[PATCH] build: Check for openssl legacy provider requirement
by Mat Martineau
OpenSSL 3 introduced some command line incompatibilities and removed
some old algorithms from the defaults. This broke some of the unit test
cert generation commands on distros like Ubuntu 22.04 and Fedora 36.
Detect support of "providers" by the system openssl command and insert
the necessary command line parameters to enable legacy algorithms for
openssl v3, but leave the commands unchanged for older openssl versions.
---
Tested on Ubuntu 22.04, Fedora 36, and Fedora 35.
---
Makefile.am | 26 ++++++++++++++++++--------
configure.ac | 3 +++
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index d8ba99caa47e..df99e0dfc6bc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -355,6 +355,12 @@ if GLIB
examples += examples/glib-eventloop
endif
+if OPENSSL_PROVIDER
+openssl_legacy = -provider legacy -provider default
+else
+openssl_legacy =
+endif
+
if MAINTAINER_MODE
noinst_PROGRAMS += $(examples)
endif
@@ -444,7 +450,8 @@ unit/cert-client-key-pkcs1.pem:
$(AM_V_GEN)openssl genrsa -out [email protected] $($(AM_V_P)_redirect_openssl)
unit/cert-client-key-pkcs1-des.pem: unit/cert-client-key-pkcs1.pem
- $(AM_V_GEN)openssl rsa -in $< -out [email protected] -des -passout pass:abc
+ $(AM_V_GEN)openssl rsa -in $< -out [email protected] -des -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs1-des3.pem: unit/cert-client-key-pkcs1.pem
$(AM_V_GEN)openssl rsa -in $< -out [email protected] -des3 -passout pass:abc
@@ -463,15 +470,18 @@ unit/cert-client-key-pkcs8.pem: unit/cert-client-key-pkcs1.pem
unit/cert-client-key-pkcs8-md5-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
- -topk8 -v1 PBE-MD5-DES -passout pass:abc
+ -topk8 -v1 PBE-MD5-DES -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs8-sha1-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
- -topk8 -v1 PBE-SHA1-DES -passout pass:abc
+ -topk8 -v1 PBE-SHA1-DES -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs8-v2-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
- -topk8 -v2 des-cbc -v2prf hmacWithSHA1 -passout pass:abc
+ -topk8 -v2 des-cbc -v2prf hmacWithSHA1 -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs8-v2-des-ede3.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
@@ -575,19 +585,19 @@ unit/cert-entity-pkcs12-nomac.p12: unit/cert-entity-int-key.pem unit/cert-entity
$(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -out [email protected] -export -passout pass:abc -nomac # defaut ciphers
unit/cert-entity-pkcs12-rc2-sha1.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC2-40 -keypbe PBE-SHA1-RC2-128 -macalg sha1
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC2-40 -keypbe PBE-SHA1-RC2-128 -macalg sha1 $(openssl_legacy)
unit/cert-entity-pkcs12-des-sha256.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
$(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-2DES -macalg sha256
unit/cert-entity-pkcs12-rc4-sha384.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC2-40 -macalg sha384
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC2-40 -macalg sha384 $(openssl_legacy)
unit/cert-entity-pkcs12-pkcs5-sha512.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe des-cbc -keypbe des-cbc -macalg sha512
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe des-cbc -keypbe des-cbc -macalg sha512 $(openssl_legacy)
unit/cert-entity-combined.pem: unit/cert-entity-pkcs12-rc2-sha1.p12
- $(AM_V_GEN)openssl pkcs12 -in $< -out [email protected] -passin pass:abc -passout pass:abc
+ $(AM_V_GEN)openssl pkcs12 -in $< -out [email protected] -passin pass:abc -passout pass:abc $(openssl_legacy)
unit/key-plaintext.h: unit/plaintext.txt
$(AM_V_GEN)xxd -i < $< > [email protected]
diff --git a/configure.ac b/configure.ac
index 62338079bc50..87894dba8a6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,6 +131,9 @@ fi
AM_CONDITIONAL(DBUS_TESTS, test "${little_endian}" = "yes")
AM_CONDITIONAL(CERT_TESTS, test "${have_openssl}" = "yes")
+AM_CONDITIONAL(OPENSSL_PROVIDER, test "${have_openssl}" = "yes" &&
+ openssl list -providers > /dev/null 2>&1 )
+AC_SUBST(OPENSSL_PROVIDER)
AC_CONFIG_FILES(Makefile ell/ell.pc)
--
2.36.1
4 days
[PATCH] useful: Remove extra semicolons after DEFINE_CLEANUP_FUNC()
by Mat Martineau
The DEFINE_CLEANUP_FUNC() macro substitutes an inline function
definition that ends with a '}'. All the users of the macro add a
semicolon after the macro, so to the C compiler it ends up looking like
there's an extra semicolon after the inline function.
