#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
461ccb55 |
|
14-Mar-2023 |
Rob Norris <rob.norris@klarasystems.com> |
dhclient: add ability to ignore options in offers A machine might exist on multiple networks, all of which offer, say, default routes or name servers. There's no easy way to indicate in the config that those options are only valid for a single interface. Now, we can write: interface "lan0" { request routers; require routers; } interface "lan1" { ignore routers; } And only take action on default routes offered on lan0. Tested by: Jose Luis Duran <jlduran at gmail dot com> MFC after: 2 months Reviewed by: allanjude, imp Sponsored by: Zenith Electronics LLC Sponsored by: Klara, Inc. Pull Request: #693
|
#
3492caf5 |
|
14-Nov-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
dhclient(8): Verify lease-, renewal- and rebinding-time option sizes. Else out-of-bound reads and undefined behaviour may happen. The current code only checked for the presence of the first of four bytes. Make sure the fields in question have the minium size required. No functional change intended. Reviewed by: rrs@ MFC after: 1 week Sponsored by: NVIDIA Networking
|
#
0a539a0f |
|
18-Aug-2021 |
Fabian Kurtz <fabian.kurtz@udo.edu> |
dhclient: support supersede statement for option 54 PR: 217978 Reported by: Franco Fichtner <franco@opnsense.org> Reviewed by: markj Obtained from: OPNsense MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D31503
|
#
74aed808 |
|
28-Nov-2019 |
Conrad Meyer <cem@FreeBSD.org> |
Fix braino in previous bugfix r300174 The previous revision missed the exact same error in a copy paste block of the same code in another function. Fix the identical case, too. A DHCP client identifier is simply the hardware type (one byte) concatenated with the hardware address (some variable number of bytes, but at most 16). Limit the size of the temporary buffer to match and the rest of the calculations shake out correctly. PR: 238022 Reported by: Young <yangx92 AT hotmail.com> Submitted by: Young <yangx92 AT hotmail.com> MFC after: I don't plan to but you should feel free Security: yes
|
#
130cfcf3 |
|
22-Nov-2019 |
Dave Cottlehuber <dch@FreeBSD.org> |
dhclient: support option 114, default-url ascii This will enable further automation of HTTP UEFI boot loader support by providing a specific option for providing the boot URL to FreeBSD. Documented in: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcp-options https://tools.ietf.org/html/rfc3679 Approved by: emaste MFC after: 2 weeks Sponsored by: SkunkWerks, GmbH Differential Revision: https://reviews.freebsd.org/D22475
|
#
221e5d2d |
|
23-Feb-2019 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Further refine r336195: do not even attempt to verify/update interface's MTU if we've set it once and there were no changes on the DHCP server side since the last refresh. This is consistent I believe with how dhclient handles other settings like IP address, mask etc. Approved by: cem, eugen Differential Revision: https://reviews.freebsd.org/D18546
|
#
3b08e0fc |
|
08-Feb-2019 |
Jilles Tjoelker <jilles@FreeBSD.org> |
dhclient: Return non-zero status when script exits due to a signal r343896 made it such that a non-zero exit status was passed through, but was still wrong if the script exits on a signal. POSIX does not say what the WEXITSTATUS macro returns in this case and in practice 0 is a common value. Instead, translate the wait status into 8 bits the same way as the shell calculates $?. Reviewed by: kib, Nash Kaminski MFC after: 1 week
|
#
95f237c2 |
|
08-Feb-2019 |
Konstantin Belousov <kib@FreeBSD.org> |
Correctly return exit status from the exited process. This is also OpenBSD rev. 1.117, as pointed out by Ryan Moeller <ryan@ixsystems.com>. Submitted by: Nash Kaminski <nashkaminski@gmail.com> MFC after: 1 week
|
#
377421df |
|
04-Nov-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
capsicum: use a new capsicum helpers in tools Use caph_{rights,ioctls,fcntls}_limit to simplify the code.
