aboutsummaryrefslogtreecommitdiff
path: root/networking
Commit message (Collapse)AuthorAgeFilesLines
* httpd: add comment about faster rejection of denied IPsGravatar Denys Vlasenko3 days1-0/+7
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: if no request was given at all, close the socket without generating ↵Gravatar Denys Vlasenko3 days1-21/+30
| | | | | | | | | | | | | | | error page For one, an attacker can try to overload us by just opening and immediately closing tons of connections - reduce our work to the minimum for this case. function old new delta handle_incoming_and_exit 2172 2200 +28 .rodata 103225 103246 +21 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 49/0) Total: 49 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: no need to strcpy() when we only need to copy one byteGravatar Denys Vlasenko3 days1-9/+14
| | | | | | | function old new delta handle_incoming_and_exit 2161 2172 +11 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: avoid extra stat() calls for "GET /dirname/" caseGravatar Denys Vlasenko4 days1-10/+8
| | | | | | | | | | function old new delta parse_conf 1325 1332 +7 handle_incoming_and_exit 2173 2161 -12 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/1 up/down: 7/-12) Total: -5 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: avoid one stat() call for "GET /dirname" caseGravatar Denys Vlasenko4 days1-16/+14
| | | | | | | function old new delta handle_incoming_and_exit 2172 2173 +1 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: support HEAD requests even in !CGI configGravatar Denys Vlasenko4 days1-13/+10
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: move proxy check before URL duplication and request type checkGravatar Denys Vlasenko4 days1-56/+52
| | | | | | | | | This makes proxy work for any type of requests. function old new delta handle_incoming_and_exit 2240 2172 -68 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* httpd: cgi-bin support for DELETE, PUT, OPTIONS etc methodsGravatar Alexander Sack4 days1-45/+40
| | | | | | | | | | | function old new delta handle_incoming_and_exit 2217 2240 +23 static.request_POST - 5 +5 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 1/0 up/down: 28/0) Total: 28 bytes Signed-off-by: Alexander Sack <asac@pantacor.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* udhcpc[6]: fold perform_renew() into its only callerGravatar Denys Vlasenko7 days2-54/+37
| | | | | | | | | | | | function old new delta udhcpc_main 2550 2541 -9 udhcpc6_main 2576 2567 -9 change_listen_mode 321 299 -22 .rodata 103294 103225 -69 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/4 up/down: 0/-109) Total: -109 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* udhcpc[6]: untangle "timeout" and "remaining lease"; reduce min lease to 30 ↵Gravatar Denys Vlasenko7 days2-118/+89
| | | | | | | | | | | | | | | | | | | | | | | | seconds This allows to fix a problem that we wait for renew replies for up to half the lease (!!!) if they never come. Make it so that lease of 60 seconds is not "rounded up" to 120 seconds - set lower "sanity limit" to 30 seconds. After 3 failed renew attempts, switch to rebind. After this change, we can have more flexible choice of when to do the first renew - does not need to be equal to lease / 2. function old new delta udhcpc6_main 2568 2576 +8 .rodata 103339 103294 -45 udhcpc_main 2609 2550 -59 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/2 up/down: 8/-104) Total: -96 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* wget: allow HTTP 307/308 redirectsGravatar Jeremy Lin9 days1-0/+2
| | | | | | | | | This resolves failures like wget: server returned error: HTTP/1.1 307 Temporary Redirect Signed-off-by: Jeremy Lin <jeremy.lin@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: code shrink in curve 25519Gravatar Denys Vlasenko10 days1-19/+27
| | | | | | | | | | | function old new delta curve25519 832 849 +17 curve_x25519_compute_pubkey_and_premaster 74 71 -3 static.basepoint9 32 - -32 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 1/1 up/down: 17/-35) Total: -18 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: tweak sp_256_ecc_gen_k_10 for smaller codeGravatar Denys Vlasenko11 days1-7/+0
| | | | | | | function old new delta curve_P256_compute_pubkey_and_premaster 194 191 -3 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: shrink sp_256_mod_mul_norm_10 moreGravatar Denys Vlasenko11 days1-18/+18
| | | | | | | function old new delta sp_256_mod_mul_norm_10 1439 1305 -134 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: shrink sp_256_mod_mul_norm_10Gravatar Denys Vlasenko11 days2-202/+85
