pool/openslp
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating link to change in openSUSE:Factory/openslp revision 22.0

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/network:utilities/openslp?expand=0&rev=052ac759f139234c41238b1ece1ecbe8
This commit is contained in:
OBS User buildservice-autocommit 2010-10-15 10:39:37 +00:00 committed by Git OBS Bridge
parent 081e04db9b
commit e5af3468d8
8 changed files with 1855 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openslp.SuSEfirewall2 Normal file
View File

@ -0,0 +1,6 @@
## Name: Openslp server (SLP)
## Description: Enables Openslp server to advertise services
# space separated list of allowed ports
TCP="427"
UDP="427"

41
openslp.changes
View File

@ -1,3 +1,44 @@
-------------------------------------------------------------------
Tue Oct 12 17:46:47 CEST 2010 - mls@suse.de
- fix extension parsing code, CVE-2010-3609 [bnc#642571]
-------------------------------------------------------------------
Fri Oct 1 13:36:48 CEST 2010 - mls@suse.de
- ignore leading and trailing spaces when comparing strings
[bnc#626444]
-------------------------------------------------------------------
Thu Sep 30 12:35:54 CEST 2010 - mls@suse.de
- change DA pull code to not use the pulled-from-de prediacte, but
instead don't overwrite non-pulled registrations
-------------------------------------------------------------------
Thu Jul 29 13:28:41 CEST 2010 - mls@suse.de
- add DABackupLocalReg option to enable backup of local services
[bnc#597215]
-------------------------------------------------------------------
Tue May 11 18:09:09 CEST 2010 - jeffm@suse.de
- avoid CPU usage spike while while reading /proc/net/tcp
on systems with many connections (bnc#601002)
-------------------------------------------------------------------
Wed Apr 28 17:03:14 CEST 2010 - mls@suse.de
- do not ignore DA answers if active and passive DA detection is off
[bnc#564504]
- add DASyncReg and isDABackup options for OES folks
-------------------------------------------------------------------
Fri Mar 12 13:55:47 UTC 2010 - kkaempf@novell.com
- Add SuSEfirewall2 description file
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 14 17:04:29 CET 2009 - jengelh@medozas.de Mon Dec 14 17:04:29 CET 2009 - jengelh@medozas.de

58
openslp.discovery.diff Normal file
View File

@ -0,0 +1,58 @@
--- slpd/slpd_outgoing.c.orig 2009-12-22 15:23:09.000000000 +0000
+++ slpd/slpd_outgoing.c 2009-12-22 15:47:35.000000000 +0000
@@ -420,6 +420,24 @@ SLPDSocket* SLPDOutgoingConnect(struct i
}
/*=========================================================================*/
+int SLPDHaveOutgoingConnectedSocket(struct in_addr* addr)
+/* Check if there is an outgoing socket for the specified address */
+/* */
+/* addr (IN) the address of the peer to check */
+/*=========================================================================*/
+{
+ SLPDSocket* sock = (SLPDSocket*)G_OutgoingSocketList.head;
+ while ( sock )
+ {
+ if (sock->state >= STREAM_CONNECT_IDLE &&
+ sock->peeraddr.sin_addr.s_addr == addr->s_addr)
+ return 1;
+ sock = (SLPDSocket*)sock->listitem.next;
+ }
+ return 0;
+}
+
+/*=========================================================================*/
void SLPDOutgoingDatagramWrite(SLPDSocket* sock)
/* Add a ready to write outgoing datagram socket to the outgoing list. */
/* The datagram will be written then sit in the list until it ages out */
--- slpd/slpd_outgoing.h.orig 2009-12-22 15:43:52.000000000 +0000
+++ slpd/slpd_outgoing.h 2009-12-22 15:45:26.000000000 +0000
@@ -107,6 +107,13 @@ SLPDSocket* SLPDOutgoingConnect(struct i
/* returns: pointer to socket or null on error */
/*=========================================================================*/
+/*=========================================================================*/
+int SLPDHaveOutgoingConnectedSocket(struct in_addr* addr);
+/* Check if there is an outgoing socket for the specified address */
+/* */
+/* addr (IN) the address of the peer to check */
+/*=========================================================================*/
+
/*=========================================================================*/
int SLPDOutgoingInit();
--- slpd/slpd_process.c.orig 2009-12-22 15:01:43.000000000 +0000
+++ slpd/slpd_process.c 2009-12-22 15:43:20.000000000 +0000
@@ -1120,7 +1120,11 @@ int ProcessDAAdvert(SLPMessage message,
if(G_SlpdProperty.DAActiveDiscoveryInterval == 0 &&
message->header.xid != 0)
{
- goto RESPOND;
+ /* do not ignore replys of our DiscoveryRequests made for
+ * static and dhcp configured DAs. For now we check this by
+ * testing if the sockaddr is on the outgoing socket list */
+ if (!SLPDHaveOutgoingConnectedSocket(&message->peer.sin_addr))
+ goto RESPOND;
}
/*-------------------------------*/