|
#
17cfcf1d |
|
07-Aug-2018 |
Mark Johnston <markj@FreeBSD.org> |
dhclient: Enter capability mode before dropping privileges. This is needed to be able to chroot in the fallback case where Capsicum is not available. Reported by: Daniel Braniss <danny@cs.huji.ac.il> X-MFC with: r337382 Sponsored by: The FreeBSD Foundation
|
#
976e1003 |
|
06-Aug-2018 |
Mark Johnston <markj@FreeBSD.org> |
dhclient: Don't chroot if we are in capability mode. The main dhclient process is Capsicumized but also chroots to restrict filesystem access. With r322369, pidfile(3) maintains a directory descriptor for the pidfile, which can cause the chroot to fail in certain cases. To minimize the problem, only chroot if we fail to enter capability mode, and store dhclient pidfiles in a subdirectory of /var/run, thus restricting access via pidfile(3)'s directory descriptor. PR: 223327 Reviewed by: cem, oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D16584
|
#
b537db69 |
|
24-Jun-2018 |
Eitan Adler <eadler@FreeBSD.org> |
dhclient: recorrect __progname to getprogname() A more correct way to modernize code that uses __progname is to just replace each occurance of it with a call to getprogname(3) Reported by: ian Reviewed by: imp
|
#
71c6c44d |
|
24-Jun-2018 |
Eitan Adler <eadler@FreeBSD.org> |
dhclient: build with WARNS=6 - add static in a number of places - initialize __progname rather than rely on magical extern values - use nitems() instead of manually spelling it out - unshadow 'idi' - teach 'error' that it is '__dead2' - add missing 'break'
|
#
7672a014 |
|
19-Jun-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Convert `cap_enter() < 0 && errno != ENOSYS` to `caph_enter() < 0`. No functional change intended.
|
#
f93497fe |
|
31-May-2018 |
Conrad Meyer <cem@FreeBSD.org> |
dhclient(8): allow to supersede interface-mtu option In some cases broken DHCP servers might send invalid MTU value, so allow to use 'supersede' in dhclient.conf to override this. When superseded value is 0, MTU value is not updated at all. PR: 206721 Submitted by: novel@ Reported by: <jimp AT pfsense.org> MFC after: 37 minutes (if you care about 11, please MFC to 11.2) Relnotes: yes (potentially surprising behavior change w/ broken dhcpd mtu) Differential Revision: https://reviews.freebsd.org/D15484
|
#
3acf1760 |
|
27-Feb-2018 |
David Bright <dab@FreeBSD.org> |
dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP When dhclient first starts, if an old IP address exists in the dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s) in an attempt to re-obtain the old IP address again. These messages contain the old IP as a requested-IP-address option in the message body (correct) but also use the old IP address as the packet's source IP (incorrect). RFC2131 sec 4.1 states: DHCP messages broadcast by a client prior to that client obtaining its IP address must have the source address field in the IP header set to 0. The use of the old IP as the packet's source address is incorrect if (a) the computer is now on a different network or (b) it is on the same network, but the old IP has been reallocated to another host. Fix dhclient to use 0.0.0.0 as the source IP in this circumstance without removing any existing functionality. Any previously-used old IP is still requested in the body of an early DHCPREQUEST message. PR: 199378 Submitted by: J.R. Oldroyd <fbsd@opal.com> Reported by: J.R. Oldroyd <fbsd@opal.com> Reviewed by: cem, asomers, vangyzen MFC after: 1 week Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D14527
|
#
79a1d195 |
|
21-Feb-2018 |
Alan Somers <asomers@FreeBSD.org> |
dhclient: raise WARNS to 4 Mostly const-correctness fixes. There were also some variable-shadowing, unused variable, and a couple of sockaddr type-correctness changes. I also had trouble with cast-align warnings. I was able to prove that one of them was a false positive. But ultimately I had to disable the warning program-wide to deal with the others. Reviewed by: cem MFC after: 3 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D14460
|
#
31698405 |
|
02-Feb-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Use daemonfd(3) in the dhclient(8). Reviewed by: brooks@ Differential Revision: https://reviews.freebsd.org/D13603
|
#
afe6f835 |
|
14-Dec-2017 |
Alan Somers <asomers@FreeBSD.org> |
dhclient(8): raise WARNS to 3 Mostly had to fix a lot of signed/unsigned comparison warnings MFC after: 3 weeks Sponsored by: Spectra Logic Corp
|
#
5f28c51d |
|
13-Dec-2017 |
Alan Somers <asomers@FreeBSD.org> |
dhclient(8): Don't shift through the sign bit of a signed int PR: 208007 Submitted by: Michael McConville <mmcco@mykolab.com> MFC after: 3 weeks
|
#
8a16b7a1 |
|
20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
General further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
|
#
6789a8b5 |
|
12-Nov-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
dhclient(8) should not close stdio using daemon(3) function. dhclient(8) is chrooted so opening /dev/null always will fail. In capability world this is also annoying because we getting error that open(2) is not permitted in Capsicum. dhclient(8) is closing stdio by precaching fd to /dev/null before chroot. This is done few lines below daemon(3) function so let's not try to do that in daemon(3) function. Reviewed by: cem@ Differential Revision: https://reviews.freebsd.org/D12826
