Shawn Routhier [Wed, 28 Nov 2012 21:48:01 +0000 (13:48 -0800)]
-n [v4_1_esv]
Tidy up dhclient.8 file:
make use of man sections consistent for dhclient.conf, dhclient-script
and dhclient.lease
make port port-number and VAR=val VAR=value
correct desciptionof to description of
[ISC-Bugs #17368]
Shawn Routhier [Sat, 17 Nov 2012 00:00:09 +0000 (16:00 -0800)]
[v4_1_esv]
Add support for a simple check that the server id in a request message
to a failover peer matches the server id of the server. This support
is enabled by editing the file includes/site.h and uncommenting the
definition for SERVER_ID_CHECK. The option has several restrictions
and issues - please read the comment in the site.h file before
enabling it.
[ISC-Bugs #31463]
Shawn Routhier [Tue, 13 Nov 2012 21:08:41 +0000 (13:08 -0800)]
[v4_1_esv]
The client now passes information about the options it requested
from the server to the script code via environment variables.
These variables are of the form requested_<option_name>=1 with
the option name being the same as used in the new_* and old_*
variables. [ISC-Bugs #29068]
Shawn Routhier [Thu, 11 Oct 2012 21:45:42 +0000 (14:45 -0700)]
[v4_1_esv]
[ISC-Bugs #26108]
Add a compile time option, enable-secs-byteorder, to deal with
clients that do the byte ordering on the secs field incorrectly.
This field should be in network byte order but some clients
get it wrong. When this option is enabled the server will examine
the secs field and if it looks wrong (high byte non zero and low
byte zero) swap the bytes. The default is disabled. This option
is only useful when doing load balancing within failover.
Shawn Routhier [Tue, 9 Oct 2012 21:22:53 +0000 (14:22 -0700)]
[v4_1_esv]
[rt30320]
When processing a failover request with an unexpected name
create an option block the relationship_name instead of using
the one from the incoming message. This avoids problems when
the option is freed.
Also add code to free the relationship_name from the incoming
mesasage when we free the message.
Shawn Routhier [Fri, 17 Aug 2012 20:57:37 +0000 (13:57 -0700)]
[rt30281]
Modify the renew_lease6() code to properly handle a lease time
that is reduced rather than extended.
Fix the ATF tests for mdb6 and add a new test to check the
above condition.
Shawn Routhier [Tue, 14 Aug 2012 00:53:26 +0000 (17:53 -0700)]
[rt29771]
[rt29770]
[rt29846]
Tidy up man pages, mostly convert a period followed by 1
or 3 spaces to a period followed by 2 spaces. This also
covers tickets 29770 and 29846
Shawn Routhier [Wed, 27 Jun 2012 21:21:27 +0000 (21:21 +0000)]
Previously the server code was relaxed to allow packets with zero
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851]
CVE: CVE-2012-3571
Shawn Routhier [Wed, 6 Jun 2012 22:51:13 +0000 (22:51 +0000)]
Fix some issues in the code for parsing and printing options.
[ISC-Bugs #22625] - properly print options that have several fields
followed by an array of something for example "fIa"
[ISC-Bugs #27289] - properly parse options in declarations that have
several fields followed by an array of something for example "fIa"
[ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
value in evaluate_numeric_expression (extract-int).
[ISC-Bugs #27314] - properly parse a zero length option from
a lease file. Thanks to Marius Tomaschewski from SUSE for the report
and prototype patch for this ticket as well as ticket 27289.
Fix up some issues found by static analysis
A potential memory leak and NULL dereference in omapi.
The use of a boolean test instead of a bitwise test in dst.
[ISC-Bugs #28941]
Fix the NA and PD allocation code to handle the case where a client
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvai respone.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2, to enable the previous style see the
seciton on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
may be removed in the future.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #22676]
Remove unnecessary checks in the lease query code and clean up
several compiler issues (some dereferences of NULL and treating
an int as a boolean).
[ISC-Bugs #26203]
Multiple items to clean up IPv6 address processing.
When processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else) before
handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs.
[ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
[ISC-Bugs #27684]
Remove outdated note in the bootp keyword about the option not satisfying
the requirement of failover peers for denying dynamic bootp clients.
[ISC-bugs #28574]
Shawn Routhier [Tue, 20 Mar 2012 00:31:11 +0000 (00:31 +0000)]
Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
and dhcpv6_packet in several more places. Thanks to a report from
Bruno Verstuyft and Vincent Demaertelaere of Excentis.
[ISC-Bugs #27941]
Shawn Routhier [Thu, 16 Feb 2012 22:07:31 +0000 (22:07 +0000)]
Add a compile time check for the presence of the noreturn attribute
and use it for log_fatal if it's available. This will help code
checking programs to eliminate false positives.
[ISC-Bugs 27539]
Shawn Routhier [Thu, 16 Feb 2012 21:02:03 +0000 (21:02 +0000)]
Add support for Infiniband over sockets to the server and
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code. [ISC-Bugs #24245]
Shawn Routhier [Thu, 5 Jan 2012 00:02:20 +0000 (00:02 +0000)]
Fixed the code that checks if an address the server is planning
to hand out is in a reserved range. This would appear as
the server being out of addresses in pools with particular ranges.
[ISC-Bugs #26498]
projects / thirdparty / dhcp.git / log
