Re: tcpdump: revisiting some old diffs, cleanup unused functions

Bryan Steele Wed, 07 Nov 2018 16:33:02 -0800

On Wed, Nov 07, 2018 at 07:06:09PM -0500, Bryan Steele wrote:
> I'm revisiting some old tcpdump diffs, now that mestre@ has added proper
> unveil(2) support! :-)
> 
> Refresher: https://marc.info/?l=openbsd-tech&m=150535073209723&w=2
> 
> This hoists opening pf.os(5) fingerprints '-o' from the 'RUN' state to
> the 'FILTER' state, this will allow for a reduced pledge(2) at runtime
> in the (currently root) monitor process.


This was a bit of copy & paste, sorry. This moves the opening of pf.os
earlier and avoids the unveil later on. Of course, reducing the runtime
pledge(2) promises will come later! :-)

> 
> This still works as well as it already has. :-)
> 
>     ( ... ) [tcp sum ok] (src OS: OpenBSD 6.1) 3311509932:3311509932(0) win 
> 16384 <mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 3905153931 0> 
> (DF) (ttl 64, id 41239, len 64)
> 
> The only potential difference is that if /etc/pf.os is replaced at
> runtime, tcpdump won't reopen it.
> 
> I don't think that's a problem..
> 
> ok?
> 
> -Bryan.

Remove the now unused internal privsep "getline" code, which passed
lines over a socket, replaced with explicit fdpassing of /etc/pf.os.

This depends on the previous diff..

ok?

-Bryan.

Index: privsep.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 privsep.c
--- privsep.c   28 Sep 2018 06:48:59 -0000      1.49
+++ privsep.c   8 Nov 2018 00:19:47 -0000
@@ -77,8 +77,8 @@ static const int allowed_max[] = {
                        ALLOW(PRIV_GETPROTOENTRIES) |
                        ALLOW(PRIV_ETHER_NTOHOST) | ALLOW(PRIV_INIT_DONE),
        /* RUN */       ALLOW(PRIV_GETHOSTBYADDR) | ALLOW(PRIV_ETHER_NTOHOST) |
-                       ALLOW(PRIV_GETRPCBYNUMBER) | ALLOW(PRIV_GETLINES) |
-                       ALLOW(PRIV_LOCALTIME) | ALLOW(PRIV_PCAP_STATS),
+                       ALLOW(PRIV_GETRPCBYNUMBER) | ALLOW(PRIV_LOCALTIME) |
+                       ALLOW(PRIV_PCAP_STATS),
        /* EXIT */      0
 };
 
@@ -90,21 +90,10 @@ static int allowed_ext[] = {
        /* INIT */      ALLOW(PRIV_SETFILTER),
        /* BPF */       ALLOW(PRIV_SETFILTER),
        /* FILTER */    ALLOW(PRIV_GETSERVENTRIES),
-       /* RUN */       ALLOW(PRIV_GETLINES) | ALLOW(PRIV_LOCALTIME) |
-                       ALLOW(PRIV_PCAP_STATS),
+       /* RUN */       ALLOW(PRIV_LOCALTIME) | ALLOW(PRIV_PCAP_STATS),
        /* EXIT */      0
 };
 
-struct ftab {
-       char *name;
-       int max;
-       int count;
-};
-
-static struct ftab file_table[] = {{PF_OSFP_FILE, 1, 0}};
-
-#define NUM_FILETAB (sizeof(file_table) / sizeof(struct ftab))
-
 int            debug_level = LOG_INFO;
 int            priv_fd = -1;
 volatile       pid_t child_pid = -1;
@@ -123,7 +112,6 @@ static void impl_getrpcbynumber(int);
 static void    impl_getserventries(int);
 static void    impl_getprotoentries(int);
 static void    impl_localtime(int fd);
-static void    impl_getlines(int);
 static void    impl_pcap_stats(int, int *);
 
 static void    test_state(int, int);
@@ -345,10 +333,6 @@ priv_exec(int argc, char *argv[])
                        test_state(cmd, STATE_RUN);
                        impl_localtime(sock);
                        break;
-               case PRIV_GETLINES:
-                       test_state(cmd, STATE_RUN);
-                       impl_getlines(sock);
-                       break;
                case PRIV_PCAP_STATS:
                        test_state(cmd, STATE_RUN);
                        impl_pcap_stats(sock, &bpfd);
@@ -577,55 +561,6 @@ impl_localtime(int fd)
 }
 
