Commit Graph

5428 Commits

Author SHA1 Message Date
Roy Marples
7d54256958 It turns out we can use these defines here. 2022-08-30 13:53:44 +01:00
Roy Marples
940b10f7c0 privsep: Open OS sockets for the privileged process at startup
Rather than opening / closing on demand.
This mirrors the behaviour of dhcpcd without privsep and ensures
that dhcpcd always has the resource available to do it's operations
to ensure the network stays up.

This also has the advantage of working around a recent FreeBSD-14
capsicum issue where opening a route socket in the privileged
process without capsicum fails with the same error as if it was
in capsicum.
2022-08-30 13:46:31 +01:00
Roy Marples
4f56572e8b Add guard to prior 2022-08-30 11:00:41 +01:00
Roy Marples
1a70f1b51c inet6: Support Tokenised IPv6 Identifiers
https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt
Didn't quite make it to a RFC, but it's easy to implement and seems
a nice to have.

Fixes #101.
2022-08-30 10:48:11 +01:00
Roy Marples
8f86349e49 DHCP6: T1, T2, vltime and pltime SHOULD be zero from client messages
See RFC 8415 21.4, 21.6, 21.21 and 21.22.
As such it's impossible to request a lease time as such and we
MUST use the vltimes and pltimes sent by the server.

This addresses the concern in #116 but does fix it as it's not a dhcpcd
problem.
2022-08-29 18:01:17 +01:00
Roy Marples
b1e4e779be DHCP6: we multicast, not broadcast
We have always multicast, just used the wrong terminology.
Addresses #122.
2022-08-26 11:22:05 +01:00
Roy Marples
38befd4e86 privsep: Allow newfstatat syscall as well
Allows newer glibc variants to work apparently.
As reported in #84 and #89.
2022-08-26 09:24:50 +01:00
Roy Marples
645c32dd1a privsep: Allow getrandom sysctl for newer glibc
Fixes #120
2022-08-26 09:08:36 +01:00
Roy Marples
e307ec2c58 OpenBSD: Fix compile with prior 2022-08-24 10:17:42 +01:00
Roy Marples
0094926d67 Clean some compile warnings with prior 2022-08-24 10:10:48 +01:00
Roy Marples
35b2b68dd5 capsicum: sysctl NET_RT_DUMP is a privileged operation 2022-08-24 10:04:19 +01:00
Roy Marples
8b11859ac4 BSD: Fix an error parsing the routing table
Also report any errors reading the routing table.
2022-08-23 13:57:17 +01:00
Roy Marples
c872b2d6e0 Respect DHCPv6 for prior 2022-08-09 17:56:44 +01:00
Roy Marples
6ab00c2de5 Amend prior so that NTP servers are removed if the option vanishes 2022-08-09 17:32:49 +01:00
Roy Marples
2f070c7d20 hooks: Support timesyncd
Fixes #106
2022-08-09 17:26:37 +01:00
Roy Marples
41b8ff0929 inet6: Support RFC 4862 5.5.3.e in regards to Valid Lifetime
1.  If the received Valid Lifetime is greater than 2 hours or
          greater than RemainingLifetime, set the valid lifetime of the
          corresponding address to the advertised Valid Lifetime.

      2.  If RemainingLifetime is less than or equal to 2 hours, ignore
          the Prefix Information option with regards to the valid
          lifetime.

