When sending UDP packets:
* compute the checksum in the correct order. This only has an impact
if the length of the payload is odd.
* don't send packet with a checksum of zero, use 0xffff instead as
required.
When receiving UDP packets:
* don't do any computations when the checksum is zero.
* compute the checksum in the correct order. This only has an impact
if the length of the payload is odd.
* when computing the checksum, store the pseudo header checksum
* if the checksum is computed as zero, use 0xffff instead.
* also accept packets, when the checksum in the packet is the pseudo
header checksum.
The last point fixes a problem when the DHCP client runs in a VM,
the DHCP server runs on the host serving the VM and the network
interface supports transmit checksum offloading. Since dhclient
doesn't use UDP sockets but bpf devices to read the packets, the
checksum will be incorrect and only contain the checksum of the
pseudo header.
PR: 263229
Reviewed by: markj, Timo Völker
Tested by: danilo
Differential Revision: https://reviews.freebsd.org/D52394
(cherry picked from commit 187ee62c71f2be62870f26ae98de865e330121be)
Until July 2024, dhclient kept track of time as seconds-since-epoch as
a time_t. This was a problem because (a) we wanted sub-second timeouts
and (b) timeouts didn't always do the right thing if the system clock
changed.
Switching to using CLOCK_MONOTONIC and struct timespec fixed those
issues but introduced a new problem: CLOCK_MONOTONIC values were being
intepreted as seconds-since-epoch and written to the dhclient.leases
file, causing confusion with DHCP leases expiring in early 1970.
Attempt to compromise between these by keeping track of both times;
any type within dhclient which is a time_t now refers to seconds past
the epoch, while any struct timespec value is a CLOCK_MONOTONIC time.
PR: 283256
Reviewed by: dch
Fixes: f0a38976b0 ("dhclient: Use clock_gettime() instead of time()")
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49720
(cherry picked from commit 43d19e6a4c)
Ignore DHCP options 124 and 125 to shut up the warning messages.
These options are defined in the RFC 3925.
PR: 281361
Reviewed by: jrm (mentor), otis (mentor), thj
Tested by: jlduran@gmail.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46760
(cherry picked from commit 38c63b5283)
Document new n flag for disabling ARP resolution within dhclient.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 84fce4b67a)
Make arp_timeout available to dhclient.c, set the default timeout to 250
ms, and provide a new command-line argument, 'n' for setting the timeout
to 0.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit b51569ad3c)
Change the use of time() to clock_gettime() to have millisecond-accurate
rather than second-accurate timeouts.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit f0a38976b0)
Use the new add_timeout_timespec() API to handle timeouts for
state_selecting within dhclient.c. No functional change intended.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 76e0ffd9f8)
Introduce a new function, add_timeout_timespec(), to use timespec
structs to handle timeouts. Make add_timeout() into a wrapper for the
latter function to retain compatibility with the rest of the codebase.
No functional change intended.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 16a235f23c)
Ignore SIP servers dhcp option to shut up the warning message.
This option is defined in the RFC 3361 and sent from NSD-G1000T router.
PR: 280119
Reviewed by: jrm (mentor), brooks
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D45873
(cherry picked from commit ac6dc5cde7)
Only i386 still uses a 32-bit time_t. I knew this, and I still failed
to compile-test on i386. My bad.
Reported by: cy
Fixes: c210cac00f ("dhclient: fix time parsing for leases...")
Sponsored by: Dell EMC Isilon
Convert lease parsing to timegm to calculate timestamp. For reference, when
writing the lease, we use gmtime to convert the timestamp to struct tm.
Reviewed By: markj, vangyzen
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D40760
A machine might exist on multiple networks, all of which offer, say, default
routes or name servers. There's no easy way to indicate in the config
that those options are only valid for a single interface.
Now, we can write:
interface "lan0" {
request routers;
require routers;
}
interface "lan1" {
ignore routers;
}
And only take action on default routes offered on lan0.
Tested by: Jose Luis Duran <jlduran at gmail dot com>
MFC after: 2 months
Reviewed by: allanjude, imp
Sponsored by: Zenith Electronics LLC
Sponsored by: Klara, Inc.
Pull Request: #693
Else out-of-bound reads and undefined behaviour may happen.
The current code only checked for the presence of the first of four bytes.
Make sure the fields in question have the minium size required.
No functional change intended.
Reviewed by: rrs@
MFC after: 1 week
Sponsored by: NVIDIA Networking
It doesn't really make sense to have it in runtime and let's not
bloat utilities more.
