* route: ensure IPv4LL routes come last in priority
* DHCP: fix many issues with extending the last lease
* privsep: don't read control group from config in privsep
* privsep: only the master process responds to signals
* privsep: use a socketpair for stderr/stdin rather than dupping /dev/null
* privsep: right limit stdin/stderr/stdout
* privsep: dumping a lease is now run in a sandbox
* options: check if kernel supports INET or INET6 before enabling default
* options: let clientid override a prior duid
* options: allow -1 to represent infinity for requested lease time
* dhcpcd: fix a crash initing a new interface after route overflow
* Linux: fix reading the IPv6 forwarding proc entry
* configure: Fix fallout with disabling embedded config
* inet6: Add support for reporting Mobile IPv6 RA's
* inet6: Report RA Proxy flag if set
* BSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF
* privsep: Don't handle any signals meant for the main process
* eloop: Try and survive a signal storm
* configure: add --with-eghook=foo
* dhcpcd: Add an option to poll the interface carrier state
* script: Make visible some link level parameters to lease dumping
* Linux: ignore unsupported interfaces by default, such as sit0
* Linux: support aarch64 for reading cpu info
* Linux: keep the generic netlink socket around to get ssid with privsep
* Linux: restore fix when no address is returned by getifaddrs(3)
* inet6: Don't regen temp addresses we didn't add
* privsep: Don't limit file writes if logging to a file
* DHCP6: Fix lease timings with nodelay option
* Restore dumping leases from stdin
* auth: Only accept RECONFIGURE messages from LL addresses
* auth: Access the RDM monotonic counter file via privsep
* ARP: call arp_announced() when cancelling it
* BSD: fwip(4) interfaces are now ignored by default
* privsep: Ensure IPC buffers are large enough to carry messages
* privsep: Only open RAW sockets for the needed protocols
* privsep: Fix indirect ioctls returning data
* privsep: wait for processes on SIGCHLD rather than when sent a STOP cmd
* eloop: just use ppoll/pollts(2), falling back to pselect(2)
* Control sockets are not opened in test mode
* privsep: no longer aborts if protocol not available
* inet6: Don't regen temporary addresses without a state
* inet6: Reduce RA log spam
* dhcp6: Don't log when things consitently fail
* inet6: Add temporary directive to slaac option [1]
* Ensure current interface flags persist when setting a flag
* DHCP via BPF is now aligned correctly
* CMSG buffers are now aligned correctly
* hostnames are no longer clobbered when being forced and a RA is recieved
[1] dhcpcd no longer looks at any possible kernel settings when deciding to
manage IPv6 temporary addresses or not. You now instruct dhcpcd to do this
in dhcpcd.conf. Playing whack-a-mole with various kernel knobs wasn't fun
and some OS's have or are removing RA and thus temporary address managemnt
from the kernel so said knobs are no longer there.
* Privilege Separation
* Linux default hostname is (none), everyone is is a blank string
* Leases are now dumped over the control socket - you get RA's now as well.
* Better support for many IPv6 routers
* NetBSD: RTM_MISS filtering
* RA: Deprecate stale addresses by setting pltime 0
* DHCP6: Deprecate stale addresses by setting pltime 0
* Linux: Improve router reachability detection
Note that the kernel will still say it's failed when deleting the entry
* Linux: Note router preference in ip -6 route output
* Linux: Fix compile warning if HAVE_IN6_ADDR_GEN_MODE_NONE isn't supported
* Linux: Fix syslog support when /dev/log isn't in /dev
* privsep: configure defaults to user dhcpcd if _dhcpcd or _dhcp are unsuitable
* privsep: Improve error when we don't have permission to write lease
* privsep: Fix hooks restarting other daemons
* Decode interface complex interface names eth0.100:2 eth0i100:2.
