Put checksum flags in bpf_hdr to use them in userland dhcpleased.

Thus, dhcpleased accept non-calculated checksums which were verified by
hardware/hypervisor.

With tweaks from dlg@

ok bluhm@
mkay

Put checksum flags in bpf_hdr to use them in userland dhcpleased.

Thus, dhcpleased accept non-calculated checksums which were verified by
hardware/hypervisor.

With tweaks from dlg@

ok bluhm@
mkay tobhe@

show more ...

First stab at IPv6-only preferred from RFC8925.

This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconf

First stab at IPv6-only preferred from RFC8925.

This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconfigures IPv4 on the interface.

For now this is pretty much useless unless one dynamically configures
pf(4) to act as a CLAT. gelatod(8) from ports can help with this.

However, this helps me while hacking on a kernel based stateless CLAT
by moving dhcpleased out of the way while having an IPv6-mostly
network configured to compare behaviour with macOS.

Input jmc
OK phessler
Input & OK sthen

show more ...

default the conffile variable to the default file name instead of NULL.

this avoids having to test for NULL and swap the right name in place
in a bunch of places. it also avoids having NULL passed t

default the conffile variable to the default file name instead of NULL.

this avoids having to test for NULL and swap the right name in place
in a bunch of places. it also avoids having NULL passed to format
strings in the parser.

the only place where it actually matters if we're using the default
or not is when we're parsing the config. if you don't specify a
config, and the default file doesnt exist, that's ok.

ok florian@

show more ...

Make host name DHCP option configurable.
Diff from hagen@sdf.org, tweaks by me.
OK phessler
testing & OK bket

Rework in which state to add and not add the server-ip and
requested-ip option as well as setting ciaddr.

This started with joel@ pointing out that their CPE is ignoring
RENEWING and REBINDING reque

Rework in which state to add and not add the server-ip and
requested-ip option as well as setting ciaddr.

This started with joel@ pointing out that their CPE is ignoring
RENEWING and REBINDING requests when ciaddr was not set.

RFC 2131 4.3.6, Table 4 has a good overview, we got a bunch of it
wrong.

Previously the logic for this was all over the place which made it
difficult to reason about, it is now contained in the engine process
in request_dhcp_request() and request_dhcp_discover().

Problem pointed out by, lots of testing and review as well as OK joel@
Additional testing and 50% review benno@

show more ...

Make it possible to ignore routes or nameservers from a lease as well
as ignoring servers entirely.
Tested by bket
Parser looks reasonable to benno
man page OK jmc

Do not abuse the IMSG_CTL_SEND_REQUEST imsg to transition to
REBOOTING. There will be a few more cases internal to dhcpleased that
have nothing to do with the control socket.
While here move requesti

Do not abuse the IMSG_CTL_SEND_REQUEST imsg to transition to
REBOOTING. There will be a few more cases internal to dhcpleased that
have nothing to do with the control socket.
While here move requesting a new lease via a call to dhclient under
ifndef SMALL, nothing on the ramdisk uses this.

show more ...

fix broken small build; ok florian@

Implement possibility to send vendor class identifier (option 60) and
client identifier (option 61). Some dhcp servers expect these options
and refuse to hand out a lease without them.
Need for vendo

Implement possibility to send vendor class identifier (option 60) and
client identifier (option 61). Some dhcp servers expect these options
and refuse to hand out a lease without them.
Need for vendor class identifier pointed out & tested by bket
Need for client identifier pointed out by sthen
Input & reads OK sthen (as part of a larger diff)
OK kn (as part of a larger diff)

show more ...

Use exclusive lock under /dev/, silence expected errors in installer

resolvd(8), slaacd(8) and dhcpleased(8) are different from other daemons
in that there must only be a single instance.

resolvd a

Use exclusive lock under /dev/, silence expected errors in installer

resolvd(8), slaacd(8) and dhcpleased(8) are different from other daemons
in that there must only be a single instance.

resolvd already does this, adjust slaacd and dhcpleased accordingly while
moving the lockfile paths under /dev/ such that they work early on boot and
don't run into races should /var be (un)mounted between daemon starts.

Locking is especially required in the installer where all three daemons are
started every time the "(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? "
prompt is entered, i.e. restarting installation or dropping into a shell
and back into the prompt again would start multiple instances.

To avoid expected lockfile error messages in between installer prompts,
discard standard error when starting the autoconf daemons; none of them
has other potential failure cases in installer mode before daemon(3)izing.

Input sthen deraadt
OK deraadt

show more ...

Put (boot) filename, next-server, host-name and domain-name into lease
file for the installer.

Implement classless static routes dhcp option.

For this we need to be able to handle multiple routes being sent from
the engine to the main process as well as to the control tool.
The configuration

Implement classless static routes dhcp option.

For this we need to be able to handle multiple routes being sent from
the engine to the main process as well as to the control tool.
The configuration of the various cases (default route, directly
connected routes, non-default route via a gateway) was inspired by
dhclient's set_routes() and should behave the same way.

Tested by Uwe Werler

show more ...

Make sure the ip header lands on a 4 byte alignment by adding 2 bytes
padding because the ethernet header in front is only 14 bytes.
Found the hard way by me while testing on sparc64.
Solution sugges

Make sure the ip header lands on a 4 byte alignment by adding 2 bytes
padding because the ethernet header in front is only 14 bytes.
Found the hard way by me while testing on sparc64.
Solution suggested by & OK deraadt

show more ...

Path #defines are traditionally prefixed with _PATH.
pointed out by deraadt

Read the lease file into a statically sized buffer and pass it over to
the engine process for parsing instead of passing an fd.
Let's us tighten the engine's pledge back down to "stdio".

Import dhcpleased(8) - a dhcp daemon to acquire IPv4 address leases
from servers.

dhcpleased(8) follows the well known three process design of all our
privsep daemons. It uses pledge(2) and unveil(2

Import dhcpleased(8) - a dhcp daemon to acquire IPv4 address leases
from servers.

dhcpleased(8) follows the well known three process design of all our
privsep daemons. It uses pledge(2) and unveil(2) to restrict access
further. In particular the "engine" process, responsible for parsing
of untrusted data, is pledge'd "stdio". It cannot access the outside
world nor the filesystem at all.

Like slaacd(8) for IPv6 it will be always running and acquire addresses
for all interface with the autoconf4 flag set.
The flag can be set by "ifconfig $if inet autoconf" or by adding
"inet autoconf" to /etc/hostname.if. An existing "dhcp" line should
be removed.

Various iterations tested by deraadt@
The hardest part, finding a name, was handled by jmatthew@ & otto@

"get to it :)" deraadt@

show more ...