* DHCP: use request_time, fallback_time and ipv4ll_time rather than reboot timeout
* DHCP6: Wait for IRT to elapse before requesting advertisments
* DHCPv6: Don't re-INFORM if the RA changes
* privsep: Reduce fd use
* dhcpcd: Add support for arp persist defence
* Move dhcp(v4) packet size check earlier
* Define the Azure Endpoint and other site-specific options
* add RFC4191 support by @goertzenator in #297
* dhcpcd: Respect IPV6_PREFERRED_ONLY flag regardless of state
* Fix time_offset to be int to match RFC-2132
* hooks/30-hostname: Exit with 0 if setting hostname is not needed
privsep: Stop proxying stderr to console and fix some detachment issues
non-privsep: Fix launcher hangup
DHCP6: Allow the invalid interface name - to mean don't assign an address from a delegated prefix
DHCP6: Load the configuration for the interface being activated from prefix delegation
* privsep: Stop proxying stderr to console and fix some detachment issues
* non-privsep: Fix launcher hangup
* DHCP6: Allow the invalid interface name - to mean don't assign an address from a delegated prefix
* DHCP6: Load the configuration for the interface being activated from prefix delegation
privsep: Notify processes that dhcpcd has daemonised so they dup
stdout and stderr to /dev/null.
This avoids scripts failing with SIGPIPE if they try and write
to these streams.
DHCP: Don't crash on a test run
dhcpcd: Fix off-by-one overflow when read() writes full BUFSIZ
privsep: fix strlcpy overflow in psp_ifname
privsep: Fix a FD leak when processes exit
dhcpcd: Use a local variable instead of the optind
dhcpcd: Guard against handling many SIGTERM/SIGINT
DHCP6: Send correct amount of used buffer for prefix exclude option
options: andsf6 is DHCPv6, not DHCP
options: introduce the uri option as opposed to a string
DHCP6: Set all requested addrs as not stale when starting discovery
* BSD: When we get RTM_NEWADDR the interface must have IFF_UP
* BSD: Fix non INET6 builds
* DHCP: Don't enforce the message came port 67
* privsep: Allow zero length messages through
* dhcpcd: deal with HANGUP and EPIPE better
* dhcpcd: Fix waitip address family
* privsep: Check if we have a root process before sending it stuff
* privsep: Only unlink control sockets if we created them
* common: Improve valid_domain and check correct return
* common: Allow hwaddr_ntoa to print an empty string
* privsep: Send only what we have put in the buffer to script env
* privsep: keep resources open rather than open/close
* dhcp6: OPTION_NTP_SERVER is now preferred over OPTION_SNTP_SERVER
* Misc bug fixes mainly around privsep for many platforms.
* Fix for reading the some BSD routing table entries.
* Fix reading authtokens from config.
Big new release, mainly around better privsep process management
which allows us to detect when they exit unexpectedly.
* BSD: Find the correct interface for tunnelled routes
* OpenBSD: Fix uniqueness of routes for matching priorities
* Linux: Support more platforms for seccomp (thanks to Fabrice Fontaine)
* eloop: Process all waiting fd's as they come in
* control: Unlink sockets when not in privsep
* privsep: Renamed Master to Manager
* privsep: Renamed Privilged Actioneer to Privileged Proxy
* privsep: Fix getting interface VLANID on BSD
* privsep: Enforce proper alignment of serialized struct cmsghdr
* IPv4LL: Don't remove statically assigned addresses
* routes: Fix route comparision for network prefixes with different masks
* DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages
* DHCP6: Don't spam the log when a RA repeatedly triggers an INFORM
* DHCP: Fix infinite INFORM messages
* DHCP: For anonymous, just use a generic ClientID
* link: Split hardware address randomisation out of anonymous option
* link: Only report hardware changes for active interfaces
* link: Report errors obtaining recv buffer size on overflow
* hooks: Add NOCARRIER_ROAMING reason
* hooks: interface_order now reflects priorities again
With the following changes:
* DHCP: If error adding the address in oneshot, exit with failure
* DHCP: Only listen to the address if we successfully added it
* DHCP6: Fix segfault introduced in dhcpcd-9.3.3
* DHCP6: Abort in test mode when an error is returned by server
* options: allow --ia_na=1 and --ia_pd=2 on the command line
* options: Allow duid to take a value
* dhcpcd: Don't create a launcher process if keeping in foreground
* dhcpcd: Add --noconfigure option
* control: Create an unpriv socket for non master mode
* options: Don't log unknown ones when printing pidfile location
* DHCP: Add support for IPv6-Only Preferred option, RFC 8925.
