Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src Catch up to current in src/external/bsd/dhcpcd/dist, requ...



details:   https://anonhg.NetBSD.org/src/rev/1791b24eda31
branches:  netbsd-8
changeset: 319712:1791b24eda31
user:      martin <martin%NetBSD.org@localhost>
date:      Thu Jun 07 18:34:03 2018 +0000

description:
Catch up to current in src/external/bsd/dhcpcd/dist, requested
by roy in ticket #849:

external/bsd/dhcpcd/dist/Makefile               up to 1.1.1.5
external/bsd/dhcpcd/dist/src/arp.c              up to 1.1.1.7
external/bsd/dhcpcd/dist/src/auth.c             up to 1.1.1.5
external/bsd/dhcpcd/dist/src/auth.h             up to 1.1.1.3
external/bsd/dhcpcd/dist/src/bpf.c              up to 1.7
external/bsd/dhcpcd/dist/src/defs.h             up to 1.1.1.13
external/bsd/dhcpcd/dist/src/dhcp.c             up to 1.11
external/bsd/dhcpcd/dist/src/dhcp.h             up to 1.1.1.6
external/bsd/dhcpcd/dist/src/dhcp6.c            up to 1.1.1.12
external/bsd/dhcpcd/dist/src/dhcp6.h            up to 1.1.1.6
external/bsd/dhcpcd/dist/src/dhcpcd-definitions.conf up to 1.1.1.2
external/bsd/dhcpcd/dist/src/dhcpcd.8.in        up to 1.1.1.9
external/bsd/dhcpcd/dist/src/dhcpcd.c           up to 1.12
external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in   up to 1.1.1.9
external/bsd/dhcpcd/dist/src/if-bsd.c           up to 1.1.1.8
external/bsd/dhcpcd/dist/src/if-linux.c         up to 1.1.1.9
external/bsd/dhcpcd/dist/src/if-options.c       up to 1.10
external/bsd/dhcpcd/dist/src/ipv4ll.h           up to 1.1.1.4
external/bsd/dhcpcd/dist/src/ipv6.c             up to 1.1.1.10
external/bsd/dhcpcd/dist/src/ipv6.h             up to 1.1.1.7
external/bsd/dhcpcd/dist/src/ipv6nd.c           up to 1.1.1.8
external/bsd/dhcpcd/dist/src/ipv6nd.h           up to 1.1.1.6
external/bsd/dhcpcd/dist/src/route.c            up to 1.1.1.7
doc/3RDPARTY                                    (manually modified)

Import dhcpcd 7.0.5b.

Changes:
 * Routing: Fix case when cloning route changes but needs to be replaced
 * DHCP6: Transpose DHCP userclass option into DHCP6
 * DHCP6: Fix sending custom vendor class option
 * Auth: Allow zero value replay detection data
 * Auth: Allow different tokens for send and receive
 * ND6: Warn if router lifetime is set to zero
 * DHCP6: Softwire Address and Port-Mapped Clients, RFC7598
 *  dhcp: Clarified some checksumming code, style and commentary
    (thanks to Maxime Villard)
 *  dhcp6: IAID is now unique per IA type rather than global
 *  ip6: if an IA callback causes a fork, exit earlier

diffstat:

 doc/3RDPARTY                                         |    6 +-
 external/bsd/dhcpcd/dist/Makefile                    |    3 +-
 external/bsd/dhcpcd/dist/src/arp.c                   |    9 +-
 external/bsd/dhcpcd/dist/src/auth.c                  |   82 ++++++++---
 external/bsd/dhcpcd/dist/src/auth.h                  |    2 +
 external/bsd/dhcpcd/dist/src/bpf.c                   |    6 +-
 external/bsd/dhcpcd/dist/src/defs.h                  |    2 +-
 external/bsd/dhcpcd/dist/src/dhcp.c                  |   12 +-
 external/bsd/dhcpcd/dist/src/dhcp.h                  |    1 -
 external/bsd/dhcpcd/dist/src/dhcp6.c                 |  130 +++++++++++++-----
 external/bsd/dhcpcd/dist/src/dhcp6.h                 |    2 +-
 external/bsd/dhcpcd/dist/src/dhcpcd-definitions.conf |   31 ++++
 external/bsd/dhcpcd/dist/src/dhcpcd.8.in             |   13 +-
 external/bsd/dhcpcd/dist/src/dhcpcd.c                |   49 +++++-
 external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in        |   20 ++-
 external/bsd/dhcpcd/dist/src/if-bsd.c                |   11 +-
 external/bsd/dhcpcd/dist/src/if-linux.c              |   36 +---
 external/bsd/dhcpcd/dist/src/if-options.c            |   38 ++++-
 external/bsd/dhcpcd/dist/src/ipv4ll.h                |    1 -
 external/bsd/dhcpcd/dist/src/ipv6.c                  |   25 ++-
 external/bsd/dhcpcd/dist/src/ipv6.h                  |    1 -
 external/bsd/dhcpcd/dist/src/ipv6nd.c                |   26 ++-
 external/bsd/dhcpcd/dist/src/ipv6nd.h                |    1 -
 external/bsd/dhcpcd/dist/src/route.c                 |    2 +-
 24 files changed, 353 insertions(+), 156 deletions(-)