|
#
cb003dd9 |
|
12-Nov-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Use syslog service in dhclient(8). dhclient(8) is failing during boot to connect to the syslog service, because syslog daemon is started after dhclient(8). This can be reproduced by stooping syslog daemon and ktrace the dhclient or use kern.trap_enotcap sysctl and boot the machine. Using the Casper syslog service fix the problem. Reviewed by: bapt@ Differential Revision: https://reviews.freebsd.org/D12825
|
#
223c44ae |
|
07-May-2017 |
Nick Hibma <n_hibma@FreeBSD.org> |
Fix handling of large DHCP expiry values. They would overflow a signed 32-bit time_t on 32 bit architectures. This was taken care of, but a compiler optimisation makes this behave erratically. This could be resolved by adding a -fwrapv flag, but instead we can check the value before adding the current timestamp to it. In the lease file values are still wrong though: option dhcp-rebinding-time -644245096; PR: 218980 Reported by: Bob Eager MFC after: 2 weeks
|
#
1fb4382c |
|
30-Mar-2017 |
Nick Hibma <n_hibma@FreeBSD.org> |
Make dhcp-lease-time option supersedable as well. Note: It is not recommended to set this value to above the value that the server provided, unless that value is bogus.
|
#
c13fa60c |
|
30-Mar-2017 |
Nick Hibma <n_hibma@FreeBSD.org> |
Allow superseding the lease renewal and rebind times. Also make sure that the renewal is never more than 1/2 * expiry and rebind never more than 7/4 * renewal (the default values in the spec). This should allow adjusting high values from the server as well as making sure the values from the server make sense. Renewal and rebind times will be adjusted down if the expiry time is set very high in a server, not the other way around. This change just makes sure the values keep making sense.
|
#
387016a5 |
|
02-Sep-2016 |
Conrad Meyer <cem@FreeBSD.org> |
dhclient: add support for interface-mtu (26) Make dhclient set interface MTU if it was provided. This version implements MTU setting in dhclient itself before it runs dhclient-script. PR: 206721 Submitted by: novel@ Reported by: Jarrod Petz <jlpetz at gmail.com> Reviewed by: cem, allanjude Differential Revision: https://reviews.freebsd.org/D5675
|
#
fb0eab09 |
|
18-May-2016 |
Conrad Meyer <cem@FreeBSD.org> |
dhclient: Fix the trivial buffer overruns correctly A DHCP client identifier is simply the hardware type (one byte) concatenated with the hardware address (some variable number of bytes, but at most 16). Limit the size of the temporary buffer to match and the rest of the calculations shake out correctly. This is a follow-up to the incorrect r299512, reverted in r300172. CIDs: 1008682, 1305550 Sponsored by: EMC / Isilon Storage Division
|
#
4441bd73 |
|
18-May-2016 |
Conrad Meyer <cem@FreeBSD.org> |
Revert r299512 It broke client identifiers because I misunderstood the intent of the code. There is still a minor issue detected by Coverity (at least, I can't find where the code proves it isn't an issue). I'll follow up with a better fix for the CIDs. Reported by: Ian FREISLICH Sponsored by: EMC / Isilon Storage Division
|
#
021b92e5 |
|
11-May-2016 |
Conrad Meyer <cem@FreeBSD.org> |
dhclient: Fix some trivial buffer overruns There was some confusion about how to limit a hardware address to at most 16 bytes. In some cases it would overrun a byte off the end of the array. Correct the types and rectify the overrun. Reported by: Coverity CIDs: 1008682, 1305550 Sponsored by: EMC / Isilon Storage Division
|
#
dd09ce39 |
|
20-Apr-2016 |
Sepherosa Ziehau <sephe@FreeBSD.org> |
dhclient: Log a warning instead of bailing upon "illegal" options In Azure, the DHCP servers add private option (id 0xf5), which contains binary form of an IPv4 address. Once this option is converted to string form, it could contain '$', e.g. IPv4 address: 100.72.36.54 binary form: 0x64 0x48 0x24 0x36 string form: "dH$6" dhclient bails upon "illegal" options like the above example, thus the VM bring-up will fail. Also as a side note, this "illegal" option detection was added in OpenBSD ~11years ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.50&content-type=text/x-cvsweb-markup And it was removed along with the removal of script support in OpenBSD ~3years ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.159&content-type=text/x-cvsweb-markup Reported by: Hongxiong Xian <v-hoxian microsoft com> Reviewed by: jhb, Dexuan Cui <decui microsoft com> Tested by: Hongxiong Xian <v-hoxian microsoft com> Analyzed by: Dong Liu <doliu microsoft com> MFC after: 1 week Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D5853
|
#
19342eee |
|
27-May-2015 |
Patrick Kelsey <pkelsey@FreeBSD.org> |
Add CAP_FCNTL to the lease file capsicum rights, and limit to CAP_FCNTL_GETFL. Without CAP_FCNTL_GETFL, the lease file truncation in rewrite_client_leases() will fail to trim old data when rewriting the file with a lesser amount of data. Reviewed by: pjd, rwatson Approved by: jmallett (mentor) MFC after: 1 week
