#
301803 |
|
10-Jun-2016 |
ngie |
MFC r299507: r299507 (by cem):
rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer. Previously, a message with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow and read(2) to be invoked with msglen size (implicitly cast to signed), overrunning the caller-provided buffer.
All users of cm_recv() supply a stack buffer.
On the other hand, the rtadvd control socket appears to only be writable by the owner, who is probably root.
While here, correct some types to be size_t or ssize_t.
CID: 1008477 Security: unix socket remotes may overflow stack in rtadvd
|
#
224144 |
|
17-Jul-2011 |
hrs |
- Improve interface list handling. The rtadvd(8) now supports dynamically- added/removed interfaces in a more consistent manner and reloading the configuration file.
- Implement burst unsolicited RA sending into the internal RA timer framework when AdvSendAdvertisements and/or configuration entries are changed as described in RFC 4861 6.2.4. This fixes issues that make termination of the rtadvd(8) daemon take very long time.
An interface now has three internal states, UNCONFIGURED, TRANSITIVE, or CONFIGURED, and the burst unsolicited sending happens in TRANSITIVE. See rtadvd.h for the details.
- rtadvd(8) now accepts non-existent interfaces as well in the command line.
- Add control socket support and rtadvctl(8) utility to show the RA information in rtadvd(8). Dumping by SIGUSR1 has been removed in favor of it.
|
#
224006 |
|
14-Jul-2011 |
hrs |
- Refactoring the interface list. It now supports dynamically added/removed interfaces in a more consistent manner and reloading the configuration file.
- Add initial support for control socket. RA information in the daemon can be obtained by rtadvctl(8) instead of SIGUSR1 in a similar manner to ifconfig(8). The information dump has been removed in favor of it.
(reload the configuration file) # rtadvctl reload
(show RA messages being sent on each interfaces) # rtadvctl show em0: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1280 DefaultLifetime: 30m MinAdvInterval/MaxAdvInterval: 3m20s/3m20s AdvLinkMTU: <none>, Flags: O, Preference: medium ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64 AdvIfPrefixes: yes
(show RA messages being sent only on em0) # rtadvctl show em0
(rtadvctl -v show provides additional information) # rtadvctl -v show em0 em0: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1280 DefaultLifetime: 30m MinAdvInterval/MaxAdvInterval: 3m20s/3m20s AdvLinkMTU: <none>, Flags: O, Preference: medium ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64 AdvIfPrefixes: yes Prefixes (1): 2001:db8:1::/64 (CONFIG, vltime=30d, pltime=7d, flags=LA) RDNSS entries: 2001:db8:1::128 (ltime=2m40s)
(stop rtadvd) # rtadvctl shutdown
A remaining issue when reloading the configuration file is that during that period rtadvd cannot communicate with rtadvctl due to some additional RA sending for graceful shutdown. This will be fixed later.
|