summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Mark Wooding [Wed, 6 Jun 2018 20:16:56 +0000 (21:16 +0100)]
.gitignore: Rearrange and make more sensible.
Things like `deb-build' are my local conventions, so leave them to my
common ignore file. Ignore all `.so' files rather than just the ones we
know about. Alas, we can't bulk-ignore the generated scripts, but at
least we can mark the rules for fixed files as being absolute pathnames.
Also add an entry for `/debian/debhelper-build-stamp', since that's
turned up.
Mark Wooding [Wed, 6 Jun 2018 19:34:26 +0000 (20:34 +0100)]
noip.c: Support IPv6-mapped IPv4 addresses (nearly) correctly.
There's a longstanding bug here. If a program makes an `AF_INET6'
socket, and then tries to connect to a v6-mapped v4 address, then `noip'
/ought/ to match that against an existing binding of the corresponding
real IPv4 address, and /vice versa/.
Also, to support non-`IPV6_V6ONLY' server sockets, when trying to
resolve an IPv4 connection, consider the IPv6 wildcard address as a
suitable match.
There's unfortunately quite a lot here, but it all really needs to be
done in one go to work properly.
* Add `map_ipv4_sockaddr' and `unmap_ipv4_sockaddr' functions to
do the grunt-work of the address handling.
* In `encode_unused_inet_addr', check that a proposed v4 socket
address doesn't conflict with any v6-mapped and/or wildcard sockets.
* In `encode_inet_addr', try to match v4 remote addresses against
local v6-mapped and/or wildcard sockets.
* Complicate `return_fake_name' to optionally v6-map an IPv4 address.
* Introduce and deploy a new `return_fake_peer' function, which
inspects a socket's local address to discover what its `native'
address family is, so that it can map the remote address if
necessary.
* Complicate `do_implicit_bind' so that it will v6-map the local
address it's decided on, if necessary. This is essential now as a
means of recording the socket's `native' address family, as used by
`return_fake_peer'.
* Complicate `fixup_client_socket' to unmap remote v6-mapped v4
addresses before trying to encode them as Unix-domain addresses.
Mark Wooding [Wed, 6 Jun 2018 19:30:04 +0000 (20:30 +0100)]
noip.c (do_implicit_bind): Report the local address that we chose.
Mark Wooding [Wed, 6 Jun 2018 19:25:51 +0000 (20:25 +0100)]
noip.c (fixup_client_socket): Reorder the preflight checks.
Superficially, it looks as if `acl_allows_p' will be cheaper than
`real_getsockname'. But actually, if `acl_allows_p' passes the remote
address then we'll end up doing a `real_getsockname' anyway in order to
decide whether we need to substitute an unfaked socket, so this is a
false economy.
This shouldn't actually change the effective behaviour, but it will
improve performance -- not that this hack is especially performance
critical.
Mark Wooding [Wed, 6 Jun 2018 19:22:04 +0000 (20:22 +0100)]
noip.c: Factor out the non-implicit-binding parts of `do_implicit_bind'.
The function's other responsibilities are taken over by a new function
`fixup_client_socket'. When I did this, I anticipated that I was going
to have to make the latter rather more complicated, but it turns out
that it's not actually that far off.
No functional change, though the new function takes a different approach
to producing the same effective control flow.
Mark Wooding [Wed, 6 Jun 2018 19:10:14 +0000 (20:10 +0100)]
noip.c (encode_..._inet_addr: Abstract out checking a single address.
There's this common pattern of building the Unix-domain socket address,
probing its status, maybe unlinking the socket if it's stale, and
returning the result. Let's only write that once.
No functional change.
Mark Wooding [Wed, 6 Jun 2018 19:04:16 +0000 (20:04 +0100)]
noip.c: Add commentary to some hairier functions.
No code change.
Mark Wooding [Wed, 6 Jun 2018 19:00:05 +0000 (20:00 +0100)]
noip.c (encode_inet_addr): Exit early rather than branch round.
Promote the wildcard probe to the main line, and leave early -- to the
handy `found' label we just hoisted -- if the exact match was
acceptable. This structure is more convenient for adding a more
complicated search strategy later.
No functional change.
Mark Wooding [Wed, 6 Jun 2018 18:55:44 +0000 (19:55 +0100)]
noip.c (encode_inet_addr): Hoist `found' label to top-level.
No functional change: the control flow is as it was before, but this
structure invites use of the label from the other branch of the main
`if'.
Mark Wooding [Wed, 6 Jun 2018 18:47:43 +0000 (19:47 +0100)]
noip.c (get{sock,peer}name): Don't clobber `errno'.