| | | | | | | function old new delta sp_256_mod_mul_norm_10 1439 1405 -34 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: shrink p256_base moreGravatar Denys Vlasenko11 days1-10/+7
| | | | | | | | | | | | | function old new delta static.p256_base_bin - 64 +64 sp_256_point_from_bin2x32 - 62 +62 static.base_y 40 - -40 static.base_x 40 - -40 curve_P256_compute_pubkey_and_premaster 291 194 -97 ------------------------------------------------------------------------------ (add/remove: 2/2 grow/shrink: 0/1 up/down: 126/-177) Total: -51 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: shrink p256_baseGravatar Denys Vlasenko12 days1-12/+18
| | | | | | | | | | | | function old new delta curve_P256_compute_pubkey_and_premaster 196 291 +95 static.base_y - 40 +40 static.base_x - 40 +40 p256_base 244 - -244 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 1/0 up/down: 175/-244) Total: -69 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: reorder P256 functions to make more senseGravatar Denys Vlasenko12 days1-179/+179
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: whitespace fixesGravatar Denys Vlasenko12 days4-21/+19
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: add a patch with optimization which _should_ give better codeGravatar Denys Vlasenko12 days1-0/+142
| | | | | | ...but does not. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: get rid of constant-time add/sub operationsGravatar Denys Vlasenko12 days1-37/+21
| | | | | | | | | | | | | | | function old new delta sp_256_sub_10 - 22 +22 static.sp_256_mont_reduce_10 176 178 +2 sp_256_mod_mul_norm_10 1440 1439 -1 sp_256_proj_point_dbl_10 453 446 -7 sp_256_ecc_mulmod_10 1229 1216 -13 static.sp_256_mont_sub_10 52 30 -22 static.sp_256_cond_sub_10 32 - -32 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 1/4 up/down: 24/-75) Total: -51 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: fix whitespace in P256 codeGravatar Denys Vlasenko12 days1-501/+501
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: shrink sp_256_mont_inv_10Gravatar Denys Vlasenko12 days1-1/+9
| | | | | | | | | | function old new delta sp_256_ecc_mulmod_10 1237 1251 +14 p256_mod_2 32 - -32 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 1/0 up/down: 14/-32) Total: -18 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: stop passing temporary buffer address in P256 codeGravatar Denys Vlasenko12 days1-35/+26
| | | | | | | | | | function old new delta sp_256_proj_point_dbl_10 435 453 +18 sp_256_ecc_mulmod_10 1300 1237 -63 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/1 up/down: 18/-63) Total: -45 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: shrink sp_256_proj_point_dbl_10Gravatar Denys Vlasenko12 days1-37/+24
| | | | | | | function old new delta sp_256_ecc_mulmod_10 1329 1300 -29 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: in P256 replace constant-time compares with usual onesGravatar Denys Vlasenko12 days1-14/+9
| | | | | | | | | | | | function old new delta sp_256_cmp_10 - 24 +24 sp_256_ecc_mulmod_10 1332 1329 -3 sp_256_cmp_equal_10 30 - -30 static.sp_256_cmp_10 43 - -43 ------------------------------------------------------------------------------ (add/remove: 1/2 grow/shrink: 0/1 up/down: 24/-76) Total: -52 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: simplify sp_256_proj_point_dbl_10Gravatar Denys Vlasenko12 days1-36/+22
| | | | | | | function old new delta sp_256_proj_point_dbl_10 490 435 -55 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: simplify array manipulations in sp_256_ecc_mulmod_10Gravatar Denys Vlasenko12 days1-18/+17
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: get rid of address obfuscation trick in P256Gravatar Denys Vlasenko12 days1-10/+2
| | | | | | | | | | function old new delta addr_mask 8 - -8 sp_256_ecc_mulmod_10 1363 1330 -33 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-41) Total: -41 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: simplify sp_256_ecc_gen_k_10, cosmetic changesGravatar Denys Vlasenko12 days2-138/+52
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: make x25519 key generation code more similar to P256Gravatar Denys Vlasenko12 days4-44/+51
| | | | | | | | | | function old new delta curve_x25519_compute_pubkey_and_premaster - 74 +74 tls_handshake 2146 2072 -74 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/1 up/down: 74/-74) Total: 0 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: implement secp256r1 elliptic curve (aka P256)Gravatar Denys Vlasenko12 days4-36/+1126
