NEW FEATURES
+XXX: Note need for care of ATSFP values when upgrading from 3.0.4+ to
+3.1.x.
+
Version 3 of the ISC DHCP Distribution includes the following features
that are new since version 2.0:
thanks to all of these good people here, both for working on the code
and for prodding me into improving it.
+ Changes since 3.0.4
+
+- A warning that host statements declared within subnet or shared-network
+ scopes are actually global has been added.
+
+- The default minimum lease time (if min-lease-time was not specified)
+ was raised from 0 to 300. 0 is not thought to be sensible, and is
+ known to be damaging.
+
+- Added additional fatal error sanity checks surrounding lease binding
+ state count calculations (free/active counts used for failover pool
+ balancing).
+
+ Changes since 3.0.4rc1
+
+- The dhcp-options.5 manpage was updated to correct indentation errors
+ thanks to a patch from Jean Delvare.
+
+ Changes since 3.0.4b3
+
+- Some manual pages were clarified pursuant to discussion on the dhcp-server
+ mailing list.
Changes since 3.0 (New Features)
PAD options - it was suppressing only one trailng PAD option, rather
than the entire block of them.
-- Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
- option addition and stripping code. Added a few sanity checks.
-
-- Added some sanity checks to OMAPI connection/authentication code.
+! Fixed some unlikely overlapping-region memcpy() bugs in dhcrelay agent
+ option addition and stripping code. Added a few sanity checks. Although
+ highly improbable, due to requiring the reception of a DHCP datagram well
+ in excess of all known to be used physical MTU limitations, it is possible
+ this may have been used in a stack overflow security vulnerability. Thanks
+ to a patch from infamous42md.
+
+! Added some sanity checks to OMAPI connection/authentication code.
+ Although highly improbable, due to having to deliver in excess of 2^32
+ bytes of data via the OMAPI channel, not to mention requiring dhcpd to
+ be able to malloc() a memory region 2^32 bytes in size, it was possible
+ this might have resulted in a heap overflow security vulnerability.
+ Thanks to a patch from infamous42md.
- dmalloc() memset()'s the non-debug (data) portion of the allocated
memory to zero. Code that memset()'s the result returned by dmalloc() to
#ifndef lint
static char ocopyright[] =
-"$Id: dhclient.c,v 1.135 2006/03/27 09:45:47 shane Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
+"$Id: dhclient.c,v 1.136 2006/05/05 20:32:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
#endif /* not lint */
#include "dhcpd.h"
assert (state_is == state_shouldbe). */
#define ASSERT_STATE(state_is, state_shouldbe) {}
-static char copyright[] = "Copyright 2004-2005 Internet Systems Consortium.";
+static char copyright[] = "Copyright 2004-2006 Internet Systems Consortium.";
static char arr [] = "All rights reserved.";
static char message [] = "Internet Systems Consortium DHCP Client";
-static char url [] = "For info, please visit http://www.isc.org/products/DHCP";
+static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
u_int16_t local_port=0;
u_int16_t remote_port=0;
-.\" $Id: dhcp-eval.5,v 1.19 2005/03/17 20:14:57 dhankins Exp $
+.\" $Id: dhcp-eval.5,v 1.20 2006/05/05 20:32:30 dhankins Exp $
.\"
.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1996-2003 by Internet Software Consortium
concatenated. The right hand side is the fully qualified domain name
of the client to which the address is being leased.
.SH SEE ALSO
-dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-eval(5), dhcpd(8),
+dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-options(5), dhcpd(8),
dhclient(8), RFC2132, RFC2131.
.SH AUTHOR
The Internet Systems Consortium DHCP Distribution was written by Ted
-.\" $Id: dhcp-options.5,v 1.27 2006/04/26 15:13:11 dhankins Exp $
+.\" $Id: dhcp-options.5,v 1.28 2006/05/05 20:32:30 dhankins Exp $
.\"
-.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1996-2003 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
administratively guaranteed to be unique to a particular remote end of
a circuit.
.RE
+.PP
+.B option \fBagent.DOCSIS-device-class\fR \fIuint32\fR\fB;\fR
+.RS 0.25i
+.PP
+The DOCSIS-device-class suboption is intended to convey information about
+the host endpoint, hardware, and software, that either the host operating
+system or the DHCP server may not otherwise be aware of (but the relay is
+able to distinguish). This is implemented as a 32-bit field (4 octets),
+each bit representing a flag describing the host in one of these ways.
+So far, only bit zero (being the least significant bit) is defined in
+RFC3256. If this bit is set to one, the host is considered a CPE
+Controlled Cable Modem (CCCM). All other bits are reserved.
