NetBSD/usr.sbin/dhcp/RELNOTES

424 lines
16 KiB
Plaintext

Internet Software Consortium
Dynamic Host Configuration Protocol Distribution
Version 3, Beta 2, Patchlevel 0
January 21, 2000
Release Notes
This is a development snapshot of Version 3 of the Internet Software
Consortium DHCP Distribution.
PLANS
Version 3 of the ISC DHCP Distribution adds conditional behaviour,
address pools with access control, and client classing. An interim
implementation of dynamic DNS updates for the server only is included,
but is not supported. The README file contains information about how
to enable this - it is not compiled into the DHCP server by default.
Features in upcoming releases, starting with 3.1, will include
Dynamic DNS Support, DHCPv4 16-bit option codes, asynchronous DNS
query resolution, DHCP Authentication, and support for a DHCP
Interserver Protocol and live querying and update of the DHCP
database. Not all of this is done yet (see below).
This release is running in production at the ISC and at quite a few
other sites. At this point, the 3.0 release is reasonably stable, but
is really only recommended for sites that are in a position to
experiment, or for sites that need the new features. Bug reports are
enthusiastically solicited.
For information on how to install, configure and run this software,
as well as how to find documentation and report bugs, please consult
the README file.
The interim Dynamic DNS Update support is the result of work by Lans
Carstensen and Brian Dols at Rose-Hulman Institute of Technology, Jim
Watt at Perkin-Elmer, Irina Goble at Integrated Measurement Systems,
and Brian Murrell at BC Tel Advanced Communications. I'd like to
express my thanks to all of these good people here.
Changes since June 6, 1999
- Integrated Irina Goble's Dynamic DNS update patches, with some
changes, thanks to Brian Murrell of BC Tel. These changes are only
enabled if you explicitly specify it with the configure script, and
we currently have no documentation.
- Heavily updated README file.
- Updated dhclient man page to document all current command-line
arguments.
- Added a -s flag to both the client and server, for debugging only,
so that the client and server can both be run using the socket API
on a single machine that has no network interfaces (e.g., with lo0).
- Added support for three new subexpressions that return data:
leased-address, reverse and binary-to-ascii.
- Fixed a problem where TOKEN_NOT and NOT were both kinds of tokens,
which prevented "not authoritative" from working.
- Updated the pretty-printer for the 'X' type so that it will output
ASCII text if the buffer being output contains all printable
characters. This is useful, e.g., for using the host-name option
in the client.
- Add support for an always-broadcast flag, which, when enabled,
causes the DHCP server to broadcast responses to all clients in the
scope in which it is enabled, even if the client didn't request that
the response be broadcast. This is useful for working around
clients that have buggy support for the protocol.
- Fix (I hope!) a compilation problem with the declaration of the
fallback_discard function on some versions of Linux.
- Fix a bug that caused the offered lease time to be zero (or possibly
some random value from the stack) if the client did not request a
specific lease duration.
- Add support for a one-lease-per-client flag, which if enabled in the
scope in which a client appears, causes any leases the client holds
to be freed as soon as a DHCPREQUEST is received from the client for
some other IP address. This will only work if the client has only
one network interface, so caution is urged in the use of this
feature.
- Fix a mistake in the example in the dhcpd.conf manual page that
talks about the "spawn with" statement.
Changes since May 27, 1999
- Fix some typos in the token ring code that I made while
incorporating Andrew's changes.
- Fix some problems with scope evaluation related to BOOTP clients.
Changes since May 7, 1999
- Add LPF token ring support, contributed by Andrew Chittenden.
- Fix a serious bug in some server option evaluations, where it was
looking for the values in the DHCP option space instead of the
server option space.
- Prevent the server from failing to configure a client that retries
its initial DHCPDISCOVER too quickly.
- Tweak semantics of lease limits so that if any class a client is in
has a limit, then the client can't get a lease just because it's
also in a class with no limits.
- Correct an operator precedence bug in abandoned lease handling.
- Provide more complete documentation for classes and correct errors
in existing documentation.
- Fix some pointer non-debug code paths.
- Add support for encode_int() operand
- Fix documentation for concat operator.
- Edit dhcp options manual page for consistency.
Changes since May 6, 1999
- Reverse precedence of user-supplied parameter request list so that
user can override client's preferences.
- Do not call abort () when uninitialized pointers are passed to
allocation functions unless POINTER_DEBUG is defined.
- Fix a bug in parsing colon-seperated hex octet lists in data
expressions.