19
openslp.ignorespaces.diff Normal file
View File

@ -0,0 +1,19 @@
--- common/slp_compare.c.orig 2010-10-01 11:17:13.000000000 +0000
+++ common/slp_compare.c 2010-10-01 11:26:52.000000000 +0000
@@ -105,6 +105,16 @@ int SLPCompareString(int str1len,
/* <0 if s1 is less than str2 */
/*=========================================================================*/
{
+ /* strip leading/trailing while space */
+ while (str1len && (*str1 == ' ' || *str1 == '\t' || *str1 == '\r' || *str1 == '\n'))
+ str1++, str1len--;
+ while (str1len && (str1[str1len - 1] == ' ' || str1[str1len - 1] == '\t' || str1[str1len - 1] == '\r' || str1[str1len - 1] == '\n'))
+ str1len--;
+ while (str2len && (*str2 == ' ' || *str2 == '\t' || *str2 == '\r' || *str2 == '\n'))
+ str2++, str2len--;
+ while (str2len && (str2[str2len - 1] == ' ' || str2[str2len - 1] == '\t' || str2[str2len - 1] == '\r' || str2[str2len - 1] == '\n'))
+ str2len--;
+
/* TODO: fold whitespace and handle escapes*/
if(str1len == str2len)
{

1448
openslp.initda.diff Normal file
View File

File diff suppressed because it is too large Load Diff

22
openslp.parseext.diff Normal file
View File

@ -0,0 +1,22 @@
--- ./common/slp_message.c.orig 2010-10-12 15:42:23.439823000 +0000
+++ ./common/slp_message.c 2010-10-12 15:45:44.936750000 +0000
@@ -872,10 +872,19 @@ int ParseExtension(SLPBuffer buffer, SLP
int extid;
int nextoffset;
int result = SLP_ERROR_OK;
+ int bufsz = (int)(buffer->end - buffer->start);
nextoffset = message->header.extoffset;
while(nextoffset)
{
+ /* check for circular reference in list
+ * if the size gets below zero, we know we're
+ * reprocessing extensions in a loop.
+ */
+ bufsz -= 5;
+ if (bufsz <= 0)
+ return SLP_ERROR_PARSE_ERROR;
+
buffer->curpos = buffer->start + nextoffset;
if(buffer->curpos + 5 >= buffer->end)
{

