mdnshosts experiment #14

Open
wants to merge 12 commits into
from

Projects

None yet

3 participants

@kristapsdz
Contributor

This is an ongoing project with only a few hours of work in it, but I thought I'd put it out there as soon as possible for comment. mdnshosts is basically a channel between mdsnctl browse -r and /etc/hosts. It's essentially a revamped mdnsctl.

The daemon starts up, creates worker children, then the main process continues to listen on the mdnsd socket. When entries come online or go offline, this main process sends this information to a writer process. The writer process maintains a database of entry name to host to IP mappings. When the database changes, it flushes the text to a file in hosts(5) format and notifies the replacer child. The replacer child swaps the temporary file into the real /etc/hosts file atomically.

All of the processes have pledge(2) and chroot(2). However, the security can be greatly increased.

On my list of things to do:

  1. Tighten down pledges in the writer, possibly splitting this into another process.
  2. Increase sanity checks on the hosts database.
  3. Logging to syslog, not stderr.
  4. Pruning out mdnsl.c (copied over from mdnsctl).
  5. And so much more---I just wrote this today.

I wrote this because I was so frustrated with our network changing IP addresses all the time and needing to run mdnsctl lookup -r every time I used SSH or printed.

@haesbaert
Owner

I like the idea, didn't have time to read it in detail, I've noticed you copied mdnsl.c, in the future I agree, it should be a library. But for the meantime you could just refer to the same .c file, like ../mdnsctl/mdnsl.c, better than having a copy.

+CFLAGS+= -Wmissing-declarations
+CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual
+CFLAGS+= -Wsign-compare
+CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../mdnsd
@haesbaert
haesbaert Feb 14, 2017 Owner

here could add
CFLAGS += -I{.CURDIR}/../mdnsctl/

so then you can get mdnsl.c

@elad
Contributor
elad commented Feb 17, 2017

@kristapsdz could you please elaborate on why this functionality has to be part of mdnsd instead of simply piping its output somewhere else that might manage more than just /etc/hosts?

@kristapsdz
Contributor
kristapsdz commented Feb 17, 2017 edited

@elad, what do you mean by part of mdnsd? It's not part of mdnsd. It, like mdnsctl, talks with mdnsd over the socket. As for whether it should be part of the suite of tools, that's simply because there's no library for it, so I had to put it as a subdirectory of mdnsd.

(Added later.) I'd actually like a lot more for it to be separate, and it can be---it literally uses mdnsl.c that mdnsctl uses.

@haesbaert
Owner

I think the point is that this is not part of mdnsd/mdnsd, it's an application using mdnsl.c.

That was the initial idea, to have a mdns library and many applications that use it as they see fit, I'll quit slacking and turn mdnsl into a shared object.

@elad
Contributor
elad commented Feb 18, 2017

@kristapsdz okay, the no library part makes sense I guess.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment