the DHCP client in use. This is a fairly advanced feature for power users who knows what they are doing. There are not many other network configuration systems that allows multiple addresses on an interface. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-26udhcpc: fix OPTION_6RD parsing (could overflow its malloced buffer)Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-26udhcp: trivial shrinkDenys Vlasenko
function old new delta dname_dec 337 332 -5 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-24ntpd: print packet delay in clock update messageDenys Vlasenko
function old new delta update_local_clock 820 826 +6 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-11networking: allow dot at the end of the domain name in dhcp responseDenys Vlasenko
Patch based on Balaji Punnuru <balaji.punnuru@gmail.com> work. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-10ntpd: shorter messageDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-10ntpd: step when |offset| > 1 sec, not 0.125 secDenys Vlasenko
update_local_clock 769 820 +51 recv_and_process_peer_pkt 838 862 +24 reset_peer_stats 137 133 -4 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/1 up/down: 75/-4) Total: 71 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-02-01busybox: fix uninitialized memory when displaying IPv6 addressesFelix Fietkau
After commit 8e74adab0107658e3dc04ed342206272a284f43e ("libbb: make INET[6]_rresolve use sockaddr2{host,dotted}_noport") INET_sprint6 uses more than just sin6_addr, it also tries to display the scope id, which is uninitialized when called from ife_print6. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2015-12-30iproute: support "scope". Closes 8561Denys Vlasenko
function old new delta iproute_modify 1051 1120 +69 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2015-10-31ifupdown: use -x hostname:NAME with udhcpcNatanael Copa
The -H NAME is deprecated in udhcpc. See commit 2017d48c0d70bef8768efb42909e605ea8eb5a21 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2015-10-26ifupdown: pass interface device name for ipv6 route commandsTimo Teräs
IPv6 routes need the device argument for link-local routes, or they cannot be used at all. E.g. "gateway fe80::def" seems to be used in some places, but kernel refuses to insert the route unless device name is explicitly specified in the route addition. Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2015-10-25inetd: make FEATURE_INETD_RPC off by defaultDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>