Up to [local] / src / sbin / dhcpleased
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.34 / (download) - annotate - [select for diffs], Mon Jun 3 17:58:33 2024 UTC (5 days, 9 hours ago) by deraadt
Branch: MAIN
CVS Tags: HEAD
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
more sleepy florian knf issues
Revision 1.33 / (download) - annotate - [select for diffs], Fri Jan 26 21:14:08 2024 UTC (4 months, 1 week ago) by jan
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)
Put checksum flags in bpf_hdr to use them in userland dhcpleased. Thus, dhcpleased accept non-calculated checksums which were verified by hardware/hypervisor. With tweaks from dlg@ ok bluhm@ mkay tobhe@
Revision 1.32 / (download) - annotate - [select for diffs], Thu Dec 14 09:58:37 2023 UTC (5 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.31: +6 -6 lines
Diff to previous 1.31 (colored)
Use imsg_get_fd() to access the fd passed with the imsg. Go ahead florian@ OK tb@
Revision 1.31 / (download) - annotate - [select for diffs], Sat Nov 25 12:00:39 2023 UTC (6 months, 2 weeks ago) by florian
Branch: MAIN
Changes since 1.30: +16 -3 lines
Diff to previous 1.30 (colored)
First stab at IPv6-only preferred from RFC8925. This lets dhcpleased(8) request "IPv6-only preferred". If the server replies with this option dhcpleased stops and does not request a lease and deconfigures IPv4 on the interface. For now this is pretty much useless unless one dynamically configures pf(4) to act as a CLAT. gelatod(8) from ports can help with this. However, this helps me while hacking on a kernel based stateless CLAT by moving dhcpleased out of the way while having an IPv6-mostly network configured to compare behaviour with macOS. Input jmc OK phessler Input & OK sthen
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jul 14 15:23:09 2022 UTC (22 months, 3 weeks ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.29: +15 -5 lines
Diff to previous 1.29 (colored)
When the autoconf flag flaps around we might end up with multiple bpf FDs in flight. Things then get confusing. The kernel tells us we can read from the bpf FD but the data is actually "on the other FD", so read(2) returns 0. Found the hard way by, and patiently debugged with weerd@ One way to trigger this is booting a vmm VM where dhcpleased(8)'s init_ifaces() loses a race against netstart(8). init_ifaces() would already see the autoconf flag and request a bpf FD. But then it would receive a RTM_IFINFO message without the autoconf flag set from when the interface came up. Then it will see another RTM_IFINFO message with the autoconf flag set and request yet another bpf FD. If the first bpf FD had not arrived yet we ended up with two in the frontend process. While here make sure a bpf FD has been received for an iface before trying to close(2) it. tweak & OK dv
Revision 1.29 / (download) - annotate - [select for diffs], Tue Apr 26 14:50:04 2022 UTC (2 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.28: +3 -2 lines
Diff to previous 1.28 (colored)
Do not send a hostname option when we don't have a hostname. The minimum length of a hostname is 1 according to RFC 2132. Found the hard way by Ibrahim Khalifa (ibo AT trukonsult.se) with DHCP Relay on a Cisco ASA in the installer where we don't have a hostname yet. Ibrahim also provided a diff which I simplified a bit. OK tb
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jan 4 06:20:37 2022 UTC (2 years, 5 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.27: +40 -8 lines
Diff to previous 1.27 (colored)
Make host name DHCP option configurable. Diff from hagen@sdf.org, tweaks by me. OK phessler testing & OK bket
Revision 1.27 / (download) - annotate - [select for diffs], Mon Dec 13 11:03:23 2021 UTC (2 years, 5 months ago) by florian
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
Treat xid as a uint32_t in network byte order on the wire. Internally this doesn't matter since we only care about equality. This makes logging output comparable to tcpdump(8). Pointed out by joel@ OK claudio
Revision 1.26 / (download) - annotate - [select for diffs], Mon Dec 13 11:02:26 2021 UTC (2 years, 5 months ago) by florian
Branch: MAIN
Changes since 1.25: +8 -8 lines
Diff to previous 1.25 (colored)
Replace struct member assignment with struct assignment to make the code more compact. No binary change. OK claudio
Revision 1.25 / (download) - annotate - [select for diffs], Thu Dec 9 16:20:12 2021 UTC (2 years, 5 months ago) by florian
Branch: MAIN
Changes since 1.24: +59 -57 lines
Diff to previous 1.24 (colored)
Rework in which state to add and not add the server-ip and requested-ip option as well as setting ciaddr. This started with joel@ pointing out that their CPE is ignoring RENEWING and REBINDING requests when ciaddr was not set. RFC 2131 4.3.6, Table 4 has a good overview, we got a bunch of it wrong. Previously the logic for this was all over the place which made it difficult to reason about, it is now contained in the engine process in request_dhcp_request() and request_dhcp_discover(). Problem pointed out by, lots of testing and review as well as OK joel@ Additional testing and 50% review benno@
Revision 1.24 / (download) - annotate - [select for diffs], Sat Nov 20 17:54:40 2021 UTC (2 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.23: +5 -1 lines
Diff to previous 1.23 (colored)
Send default client identifier when a config file is present but no client identifier is configured like the man page claims we would do. Problem found and patch by Joel Knight (knight.joel AT gmail), thanks!
