#
330693 |
|
09-Mar-2018 |
dab |
MFC r330085:
dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP
When dhclient first starts, if an old IP address exists in the dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s) in an attempt to re-obtain the old IP address again. These messages contain the old IP as a requested-IP-address option in the message body (correct) but also use the old IP address as the packet's source IP (incorrect).
RFC2131 sec 4.1 states:
DHCP messages broadcast by a client prior to that client obtaining its IP address must have the source address field in the IP header set to 0.
The use of the old IP as the packet's source address is incorrect if (a) the computer is now on a different network or (b) it is on the same network, but the old IP has been reallocated to another host.
Fix dhclient to use 0.0.0.0 as the source IP in this circumstance without removing any existing functionality. Any previously-used old IP is still requested in the body of an early DHCPREQUEST message.
PR: 199378 Submitted by: J.R. Oldroyd <fbsd@opal.com> Reported by: J.R. Oldroyd <fbsd@opal.com> Sponsored by: Dell EMC
|
#
299156 |
|
06-May-2016 |
sephe |
MFC r298385
dhclient: Log a warning instead of bailing upon "illegal" options
In Azure, the DHCP servers add private option (id 0xf5), which contains binary form of an IPv4 address. Once this option is converted to string form, it could contain '$', e.g.
IPv4 address: 100.72.36.54 binary form: 0x64 0x48 0x24 0x36 string form: "dH$6"
dhclient bails upon "illegal" options like the above example, thus the VM bring-up will fail.
Also as a side note, this "illegal" option detection was added in OpenBSD ~11years ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.50&content-type=text/x-cvsweb-markup
And it was removed along with the removal of script support in OpenBSD ~3years ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.159&content-type=text/x-cvsweb-markup
Reported by: Hongxiong Xian <v-hoxian microsoft com> Reviewed by: jhb, Dexuan Cui <decui microsoft com> Tested by: Hongxiong Xian <v-hoxian microsoft com> Analyzed by: Dong Liu <doliu microsoft com> Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D5853
|
#
283978 |
|
04-Jun-2015 |
pkelsey |
MFC r283641:
Add CAP_FCNTL to the lease file capsicum rights, and limit to CAP_FCNTL_GETFL. Without CAP_FCNTL_GETFL, the lease file truncation in rewrite_client_leases() will fail to trim old data when rewriting the file with a lesser amount of data.
|
#
280250 |
|
19-Mar-2015 |
rwatson |
Merge an applicable subset of r263234 from HEAD to stable/10:
Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two.
Note that a significant fraction does not apply, as FreeBSD 10 doesn't contain a Capsicumised ping, casperd, libcasper, etc. When these features are merged, the capsicum.h change will need to be merged with them.
Sponsored by: Google, Inc.
|
#
261828 |
|
13-Feb-2014 |
brueffer |
MFC: r261566
Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
PR: 185382 (based on) Submitted by: Loganaden Velvindron Reviewed by: pjd
|
#
283978 |
|
04-Jun-2015 |
pkelsey |
MFC r283641:
Add CAP_FCNTL to the lease file capsicum rights, and limit to CAP_FCNTL_GETFL. Without CAP_FCNTL_GETFL, the lease file truncation in rewrite_client_leases() will fail to trim old data when rewriting the file with a lesser amount of data.
|
#
280250 |
|
19-Mar-2015 |
rwatson |
Merge an applicable subset of r263234 from HEAD to stable/10:
Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two.
Note that a significant fraction does not apply, as FreeBSD 10 doesn't contain a Capsicumised ping, casperd, libcasper, etc. When these features are merged, the capsicum.h change will need to be merged with them.
Sponsored by: Google, Inc.
|
#
261828 |
|
13-Feb-2014 |
brueffer |
MFC: r261566
Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
PR: 185382 (based on) Submitted by: Loganaden Velvindron Reviewed by: pjd
|