diffs (truncated from 1212 to 300 lines):

diff -r 15a9dc19000e -r 1791b24eda31 doc/3RDPARTY
--- a/doc/3RDPARTY      Thu Jun 07 18:24:15 2018 +0000
+++ b/doc/3RDPARTY      Thu Jun 07 18:34:03 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: 3RDPARTY,v 1.1444.2.11 2018/05/06 09:42:38 martin Exp $
+#      $NetBSD: 3RDPARTY,v 1.1444.2.12 2018/06/07 18:34:03 martin Exp $
 #
 # This file contains a list of the software that has been integrated into
 # NetBSD where we are not the primary maintainer.
@@ -334,8 +334,8 @@
 Use the dhcp2netbsd script.
 
 Package:       dhcpcd
-Version:       7.0.0
-Current Vers:  7.0.0
+Version:       7.0.5b
+Current Vers:  7.0.5b
 Maintainer:    roy
 Archive Site:  ftp://roy.marples.name/pub/dhcpcd/
 Home Page:     http://roy.marples.name/projects/dhcpcd/
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/Makefile
--- a/external/bsd/dhcpcd/dist/Makefile Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/Makefile Thu Jun 07 18:34:03 2018 +0000
@@ -8,7 +8,8 @@
 FOSSILID?=     current
 GITREF?=       HEAD
 
-DISTPREFIX?=   dhcpcd-${VERSION}
+DISTSUFFIX=
+DISTPREFIX?=   dhcpcd-${VERSION}${DISTSUFFIX}
 DISTFILEGZ?=   ${DISTPREFIX}.tar.gz
 DISTFILE?=     ${DISTPREFIX}.tar.xz
 DISTINFO=      ${DISTFILE}.distinfo
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/src/arp.c
--- a/external/bsd/dhcpcd/dist/src/arp.c        Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.c        Thu Jun 07 18:34:03 2018 +0000
@@ -128,13 +128,16 @@
        /* Protocol must be IP. */
        if (ar.ar_pro != htons(ETHERTYPE_IP))
                continue;
+       /* lladdr length matches */
+       if (ar.ar_hln != ifp->hwlen)
+               continue;
+       /* Protocol length must match in_addr_t */
+       if (ar.ar_pln != sizeof(arm.sip.s_addr))
+               return;
        /* Only these types are recognised */
        if (ar.ar_op != htons(ARPOP_REPLY) &&
            ar.ar_op != htons(ARPOP_REQUEST))
                continue;
-       /* Protocol length must match in_addr_t */
-       if (ar.ar_pln != sizeof(arm.sip.s_addr))
-               return;
 #endif
 
        /* Get pointers to the hardware addresses */
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/src/auth.c
--- a/external/bsd/dhcpcd/dist/src/auth.c       Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.c       Thu Jun 07 18:34:03 2018 +0000
@@ -151,7 +151,24 @@
 
