In my_svc_run(), only update the fd count _after_ the allocation
succeeds (which may be after waiting in the loop). This function
previously tried to go to a label that doesn't exist. I wonder why
GCC didn't catch this before but does now.
server may respond from a different address than the destination address
sent by the client.
To solve this problem, I introduce sendfromto() and recvfromto() so that
the server can reply from the correct address, i.e., the destination address
used in the request.
This change also has the aspect of a reference implementation using the
RECVDSTADDR and PKTINFO socket options.
Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.
The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.
File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.
I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".
that do not have full entropy), but move it to the config menu
instead of enforcing it as mandatory step.
This menu is shown at the end of the setup, or if explicitly invoked
from the main menu.
Some of the input options are complex but useful in some situations
and code to support them is tiny. Most users will use the manual input
(first + default option) but some might prefer to connect a USB TRNG
or have easy setups to transfer entropy from another machine (while
copy & paste on a serial console sometimes is tricky).
This set is only installed on amd64,i386,evbarm.
This set is installed on minimal installs and on install media, in
case someone needs it for basic driver functionality.
Comments:
Switched to a single MK tunable for it - that is probably unneeded.
An upcoming DRM update will include even fatter firmware, and we'd
like to minimize the impact of it.
In C99, a compound literal must have at least one expression between the
braces. Empty structs and compound literals are a GNU extension.
The first member of struct part_entry has type size_t, therefore 0 fits
well.
No functional change.
uwe