Merges in rt46805.
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
+ Changes since 4.4.0b1 (New Features)
+
+- Duplicate address detection when binding to a new IPv6 address was added
+ to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos.
+ The scripts will check for DAD errors after binding to a new IPv6 address
+ for at most --dad-wait-time seconds. If a DAD error is detected the script
+ will exit with a value of 3, instructing dhclient to decline the address. If
+ dad-wait-time is zero (the default), DAD error checking is not peformed.
+ [ISC-Bugs 46805]
+
Changes since 4.4.0b1 (Bug Fixes)
- Added clarifying text to dhcpd.conf.5 explaining the class match expressions
exit $exit_status
}
+# This function was largely borrowed from dhclient-script that
+# ships with Centos, authored by Jiri Popelka and David Cantrell
+# of Redhat. Thanks guys.
+add_ipv6_addr_with_DAD() {
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} alias
+
+ if [ ${dad_wait_time} -le 0 ]
+ then
+ # if we're not waiting for DAD, assume we're good
+ return 0
+ fi
+
+ # Repeatedly test whether newly added address passed
+ # duplicate address detection (DAD)
+ for i in $(seq 1 ${dad_wait_time}); do
+ sleep 1 # give the DAD some time
+
+ addr=$(ifconfig ${interface} \
+ | grep "${new_ip6_address} prefixlen ${new_ip6_prefixlen}")
+
+ # tentative flag == DAD is still not complete
+ tentative=$(echo "${addr}" | grep tentative)
+ # dadfailed flag == address is already in use somewhere else
+ dadfailed=$(echo "${addr}" | grep duplicated)
+
+ if [ -n "${dadfailed}" ] ; then
+ # dad failed, remove the address
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} -alias
+ exit_with_hooks 3
+ fi
+
+ if [ -z "${tentative}" ] ; then
+ if [ -n "${addr}" ]; then
+ # DAD is over
+ return 0
+ else
+ # address was auto-removed (or not added at all)
+ exit_with_hooks 3
+ fi
+ fi
+ done
+
+ return 0
+}
+
# Invoke the local dhcp client enter hooks, if they exist.
if [ -f /etc/dhclient-enter-hooks ]; then
exit_status=0
exit_with_hooks 2;
fi
- ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} alias
+ # Add address to interface, check for DAD if dad_wait_time > 0
+ add_ipv6_addr_with_DAD
# Check for nameserver options.
make_resolv_conf
exit $exit_status
}
+# This function was largely borrowed from dhclient-script that
+# ships with Centos, authored by Jiri Popelka and David Cantrell
+# of Redhat. Thanks guys.
+add_ipv6_addr_with_DAD() {
+ ${ip} -6 addr replace ${new_ip6_address}/${new_ip6_prefixlen} \
+ dev ${interface} scope global valid_lft ${new_max_life} \
+ preferred_lft ${new_preferred_life}
+
+ if [ ${dad_wait_time} -le 0 ]
+ then
+ # if we're not waiting for DAD, assume we're good
+ return 0
+ fi
+
+ # Repeatedly test whether newly added address passed
+ # duplicate address detection (DAD)
+ for i in $(seq 1 ${dad_wait_time}); do
+ sleep 1 # give the DAD some time
+
+ addr=$(${ip} -6 addr show dev ${interface} \
+ | grep ${new_ip6_address}/${new_ip6_prefixlen})
+
+ # tentative flag == DAD is still not complete
+ tentative=$(echo "${addr}" | grep tentative)
+ # dadfailed flag == address is already in use somewhere else
+ dadfailed=$(echo "${addr}" | grep dadfailed)
+
+ if [ -n "${dadfailed}" ] ; then
+ # address was added with valid_lft/preferred_lft 'forever',
+ # remove it
+ ${ip} -6 addr del ${new_ip6_address}/${new_ip6_prefixlen} \
+ dev ${interface}
+
+ exit_with_hooks 3
+ fi
+
+ if [ -z "${tentative}" ] ; then
+ if [ -n "${addr}" ]; then
+ # DAD is over
+ return 0
+ else
+ # address was auto-removed (or not added at all)
+ exit_with_hooks 3
+ fi
+ fi
+ done
+
+ return 0
+}
# Invoke the local dhcp client enter hooks, if they exist.
run_hook /etc/dhclient-enter-hooks
BOUND6|RENEW6|REBIND6)
if [ "${new_ip6_address}" ] && [ "${new_ip6_prefixlen}" ]; then
# set leased IP
- ${ip} -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \
- dev ${interface} scope global
+ add_ipv6_addr_with_DAD
fi
# update /etc/resolv.conf
to_commit="done"
}
+# This function was largely borrowed from dhclient-script that
+# ships with Centos, authored by Jiri Popelka and David Cantrell
+# of Redhat. Thanks guys.
