Roy Marples [Thu, 31 Oct 2024 10:40:46 +0000 (10:40 +0000)]
logerr: use LOG_NDELAY for openlog
This ensures openlog gets a fd so logging of errors can occur
within privsep where no log was written before entering privsep.
Also ensures that closelog does not close -1 on some platforms
where no logging took place.
Ken Simon [Tue, 29 Oct 2024 23:11:54 +0000 (19:11 -0400)]
IPv6: Avoid uninitialized ifp state when adding address (#395)
In certain instances, `ifp->if_data[IF_DATA_IPV6]` was not yet
initialized when ipv6_addaddr adds the address to the state, and a
segfault would ensue. Mitigate this by ensuring the state is initialized
when adding the addresses.
Jon Franklin [Tue, 29 Oct 2024 07:53:51 +0000 (02:53 -0500)]
DHCP6: lastlease behavior after Confirm non-response (#387)
If lastlease is enabled, and dhcpcd is unable to confirm its prior
lease, after timeout, bind the lease and move to the REBIND state.
Confine lastlease behavior to the CONFIRM and REBIND states.
Co-authored-by: Jon Franklin <jon_franklin@dell.com>
Roy Marples [Mon, 14 Oct 2024 09:48:23 +0000 (10:48 +0100)]
IPv6: allow any global address for default route
Regardless if we are a router or not.
BSD IPv6 source address selection does really matter for this.
This fixes FreeBSD systes where the forwarding sysctl is set
by the routing script which starts late in the day where
dhcpcd is already running and won't get the default route applied
until another RA comes in which could be a while.
Roy Marples [Thu, 10 Oct 2024 13:19:46 +0000 (14:19 +0100)]
linux: Support old kernels by not including linux/if.h
I wish the linux team used #defines rather than enums, but heh ho.
Ensure we can test IFF_LOWER_UP, IFF_DORMANT and IFA_FLAGS
based on nearest matching #defines available when the respective
feature was comitted.
Diego Santa cruz [Thu, 10 Oct 2024 10:45:34 +0000 (12:45 +0200)]
dhcpcd: stdout output sometimes empty when redirected to a file (#364)
Running dhpcd --dumplease with input from stdin and redirecting stdout
to a file outputs nothing to the output. The reason is that printf /
fprintf is used to write the output but it is not explicitly flushed
when done, or before exiting, and stdout to files is fully buffered by
default while stdout to terminals is line buffered by default.
This adds calls to fflush() at the end of dhcp_print_option_encoding()
and script_dump(), plus one just before exiting dhcpcd.
Signed-off-by: Diego Santa Cruz <diego.santacruz@spinetix.com>
dhcp6: start request when advertise received after IRT (#376)
After the initial solicit timeout, any received advertisements trigger
a request. However, after the timeout, any advertisements will
never result in a request, and the client sends solicits forever.
This patch adds sends a request in response to an advertise if the
initial timeout has expired.
Roy Marples [Fri, 4 Oct 2024 15:36:01 +0000 (15:36 +0000)]
dhcpcd: remove advertisement of addresses
Address advertisemnt was used to allow IP address sharing to work.
It also required the DHCP server to allow the same IP for many
hosts, which modern DHCP servers deny you from doing.
Lastly, there are niggles with the implementation that are
impossible to fully fix due to how the various protocols work,
especially ARP.
All platforms dhcpcd supports allow better ways of doing this,
such as bonding (Linux), trunk(4) (OpenBSD), lagg(4) (Other BSDs).
ARP advertisements will only be made when addresses are added
OR defended against for kernels without RFC 5227 support.
Roy Marples [Wed, 11 Sep 2024 09:28:58 +0000 (10:28 +0100)]
IPv6: Only advertise addresses when needed
Remember when we have advertised an address.
If we want to advertise it again, check this first.
If we still want to advertise it, clear this flag for all other
matching addresses.