29
openslp.spec
View File

@ -21,8 +21,8 @@ Name: openslp
BuildRequires: bison flex openssl-devel BuildRequires: bison flex openssl-devel
Summary: An OpenSLP Implementation of Service Location Protocol V2 Summary: An OpenSLP Implementation of Service Location Protocol V2
Version: 1.2.0 Version: 1.2.0
Release: 175 Release: 182
License: BSD3c(or similar) ; GPLv2+ License: BSD3c
Group: System/Daemons Group: System/Daemons
Url: http://www.openslp.org/ Url: http://www.openslp.org/
# bug437293 # bug437293
@ -38,7 +38,8 @@ Source3: openslp.desktop
Source4: openslp-devel.desktop Source4: openslp-devel.desktop
Source5: openslp.logrotate Source5: openslp.logrotate
Source6: slpd.xml Source6: slpd.xml
Source7: baselibs.conf Source7: openslp.SuSEfirewall2
Source8: baselibs.conf
Patch1: openslp.diff Patch1: openslp.diff
Patch2: openslp.audit.diff Patch2: openslp.audit.diff
Patch3: extensions.diff Patch3: extensions.diff
@ -56,6 +57,11 @@ Patch14: openslp.dereg.diff
Patch15: openslp.fixaddrcheck.diff Patch15: openslp.fixaddrcheck.diff
Patch16: openslp.fixdsareturn.diff Patch16: openslp.fixdsareturn.diff
Patch17: openslp.clrflags.diff Patch17: openslp.clrflags.diff
Patch18: openslp.use-TCPDIAG-for-checking-listeners
Patch19: openslp.discovery.diff
Patch20: openslp.initda.diff
Patch21: openslp.ignorespaces.diff
Patch22: openslp.parseext.diff
%description %description
Service Location Protocol is an IETF standards track protocol that Service Location Protocol is an IETF standards track protocol that
@ -79,7 +85,7 @@ Authors:
Praveen Kumar Amritaluru <praveen@india.hp.com> Praveen Kumar Amritaluru <praveen@india.hp.com>
%package server %package server
License: BSD3c(or similar) License: BSD3c
Group: System/Daemons Group: System/Daemons
Summary: The OpenSLP Implementation of the Service Location Protocol V2 Summary: The OpenSLP Implementation of the Service Location Protocol V2
PreReq: %fillup_prereq %insserv_prereq PreReq: %fillup_prereq %insserv_prereq
@ -107,7 +113,7 @@ Authors:
Praveen Kumar Amritaluru <praveen@india.hp.com> Praveen Kumar Amritaluru <praveen@india.hp.com>
%package devel %package devel
License: BSD3c(or similar) License: BSD3c
Requires: openssl-devel openslp = %version Requires: openssl-devel openslp = %version
Group: System/Daemons Group: System/Daemons
Summary: OpenSLP Development SDK Summary: OpenSLP Development SDK
@ -159,6 +165,11 @@ Authors:
%patch15 %patch15
%patch16 %patch16
%patch17 %patch17
%patch18 -p1
%patch19
%patch20
%patch21
%patch22
%build %build
autoreconf -fiv autoreconf -fiv
@ -169,6 +180,7 @@ autoreconf -fiv
%install %install
mkdir -p ${RPM_BUILD_ROOT}/etc/slp.reg.d mkdir -p ${RPM_BUILD_ROOT}/etc/slp.reg.d
mkdir -p ${RPM_BUILD_ROOT}/etc/slp.reg.d/slpd
cp etc/slp.conf ${RPM_BUILD_ROOT}/etc cp etc/slp.conf ${RPM_BUILD_ROOT}/etc
cp etc/slp.reg ${RPM_BUILD_ROOT}/etc cp etc/slp.reg ${RPM_BUILD_ROOT}/etc
cp etc/slp.spi ${RPM_BUILD_ROOT}/etc cp etc/slp.spi ${RPM_BUILD_ROOT}/etc
@ -205,6 +217,9 @@ install -m 0644 %SOURCE6 $RPM_BUILD_ROOT/usr/share/omc/svcinfo.d
%suse_update_desktop_file $RPM_BUILD_ROOT/usr/share/susehelp/meta/Development/Libraries/openslp-devel.desktop %suse_update_desktop_file $RPM_BUILD_ROOT/usr/share/susehelp/meta/Development/Libraries/openslp-devel.desktop
%endif %endif
%{__rm} -f %{buildroot}%{_libdir}/*.la %{__rm} -f %{buildroot}%{_libdir}/*.la
%if 0%{?suse_version}
install -D -m 644 %{S:7} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openslp
%endif
%post -p /sbin/ldconfig %post -p /sbin/ldconfig
@ -252,6 +267,7 @@ rm -rf $RPM_BUILD_ROOT
%doc %_defaultdocdir/%name/rfc %doc %_defaultdocdir/%name/rfc
%doc /usr/share/susehelp/meta/Administration/openslp.desktop %doc /usr/share/susehelp/meta/Administration/openslp.desktop
%dir /etc/slp.reg.d/ %dir /etc/slp.reg.d/
%dir /etc/slp.reg.d/slpd
/usr/sbin/rcopenslp /usr/sbin/rcopenslp
/usr/sbin/rcslpd /usr/sbin/rcslpd
/usr/sbin/slpd /usr/sbin/slpd
@ -259,6 +275,9 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace) /etc/slp.reg %config(noreplace) /etc/slp.reg
%config(noreplace) /etc/logrotate.d/openslp-server %config(noreplace) /etc/logrotate.d/openslp-server
/usr/share/omc/svcinfo.d/slpd.xml /usr/share/omc/svcinfo.d/slpd.xml
%if 0%{?suse_version} > 0
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openslp
%endif
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)

