This diff makes dhcpd able to manipulate pf tables on certain lease events.

dhcpd is now able to place abandoned addresses into a table (to offer some
protection against machines camping on an address) and remove them from the
table if they are properly leased.

When dhcpd assigns an IP to a new hardware address, it can remove that
address from a table. This is for use with the overload table in pf; newly
arrived machines will not be punished for the actions of a machine that
went away.

beck@ and krw@ liked previous versions of this, henning@ final ok

1 files changed, 18 insertions, 1 deletions

diff --git a/usr.sbin/dhcpd/dhcpd.h b/usr.sbin/dhcpd/dhcpd.h
index e706fd98349..1356597021c 100644
--- a/usr.sbin/dhcpd/dhcpd.h
+++ b/usr.sbin/dhcpd/dhcpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhcpd.h,v 1.18 2006/05/30 23:43:46 ckuethe Exp $ */
+/*	$OpenBSD: dhcpd.h,v 1.19 2006/05/31 02:43:15 ckuethe Exp $ */
 
 /*
  * Copyright (c) 1995, 1996, 1997, 1998, 1999
@@ -84,6 +84,10 @@ extern int h_errno;
 #define _PATH_DHCPD_DB "/var/db/dhcpd.leases"
 #endif
 
+#ifndef _PATH_DEV_PF
+#define _PATH_DEV_PF "/dev/pf"
+#endif
+
 /* Time stuff... */
 #include <sys/time.h>
 
@@ -326,6 +330,12 @@ struct client_lease {
 	struct option_data options [256];	/* Options supplied with lease. */
 };
 
+/* privsep message. fixed length for easy parsing */
+struct pf_cmd{
+	struct in_addr ip;
+	u_int32_t type;
+};
+
 /* Possible states in which the client can be. */
 enum dhcp_state {
 	S_REBOOTING,
@@ -775,3 +785,10 @@ u_int32_t	wrapsum(u_int32_t);
 void icmp_startup(int, void (*)(struct iaddr, u_int8_t *, int));
 int icmp_echorequest(struct iaddr *);
 void icmp_echoreply(struct protocol *);
+
+/* pfutils.c */
+__dead void pftable_handler(void);
+void pf_change_table(int , int , struct in_addr , char *);
+void pf_kill_state(int , struct in_addr );
+size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
+#define vwrite (ssize_t (*)(int, void *, size_t))write