Clear advertised flags from all addresses on carrier up.
This reduces needless NA spam from dhcpcd when the IPv6 Router
is needlessly chatty with RA.
Roy Marples [Tue, 3 Sep 2024 08:37:47 +0000 (09:37 +0100)]
privsep: Capsicum needs root to access ipv6 forwarding sysctl
Optimise the flow so that if we do have a global address on the
source interface we avoid the sysctl via the privileged process.
Generally the only time we don't is when we de-configure an
interface or we are configuring an interface where there is
no autoconf prefix from the RA and the only globals come
from a DHCPv6 Prefix Delegation to other interfaces which
requires us to be a router.
Roy Marples [Wed, 28 Aug 2024 18:04:53 +0000 (19:04 +0100)]
IPv6: Add the added address to state
We used to rely on route(4) adding it to state based on RTM_NEWADDR
but the message could get lost if the socket overflows.
Work around this by always adding the address to the state.
Roy Marples [Mon, 29 Jul 2024 15:17:08 +0000 (16:17 +0100)]
DHCP: No longer set interface mtu (#346)
We've been enforcing an interface MTU that is slightly larger
than the minimum for some time.
Instead, log an error than the MTU is smaller than the minimum
to send a BOOTP message.
The DHCP MTU is only used when adding routes as setting the
interface MTU can cause a PHY reset which is bad.
DHCP: Handle option 108 correctly when receiving 0.0.0.0 OFFER (#342)
* DHCP: Handle option 108 correctly when receiving 0.0.0.0 OFFER
According to RFC8925 section 3.3.1, when the server supports both option
108 (IPv6-Only Preferred) and option 116 (Auto-Configure), and the
client only sends IPv6-Only Preferred option, then the server SHOULD
return 0.0.0.0 as the offered address, and not setting the
Auto-Configure option.
However, in our current client code, the IPv6-Only Preferred option in a
0.0.0.0 OFFER is only handled correctly when the Auto-Configure option
is present. This patch fixes this issue.
Leo Ruan [Thu, 25 Jul 2024 08:37:11 +0000 (16:37 +0800)]
IPv4LL: Restart ARP probling on address conflict (#340)
* IPv4LL: Restart ARP probling on address conflict
When IPv4LL address conflict is detected, it is failed to restart IPv4LL
since IPv4LL is running. The commit fixes the problem by restarting ARP
probing instead of restarting IPv4LL.
Roy Marples [Fri, 14 Jun 2024 16:29:35 +0000 (17:29 +0100)]
DHCP6: Don't remove state in DISCOVER
As we might still have config that failed to CONFIRM/REBIND.
Try and remove timers more sensibly rather than blaket statements
so that expire timeout still works.
Roy Marples [Tue, 9 Jul 2024 12:39:07 +0000 (13:39 +0100)]
DHCP6: Persist configuration on confirm/rebind failure
only expire the lease once the last address has expired.
This is more in accordance with RFC8415 18.2.
Note, we still require an initial confirm/rebind on link state
change to ensure the configuration for link is valid.
Extending the lastlease in DHCP6 has been removed.
Roy Marples [Thu, 27 Jun 2024 05:27:22 +0000 (06:27 +0100)]
linux: allow roaming without IFF_DORMANT
IFF_DORMANT is apparently only set by supplicants.
For roaming without supplicants, we need to check that IFF_UP and
IFF_LOWER_UP are set, but IFF_RUNNING is not.
Thanks to Boris Krasnovskiy for the patch.
Fixes #335.
While here, remove our define if IFF_LOWER_UP as we can now include
linux/if.h
Roy Marples [Wed, 26 Jun 2024 08:36:35 +0000 (09:36 +0100)]
DHCP6: Don't remove delegated prefix addresses on start or fail
In the event where an interface is first delegated and then
started, we don't want the reading of a lease file to remove the
delegated prefixes or addresses.