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | function old new delta sp_256_mod_mul_norm_10 - 1439 +1439 sp_256_ecc_mulmod_10 - 1363 +1363 sp_256_proj_point_dbl_10 - 490 +490 p256_base - 244 +244 static.sp_256_mont_sqr_10 - 234 +234 static.sp_256_mont_mul_10 - 214 +214 curve_P256_compute_pubkey_and_premaster - 197 +197 static.sp_256_mont_reduce_10 - 176 +176 static.sp_256_from_bin - 149 +149 sp_256_to_bin - 148 +148 tls_handshake 2046 2146 +100 static.sp_256_mul_add_10 - 82 +82 .rodata 103275 103336 +61 static.sp_256_mont_sub_10 - 52 +52 static.sp_256_mont_dbl_10 - 52 +52 static.sp_256_cmp_10 - 43 +43 p256_mod - 40 +40 static.sp_256_cond_sub_10 - 32 +32 p256_mod_2 - 32 +32 sp_256_norm_10 - 31 +31 sp_256_cmp_equal_10 - 30 +30 sp_256_add_10 - 22 +22 addr_mask - 8 +8 ------------------------------------------------------------------------------ (add/remove: 22/0 grow/shrink: 2/0 up/down: 5239/0) Total: 5239 bytes text data bss dec hex filename 1018192 559 5020 1023771 f9f1b busybox_old 1023431 559 5020 1029010 fb392 busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* inetd: deinline machtime() - gcc gets it wrongGravatar Denys Vlasenko2021-04-241-1/+1
| | | | | | | | | | | function old new delta machtime - 24 +24 machtime_stream 45 29 -16 machtime_dg 114 97 -17 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/2 up/down: 24/-33) Total: -9 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: "server did not provide EC key" is fatalGravatar Denys Vlasenko2021-04-241-1/+1
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* libbb.h: inline byteswapsGravatar Denys Vlasenko2021-04-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | function old new delta recv_and_process_peer_pkt 2173 2245 +72 machtime_dg 97 114 +17 machtime_stream 29 45 +16 fmt_time_bernstein_25 132 139 +7 aesgcm_GHASH 183 184 +1 dumpleases_main 519 516 -3 __bswap_32 3 - -3 udhcp_run_script 743 739 -4 tls_xread_record 634 630 -4 select_lease_time 56 52 -4 rdate_main 260 256 -4 get_prefix 327 323 -4 udhcp_listen_socket 185 180 -5 sha1_process_block64 361 356 -5 sendping6 81 76 -5 sendping4 107 102 -5 read32 27 22 -5 ll_proto_a2n 112 107 -5 bb_lookup_port 102 97 -5 udhcpc_main 2615 2609 -6 tftpd_main 579 573 -6 str2sockaddr 558 552 -6 GMULT 136 130 -6 sha1_end 73 66 -7 ntpd_main 1361 1354 -7 ntohl 7 - -7 inet_addr_match 93 86 -7 htonl 7 - -7 do_iplink 1259 1252 -7 do_add_or_delete 1138 1131 -7 create_and_bind_or_die 117 110 -7 bind_for_passive_mode 124 117 -7 xconnect_ftpdata 98 90 -8 rpm_getint 118 110 -8 read_leases 304 296 -8 read_config 216 208 -8 udhcp_send_kernel_packet 336 327 -9 udhcp_recv_kernel_packet 143 134 -9 sha256_process_block64 451 442 -9 d6_send_kernel_packet_from_client_data_ifindex 275 266 -9 write_leases 215 205 -10 wget_main 2518 2508 -10 udhcpd_main 1528 1518 -10 tftp_protocol 2019 2009 -10 ftpd_main 2159 2149 -10 des_crypt 1318 1308 -10 send_ACK 138 127 -11 ipaddr_modify 1618 1607 -11 udhcp_str2optset 650 638 -12 init_d6_packet 115 103 -12 xwrite_encrypted 512 499 -13 tls_handshake 2060 2047 -13 pscan_main 607 594 -13 perform_d6_release 240 227 -13 ip_port_str 135 122 -13 handle_incoming_and_exit 2230 2217 -13 INET_setroute 751 737 -14 traceroute_init 1153 1137 -16 nc_main 1055 1039 -16 udhcp_init_header 92 75 -17 volume_id_probe_hfs_hfsplus 512 494 -18 send_offer 455 435 -20 do_lzo_decompress 507 487 -20 add_client_options 229 209 -20 ipcalc_main 554 533 -21 dhcprelay_main 966 943 -23 change_listen_mode 345 321 -24 send_packet 188 162 -26 static.xmalloc_optname_optval 709 681 -28 rpm_gettags 447 419 -28 machtime 28 - -28 catcher 299 270 -29 sfp_to_d 78 48 -30 reread_config_file 917 886 -31 lfp_to_d 84 51 -33 udhcp_recv_raw_packet 594 559 -35 nbdclient_main 1182 1145 -37 d_to_lfp 137 100 -37 lzo_compress 567 529 -38 d6_recv_raw_packet 299 254 -45 d_to_sfp 133 85 -48 d6_send_raw_packet_from_client_data_ifindex 427 379 -48 common_ping_main 1935 1887 -48 udhcp_send_raw_packet 467 416 -51 zcip_main 1219 1160 -59 udhcpc6_main 2636 2568 -68 do_lzo_compress 327 258 -69 send_arp_request 201 129 -72 common_traceroute_main 1699 1621 -78 arpping 523 437 -86 arping_main 1597 1481 -116 print_tunnel 678 550 -128 dnsd_main 1304 1164 -140 parse_args 1370 1169 -201 ------------------------------------------------------------------------------ (add/remove: 0/6 grow/shrink: 5/85 up/down: 113/-2246) Total: -2133 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: make constant basepoint9[32] array 8-byte alignedGravatar Denys Vlasenko2021-04-221-1/+1
| | | | | | Has no effect on binary size, but likely to be more efficient. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: further reduce register pressure in i386 assemblyGravatar Denys Vlasenko2021-04-201-3/+3
