Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src Catch up to current in src/external/bsd/dhcpcd/dist, requ...
details: https://anonhg.NetBSD.org/src/rev/776460dc2a01
branches: netbsd-8
changeset: 435027:776460dc2a01
user: martin <martin%NetBSD.org@localhost>
date: Thu Jun 07 18:34:03 2018 +0000
description:
Catch up to current in src/external/bsd/dhcpcd/dist, requested
by roy in ticket #849:
external/bsd/dhcpcd/dist/Makefile up to 1.1.1.5
external/bsd/dhcpcd/dist/src/arp.c up to 1.1.1.7
external/bsd/dhcpcd/dist/src/auth.c up to 1.1.1.5
external/bsd/dhcpcd/dist/src/auth.h up to 1.1.1.3
external/bsd/dhcpcd/dist/src/bpf.c up to 1.7
external/bsd/dhcpcd/dist/src/defs.h up to 1.1.1.13
external/bsd/dhcpcd/dist/src/dhcp.c up to 1.11
external/bsd/dhcpcd/dist/src/dhcp.h up to 1.1.1.6
external/bsd/dhcpcd/dist/src/dhcp6.c up to 1.1.1.12
external/bsd/dhcpcd/dist/src/dhcp6.h up to 1.1.1.6
external/bsd/dhcpcd/dist/src/dhcpcd-definitions.conf up to 1.1.1.2
external/bsd/dhcpcd/dist/src/dhcpcd.8.in up to 1.1.1.9
external/bsd/dhcpcd/dist/src/dhcpcd.c up to 1.12
external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in up to 1.1.1.9
external/bsd/dhcpcd/dist/src/if-bsd.c up to 1.1.1.8
external/bsd/dhcpcd/dist/src/if-linux.c up to 1.1.1.9
external/bsd/dhcpcd/dist/src/if-options.c up to 1.10
external/bsd/dhcpcd/dist/src/ipv4ll.h up to 1.1.1.4
external/bsd/dhcpcd/dist/src/ipv6.c up to 1.1.1.10
external/bsd/dhcpcd/dist/src/ipv6.h up to 1.1.1.7
external/bsd/dhcpcd/dist/src/ipv6nd.c up to 1.1.1.8
external/bsd/dhcpcd/dist/src/ipv6nd.h up to 1.1.1.6
external/bsd/dhcpcd/dist/src/route.c up to 1.1.1.7
doc/3RDPARTY (manually modified)
Import dhcpcd 7.0.5b.
Changes:
* Routing: Fix case when cloning route changes but needs to be replaced
* DHCP6: Transpose DHCP userclass option into DHCP6
* DHCP6: Fix sending custom vendor class option
* Auth: Allow zero value replay detection data
* Auth: Allow different tokens for send and receive
* ND6: Warn if router lifetime is set to zero
* DHCP6: Softwire Address and Port-Mapped Clients, RFC7598
* dhcp: Clarified some checksumming code, style and commentary
(thanks to Maxime Villard)
* dhcp6: IAID is now unique per IA type rather than global
* ip6: if an IA callback causes a fork, exit earlier
diffstat:
doc/3RDPARTY | 6 +-
external/bsd/dhcpcd/dist/Makefile | 3 +-
external/bsd/dhcpcd/dist/src/arp.c | 9 +-
external/bsd/dhcpcd/dist/src/auth.c | 82 ++++++++---
external/bsd/dhcpcd/dist/src/auth.h | 2 +
external/bsd/dhcpcd/dist/src/bpf.c | 6 +-
external/bsd/dhcpcd/dist/src/defs.h | 2 +-
external/bsd/dhcpcd/dist/src/dhcp.c | 12 +-
external/bsd/dhcpcd/dist/src/dhcp.h | 1 -
external/bsd/dhcpcd/dist/src/dhcp6.c | 130 +++++++++++++-----
external/bsd/dhcpcd/dist/src/dhcp6.h | 2 +-
external/bsd/dhcpcd/dist/src/dhcpcd-definitions.conf | 31 ++++
external/bsd/dhcpcd/dist/src/dhcpcd.8.in | 13 +-
external/bsd/dhcpcd/dist/src/dhcpcd.c | 49 +++++-
external/bsd/dhcpcd/dist/src/dhcpcd.conf.5.in | 20 ++-
external/bsd/dhcpcd/dist/src/if-bsd.c | 11 +-
external/bsd/dhcpcd/dist/src/if-linux.c | 36 +---
external/bsd/dhcpcd/dist/src/if-options.c | 38 ++++-