|
#
e16406c7 |
|
26-Jun-2014 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Remove duplicated includes. Submitted by: Mariusz Zaborski <oshogbo@FreeBSD.org>
|
#
b881b8be |
|
16-Mar-2014 |
Robert Watson <rwatson@FreeBSD.org> |
Update most userspace consumers of capability.h to use capsicum.h instead. auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two. MFC after: 3 weeks
|
#
bb7a82ac |
|
06-Feb-2014 |
Christian Brueffer <brueffer@FreeBSD.org> |
Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT. PR: 185382 (based on) Submitted by: Loganaden Velvindron Reviewed by: pjd MFC after: 1 week
|
#
07561ab4 |
|
02-Feb-2014 |
Eitan Adler <eadler@FreeBSD.org> |
dhclient: change the pidfile's permissions to 644 This change permits non-root users to determine if dhclient is running ('service dhclient status wlan0'). Discussed with: mjg, cperciva
|
#
7008be5b |
|
04-Sep-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Change the cap_rights_t type from uint64_t to a structure that we can extend in the future in a backward compatible (API and ABI) way. The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough. The structure definition looks like this: struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; }; The initial CAP_RIGHTS_VERSION is 0. The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements. The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future. To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg. #define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL) We still support aliases that combine few rights, but the rights have to belong to the same array element, eg: #define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL) #define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP) There is new API to manage the new cap_rights_t structure: cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...); bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little); Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg: cap_rights_t rights; cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT); There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg: #define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...); Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1: cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL); Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition. This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x. Sponsored by: The FreeBSD Foundation
|
#
374a8a32 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Fix dhclient for interfaces that are down. The discover_interfaces() function that looks for interface skips interfaces that are not UP. We need to call dhclient-script PREINIT before we call discover_interfaces(), so the script has a chance to bring the interface UP. Reported by: alfred
|
#
8da93e68 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229488: Sandbox unprivileged process using capability mode. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
a6f38228 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229487: Revoke all capability rights from STDIN and allow only for write to STDOUT and STDERR. All those descriptors are redirected to /dev/null. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
4c7a48b7 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229486: Once PID is written to the pidfile, revoke all capability rights. We just want to keep the pidfile open. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
fe5c7163 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229485: Only allow to overwrite lease file. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
f73ac8b9 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229484: Limit routing socket so only poll(2) and read(2) are allowed (CAP_POLL_EVENT and CAP_READ). This prevents unprivileged process from adding, removing or modifying system routes. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
de2c882f |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229483: Limit communication pipe with privileged process to CAP_READ and CAP_WRITE. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
235eb530 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229481: Currently it was allowed to send any UDP packets from unprivileged process and possibly any packets because /dev/bpf was open for writing. Move sending packets to privileged process. Unprivileged process has no longer access to not connected UDP socket and has only access to /dev/bpf in read-only mode. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
e374cef5 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229480: Shutdown write direction of the routing socket. We only need to read from it. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
0bbe8306 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229477: The gethostname(3) function won't work in capability mode, because reading kern.hostname sysctl is not permitted there. Cache hostname early and use cached value later. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
c786bc90 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Remove redundant white-spaces.