- Fix a number of cases where the server would dump core in
evaluate_*_expression if the options buffer was a NULL pointer.
- Fix incorrect handling of exists subexpression.
Changes since April 24, 1999
- In DHCPINFORM, allow for buggy clients that do not set ciaddr by
using the IP source address from the IP header if ciaddr is zero.
- Fix some memory allocation botches in the DHCP server.
- Use parameter request list option from scope if it is present and
client didn't send one.
- Allow for RFC1541 clients that set ciaddr when REQUESTING by
checking server-identifier option as well as ciaddr before
unicasting.
- Add support for concat data subexpression.
- Add support for specifying option data as a data expression instead
of in the option's specified format.
- Fix a compile error on some Linux 2.0-based distributions.
Changes since April 23, 1999
- Fix a duplicate declaration of the object file copyright in dlpi.c. Sigh.
Changes since April 12, 1999
- Fix a bug that would cause a core dump in DHCPINFORM.
- Document DHCP server lease allocation algorithm in dhcpd.conf manual
page. Also document pool access control lists.
- Add support for site-defined option spaces.
- Do not respond with NAK if ciaddr is set and giaddr/interface origin
network segment doesn't match, since ciaddr means client is
unicasting using IP routing.
- Support DHCPINFORM even on unknown networks.
- Make pool scope less specific than class scope.
- Enforce maximum lease length after applying default lease time.
- Add support for a bunch of options that were added in RFC2132.
- Undo a mistaken change in the interface discovery code that caused
(e.g.) lo0 to be recognized as a broadcast interface.
- Tweak (hopefully fix) UDP/IP checksum algorithm.
- Support compilation on MacOS X.
Changes since April 8, 1999
- Support DHCPINFORM.
- Fix up some references to error() which I didn't notice earlier
because I don't do compilation testing on Linux.
- Add a boolean expression, "known", which returns true if the client
whose request is currently being processed has a host declaration.
- Do path keyword substitution on unformatted manual pages before
installing them.
- Use length from UDP header to compute UDP checksum, because some
buggy relay agents send UDP header lengths that disagree with IP
header length and actual bytes sent.
- Make error logging when packets with bad checksums or lengths are
received work more correctly.
- Fix a null pointer dereference that would occur when processing
bootp packets from networks to which the server was not directly
connected.
Changes since March 30, 1999
- Install unformatted manual pages on Linux
- SGI Irix support
- Generalize option support and add parser support for defining new
option spaces.
- Support for generating vendor-encapsulated-options option from
user-specified option space, rather than having to encode it as
hex.
- Fix hash table code to do the right thing with nul-terminated
strings - before they'd all get hashed into the same bucket.
- Fix a parser bug caused by dereferencing an uninitialized variable
that prevented the parser from working correctly on some systems but
allowed it to work on others.
- Document how to define new options, as well as how to set up
vendor-encapsulated-options option.
- When responding to bootp clients, use the subnet mask from the
subnet declaration as we do for DHCP clients if no explicit subnet
mask option was defined.
- Add always-send-rfc1048 option to force the server to send
rfc1048-style options (what everybody uses now) even if the client
doesn't send the right magic cookie.
- Fix some bugs in class support that became obvious when I tried to
use the vendor-encapsulated-option support in a reasonable way.
- Fix some memory leaks.
Changes since March 29, 1999 (second snapshot)
- Fix a memory allocation bug
- Move support for allow and deny keywords (WRT to server option
space) into common code so that they can be used within
conditionals.
Changes since March 29, 1999 (first snapshot)
- Build two new manual pages.
- Undo IFF_POINTOPOINT change from March 26.
- Add entry, exit and resolv.conf building hooks to dhclient-script.
Changes since March 26, 1999
- Set broadcast flag in DHCPDISCOVER packet if appropriate.
- Fix parsing of pool permits and address range statements.
- Account for tabs in parse_warn().
Changes since March 15, 1999
- Only use min-secs parameter on DHCPDISCOVER packets.
- Restore support for server-identifier keyword.
- Fix dhcp-class-identifier name to be vendor-class-identifier.
- Add support for defining new DHCP options, e.g.:
option new-option-name code 198 = array of ip-address;
option new-option-name 10.20.30.1, 10.20.30.2;
- Support added for AIX 4.1.5.0 (and hopefully other versions).
- Use /var/run instead of /etc on Digital Unix.
- Change DHCP client exponential backoff code to back off more slowly,
so that it is more robust in lossy environments, at the expense of
being a bit less polite to the server.
- Don't request a specific lease interval in the client unless the
user says to do so.
