#
22c60a6b |
| 05-Apr-2017 |
reyk <reyk@openbsd.org> |
Rework the packet.c code for decoding and assembling DHCP messages.
This code suffered from many years of incremental improvements, fix it to: - verify available buffer space in all cases and don't
Rework the packet.c code for decoding and assembling DHCP messages.
This code suffered from many years of incremental improvements, fix it to: - verify available buffer space in all cases and don't just trust the caller - have an API where you always pass the full buffer length and absolute offset - use consistent types for lengths and buffer offsets (int vs. size_t, ssize_t) - don't just ignore errors, return and fail when something is wrong
OK rzalamena@
show more ...
|
#
986dbb4c |
| 13-Feb-2017 |
krw <krw@openbsd.org> |
Switch from old errwarn.c logging to shiny new log.[ch].
ok benno@
|
#
fa3d4f89 |
| 08-Dec-2016 |
rzalamena <rzalamena@openbsd.org> |
Clean up function prototypes: use a single struct to hold all address information instead of passing multiple different parameters. This also prepares the dhcrelay code to receive new features, like:
Clean up function prototypes: use a single struct to hold all address information instead of passing multiple different parameters. This also prepares the dhcrelay code to receive new features, like: IPv6, layer 2 relaying.
ok jca@
show more ...
|
#
f70ef60c |
| 07-Feb-2016 |
krw <krw@openbsd.org> |
Eliminate #include inside *.h files and include only needed headers in each *.c file.
Inspired by mention of header silliness by Edgar Pettijohn and mmcc@ on tech@.
|
#
b4e2b639 |
| 03-Feb-2016 |
krw <krw@openbsd.org> |
be very careful accepting packets via bpf. First check that the fixed part of the IP header is completely present before using its header length field. Then use the data in the IP header to ensure t
be very careful accepting packets via bpf. First check that the fixed part of the IP header is completely present before using its header length field. Then use the data in the IP header to ensure the entire IP packet is present. Then check that the entire UDP header is present. Then use the data in the UDP header to ensure all the data it thinks is present is actually present.
Started when tj@ and a few others noticed ISC "DHCP CVE-2015-8605: UDP payload length not properly checked".
ok sthen@ henning@
show more ...
|
#
8ae29202 |
| 02-Feb-2016 |
sthen <sthen@openbsd.org> |
Variables to count seen packets should be unsigned.
From dhcpd/packet.c r1.8 ok jca
|
#
582bfeaf |
| 02-Feb-2016 |
sthen <sthen@openbsd.org> |
Nuke local #define ETHER_HEADER_SIZE and use the identical value'd ETHER_HDR_LEN from if_ether.h.
From dhcpd packet.c r1.6. ok jca
|
#
23d823c3 |
| 02-Feb-2016 |
sthen <sthen@openbsd.org> |
Remove unused (a.k.a. always passed NULL) parameter 'data' from decode_udp_ip_header() and the useless check of it. Part of original diff from pelikan about udp length errors.
From dhcpd: bpf.c r1.9
Remove unused (a.k.a. always passed NULL) parameter 'data' from decode_udp_ip_header() and the useless check of it. Part of original diff from pelikan about udp length errors.
From dhcpd: bpf.c r1.9, dhcpd.h r1.46, packet.c r1.5
ok jca
show more ...
|
#
c56a007c |
| 13-Jan-2016 |
sthen <sthen@openbsd.org> |
"Check UDP length for short as well as long values" - apply the fix from usr.sbin/dhcpd/packet.c r1.4 to dhcrelay. ok deraadt@
|
#
1543e3f7 |
| 25-Oct-2014 |
lteo <lteo@openbsd.org> |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
#
64b20cad |
| 28-Jul-2014 |
tobias <tobias@openbsd.org> |
merge dhcpd's packet.c revision 1.7:
Fix very hard to reach DoS attack vector, which would involve more than 8 billion network packets. Mixture of many many malformed and proper packets could resul
merge dhcpd's packet.c revision 1.7:
Fix very hard to reach DoS attack vector, which would involve more than 8 billion network packets. Mixture of many many malformed and proper packets could result in a division by zero.
ok krw@
show more ...
|
#
4be048dc |
| 03-Sep-2009 |
reyk <reyk@openbsd.org> |
Add support for "DHCP-over-IPsec" by implementing RFC 3046 (DHCP Relay Agent Information Option) and RFC 3456 (DHCP Configuration of IPsec Tunnel Mode). This allows to configure various IPsec client
Add support for "DHCP-over-IPsec" by implementing RFC 3046 (DHCP Relay Agent Information Option) and RFC 3456 (DHCP Configuration of IPsec Tunnel Mode). This allows to configure various IPsec clients dynamically via DHCP; dhcrelay needs to listen on enc0 and forward requests to a DHCP server that supports RFC 3046, like I recently did for dhcpd(8).
ok krw@
show more ...
|
#
65520a46 |
| 20-Apr-2004 |
canacar <canacar@openbsd.org> |
get rid of the -p switch, use fixed values for server and client ports, rename port variables for clarity. ok henning@
|
#
48be18b4 |
| 12-Apr-2004 |
henning <henning@openbsd.org> |
initial cut at split out dhcrelay, whacked from usr.sbin/dhcp/ and sbin/dhclient
|