external/bsd/dhcpcd/dist/src/ipv4ll.h | 1 -
external/bsd/dhcpcd/dist/src/ipv6.c | 25 ++-
external/bsd/dhcpcd/dist/src/ipv6.h | 1 -
external/bsd/dhcpcd/dist/src/ipv6nd.c | 26 ++-
external/bsd/dhcpcd/dist/src/ipv6nd.h | 1 -
external/bsd/dhcpcd/dist/src/route.c | 2 +-
24 files changed, 353 insertions(+), 156 deletions(-)
diffs (truncated from 1212 to 300 lines):
diff -r 0cd4a75c78fa -r 776460dc2a01 doc/3RDPARTY
--- a/doc/3RDPARTY Thu Jun 07 18:24:15 2018 +0000
+++ b/doc/3RDPARTY Thu Jun 07 18:34:03 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: 3RDPARTY,v 1.1444.2.11 2018/05/06 09:42:38 martin Exp $
+# $NetBSD: 3RDPARTY,v 1.1444.2.12 2018/06/07 18:34:03 martin Exp $
#
# This file contains a list of the software that has been integrated into
# NetBSD where we are not the primary maintainer.
@@ -334,8 +334,8 @@
Use the dhcp2netbsd script.
Package: dhcpcd
-Version: 7.0.0
-Current Vers: 7.0.0
+Version: 7.0.5b
+Current Vers: 7.0.5b
Maintainer: roy
Archive Site: ftp://roy.marples.name/pub/dhcpcd/
Home Page: http://roy.marples.name/projects/dhcpcd/
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/Makefile
--- a/external/bsd/dhcpcd/dist/Makefile Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/Makefile Thu Jun 07 18:34:03 2018 +0000
@@ -8,7 +8,8 @@
FOSSILID?= current
GITREF?= HEAD
-DISTPREFIX?= dhcpcd-${VERSION}
+DISTSUFFIX=
+DISTPREFIX?= dhcpcd-${VERSION}${DISTSUFFIX}
DISTFILEGZ?= ${DISTPREFIX}.tar.gz
DISTFILE?= ${DISTPREFIX}.tar.xz
DISTINFO= ${DISTFILE}.distinfo
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/src/arp.c
--- a/external/bsd/dhcpcd/dist/src/arp.c Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.c Thu Jun 07 18:34:03 2018 +0000
@@ -128,13 +128,16 @@
/* Protocol must be IP. */
if (ar.ar_pro != htons(ETHERTYPE_IP))
continue;
+ /* lladdr length matches */
+ if (ar.ar_hln != ifp->hwlen)
+ continue;
+ /* Protocol length must match in_addr_t */
+ if (ar.ar_pln != sizeof(arm.sip.s_addr))
+ return;
/* Only these types are recognised */
if (ar.ar_op != htons(ARPOP_REPLY) &&
ar.ar_op != htons(ARPOP_REQUEST))
continue;
- /* Protocol length must match in_addr_t */
- if (ar.ar_pln != sizeof(arm.sip.s_addr))
- return;
#endif
/* Get pointers to the hardware addresses */
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/src/auth.c
--- a/external/bsd/dhcpcd/dist/src/auth.c Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.c Thu Jun 07 18:34:03 2018 +0000
@@ -151,7 +151,24 @@
memcpy(&replay, d, sizeof(replay));
replay = ntohll(replay);
- if (state->token) {
+ /*
+ * Test for a replay attack.
+ *
+ * NOTE: Some servers always send a replay data value of zero.
+ * This is strictly compliant with RFC 3315 and 3318 which say:
+ * "If the RDM field contains 0x00, the replay detection field MUST be
+ * set to the value of a monotonically increasing counter."
+ * An example of a monotonically increasing sequence is:
+ * 1, 2, 2, 2, 2, 2, 2
+ * Errata 3474 updates RFC 3318 to say:
+ * "If the RDM field contains 0x00, the replay detection field MUST be
+ * set to the value of a strictly increasing counter."