Revision 1.23 / (download) - annotate - [select for diffs], Wed Oct 20 07:04:49 2021 UTC (2 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.22: +5 -4 lines
Diff to previous 1.22 (colored)
Do not ignore carp(4) interfaces. Problem reported by Guy Godfroy on bugs, thanks!
Revision 1.22 / (download) - annotate - [select for diffs], Tue Sep 14 07:51:51 2021 UTC (2 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.21: +11 -7 lines
Diff to previous 1.21 (colored)
When the dhcp server is unreachable via unicast UDP retry broadcast. The only indication we get is sendto(2) failing, so if our UDP packet is silently dropped somewhere we won't notice. This has been observed in the wild with a dhcp server at the remote end of a VPN. The dhcp server is reachable via broadcast so we get an initial lease. However the server is not in the same subnet as the lease we are getting so to reach it unicast we depend on a default route being set. When the VPN goes down we lose the default route [*] and when dhcpleased then tries to renew the lease (unicast), sendto(2) fails with "network unreachable". [*] The exact mechanics on how this happens are unclear. I.e. why didn't dhcpleased(8) see a link-state change and transitioned to REBOOTING / INIT? Regardless, we shouldn't ignore sendto(2) errors. Reported by stsp, OK benno
Revision 1.21 / (download) - annotate - [select for diffs], Tue Aug 24 14:54:02 2021 UTC (2 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.20: +14 -3 lines
Diff to previous 1.20 (colored)
When an interface disappears, e.g. when a usb dongle gets unplugged, we get a RTM_IFANNOUNCE message not a RTM_IFINFO message. Handle this message to not accumulate "unknown" interfaces. OK benno
Revision 1.20 / (download) - annotate - [select for diffs], Mon Aug 23 18:22:56 2021 UTC (2 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
Say which read failed, helps debugging.
Revision 1.19 / (download) - annotate - [select for diffs], Mon Aug 23 18:21:48 2021 UTC (2 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.18: +3 -1 lines
Diff to previous 1.18 (colored)
We don't have a config file on the ramdisks; prevents a warning.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Aug 12 12:41:08 2021 UTC (2 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.17: +8 -3 lines
Diff to previous 1.17 (colored)
Make it possible to ignore routes or nameservers from a lease as well as ignoring servers entirely. Tested by bket Parser looks reasonable to benno man page OK jmc
Revision 1.17 / (download) - annotate - [select for diffs], Sat Aug 7 07:07:44 2021 UTC (2 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.16: +78 -2 lines
Diff to previous 1.16 (colored)
Go to REBOOTING state when interface config changed on reload. This tries to reaquire the current lease and if that failes will send a DHCPDISCOVER message to request any lease. OK benno
Revision 1.16 / (download) - annotate - [select for diffs], Sun Aug 1 09:07:03 2021 UTC (2 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.15: +6 -3 lines
Diff to previous 1.15 (colored)
Do not abuse the IMSG_CTL_SEND_REQUEST imsg to transition to REBOOTING. There will be a few more cases internal to dhcpleased that have nothing to do with the control socket. While here move requesting a new lease via a call to dhclient under ifndef SMALL, nothing on the ramdisk uses this.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jul 27 18:17:37 2021 UTC (2 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.14: +11 -1 lines
Diff to previous 1.14 (colored)
Please muscle memory when dhclient $if is run and request a new lease. An upcoming diff for dhclient(8) will make it exit when it discovers an autoconf flag at startup. "Quite a pleasing diff." deraadt@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jul 26 09:26:36 2021 UTC (2 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.13: +139 -25 lines
Diff to previous 1.13 (colored)
Implement possibility to send vendor class identifier (option 60) and client identifier (option 61). Some dhcp servers expect these options and refuse to hand out a lease without them. Need for vendor class identifier pointed out & tested by bket Need for client identifier pointed out by sthen Input & reads OK sthen (as part of a larger diff) OK kn (as part of a larger diff)
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:18 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jun 16 14:08:38 2021 UTC (2 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
Actually request classless static routes from the dhcp server; missed in previous.