When non-ELL source files include ELL headers and use '-pedantic' with
gcc, the compiler complains:
error: ISO C does not allow extra ‘;’ outside of a function [-Werror=pedantic]
The non-ELL files can work around this with pragmas, but it does make
sense for ELL headers to be compliant with the C standard.
---
ell/cert.h | 4 ++--
ell/ecc.h | 4 ++--
ell/key.h | 4 ++--
ell/rtnl.h | 4 ++--
ell/settings.h | 2 +-
ell/string.h | 2 +-
ell/strv.h | 2 +-
ell/uintset.h | 2 +-
ell/util.h | 2 +-
9 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/ell/cert.h b/ell/cert.h
index 605e427c3d05..aa8ed3bc928f 100644
--- a/ell/cert.h
+++ b/ell/cert.h
@@ -43,7 +43,7 @@ typedef bool (*l_cert_walk_cb_t)(struct l_cert *cert, void *user_data);
struct l_cert *l_cert_new_from_der(const uint8_t *buf, size_t buf_len);
void l_cert_free(struct l_cert *cert);
-DEFINE_CLEANUP_FUNC(l_cert_free);
+DEFINE_CLEANUP_FUNC(l_cert_free)
const uint8_t *l_cert_get_der_data(struct l_cert *cert, size_t *out_len);
const uint8_t *l_cert_get_dn(struct l_cert *cert, size_t *out_len);
@@ -51,7 +51,7 @@ enum l_cert_key_type l_cert_get_pubkey_type(struct l_cert *cert);
struct l_key *l_cert_get_pubkey(struct l_cert *cert);
void l_certchain_free(struct l_certchain *chain);
-DEFINE_CLEANUP_FUNC(l_certchain_free);
+DEFINE_CLEANUP_FUNC(l_certchain_free)
struct l_cert *l_certchain_get_leaf(struct l_certchain *chain);
void l_certchain_walk_from_leaf(struct l_certchain *chain,
diff --git a/ell/ecc.h b/ell/ecc.h
index 981bf95928b2..2f5f78182acf 100644
--- a/ell/ecc.h
+++ b/ell/ecc.h
@@ -73,7 +73,7 @@ bool l_ecc_point_y_isodd(const struct l_ecc_point *p);
ssize_t l_ecc_point_get_data(const struct l_ecc_point *p, void *buf, size_t len);
void l_ecc_point_free(struct l_ecc_point *p);
-DEFINE_CLEANUP_FUNC(l_ecc_point_free);
+DEFINE_CLEANUP_FUNC(l_ecc_point_free)
struct l_ecc_scalar *l_ecc_scalar_new(const struct l_ecc_curve *curve,
const void *buf, size_t len);
@@ -87,7 +87,7 @@ struct l_ecc_scalar *l_ecc_scalar_new_reduced_1_to_n(
ssize_t l_ecc_scalar_get_data(const struct l_ecc_scalar *c, void *buf,
size_t len);
void l_ecc_scalar_free(struct l_ecc_scalar *c);
-DEFINE_CLEANUP_FUNC(l_ecc_scalar_free);
+DEFINE_CLEANUP_FUNC(l_ecc_scalar_free)
/* Constant operations */
bool l_ecc_scalar_add(struct l_ecc_scalar *ret, const struct l_ecc_scalar *a,
diff --git a/ell/key.h b/ell/key.h
index d25d09385b6f..ff3d9abbda4c 100644
--- a/ell/key.h
+++ b/ell/key.h
@@ -109,9 +109,9 @@ bool l_keyring_restrict(struct l_keyring *keyring, enum l_keyring_restriction re
const struct l_keyring *trust);
