| Age | Commit message (Collapse) | Author |
|---|
|
by a new dhclient (or anyone else). Instead, use add_address(...,
INADDR_ANY, ...) to tell the privileged process that its active
address is gone. Thus the cleanup process doesn't try to delete it.
Eliminates extraneous log entries complaining that the address can't
be deleted. Narrows race window where old dhclient might delete the
address the new dhclient has just added.
Make rapid-fire starting of dhclient even more reliable.
|
|
privileged process now cleans up itself. Continuous rapid repeated
running of dhclient now more reliable.
|
|
things a bit so configuring the address and default route are done
last. This makes it much more likely that all the work is done when
the 'bound to ...' message is displayed.
Amoung other things fixes a problem with the install scripts, where
the first (hostname-associated) dhclient can exit so quickly the
interface doesn't yet have an address and a second (free-floating)
dhclient is therefore often run.
Noted by rpe@, who also tested the fix.
|
|
strdup() calls happen to return NULL. If they do return NULL, error out
to be consistent with what most of the rest of the code does when memory
allocation fails.
feedback/ok krw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
a list of option names, and any values provided for those options
in leases will be ignored.
Requested by phessler@ and djm@. Tested by phessler@. Possible
non-optimality of ignoring list in case of error pointed out by
tedu@.
ok phessler@ todd@ beck@
|
|
resolv.conf unless at least one of domain-name or domain-name-servers
were provided in the lease being bound.
Tweak priv_resolv_conf() to do the same. i.e. don't overwrite
resolv.conf with resolv.conf.tail when neither domain-name nor
domain-name-servers are provided in the lease.
|
|
the lease (or if they are 'ignore'd in dhclient.conf), and there
is no resolv,conf.tail then do not remove any existing resolv.conf.
Restores the behaviour ajacoutot@ expected and todd@ thinks makes
sense.
|
|
all occurances of %m with strerror(errno). And then nuking do_percentm()
and related buffer shuffling.
Also simplify parse_warn() so it takes a simple char * of the error,
and thus rely on pointing to error location in input for details.
Makes sense to beck@
|
|
spotted by rpe and sthen; ok krw
|
|
|
|
ok guenther
|
|
|
|
|
|
|
|
Pointed out by deraadt@
|
|
will get a new lease without having to restart dhclient. Also tweak
cleanup() to cancel any existing timeout, so one doesn't fire between
'down' and 'up'.
Makes sense to chris@ beck@.
|
|
SIGHUP, SIGINT, SIGTERM, SIGUSR1, SIGUS2 and cleanup before exiting
when getting them. Cleanup meaning removing routes and the interface
address added.
Tweaks and feedback from phessler@, sthen@, otto@, deraadt@
|
|
non-privileged process, go_daemon().
As pointed out by kettenis@, otherwise it is still attached to a
controlling terminal and subject to the dangers thereof. Prep for
having the privileged process pay attention to signals.
|
|
|
|
OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@
|
|
|
|
See http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages.
We forcibly block IPv6 traffic by loading a "flow esp out from ::/0 to
::/0 type deny" unless the protocol is used in any of the flows. Note
that this will block any IPv6 traffic, superseding routes and pf, on
the host by default when iked is running with IPv4 flows only. This
auto-blocking feature can be disabled by specifying the "-6" command
line flag to iked.
Thanks to Fernando Gont.
ok mikeb@
|
|
void and not int/pid_t.
|
|
|
|
Allow 'request ;', 'require ;' and 'ignore ;' as requests to create
empty lists of options. Thus enabling the removal of built-in lists
or the removal of global lists inside an 'interface' declaration.
|
|
Treat 'ignore' option lists the same as 'request' and 'require'
option lists. i.e. keep a list of the options rather than using
an ACTION flag. So overriding a previous ignore list will not leave
breadcrumbs and incorrect ACTIONs lying around.
The list will be applied when the new lease is created, and will
override any ACTION specified for the option.
Mention in dhclient.conf(5) that each request/require/ignore statement
will override any previous one.
|
|
Don't toss away an existing request/require list unless the new
list is successfully parsed.
|
|
Storing an option in a list more than once is silly, wastes space
and is possibly confusing to sensitive dhcp servers. Make it a
syntax error to attempt to store an option in a list more than once.
|
|
DHO_PAD ("pad") and DHO_END ("option-end") are not really options
and it makes no sense to require, request, or ignore them. And
probably would confuse some sensitive dhcp servers.
|
|
1) Add config->required_options_count so that syntactically incorrect
request statement in dhclient.conf is completely ignored.
2) Pass size of buffer being filled instead of assuming 256.
3) Always zero (a.k.a. DHO_PAD) the passed in buffer.
4) Check for out of bounds index before using it, not after.
Add TOK_IGNORE to syntax in comment.
No intentional functional change other than catching bad request
statements.
|
|
in dhclient.conf.
Always zero out stack masks rather than using stack garbage when
no subnet-mask is provided.
|
|
|
|
Looks fine reyk@ ok mikeb@
|
|
|
|
version. This is the last hand-rolled imsg implementation I could
spot. Doesn't seem to break sparc64.
Suggested by chris@, tweaks from brad@ and reyk@.
ok reyk@
|
|
|
|
the interface index, hardware address, etc. as well as the interface
name.
|
|
intended.
|
|
|
|
dhcpd.h to pull in most sys/net/netinet/etc. .h file. Eliminate
superfluous #include's.
|
|
redirect privileged child's STDIN/OUT/ERROR to /dev/null. This was
already avoided for the unprivileged process. Makes printf/note
debugging easier.
|
