| Age | Commit message (Collapse) | Author |
|---|
|
various *d, *conf, *ctl files (where relevant) and simple;
also makes "man -k routing" more useful;
help from claudio and florian
ok claudio florian millert
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
This code does not really need to be optional since for non embedded
scope link local addresses this is a NOP.
OK jca@
|
|
Brings various dhcp related daemons into line with
the common idiom.
ok florian@
|
|
From Raf Czlonka, ok sthen@
|
|
This fixes "dhcrelay -i carpX" that used to work when dhcrelay didn't care.
Reported and tested by Kapetanakis Giannis bilias at edu.physics.uoc.gr
|
|
Pointed out by Kapetanakis Giannis
|
|
around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
|
OK rzalamena@
|
|
This code suffered from many years of incremental improvements, fix it to:
- verify available buffer space in all cases and don't just trust the caller
- have an API where you always pass the full buffer length and absolute offset
- use consistent types for lengths and buffer offsets (int vs. size_t, ssize_t)
- don't just ignore errors, return and fail when something is wrong
OK rzalamena@
|
|
OK rzalamena@
|
|
OK rzalamena@
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
ok reyk@
|
|
receive IPv6 support.
ok reyk@
|
|
ok gsoares@, jca@
|
|
Point out that dhcpd(8) -f is an alias for -d.
|
|
log_warn(). Zap a couple of explicit 'syslog()' calls.
|
|
|
|
|
|
|
|
ok benno@
|
|
on the incoming packets.
Man page tweaks from jmc@
ok reyk@
|
|
ok reyk@
|
|
using the default values: use the right address for remote-id.
ok reyk@
|
|
gateway set. This happens mostly because we are watching a BPF socket.
Suggested by and ok jca@
|
|
|
|
Information (RFC 3046) options. While at there change the naming of the
remote destination parameters: instead of "server" call it "destination".
ok reyk@
|
|
information instead of passing multiple different parameters. This also
prepares the dhcrelay code to receive new features, like: IPv6, layer 2
relaying.
ok jca@
|
|
the interface and abort dhcrelay with a more friendly message when we
don't have an address configured in the interface.
ok jca@
|
|
drop requests that have already been relayed. To allow usage in the
middle of a chain, remove this check and only set giaddr if it has not
been set yet. This giaddr will be used by the DHCP server to identify
which subnet the client is connected to.
RFC 1542 specifies that we should increase the hop counter every time
we relay a request. If we receive a request whose hop counter exceeds
the value of 16 we must silently drop it.
ok jca@
|
|
we SHOULD forward the packet not only as L3 broadcast, but also as
L2 broadcast. Apparently that helps on older machines that can't
handle L2 unicast replies.
ok jca@
|
|
OK rzalamena@
|
|
prototype to be more useful.
ok reyk@
|
|
fd == -1 check suggested by deraadt@, ok florian@
|
|
rdaemon() works like daemon(3) but requires its caller to pre-open
/dev/null. This makes it possible to go in the background after
a chroot(2), allowing for more error checking. The pattern is basically
- open /dev/null
- chroot
- privdrop
- rdaemon
"design" initialy discussed with semarie@ a while ago, ok dlg@
|
|
ok krw@
|
|
timegm, and tzset
ok deraadt@
|
|
ok deraadt jca
|
|
each *.c file.
Inspired by mention of header silliness by Edgar Pettijohn and mmcc@
on tech@.
|
|
fixed part of the IP header is completely present before using its
header length field. Then use the data in the IP header to ensure
the entire IP packet is present. Then check that the entire UDP header
is present. Then use the data in the UDP header to ensure all the
data it thinks is present is actually present.
Started when tj@ and a few others noticed ISC "DHCP CVE-2015-8605:
UDP payload length not properly checked".
ok sthen@ henning@
|
|
From dhcpd/packet.c r1.8 ok jca
|
|
ETHER_HDR_LEN from if_ether.h.
From dhcpd packet.c r1.6. ok jca
|
|
decode_udp_ip_header() and the useless check of it. Part of original
diff from pelikan about udp length errors.
From dhcpd: bpf.c r1.9, dhcpd.h r1.46, packet.c r1.5
ok jca
|
|
usr.sbin/dhcpd/packet.c r1.4 to dhcrelay. ok deraadt@
|
|
ok millert@
|
|
Fix very hard to reach DoS attack vector, which would involve more than
8 billion network packets. Mixture of many many malformed and proper
packets could result in a division by zero.
ok krw@
|
|
|