void l_keyring_free(struct l_keyring *keyring);
-DEFINE_CLEANUP_FUNC(l_keyring_free);
+DEFINE_CLEANUP_FUNC(l_keyring_free)
void l_keyring_free_norevoke(struct l_keyring *keyring);
-DEFINE_CLEANUP_FUNC(l_keyring_free_norevoke);
+DEFINE_CLEANUP_FUNC(l_keyring_free_norevoke)
bool l_keyring_link(struct l_keyring *keyring, const struct l_key *key);
diff --git a/ell/rtnl.h b/ell/rtnl.h
index 2617b1ca8f56..23d3dfc5cac5 100644
--- a/ell/rtnl.h
+++ b/ell/rtnl.h
@@ -41,7 +41,7 @@ typedef void (*l_rtnl_neighbor_get_cb_t) (int error, const uint8_t *hwaddr,
struct l_rtnl_address *l_rtnl_address_new(const char *ip, uint8_t prefix_len);
struct l_rtnl_address *l_rtnl_address_clone(const struct l_rtnl_address *orig);
void l_rtnl_address_free(struct l_rtnl_address *addr);
-DEFINE_CLEANUP_FUNC(l_rtnl_address_free);
+DEFINE_CLEANUP_FUNC(l_rtnl_address_free)
bool l_rtnl_address_get_address(const struct l_rtnl_address *addr,
char *out_buf);
uint8_t l_rtnl_address_get_family(const struct l_rtnl_address *addr);
@@ -74,7 +74,7 @@ struct l_rtnl_route *l_rtnl_route_new_prefix(const char *ip,
struct l_rtnl_route *l_rtnl_route_new_static(const char *gw, const char *ip,
uint8_t prefix_len);
void l_rtnl_route_free(struct l_rtnl_route *rt);
-DEFINE_CLEANUP_FUNC(l_rtnl_route_free);
+DEFINE_CLEANUP_FUNC(l_rtnl_route_free)
uint8_t l_rtnl_route_get_family(const struct l_rtnl_route *rt);
bool l_rtnl_route_get_gateway(const struct l_rtnl_route *rt, char *out_buf);
const void *l_rtnl_route_get_gateway_in_addr(const struct l_rtnl_route *rt);
diff --git a/ell/settings.h b/ell/settings.h
index 519014d55337..5c206a84097a 100644
--- a/ell/settings.h
+++ b/ell/settings.h
@@ -40,7 +40,7 @@ struct l_settings *l_settings_new(void);
struct l_settings *l_settings_clone(const struct l_settings *settings);
void l_settings_free(struct l_settings *settings);
-DEFINE_CLEANUP_FUNC(l_settings_free);
+DEFINE_CLEANUP_FUNC(l_settings_free)
bool l_settings_load_from_data(struct l_settings *settings,
const char *data, size_t len);
diff --git a/ell/string.h b/ell/string.h
index e1faa7d77a47..793226760d4e 100644
--- a/ell/string.h
+++ b/ell/string.h
@@ -34,7 +34,7 @@ struct l_string;
struct l_string *l_string_new(size_t initial_length);
void l_string_free(struct l_string *string);
-DEFINE_CLEANUP_FUNC(l_string_free);
+DEFINE_CLEANUP_FUNC(l_string_free)
char *l_string_unwrap(struct l_string *string);
struct l_string *l_string_append(struct l_string *dest, const char *src);
diff --git a/ell/strv.h b/ell/strv.h
index 6de81db6bde5..51019480261a 100644
--- a/ell/strv.h
+++ b/ell/strv.h