      3.  Otherwise, reset the valid lifetime of the corresponding
          address to 2 hours.
2022-08-08 16:47:55 +01:00
Roy Marples
b4e06fdb6b options: Ensure that we correctly read auth tokens. 2022-07-29 08:00:09 +01:00
Roy Marples
60640a1ff5 dhcpcd-run-hooks.8: its and not it's for posessive.
Thanks to perkelix.
Fixes #110.
2022-07-29 07:22:59 +01:00
Adam Dinwoodie
55e3904961
Always skip hooks ending in ~ (#113)
dhcpcd-run-hooks is intended to skip hooks with filenames ending in `~`,
but the test only works if `$skip_hooks` is defined and not empty.
Refactor the test such that files ending in `~` are always skipped, as
appears to be the intent of this code.
2022-07-29 07:14:41 +01:00
Roy Marples
29f6c47b9e DHCP: Fill chaddr if hwlen really is 16 bytes
This isn't normally a problem as ethernet is 6 bytes in length.
Spotted by Steve Noonan.
2022-06-02 06:36:18 +01:00
Roy Marples
064767e361 Linux: Use netlink to workout address flags
There seems to be a race with netlink announcing the address vs
it's availability via /proc.
Fixes #76.
2022-04-20 17:51:53 +01:00
Wu Xiaotian
3fc025392d
add support for loongarch64 (#93) 2022-03-31 23:46:20 +01:00
Roy Marples
b09ed786b8 duid: Disable use of machine UUID by default.
Fixes #89.
2022-03-12 11:15:09 +00:00
Roy Marples
8b25cff6db hooks: Use command -v rather than type
command -v is now required by POSIX, type is technically an extension.
2022-02-24 12:53:02 +00:00
Roy Marples
5a4340c30c Bump dates for prior 2022-02-24 06:34:10 +00:00
Martin-Éric Racine
e774fb018e Fixes manual page typos found by Lintian 2022-02-24 06:28:21 +00:00
Roy Marples
50ca1766f5 dhcpcd.8: remove reference to 02-dump hook script
This hook script was removed a while ago.
Fixes #72.
2021-11-13 14:10:31 +00:00
Ben Woods
c932b296c7
Add epair(4) to the ignored interface types list (#73)
The FreeBSD epair(4) interface type can be thought of as a virtual patch cable.
The epair interfaces come in pairs, with network traffic being passed between the 2 pairs.
The basic intent is to provide connectivity between two virtual network stack instances.
This interface type does not typically require an IP address, as it is passing traffic
between other virtual networks/interfaces which obtain their own IP address.
Therefore, add this interface type to the list that will be ignored by dhcpcd.
2021-11-13 13:53:58 +00:00
Roy Marples
43de9416e6 privsep: Only set RLIMIT_NOFILES for supported platforms
Basically only for NetBSD, DragonFlyBSD, kqueue or epoll platforms.
All others will use poll(2) and return EINVAL if nfds > RLIMIT_NOFILES.

Trying to work out our nfs limit relies on already listening to
all FD's which may not be the case and was problematic.
Luckily all platforms aside from Solaris have new file creation
sandboxed away aside from accept(2) so this should still be safe.
2021-11-12 14:24:11 +00:00
Veronika Kremneva
4fa97ba4ae
src/privsep-linux.c: Add support of Synopsys ARC64 architecture (#66)
Signed-off-by: Veronika Kremneva <kremneva@synopsys.com>
2021-10-27 20:53:22 +01:00
Roy Marples
80dfabc522 privsep: and again on OpenBSD 2021-10-20 11:21:38 +01:00
Roy Marples
18e58b9767 privsep: Fix compile on Dragonfly BSD 2021-10-20 10:23:19 +01:00
Roy Marples
46879ef0c5 README.md: Remove non existant man page links.
They have not been online for sometime and are unlikely to return.
While here, correct the commit log location.

Fixes #39
2021-10-18 15:25:35 +01:00
Roy Marples
6e9535cc32 DHCP: Set INFORM state only when we are about to inform
As we may not find an address right away.
While here, tidy up and comment code about deriving the address
when none is specified for inform and static setups.
2021-10-14 06:31:11 +01:00
Kaelan Mikowicz
171524d225
DHCP: Fix infinite INFORM messages
When an address is configured on the interface, do not send an
INFORM message if the interface is already bound.

Fixes #48
2021-10-14 06:14:45 +01:00
Philip Paeps
fe668b5399
privsep: Fix getting interface VLANID on BSD (#58)
Include relevant headers for the definition of SIOCGETVLAN.  This fixes
DHCPv6 Prefix Delegation where a prefix is delegated to several VLAN
interfaces on the same physical interface.
2021-10-12 09:07:28 +01:00
Roy Marples
3b1f557d1c DHCP6: Don't spam the log when a RA repeatedly triggers an INFORM
This can occur if the RA reduces the prefix times in accordance
with it's own lifetimes for example.
dhcpcd only checks if the RA contents have changed to trigger a
new INFORM.