|
#
e8da5003 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229473: No caller checks send_packet() return value, so make it void. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
ba019ae5 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229472: Use the same type for 'from' and 'to' argument in send_packet(). Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
592291c1 |
|
03-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
MFp4 @229470: Remove unused argument from send_packet(). Reviewed by: brooks Sponsored by: The FreeBSD Foundation
|
#
d32438c3 |
|
02-Jul-2013 |
Bruce M Simpson <bms@FreeBSD.org> |
When acquiring a lease, record the value of the BOOTP siaddr field contained in the DHCP offer, and write it out to the lease file as an unquoted value of the "next-server" keyword. The value is ignored when the lease is read back by dhclient, however other applications are free to parse it. The intent behind this change is to allow easier interoperability with automated installation systems e.g. Cobbler, Foreman, Razor; FreeBSD installation kernels can automatically probe the network to discover deployment servers. There are no plans to MFC this change unless a backport is specifically requested. The syntax of the "next-server <ip>" lease keyword is intended to be identical to that used by the ISC DHCPD server in its configuration files. The required defines are already present in dhclient but were unused before this change. (Note: This is NOT the same as Option 66, tftp-server-name). It has been exercised in a university protocol testbed environment, with Cobbler and an mfsBSD image containing pc-sysinstall (driven by Cobbler Cheetah templates). The SYSLINUX memdisk driver is used to boot mfsBSD. Currently this approach requires that a dedicated system profile has been created for the node where FreeBSD is to be deployed. If this is not present, the pc-sysinstall wrapper will be unable to obtain a node configuration. There is code in progress to allow mfsBSD images to obtain the required hints from the memdisk environment by parsing the MBFT ACPI chunk. This is non-standard as it is not linked into the platform's ACPI RSDT. Reviewed by: des
|
#
0a26f858 |
|
22-Aug-2012 |
John Baldwin <jhb@FreeBSD.org> |
Revert r239356 and use an alternate algorithm. First, don't exit when the link goes down on an interface. Instead, teach dhclient to track changes in link state and to enter the reboot state when the link on an interface goes up causing dhclient to attempt to renew its existing lease. Second, remove the change I added to clear the old lease when dhclient exits due to an error (such as ifconfig down). If an interface is using autoconfiguration it should keep its autoconfiguration as much as possible. If the next time it needs a configuration it is able to reuse the previous autoconfiguration, then leaving the settings intact allows existing connections to survive temporary outages, etc. PR: bin/166656 MFC after: 1 month
|
#
83f745b8 |
|
17-Aug-2012 |
John Baldwin <jhb@FreeBSD.org> |
Fix dhclient to properly exit and teardown the configured lease when link is lost. devd will start a new dhclient instance when link is restored. PR: bin/166656 Submitted by: Peter Jeremy (mostly) Reviewed by: brooks (earlier version from Peter) MFC after: 1 month
|
#
409139f0 |
|
04-Dec-2011 |
Jean-Sébastien Pédron <dumbbell@FreeBSD.org> |
Support domain-search in dhclient(8) The "domain-search" option (option 119) allows a DHCP server to publish a list of implicit domain suffixes used during name lookup. This option is described in RFC 3397. For instance, if the domain-search option says: ".example.org .example.com" and one wants to resolve "foobar", the resolver will try: 1. "foobar.example.org" 2. "foobar.example.com" The file /etc/resolv.conf is updated with a "search" directive if the DHCP server provides "domain-search". A regression test suite is included in this patch under tools/regression/sbin/dhclient. PR: bin/151940 Sponsored by Yakaz (http://www.yakaz.com)
|
#
23f39c90 |
|
13-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make dhclient use a pid file. Modify the rc script accordingly; while there, clean it up and add some error checks. Glanced at by: brooks@ MFC after: 3 weeks
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
6964abef |
|
07-Jul-2010 |
Brian Somers <brian@FreeBSD.org> |