Neither do we want any DHCP6 failure to remove the delegated
addresses.
As such, we also can't test the actual DHCP6 state when building
routes. Instead, just change the test for a delegated prefix
or not so we can still prefer non delegated routes.
While here, fix reject routes being restored for privsep.
Roy Marples [Tue, 25 Jun 2024 10:40:14 +0000 (11:40 +0100)]
DHCP6: Don't remove delegated prefix addresses on start
In the event where an interface is first delegated and then
started, we don't want the reading of a lease file to remove the
delegated prefixes or addresses.
As such, we also can't test the actual DHCP6 state when building
routes. Instead, just change the test for a delegated prefix
or not so we can still prefer non delegated routes.
Roy Marples [Fri, 21 Jun 2024 11:58:38 +0000 (12:58 +0100)]
IPv6: DUPLICATED could be announced by RTM_DELADDR
This at least is true on Linux when addresses are not permanent.
As such, update address flags on all paths and run DAD hooks
even for address deletions.
This helps to give reason to the messages that pid 0 has deleted
your newly added address.
Brett Holman [Sat, 20 Jan 2024 01:43:26 +0000 (18:43 -0700)]
Force dumplease to parse stdin
Checking if data exists in the stdin buffer via an ioctl is
unreliable. Allow a user to pass '-' to force stdin parsing.
This provides a fix that will allow "no interfaces" to still
mean "dump all interfaces".
Roy Marples [Fri, 24 May 2024 10:30:29 +0000 (10:30 +0000)]
DHCP: use request_time, fallback_time and ipv4ll_time
Rather than reboot time.
This allows reboot time of zero to skip the using old leases
while still allowing REQUESTs to gracefully fallback to DISCOVER.
request_time has a default of 180 seconds to mirror the DHCPv6
equivalent.
fallback_time and ipv4_ll time have a default of 5 seconds
to mirror the default reboot time.
Benjamin Drung [Tue, 7 May 2024 09:20:04 +0000 (11:20 +0200)]
hooks/30-hostname: Exit with 0 if setting hostname is not needed
If the hostname is already set before dhcpcd is started, `need_hostname`
will hit the "No old hostname" case and will call `false` to return 1.
`set_hostname` will return with the same return value. Then
`30-hostname` will exit with the same exit value:
```
dhcpcd-10.0.6 starting
dev: loaded udev
DUID 00:03:00:01:3c:97:0e:e9:32:3c
enp0s25: IAID 0e:e9:32:3c
enp0s25: soliciting a DHCP lease
enp0s25: offered 192.168.3.61 from 192.168.1.7
enp0s25: ignoring offer of 192.168.3.61 from 192.168.1.8
enp0s25: probing address 192.168.3.61/20
enp0s25: leased 192.168.3.61 for 3600 seconds
enp0s25: adding route to 192.168.0.0/20
enp0s25: adding default route via 192.168.1.1
script_status: /usr/lib/dhcpcd/dhcpcd-run-hooks: WEXITSTATUS 1
exiting due to oneshot
dhcpcd exited
```
Return with value 0 in case setting the hostname is not needed.
Bug-Ubuntu: https://launchpad.net/bugs/2064926 Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Roy Marples [Sat, 4 May 2024 22:33:11 +0000 (23:33 +0100)]
DHCPv6: Don't re-INFORM if the RA changes
RFC 8415 21.23
If the Reply to an Information-request message does not contain this
option, the client MUST behave as if the option with the value
IRT_DEFAULT was provided.
So we should not be influenced by only the RA changing the pl/vl
times of it's addresses.
Roy Marples [Sat, 4 May 2024 11:33:24 +0000 (12:33 +0100)]
privsep: Reduce fd use
On start close all FD's above stderr.
Close some fd's we don't need in processes spawned from priv.
Ensure we init some FD's to -1 to ensure we don't close stdin.
If DEBUG_FD is defined, we log FD's opened by pid.