As such, only log about new INFORMs.

Fixes #46.
2021-10-01 16:25:53 +01:00
Marian Cingel
18da9b9155 privsep: Enforce proper alignment of serialized struct cmsghdr
Fixes #43.
2021-08-31 13:33:20 +01:00
Roy Marples
2fae4a113c DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
As per RFC 4704 section 5.
Fixes #44.
2021-08-31 10:57:44 +01:00
Stefan Sperling
3215c8f97b
Fix rt_cmp_dest() for equivalent network prefixes with different netmasks. (#52)
When rt_add() decides that it must delete+add a route in order to change
the routing table entry, a wrong RB tree lookup result can throw it off
the rails. In the case observed, a static /64 prefix was deleted from
vlan1 while dhcpcd intended to delete its reject route bound to lo0.

Given two routes in the table, the loopback reject route installed by
dhcpd for my /48 prefix, and a cloning route for a /64 prefix on vlan1:

2001:db8::/48 ::1         UGR        0        0 32768    56 lo0  
2001:db8::/64 2001:db8::1 UCn        1        2     -     4 vlan1

When searching the OS routing table dhcpcd attempts to tell routes apart
based only on the masked destination address. In the above case the masked
destinations look identical. The only difference is the length of the netmask.
The function rt_cmp_dest() didn't detect this and returned the /64 route
while dhcpcd was in fact searching for the /48 route.

This patch fixes the lookup by running rt_cmp_netmask() if the masked
destination comparison via sa_cmp() leaves us with a tie. With this change
dhcpcd deletes the /48 route as intended, and leaves the /64 route alone.

I had to move the rt_cmp_dest() function down since it needs to use the
static helper function rt_cmp_netmask(), which happened to be defined
just below rt_cmp_dest().

Why am I using an overlapping static prefix? The answer is that my ISP
assigns a static /48 prefix but won't route IPv6 unless my router sends
a DHCPv6 request when it connects via PPPoE. I configure static IPv6 subnets
on LAN interfaces and have configured dhcpcd to obtain a /48 prefix lease
without setting addresses on any internal interfaces.
My dhcpcd.conf contains:
  ipv6only
  noipv6rs
  duid
  persistent
  option rapid_commit
  require dhcp_server_identifier
  script ""
  allowinterfaces pppoe0
  interface pppoe0
    ia_pd 1 /2001:db8::/48

This problem was found on OpenBSD, in case that matters for reproduction
of the issue.
2021-08-31 10:31:15 +01:00
Peter Fabinski
0c34e10b13
Update man pages for default metric changes (#51)
* Update man pages for metric changes in 3547ed19

* Make metric man changes additive
2021-08-31 10:29:25 +01:00
Craig McQueen
24693f0190
Fix parsing of hex/octal escapes in strings (#42) 2021-08-20 08:57:18 +01:00
Roy Marples
3ca0e321bf
Merge pull request #38 from concatime/posix-shell
configure: test -a|o is not POSIX
2021-07-20 11:06:32 +01:00
Roy Marples
3c216f86f5 Build as dhcpcd-9.99 now we have a dhcpcd-9 branch. 2021-07-19 21:25:45 +01:00
Roy Marples
477cd9669c IPv4LL: Don't remove statically assigned addresses
Fixes #37.

While here, don't open a DHCP port for static addresses either
when not in manager mode.
2021-07-19 21:22:44 +01:00
Issam E. Maghni
6e1da480a1 configure: test -a|o is not POSIX 2021-05-04 12:34:01 -04:00
Roy Marples
01748b315d FreeBSD: Finish EVFILT_PROCDESC implementation. 2021-03-18 12:14:54 +00:00
Roy Marples
8a5846bda6 Fix more new eloop fallout. 2021-03-17 20:16:20 +00:00
Roy Marples
c691df1084 privsep: Implement pdfork(2) for capsicum(4)
Capsicum does not allow waitpid(2).
As such we need to use pdfork(2) and watch for the descriptor to
hangup.
2021-03-17 20:13:02 +00:00
Roy Marples
77ef5d931a privsep: Fix FreeBSD for prior 2021-03-17 15:19:27 +00:00