summaryrefslogtreecommitdiffstats
path: root/usr.sbin/dhcpd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* list example files in FILES with a short description: generally, "Examplejmc2020-05-161-2/+7
| | | | | | | configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent; original diff from clematis
* Correctly parse "0/0" as the default route when specifyingkrw2020-04-231-32/+33
| | | | | | | | | the classless-[ms-]static-routes options in dhcpd.conf. Brings dhcpd.conf CIDR parsing in line with dhclient.conf, dhcp-options(5) and the command lines of various utilities. Inconsistency noted and fix tested by Freda Bundchen. Thanks!
* Document using /etc/ethers to look up ethernet addresses. ok krw@,dtucker2020-04-171-4/+6
| | | | wordsmithing jmc@
* Support looking up ethernet addresses in /etc/ethers at dhcpd startup time.dtucker2020-04-161-5/+21
| | | | | If the lookup fails it falls back to parsing the ethernet address normally. ok krw@
* dhcpd could reference freed memory after releasing a lease withkrw2020-04-061-2/+3
| | | | | | an unusually long uid. Reported by Adarsh Dinesh. Thanks!
* Properly initalize the ICMP message to zero to avoid leaking 4-byteclaudio2019-10-031-4/+2
| | | | | | of uninitialised memory in the sent icmp echorequest. Reported by Adarsh Dinesh (adarsh.dinesh at gmail com) OK florian@ deraadt@
* One missing piece when I added pledge(2) to dhcpd(8) was in the code path whenmestre2019-08-081-5/+8
| | | | | | | | | | | | | | it's invoked with either -A/-C/-L, which at the time I left alone due to some forbidden ioctls by pledge(2). Now we have unveil(2) and this path can be further restricted by using it instead of chroot(2) since this "sandbox" (not sure why people call sandbox to about everything these days) can be escaped with *at(2) calls. Since no filesystem access is needed here then we can disable its access by calling unveil("/", "") unveil(NULL, NULL). added /* no filesystem visibility */ as per suggestion by and OK deraadt@
* Use pw->pw_dir when chroot'ing, not _PATH_VAREMPTY.krw2019-08-061-4/+3
| | | | | | | Brings various dhcp related daemons into line with the common idiom. ok florian@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-282-9/+9
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Fix dhcpd build on gcc architectures.visa2019-05-101-4/+6
| | | | OK deraadt@ jca@
* Switch domain-search parsing from hand rolled hex string tokrw2019-05-085-26/+107
| | | | | | | | human readable list of strings. Slightly tweaked version of a diff from William Ahern via tech@. Long silence on all fronts leads to community based testing.
* Document new domain-search syntax available tokrw2019-04-021-4/+7
| | | | dhclient(8).
* missing full stop;jmc2019-04-011-2/+2
|
* Add a rfc1035 data type and use it to describekrw2019-04-011-1/+29
| | | | | | | | | domain-search. Mention that dhcpd(8) still calls this option-119. Also mention that the information provided by this option will be used in preference to domain-name when constructing resolv.conf(5). Merciless prodding by florian@ and kn@.
* Describe the cidr data type and rework thekrw2019-04-011-9/+20
| | | | | | | | | | classless[-ms]-static-routes verbiage to use cidr and ip-address types rather than hand waving manual construction. Add an explicit note that dhclient(8) ignores the obsolete "static-routes" option.
* int16 and int8 are not used for any option. So don'tkrw2019-04-011-8/+4
| | | | mention them.
* Document dhcp-message (a.k.a. option 56) and tweak verbiage forkrw2019-04-011-3/+9
| | | | | dhcp-max-message-size (a.k.a. option 57) in the hope of clarifying things.
* Correct the documentation of relay-agent-information,krw2019-04-011-6/+6
| | | | | | | | | nds-context and nds-tree-name to show that they are parsed as data-string ('X') and not string ('t'). Correct the documentation of dhcp-option-overload to show that it is parsed as a single uint8, not an array of uint8s.
* explicitly use BPF_FILDROP_CAPTURE when configuring BIOCSFILDROPdlg2019-03-181-2/+3
| | | | | | | BIOCSFILDROP used to just be a flag, ie, any non-zero value was treated the same, but i'm changing it so different values do different things. this way the programs should keep working even if i decide to change the values for these macros.
* I noticed the "pf table handler" process not going away on dhcpd restart,henning2018-12-071-7/+7
| | | | | | | | | | | | | looked at the error handling here, and.... oh my. If opening /dev/pf on startup fails, don't just warn and move on, but bail. If chroot (or the chdir after) fail, don't just warn and move on, bail. If dropping privileges fails, the last thing we want to do is to just move on with root privs, having warned or not. If the pipe to the parent process is closed, that almost certainly means that the parent process went away, and it absolutely certainly means that the table handler process has no meaningful reason to exist any more, thus bail. ok florian ccardenas krw
* Tighten up description of echo-client-id statementkrw2018-07-031-10/+16
| | | | | | | | | | to make it clearer. Explicitly mention that older printers may require it to be set to false, as this has come up on the mailing lists a few times. Original diff from sthen@. ok jmc@
* consistently spell "IPsec"; from raf czlonkajmc2018-03-011-3/+3
| | | | | | | | note that this is only part of raf's original diff: the rest is for code. although i'm sure the diff itself is correct, i don;t judge myself qualified to decide whether those changes are warranted. still, i'd appreciate at least a reply to raf's diff from another developer (yay! nay!)