- Don't print DHCPXXX in wrong xxx messages unless DEBUG is defined.
- Fix handling of secs field.
- Fix handling of append statement.
- Fix documentation for append and prepend statements.
- Fix server support for parameter request list and maximum message
size.
- Parameterize more hardware types in discover_interfaces. Check for
IFF_BROADCAST instead of !IFF_POINTOPOINT
- Print kernel configuration warning message if we get EINVAL when
opening or configuring the Linux packet filter.
- Fix a bug in UDP checksum code (thanks to John Nemeth for figuring
this out) and re-enable UDP checksumming. This allows the client
to work with some buggy DHCP servers that can't handle zero
checksums in the UDP header - in particular, the one John's cable
modem ISP is using.
- Don't report packet header checksum errors unless we see a lot of
them. It's perfectly normal for some number of checksum errors to
occur.
- Refer to the dhcpd.leases man page when printing an error message
prior to exiting because there's no lease database.
- Add information to the README telling the reader how to get to the
manual pages.
- Fix the server packet transmission code to unicast when it can.
- Fix a typo in the dhcpd.conf manual page.
CHANGES SINCE VERSION 2.0
- Support for conditional behaviour - i.e., what the client sends can
be used to determine what response the client gets, in a very
general way.
- Support for client classing - that is, clients can be assigned to
classes based on what they send, and then address assignments can be
made based on the client's class. A per-class limit on the number
of addresses assignable can be made. It is possible to spawn new
classes on the fly based on a template, so that address limitations
can be done on a per-customer basis - e.g., when using relay agent
options, a particular customer's circuit ID can be used to classify
all hosts at the customer site as part of a class which is generated
on the fly the first time the circuit ID is seen. The class
template from which this class is created can specify a limit of,
say, four leases. This would have the effect of limiting all
customer sites behind relay agents that attach circuit IDs to the
packets they forward to a maximum of four leases each.
- Memory allocation behaviour has been completely redone.
- Support for more than one pool of addresses per network segment.
This permits clients to be allocated addresses out of different
ranges, even within a subnet, based on what classes they're in,
whether or not they are known (have host declarations), whether or
not they have authenticated, and that sort of thing. Parameters,
including things like lease times and also things like options to be
sent to the client, can vary from address pool to address pool.
UPCOMING WORK
I have a bunch of unintegrated code to do authentication. The only
reason it's not integrated is that I've decided it's incorrect, and
I'm going to have to hack the in-memory database to make it correct.
So expect the lease data structure to change, and probably expect the
host data structure to change as well, in order to fully support
authentication. Some bits of authentication support are already
scattered here and there. You may see references in the code to the
failover protocol. I was testing some theories, but this code isn't
functional in any sense, although it will be in the future.
Integration between DHCP and Dynamic DNS is the most-requested
feature, and you can expect work on this to occur in the near future.
Irina Goble has some code that several people are running with 2.0
with some success right now, and while I don't promise to integrate
this particular code, something will certainly be happening in April
or May.
There's already some support for DHCPv4NG 16-bit option codes, but it's
not complete, and won't be very interesting until we have a DHCP
futures draft out and Microsoft implements it in their clients. When
this draft is a bit closer to completion, the ISC will release a
sample implementation - it's not too hard, and it'll be cool to be
able to say at the IETF that there's something available, even if it
won't be deployable for a while yet. You will be able to run the
DHCPv4NG server with existing DHCPv4 clients, because the protocol
provides for interoperability between new servers and old clients, as
well as new clients and old servers.
The all-singing, all-dancing Interserver Protocol has been put on the
back burner in favor of the DHCP Failover Protocol, which solves the
problem of providing redundant DHCP service with no more than two DHCP
servers. This protocol is coming along quite nicely - we had a
meeting in February at Cisco, and lots of progress was made. Cisco
and Process Software both have implementations of an older version of
the protocol, and will presumably have support for the new protocol in
the not-too-distant future. The ISC will go straight to the new
protocol, once the next draft comes out and as time allows.
Live querying and update of the DHCP database will involve creating a
unix domain or secure (peer-to-peer IPSEC or TLS) TCP socket to the
DHCP server, sending requests for information, receiving responses,
and sending updates. Most of the read-only DHCP status information
will be available through SNMP, but the private query/update socket
will allow, for example, registration of clients without restarting
the server, and adjusting parameters on classes - e.g., reducing or
increasing the number of leases clients in a particular spawned class
may hold.
We will be providing anonymous CVS support as soon as we can.