@@ -38,7 +38,7 @@ char *l_strjoinv(char **str_array, const char delim);
char **l_strv_new(void);
void l_strv_free(char **str_array);
-DEFINE_CLEANUP_FUNC(l_strv_free);
+DEFINE_CLEANUP_FUNC(l_strv_free)
unsigned int l_strv_length(char **str_array);
bool l_strv_contains(char **str_array, const char *item);
char **l_strv_append(char **str_array, const char *str);
diff --git a/ell/uintset.h b/ell/uintset.h
index aa9de48d633c..ba9ac7259b68 100644
--- a/ell/uintset.h
+++ b/ell/uintset.h
@@ -39,7 +39,7 @@ struct l_uintset;
struct l_uintset *l_uintset_new_from_range(uint32_t min, uint32_t max);
struct l_uintset *l_uintset_new(unsigned int size);
void l_uintset_free(struct l_uintset *set);
-DEFINE_CLEANUP_FUNC(l_uintset_free);
+DEFINE_CLEANUP_FUNC(l_uintset_free)
bool l_uintset_contains(struct l_uintset *set, uint32_t number);
bool l_uintset_take(struct l_uintset *set, uint32_t number);
diff --git a/ell/util.h b/ell/util.h
index 3daf07657430..c7e79003b089 100644
--- a/ell/util.h
+++ b/ell/util.h
@@ -236,7 +236,7 @@ void *l_malloc(size_t size) __attribute__ ((warn_unused_result, malloc));
void *l_memdup(const void *mem, size_t size)
__attribute__ ((warn_unused_result, malloc));
void l_free(void *ptr);
-DEFINE_CLEANUP_FUNC(l_free);
+DEFINE_CLEANUP_FUNC(l_free)
void *l_realloc(void *mem, size_t size)
__attribute__ ((warn_unused_result, malloc));
--
2.36.1
1 month, 1 week
[PATCH 1/3] tls: Flush record buffers on l_tls_close
by Andrew Zaborowski
We probably don't want to handle data fragments we received before an
l_tls_close if the TLS tunnel gets restarted in the future.
---
ell/tls.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ell/tls.c b/ell/tls.c
index c246f1f..c072afb 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -2852,6 +2852,9 @@ LIB_EXPORT bool l_tls_start(struct l_tls *tls)
LIB_EXPORT void l_tls_close(struct l_tls *tls)
{
+ tls->record_buf_len = 0;
+ tls->message_buf_len = 0;
+
TLS_DISCONNECT(TLS_ALERT_CLOSE_NOTIFY, 0, "Closing session");
}
--
2.32.0
1 month, 1 week
[PATCH] build: Generate test certs using OpenSSL 3 legacy provider
by Mat Martineau
OpenSSL 3 moved some legacy algorithms to a separate "legacy" provider,
so they are not available by default. Add the necessary command line
parameters for use with OpenSSL 3, which distros are switching to. For
example, Ubuntu 22.04 and Fedora 36 are the first version of those
distributions to use OpenSSL 3 or later.
This does break compatibility with older OpenSSL versions and
configuring the project with "--enable-maintainer-mode". The
tradeoff is keeping the autoconf/automake checks simpler.