This allows us to ignore some virtual interfaces by default
* ARP: Report L2 header address on conflict for more clarity
* DHCP: Support jumbo frames (untested)
* DHCP6: Clean up old lease on failure to confirm/rebind, etc
* RA: Prefer older routers
* INET6: Obscure prefixes are now calculated correctly
* INET6: Support a /128 prefix advertised via RA
* BSD: More address validation from route(4) messages
* DHCP: Fix a potential segfault on DaD failure
* IPv4LL: Fix a potential segfault when dropping IPv4LL addresses
* inet: Allow forcing a host route from an interface without a lease
* dhcpcd: Don't wait for an address family to complete if not using it
* Linux: fix RA time unit confusion
If you are suffering from IPv6 addresses not transitioning from the
tentative state (regression from dhcpcd-8.1 on Linux), you will need
to do one of the following after installing dhcpcd:
* reboot
OR
* dhcpcd -x
* echo 1000 > /proc/sys/net/ipv6/neigh/$interface/retrans_time_ms
* ip -f inet6 a flush
* start dhcpcd as normal
* Linux: prefer ms RA times
* Linux: Support kernels without PR_SET_MM_MAP
* dhcpcd: Only report SSID when we have a carrier
* IPv6ND: Fix reachable test
* DHCP6: Work better with infinite addresses
* DHCP6: Suboption 3 of NTP Server is a FQDN
* DHCP6: Fix deprecating a delegated prefix
* DHCP: Ensure we have a lease to extract options from
* hooks: STOPPED is now run on timeout and exit
* musl: Fix build
* Linux: Validate RTM_NEWADDR/RTM_DELADDR messages
* BSD: Use IP_REVCIF rather than IN_PKTINFO
* build: address sanitisation is enabled for debug builds
* build: Improve detection of dlsym requirements
* DHCP: When rebinding, ensure we have a DHCP ARP state
* RA: Sort routers when reachability changes
* RA: Apply hoplimit, reachable and retrans timer values to kernel
* RA: Warn if advertised MTU > interface MTU
* OpenBSD: Fix carrier detection for OpenBSD-6.6
* dhcpcd: Report SSID connection to when we gain carrier
* DHCP: Fix corruption of address flags when renewing
* IPv6: Fix a potential crash when udevs marks an interface ready.
* Linux: compat shim added for setproctitle(3).
* arc4random: fixed UB in compat shim.
* DHCP: Fix fallout from dhcpcd-8.1.0 for checksum calculation.
* DragonFlyBSD: Improved rc.d handling
* Fix carrier status after a route socket overflow
* Allow domain spaced options
* DHCP: Allow not sending Force Renew Nonce or Reconf Accept
* IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
* ARP: Fix a typo and remove pragma (thus working with old gcc)
* DHCP6: Fix a cosmetic issue with infinite leases
* DHCP6: SLA 0 and Prefix Len 0 will now add a delegatd /64 address
* Ignore some virtual interfaces such as Tap and Bridge by default
* BPF: Move validation logic out of BPF and back into dhcpcd
* inet6: Fix default route not being installed
* DHCP: If root fs is network mounted, enable last lease extend
* man: Fix lint errors.
* BSD: avoid RTF_WASCLONED routes
* DHCP: Give a better message when packet validation fails
* DHCP: Ensure we have enough data to checksum IP and UDP
The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3 when
the checksuming code was changed to accomodate variable length IP headers.
* BSD: Fixed router reachability tests
* inet6: If router unreachable, just solicit a new one
* inet6: Fon't install a default route if only lladdresses
* build: New make target import-src, only imports the bare essentials
* inet6: Stop listening to NA messages
* BSD: Listen to RTM_MISS messages
* DHCP: Fix in_cksum for Big Endian
* DHCP{,6}: Don't log an error if the lease file is truncated
* Solaris: Now fully supported!
