[v4_1_esv] dhclient can now enforce require options statement in -6 mode

    Merges in rt41473.

diff --git a/RELNOTES b/RELNOTES
index c48874637112ebc137f5bb4be15896b0cd306078..7c38dc3fc0ce5d83414cc30dd7a3a5f03c182569 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -109,6 +109,14 @@ by Eric Young (eay@cryptsoft.com).
   BlueCat Networks for bringing the matter to our attention.
   [ISC-Bugs #43592]
 
+- When running in -6 mode, dhclient can enforce the require option statement
+  and will discard offered leases that do not contain all the required
+  options specified in the client configuration.  If not enabled the client
+  will still consider such leases.  This must be enabled at compile time
+  (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h).  Thanks to
+  Mritunjaykumar Dubey at Nokia for reporting the issue.
+  [ISC-Bugs #41473]
+
                        Changes since 4.1-ESV-R14b1
 - None
 

diff --git a/client/dhc6.c b/client/dhc6.c
index 90a6b3af58ddbaab31e8fc7aac20b3dba2a7a157..cc4453dda7d66c14836dc5f449dfe2842110b931 100644 (file)
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -141,6 +141,8 @@ static isc_result_t dhc6_check_status(isc_result_t rval,
                                      struct option_state *options,
                                      const char *scope,
                                      unsigned *code);
+static int dhc6_score_lease(struct client_state *client,
+                           struct dhc6_lease *lease);
 
 extern int onetry;
 extern int stateless;
@@ -3193,6 +3195,15 @@ init_handler(struct packet *packet, struct client_state *client)
                return;
        }
 
+       int lease_score =  dhc6_score_lease(client, lease);
+#ifdef ENFORCE_DHCPV6_CLIENT_REQUIRE
+       if (lease_score == 0) {
+               log_debug("RCV:Advertised lease scored 0, toss it.");
+               dhc6_lease_destroy(&lease, MDL);
+               return;
+       }
+#endif
+
        insert_lease(&client->advertised_leases, lease);
 
        /* According to RFC3315 section 17.1.2, the client MUST wait for
@@ -3206,8 +3217,7 @@ init_handler(struct packet *packet, struct client_state *client)
         * should not if the advertise contains less than one IA and address.
         */
        if ((client->txcount > 1) ||
-           ((lease->pref == 255) &&
-            (dhc6_score_lease(client, lease) > SCORE_MIN))) {
+           ((lease->pref == 255) && (lease_score > SCORE_MIN))) {
                log_debug("RCV:  Advertisement immediately selected.");
                cancel_timeout(do_init6, client);
                start_selecting6(client);

diff --git a/client/dhclient.conf.5 b/client/dhclient.conf.5
index 14739861f54cd4c0a75de5d11aeef43076d80c3f..21e782aef0ef0602120d4bf6df167c33f7cc7f11 100644 (file)
--- a/client/dhclient.conf.5
+++ b/client/dhclient.conf.5
@@ -266,6 +266,11 @@ options will be ignored.  There is no default require list.
                also require domain-search;
        }
 .fi
+
+NOTE: For ISC DHCP release 4.1-ESV-R14 and earlier, dhclient running in -6
+mode does not discard offers as described above. This has been corrected as of
+release 4.1-ESV-R15 but must be enabled at compile time (see
+ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h).
 .PP
 .I The
 .B send

diff --git a/includes/site.h b/includes/site.h
index 803f2399700acc851c16d05b24d4e41173e2a663..39212c60d2007b2b4c55cc391e590a492853643b 100644 (file)
--- a/includes/site.h
+++ b/includes/site.h
@@ -306,3 +306,10 @@
    limit the number of TCP connections that the server will
    allow at one time.  A value of 0 means there is no limit.*/
 #define MAX_FD_VALUE 200
+
+/* Enable enforcement of the require option statement as documented
+ * in man page.  Instructs the dhclient, when in -6 mode, to discard
+ * offered leases that do not contain all options specified as required
+ * in the client's configuration file. The client already enforces this
+ * in -4 mode. */
+/*#define ENFORCE_DHCPV6_CLIENT_REQUIRE*/