Merge branch 'fastd_upstream' into fastd_merge

rlei · Jan 29, 2015 · 3e1bc51 · 3e1bc51
2 parents 6d0369a + 2a69e5f
commit 3e1bc51
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 27 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -4,7 +4,7 @@ set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 cmake_policy(SET CMP0017 OLD) # Prefer modules in our module directory
 
 project(FASTD C ASM)
-set(FASTD_VERSION "v16+")
+set(FASTD_VERSION "v17+")
 
 include(arch)
 include(config)

diff --git a/doc/fastd.1 b/doc/fastd.1
@@ -1,4 +1,4 @@
-.TH FASTD 1 "November 2014" "fastd v16+" "User Commands"
+.TH FASTD 1 "January 2015" "fastd v17+" "User Commands"
 .SH NAME
 fastd \- Fast and Secure Tunnelling Daemon
 .SH SYNOPSIS

diff --git a/doc/source/conf.py b/doc/source/conf.py
@@ -54,9 +54,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '16+'
+version = '17+'
 # The full version, including alpha/beta/rc tags.
-release = '16+'
+release = '17+'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

diff --git a/doc/source/manual/config.rst b/doc/source/manual/config.rst
@@ -35,24 +35,31 @@ Example config:
   include peers from "peers";
 
 
-| ``bind <IPv4 address>:<port> [ interface "<interface>" ] [ default [ ipv4 ] ];``
-| ``bind <IPv6 address>:<port> [ interface "<interface>" ] [ default [ ipv6 ] ];``
-| ``bind any:<port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
-| ``bind <IPv4 address> port <port> [ interface "<interface>" ] [ default [ ipv4 ] ];``
-| ``bind <IPv6 address> port <port> [ interface "<interface>" ] [ default [ ipv6 ] ];``
-| ``bind any port <port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
+| ``bind <IPv4 address>[:<port>] [ interface "<interface>" ] [ default [ ipv4 ] ];``
+| ``bind <IPv6 address>[:<port>] [ interface "<interface>" ] [ default [ ipv6 ] ];``
+| ``bind any[:<port>] [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
+| ``bind <IPv4 address> [port <port>] [ interface "<interface>" ] [ default [ ipv4 ] ];``
+| ``bind <IPv6 address> [port <port>] [ interface "<interface>" ] [ default [ ipv6 ] ];``
+| ``bind any [port <port>] [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
 
   Sets the bind address, port and possibly interface. May be specified multiple times. The keyword
-  any makes fastd bind to the unspecified address for both IPv4 and IPv6. When
-  no bind address is configured at all, for each outgoing connection a new socket with a random
-  port is created.
+  any makes fastd bind to the unspecified address for both IPv4 and IPv6.
 
   IPv6 address must be put in square brackets. It is possible to specify an IPv6 link-local address
   with an interface in the usual notation (e.g. [fe80::1%eth0]).
 
   The default option makes it the default address for outgoing connections
   for IPv4, IPv6 or both.
 
+  When an address without port or with port 0 is configured, a new socket with a random
+  port will be created for each outgoing connection. This has the side effect that the
+  options for packet marks and interface-specific binds (except IPv6 link-local addresses) will only work with the
+  ``CAP_NET_ADMIN`` capability (option ``drop capabilities no`` when fastd is built with
+  capability support, root privileges otherwise).
+
+  Configuring no bind address at all is equivalent to the setting ``bind any``, meaning fastd
+  will use a random port for each outgoing connection both for IPv4 and IPv6.
+
 
 | ``cipher "<cipher>" use "<implementation>";``
 

diff --git a/src/config.c b/src/config.c
@@ -548,11 +548,6 @@ static void config_check_base(void) {
 			exit_error("config error: in TUN mode exactly one peer must be configured");
 	}
 