---
Makefile.am | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index d8ba99c..b8423c4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -444,7 +444,8 @@ unit/cert-client-key-pkcs1.pem:
$(AM_V_GEN)openssl genrsa -out [email protected] $($(AM_V_P)_redirect_openssl)
unit/cert-client-key-pkcs1-des.pem: unit/cert-client-key-pkcs1.pem
- $(AM_V_GEN)openssl rsa -in $< -out [email protected] -des -passout pass:abc
+ $(AM_V_GEN)openssl rsa -in $< -out [email protected] -des -passout pass:abc \
+ -provider legacy -provider default
unit/cert-client-key-pkcs1-des3.pem: unit/cert-client-key-pkcs1.pem
$(AM_V_GEN)openssl rsa -in $< -out [email protected] -des3 -passout pass:abc
@@ -463,15 +464,18 @@ unit/cert-client-key-pkcs8.pem: unit/cert-client-key-pkcs1.pem
unit/cert-client-key-pkcs8-md5-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
- -topk8 -v1 PBE-MD5-DES -passout pass:abc
+ -topk8 -v1 PBE-MD5-DES -passout pass:abc \
+ -provider legacy -provider default
unit/cert-client-key-pkcs8-sha1-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
- -topk8 -v1 PBE-SHA1-DES -passout pass:abc
+ -topk8 -v1 PBE-SHA1-DES -passout pass:abc \
+ -provider legacy -provider default
unit/cert-client-key-pkcs8-v2-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
- -topk8 -v2 des-cbc -v2prf hmacWithSHA1 -passout pass:abc
+ -topk8 -v2 des-cbc -v2prf hmacWithSHA1 -passout pass:abc \
+ -provider legacy -provider default
unit/cert-client-key-pkcs8-v2-des-ede3.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out [email protected] \
@@ -575,19 +579,20 @@ unit/cert-entity-pkcs12-nomac.p12: unit/cert-entity-int-key.pem unit/cert-entity
$(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -out [email protected] -export -passout pass:abc -nomac # defaut ciphers
unit/cert-entity-pkcs12-rc2-sha1.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC2-40 -keypbe PBE-SHA1-RC2-128 -macalg sha1
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC2-40 -keypbe PBE-SHA1-RC2-128 -macalg sha1 -provider legacy -provider default
unit/cert-entity-pkcs12-des-sha256.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
$(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-2DES -macalg sha256
unit/cert-entity-pkcs12-rc4-sha384.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC2-40 -macalg sha384
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC2-40 -macalg sha384 -provider legacy -provider default
unit/cert-entity-pkcs12-pkcs5-sha512.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe des-cbc -keypbe des-cbc -macalg sha512
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out [email protected] -export -passout pass:abc -certpbe des-cbc -keypbe des-cbc -macalg sha512 -provider legacy -provider default
unit/cert-entity-combined.pem: unit/cert-entity-pkcs12-rc2-sha1.p12
- $(AM_V_GEN)openssl pkcs12 -in $< -out [email protected] -passin pass:abc -passout pass:abc
+ $(AM_V_GEN)openssl pkcs12 -in $< -out [email protected] -passin pass:abc -passout pass:abc \
+ -provider legacy -provider default
unit/key-plaintext.h: unit/plaintext.txt
$(AM_V_GEN)xxd -i < $< > [email protected]
--
2.36.1
1 month, 1 week
[PATCH 01/15] netconfig: Add missing NULL check for routes from RA
by Andrew Zaborowski
Fixes: 7a137bcac31e ("netconfig: Create routes from Router Advertisements")
---
ell/netconfig.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ell/netconfig.c b/ell/netconfig.c
index f39f88f..8026c81 100644
--- a/ell/netconfig.c
+++ b/ell/netconfig.c
@@ -573,8 +573,9 @@ static struct l_rtnl_route *netconfig_add_icmp6_route(struct l_netconfig *nc,
{
struct l_rtnl_route *rt;
- rt = netconfig_route_new(nc, AF_INET6, dst->address, dst->prefix_len,
- gateway, RTPROT_RA);
+ rt = netconfig_route_new(nc, AF_INET6, dst ? dst->address : NULL,
+ dst ? dst->prefix_len : 0, gateway,
+ RTPROT_RA);
if (L_WARN_ON(!rt))
return NULL;
--
2.32.0
1 month, 1 week
[PATCH 01/17] net: Add net_prefix_from_ipv6 utility
by Andrew Zaborowski
Add function that zeroes bits after prefix_len'th bit in an address. Put
it in net-private.h so it can be used by both netconfig.c and icmp6.c,
potentially others.
