MFC r330085:

dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP

When dhclient first starts, if an old IP address exists in the
dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s)
in an attempt to re-obtain the old IP address again. These messages
contain the old IP as a requested-IP-address option in the message
body (correct) but also use the old IP address as the packet's source
IP (incorrect).

RFC2131 sec 4.1 states:

DHCP messages broadcast by a client prior to that client obtaining
its IP address must have the source address field in the IP header
set to 0.

The use of the old IP as the packet's source address is incorrect if
(a) the computer is now on a different network or (b) it is on the
same network, but the old IP has been reallocated to another host.

Fix dhclient to use 0.0.0.0 as the source IP in this circumstance
without removing any existing functionality. Any previously-used old
IP is still requested in the body of an early DHCPREQUEST message.

PR: 199378
Submitted by: J.R. Oldroyd <fbsd@opal.com>
Reported by: J.R. Oldroyd <fbsd@opal.com>
Sponsored by: Dell EMC

MFC r298385

dhclient: Log a warning instead of bailing upon "illegal" options

In Azure, the DHCP servers add private option (id 0xf5), which contains
binary form of an IPv4 address. Once this option is converted to string
form, it could contain '$', e.g.

IPv4 address: 100.72.36.54
binary form: 0x64 0x48 0x24 0x36
string form: "dH$6"

dhclient bails upon "illegal" options like the above example, thus the
VM bring-up will fail.

Also as a side note, this "illegal" option detection was added in
OpenBSD ~11years ago:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.50&content-type=text/x-cvsweb-markup

And it was removed along with the removal of script support in OpenBSD
~3years ago:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.159&content-type=text/x-cvsweb-markup

Reported by: Hongxiong Xian <v-hoxian microsoft com>
Reviewed by: jhb, Dexuan Cui <decui microsoft com>
Tested by: Hongxiong Xian <v-hoxian microsoft com>
Analyzed by: Dong Liu <doliu microsoft com>
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D5853

MFC r283641:

Add CAP_FCNTL to the lease file capsicum rights, and limit to
CAP_FCNTL_GETFL. Without CAP_FCNTL_GETFL, the lease file truncation
in rewrite_client_leases() will fail to trim old data when rewriting
the file with a lesser amount of data.

Merge an applicable subset of r263234 from HEAD to stable/10:

Update most userspace consumers of capability.h to use capsicum.h instead.

auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

Note that a significant fraction does not apply, as FreeBSD 10 doesn't
contain a Capsicumised ping, casperd, libcasper, etc. When these features
are merged, the capsicum.h change will need to be merged with them.

Sponsored by: Google, Inc.

MFC: r261566

Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.

PR: 185382 (based on)
Submitted by: Loganaden Velvindron
Reviewed by: pjd

MFC r283641:

Add CAP_FCNTL to the lease file capsicum rights, and limit to
CAP_FCNTL_GETFL. Without CAP_FCNTL_GETFL, the lease file truncation
in rewrite_client_leases() will fail to trim old data when rewriting
the file with a lesser amount of data.

Merge an applicable subset of r263234 from HEAD to stable/10:

Update most userspace consumers of capability.h to use capsicum.h instead.

auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

Note that a significant fraction does not apply, as FreeBSD 10 doesn't
contain a Capsicumised ping, casperd, libcasper, etc. When these features
are merged, the capsicum.h change will need to be merged with them.

Sponsored by: Google, Inc.

MFC: r261566

Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.

PR: 185382 (based on)
Submitted by: Loganaden Velvindron
Reviewed by: pjd