We might return a failure here, if the underlying syscall fails, and
should propagate the `errno' it returned.
Also hoist out some block-scope variables now that their enclosing block
has vanished.
Mark Wooding [Wed, 6 Jun 2018 18:45:12 +0000 (19:45 +0100)]
noip.c ({get,set}sockopt): Stub support for IPv6 options too.
These are many and hairy, and this might cause trouble, but I'll risk it
for now.
Mark Wooding [Wed, 6 Jun 2018 18:44:36 +0000 (19:44 +0100)]
noip.c: Replace `SOL_...' with `IPPROTO_...'.
Apparently this is the POSIX way. The numbers are the same, so
whatever.
Mark Wooding [Wed, 6 Jun 2018 18:40:29 +0000 (19:40 +0100)]
noip.c: Replace `WANT_...' constants with flags for `encode_inet_addr'.
I originally expected that I'd want to add some more flags here, but it
turned out that I was mistaken. I think this is better anyway, and I
intend to continue this pattern elsewhere.
No functional change.
Mark Wooding [Wed, 6 Jun 2018 18:32:30 +0000 (19:32 +0100)]
noip.c (encode_..._inet_addr): Only call `port_from_sockaddr' once.
Just a small cleanup; no functional change.
Mark Wooding [Wed, 6 Jun 2018 19:11:56 +0000 (20:11 +0100)]
noip.c (acl_allows_p): Check that the ACL node address family is right.
Oops. `sockaddr_in_range_p' can't check this, because it can only see
one address family.
Mark Wooding [Wed, 6 Jun 2018 18:42:30 +0000 (19:42 +0100)]
noip.c: Placate GCC warning about `misleading' layout.
I think I prefer the way it was, but I'll go with having a quiet life.
Mark Wooding [Mon, 2 May 2016 22:03:02 +0000 (23:03 +0100)]
noip.[c1]: New configuration feature for setting local addresses.
Some servers are picky about which addresses they're willing to accept
connections from. Unfortunately, `noip' doesn't pick sensible local
addresses when implicitly binding sockets. It can't usefully consult
the routing table (because we may be trying to simulate an entirely
fictional network of which the kernel knows nothing). About the best we
can do is allow the user to configure the local address selection.
Add a new `impbind' configuration command which adds an entry to a list
of rules for choosing implicit binding addresses.
Mark Wooding [Mon, 2 May 2016 22:00:12 +0000 (23:00 +0100)]
noip.1: Describe ACL entries in terms of <address-range> and <port-range>.
This corresponds with the newly refactored code.
Mark Wooding [Mon, 2 May 2016 22:05:07 +0000 (23:05 +0100)]
noip.c: Factor out address-range handling functions.
* Introduce `parse_addrrange' and `foreach_addrrange' for parsing.
The former captures a representation of the range syntax, which can
contain things like `local' that actually cover multiple ranges, and
the latter iterates over the implied address ranges.
* Introduce `dump_addrrange' to produce a readable description of a
range in the debugging output.
No functional changes.
Mark Wooding [Mon, 2 May 2016 21:38:57 +0000 (22:38 +0100)]
noip.c (parse_acl_env): Move next to `parse_acl_line'.
Mark Wooding [Mon, 2 May 2016 21:35:42 +0000 (22:35 +0100)]
noip.c (encode_inet_addr): Avoid collisions with wildcard addresses.
If the caller is wanting to `encode' a currently floating socket (i.e.,
no explicit port number has been set and we're meant to pick one), then
make sure we pick a port number which doesn't collide with either the
chosen address /or/ the address-family wildcard address. Otherwise, we
can get into the situation where process A listens on a floating socket
with a wildcard address, tells process B which port was allocated, and
then process B binds to localhost, tries to connect to A, and is stymied
because B actually allocated the same port number itself.
Really we ought to seed the RNG separately for each process.
Mark Wooding [Mon, 2 May 2016 21:28:36 +0000 (22:28 +0100)]
noip.c: Add debugging to most of the syscall wrappers.
Mark Wooding [Mon, 2 May 2016 21:43:31 +0000 (22:43 +0100)]
noip.c (present_sockaddr): Handle a null address pointer.
We'll want this functionality soon.
Mark Wooding [Mon, 2 May 2016 21:26:35 +0000 (22:26 +0100)]
noip.c: Have parsers fail if there's trailing junk.
Mark Wooding [Mon, 2 May 2016 21:20:25 +0000 (22:20 +0100)]
noip.c: Include the process-id in debugging output.
Reading dumps from complicated multi-process systems can be tricky
otherwise.