When dhclient obtains a lease, it runs dhclient-script and expects it to configure the interface. When the script is complete, dhclient monitors the routing socket and will terminate if its address is deleted or if its interface is removed or brought down. Because the routing socket is already open when dhclient-script is run, dhclient ignores address deletions for 10 seconds after the script was run. If the address that will be obtained is already configured on the interface before dhclient starts, and if dhclient-script takes more than 10 seconds (perhaps due to dhclient-*-hooks latencies), on script completion, dhclient will immediately and silently exit when it sees the RTM_DELADDR routing message resulting from the script reassigning the address to the interface. This change logs dhclient's reason for exiting and also changes the 10 second timeout to be effective from completion of dhclient-script rather than from when it was started. We now ignore RTM_DELADDR and RTM_NEWADDR messages when the message contains no interface address (which should not happen) rather than exiting. Not reviewed by: brooks (timeout) MFC after: 3 weeks
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
043bcc8d |
|
08-Jun-2009 |
Brian Somers <brian@FreeBSD.org> |
Fix an off by one error when we limit append/prepend text sizes based on our internal buffer sizes. When we 'append', assume we're appending to text. Some MS dhcp servers will give us a string with the length including the trailing NUL. when we 'append domain-name', we get something like "search x.y\000 z" in resolv.conf :( MFC after: 1 week Security: A buffer overflow (by one NUL byte) was possible.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
38e755fd |
|
17-Oct-2008 |
Brooks Davis <brooks@FreeBSD.org> |
Support the remaining options listed in dhcp-options(5) and RFC 2132. PR: bin/127076 Submitted by: jkim MFC after: 1 week
|
#
70892546 |
|
30-Jun-2008 |
Ed Schouten <ed@FreeBSD.org> |
Run the privileged dhclient process in its own session. In the MPSAFE TTY branch, I noticed PTY's to be leaked, because dhclient's privileged process was run inside the session of, say, the login shell. Make sure we call setsid() here. Approved by: philip (mentor), brooks
|
#
61063e47 |
|
22-Mar-2008 |
Sam Leffler <sam@FreeBSD.org> |
Defer state change on disassociate to avoid unnecessarily dropping the lease: track the current bssid and if it changes (as reported in an assoc/reassoc) event only then kick the state machine. This gives us immediate response when roaming but otherwise causes us to fallback on the normal state machine. Reviewed by: brooks, jhb MFC after: 3 weeks
|
#
043f1935 |
|
22-Mar-2008 |
Sam Leffler <sam@FreeBSD.org> |
correct syslog mask so LOG_DEBUG msgs are not lost MFC after: 2 weeks
|
#
2fcc7370 |
|
09-Feb-2007 |
Ed Maste <emaste@FreeBSD.org> |
Implement RFC3442, the Classless Static Route option. The original DHCP specification includes a route option but it supports only class-based routes. RFC3442 adds support for specifying the netmask width for each static route. A variable length encoding is used to minimize the size of this option. PR: bin/99534 Submitted by: Andrey V. Elsukov <bu7cher@yandex.ru> Reviewed by: brooks
|
#
a0b5cadc |
|
29-Jan-2007 |
Brooks Davis <brooks@FreeBSD.org> |
Actually implement rev 1.12 for host names and NIS domain names. We were removing the invalid option, but still rejecting the lease. Reported by: Yoshihiko Sarumaru <mistral at imasy dot or dot jp>
|
#
3dd3357a |
|
21-Aug-2006 |
Brian Somers <brian@FreeBSD.org> |
Revert the addition of -p. It's flawed in that dhclient should not run on an interface without carrier. devd should be used instead to handle link up/down events. Put on the right path by: brooks, sam
|
#
43cb852d |
|
17-Aug-2006 |
Brian Somers <brian@FreeBSD.org> |
Correct usage()
|
#
9341e8dd |
|
17-Aug-2006 |
Brian Somers <brian@FreeBSD.org> |
Add a -p switch to dhclient. The switch tells dhclient to persist despite the interface link status. Add dhclient_flags_iface and background_dhclient_iface rc.conf options. (where iface is a specific interface). These can be used to give interface specific flags to dhclient. Reviewed by: brooks@
|
#
473c2d12 |
|
03-Jul-2006 |
Jung-uk Kim <jkim@FreeBSD.org> |
Send client identifier unconditionally. My ancient D-Link router response with NACK if I don't set it. Setting 'option dhcp-client-identifier' is alternative but it is inconvenient because I have to keep the list of all MAC addresses. As bin/94743 pointed out, it is always sent from Windows clients and I found Mac OS X does the same. OK'd by: brooks
|
#
64948285 |
|
23-May-2006 |
Warner Losh <imp@FreeBSD.org> |
Remove 'n' from the getopt string. There's no -n option that is parsed, so it winds up at usage anyway. Add 'b' to the usage summary. Noticed by Ben Mesander.