| | | | | | | function old new delta pstm_montgomery_reduce 435 431 -4 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* tls: reduce register pressure in i386 assembly (helps Android to compile)Gravatar Denys Vlasenko2021-04-201-0/+24
| | | | | | | function old new delta pstm_montgomery_reduce 440 435 -5 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* fix gcc-11.0 warningsGravatar Denys Vlasenko2021-04-141-1/+1
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* ntpd: code shrink (force not-inlining, stop returning structs)Gravatar Denys Vlasenko2021-03-261-25/+25
| | | | | | | | | | | | | | | function old new delta d_to_sfp - 133 +133 lfp_to_d - 84 +84 sfp_to_d - 78 +78 d_to_lfp 141 137 -4 .rodata 103182 103174 -8 recv_and_process_peer_pkt 2380 2173 -207 recv_and_process_client_pkt 706 493 -213 ------------------------------------------------------------------------------ (add/remove: 3/0 grow/shrink: 0/4 up/down: 295/-432) Total: -137 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* timeout,top,watch,ping: parse NN.N fractional duration in locales with other ↵Gravatar Denys Vlasenko2021-03-231-0/+1
| | | | | | separators Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* udhcpc: ignore zero-length DHCP options, take 2Gravatar Denys Vlasenko2021-03-161-3/+3
| | | | | | advance the optionptr by two bytes, not one Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* udhcpc: ignore zero-length DHCP optionsGravatar Russell Senior2021-03-161-8/+18
| | | | | | | | | | | | | | | | | | | | Discovered that the DHCP server on a TrendNet router (unknown model) provides a zero-length option 12 (Host Name) in the DHCP ACK message. This has the effect of causing udhcpc to drop the rest of the options, including option 51 (IP Address Lease Time), 3 (Router), and 6 (Domain Name Server), most importantly leaving the OpenWrt device with no default gateway. The TrendNet behavior violates RFC 2132, which in Section 3.14 declares that option 12 has a minimum length of 1 octet. It is perhaps not a cosmic coincidence that I found this behavior on Pi Day. This patch allows zero length options without bailing out, by simply skipping them. function old new delta udhcp_scan_options 183 172 -11 Signed-off-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* wget: new option FEATURE_WGET_FTP to enable/disable FTPGravatar Sergey Ponomarev2021-03-091-15/+35
| | | | | | | | | | | | | | | | | | | | Introduce a separate option FTPS_SUPPORTED instead of not obvious ENABLE_FEATURE_WGET_HTTPS. function old new delta P_FTP 4 - -4 P_FTPS 5 - -5 reset_beg_range_to_zero 41 - -41 parse_url 431 366 -65 parse_pasv_epsv 154 - -154 .rodata 115566 115408 -158 ftpcmd 204 - -204 spawn_ssl_client 291 - -291 wget_main 2998 2664 -334 ------------------------------------------------------------------------------ (add/remove: 0/7 grow/shrink: 0/3 up/down: 0/-1256) Total: -1256 bytes Signed-off-by: Sergey Ponomarev <stokito@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* ntpd: tweak commentsGravatar Denys Vlasenko2021-03-021-23/+9
| | | | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* ntpd: decrease INITIAL_SAMPLES from 4 to 3Gravatar Denys Vlasenko2021-03-021-15/+12
| | | | | | | | | | | This reduces initial traffic to NTP servers when a lot of devices boot at once. Log inspection tells me we agressively burst-poll servers about 5 times at startup, even though we usually already update clock after second replies. INITIAL_SAMPLES can probably be even lower, e.g. 2, but let's be conservative when changing this stuff. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* dnsd: check that we don't read past packetGravatar Denys Vlasenko2021-02-221-5/+12
| | | | | | | function old new delta dnsd_main 1296 1304 +8 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* udhcp: reuse stringsGravatar Denys Vlasenko2021-02-213-10/+14
| | | | | | | | text data bss dec hex filename 1019916 559 5020 1025495 fa5d7 busybox_old 1019906 559 5020 1025485 fa5cd busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* ntpd: log responses to clients at log level 3Gravatar Denys Vlasenko2021-02-211-0/+6
| | | | | | | function old new delta recv_and_process_client_pkt 670 706 +36 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* ntpd: without INITIAL_FREQ_ESTIMATION code, state variable is not needed tooGravatar Denys Vlasenko2021-02-211-52/+36
| | | | | | | function old new delta update_local_clock 917 872 -45 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>