+ *
+ * Taking the above into account, dhcpcd will only test for
+ * strictly speaking replay attacks if it receives any non zero
+ * replay data to validate against.
+ */
+ if (state->token && state->replay != 0) {
if (state->replay == (replay ^ 0x8000000000000000ULL)) {
/* We don't know if the singular point is increasing
* or decreasing. */
@@ -174,7 +191,7 @@
* Rest of data is MAC. */
switch (protocol) {
case AUTH_PROTO_TOKEN:
- secretid = 0;
+ secretid = auth->token_rcv_secretid;
break;
case AUTH_PROTO_DELAYED:
if (dlen < sizeof(secretid) + sizeof(hmac_code)) {
@@ -182,6 +199,7 @@
return NULL;
}
memcpy(&secretid, d, sizeof(secretid));
+ secretid = ntohl(secretid);
d += sizeof(secretid);
dlen -= sizeof(secretid);
break;
@@ -197,6 +215,7 @@
dlen -= realm_len;
}
memcpy(&secretid, d, sizeof(secretid));
+ secretid = ntohl(secretid);
d += sizeof(secretid);
dlen -= sizeof(secretid);
break;
@@ -266,7 +285,6 @@
}
/* Find a token for the realm and secret */
- secretid = ntohl(secretid);
TAILQ_FOREACH(t, &auth->tokens, next) {
if (t->secretid == secretid &&
t->realm_len == realm_len &&
@@ -478,14 +496,16 @@
uint64_t rdm;
uint8_t hmac_code[HMAC_LENGTH];
time_t now;
- uint8_t hops, *p, info, *m, *data;
+ uint8_t hops, *p, *m, *data;
uint32_t giaddr, secretid;
+ bool auth_info;
- if (auth->protocol == 0 && t == NULL) {
+ /* Ignore the token argument given to us - always send using the
+ * configured token. */
+ if (auth->protocol == AUTH_PROTO_TOKEN) {
TAILQ_FOREACH(t, &auth->tokens, next) {
- if (t->secretid == 0 &&
- t->realm_len == 0)
- break;
+ if (t->secretid == auth->token_snd_secretid)
+ break;
}
if (t == NULL) {
errno = EINVAL;
@@ -532,9 +552,9 @@
/* DISCOVER or INFORM messages don't write auth info */
if ((mp == 4 && (mt == DHCP_DISCOVER || mt == DHCP_INFORM)) ||
(mp == 6 && (mt == DHCP6_SOLICIT || mt == DHCP6_INFORMATION_REQ)))
- info = 0;
+ auth_info = false;
else
- info = 1;
+ auth_info = true;
/* Work out the auth area size.
* We only need to do this for DISCOVER messages */
@@ -545,11 +565,11 @@
dlen += t->key_len;
break;
case AUTH_PROTO_DELAYEDREALM:
- if (info && t)
+ if (auth_info && t)
dlen += t->realm_len;
/* FALLTHROUGH */
case AUTH_PROTO_DELAYED:
- if (info && t)
+ if (auth_info && t)
dlen += sizeof(t->secretid) + sizeof(hmac_code);
break;
}
@@ -572,18 +592,32 @@
/* Write out our option */
*data++ = auth->protocol;
*data++ = auth->algorithm;
- *data++ = auth->rdm;
- switch (auth->rdm) {
- case AUTH_RDM_MONOTONIC:
- rdm = get_next_rdm_monotonic(auth);
- break;
- default:
- /* This block appeases gcc, clang doesn't need it */
- rdm = get_next_rdm_monotonic(auth);
- break;
+ /*
+ * RFC 3315 21.4.4.1 says that SOLICIT in DELAYED authentication
+ * should not set RDM or it's data.
+ * An expired draft draft-ietf-dhc-dhcpv6-clarify-auth-01 suggets
+ * this should not be set for INFORMATION REQ messages as well,
+ * which is probably a good idea because both states start from zero.
