ndhc | Privilege-separated secure DHCPv4 client for Linux

by niklata C Version: v2022-03-08-v2 License: MIT

X-Ray Key Features Code Snippets(1)Community Discussions Vulnerabilities Install Support

kandi X-RAY | ndhc Summary

ndhc is a C library. ndhc has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub, GitLab.

ndhc is a multi-process, privilege-separated DHCP client. Each subprocess runs with the minimal necessary privileges in order to perform its task. Currently, ndhc consists of three subprocesses: the ndhc-master, ndhc-ifch, and ndhc-sockd. ndhc-master communicates with DHCP servers and handles the vagaries of the DHCP client protocol. It runs as a non-root user inside a chroot. ndhc runs as a normal user with no special privileges and is restricted to a chroot that contains nothing more than a domain socket filesystem object (if using syslog), a urandom device node, and a null device node. ndhc-ifch handles interface change requests. It listens on a unix socket for such requests. ndhc-ifch runs as a non-root user inside a chroot, and retains only the power to configure network interfaces. ndhc-ifch automatically forks from ndhc-master to perform its job. ndhc-sockd plays a similar role to ndhc-ifch, but it instead has the ability to bind to a low port, the ability to open a raw socket, and the ability to communicate on broadcast channels. ndhc communicates with ndhc-sockd over a unix socket, and the file descriptors that ndhc-sockd creates are passed back to ndhc over the unix socket. ndhc fully implements RFC5227's address conflict detection and defense. Great care is taken to ensure that address conflicts will be detected, and ndhc also has extensive support for address defense. Care is taken to prevent unintentional ARP flooding under any circumstance. ndhc also monitors hardware link status via netlink events and reacts appropriately when interface carrier status changes or an interface is explicitly deconfigured. This functionality can be useful on wired networks when transient carrier downtimes occur (or cables are changed), but it is particularly useful on wireless networks. RFC3927's IPv4 Link Local Addressing is not supported. I have found v4 LLAs to be more of an annoyance than a help. v6 LLAs work much better in practice.

Support

Quality

Security

License

Reuse

Support

ndhc has a low active ecosystem.

It has 23 star(s) with 3 fork(s). There are 3 watchers for this library.

It had no major release in the last 12 months.

There are 0 open issues and 9 have been closed. On average issues are closed in 216 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of ndhc is v2022-03-08-v2

Quality

ndhc has 0 bugs and 0 code smells.

Security

ndhc has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

ndhc code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

ndhc is licensed under the MIT License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

ndhc releases are available to install and integrate.

Installation instructions, examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of ndhc

Get all kandi verified functions for this library.

ndhc Key Features

No Key Features are available at this moment for ndhc.

ndhc Examples and Code Snippets

ndhc,Installation

Lines of Code : 26

License : Permissive (MIT)

Copy

$ su -
# umask 077
# groupadd ndhc

# useradd -d /var/lib/ndhc -s /sbin/nologin -g ndhc dhcpsockd
# useradd -d /var/lib/ndhc -s /sbin/nologin -g ndhc dhcpifch
# useradd -d /var/lib/ndhc -s /sbin/nologin -g ndhc dhcp

# mkdir /etc/ndhc
# chown root.ro

Community Discussions

No Community Discussions are available at this moment for ndhc.Refer to stack overflow page for discussions.

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install ndhc

Compile and install ndhc. Time to create the jail in which ndhc will run. Become root and create new group ndhc. Create new users dhcpsockd, dhcpifch and dhcp. The primary group of these users should be ndhc. Create the state directory where DUIDs and IAIDs will be stored. Create the jail directory and set its ownership properly. Create a urandom device for ndhc to use within the jail. (optional) If you wish for logging to properly work, you will need to properly configure your logging daemon so that it opens a domain socket in the proper location within the jail. Since this varies per-daemon, I cannot provide a general configuration. At this point the jail is usable; ndhc is ready to be used. It should be invoked as the root user so that it can spawn its processes with the proper permissions. An example of invoking ndhc: ndhc -i wan0 -u dhcp -U dhcpifch -D dhcpsockd -C /var/lib/ndhc. If you encounter problems, I suggest running ndhc in the foreground and examining the printed output. I suggest running ndhc under some sort of process supervision such as runit or s6. This will allow for reliable functioning in the case of unforseen or unrecoverable errors.
Create a build directory: mkdir build && cd build
Create the makefiles: cmake ..
Build ndhc: make
Install the ndhc/ndhc executable in a normal place. I would suggest /usr/sbin or /usr/local/sbin.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: