From: David Hankins Date: Mon, 21 Jan 2008 19:05:20 +0000 (+0000) Subject: - When a failover server suspects it has encountered a peer running a X-Git-Tag: v4_1_0a1~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ffdf3c8cb93d22604961558f9857df41d8485143;p=thirdparty%2Fdhcp.git - When a failover server suspects it has encountered a peer running a version 3.0.x failover server, a warning that the failover wire protocol is incompatible is printed. [ISC-Bugs #17129] - The failover server no longer issues a floating point error if it encounters a previously undefined option code. [ISC-Bugs #17129] --- diff --git a/RELNOTES b/RELNOTES index 3133d4b6f..25d5d1c4e 100644 --- a/RELNOTES +++ b/RELNOTES @@ -132,6 +132,13 @@ suggested fixes to . allows the client to work in 'captive' network environments, where the operator does not want clients to crosstalk directly. +- When a failover server suspects it has encountered a peer running a + version 3.0.x failover server, a warning that the failover wire protocol + is incompatible is printed. + +- The failover server no longer issues a floating point error if it encounters + a previously undefined option code. + Changes since 4.0.0b3 - The reverse dns name for PTR updates on IPv6 addresses has been fixed to diff --git a/server/failover.c b/server/failover.c index b96cc855b..a9345d162 100644 --- a/server/failover.c +++ b/server/failover.c @@ -645,7 +645,8 @@ static isc_result_t do_a_failover_option (c, link) } /* If it's an unknown code, skip over it. */ - if (option_code > FTO_MAX) { + if ((option_code > FTO_MAX) || + (ft_options[option_code].type == FT_UNDEF)) { #if defined (DEBUG_FAILOVER_MESSAGES) log_debug (" option code %d (%s) len %d (not recognized)", option_code, @@ -788,6 +789,35 @@ static isc_result_t do_a_failover_option (c, link) if (op_size == 1 || ft_options [option_code].type == FT_IPADDR) { omapi_connection_copyout ((unsigned char *)op, c, option_len); link -> imsg_count += option_len; + + /* + * As of 3.1.0, many option codes were changed to conform to + * draft revision 12 (which alphabetized, then renumbered all + * the option codes without preserving the version option code + * nor bumping its value). As it turns out, the message codes + * for CONNECT and CONNECTACK turn out the same, so it tries + * its darndest to connect, and falls short (when TLS_REQUEST + * comes up size 2 rather than size 1 as draft revision 12 also + * mandates). + * + * The VENDOR_CLASS code in 3.0.x was 11, which is now the HBA + * code. Both work out to be arbitrarily long text-or-byte + * strings, so they pass parsing. + * + * Note that it is possible (or intentional), if highly + * improbable, for the HBA bit array to exactly match + * isc-V3.0.x. Warning here is not an issue; if it really is + * 3.0.x, there will be a protocol error later on. If it isn't + * actually 3.0.x, then I guess the lucky user will have to + * live with a weird warning. + */ + if ((option_code == 11) && (option_len > 9) && + (strncmp((const char *)op, "isc-V3.0.", 9) == 0)) { + log_error("WARNING: failover as of versions 3.1.0 and " + "on are not reverse compatible with " + "versions 3.0.x."); + } + goto out; }