|
#
fcab8add |
|
07-May-2006 |
Brooks Davis <brooks@FreeBSD.org> |
Be more like Windows and Linux and send our hostname in the host-name option if none is given in the config file. Also add #ifdefd out support for sending a client ID based on our MAC address. PR: bin/94743, bin/76401 Submitted by: Frank Behrens <frank at pinky dot sax dot de> X-MFC after: 6.1-RELEASE
|
#
dfad96ea |
|
09-Jan-2006 |
Brooks Davis <brooks@FreeBSD.org> |
Allow users to add aliases to the interface. PR: bin/87465 (different solution used) MFC after: 1 week
|
#
82dbbc41 |
|
09-Dec-2005 |
Brooks Davis <brooks@FreeBSD.org> |
When we get a bogus hostname in an option, drop the option rather than refusing the lease. This allow obtaining leases on misadministered networks that use host names with underscores in them. MFC After: 3 days
|
#
40767e22 |
|
02-Sep-2005 |
Brooks Davis <brooks@FreeBSD.org> |
When we supersed the subnet-mask, write the forced value to the lease file. This is what the ISC client does. Submitted by: Rostislav Krasny <rosti dot bsd at gmail dot com>
|
#
f954ec0b |
|
30-Aug-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Introduce a new helper function check_search() derived for res_hnok to check the domain-name parameter according to the rules for "search" strings as documented in resolv.conf(5). Specifically, the string must be no more than 256 bytes long and contain no more than six valid domain names separated by white space. The previous unchecked values could result in a mangled resolv.conf file which could effectively deny access to local sites. This is not a security issue as rogue dhcp servers could already do this without sending invalid strings. Reviewed by: cperciva MFC After: 3 days
|
#
8794fdbb |
|
23-Aug-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Add __FBSDID to all .c files in dhclient to aid in determining file versions when dealing with user problems.
|
#
acccb9aa |
|
27-Jul-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Don't reject packets with server names containing characters that are not allowed in domain names. RFC 2132 does not list valid or invalid characters and the ISC client accepts anything here. Reported by: ps
|
#
b35f2511 |
|
24-Jul-2005 |
Sam Leffler <sam@FreeBSD.org> |
treat REASSOC events just like ASSOC MFC after: 3 days
|
#
a36c0b6b |
|
29-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Don't complain when we receive smtp, pop, nntp, www, finger, and irc server options. Reported by: Max Boyarov <max_b at tut dot by> Approved by: re (dhclient blanket)
|
#
b388f1cb |
|
29-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
People like to do RFC violating things with the domain-name option and include a space seperated list of domains instead of the domain of the host. This is supported on too many platforms to break for now so, remove validation of this option for the moment. The correct solution longer term is to implement RFC 3397 support and then treat domain-name options containing space seperated lists of domains as domain-search options for backwards compatability. Approved by: re (dhclient blanket)
|
#
59eac186 |
|
13-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Avoid a null pointer dereference by not expiring our lease if we don't have an active one. Submitted by: sam Reported by: James Snow <snow at teardrop dot org> Approved by: re (dhclient blanket)
|
#
9c13d9cd |
|
07-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Fix build on 64-bit platforms where time_t is 64 bit. Since where talking about time related to leases, it should be OK to cast these to (int)s rather than using intmax_t. Submitted by: ru Pointy hat: brooks
|
#
2b19b6fc |
|
06-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Define _PATH_VAREMPTY. Add a -b option to background immediatly. Add support for 802.11 routing messages to "instantly" renegotiate at lease when we associate with a new network. Submitted by: sam
|
#
47c08596 |
|
06-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Import the OpenBSD dhclient as shipped with OpenBSD-3.7 (the tag OPENBSD_3_7).
|