Mark Wooding [Mon, 2 May 2016 21:05:40 +0000 (22:05 +0100)]
noip.c (parse_acl_line): Continue correctly after ADDRESS/PREFIX-LEN.
After an ADDRESS/PREFIX-LEN entry, the following delimiter will have
been consumed; make sure to put it back.
Mark Wooding [Mon, 2 May 2016 12:28:24 +0000 (13:28 +0100)]
noip.c: Hack ioctl(2) as well.
It appears that Java's network machinery does lots of probing of network
addresses with ioctl(2), and /some/ of these ioctls don't work well with
Unix-domain sockets. If we see one of these, then make a temporary
Internet socket and do the ioctl on that instead.
This really is quite unpleasant, but it seems to work well enough to
make Gradle work, for example.
Mark Wooding [Mon, 2 May 2016 12:26:10 +0000 (13:26 +0100)]
noip.c (fixup_real_ip_socket): Support for temporary fixups.
Add a new argument to `fixup_real_ip_socket' where it can return a
temporary fixed-up copy of the input socket. Sort out the call sites to
pass a null pointer (requesting the previous behaviour).
Mark Wooding [Mon, 2 May 2016 12:24:53 +0000 (13:24 +0100)]
noip.c: Fix some holdovers with hardcoded address families.
Now all of the references to `_INET' are in the `Address-type hacking'
section where they belong. This should really have been done as part of
the IPv6 work, but unaccountably wasn't.
Mark Wooding [Mon, 2 May 2016 21:59:16 +0000 (22:59 +0100)]
noip.1: Fix source formatting.
Mark Wooding [Mon, 2 May 2016 21:25:35 +0000 (22:25 +0100)]
noip.c: Make sure parsers update the cursor when they finish.
Even the ones which don't expect anything else to follow.
Mark Wooding [Mon, 2 May 2016 21:23:39 +0000 (22:23 +0100)]
noip.c (parse_acl_line): Don't skip on past a zero byte.
Mark Wooding [Mon, 2 May 2016 21:09:22 +0000 (22:09 +0100)]
noip.c: Add `const' qualifiers on `aclnode *' arguments.
Mark Wooding [Mon, 2 May 2016 21:09:59 +0000 (22:09 +0100)]
noip.c: Missing blank line.
Very important.
Mark Wooding [Mon, 2 May 2016 12:24:53 +0000 (13:24 +0100)]
noip.c (decode_inet_addr): Fix doc comment.
Mark Wooding [Fri, 29 Apr 2016 20:17:38 +0000 (21:17 +0100)]
Makefile: Actually distribute `debian/source/format'.
Did it in too much of a rush.
Mark Wooding [Mon, 25 Apr 2016 13:51:33 +0000 (14:51 +0100)]
Release 1.1.3.
Mark Wooding [Mon, 25 Apr 2016 13:23:33 +0000 (14:23 +0100)]
noip.c: Fix memset length error.
Reported by Ian Jackson; thanks.
Mark Wooding [Sat, 16 Apr 2016 14:59:47 +0000 (15:59 +0100)]
Release 1.1.2.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
noip.c (create_sockdir): Make sure the socket directory isn't a symlink.
Oh, dear. This is a long-standing bug, and a bad one for systems which
don't set per-user $TMPDIR directories.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
Release 1.1.1.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
debian/: Multi-Arch support.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
debian/control: Fix Build-Depends.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
debian/source/format: Apparently we need one of these nowadays.
Mark Wooding [Thu, 24 Mar 2016 11:06:41 +0000 (11:06 +0000)]
debian/control: `fw' changed name to `fwd' in 2008.
Maybe it's time this package caught up.
Mark Wooding [Thu, 24 Apr 2014 08:36:54 +0000 (09:36 +0100)]
Release 1.1.0.
Now with IPv6.
Mark Wooding [Thu, 24 Apr 2014 09:12:48 +0000 (10:12 +0100)]
README: Fettle to include IPv6, and update configuration.
Mark Wooding [Wed, 23 Apr 2014 23:15:52 +0000 (00:15 +0100)]
noip.c, noip.1: Add IPv6 support.
Just like that. Of course, the hard work was done earlier.
Mark Wooding [Wed, 23 Apr 2014 09:49:30 +0000 (10:49 +0100)]
noip.c, noip.1: Multiple address family support.
Abstract out all of the address-family-specific hacking into a
collection of utility functions. Now, with a little luck, adding
additional address families later will be straightforward.
The main casualty is the notional support for arbitrary netmasks, though
in fact they never worked correctly. They've now been silently dropped:
the new parser simply refuses to try.
Mark Wooding [Fri, 25 Apr 2014 08:49:26 +0000 (09:49 +0100)]
noip.c (get_local_ipaddrs): Rewrite to use getifaddrs(3).
This is a much better function to use because it actually gives us all
of the addresses on each interface rather than just the first.
Also, discard duplicate addresses, because they're more likely now. We
should have done this already, but unaccountably neglected to.
Mark Wooding [Fri, 25 Apr 2014 08:32:14 +0000 (09:32 +0100)]
Fix the GPL notices.
Mark Wooding [Tue, 13 Mar 2012 21:30:14 +0000 (21:30 +0000)]
noip.c: Allow PF_NETLINK sockets.
Anything fiddling with them probably knows what its doing. Chromium
fails unless it can get one.
Mark Wooding [Tue, 13 Mar 2012 21:29:51 +0000 (21:29 +0000)]
debian/rules: Switch to using debhelper 9 directly.
Mark Wooding [Tue, 13 Mar 2012 21:28:39 +0000 (21:28 +0000)]
noip.c: Shut up some GCC warnings.
I have no idea what fixup_p was meant to mean, but it's gone now.
Mark Wooding [Fri, 10 Jun 2011 20:00:07 +0000 (21:00 +0100)]
withlib.in: Fix bashism (`export VAR=VALUE').
For some reason, under `dash', this causes (say) `noip' to work
correctly for exactly one level of nesting. An attempt to invoke a
nested `noip' results in
export: 4: noip.so: bad variable name
This appears to be a result of `dash' doing word splitting too early.
Mark Wooding [Mon, 14 Jun 2010 00:27:44 +0000 (01:27 +0100)]
Release 1.0.6.
Mark Wooding [Sat, 5 Jun 2010 13:45:58 +0000 (14:45 +0100)]
noip.c: Remove hints that we might intercept close(2).
We don't because glibc makes it too hard.
Mark Wooding [Sat, 5 Jun 2010 13:45:01 +0000 (14:45 +0100)]
noip.c: Make sure it's an AF_UNIX address before counting the length.
Mark Wooding [Sat, 5 Jun 2010 10:53:59 +0000 (11:53 +0100)]
Makefile: Cardboard cutout silent rules build.
Mark Wooding [Sat, 5 Jun 2010 10:53:37 +0000 (11:53 +0100)]
noip.c: Silence GCC warnings about unused return values.
Actually act on errors from fgets while skipping the header on
/proc/net/unix, even though it's unlikely to be bad and we'll fail
later anyway. The write in printerr is not worth worrying about.
Mark Wooding [Sat, 5 Jun 2010 10:52:11 +0000 (11:52 +0100)]
noip.c: Boring whitespace fixes.
Mark Wooding [Sat, 26 Dec 2009 12:17:10 +0000 (12:17 +0000)]
Release 1.0.5.
Mark Wooding [Sat, 26 Dec 2009 12:16:09 +0000 (12:16 +0000)]
Merge branch 'master' of metalzone:public-git/preload-hacks
* 'master' of metalzone:public-git/preload-hacks:
Version 1.0.4.
noip (decode_inet_addr): Be more careful when converting addresses.
noip: Don't try to support families other than AF_UNIX and AF_INET.
Mark Wooding [Sat, 26 Dec 2009 12:15:34 +0000 (12:15 +0000)]
noip.c: Only fiddle with `errno' from `connect' if we faked things.
Otherwise some programs get confused.
Mark Wooding [Sat, 26 Dec 2009 12:15:11 +0000 (12:15 +0000)]
README: Add some more notes about how useful `noip' is.
Mark Wooding [Mon, 12 Jan 2009 17:57:54 +0000 (17:57 +0000)]
Version 1.0.4.
Mark Wooding [Mon, 12 Jan 2009 17:53:35 +0000 (17:53 +0000)]
noip (decode_inet_addr): Be more careful when converting addresses.
The old version of decode_inet_addr would convert empty Unix-domain
addresses to wildcard Internet addresses, which is erroneous in a number
of situations. In particular, this causes problems in some servers
which maintain parallel Unix-domain and Internet listening sockets, and
use the address family reported by accept(2) to decide what to do: if
the incoming connection is from an unbound (but real) Unix-domain
socket, it gets misinterpreted.
This fixes decode_inet_addr to be more selective about its decoding of
empty addresses. It must do the decoding when swapping in a genuine IP
socket, but when called via return_fake_name it's wrong to do this: a
remote socket which ought to be decoded will have been bound either
explicitly by the peer or implicitly by do_implicit_bind. (Actually,
getsockname might now be wrong when called on an unbound socket, but
that's probably a small price to pay -- and there's no way of returning
the right answer in this case anyway.)
Mark Wooding [Mon, 12 Jan 2009 17:21:58 +0000 (17:21 +0000)]
noip: Don't try to support families other than AF_UNIX and AF_INET.
If there's demand, I might try to hack in IPv6 later. But not now.
Mark Wooding [Mon, 22 Dec 2008 01:24:48 +0000 (01:24 +0000)]
Version 1.0.3.
Mark Wooding [Mon, 22 Dec 2008 01:23:12 +0000 (01:23 +0000)]
debian: Add lintian-overrides.
The libraries we ship aren't for linking against, so they don't need
sonames.
Mark Wooding [Mon, 22 Dec 2008 01:23:12 +0000 (01:23 +0000)]
noip.c, uopen.c: Add commentary and GPL notices.
This makes the whole package look much more palatable.
Mark Wooding [Mon, 22 Dec 2008 01:23:10 +0000 (01:23 +0000)]
Makefile: Spruce up considerably.
It's now more maintainable, and much easier to read.
Mark Wooding [Sun, 21 Dec 2008 22:20:55 +0000 (22:20 +0000)]
uopen.1: Reports wrong section in .TH line.
Spotted by lintian.
Mark Wooding [Sun, 21 Dec 2008 20:31:41 +0000 (20:31 +0000)]
Debian 1.0.2.
Mark Wooding [Sun, 21 Dec 2008 20:30:27 +0000 (20:30 +0000)]
Build: Use auto-version to discover the version number.
Mark Wooding [Sun, 21 Dec 2008 20:28:01 +0000 (20:28 +0000)]
README: Provide a handy overview and tutorial.
It could probably do with building instructions and stuff.
Mark Wooding [Sun, 21 Dec 2008 19:35:33 +0000 (19:35 +0000)]
debian: Switch to CDBS.
This involves hacking the Makefile a little to separate CFLAGS and
LDFLAGS into things the Debian build system can mess with and things
which will screw the build.
It also involves messing with the debian/*.install files in obvious
ways. And the build leaves a bunch of cruft which needs ignoring.
Mark Wooding [Thu, 15 May 2008 18:53:09 +0000 (19:53 +0100)]
noip: Fix error reporting.
Previously, noip would report a connection failure to an unbound socket
as ENOENT (no such file or directory). This confuses Sage (among
others, probably) which expect ECONNREFUSED.
Bump the version to 1.0.1 as a result.
Mark Wooding [Wed, 14 May 2008 07:50:26 +0000 (08:50 +0100)]
Fix trailing whitespace.
Mark Wooding [Wed, 1 Mar 2006 00:36:31 +0000 (00:36 +0000)]
noip: Fix ACL parsing bug in port ranges.
The code failed to skip past the `-' separating the parts of the port
range, so the max port always got forced to zero. Less than useful,
really.
Mark Wooding [Wed, 8 Feb 2006 20:04:32 +0000 (20:04 +0000)]
manual: Various tweaks.
* Fix author email addresses.
* Fix terrible wording mistake in noip manual, and correct the DNS
port number (presumably typoed).
Also sneak COPYING into the .gitignore file.
Mark Wooding [Wed, 8 Feb 2006 18:56:13 +0000 (18:56 +0000)]
infra: Add a copy of the GPL.
Mark Wooding [Mon, 6 Feb 2006 19:10:39 +0000 (19:10 +0000)]
Extract Subversion ignore data.
mdw [Mon, 6 Feb 2006 19:10:15 +0000 (19:10 +0000)]
debian: Fix maintainer address.
mdw [Mon, 23 May 2005 17:17:29 +0000 (17:17 +0000)]
Manual fix.
mdw [Mon, 23 May 2005 10:49:04 +0000 (10:49 +0000)]
Various bug fixes.
mdw [Fri, 6 May 2005 20:31:51 +0000 (20:31 +0000)]
Check the proposed socket directory before trusting its contents.
mdw [Fri, 6 May 2005 15:02:59 +0000 (15:02 +0000)]
Allow user control over autobinding. Also try ports at random to start
off with, falling back to linear search.
mdw [Fri, 6 May 2005 14:25:06 +0000 (14:25 +0000)]
noip: set ACLs from environment variables.
mdw [Fri, 6 May 2005 09:56:28 +0000 (09:56 +0000)]
Debianize.
mdw [Thu, 5 May 2005 23:32:05 +0000 (23:32 +0000)]
It seems to work!
mdw [Thu, 5 May 2005 23:30:55 +0000 (23:30 +0000)]
New project.