Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/dhcpcd/dist Import dhcpcd-6.11.4 with the follo...
details: https://anonhg.NetBSD.org/src/rev/0a637b8f432d
branches: trunk
changeset: 348164:0a637b8f432d
user: roy <roy%NetBSD.org@localhost>
date: Fri Oct 07 08:36:16 2016 +0000
description:
Import dhcpcd-6.11.4 with the following changes:
* Fixed octal and hex string parsing in options.
* Several statically sized buffers have been removed and replaced
with dynamically sized ones where we have no real idea of what
the size will be.
* Reverse IPv4 route removal order.
* Added --small configure directive to reduce binary size
* Allow DHCPv6, IPv4lL and authentication to be compiled out
* Add support for ifa_addrflags in getifaddrs(3)
* Add support for ifam_addrflags and ifam_pid from route(4)
* If T1 or T2 are not set in DHCPv6 messages, use a default from the
lowest pltime instead of the expiration time.
* Validate lease before moving to REQUEST when both ends use
rapid commit.
* If lease validation fails, don't restart the DISCOVER phase if
we're already in it.
diffstat:
external/bsd/dhcpcd/dist/crypt/arp.h | 97 ++
external/bsd/dhcpcd/dist/crypt/auth.c | 671 +++++++++++++++++
external/bsd/dhcpcd/dist/crypt/auth.h | 92 ++
external/bsd/dhcpcd/dist/crypt/common.h | 205 +++++
external/bsd/dhcpcd/dist/crypt/config.h | 19 +
external/bsd/dhcpcd/dist/crypt/control.h | 64 +
external/bsd/dhcpcd/dist/crypt/defs.h | 76 +
external/bsd/dhcpcd/dist/crypt/dhcp-common.h | 123 +++
external/bsd/dhcpcd/dist/crypt/dhcp.h | 276 ++++++
external/bsd/dhcpcd/dist/crypt/dhcp6.h | 269 ++++++
external/bsd/dhcpcd/dist/crypt/dhcpcd.h | 206 +++++
external/bsd/dhcpcd/dist/crypt/if-options.h | 229 +++++
external/bsd/dhcpcd/dist/crypt/if.h | 218 +++++
external/bsd/dhcpcd/dist/crypt/ipv4.h | 173 ++++
external/bsd/dhcpcd/dist/crypt/ipv6.h | 352 ++++++++
external/bsd/dhcpcd/dist/dhcpcd-definitions-small.conf | 125 +++
external/bsd/dhcpcd/dist/dhcpcd-embedded.c.in | 2 +-
external/bsd/dhcpcd/dist/dhcpcd-embedded.h.in | 2 +-
external/bsd/dhcpcd/dist/genembedc | 18 +
external/bsd/dhcpcd/dist/genembedh | 17 +
20 files changed, 3232 insertions(+), 2 deletions(-)
diffs (truncated from 3325 to 300 lines):
diff -r d87ac2a77024 -r 0a637b8f432d external/bsd/dhcpcd/dist/crypt/arp.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/dhcpcd/dist/crypt/arp.h Fri Oct 07 08:36:16 2016 +0000
@@ -0,0 +1,97 @@
+/*
+ * dhcpcd - DHCP client daemon
+ * Copyright (c) 2006-2015 Roy Marples <roy%marples.name@localhost>
+ * All rights reserved
+
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef ARP_H
+#define ARP_H
+
+/* ARP timings from RFC5227 */
+#define PROBE_WAIT 1
+#define PROBE_NUM 3
+#define PROBE_MIN 1
+#define PROBE_MAX 2
+#define ANNOUNCE_WAIT 2
+#define ANNOUNCE_NUM 2
+#define ANNOUNCE_INTERVAL 2
+#define MAX_CONFLICTS 10
+#define RATE_LIMIT_INTERVAL 60
+#define DEFEND_INTERVAL 10
+
+#include "dhcpcd.h"
+#include "if.h"
+
+struct arp_msg {
+ uint16_t op;
+ unsigned char sha[HWADDR_LEN];
+ struct in_addr sip;
+ unsigned char tha[HWADDR_LEN];
+ struct in_addr tip;
+};
+
+struct arp_state {
+ TAILQ_ENTRY(arp_state) next;
+ struct interface *iface;
+
+ void (*probed_cb)(struct arp_state *);
+ void (*announced_cb)(struct arp_state *);
+ void (*conflicted_cb)(struct arp_state *, const struct arp_msg *);
+ void (*free_cb)(struct arp_state *);
+
+ struct in_addr addr;
+ int probes;
+ int claims;
+ struct in_addr failed;
+};
+TAILQ_HEAD(arp_statehead, arp_state);
+
+struct iarp_state {
+ int fd;
+ struct arp_statehead arp_states;
+};
+
+#define ARP_STATE(ifp) \
+ ((struct iarp_state *)(ifp)->if_data[IF_DATA_ARP])
+#define ARP_CSTATE(ifp) \
+ ((const struct iarp_state *)(ifp)->if_data[IF_DATA_ARP])
+
+#ifdef INET
+int arp_open(struct interface *);
+ssize_t arp_request(const struct interface *, in_addr_t, in_addr_t);
+void arp_report_conflicted(const struct arp_state *, const struct arp_msg *);
+void arp_announce(struct arp_state *);
+void arp_probe(struct arp_state *);
+struct arp_state *arp_new(struct interface *, const struct in_addr *);
+void arp_cancel(struct arp_state *);
+void arp_free(struct arp_state *);
+void arp_free_but(struct arp_state *);
