Skip to content

Fix ioctl(2) code for OpenBSD #1175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Sep 30, 2024
Merged

Fix ioctl(2) code for OpenBSD #1175

merged 10 commits into from
Sep 30, 2024

Conversation

@klemensn
Copy link
Contributor

@klemensn klemensn commented Sep 29, 2024

This cleans up the mess to configure an IP address on a tun(4) device.

Handrolling a hardcoded ioctl(2) request is far from perfect, but Go (golang.org/sys/unix) is to blame here.

Tested on OpenBSD 7.6 -current where yggdrasil now drives the interface would use of ifconfig or other helpers.

@klemensn
tun: split tun_{bsd -> freebsd,openbsd}.go
c8c0cda 
The address ioctl code is just plain broken.

I fixed it for OpenBSD, but have no resources or time for FreeBSD,
so there the code will stay as-is.

FreeBSD also supports stuff like netlink, so perhaps a future rewrite
will look different from OpenBSD's ioctl code (the only approach) anyway.
@klemensn
tun: OpenBSD: remove unhelpful comment and unused structs
2c7e7be
@klemensn
tun: OpenBSD: remove ifconfig fallback
32b4c58 
Start by deleting stuff we will not need or want in the end.
This also seems to be the only code doing execve(2), which is best
to be prevented from ever being called via pledge(2), but that is another
story (I am already running yggdrasil with pledge(2) and unveil(2)).
@klemensn
tun: OpenBSD: IPv6 ioctls require an IPv6 socket
d68eeb1 
Otherwise you get "panic: inappropriate ioctl for device",
even for a perfectly fine ioctl(2) call.
@klemensn
tun: OpenbSD: fix struct member types
71484f9 
See <netinet6/in6_var.h> and <netinet6/in6.h>, respectively.
@klemensn
tun: OpenBSD: use correct ioctl to set and IPv6 address
fc8b15a 
SIOCSIFADDR_IN6 simply does not exist, on no system out there.

SIOCSIFADDR exists, but long ago was deprecated by
SIOCAIFADDR which is IPv4-only, see netintro(4).

SIOCAIFADDR_IN6 is correct, but does uses a different struct,
so bring that in, also.

NB:  The reason we have to handroll ioctl(2) ourselves is because
golang.org/sys/unix does ship IPv6 ioctl and/or struct definitions.

That should really be fixed upstream.
@klemensn
tun: OpenBSD: use an API to parse the address, drop endianess dance
b5016d7 
The net package has all we need and internally repesents addresses
as byte arrays.

<netinet6/in6.h> `struct in6_addr` is just a union over differnt sized
byte arrays, so chosing u_int8_t[16] lets us access addresses byte-wise
and thus no longer need to fiddle with multi-byte values and host vs.
network byte order.
@klemensn
tun: OpenBSD: set the prefix mask as well
94ed944 
An ioctl request to set an address without gateway address or prefix mask
is rather unproductive.

Reuse code my moving it into a helper function;  again the net package
does all the parsing for us.
@klemensn
tun: OpenBSD: set address lifetime
dcec376 
At this point, the ioctl success without any error, but no address
appears on the interface.

Turns out telling NDP to not expire helps.

Congrats, yggdrasil is now operational on OpenBSD.
@klemensn
tun: OpenBSD: use proper ioctl API, not raw syscall
93b071e 
Direct syscalls are discouraged and usually do not work.

(Not entirely sure why they do with Golang, but that is another story.)
@klemensn
Copy link
Contributor Author

klemensn commented Sep 29, 2024

Rebased onto develop as of now.

@klemensn klemensn mentioned this pull request Sep 29, 2024
Open
neilalexander
neilalexander approved these changes Sep 30, 2024
View reviewed changes
Copy link
Member

@neilalexander neilalexander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks!

@neilalexander neilalexander merged commit ccda107 into yggdrasil-network:develop Sep 30, 2024
@klemensn
Copy link
Contributor Author

klemensn commented Oct 1, 2024

Sadly, I just noticed you squashed all commits, thereby omitting all their messages, i.e. insights into what was wrong, from the commit history.

klemensn added a commit to klemensn/yggdrasil-go that referenced this pull request Oct 22, 2024
@klemensn
Use unveil(2) on OpenBSD
1ee164f 
After yggdrasil-network#1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or execve(2).

Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.

pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.

On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
@klemensn klemensn mentioned this pull request Oct 22, 2024
Merged
klemensn added a commit to klemensn/yggdrasil-go that referenced this pull request Oct 22, 2024
@klemensn
Use unveil(2) on OpenBSD
750e20e 
After yggdrasil-network#1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or execve(2).

Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.

pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.

On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
klemensn added a commit to klemensn/yggdrasil-go that referenced this pull request Nov 3, 2024
@klemensn
Use unveil(2) on OpenBSD
b16a3b0 
After yggdrasil-network#1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or execve(2).

Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.

pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.

On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
neilalexander pushed a commit that referenced this pull request Dec 12, 2024
@klemensn
Use unveil(2) on OpenBSD (#1194)
83ec58a 
After #1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or
execve(2).

Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.

pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.

On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@neilalexander neilalexander neilalexander approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@klemensn @neilalexander