---
ell/net-private.h | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/ell/net-private.h b/ell/net-private.h
index cc395bb..39d4d98 100644
--- a/ell/net-private.h
+++ b/ell/net-private.h
@@ -22,3 +22,21 @@
char *net_domain_name_parse(const uint8_t *raw, size_t raw_len);
char **net_domain_list_parse(const uint8_t *raw, size_t raw_len);
+
+static inline const void *net_prefix_from_ipv6(const uint8_t *address,
+ uint8_t prefix_len)
+{
+ uint8_t last_byte = prefix_len / 8;
+ uint8_t bits = prefix_len & 7;
+ static uint8_t prefix[16];
+
+ memcpy(prefix, address, last_byte);
+
+ if (prefix_len & 7) {
+ prefix[last_byte] = address[last_byte] & (0xff00 >> bits);
+ last_byte++;
+ }
+
+ memset(prefix + last_byte, 0, 16 - last_byte);
+ return prefix;
+}
--
2.32.0
1 month, 2 weeks
[PATCH] dhcp: CLIENT_ENTER_STATE should log as INFO
by Michael Johnson
This was missed in the d5377c6. Now the state will only log when INFO or
above is enabled.
---
ell/dhcp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/ell/dhcp.c b/ell/dhcp.c
index 8ff5594..4e66faa 100644
--- a/ell/dhcp.c
+++ b/ell/dhcp.c
@@ -56,9 +56,7 @@
#define CLIENT_WARN(fmt, args...) \
CLIENT_LOG(L_LOG_WARNING, fmt, ## args)
#define CLIENT_ENTER_STATE(s) \
- l_util_debug(client->debug_handler, client->debug_data, \
- "%s:%i Entering state: " #s, \
- __func__, __LINE__); \
+ CLIENT_INFO("Entering state: " #s); \
client->state = (s)
#define BITS_PER_LONG (sizeof(unsigned long) * 8)
--
2.25.1
1 month, 2 weeks
[PATCH] dhcp-transport: Do not leak fds during bind
by Denis Kenzior
When a lease is renewed, the transport bind operation is called. This
can be done multiple times by dhcp_client, whenever a lease has been
obtained or renewed. This can result in fds being leaked.
If bind operation has previously succeeded, simply return and reuse the
already created fd.
---
ell/dhcp-transport.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ell/dhcp-transport.c b/ell/dhcp-transport.c
index 52da2db04f49..b466f136972c 100644
--- a/ell/dhcp-transport.c
+++ b/ell/dhcp-transport.c
@@ -361,6 +361,9 @@ static int _dhcp_default_transport_bind(struct dhcp_transport *s,
if (!transport->io)
return -EIO;
+ if (transport->udp_fd >= 0)
+ return 0;
+
fd = kernel_udp_socket_open(transport->ifname, saddr, transport->port);
if (fd < 0)
return fd;
@@ -552,6 +555,7 @@ struct dhcp_transport *_dhcp_default_transport_new(uint32_t ifindex,
transport->super.ifindex = ifindex;
l_strlcpy(transport->ifname, ifname, IFNAMSIZ);
transport->port = port;
+ transport->udp_fd = -1;
return &transport->super;
}
--
2.32.0
1 month, 2 weeks
[PATCH] dhcp: Use bound_time for retransmission timers
by Denis Kenzior
start_t is used to try and calculate the retransmission timeout value
when the client enters RENEWING or REBINDING state. This works fine on
the first renewal since the client start timestamp and the lease bound
timestamp are very close. Also, the RENEW request is sent immediately
whenever the T1 timer expires and most of the time it succeeds.
However, if this isn't a first renewal attempt and the RENEW request
sent when the T1 timer expires is not successful, then the renewal
timeout value could become too large. Fix that by using the lease
bound_time for the retransmission timer calculation (as intended) intead
of the client start time (start_t).
