| Age | Commit message (Collapse) | Author |
|---|
|
non-privileged process, go_daemon().
As pointed out by kettenis@, otherwise it is still attached to a
controlling terminal and subject to the dangers thereof. Prep for
having the privileged process pay attention to signals.
|
|
|
|
OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@
|
|
|
|
See http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages.
We forcibly block IPv6 traffic by loading a "flow esp out from ::/0 to
::/0 type deny" unless the protocol is used in any of the flows. Note
that this will block any IPv6 traffic, superseding routes and pf, on
the host by default when iked is running with IPv4 flows only. This
auto-blocking feature can be disabled by specifying the "-6" command
line flag to iked.
Thanks to Fernando Gont.
ok mikeb@
|
|
void and not int/pid_t.
|
|
|
|
Allow 'request ;', 'require ;' and 'ignore ;' as requests to create
empty lists of options. Thus enabling the removal of built-in lists
or the removal of global lists inside an 'interface' declaration.
|
|
Treat 'ignore' option lists the same as 'request' and 'require'
option lists. i.e. keep a list of the options rather than using
an ACTION flag. So overriding a previous ignore list will not leave
breadcrumbs and incorrect ACTIONs lying around.
The list will be applied when the new lease is created, and will
override any ACTION specified for the option.
Mention in dhclient.conf(5) that each request/require/ignore statement
will override any previous one.
|
|
Don't toss away an existing request/require list unless the new
list is successfully parsed.
|
|
Storing an option in a list more than once is silly, wastes space
and is possibly confusing to sensitive dhcp servers. Make it a
syntax error to attempt to store an option in a list more than once.
|
|
DHO_PAD ("pad") and DHO_END ("option-end") are not really options
and it makes no sense to require, request, or ignore them. And
probably would confuse some sensitive dhcp servers.
|
|
1) Add config->required_options_count so that syntactically incorrect
request statement in dhclient.conf is completely ignored.
2) Pass size of buffer being filled instead of assuming 256.
3) Always zero (a.k.a. DHO_PAD) the passed in buffer.
4) Check for out of bounds index before using it, not after.
Add TOK_IGNORE to syntax in comment.
No intentional functional change other than catching bad request
statements.
|
|
in dhclient.conf.
Always zero out stack masks rather than using stack garbage when
no subnet-mask is provided.
|
|
|
|
Looks fine reyk@ ok mikeb@
|
|
|
|
version. This is the last hand-rolled imsg implementation I could
spot. Doesn't seem to break sparc64.
Suggested by chris@, tweaks from brad@ and reyk@.
ok reyk@
|
|
|
|
the interface index, hardware address, etc. as well as the interface
name.
|
|
intended.
|
|
|
|
dhcpd.h to pull in most sys/net/netinet/etc. .h file. Eliminate
superfluous #include's.
|
|
redirect privileged child's STDIN/OUT/ERROR to /dev/null. This was
already avoided for the unprivileged process. Makes printf/note
debugging easier.
|
|
|
|
data to copy, rather than a static value that *may* be incorrect.
e.g. when option.data is NULL. Allows 'ignore subnet-mask;' to work.
Prompted by a different but similar problem found by jmc@.
|
|
them shorter and eliminate implications about what the function
does. No functional change.
|
|
refactoring. i.e. use specified value if server has provided no
data.
|
|
doesn't send any data for the affected option. This was broken when
the supersede/append/prepend/ignore logic was refactored.
Reported by and fix tested by johnw via misc@
|
|
|
|
'in_addr'. Remove many double conversions and other perversions.
piaddr() replaced with inet_ntoa(). dhclient is extremely unlikely
to support anything but ipv4/dhcp without a complete rewrite.
Joint work with chris@.
Positive feedback from deraadt@ zinke@ phessler@.
|
|
'egress' as a special interface name.
|
|
Spotted by zinke@.
|
|
|
|
will be always be aligned. Don't pass around pointers into option
data - use variable that has the memcpy()'d data.
|
|
|
|
|
|
|
|
Also fix a bug where the return value of if_exists() was not checked
correctly if the interface disappears while pflogd is running.
ok beck henning
|
|
|
|
host route, a.k.a. 'route add w.x.y.z 127.0.0.1'. Since dhclient-script
ignored the failure, ignore it here too until it can be explained
or we stop creating these routes.
|
|
rather than setting all flags to zero. ok krw deraadt
|
|
|
|
|
|
|
|
1) Don't leak a file descriptor if there are no contents for
resolv.conf.
2) Allow for only resolv.conf.tail to go into resolv.conf.
3) Don't need to pass around interface name when creating resolv.conf.
4) Don't leave 0 length resolv.conf lying around if there are no
contents.
|
|
to *add* an address, here (building an ifaliasreq to delete an
address) it worked fine. But change it to the bcopy() dance that
works in the adding case just to be consistant until a sparc64/gcc
guru is cornered in a bar with a full keg of guiness.
|
|
in_addr_t values into s_addr's rather than assigning them.
Possibly not the ideal solution, but at least dhclient will work
again on sparc64.
|
|
question is the empty string.
Spotted by Joerg Zinke.
|
|
process. So when the child dies, the parent exits immediately.
|