+ */
+ if (auth_info ||
+ !(auth->protocol & (AUTH_PROTO_DELAYED | AUTH_PROTO_DELAYEDREALM)))
+ {
+ *data++ = auth->rdm;
+ switch (auth->rdm) {
+ case AUTH_RDM_MONOTONIC:
+ rdm = get_next_rdm_monotonic(auth);
+ break;
+ default:
+ /* This block appeases gcc, clang doesn't need it */
+ rdm = get_next_rdm_monotonic(auth);
+ break;
+ }
+ rdm = htonll(rdm);
+ memcpy(data, &rdm, 8);
+ } else {
+ *data++ = 0; /* rdm */
+ memset(data, 0, 8); /* replay detection data */
}
- rdm = htonll(rdm);
- memcpy(data, &rdm, 8);
data += 8;
dlen -= 1 + 1 + 1 + 8;
@@ -603,7 +637,7 @@
}
/* DISCOVER or INFORM messages don't write auth info */
- if (!info)
+ if (!auth_info)
return (ssize_t)dlen;
/* Loading a saved lease without an authentication option */
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/src/auth.h
--- a/external/bsd/dhcpcd/dist/src/auth.h Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.h Thu Jun 07 18:34:03 2018 +0000
@@ -71,6 +71,8 @@
uint64_t last_replay;
uint8_t last_replay_set;
struct token_head tokens;
+ uint32_t token_snd_secretid;
+ uint32_t token_rcv_secretid;
#endif
};
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/src/bpf.c
--- a/external/bsd/dhcpcd/dist/src/bpf.c Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/bpf.c Thu Jun 07 18:34:03 2018 +0000
@@ -108,7 +108,7 @@
size_t buf_len;
struct bpf_version pv;
#ifdef BIOCIMMEDIATE
- int flags;
+ unsigned int flags;
#endif
#ifndef O_CLOEXEC
int fd_opts;
@@ -411,7 +411,7 @@
/* Make sure the hardware length matches. */
BPF_STMT(BPF_LD + BPF_B + BPF_IND, offsetof(struct arphdr, ar_hln)),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K,
- sizeof((struct ether_arp *)0)->arp_sha, 1, 0),
+ sizeof(((struct ether_arp *)0)->arp_sha), 1, 0),
BPF_STMT(BPF_RET + BPF_K, 0),
};
#define bpf_arp_ether_len __arraycount(bpf_arp_ether)
@@ -540,7 +540,7 @@
#define BPF_BOOTP_ETHER_LEN __arraycount(bpf_bootp_ether)
static const struct bpf_insn bpf_bootp_filter[] = {
- /* Make sure it's an IPv4 packet. */
+ /* Make sure it's an optionless IPv4 packet. */
BPF_STMT(BPF_LD + BPF_B + BPF_IND, 0),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0x45, 1, 0),
BPF_STMT(BPF_RET + BPF_K, 0),
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/src/defs.h
--- a/external/bsd/dhcpcd/dist/src/defs.h Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/defs.h Thu Jun 07 18:34:03 2018 +0000
@@ -28,7 +28,7 @@
#define CONFIG_H
#define PACKAGE "dhcpcd"
-#define VERSION "7.0.3"
+#define VERSION "7.0.5"
#ifndef CONFIG
# define CONFIG SYSCONFDIR "/" PACKAGE ".conf"
diff -r 0cd4a75c78fa -r 776460dc2a01 external/bsd/dhcpcd/dist/src/dhcp.c
--- a/external/bsd/dhcpcd/dist/src/dhcp.c Thu Jun 07 18:24:15 2018 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.c Thu Jun 07 18:34:03 2018 +0000
@@ -2101,8 +2101,10 @@
if (ifp->ctx->options & DHCPCD_FORKED)
return;
+#ifdef IPV4LL
/* Stop IPv4LL now we have a working DHCP address */
ipv4ll_drop(ifp);
+#endif
if (ifo->options & DHCPCD_INFORM)
dhcp_inform(ifp);
@@ -3276,7 +3278,7 @@
struct bootp_pkt *p;
uint16_t bytes;
- if (data_len < sizeof(p->ip) + sizeof(p->udp)) {
+ if (data_len < sizeof(p->ip)) {
if (from)
from->s_addr = INADDR_ANY;
errno = ERANGE;
@@ -3291,6 +3293,12 @@
}
bytes = ntohs(p->ip.ip_len);
Home |
Main Index |
Thread Index |
Old Index