+add_ipv6_addr_with_DAD() {
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} alias
+
+ if [ ${dad_wait_time} -le 0 ]
+ then
+ # if we're not waiting for DAD, assume we're good
+ return 0
+ fi
+
+ # Repeatedly test whether newly added address passed
+ # duplicate address detection (DAD)
+ for i in $(seq 1 ${dad_wait_time}); do
+ sleep 1 # give the DAD some time
+
+ addr=$(ifconfig ${interface} \
+ | grep "${new_ip6_address} prefixlen ${new_ip6_prefixlen}")
+
+ # tentative flag == DAD is still not complete
+ tentative=$(echo "${addr}" | grep tentative)
+ # dadfailed flag == address is already in use somewhere else
+ dadfailed=$(echo "${addr}" | grep duplicated)
+
+ if [ -n "${dadfailed}" ] ; then
+ # dad failed, remove the address
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} -alias
+ exit_with_hooks 3
+ fi
+
+ if [ -z "${tentative}" ] ; then
+ if [ -n "${addr}" ]; then
+ # DAD is over
+ return 0
+ else
+ # address was auto-removed (or not added at all)
+ exit_with_hooks 3
+ fi
+ fi
+ done
+
+ return 0
+}
+
# Must be used on exit. Invokes the local dhcp client exit hooks, if any.
exit_with_hooks() {
exit_status=$1
exit_with_hooks 2;
fi
- ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} alias
+ # Add address to interface, check for DAD if dad_wait_time > 0
+ add_ipv6_addr_with_DAD
# Check for nameserver options.
make_resolv_conf
exit $exit_status
}
+# This function was largely borrowed from dhclient-script that
+# ships with Centos, authored by Jiri Popelka and David Cantrell
+# of Redhat. Thanks guys.
+add_ipv6_addr_with_DAD() {
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} alias
+
+ if [ ${dad_wait_time} -le 0 ]
+ then
+ # if we're not waiting for DAD, assume we're good
+ return 0
+ fi
+
+ # Repeatedly test whether newly added address passed
+ # duplicate address detection (DAD)
+ for i in $(seq 1 ${dad_wait_time}); do
+ sleep 1 # give the DAD some time
+
+ addr=$(ifconfig ${interface} \
+ | grep "${new_ip6_address} prefixlen ${new_ip6_prefixlen}")
+
+ # tentative flag == DAD is still not complete
+ tentative=$(echo "${addr}" | grep tentative)
+ # dadfailed flag == address is already in use somewhere else
+ dadfailed=$(echo "${addr}" | grep duplicated)
+
+ if [ -n "${dadfailed}" ] ; then
+ # dad failed, remove the address
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} -alias
+ exit_with_hooks 3
+ fi
+
+ if [ -z "${tentative}" ] ; then
+ if [ -n "${addr}" ]; then
+ # DAD is over
+ return 0
+ else
+ # address was auto-removed (or not added at all)
+ exit_with_hooks 3
+ fi
+ fi
+ done
+
+ return 0
+}
+
# Invoke the local dhcp client enter hooks, if they exist.
if [ -f /etc/dhclient-enter-hooks ]; then
exit_status=0
exit_with_hooks 2;
fi
- ifconfig ${interface} inet6 alias ${new_ip6_address}/${new_ip6_prefixlen}
+ # Add address to interface, check for DAD if dad_wait_time > 0
+ add_ipv6_addr_with_DAD
# Check for nameserver options.
make_resolv_conf
exit $exit_status
}
+# This function was largely borrowed from dhclient-script that
+# ships with Centos, authored by Jiri Popelka and David Cantrell
+# of Redhat. Thanks guys.
+add_ipv6_addr_with_DAD() {
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} alias
+
+ if [ ${dad_wait_time} -le 0 ]
+ then
+ # if we're not waiting for DAD, assume we're good
+ return 0
+ fi
+
+ # Repeatedly test whether newly added address passed
+ # duplicate address detection (DAD)
+ i=0
+ while [ $i -lt ${dad_wait_time} ]; do
+ sleep 1 # give the DAD some time
+
+ addr=$(ifconfig ${interface} \
+ | grep "${new_ip6_address} prefixlen ${new_ip6_prefixlen}")
+
+ # tentative flag == DAD is still not complete
+ tentative=$(echo "${addr}" | grep tentative)
+ # dadfailed flag == address is already in use somewhere else
+ dadfailed=$(echo "${addr}" | grep duplicated)
+
+ if [ -n "${dadfailed}" ] ; then
+ # dad failed, remove the address
+ ifconfig ${interface} inet6 ${new_ip6_address}/${new_ip6_prefixlen} -alias
+ exit_with_hooks 3
+ fi
+
+ if [ -z "${tentative}" ] ; then
+ if [ -n "${addr}" ]; then
+ # DAD is over
+ return 0
+ else
+ # address was auto-removed (or not added at all)
+ exit_with_hooks 3
+ fi
+ fi
+ true $(( i++ ))
+ done
+
+ return 0
+}
+
# Invoke the local dhcp client enter hooks, if they exist.
if [ -f /etc/dhclient-enter-hooks ]; then
exit_status=0
# We need to give the kernel some time to active interface
interface_up_wait_time=5
- for i in $(seq 0 ${interface_up_wait_time})
- do
+ i=0
+ while [ $i -lt ${interface_up_wait_time} ]; do
ifconfig ${interface} | grep inactive >/dev/null 2>&1
if [ $? -ne 0 ]; then
break;
fi
sleep 1
+ true $(( i++ ))
done
# Wait for duplicate address detection for this interface if the
if [ $? -eq 0 ]; then
# Wait for duplicate address detection to complete or for
# the timeout specified as --dad-wait-time.
- for i in $(seq 0 $dad_wait_time)
- do
+ i=0
+ while [ $i -lt ${dad_wait_time} ]; do
# We're going to poll for the tentative flag every second.
sleep 1
ifconfig ${interface} | grep inet6 | grep tentative \
if [ $? -ne 0 ]; then
break;
fi
+ true $(( i++ ))
done
fi
fi
exit_with_hooks 2;
fi
- ifconfig ${interface} inet6 alias ${new_ip6_address}/${new_ip6_prefixlen}
+ # Add address to interface, check for DAD if dad_wait_time > 0
+ add_ipv6_addr_with_DAD
# Check for nameserver options.
make_resolv_conf
projects / thirdparty / dhcp.git / commitdiff