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D36222
On certain cloud platforms (Google Cloud, Packet.net and others) the
DHCP server offers a /32 address. This makes adding the default route
fail since it is not reachable via any interface. Linux's
dhclient-script seem to usually have a special case for that and
explicitly adds an interface route to the router's address.
FreeBSD's dhclient-script already has a special case for when the router
address is the same as the leased address. Now also add one for when
it's a different address that doesn't fall in the interface's subnet.
PR: 241792
Event: Aberdeen hackathon 2022
Submitted by: sigsys@gmail.com
Reviewed by: dch, kp, bz (+1 on the idea, not reviewed), thj
MFC after: 1 week
If isc-dhcp44-server is not installed (as is the case the project's CI
servers) we don't create ngctl.shutdown, causing the 'rm' to fail.
That in turn causes the cleanup function to return non-zero, which
causes kyua to consider the test failed.
Use 'rm -f' instead, so we don't error even if the file doesn't exist.
Sponsored by: Rubicon Communications, LLC ("Netgate")
This tests both both normal (untagged), and pcp tagged (VLAN 0)
networks which are now common for fiber ISPs.
Reviewed by: markj, kp
Differential Revision: https://reviews.freebsd.org/D35178
VLAN ID 0 is supposed to be interpreted as having no VLAN with a bit of
priority on the side, but the kernel is not able to decapsulate this on
the fly so dhclient needs to take care of it.
Reviewed by: markj
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D31515
When invalid statement is found the next statement is skipped even if it
is valid.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31527
This allows the use of VLAN PCP in dhclient, which is required for
certain ISPs (such as Orange.fr).
Reviewed by: bcr (man page)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31263
A logic bug in remove_protocol() meant that it would remove (leak) all
structures in the list preceding the one intended for removal.
PR: 245971
Submitted by: joost@jodocus.org (original version)
MFC after: 1 week
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
The previous revision missed the exact same error in a copy paste block
of the same code in another function. Fix the identical case, too.
A DHCP client identifier is simply the hardware type (one byte)
concatenated with the hardware address (some variable number of bytes,
but at most 16). Limit the size of the temporary buffer to match and
the rest of the calculations shake out correctly.
PR: 238022
Reported by: Young <yangx92 AT hotmail.com>
Submitted by: Young <yangx92 AT hotmail.com>
MFC after: I don't plan to but you should feel free
Security: yes
Otherwise they are leaked, allowing an attacker to trigger memory
exhaustion.
This is options.c rev. 1.70 from OpenBSD.
admbugs: 552
Obtained from: OpenBSD
MFC after: 3 days
A mixture of IP or UDP packets with valid and invalid checksum could
cause {ip,udp}_packets_bad_checksum to wrap around to 0, resulting
in a division by zero.
This is packet.c rev. 1.27 from OpenBSD.
admbugs: 552
Obtained from: OpenBSD
MFC after: 3 days
MTU if we've set it once and there were no changes on the DHCP server
side since the last refresh. This is consistent I believe with how dhclient
handles other settings like IP address, mask etc.
Approved by: cem, eugen
Differential Revision: https://reviews.freebsd.org/D18546
r343896 made it such that a non-zero exit status was passed through, but was
still wrong if the script exits on a signal. POSIX does not say what the
WEXITSTATUS macro returns in this case and in practice 0 is a common value.
Instead, translate the wait status into 8 bits the same way as the shell
calculates $?.
Reviewed by: kib, Nash Kaminski
MFC after: 1 week
This is also OpenBSD rev. 1.117, as pointed out by
Ryan Moeller <ryan@ixsystems.com>.
Submitted by: Nash Kaminski <nashkaminski@gmail.com>
MFC after: 1 week
This is being done a separate step to ease importing into other VCSes.
Approved by: re (gjb), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17160
dhclient and ping normally use libcasper services. These are not
available in statically-linked binaries, so when WITHOUT_DYNAMICROOT is
set disable libcasper use, as with rescue builds. Also emit a warning
as it's undesirable to build this way.
Reported by: Michael Dexter
Reviewed by: rgrimes
Tested by: Michael Dexter
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17074
This is needed to be able to chroot in the fallback case where
Capsicum is not available.
Reported by: Daniel Braniss <danny@cs.huji.ac.il>
X-MFC with: r337382
Sponsored by: The FreeBSD Foundation
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access. With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases. To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.
PR: 223327
Reviewed by: cem, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16584
This check eliminates infinite loop of MTU change / link flap / lease verification / MTU change / link flap etc.
in case of some NIC drivers like em(4) or igb(4).
N.B.: obsolete u_int16_t is used in consistency with the rest of the file.
PR: 229432
Approved by: mav (mentor)
MFC after: 1 week