 static void
-impl_getlines(int fd)
-{
-       FILE *fp;
-       char *buf, *lbuf, *file;
-       size_t len, fid;
-
-       logmsg(LOG_DEBUG, "[priv]: msg PRIV_GETLINES received");
-
-       must_read(fd, &fid, sizeof(size_t));
-       if (fid >= NUM_FILETAB)
-               errx(1, "invalid file id");
-
-       file = file_table[fid].name;
-
-       if (file == NULL)
-               errx(1, "invalid file referenced");
-
-       if (file_table[fid].count >= file_table[fid].max)
-               errx(1, "maximum open count exceeded for %s", file);
-
-       file_table[fid].count++;
-
-       if ((fp = fopen(file, "r")) == NULL) {
-               write_zero(fd);
-               return;
-       }
-
-       lbuf = NULL;
-       while ((buf = fgetln(fp, &len))) {
-               if (buf[len - 1] == '\n')
-                       buf[len - 1] = '\0';
-               else {
-                       if ((lbuf = malloc(len + 1)) == NULL)
-                               err(1, NULL);
-                       memcpy(lbuf, buf, len);
-                       lbuf[len] = '\0';
-                       buf = lbuf;
-               }
-
-               write_string(fd, buf);
-
-               free(lbuf);
-               lbuf = NULL;
-       }
-       write_zero(fd);
-       fclose(fp);
-}
-
-static void
 impl_pcap_stats(int fd, int *bpfd)
 {
        struct pcap_stat stats;
@@ -786,17 +721,6 @@ priv_localtime(const time_t *t)
        return &lt;
 }
 
-/* start getting lines from a file */
-void
-priv_getlines(size_t sz)
-{
-       if (priv_fd < 0)
-               errx(1, "%s called from privileged portion", __func__);
-
-       write_command(priv_fd, PRIV_GETLINES);
-       must_write(priv_fd, &sz, sizeof(size_t));
-}
-
 int
 priv_pcap_stats(struct pcap_stat *ps)
 {
@@ -806,18 +730,6 @@ priv_pcap_stats(struct pcap_stat *ps)
        write_command(priv_fd, PRIV_PCAP_STATS);
        must_read(priv_fd, ps, sizeof(*ps));
        return (0);
-}
-
-/* retrieve a line from a file, should be called repeatedly after calling
-   priv_getlines(), until it returns zero. */
-size_t
-priv_getline(char *line, size_t line_len)
-{
-       if (priv_fd < 0)
-               errx(1, "%s called from privileged portion", __func__);
-
-       /* read the line */
-       return (read_string(priv_fd, line, line_len, __func__));
 }
 
 /* Read all data or return 1 for error. */
Index: privsep.h
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.h,v
retrieving revision 1.10
diff -u -p -u -r1.10 privsep.h
--- privsep.h   8 Sep 2017 19:10:57 -0000       1.10
+++ privsep.h   8 Nov 2018 00:19:47 -0000
@@ -21,9 +21,6 @@
 
 #define TCPDUMP_MAGIC 0xa1b2c3d4
 
-/* file ids used by priv_getlines */
-#define FTAB_PFOSFP    0
-
 enum cmd_types {
        PRIV_OPEN_BPF,          /* open a bpf descriptor */
        PRIV_OPEN_DUMP,         /* open dump file for reading */
@@ -35,7 +32,6 @@ enum cmd_types {
        PRIV_GETSERVENTRIES,    /* get the service entries table */
        PRIV_GETPROTOENTRIES,   /* get the ip protocol entries table */
        PRIV_LOCALTIME,         /* return localtime */
-       PRIV_GETLINES,          /* get lines from a file */
        PRIV_INIT_DONE,         /* signal that the initialization is done */
        PRIV_PCAP_STATS         /* get pcap_stats() results */
 };
@@ -74,13 +70,6 @@ void priv_getprotoentries(void);
 /* Retrieve a single protocol entry, should be called repeatedly after
    calling priv_getprotoentries() until it returns zero */
 size_t priv_getprotoentry(char *, size_t, int *);
-
-/* Start getting lines from a file */
-void   priv_getlines(size_t);
-
-/* Retrieve a single line from a file, should be called repeatedly after
-   calling priv_getlines() until it returns zero */
-size_t priv_getline(char *, size_t);
 
 /* Return the pcap statistics upon completion */
 int    priv_pcap_stats(struct pcap_stat *);

Re: tcpdump: revisiting some old diffs, cleanup unused functions

Reply via email to