* Better documentation of the classless-static-routes option.matthieu2018-02-281-2/+10
| | | | ok krw@, tweaks by jmc@
* do not claim that this is isc dhcpd (but retain credit);jmc2017-08-291-7/+8
| | | | | | issue pointed out by miod ok krw miod
* Remove unused structs and defines, from Edgar Pettijohn. ok jca@rob2017-08-041-40/+1
|
* Removed unused struct, also noticed by Edgar Pettijohn. ok jca@, krw@rob2017-07-311-6/+1
|
* Handle DHCPINFORM from clients behind a DHCP relay.reyk2017-07-111-2/+2
| | | | | | | | | The dhcpinform() function has assumed that ciaddr matches the packet's IP source address and didn't consider a relay, such as dhcrelay(8) - indicated by giaddr, has forwarded the request. Tested by landry@ OK krw@
* remove a contradictory sentence (see dhcp-options(5)) which claimsjmc2017-06-281-5/+2
| | | | | | | | hostnames which resolve to muliple ip addresses are all forwarded to the client; issue reported by edgar pettijohn; discussed with dhcpd's de facto maintainer, kenneth westerback;
* remove some repetitive text chunks; ok krwjmc2017-04-261-129/+69
|
* a little more consistent text for previous; ok krwjmc2017-04-241-5/+5
|
* Add 'echo-client-id' statment, so that RFC 6842 behaviour can bekrw2017-04-246-9/+42
| | | | | | | | | | turned off for those clients and networks that find it impossible to move past RFC 2131. Modelled on the same statement in recent ISC versions, though we default to 'on' (a.k.a. RFC 6842) rather that 'off' (a.k.a. RFC 2131). Problems reported by Bastien Durel (Xerox Phaser 6022 printer) and Bryan Vyhmeister (Hon Hai Precision router) via misc@. Thanks!
* Switch base tools from /dev/bpf0 to /dev/bpf. Now that /dev/bpf has beennatano2017-04-191-2/+2
| | | | | | around for two releases, it should be safe to do so. ok bluhm deraadt sthen tb yasuoka
* Tweak parameters to decode_*, add a check or two, and thus gain most of thekrw2017-04-183-23/+23
| | | | | sanity improvements reyk@ recently put into dhcrelay to ensure no more than the captured packet is processed.
* After 11 years of pondering about it I think that brookdavis@freebsd.orgkrw2017-04-181-3/+3
| | | | | | had it correct. Don't BPF_WORDALIGN() the value for the number of bytes read() into the buffer. This could theoretically cause the processing of 1 - 3 more bytes than were read.
* Use better types for checksum() parameters and local var fromkrw2017-04-172-8/+5
| | | | dhclient. Eliminate extra prototypes for checksum() and wrapsum().
* Remove a bunch of obsolete, unused and irrelevant DHCP client types, fields,krw2017-04-131-102/+1
| | | | and enums.
* Inspired by recent dhcrelay changes, bring in stricter CFLAGS!krw2017-04-121-1/+4
|
* One 'foo' per function is enough. Rename one to eliminate shadowing.krw2017-04-121-5/+5
|
* Add missing function prototypes. Mark kw_cmp() as static like allkrw2017-04-122-3/+6
| | | | its friends.
* From a syslog perspective it does not make sense to log fatal andbluhm2017-03-211-6/+6
| | | | | | warn with the same severity. Switch log_warn() to LOG_ERR and keep fatal() at LOG_CRIT. OK reyk@ florian@
* Bring parse_warn() into the log.[ch] 21st century and adopt the "^"krw2017-02-163-35/+15
| | | | placement logic from dhclient.
* Adopt the common verbiage other log.[ch] daemons use to describe '-d'.krw2017-02-151-22/+8
| | | | Point out that dhcpd(8) -f is an alias for -d.
* Eliminate pointless'%m' (a.k.a. hand rolled strerror()) by using fatal() andkrw2017-02-1312-95/+53
| | | | log_warn(). Zap a couple of explicit 'syslog()' calls.
* Adjust some long lines.krw2017-02-1313-146/+175
|
* Do the strerror() elimination dance with log_warnx() -> log_warn(),krw2017-02-134-25/+20
| | | | fatalx() -> fatal() and even a couple of fprintf(stderr) -> log_warn().
* Banished to the attic.krw2017-02-131-202/+0
|
* Switch from old errwarn.c logging to shiny new log.[ch].krw2017-02-1323-247/+544
| | | | ok benno@
* Move parse_warning() into parse.c to prepare to replace errwarn.ckrw2017-02-113-56/+63
| | | | | | with standard daemon log.[ch]. ok mpi@
* Appropriately replace "domain name" with "hostname"; less misleadingjca2017-02-041-10/+10
| | | | | | tb@ was initially concerned about next-server but there were more similar occurrences. Simple solution - "hostname" - proposed by jmc@ ok from both
* Replace bzero(3) with memset(3)mestre2016-11-154-15/+15
| | | | "Looks good" to deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.