Revision 1.11 / (download) - annotate - [select for diffs], Sat May 1 11:51:59 2021 UTC (3 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.10: +6 -3 lines
Diff to previous 1.10 (colored)
Allow running in single user mode where /var/empty doesn't exist by switching from chroot("/var/empty") to unveil("/", ""). This is just an extra pair of suspenders since these processes pledge(2) to not access the filesystem. OK deraadt
Revision 1.10 / (download) - annotate - [select for diffs], Wed Apr 14 23:35:24 2021 UTC (3 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.9: +5 -5 lines
Diff to previous 1.9 (colored)
my fingers cannot avoid KNF'ing as I review code
Revision 1.9 / (download) - annotate - [select for diffs], Thu Apr 8 17:29:17 2021 UTC (3 years, 2 months ago) by kn
Branch: MAIN
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
Do not request unused "classless-static-routes" dhcp-options(5) Doing so implies support for it, but dhcpleased(8) currently ingores it entirely and does not configure any route from it. As per RFC 3442 servers SHOULD NOT respond with a "routers" option when "classless-static-routes" is set. dhcpd(8)/dhcpd.conf(5) follows that, hence requesting but not using static routes results in not installing any routes at all. Stop signaling support for this option and only request "routers" such that dhcpleased continues to install a default route and properly ignores the unsupported option if used by the server. Report from Uwe Werler <uwe @ werler dot is> about a default route not being set when requesting the "classless-static-routes" dhcp-options(5) from dhcpd(8), thanks! OK florian
Revision 1.8 / (download) - annotate - [select for diffs], Mon Mar 22 16:28:25 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.7: +10 -2 lines
Diff to previous 1.7 (colored)
BOOTP has a minimum packet length of 300 bytes. Since DHCP is interoperable with BOOTP we should also send packets that have a minimum size of 300. I haven't seen a DHCP server that actually enforces this except the one in vmd(8), but it doesn't cost us much and prevents hair pulling later on when we find one in the wild. OK deraadt
Revision 1.7 / (download) - annotate - [select for diffs], Fri Mar 19 07:43:27 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.6: +16 -44 lines
Diff to previous 1.6 (colored)
RTM_IFINFO is providing the mac address now, no need to go through getifaddrs on every route message. This also allows us to drop the route pledge since we only need to fetch the interface state with getifaddrs on startup.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Mar 17 15:24:04 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.5: +152 -76 lines
Diff to previous 1.5 (colored)
Split off init_ifaces from update_iface. init_ifaces discovers the state of the machine on startup using ioctl(2) and getifaddrs(3). We can then update this state with information provided by route messages. We still need getifaddrs(3) to check if the layer 2 address has changed. This simplifies error handling (what should we do if ioctl(2) fails?), reduces kernel round trips (no need to ask the kernel again for information RTM_IFINFO provided already) and prevents a theoretical race between RTM_IFINFO and getaddrinfo(3). In a fast link state UP -> DOWN -> UP transition RTM_IFINFO informs us that the link went down but we were not using this information but rather looked at getifaddrs(3) information which might see the link as already up again. We would then do nothing while we should try to get a new lease. By storing all interface information in the frontend process we can skip imsgs to the engine process if we get an RTM_IFINFO without relevant changes for us.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Mar 16 17:39:15 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.4: +1 -8 lines
Diff to previous 1.4 (colored)
We can't learn anything interesting from RTM_NEWADDR, stop handling it.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 14 16:05:50 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.3: +33 -49 lines
Diff to previous 1.3 (colored)
Since we are doing getifaddrs() anyway we can get the rdomain out of AF_LINK and skip one ioctl. OK benno
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 7 18:39:11 2021 UTC (3 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.2: +16 -13 lines
Diff to previous 1.2 (colored)
Reduce debug logging by moving protocol level debug log behind -vv or by deleting unneeded output. While here reword some debug output to make it more useful. (There is more to be done here.)
Revision 1.2 / (download) - annotate - [select for diffs], Tue Mar 2 17:39:26 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.1: +3 -4 lines
Diff to previous 1.1 (colored)
Must include netinet/in.h before netinet/ip.h or bad things happen.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Feb 26 16:16:37 2021 UTC (3 years, 3 months ago) by florian
Branch: MAIN
Import dhcpleased(8) - a dhcp daemon to acquire IPv4 address leases from servers. dhcpleased(8) follows the well known three process design of all our privsep daemons. It uses pledge(2) and unveil(2) to restrict access further. In particular the "engine" process, responsible for parsing of untrusted data, is pledge'd "stdio". It cannot access the outside world nor the filesystem at all. Like slaacd(8) for IPv6 it will be always running and acquire addresses for all interface with the autoconf4 flag set. The flag can be set by "ifconfig $if inet autoconf" or by adding "inet autoconf" to /etc/hostname.if. An existing "dhcp" line should be removed. Various iterations tested by deraadt@ The hardest part, finding a name, was handled by jmatthew@ & otto@ "get to it :)" deraadt@