![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / dhcpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.24 / (download) - annotate - [select for diffs], Wed Feb 8 08:20:53 2023 UTC (15 months, 4 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
usr.sbin: missing void to appease clang 15's -Wstrict-prototype.
Revision 1.23 / (download) - annotate - [select for diffs], Sun Oct 24 21:24:18 2021 UTC (2 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:20 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.21 / (download) - annotate - [select for diffs], Thu Aug 8 06:59:44 2019 UTC (4 years, 10 months ago) by mestre
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.20: +8 -5 lines
Diff to previous 1.20 (colored)
One missing piece when I added pledge(2) to dhcpd(8) was in the code path when
it's invoked with either -A/-C/-L, which at the time I left alone due to some
forbidden ioctls by pledge(2).
Now we have unveil(2) and this path can be further restricted by using it
instead of chroot(2) since this "sandbox" (not sure why people call sandbox to
about everything these days) can be escaped with *at(2) calls.
Since no filesystem access is needed here then we can disable its access by
calling unveil("/", "") unveil(NULL, NULL).
added /* no filesystem visibility */ as per suggestion by and OK deraadt@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:47 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Dec 7 12:52:47 2018 UTC (5 years, 6 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.18: +7 -7 lines
Diff to previous 1.18 (colored)
I noticed the "pf table handler" process not going away on dhcpd restart, looked at the error handling here, and.... oh my. If opening /dev/pf on startup fails, don't just warn and move on, but bail. If chroot (or the chdir after) fail, don't just warn and move on, bail. If dropping privileges fails, the last thing we want to do is to just move on with root privs, having warned or not. If the pipe to the parent process is closed, that almost certainly means that the parent process went away, and it absolutely certainly means that the table handler process has no meaningful reason to exist any more, thus bail. ok florian ccardenas krw
Revision 1.18 / (download) - annotate - [select for diffs], Mon Feb 13 23:04:05 2017 UTC (7 years, 3 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.17: +7 -7 lines
Diff to previous 1.17 (colored)
Eliminate pointless'%m' (a.k.a. hand rolled strerror()) by using fatal() and log_warn(). Zap a couple of explicit 'syslog()' calls.
Revision 1.17 / (download) - annotate - [select for diffs], Mon Feb 13 21:53:53 2017 UTC (7 years, 3 months ago) by krw
Branch: MAIN
Changes since 1.16: +5 -5 lines
Diff to previous 1.16 (colored)
Do the strerror() elimination dance with log_warnx() -> log_warn(), fatalx() -> fatal() and even a couple of fprintf(stderr) -> log_warn().
Revision 1.16 / (download) - annotate - [select for diffs], Mon Feb 13 19:13:14 2017 UTC (7 years, 3 months ago) by krw
Branch: MAIN
Changes since 1.15: +12 -11 lines
Diff to previous 1.15 (colored)
Switch from old errwarn.c logging to shiny new log.[ch]. ok benno@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Nov 15 10:49:37 2016 UTC (7 years, 6 months ago) by mestre
Branch: MAIN
Changes since 1.14: +7 -7 lines
Diff to previous 1.14 (colored)
Replace bzero(3) with memset(3) "Looks good" to deraadt@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Feb 6 23:50:10 2016 UTC (8 years, 4 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.13: +4 -5 lines
Diff to previous 1.13 (colored)
Eliminate #include inside *.h files and include only needed headers in each *.c file. Inspired by mention of header silliness by Edgar Pettijohn and mmcc@ on tech@.
Revision 1.13 / (download) - annotate - [select for diffs], Thu Feb 5 09:42:52 2015 UTC (9 years, 4 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.12: +4 -1 lines
Diff to previous 1.12 (colored)
The pf table process should die if the pipe to the dhcpd process is closed. e.g. dhcpd has been killed. ok henning@
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 21 21:50:33 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
Include <netinet/in.h> before <net/pfvar.h>. In a future change when ports is ready, <net/pfvar.h> will stop including a pile of balony.
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:16 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +1 -2 lines
Diff to previous 1.10 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.10 / (download) - annotate - [select for diffs], Fri Oct 18 15:19:39 2013 UTC (10 years, 7 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.9: +6 -6 lines
Diff to previous 1.9 (colored)
Scattering a few bcopy()'s around source using mostly memcpy() is just asking for confusion. Replace bcopy()'s with memcpy()'s.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Dec 23 21:52:16 2007 UTC (16 years, 5 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
remove double word in comment;
Revision 1.8 / (download) - annotate - [select for diffs], Sat Oct 6 15:45:00 2007 UTC (16 years, 8 months ago) by ckuethe
Branch: MAIN
Changes since 1.7: +6 -16 lines
Diff to previous 1.7 (colored)
Allow the various pf table actions to operate independently. For example, "-L leased" wouldn't work without "-A abandoned". testing help from merdely "i like" deraadt
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 15 06:22:32 2007 UTC (17 years ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
use the correct fd for poll. we're waiting on the pipe, not pf ok ckuethe deraadt
Revision 1.6 / (download) - annotate - [select for diffs], Fri Oct 20 19:45:02 2006 UTC (17 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.5: +18 -18 lines
Diff to previous 1.5 (colored)
indent
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jun 14 14:58:52 2006 UTC (17 years, 11 months ago) by ckuethe
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.4: +45 -11 lines
Diff to previous 1.4 (colored)
This diff allows dhcpd to put active leases into a pf table. Dhcpd will then periodically - based on the length of the shortest lease time - walk across all leases searching for expired leases which are then removed from the pf table. ok henning
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 14 14:49:46 2006 UTC (17 years, 11 months ago) by ckuethe
Branch: MAIN
Changes since 1.3: +40 -1 lines
Diff to previous 1.3 (colored)
Move the transmission of privsep messages into its own function. Wherever we might have conditionally sent a message, we now just call the pfmsg() function, and let it figure out whether the message should be sent or not. ok henning
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 14 14:44:39 2006 UTC (17 years, 11 months ago) by ckuethe
Branch: MAIN
Changes since 1.2: +4 -1 lines
Diff to previous 1.2 (colored)
Avoid changing pf tables when table name is NULL ok henning
Revision 1.2 / (download) - annotate - [select for diffs], Wed May 31 14:40:14 2006 UTC (18 years ago) by ckuethe
Branch: MAIN
Changes since 1.1: +1 -0 lines
Diff to previous 1.1 (colored)
Missing $OpenBSD$ tag. Spotted by Masao Uebayashi. ok henning@
Revision 1.1 / (download) - annotate - [select for diffs], Wed May 31 02:43:15 2006 UTC (18 years ago) by ckuethe
Branch: MAIN
This diff makes dhcpd able to manipulate pf tables on certain lease events. dhcpd is now able to place abandoned addresses into a table (to offer some protection against machines camping on an address) and remove them from the table if they are properly leased. When dhcpd assigns an IP to a new hardware address, it can remove that address from a table. This is for use with the overload table in pf; newly arrived machines will not be punished for the actions of a machine that went away. beck@ and krw@ liked previous versions of this, henning@ final ok