        memcpy(&replay, d, sizeof(replay));
        replay = ntohll(replay);
-       if (state->token) {
+       /*
+        * Test for a replay attack.
+        *
+        * NOTE: Some servers always send a replay data value of zero.
+        * This is strictly compliant with RFC 3315 and 3318 which say:
+        * "If the RDM field contains 0x00, the replay detection field MUST be
+        *    set to the value of a monotonically increasing counter."
+        * An example of a monotonically increasing sequence is:
+        * 1, 2, 2, 2, 2, 2, 2
+        * Errata 3474 updates RFC 3318 to say:
+        * "If the RDM field contains 0x00, the replay detection field MUST be
+        *    set to the value of a strictly increasing counter."
+        *
+        * Taking the above into account, dhcpcd will only test for
+        * strictly speaking replay attacks if it receives any non zero
+        * replay data to validate against.
+        */
+       if (state->token && state->replay != 0) {
                if (state->replay == (replay ^ 0x8000000000000000ULL)) {
                        /* We don't know if the singular point is increasing
                         * or decreasing. */
@@ -174,7 +191,7 @@
         * Rest of data is MAC. */
        switch (protocol) {
        case AUTH_PROTO_TOKEN:
-               secretid = 0;
+               secretid = auth->token_rcv_secretid;
                break;
        case AUTH_PROTO_DELAYED:
                if (dlen < sizeof(secretid) + sizeof(hmac_code)) {
@@ -182,6 +199,7 @@
                        return NULL;
                }
                memcpy(&secretid, d, sizeof(secretid));
+               secretid = ntohl(secretid);
                d += sizeof(secretid);
                dlen -= sizeof(secretid);
                break;
@@ -197,6 +215,7 @@
                        dlen -= realm_len;
                }
                memcpy(&secretid, d, sizeof(secretid));
+               secretid = ntohl(secretid);
                d += sizeof(secretid);
                dlen -= sizeof(secretid);
                break;
@@ -266,7 +285,6 @@
        }
 
        /* Find a token for the realm and secret */
-       secretid = ntohl(secretid);
        TAILQ_FOREACH(t, &auth->tokens, next) {
                if (t->secretid == secretid &&
                    t->realm_len == realm_len &&
@@ -478,14 +496,16 @@
        uint64_t rdm;
        uint8_t hmac_code[HMAC_LENGTH];
        time_t now;
-       uint8_t hops, *p, info, *m, *data;
+       uint8_t hops, *p, *m, *data;
        uint32_t giaddr, secretid;
+       bool auth_info;
 
-       if (auth->protocol == 0 && t == NULL) {
+       /* Ignore the token argument given to us - always send using the
+        * configured token. */
+       if (auth->protocol == AUTH_PROTO_TOKEN) {
                TAILQ_FOREACH(t, &auth->tokens, next) {
-                       if (t->secretid == 0 &&
-                           t->realm_len == 0)
-                       break;
+                       if (t->secretid == auth->token_snd_secretid)
+                               break;
                }
                if (t == NULL) {
                        errno = EINVAL;
@@ -532,9 +552,9 @@
        /* DISCOVER or INFORM messages don't write auth info */
        if ((mp == 4 && (mt == DHCP_DISCOVER || mt == DHCP_INFORM)) ||
            (mp == 6 && (mt == DHCP6_SOLICIT || mt == DHCP6_INFORMATION_REQ)))
-               info = 0;
+               auth_info = false;
        else
-               info = 1;
+               auth_info = true;
 
        /* Work out the auth area size.
         * We only need to do this for DISCOVER messages */
@@ -545,11 +565,11 @@
                        dlen += t->key_len;
                        break;
                case AUTH_PROTO_DELAYEDREALM:
-                       if (info && t)
+                       if (auth_info && t)
                                dlen += t->realm_len;
                        /* FALLTHROUGH */
                case AUTH_PROTO_DELAYED:
-                       if (info && t)
+                       if (auth_info && t)
                                dlen += sizeof(t->secretid) + sizeof(hmac_code);
                        break;
                }
@@ -572,18 +592,32 @@
        /* Write out our option */
        *data++ = auth->protocol;
        *data++ = auth->algorithm;
-       *data++ = auth->rdm;
-       switch (auth->rdm) {
-       case AUTH_RDM_MONOTONIC:
-               rdm = get_next_rdm_monotonic(auth);
-               break;
-       default:
-               /* This block appeases gcc, clang doesn't need it */
-               rdm = get_next_rdm_monotonic(auth);
-               break;
+       /*
+        * RFC 3315 21.4.4.1 says that SOLICIT in DELAYED authentication
+        * should not set RDM or it's data.
+        * An expired draft draft-ietf-dhc-dhcpv6-clarify-auth-01 suggets
+        * this should not be set for INFORMATION REQ messages as well,
+        * which is probably a good idea because both states start from zero.
+        */
+       if (auth_info ||
+           !(auth->protocol & (AUTH_PROTO_DELAYED | AUTH_PROTO_DELAYEDREALM)))
+       {
+               *data++ = auth->rdm;
+               switch (auth->rdm) {
+               case AUTH_RDM_MONOTONIC:
+                       rdm = get_next_rdm_monotonic(auth);
+                       break;
+               default:
+                       /* This block appeases gcc, clang doesn't need it */
+                       rdm = get_next_rdm_monotonic(auth);
+                       break;
+               }
+               rdm = htonll(rdm);
+               memcpy(data, &rdm, 8);
+       } else {
+               *data++ = 0;            /* rdm */
+               memset(data, 0, 8);     /* replay detection data */
        }
-       rdm = htonll(rdm);
-       memcpy(data, &rdm, 8);
        data += 8;
        dlen -= 1 + 1 + 1 + 8;
 