+.RE
.SH THE CLIENT FQDN SUBOPTIONS
The Client FQDN option, currently defined in the Internet Draft
draft-ietf-dhc-fqdn-option-00.txt is not a standard yet, but is in
#endif
#if !defined (DEFAULT_MIN_LEASE_TIME)
-# define DEFAULT_MIN_LEASE_TIME 0
+# define DEFAULT_MIN_LEASE_TIME 300
#endif
#if !defined (DEFAULT_MAX_LEASE_TIME)
#ifndef lint
static char ocopyright[] =
-"$Id: dhcrelay.c,v 1.56 2006/03/27 09:45:47 shane Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
+"$Id: dhcrelay.c,v 1.57 2006/05/05 20:32:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
#endif /* not lint */
#include "dhcpd.h"
u_int16_t local_port;
u_int16_t remote_port;
-static char copyright [] = "Copyright 2004-2005 Internet Systems Consortium.";
+static char copyright [] = "Copyright 2004-2006 Internet Systems Consortium.";
static char arr [] = "All rights reserved.";
static char message [] = "Internet Systems Consortium DHCP Relay Agent";
static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
#ifndef lint
static char copyright[] =
-"$Id: confpars.c,v 1.151 2006/04/27 17:26:42 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
+"$Id: confpars.c,v 1.152 2006/05/05 20:32:30 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
#endif /* not lint */
#include "dhcpd.h"
static TIME parsed_time;
+static unsigned char global_host_once = 1;
#if defined (TRACING)
trace_type_t *trace_readconf_type;
case HOST:
next_token (&val, (unsigned *)0, cfile);
- if (type != HOST_DECL && type != CLASS_DECL)
+ if (type != HOST_DECL && type != CLASS_DECL) {
+ if (global_host_once &&
+ (type == SUBNET_DECL || type == SHARED_NET_DECL)) {
+ global_host_once = 0;
+ log_error("WARNING: Host declarations are "
+ "global. They are not limited to "
+ "the scope you declared them in.");
+ }
+
parse_host_declaration (cfile, group);
- else {
+ } else {
parse_warn (cfile,
"host declarations not allowed here.");
skip_to_semi (cfile);
DHCP Server Daemon. */
/*
- * Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1996-2003 by Internet Software Consortium
*
* Permission to use, copy, modify, and distribute this software for any
#ifndef lint
static char ocopyright[] =
-"$Id: dhcpd.c,v 1.118 2006/03/27 09:45:47 shane Exp $ Copyright 2004-2005 Internet Systems Consortium.";
+"$Id: dhcpd.c,v 1.119 2006/05/05 20:32:30 dhankins Exp $ Copyright 2004-2006 Internet Systems Consortium.";
#endif
static char copyright[] =
-"Copyright 2004-2005 Internet Systems Consortium.";
+"Copyright 2004-2006 Internet Systems Consortium.";
static char arr [] = "All rights reserved.";
static char message [] = "Internet Systems Consortium DHCP Server";
static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
.\" see ``http://www.vix.com''. To learn more about Nominum, Inc., see
.\" ``http://www.nominum.com''.
.\"
-.\" $Id: dhcpd.conf.5,v 1.70 2006/02/24 23:16:31 dhankins Exp $
+.\" $Id: dhcpd.conf.5,v 1.71 2006/05/05 20:32:30 dhankins Exp $
.\"
.TH dhcpd.conf 5
.SH NAME
.RE
.PP
The
+.I remote-port
+statement
+.RS 0.25i
+.PP
+.B remote-port \fIport\fB;\fR
+.PP
+This statement causes the DHCP server to transmit DHCP responses to DHCP
+clients upon the UDP port specified in \fIport\fR, rather than on port 68.
+In the event that the UDP response is transmitted to a DHCP Relay, the
+server generally uses the \fBlocal-port\fR configuration value. Should the
+DHCP Relay happen to be addressed as 127.0.0.1, however, the DHCP Server
+transmits its response to the \fBremote-port\fR configuration value. This
+is generally only useful for testing purposes, and this configuratoin value
+should generally not be used.
+.RE
+.PP
+The
.I server-identifier
statement
.RS 0.25i
#ifndef lint
static char copyright[] =
-"$Id: mdb.c,v 1.76 2006/04/27 17:26:42 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
+"$Id: mdb.c,v 1.77 2006/05/05 20:32:31 dhankins Exp $ Copyright (c) 2004-2006 Internet Systems Consortium. All rights reserved.\n";
#endif /* not lint */
#include "dhcpd.h"
}
if (!lp) {
- log_error ("Lease with binding state %s not on its queue.",
- (comp -> binding_state < 1 ||
- comp -> binding_state > FTS_LAST)
- ? "unknown"
- : binding_state_names [comp -> binding_state - 1]);
- return 0;
+ log_fatal("Lease with binding state %s not on its queue.",
+ (comp->binding_state < 1 ||
+ comp->binding_state > FTS_LAST)
+ ? "unknown"
+ : binding_state_names[comp->binding_state - 1]);
}
-
+
if (prev) {
lease_dereference (&prev -> next, MDL);
if (comp -> next) {
for (l = *(lptr [i]); l; l = l -> next) {
p -> lease_count++;
if (l -> ends <= cur_time) {
- if (i == FREE_LEASES)
- p -> free_leases++;
- else if (i == BACKUP_LEASES)
- p -> backup_leases++;
+ if (l->binding_state == FTS_FREE) {
+ if (i == FREE_LEASES)
+ p->free_leases++;
+ else
+ log_fatal("Impossible case "
+ "at %s:%d.", MDL);
+ } else if (l->binding_state == FTS_BACKUP) {
+ if (i == BACKUP_LEASES)
+ p->backup_leases++;
+ else
+ log_fatal("Impossible case "
+ "at %s:%d.", MDL);
+ }
}
#if defined (FAILOVER_PROTOCOL)
if (p -> failover_peer &&
projects / thirdparty / dhcp.git / commitdiff