237
openslp.use-TCPDIAG-for-checking-listeners Normal file
View File

@ -0,0 +1,237 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: openslp: Use TCPDIAG for checking listeners
References: bnc#601002
The use of /proc/net/tcp is deprecated and can cause performance issues on
large systems. The issue is that there are a great many locks that must
be claimed and released in order to produce the contents of the proc file.
The replacement mechanism is to use the INETDIAG/TCPDIAG interface to
get the results. This has the advantage of using in-kernel filtering as
well as a binary interface so that the parsing of the proc file is
unnecessary.
Support is limited to TCP so the use of /proc/net/udp is still required.
If for whatever reason the netlink connection is lost and can't be
re-established, we fall back to reading /proc/net/tcp until the daemon
is restarted.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
slpd/slpd_database.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 176 insertions(+), 3 deletions(-)
--- a/slpd/slpd_database.c
+++ b/slpd/slpd_database.c
@@ -76,6 +76,9 @@ FILE *regfileFP;
/* standard header files */
/*=========================================================================*/
#include <dirent.h>
+#include <linux/netlink.h>
+#include <linux/inet_diag.h>
+#include <sched.h>
/*=========================================================================*/
SLPDDatabase G_SlpdDatabase;
@@ -919,11 +922,176 @@ static void SLPDDatabaseWatcher_fd(int f
}
}
+enum {
+ SS_UNKNOWN,
+ SS_ESTABLISHED,
+ SS_SYN_SENT,
+ SS_SYN_RECV,
+ SS_FIN_WAIT1,
+ SS_FIN_WAIT2,
+ SS_TIME_WAIT,
+ SS_CLOSE,
+ SS_CLOSE_WAIT,
+ SS_LAST_ACK,
+ SS_LISTEN,
+ SS_CLOSING,
+ SS_MAX
+};
+
+#define SS_ALL ((1<<SS_MAX)-1)
+
+static int reconnect_nl(int *fd)
+{
+ int new_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_INET_DIAG);
+
+ close (*fd);
+
+ if (new_fd < 0)
+ return errno;
+
+ *fd = new_fd;
+ return 0;
+}
+
+static void SLPDDatabaseWatcher_nl(int *fd, int flag, unsigned char *porthash)
+{
+ char buf[8192];
+ int port, status = 0;
+ SLPDatabaseHandle dh;
+
+ struct sockaddr_nl nladdr = {
+ .nl_family = AF_NETLINK
+ };
+
+ struct {
+ struct nlmsghdr nlh;
+ struct inet_diag_req r;
+ } req = {
+ .nlh = {
+ .nlmsg_len = sizeof(req),
+ .nlmsg_type = TCPDIAG_GETSOCK,
+ .nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST,
+ .nlmsg_pid = 0,
+ .nlmsg_seq = 123456,
+ },
+ .r = {
+ .idiag_family = AF_INET,
+ .idiag_states = 1 << SS_LISTEN,
+ .idiag_ext = ((1 << (INET_DIAG_INFO - 1)) |
+ (1 << (INET_DIAG_VEGASINFO - 1)) |
+ (1 << (INET_DIAG_CONG - 1))),
+ }
+ };
+
+ struct iovec iov = {
+ .iov_base = &req,
+ .iov_len = sizeof(req),
+ };
+
+ struct msghdr msg = {
+ .msg_name = (void *)&nladdr,
+ .msg_namelen = sizeof(nladdr),
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ };
+ struct in_addr ipv4_loopback = { htonl(INADDR_LOOPBACK) };
+ struct in6_addr ipv6_loopback = IN6ADDR_LOOPBACK_INIT;
+ int retries;
+
+ /* If the socket shuts down for whatever reason, we need to
+ * reopen it. Since we can't listen to a socket for which we have