@@ -603,7 +637,7 @@
        }
 
        /* DISCOVER or INFORM messages don't write auth info */
-       if (!info)
+       if (!auth_info)
                return (ssize_t)dlen;
 
        /* Loading a saved lease without an authentication option */
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/src/auth.h
--- a/external/bsd/dhcpcd/dist/src/auth.h       Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.h       Thu Jun 07 18:34:03 2018 +0000
@@ -71,6 +71,8 @@
        uint64_t last_replay;
        uint8_t last_replay_set;
        struct token_head tokens;
+       uint32_t token_snd_secretid;
+       uint32_t token_rcv_secretid;
 #endif
 };
 
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/src/bpf.c
--- a/external/bsd/dhcpcd/dist/src/bpf.c        Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/bpf.c        Thu Jun 07 18:34:03 2018 +0000
@@ -108,7 +108,7 @@
        size_t buf_len;
        struct bpf_version pv;
 #ifdef BIOCIMMEDIATE
-       int flags;
+       unsigned int flags;
 #endif
 #ifndef O_CLOEXEC
        int fd_opts;
@@ -411,7 +411,7 @@
        /* Make sure the hardware length matches. */
        BPF_STMT(BPF_LD + BPF_B + BPF_IND, offsetof(struct arphdr, ar_hln)),
        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K,
-                sizeof((struct ether_arp *)0)->arp_sha, 1, 0),
+                sizeof(((struct ether_arp *)0)->arp_sha), 1, 0),
        BPF_STMT(BPF_RET + BPF_K, 0),
 };
 #define bpf_arp_ether_len      __arraycount(bpf_arp_ether)
@@ -540,7 +540,7 @@
 #define BPF_BOOTP_ETHER_LEN    __arraycount(bpf_bootp_ether)
 
 static const struct bpf_insn bpf_bootp_filter[] = {
-       /* Make sure it's an IPv4 packet. */
+       /* Make sure it's an optionless IPv4 packet. */
        BPF_STMT(BPF_LD + BPF_B + BPF_IND, 0),
        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0x45, 1, 0),
        BPF_STMT(BPF_RET + BPF_K, 0),
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/src/defs.h
--- a/external/bsd/dhcpcd/dist/src/defs.h       Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/defs.h       Thu Jun 07 18:34:03 2018 +0000
@@ -28,7 +28,7 @@
 #define CONFIG_H
 
 #define PACKAGE                        "dhcpcd"
-#define VERSION                        "7.0.3"
+#define VERSION                        "7.0.5"
 
 #ifndef CONFIG
 # define CONFIG                        SYSCONFDIR "/" PACKAGE ".conf"
diff -r 15a9dc19000e -r 1791b24eda31 external/bsd/dhcpcd/dist/src/dhcp.c
--- a/external/bsd/dhcpcd/dist/src/dhcp.c       Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.c       Thu Jun 07 18:34:03 2018 +0000
@@ -2101,8 +2101,10 @@
        if (ifp->ctx->options & DHCPCD_FORKED)
                return;
 
+#ifdef IPV4LL
        /* Stop IPv4LL now we have a working DHCP address */
        ipv4ll_drop(ifp);
+#endif
 
        if (ifo->options & DHCPCD_INFORM)
                dhcp_inform(ifp);
@@ -3276,7 +3278,7 @@
        struct bootp_pkt *p;
        uint16_t bytes;
 
-       if (data_len < sizeof(p->ip) + sizeof(p->udp)) {
+       if (data_len < sizeof(p->ip)) {
                if (from)
                        from->s_addr = INADDR_ANY;
                errno = ERANGE;
@@ -3291,6 +3293,12 @@
        }
 
        bytes = ntohs(p->ip.ip_len);



Home | Main Index | Thread Index | Old Index