Audit process FD usage and document it so I don't forget it.
Taoyu Li [Tue, 12 Mar 2024 02:38:28 +0000 (11:38 +0900)]
Respect IPV6_PREFERRED_ONLY flag on DHS_NONE state
Current IPv6_PREFERRED_ONLY (option 108) handling code is only effective
when current state is DHS_DISCOVER and DHS_REBOOT. However, when we
receive multiple ACKs upon our REQUEST, the first ACK will trigger the
use_v6only code path and dhcp_drop() us into DHS_NONE state, as a result
the option 108 on the second ACK won't be handled correctly and we'll
bind to the lease instead.
This patch fixes the issue by adding DHS_NONE as a state to respect
option 108 as well.
Roy Marples [Tue, 2 Apr 2024 08:55:18 +0000 (09:55 +0100)]
compat: stub out _rs_forkhandler for compat/arc4random.c
We need to keep the fd open at fork, but we retained the code to
handle a fork.
The original update to chacha avoided this by guarding the call
but left the code alive which produced an unused function warning
on the GitHub Ubuntu runner.
This update fixes that.
Daniel Goertzen [Sat, 9 Mar 2024 01:27:57 +0000 (19:27 -0600)]
add RFC4191 support (#297)
* add RFC4191 support
- handles route information options from RAs.
- refactor `sa_fromprefix()` to expose lower level functionality
- refactor `ipv6nd_rtprefix()` to be usable outside of `struct ra` context
* changes as requested by RM
- mostly minor/cosmetic changes
- functional change: "no longer a default router" warning moved to capture changes from routeinfo options
Lloyd Parkes [Sun, 25 Feb 2024 12:21:12 +0000 (01:21 +1300)]
Define the Azure Endpoint and other site-specific options (#299)
Added the azureendpoint site-specific option as an ipaddress
definition to make it easier for Azure VMs using dhcpcd to get their
WireServer endpoint address.
Added binhex definitions for all otherwise undefined site-specific
options so that site-specific hooks can use them.
Petr Menšík [Fri, 16 Feb 2024 16:15:35 +0000 (17:15 +0100)]
Move dhcp(v4) packet size check earlier (#295)
dhcp_handlebootp handled zero sized packets correctly, but
dhcp_redirect_dhcp did not have such protection. Move size check before
both of them. Size when called from dhcp_packet is checked by
is_packet_udp_bootp call. Only dhcp_recvmsg needs earlier checking to be
added.
Roy Marples [Sun, 24 Dec 2023 12:07:25 +0000 (12:07 +0000)]
DHCP: DECLINE address on ARP defend failure
Also, drop the lease.
This should get us a new address from the DHCP server when we
re-enter DISCOVER to avoid looping on the same address and fail
again.
dhcpcd: Add support for arp persist defence (#273)
RFC 5227 recommends 3 ways to deal with address conflict detection.
a) Stop everything.
b) Defend and then stop on fail - this is what dhcpcd currently does.
c) Notify and carry on.
The current change implements the option c. A new option arp_persistdefence
has been added and when this is enabled, the a defence is attempted upon a
conflict and when that fails, an error is logged on every other conflict
within the DEFEND_INTERVAL and the current IP address is retained.
Roy Marples [Mon, 18 Dec 2023 12:22:13 +0000 (12:22 +0000)]
DHCP6: For Prefix Delegation, the - interface means no assignment
- is an invalid interface name.
So we take this to mean don't assign the Delegated Prefix to
any interfaces.
The reject route for the Delegated Prefix is still installed.
Roy Marples [Mon, 18 Dec 2023 12:15:10 +0000 (12:15 +0000)]
DHCP6: Improve logging when changing IA type
Changing from PD to IA or IA to PD can result in a diagnostic
when there is no address to confirm AND we haven't loaded
a lease.
This improves the check and no more Success errors should
be reported.
projects / thirdparty / dhcpcd.git / log