+struct arp_state *arp_find(struct interface *, const struct in_addr *);
+void arp_close(struct interface *);
+
+void arp_handleifa(int, struct ipv4_addr *);
+#else
+#define arp_close(a) {}
+#endif
+#endif
diff -r d87ac2a77024 -r 0a637b8f432d external/bsd/dhcpcd/dist/crypt/auth.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/dhcpcd/dist/crypt/auth.c Fri Oct 07 08:36:16 2016 +0000
@@ -0,0 +1,671 @@
+/*
+ * dhcpcd - DHCP client daemon
+ * Copyright (c) 2006-2015 Roy Marples <roy%marples.name@localhost>
+ * All rights reserved
+
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/file.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "config.h"
+#include "auth.h"
+#include "crypt/crypt.h"
+#include "dhcp.h"
+#include "dhcp6.h"
+#include "dhcpcd.h"
+
+#ifdef __sun
+#define htonll
+#define ntohll
+#endif
+
+#ifndef htonll
+#if (BYTE_ORDER == LITTLE_ENDIAN)
+static inline uint64_t
+htonll(uint64_t x)
+{
+
+ return (uint64_t)htonl((uint32_t)(x >> 32)) |
+ (uint64_t)htonl((uint32_t)(x & 0xffffffff)) << 32;
+}
+#else /* (BYTE_ORDER == LITTLE_ENDIAN) */
+#define htonll(x) (x)
+#endif
+#endif /* htonll */
+
+#ifndef ntohll
+#if (BYTE_ORDER == LITTLE_ENDIAN)
+static inline uint64_t
+ntohll(uint64_t x)
+{
+
+ return (uint64_t)ntohl((uint32_t)(x >> 32)) |
+ (uint64_t)ntohl((uint32_t)(x & 0xffffffff)) << 32;
+}
+#else /* (BYTE_ORDER == LITTLE_ENDIAN) */
+#define ntohll(x) (x)
+#endif
+#endif /* ntohll */
+
+#define HMAC_LENGTH 16
+
+void
+dhcp_auth_reset(struct authstate *state)
+{
+
+ state->replay = 0;
+ if (state->token) {
+ free(state->token->key);
+ free(state->token->realm);
+ free(state->token);
+ state->token = NULL;
+ }
+ if (state->reconf) {
+ free(state->reconf->key);
+ free(state->reconf->realm);
+ free(state->reconf);
+ state->reconf = NULL;
+ }
+}
+
+/*
+ * Authenticate a DHCP message.
+ * m and mlen refer to the whole message.
+ * t is the DHCP type, pass it 4 or 6.
+ * data and dlen refer to the authentication option within the message.
+ */
+const struct token *
+dhcp_auth_validate(struct authstate *state, const struct auth *auth,
+ const uint8_t *m, size_t mlen, int mp, int mt,
+ const uint8_t *data, size_t dlen)
+{
+ uint8_t protocol, algorithm, rdm, *mm, type;
+ uint64_t replay;
+ uint32_t secretid;
+ const uint8_t *d, *realm;
+ size_t realm_len;
+ const struct token *t;
+ time_t now;
+ uint8_t hmac[HMAC_LENGTH];
+
+ if (dlen < 3 + sizeof(replay)) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ /* Ensure that d is inside m which *may* not be the case for DHPCPv4 */
+ if (data < m || data > m + mlen || data + dlen > m + mlen) {
+ errno = ERANGE;
+ return NULL;
+ }
+
+ d = data;
+ protocol = *d++;
+ algorithm = *d++;
+ rdm = *d++;
+ if (!(auth->options & DHCPCD_AUTH_SEND)) {
+ /* If we didn't send any authorisation, it can only be a
+ * reconfigure key */
+ if (protocol != AUTH_PROTO_RECONFKEY) {
+ errno = EINVAL;
+ return NULL;
+ }
+ } else if (protocol != auth->protocol ||
+ algorithm != auth->algorithm ||
+ rdm != auth->rdm)
+ {
+ /* As we don't require authentication, we should still
+ * accept a reconfigure key */
+ if (protocol != AUTH_PROTO_RECONFKEY ||
+ auth->options & DHCPCD_AUTH_REQUIRE)
+ {
+ errno = EPERM;
+ return NULL;
+ }
+ }
+ dlen -= 3;
+
+ memcpy(&replay, d, sizeof(replay));
+ replay = ntohll(replay);
+ if (state->token) {
+ if (state->replay == (replay ^ 0x8000000000000000ULL)) {
+ /* We don't know if the singular point is increasing
+ * or decreasing. */
+ errno = EPERM;
+ return NULL;
+ }
+ if ((uint64_t)(replay - state->replay) <= 0) {
+ /* Replay attack detected */
+ errno = EPERM;
+ return NULL;
+ }
+ }
+ d+= sizeof(replay);
+ dlen -= sizeof(replay);
+
+ realm = NULL;
+ realm_len = 0;
+
+ /* Extract realm and secret.
+ * Rest of data is MAC. */
+ switch (protocol) {
+ case AUTH_PROTO_TOKEN:
+ secretid = 0;
+ break;
+ case AUTH_PROTO_DELAYED:
+ if (dlen < sizeof(secretid) + sizeof(hmac)) {
+ errno = EINVAL;
+ return NULL;
+ }
+ memcpy(&secretid, d, sizeof(secretid));
+ d += sizeof(secretid);
+ dlen -= sizeof(secretid);
+ break;
+ case AUTH_PROTO_DELAYEDREALM:
+ if (dlen < sizeof(secretid) + sizeof(hmac)) {
+ errno = EINVAL;
+ return NULL;
Home |
Main Index |
Thread Index |
Old Index