diff options
| author | Chris Kuethe <ckuethe@cvs.openbsd.org> | 2006-06-14 14:58:53 +0000 |
|---|---|---|
| committer | Chris Kuethe <ckuethe@cvs.openbsd.org> | 2006-06-14 14:58:53 +0000 |
| commit | 0edc08d91552b11f7caa2191b759b475bf31297c (patch) | |
| tree | 0cb96e5eec6787f047319e7f136c93e6eaacc2d9 /usr.sbin/dhcpd/pfutils.c | |
| parent | 5a9b4670b341057df3e36cb54a9dd228dfb75da5 (diff) | |
This diff allows dhcpd to put active leases into a pf table. Dhcpd will then
periodically - based on the length of the shortest lease time - walk across
all leases searching for expired leases which are then removed from the pf
table.
ok henning
Diffstat (limited to 'usr.sbin/dhcpd/pfutils.c')
| -rw-r--r-- | usr.sbin/dhcpd/pfutils.c | 56 |
1 files changed, 45 insertions, 11 deletions
diff --git a/usr.sbin/dhcpd/pfutils.c b/usr.sbin/dhcpd/pfutils.c index 15b06c8138c..ac414a5f95a 100644 --- a/usr.sbin/dhcpd/pfutils.c +++ b/usr.sbin/dhcpd/pfutils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfutils.c,v 1.4 2006/06/14 14:49:46 ckuethe Exp $ */ +/* $OpenBSD: pfutils.c,v 1.5 2006/06/14 14:58:52 ckuethe Exp $ */ /* * Copyright (c) 2006 Chris Kuethe <ckuethe@openbsd.org> * @@ -43,6 +43,7 @@ extern int pfpipe[2]; extern int gotpipe; extern char *abandoned_tab; extern char *changedmac_tab; +extern char *leased_tab; __dead void pftable_handler() @@ -80,16 +81,44 @@ pftable_handler() error("pf pipe error: %m"); switch (cmd.type){ - case 'A': - pf_change_table(fd, 1, cmd.ip, abandoned_tab); - pf_kill_state(fd, cmd.ip); - break; - case 'C': - pf_change_table(fd, 0, cmd.ip, abandoned_tab); - pf_change_table(fd, 0, cmd.ip, changedmac_tab); - break; - case 'L': - pf_change_table(fd, 0, cmd.ip, abandoned_tab); + case 'A': + /* + * When we abandon an address, we add it to the + * the table of abandoned addresses, and remove + * it from the table of active leases. + */ + pf_change_table(fd, 1, cmd.ip, abandoned_tab); + pf_change_table(fd, 0, cmd.ip, leased_tab); + pf_kill_state(fd, cmd.ip); + break; + case 'C': + /* + * When the hardware address for an IP changes, + * remove it from the table of abandoned + * addresses, and from the table of overloaded + * addresses. + */ + pf_change_table(fd, 0, cmd.ip, abandoned_tab); + pf_change_table(fd, 0, cmd.ip, changedmac_tab); + break; + case 'L': + /* + * When a lease is granted or renewed, remove + * it from the table of abandoned addresses, + * and ensure it is in the table of active + * leases. + */ + pf_change_table(fd, 0, cmd.ip, abandoned_tab); + pf_change_table(fd, 1, cmd.ip, leased_tab); + break; + case 'R': + /* + * When we release or expire a lease, remove + * it from the table of active leases. As long + * as dhcpd doesn't abandon the address, no + * further action is required. + */ + pf_change_table(fd, 0, cmd.ip, leased_tab); break; default: break; @@ -219,6 +248,11 @@ pfmsg(char c, struct lease *lp) (void)atomicio(vwrite, pfpipe[1], &cmd, sizeof(struct pf_cmd)); break; + case 'R': /* Address is being released or lease has expired */ + if (leased_tab != NULL) + (void)atomicio(vwrite, pfpipe[1], &cmd, + sizeof(struct pf_cmd)); + break; default: /* silently ignore unknown commands */ break; } |