* BSD: `LINK_STATE_UNKNOWN` is treated as UP once again
* privsep: pass logging to the privileged actioneer
* privsep: allow logfile re-opening to work
* privsep: close BPF socket on ENXIO
* privsep: don't leave a BOOTP BPF listener rebooting in non master mode
* dhcpcd: carrier handling issue fixed from 9.3.0
* dhcpcd: log if interface type is unsupported in debug
* duid: memory leak fixed if UUID wanted but none available
* privsep: fix receiving inet and no BPF running
* privsep: allow gettimeofday for SECCOMP
* privsep: fix stderr redirection again
* dhcpcd: Backticks have been removed from quoting filenames
* dhcpcd: Only manipulate stdin, stdout and stderr if they are valid
* duid: Adjust option so the type can be specified
* logerr: Don't leak logfile fd to scripts
* privsep: Run the launcher process in the sandbox
* BSD: Use `ifi_link_state` as the single source of truth about carrier
* BSD: Ignore vether(4) devices by default
* route: ensure IPv4LL routes come last in priority
* DHCP: fix many issues with extending the last lease
* privsep: don't read control group from config in privsep
* privsep: only the master process responds to signals
* privsep: use a socketpair for stderr/stdin rather than dupping /dev/null
* privsep: right limit stdin/stderr/stdout
* privsep: dumping a lease is now run in a sandbox
* options: check if kernel supports INET or INET6 before enabling default
* options: let clientid override a prior duid
* options: allow -1 to represent infinity for requested lease time
* dhcpcd: fix a crash initing a new interface after route overflow
* inet6: Add support for reporting Mobile IPv6 RA's
* inet6: Report RA Proxy flag if set
* BSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF
* privsep: Don't handle any signals meant for the main process
* eloop: Try and survive a signal storm
* dhcpcd: Add an option to poll the interface carrier state
* script: Make visible some link level parameters to lease dumping
* inet6: Don't regen temp addresses we didn't add
* privsep: Don't limit file writes if logging to a file
* DHCP6: Fix lease timings with nodelay option
* NetBSD: free ARP state once IPv4LL address announced
* NetBSD: Mark RA dervied addresses as AUTOCONF
* BSD: Only mark static routes from dhcpcd.conf as static
* DHCP6: Ensure requested addresses are requested
* DHCP6: Fix prefix length calculation when no prefix specified
* privsep: Implement a resource limited sandbox
* Restore dumping leases from stdin
* auth: Only accept RECONFIGURE messages from LL addresses
* auth: Access the RDM monotonic counter file via privsep
* ARP: call arp_announced() when cancelling it
* BSD: fwip(4) interfaces are now ignored by default
* privsep: Ensure IPC buffers are large enough to carry messages
* privsep: Only open RAW sockets for the needed protocols
* privsep: Fix indirect ioctls returning data
* privsep: wait for processes on SIGCHLD rather than when sent a STOP cmd
* eloop: just use ppoll/pollts(2), falling back to pselect(2)
* Leases are stored outside the chroot again
* The chroot directory can now be (and should be) empty [1]
* ARP is now per address rather than per interface
* Filter allowed ioctls in the privileged actioneer
* Filter allowed UDP ports used by sendto(2) in the privileged actioneer
* Filter allowed file paths in the privileged actioneer
* route socket is now drained on overflow as it cannot be
re-opened by the unpriviledged user
* hostname can no longer be clobbered by SLAAC
* grep is no longer used by the test hook
* Interface hardware address type changes are now picked up
* Fixed some RA timing issues
* Fixed nd_* option parsing in dhcpcd.conf
* Allow SIGPIPE in scripts
* Default dhcpcd.conf no longer sends the current hostname
* Default dhcpcd.conf no longer sends a vendorclassid
* Control sockets are not opened in test mode
* privsep: no longer aborts if protocol not available
* inet6: Don't regen temporary addresses without a state
* inet6: Reduce RA log spam
* dhcp6: Don't log when things consitently fail
* inet6: Add temporary directive to slaac option [1]
* Ensure current interface flags persist when setting a flag
* DHCP via BPF is now aligned correctly
* CMSG buffers are now aligned correctly
* hostnames are no longer clobbered when being forced and a RA is recieved
[1] dhcpcd no longer looks at any possible kernel settings when deciding to
manage IPv6 temporary addresses or not. You now instruct dhcpcd to do this
in dhcpcd.conf. Playing whack-a-mole with various kernel knobs wasn't fun
and some OS's have or are removing RA and thus temporary address managemnt
from the kernel so said knobs are no longer there.
* Decode interface complex interface names eth0.100:2 eth0i100:2.
This allows us to ignore some virtual interfaces by default
* ARP: Report L2 header address on conflict for more clarity
* DHCP: Support jumbo frames (untested)
* DHCP6: Clean up old lease on failure to confirm/rebind, etc
* RA: Prefer older routers
* INET6: Obscure prefixes are now calculated correctly
* Privilege Separation
* default hostname is now a blank string rather than localhost
* Leases are now dumped over the control socket - you get RA's now as well.
