| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Brings various dhcp related daemons into line with
the common idiom.
ok florian@
|
| |
|
|
| |
From Raf Czlonka, ok sthen@
|
| |
|
|
|
|
| |
This fixes "dhcrelay -i carpX" that used to work when dhcrelay didn't care.
Reported and tested by Kapetanakis Giannis bilias at edu.physics.uoc.gr
|
| |
|
|
| |
Pointed out by Kapetanakis Giannis
|
| |
|
|
|
|
| |
around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
| |
|
|
| |
OK rzalamena@
|
| |
|
|
|
|
|
|
|
|
| |
This code suffered from many years of incremental improvements, fix it to:
- verify available buffer space in all cases and don't just trust the caller
- have an API where you always pass the full buffer length and absolute offset
- use consistent types for lengths and buffer offsets (int vs. size_t, ssize_t)
- don't just ignore errors, return and fail when something is wrong
OK rzalamena@
|
| |
|
|
| |
OK rzalamena@
|
| |
|
|
| |
OK rzalamena@
|
| |
|
|
|
|
| |
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
| |
|
|
| |
ok reyk@
|
| |
|
|
|
|
| |
receive IPv6 support.
ok reyk@
|
| |
|
|
| |
ok gsoares@, jca@
|
| |
|
|
| |
Point out that dhcpd(8) -f is an alias for -d.
|
| |
|
|
| |
log_warn(). Zap a couple of explicit 'syslog()' calls.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok benno@
|
| |
|
|
|
|
|
| |
on the incoming packets.
Man page tweaks from jmc@
ok reyk@
|
| |
|
|
| |
ok reyk@
|
| |
|
|
|
|
| |
using the default values: use the right address for remote-id.
ok reyk@
|
| |
|
|
|
|
| |
gateway set. This happens mostly because we are watching a BPF socket.
Suggested by and ok jca@
|
| | |
|
| |
|
|
|
|
|
| |
Information (RFC 3046) options. While at there change the naming of the
remote destination parameters: instead of "server" call it "destination".
ok reyk@
|
| |
|
|
|
|
|
|
| |
information instead of passing multiple different parameters. This also
prepares the dhcrelay code to receive new features, like: IPv6, layer 2
relaying.
ok jca@
|
| |
|
|
|
|
|
| |
the interface and abort dhcrelay with a more friendly message when we
don't have an address configured in the interface.
ok jca@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
drop requests that have already been relayed. To allow usage in the
middle of a chain, remove this check and only set giaddr if it has not
been set yet. This giaddr will be used by the DHCP server to identify
which subnet the client is connected to.
RFC 1542 specifies that we should increase the hop counter every time
we relay a request. If we receive a request whose hop counter exceeds
the value of 16 we must silently drop it.
ok jca@
|
| |
|
|
|
|
|
|
| |
we SHOULD forward the packet not only as L3 broadcast, but also as
L2 broadcast. Apparently that helps on older machines that can't
handle L2 unicast replies.
ok jca@
|
| |
|
|
| |
OK rzalamena@
|
| |
|
|
|
|
| |
prototype to be more useful.
ok reyk@
|
| |
|
|
| |
fd == -1 check suggested by deraadt@, ok florian@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
rdaemon() works like daemon(3) but requires its caller to pre-open
/dev/null. This makes it possible to go in the background after
a chroot(2), allowing for more error checking. The pattern is basically
- open /dev/null
- chroot
- privdrop
- rdaemon
"design" initialy discussed with semarie@ a while ago, ok dlg@
|
| |
|
|
| |
ok krw@
|
| |
|
|
|
|
| |
timegm, and tzset
ok deraadt@
|
| |
|
|
| |
ok deraadt jca
|
| |
|
|
|
|
|
| |
each *.c file.
Inspired by mention of header silliness by Edgar Pettijohn and mmcc@
on tech@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fixed part of the IP header is completely present before using its
header length field. Then use the data in the IP header to ensure
the entire IP packet is present. Then check that the entire UDP header
is present. Then use the data in the UDP header to ensure all the
data it thinks is present is actually present.
Started when tj@ and a few others noticed ISC "DHCP CVE-2015-8605:
UDP payload length not properly checked".
ok sthen@ henning@
|
| |
|
|
| |
From dhcpd/packet.c r1.8 ok jca
|
| |
|
|
|
|
| |
ETHER_HDR_LEN from if_ether.h.
From dhcpd packet.c r1.6. ok jca
|
| |
|
|
|
|
|
|
|
| |
decode_udp_ip_header() and the useless check of it. Part of original
diff from pelikan about udp length errors.
From dhcpd: bpf.c r1.9, dhcpd.h r1.46, packet.c r1.5
ok jca
|
| |
|
|
| |
usr.sbin/dhcpd/packet.c r1.4 to dhcrelay. ok deraadt@
|
| |
|
|
| |
ok millert@
|
| |
|
|
|
|
|
|
| |
Fix very hard to reach DoS attack vector, which would involve more than
8 billion network packets. Mixture of many many malformed and proper
packets could result in a division by zero.
ok krw@
|
| | |
|
| |
|
|
| |
ok deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
| |
gateway address. This is a problem if your DHCP relay is running
on something that's not your network gateway.
It is purely informational from the relay to the client so we can
safely clear it.
stupid vmware.
ok krw@ beck@
|
| |
|
|
| |
references into a STANDARDS section;
|
| | |
|
| | |
|
krw
mpi
reyk
natano
bluhm
rzalamena
jmc
patrick
jca
guenther
sthen
lteo
tobias
schwarze
benno
dlg
mikeb