---
ell/dhcp.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/ell/dhcp.c b/ell/dhcp.c
index 2d049005a135..01900f3b1d38 100644
--- a/ell/dhcp.c
+++ b/ell/dhcp.c
@@ -520,6 +520,7 @@ static void dhcp_client_timeout_resend(struct l_timeout *timeout,
void *user_data)
{
struct l_dhcp_client *client = user_data;
+ struct l_dhcp_lease *lease = client->lease;
unsigned int next_timeout = 0;
int r;
@@ -555,12 +556,12 @@ static void dhcp_client_timeout_resend(struct l_timeout *timeout,
switch (client->state) {
case DHCP_STATE_RENEWING:
- next_timeout = dhcp_rebind_renew_retry_time(client->start_t,
- client->lease->t2);
+ next_timeout = dhcp_rebind_renew_retry_time(lease->bound_time,
+ lease->t2);
break;
case DHCP_STATE_REBINDING:
- next_timeout = dhcp_rebind_renew_retry_time(client->start_t,
- client->lease->lifetime);
+ next_timeout = dhcp_rebind_renew_retry_time(lease->bound_time,
+ lease->lifetime);
break;
case DHCP_STATE_REQUESTING:
case DHCP_STATE_SELECTING:
@@ -642,7 +643,7 @@ static void dhcp_client_t1_expired(struct l_timeout *timeout, void *user_data)
l_timeout_set_callback(client->timeout_lease, dhcp_client_t2_expired,
client, NULL);
- next_timeout = dhcp_rebind_renew_retry_time(client->start_t,
+ next_timeout = dhcp_rebind_renew_retry_time(client->lease->bound_time,
client->lease->t2);
client->timeout_resend =
l_timeout_create_ms(dhcp_fuzz_secs(next_timeout),
--
2.32.0
1 month, 2 weeks
[PATCH] log: Add a max_log_level and limit l_log
by Michael Johnson
This allows the user of ell to limit the logging verbosity to whatever
value they want by calling l_log_set_max_level. The current behavior of
no limit is maintained.
---
ell/log.c | 16 ++++++++++++++++
ell/log.h | 1 +
2 files changed, 17 insertions(+)
diff --git a/ell/log.c b/ell/log.c
index 05af3e5..89e4ffc 100644
--- a/ell/log.c
+++ b/ell/log.c
@@ -37,6 +37,7 @@
#include "queue.h"
#include "log.h"
#include "private.h"
+#include "useful.h"
struct debug_section {
struct l_debug_desc *start;
@@ -67,6 +68,7 @@ static l_log_func_t log_func = log_null;
static const char *log_ident = "";
static int log_fd = -1;
static unsigned long log_pid;
+static int max_log_level = L_LOG_DEBUG;
static inline void close_log(void)
{
@@ -275,6 +277,17 @@ LIB_EXPORT void l_log_set_journal(void)
log_func = log_journal;
}
+/**
+ * l_log_set_max_level:
+ * @priority: max level
+ *
+ * Set the maximum logging level.
+ */
+LIB_EXPORT void l_log_set_max_level(int priority)
+{
+ max_log_level = priority;
+}
+
/**
* l_log_with_location:
* @priority: priority level
@@ -292,6 +305,9 @@ LIB_EXPORT void l_log_with_location(int priority,
{
va_list ap;
+ if (unlikely(priority > max_log_level))
+ return;
+
va_start(ap, format);
log_func(priority, file, line, func, format, ap);
va_end(ap);
diff --git a/ell/log.h b/ell/log.h
index 9ae40c0..3fc3867 100644
--- a/ell/log.h
+++ b/ell/log.h
@@ -44,6 +44,7 @@ void l_log_set_null(void);
void l_log_set_stderr(void);
void l_log_set_syslog(void);
void l_log_set_journal(void);
+void l_log_set_max_level(int priority);
void l_log_with_location(int priority, const char *file, const char *line,
const char *func, const char *format, ...)
--
2.25.1
1 month, 2 weeks