-#ifndef USE_PMTU
-	if (conf.pmtu.set)
-		exit_error("config error: setting pmtu is not supported on this system");
-#endif
-
 #ifndef USE_PACKET_MARK
 	if (conf.packet_mark)
 		exit_error("config error: setting a packet mark is not supported on this system");

diff --git a/src/config.y b/src/config.y
@@ -491,10 +491,11 @@ peer_remote:	maybe_ipv4 TOK_ADDR4 port {
 			addrlen = strlen(addrbuf);
 
 			fastd_remote_t remote = {};
-			remote.hostname = fastd_alloc(addrlen + strlen($2.ifname) + 2);
+			size_t ifname_len = strlen($2.ifname);
+			remote.hostname = fastd_alloc(addrlen + ifname_len + 2);
 			memcpy(remote.hostname, addrbuf, addrlen);
 			remote.hostname[addrlen] = '%';
-			strcpy(remote.hostname+addrlen+1, $2.ifname);
+			memcpy(remote.hostname+addrlen+1, $2.ifname, ifname_len+1);
 
 			remote.address.sa.sa_family = AF_INET6;
 			remote.address.in.sin_port = htons($3);

diff --git a/src/fastd.h b/src/fastd.h
@@ -439,9 +439,12 @@ static inline bool fastd_peer_address_is_v6_ll(const fastd_peer_address_t *addr)
 
 /** Duplicates a string, creating a one-element string stack */
 static inline fastd_string_stack_t * fastd_string_stack_dup(const char *str) {
-	fastd_string_stack_t *ret = fastd_alloc(alignto(sizeof(fastd_string_stack_t) + strlen(str) + 1, 8));
+	size_t str_len = strlen(str);
+	fastd_string_stack_t *ret = fastd_alloc(alignto(sizeof(fastd_string_stack_t) + str_len + 1, 8));
+
 	ret->next = NULL;
-	strcpy(ret->str, str);
+
+	memcpy(ret->str, str, str_len + 1);
 
 	return ret;
 }
@@ -450,18 +453,23 @@ static inline fastd_string_stack_t * fastd_string_stack_dup(const char *str) {
 static inline fastd_string_stack_t * fastd_string_stack_dupn(const char *str, size_t len) {
 	size_t str_len = strnlen(str, len);
 	fastd_string_stack_t *ret = fastd_alloc(alignto(sizeof(fastd_string_stack_t) + str_len + 1, 8));
+
 	ret->next = NULL;
-	strncpy(ret->str, str, str_len);
+
+	memcpy(ret->str, str, str_len);
 	ret->str[str_len] = 0;
 
 	return ret;
 }
 
 /** Pushes the copy of a string onto the top of a string stack */
 static inline fastd_string_stack_t * fastd_string_stack_push(fastd_string_stack_t *stack, const char *str) {
-	fastd_string_stack_t *ret = fastd_alloc(alignto(sizeof(fastd_string_stack_t) + strlen(str) + 1, 8));
+	size_t str_len = strlen(str);
+	fastd_string_stack_t *ret = fastd_alloc(alignto(sizeof(fastd_string_stack_t) + str_len + 1, 8));
+
 	ret->next = stack;
-	strcpy(ret->str, str);
+
+	memcpy(ret->str, str, str_len + 1);
 
 	return ret;
 }

diff --git a/src/status.c b/src/status.c
@@ -220,14 +220,15 @@ void fastd_status_init(void) {
 		exit_errno("fastd_status_init: socket");
 
 
-	size_t len = offsetof(struct sockaddr_un, sun_path) + strlen(conf.status_socket) + 1;
+	size_t status_socket_len = strlen(conf.status_socket);
+	size_t len = offsetof(struct sockaddr_un, sun_path) + status_socket_len + 1;
 	uint8_t buf[len];
 	memset(buf, 0, len);
 
 	struct sockaddr_un *sa = (void*)buf;
 
 	sa->sun_family = AF_UNIX;
-	strcpy(sa->sun_path, conf.status_socket);
+	memcpy(sa->sun_path, conf.status_socket, status_socket_len+1);
 
 	if (bind(ctx.status_fd, (struct sockaddr*)sa, len)) {
 		switch (errno) {