+ * made a request, we reissue the request and listen again. */
+retry_sendmsg:
+ retries = 2;
+ while (retries-- > 0) {
+ if (sendmsg(*fd, &msg, 0) >= 0)
+ break;
+
+ if (reconnect_nl(fd)) {
+ SLPDLog("Lost TCPDIAG netlink connection and attempts to "
+ "re-establish have failed. Falling back to /proc/net/tcp "
+ "for dead/alive updates.\n");
+ *fd = -1;
+ return;
+ }
+ sched_yield();
+ }
+
+ iov.iov_base = buf;
+ iov.iov_len = sizeof(buf);
+
+ dh = SLPDatabaseOpen(&G_SlpdDatabase.database);
+ while (!status) {
+ struct nlmsghdr *h;
+
+ status = recvmsg(*fd, &msg, 0);
+ if (status < 0) {
+ if (errno == EINTR)
+ continue;
+ goto retry_sendmsg;
+ }
+
+ /* Socket has shut down */
+ if (status == 0)
+ goto retry_sendmsg;
+
+ for (h = (struct nlmsghdr *) buf; NLMSG_OK(h, status);
+ h = NLMSG_NEXT(h, status)) {
+ SLPDatabaseEntry *entry;
+ struct inet_diag_msg *r = NLMSG_DATA(h);
+
+ if (h->nlmsg_seq != 123456)
+ continue;
+
+ if (h->nlmsg_type == NLMSG_DONE)
+ goto close;
+
+ if (h->nlmsg_type == NLMSG_ERROR) {
+ struct nlmsgerr *err = NLMSG_DATA(h);
+ if (h->nlmsg_len >= NLMSG_LENGTH(sizeof(*err)))
+ status = EINVAL;
+ else
+ status = -err->error;
+ break;
+ }
+
+ if (r->idiag_family != AF_INET && r->idiag_family != AF_INET6)
+ continue;
+
+ if (r->idiag_family == AF_INET &&
+ ipv4_loopback.s_addr == r->id.idiag_src[0])
+ continue;
+
+ if (r->idiag_family == AF_INET6 &&
+ !memcmp(ipv6_loopback.s6_addr32, r->id.idiag_src,
+ sizeof(ipv6_loopback)))
+ continue;
+
+ port = ntohs(r->id.idiag_sport);
+ if (!(porthash[(port / 8) & 255] & (1 << (port & 7))))
+ continue;
+
+ SLPDatabaseRewind(dh);
+
+ while ((entry = SLPDatabaseEnum(dh)) != 0) {
+ SLPSrvReg *srvreg = &(entry->msg->body.srvreg);
+ if (!(srvreg->watchflags & flag))
+ continue;
+ if (port == srvreg->watchport)
+ srvreg->watchflags &= ~SLP_REG_WATCH_CHECKING;
+ }
+ }
+ }
+
+close:
+ SLPDatabaseClose(dh);
+}
+
/*=========================================================================*/
void SLPDDatabaseWatcher(void)
{
static int initialized = 0;
- static int proctcp, procudp, proctcp6, procudp6;
+ static int proctcp, procudp, proctcp6, procudp6, inet_diag = -1;
unsigned char porthash[256];
int flags, port;
SLPDatabaseHandle dh;
@@ -931,6 +1099,7 @@ void SLPDDatabaseWatcher(void)
SLPSrvReg* srvreg;
if (!initialized) {
+ inet_diag = socket(AF_NETLINK, SOCK_RAW, NETLINK_INET_DIAG);
proctcp = open("/proc/net/tcp_listen", O_RDONLY);
if (proctcp == -1)
proctcp = open("/proc/net/tcp", O_RDONLY);
@@ -955,8 +1124,12 @@ void SLPDDatabaseWatcher(void)
}
SLPDatabaseClose(dh);
if ((flags & SLP_REG_WATCH_TCP) != 0) {
- SLPDDatabaseWatcher_fd(proctcp, SLP_REG_WATCH_TCP, porthash);
- SLPDDatabaseWatcher_fd(proctcp6, SLP_REG_WATCH_TCP, porthash);
+ if (inet_diag >= 0)
+ SLPDDatabaseWatcher_nl(&inet_diag, SLP_REG_WATCH_TCP, porthash);
+ if (inet_diag < 0) { /* Fallback if _nl fails */
+ SLPDDatabaseWatcher_fd(proctcp, SLP_REG_WATCH_TCP, porthash);
+ SLPDDatabaseWatcher_fd(proctcp6, SLP_REG_WATCH_TCP, porthash);
+ }
}
if ((flags & SLP_REG_WATCH_UDP) != 0) {
SLPDDatabaseWatcher_fd(procudp, SLP_REG_WATCH_UDP, porthash);