Valgrind will still error by default at exit as the syscall to
unlink the pipe files is denied.
This can be avoided by compiling with -DVALGRIND.
The pipe files still won't be removed as dhcpcd has
already dropped to the non root user.
This is a Vagrind issue really.
hardened-malloc should now run as well as their documented syscalls
are now allowed by default.
Fixes#497.
This allows a POSIX resource limited sandbox to be used at least
with privilege separation, which is better than just disabling
privilege separation entirely for when SECCOMP stops working due to
libc/kernel changes.
This is given when the OS supports the concept of wireless roaming
or the IP setup can be persisted when the carrier drops.
When this happens, routes are moved to a higher metric (if supported)
to support non preferred but non roaming routes.
The `interface_order` hook variable will now order the interfaces
according to priority and move roaming interfaces to the back of the
list.
If resolvconf is present then it is called with the -C option
to deprecate DNS and if carrier comes back it is called again with the
-c option to activate it once more.
As part of this change, default route metrics have been changed to
support a larger number of interfaces.
base metric 1000 (was 200)
wireless offset 2000 (was 100)
IPv4LL offset 1000000 (was 10000)
roaming offset 2000000
epoll and kqueue are really too heavy weight.
With privsep, we now favour more processes for BPF and per address sockets.
As such, the number of fds to monitor will always be quite small.
All modern OS now have ppoll(2) (NetBSD has pollts, which is the same)
which works perfectly for us.
If neither are present, the a wrapper around pselect(2) is provided,
which can be found on all POSIX systems.
This makes the code a lot smaller and easier to follow.
The reduced binary size and memory usage is a nice win here.
Not enabled by default - enable with ./configure --enable-privsep
Requires a user added to the system - default _dhcpcd
Several processes will be spawned off the main state engine:
a privileged actioneer and a generic network proxy.
Only the privileged actioneer process will retain root permissions.
When required, the privileged actioneer will also spawn
BPF listeners for BOOTP (DHCP) and ARP.
The BOOTP BPF listener should be a short lived process.
On kernels with RFC 5227 support, the ARP BPF listener will only
be used for ARPing and announcing a preferred address and will
also be a short lived process.
When not running in master mode, an address listener will be
spawned for each address (with the exception of RA dervived addresses)
dhcpcd cares about.
TODO:
* Solaris support.
* ARP BPF address filtering.
date tag[pid]: message
This does add a few more bytes, but it allows for the same log
analysis tools to be used.
When building SMALL, this code is removed and you just get the
message in the logfile.
