Commit Graph

5458 Commits

Author SHA1 Message Date
Roy Marples
8b74f62e03 linux: clean some more compiler warnings
gcc-12 and clang-14 no longer emit any errors
2023-01-09 11:15:13 +00:00
Roy Marples
01b9b37dd8 linux: Fix compile warning using clang 2023-01-09 10:09:45 +00:00
Roy Marples
fdcf878fff configure: Ensure that we use the return of the functions we test
As newer compiler defaults warn if they are not used.
Should fix #163.
2023-01-08 22:10:21 +00:00
Roy Marples
96f055d2e4 privsep: Try sending error if we cannot send the message.
There is an error sending a reply from an INET6 sysctl RT dump
on FreeBSD-14 using the dhcpcd-9 branch.
It seems to be related to capsicum and doesn't happen on FreeBSD-13.
We should handle the error gracefully and allow dhcpcd to try to
contuinue regardless.
2023-01-06 11:21:05 +00:00
Roy Marples
6c64687478 dhcp: Remove bootp arg from rt 3442 decoding
Fixes a compile warning. Addendum to #161.
2023-01-05 11:17:12 +00:00
Roy Marples
7a13e344c7 Welcome to 2023. 2023-01-05 10:51:32 +00:00
xvuko
3e6277050f
dhcp: Fix classless link local static routes (#161)
Detecting host routes based on address comparison is not needed in
classless routes as /32 mask can be explicitly used. This detecting
mechanism did cause issues when gateway was set to 0.0.0.0 (link local
routes).
2023-01-05 09:02:52 +00:00
Roy Marples
6797c08b66 options: Fix parsing of strings.
If we are not passed a buffer we should blindly return the
result of trying to parse it has as a hex string - it will be zero.
Fixes 133.
2022-12-23 17:35:29 +00:00
Roy Marples
f0aa82e786 hooks: Use --no-block for systemd
As we really don't want to block dhcpcd if systemd does.
Fixes #141.
2022-12-23 16:42:23 +00:00
Roy Marples
564beeae66 if: Again fix prior on NetBSD 2022-12-23 16:15:58 +00:00
Roy Marples
49a1b22ae3 if: Fix issue with prior with privsep enabled
Addition to #157.
2022-12-23 16:13:09 +00:00
Roy Marples
18a0e8b4f2 DHCP: Set option buffer length to 0 when freeing
As we test length of buffer when reallocating.
Fixes #156.
2022-12-23 14:24:59 +00:00
Roy Marples
4d62bc8bee if: Add if_freeifaddrs so we can free ifaddrs on all code paths
Fixes #157.
2022-12-23 13:56:39 +00:00
Laszlo Toth
79a7f5a48d
arp: ignore invalid ARP probes according to RFC5227 (#145)
Some network devices can send probes where the source address in the frame
does not match the sender in the ARP request, due to firmware bugs or
crafted packets.
Without verification this can cause to fail the defense, so we lose the
address, then request a new one. This might lead to the DHCP address pool
being exhausted and all sorts of problems like frequent IP changes.

A real life example is that some Cisco devices can send ARP probes in bursts,
where the frame's source address is clearly invalid, so hosts running dhcpcd
release addresses frequently, e.g., Raspberry Pis.
Example output:
"invalid ARP probe, sender hw address mismatch (00:be:75:xx:xx:xx, 00:00:00:yy:yy:yy)"

RFC5227, Section 1.1 describes that the two addresses must match in case
of ARP probes, so add the extra check and log a warning if we receive an
invalid packet like that.

Signed-off-by: Laszlo Toth <laszlth@gmail.com>
2022-12-23 13:31:43 +00:00
Roy Marples
6a9994bbf0 configure: --prefix also sets $prefix for compat with autoconf
Fixes #139
2022-10-17 14:30:03 +01:00
Alexey Kasyanchuk
1dc0f5f82a
Compilation fix on linux platform with clang (#130) 2022-10-11 17:53:02 +01:00
Roy Marples
4627c5d80f privsep: Improve the race to exit
Each process should now cleanly wait for child processes to exit.
They should only exit when no children left.

There is still no way to cleanly log the privilged process exiting
as well as the manager process as the manager needs the
privilged process to log.

Now, at least, dhcpcd should alway say it's exited.
2022-09-06 09:18:08 +01:00
Roy Marples
8c54cd6abf dhcpcd: Remove last nanosleep
Fixes #128.
2022-09-05 21:37:32 +01:00
Roy Marples
3b294661fb dhcpcd: Use eloop timeout to wait for pidfile removal
As well as removing not enabled code to wait a bit before
removing the IP address when sending a DHCP RELEASE message.

This means that we no longer need to allow nanosleep in SECCOMP.

Hopefully fixes #127.
2022-09-05 13:24:02 +01:00
Roy Marples
ce13b79d78 privsep: Don't find processes we just asked to stop
We could rebind a lease, get a NAK and enter DISCOVER.
We need to restart the BPF in the middle as the BPF filter could
change.

As such, add a started flag to each privsep process and when
searching for a process by id only find started ones.
If we ask them to stop then the started flag is removed.