* Better support for many IPv6 routers
* RTM_MISS filtering
* RA: Deprecate stale addresses by setting pltime 0
* DHCP6: Deprecate stale addresses by setting pltime 0
* INET6: Support a /128 prefix advertised via RA
* BSD: More address validation from route(4) messages
* DHCP: Fix a potential segfault on DaD failure
* IPv4LL: Fix a potential segfault when dropping IPv4LL addresses
* dhcpcd: Only report SSID when we have a carrier
* IPv6ND: Fix reachable test
* DHCP6: Work better with infinite addresses
* DHCP6: Suboption 3 of NTP Server is a FQDN
* DHCP6: Fix deprecating a delegated prefix
* DHCP: Ensure we have a lease to extract options from
* hooks: STOPPED is now run on timeout and exit
* BSD: Use IP_REVCIF rather than IN_PKTINFO
* DHCP: When rebinding, ensure we have a DHCP ARP state
* RA: Sort routers when reachability changes
* RA: Apply hoplimit, reachable and retrans timer values to kernel
* RA: Warn if advertised MTU > interface MTU
* dhcpcd: Report SSID connection to when we gain carrier
* DHCP: Fix corruption of address flags when renewing
* Fix carrier status after a route socket overflow
* Allow domain spaced options
* DHCP: Allow not sending Force Renew Nonce or Reconf Accept
* IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
* ARP: Fix a typo and remove pragma (thus working with old gcc)
* DHCP6: Fix a cosmetic issue with infinite leases
* DHCP6: SLA 0 and Prefix Len 0 will now add a delegatd /64 address
* Ignore some virtual interfaces such as Tap and Bridge by default
* BPF: Move validation logic out of BPF and back into dhcpcd
* inet6: Fix default route not being installed
* DHCP: If root fs is network mounted, enable last lease extend
* man: Fix lint errors.
* DHCP: Give a better message when packet validation fails
* DHCP: Ensure we have enough data to checksum IP and UDP
The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3 when
the checksuming code was changed to accomodate variable length IP headers.
* dnsmasq: clear cache after updating servers via dbus
* pdns_recursor: Fix global forwards (thus now installed by default)
* man: layout and misc fixes
* BSD: Fixed router reachability tests
* inet6: If router unreachable, just solicit a new one
* inet6: Fon't install a default route if only lladdresses
* inet6: Stop listening to NA messages
* BSD: Listen to RTM_MISS messages
* DHCP: Fix in_cksum for Big Endian
* DHCP{,6}: Don't log an error if the lease file is truncated
* DHCP: Work with IP headers with options
* script: Assert that env string are correctly terminated
* script: Terminate env strings with no value
* script: Don't attempt to use an invalid env string
* route: Fix NULL deference error when using static routes
* ARP: Respect IFF_NOARP
* DHCP: Allow full DHCP support for PtP interfaces, but not by default
* control: sends correct buffer to listeners
dhcpcd-ui now correctly reports SSD association and all the addresses obtained (regression from dhcpcd-7)
* NetBSD: Can be build without ARP support but listen to kernel DaD
* ND6: Removed NA support from SMALL builds
* DHCP: Avoid duplicate read of UDP socket when BPF is also open
* IP: Avoid adding address if already exists on OS other than Linux
* route: Fixed a NULL de-reference error on static routes
* DHCP6: Move to REQUEST if any IA has no-binding in REWNEW/REBIND
* IP: Accept packets with IP header options
* More strict POSIX shell support
* Interfaces have an implicit metric of 0 unless specified
* Inline comments are stripped from nameserver and domain entries
* BSD: Check RTM lengths incase of kernel issues
* DHCP6: Don't stop even when last router goes away
* DHCP6: Fix inform from RA
* hostname: Fix short hostname check
* DHCP: Ensure dhcp is running on the interface received from
* BSD: Link handling has been simplified, however it is expected
that if an interface supports SIOCGIFMEDIA then it reports
the correct link status via route(4) for reliable operations
* BPF: ARP filter is more robust
* BSD: Validate RTM message lengths
This security issue has been addressed:
* DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE
Many thanks to Maxime Villard <max@m00nbsd.net> for discovering this issue.
* BSD: PF_LINK sockets now closed when no longer needed
* BSD: Fix detecting interface for scoped routes
* script: Allow "" to mean /dev/null
* script: Add static routers and routes to env
* DHCP: outbound interface is no longer dictated with IP_PKTINFO
* DHCP: BPF sockets now closed when no longer needed
* DHCPv6: Allow nooption dhcp6_unicast to work
* DHCPv6: Don't spam syslog if we always get the same error
* route: Log pid which deleted routes of interest
This release fixes PR bin/53705.
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
roy