From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B82471382C5 for ; Tue, 2 Feb 2021 08:28:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F2F38E0903; Tue, 2 Feb 2021 08:28:41 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C3E1DE0903 for ; Tue, 2 Feb 2021 08:28:41 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 92CE234154B for ; Tue, 2 Feb 2021 08:28:40 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id DADD6B9 for ; Tue, 2 Feb 2021 08:28:38 +0000 (UTC) From: "Lars Wendler" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" Message-ID: <1612254422.b60fd3319a254dfacf0051dc0e5343a8fe6e87f1.polynomial-c@OpenRC> Subject: [gentoo-commits] proj/netifrc:master commit in: net/ X-VCS-Repository: proj/netifrc X-VCS-Files: net/apipa.sh X-VCS-Directories: net/ X-VCS-Committer: polynomial-c X-VCS-Committer-Name: Lars Wendler X-VCS-Revision: b60fd3319a254dfacf0051dc0e5343a8fe6e87f1 X-VCS-Branch: master Date: Tue, 2 Feb 2021 08:28:38 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 0c871c15-0503-4622-a54a-af7ef7c86b3d X-Archives-Hash: 1ae590093dc73064016c50c3c213aa35 commit: b60fd3319a254dfacf0051dc0e5343a8fe6e87f1 Author: Kerin Millar plushkava net> AuthorDate: Tue Feb 2 03:47:13 2021 +0000 Commit: Lars Wendler gentoo org> CommitDate: Tue Feb 2 08:27:02 2021 +0000 URL: https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=b60fd331 net/apipa.sh: Simplify and address the remaining portability issues Re-factor the over-generalised seeding function into a _random_uint16 function. Have it use a simpler, faster method to collect entropy, with the aid of od(1). Shorten the previously rambling comment. Simplify the _random_apipa_octets function. Clamp the seed to the range 0-32767 for maximal portability. Convey the seed as a formal parameter, rather then inject it. Use a simpler method to produce the octets, running awk(1) only once. Format the random float, so that awk(1) is prevented from using scientific notation to represent certain numbers. Change a variable name in the subshell responsible for reading the list of octet pairs, so as to be less confusing to future readers. Note that the portability issue mentioned by commit 31a05f1 is addressed. The code should now be fully POSIX-compliant, save for the continued use of the local keyword, upon which it does not rely. Signed-off-by: Kerin Millar plushkava.net> Signed-off-by: Lars Wendler gentoo.org> net/apipa.sh | 63 ++++++++++++++++++++++++++++-------------------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/net/apipa.sh b/net/apipa.sh index 41274fa..a124b84 100644 --- a/net/apipa.sh +++ b/net/apipa.sh @@ -6,47 +6,42 @@ apipa_depend() program /sbin/arping /bin/arping } -_random_bytes_as_int() +_random_uint16() { - local hex num_bytes="$1" - - # While POSIX does not require that /dev/urandom exist, it is a - # de-facto standard. Therefore, the following approach should be - # highly portable in practice. In the case of Linux, and unlike BSD - # this interface does not block in the event that the CSRNG has not - # yet been seeded. Still, this is acceptable because we do not - # require a guarantee that the entropy be cryptographically secure. - # It's also worth noting that Linux >=5.4 is faster at seeding in - # the absence of RDRAND/RDSEED than previous versions were. + # While POSIX does not require that /dev/urandom exist, it is a de-facto + # standard. In the case of Linux, and unlike BSD, this interface does + # not block in the event that the CSRNG has not yet been seeded. + # Still, this is acceptable because we do not require a guarantee that + # the entropy be cryptographically secure. test -e /dev/urandom && - hex=$( - LC_ALL=C tr -dc '[:xdigit:]' < /dev/urandom | - dd bs="$(( num_bytes * 2 ))" count=1 2>/dev/null) && - test "${#hex}" = "$(( num_bytes * 2 ))" && - printf '%d\n' "0x${hex}" + printf %d 0x"$(LC_ALL=C od -vAn -N2 -tx1 /dev/urandom | tr -d '[:space:]')" } _random_apipa_octets() { local seed - # Obtain a highly random 16-bit seed for use by awk's RNG. In the - # unlikely event that the seed ends up being empty, awk will seed - # based on the time of day, with a granularity of one second. - seed=$(_random_bytes_as_int 2) + # Attempt to generate a random uint16 to seed awk's RNG. The maximum + # value of RAND_MAX known to be portable is 32767. Clamp accordingly by + # discarding one bit's worth of data. Should the seed turn out to be + # empty, we instruct awk to seed based on the time of day, in seconds. + seed=$(_random_uint16) && : $(( seed >>= 1 )) # For APIPA (RFC 3927), the 169.254.0.0/16 address block is # reserved. This provides 65024 addresses, having accounted for the # fact that the first and last /24 are reserved for future use. - awk "BEGIN { - srand($seed) - for (i=256; i<65280; i++) print rand() \" \" i - }" | - sort -k 1,1 -n | - POSIXLY_CORRECT=1 awk '{ - hex = sprintf("%04x",$2) - printf("%d %d\n", "0x" substr(hex,1,2), "0x" substr(hex,3,2)) - }' + awk -v seed="$seed" 'BEGIN { + if (seed != "") { + srand(seed) + } else { + srand() + } + for (i = 1; i < 255; i++) { + for (j = 0; j < 256; j++) { + printf("%f %d %d\n", rand(), i, j) + } + } + }' | sort -k 1,1 -n } apipa_start() @@ -62,11 +57,11 @@ apipa_start() addr=$( _random_apipa_octets | { - while read -r i1 i2; do - addr="169.254.${i1}.${i2}" - vebegin "${addr}/16" >&3 - if ! arping_address "${addr}" >&3; then - printf '%s\n' "${addr}" + while read -r f1 f2 f3; do + next_addr="169.254.$f2.$f3" + vebegin "$next_addr/16" >&3 + if ! arping_address "$next_addr" >&3; then + printf %s "$next_addr" exit 0 fi done