Fixes errors about writing to stopping processes an unknown
processes exiting.
2022-09-02 12:54:25 +01:00
Roy Marples
23d4f3d806 Fix prior when asking dhcpcd to exit and it's not running 2022-09-02 12:02:25 +01:00
Roy Marples
86532445db dhcpcd: Fix sending interface specific commands to manager process
Seems to have been broken for a while .... good to have this fixed.
2022-09-01 20:48:40 +01:00
Roy Marples
bd0593a1fe Normalise dhcpcd is not running message 2022-08-31 20:04:17 +01:00
Roy Marples
4b37f00855 inet6: Tokenised IPv6 Identifiers fix man page
One typo, again for #101.
2022-08-31 16:58:28 +01:00
Roy Marples
79c3ba7c2a inet6: Fix Tokenised IPv6 Identifiers
Another one for #101.
2022-08-31 12:17:53 +01:00
Roy Marples
f7b171e6cc Bump dates for prior 2022-08-31 09:21:09 +01:00
Pau Amma
dc9775edaa Grammar improvements and typo fixes to README and manpages 2022-08-31 01:06:48 -07:00
Roy Marples
b3c41d25a3 dhcp: allow static options to be removed by not setting a value
This allows this config:

interface eth0
	arping 1.2.3.4
	static ip_address=5.6.7.8/24

profile 1.2.3.4
	# Allow DHCP
	static ip_address=
2022-08-30 21:35:08 +01:00
Roy Marples
27f444f85b DHCP: Only test not BOUND when finishing DAD
This fixes using a last lease on initial boot when the DHCP
server is not present.
2022-08-30 17:26:07 +01:00
Roy Marples
a22936e4b3 Fix prior for Linux. 2022-08-30 15:52:21 +01:00
Roy Marples
7d54256958 It turns out we can use these defines here. 2022-08-30 13:53:44 +01:00
Roy Marples
940b10f7c0 privsep: Open OS sockets for the privileged process at startup
Rather than opening / closing on demand.
This mirrors the behaviour of dhcpcd without privsep and ensures
that dhcpcd always has the resource available to do it's operations
to ensure the network stays up.

This also has the advantage of working around a recent FreeBSD-14
capsicum issue where opening a route socket in the privileged
process without capsicum fails with the same error as if it was
in capsicum.
2022-08-30 13:46:31 +01:00
Roy Marples
4f56572e8b Add guard to prior 2022-08-30 11:00:41 +01:00
Roy Marples
1a70f1b51c inet6: Support Tokenised IPv6 Identifiers
https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt
Didn't quite make it to a RFC, but it's easy to implement and seems
a nice to have.

Fixes #101.
2022-08-30 10:48:11 +01:00
Roy Marples
8f86349e49 DHCP6: T1, T2, vltime and pltime SHOULD be zero from client messages
See RFC 8415 21.4, 21.6, 21.21 and 21.22.
As such it's impossible to request a lease time as such and we
MUST use the vltimes and pltimes sent by the server.

This addresses the concern in #116 but does fix it as it's not a dhcpcd
problem.
2022-08-29 18:01:17 +01:00
Roy Marples
b1e4e779be DHCP6: we multicast, not broadcast
We have always multicast, just used the wrong terminology.
Addresses #122.
2022-08-26 11:22:05 +01:00
Roy Marples
38befd4e86 privsep: Allow newfstatat syscall as well
Allows newer glibc variants to work apparently.
As reported in #84 and #89.
2022-08-26 09:24:50 +01:00
Roy Marples
645c32dd1a privsep: Allow getrandom sysctl for newer glibc
Fixes #120
2022-08-26 09:08:36 +01:00
Roy Marples
e307ec2c58 OpenBSD: Fix compile with prior 2022-08-24 10:17:42 +01:00
Roy Marples
0094926d67 Clean some compile warnings with prior 2022-08-24 10:10:48 +01:00
Roy Marples
35b2b68dd5 capsicum: sysctl NET_RT_DUMP is a privileged operation 2022-08-24 10:04:19 +01:00
Roy Marples
8b11859ac4 BSD: Fix an error parsing the routing table
Also report any errors reading the routing table.
2022-08-23 13:57:17 +01:00
Roy Marples
c872b2d6e0 Respect DHCPv6 for prior 2022-08-09 17:56:44 +01:00
Roy Marples
6ab00c2de5 Amend prior so that NTP servers are removed if the option vanishes 2022-08-09 17:32:49 +01:00
Roy Marples
2f070c7d20 hooks: Support timesyncd
Fixes #106
2022-08-09 17:26:37 +01:00
Roy Marples
41b8ff0929 inet6: Support RFC 4862 5.5.3.e in regards to Valid Lifetime
1.  If the received Valid Lifetime is greater than 2 hours or
          greater than RemainingLifetime, set the valid lifetime of the
          corresponding address to the advertised Valid Lifetime.

      2.  If RemainingLifetime is less than or equal to 2 hours, ignore
          the Prefix Information option with regards to the valid
          lifetime.

      3.  Otherwise, reset the valid lifetime of the corresponding
          address to 2 hours.
2022-08-08 16:47:55 +01:00
Roy Marples
b4e06fdb6b options: Ensure that we correctly read auth tokens. 2022-07-29 08:00:09 +01:00
Roy Marples
60640a1ff5 dhcpcd-run-hooks.8: its and not it's for posessive.
Thanks to perkelix.
Fixes #110.
2022-07-29 07:22:59 +01:00
Adam Dinwoodie
55e3904961
Always skip hooks ending in ~ (#113)
dhcpcd-run-hooks is intended to skip hooks with filenames ending in `~`,
but the test only works if `$skip_hooks` is defined and not empty.
Refactor the test such that files ending in `~` are always skipped, as
appears to be the intent of this code.
2022-07-29 07:14:41 +01:00
Roy Marples
29f6c47b9e DHCP: Fill chaddr if hwlen really is 16 bytes
This isn't normally a problem as ethernet is 6 bytes in length.
Spotted by Steve Noonan.
2022-06-02 06:36:18 +01:00