* DHCP: Work with IP headers with options
* script: Assert that env string are correctly terminated
* script: Terminate env strings with no value
* script: Don't attempt to use an invalid env string
* route: Fix NULL deference error when using static routes
* ARP: Respect IFF_NOARP
* DHCP: Add support for ARPHRD_NONE interfaces
* DHCP: Allow full DHCP support for PtP interfaces, but not by default
* DragonFlyBSD: 500704 announces IPv6 address flag changes
* control: sends correct buffer to listeners
DragonFlyBSD-500704 kernel has the functionality dhcpcd needs to compile without any warnings. There are still improvements to be made to the whole network stack, but none of them are dhcpcd specific.
dhcpcd-ui now correctly reports SSD association and all the addresses obtained (regression from dhcpcd-7)
dhcpcd now supports QMI interfaces in RawIP mode - this is basically PtP interface without any L2 frame header. Because PtP interfaces normally configure their address via a 3rd party tool (dhcpcd waits for this address to appear), DHCP is not enabled by default. You can now enable it like so
interface wwan0
dhcp
Or just add --dhcpcd on the command line.
* NetBSD: Can be build without ARP support but listen to kernel DaD
* ND6: Removed NA support from SMALL builds
* ND6: Remove and warn about NA on OS's other than NetBSD and Linux
* script: tmp files are removed for systems without open_memstream(3)
* configure: open_memstream(3) detected on recent glibc
* DHCP: Avoid duplicate read of UDP socket when BPF is also open
* IP: Avoid adding address if already exists on OS other than Linux
* IP6: Avoid adding address is already exists on Solaris
* route: Fixed a NULL de-reference error on static routes
* DHCP6: Move to REQUEST if any IA has no-binding in REWNEW/REBIND
* DragonFlyBSD: Now compiles and works for
* IP: Accept packets with IP header options
* ARP now supports many requests
* Routing tables now use Red-Black Trees
* Script variables are no longer allocated manually
* DHCP addresses are added with vltime of the lease time and pltime
of the rebind time (Linux only)
* OpenBSD: compiles again
* BSD: Check RTM lengths incase of kernel issues
* DHCP6: Don't stop even when last router goes away
* DHCP6: Fix inform from RA
* hostname: Fix short hostname check
* DHCP: Ensure dhcp is running on the interface received from
* BSD: Link handling has been simplified, however it is expected
that if an interface supports SIOCGIFMEDIA then it reports
the correct link status via route(4) for reliable operations
* BPF: ARP filter is more robust
* BSD and sun: Validate RTM message lengths
This security issue has been addressed
* DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE
Many thanks to Maxime Villard <max@m00nbsd.net> for discovering this issue.
* Solaris: Many more issues fixed
* OpenBSD: Don't spam syslog when cannot send NA
* FreeBSD: Fix fetching IPv6 address lifetimes
These security issues are also addressed:
* auth: Use consttime_memequal to avoid latency attack
consttime_memequal is supplied if libc does not support it
dhcpcd >=6.2 <7.2.1 are vulnerable
* DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
dhcpcd >=4 <7.2.1 are vulnerable
* DHCPv6: Fix a potential buffer overflow reading NA/TA addresses
dhcpcd >=7 <7.2.1 are vulnerable
Many thanks to Maxime Villard <max@m00nbsd.net> for discovering these issues.
* build: latest gmake-3 works once more
* build: exits on error in a subdir
* BSD: PF_LINK sockets now closed when no longer needed
* BSD: Fix detecting interface for scoped routes
* Solaris: Many, many, many fixes - pretty much works now
* script: Allow "" to mean /dev/null
* script: Add static routers and routes to env
* DHCP: outbound interface is no longer dictated with IP_PKTINFO
* DHCP: BPF sockets now closed when no longer needed
* DHCPv6: Allow nooption dhcp6_unicast to work
* DHCPv6: Don't spam syslog if we always get the same error
* route: Log pid which deleted routes of interest
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
* FreeBSD: Avoid panicing kernel for IPv6 prefix routes
* OpenBSD: works alongside slaacd(8)
* NetBSD: sets SO_RERROR on to detect receive socket overflow
* BSD: route improvements to avoid listening for own changes
* Linux: use NETLINK_BROADCAST_ERROR
* BSD: avoid late address deletion messages by testing address existance
* IP6: implement IP6 address sharing
* BSD: catch UP/DOWN events when interfaces does support media changes
* IPv4LL: remember old address when carrier is lost
* Don't use IP_PKTINFO on NetBSD-7 as it's incomplete.
* Workaround RTM_NEWADDR sending the wrong broadcast address
on NetBSD-7.
* Silence diagnostics if an address vanishes when reading
it's flags on all BSD's.
* Misc compiler warnings fixed.
* dhcp: Clarified some checksumming code, style and commentary
(thanks to Maxime Villard)
* dhcp6: IAID is now unique per IA type rather than global
* ip6: if an IA callback causes a fork, exit earlier
* OpenBSD: Fix adding INET6 on-link routes without an address
* Linux: Improve interface renaming
* Linux: If listening to dev manager, let it remove interfaces
* Routing: Fix case when cloning route changes but needs to be replaced
* DHCP6: Transpose DHCP userclass option into DHCP6
* DHCP6: Fix sending custom vendor class option
* Auth: Allow zero value replay detection data
* Auth: Allow different tokens for send and receive
* ND6: Warn if router lifetime is set to zero
* DHCP6: Softwire Address and Port-Mapped Clients, RFC7598
* udev: uses the logerr framework
* BSD: fix segfault when IPv6 addresses exist and carrier changes
* dhcp6: fix a null termination overflow on status messages
* options: static routes can be setup in global context again
* routes: dhcpcd added host routes are now reported correctly
* Added support for setproctitle(3)
* Kernel RA is no longer disabled when IPv6 is disabled in dhcpcd
* DHCPv6 PD is no longer stopped if no Routers are found
* If the DHCP leased address is deleted, enter the reboot state
* DHCPv6 unicast is no longer performed when not in master mode
* dhcpcd will now detect netlink/route socket overflows ad re-sync
* hooks: remove use of local builtin for better portability
* Fix build issue when `__GNUC__ <= 2` (thanks to Chris Hathhorn)
* dhcpcd: don't log errors working out carrier for departed interfaces
* ipv4: allow configuration of static broadcast address
* if: don't set MTU during interface discovery
* if: don't activate non matching interfaces to commandline ones
* configure: make `--includedir=/usr/src/foo` work
* eloop-bench: fix hangs when using a large number of cycles
* dhcp: don't bind when we've just probed an address to inform
* dhcp: when unicasting on L3, unicast on L2 as well
* dhcp: when rebooting, don't set cidaddr
* dhcp6: don't listen on IPv6 addresses when not using DHCPv6
* dhcp: only set probe state when probing (fixes REBOOT reason)
* linux: use IFA_F_NOPREFIXROUTE for IPv4 addresses
* ipv6: disable kernel RA if interface is active
* hooks: set protocol to link for link layer events
* Mark routes as set by RA/DHCP in Linux
* Don't flush prefix routes/routers if kernel does not support RA
* Remove OpenBSD route labels
* dhcp: improve errors around UDP checksum failure
* dhcp: announce existing addresses before rebooting
* bpf: rework loop so that we can close/reopen fd inside and abort
* ipv6nd: don't handle NA/RA for non active interfaces
* dhcp6: listen on all addresses in non master mode
* dhcpcd-run-hooks: set protocol in dhcpcd, don't guess
* Ensure that xid is unique across all interfaces
* dhcp6: redirect message to interface which uses the xid
* bsd: strip scope from LL addresses when detecting their addition
* ipv6nd: fix address lifetime overflow on carrier up
* dhcp6: fix confirmation of lease on carrier up
* eloop: fix signal catching before eloop is started on Linux
* Fixed handling RA's from multiple routers
* Fixed changing to a better route based on gateway
* IPv6 default route is now deleted when config is not persistent
* Use hmac(3) if available in libc to reduce binary size
* Default to use VLANID>0 for IAID instead of MAC address
* BSD: Add support for RTA_LABEL
* Stop sharing the DHCPv6 port in master mode with other processes
* Fix some prefix delegation issues when the carrier drops or
addresses become stale
* Fix a crash when starting dhcpcd with -n
* Fix test for preferring a fake lease over a real one
* Show to real address lifetimes being added when adding IPv6
addresses
* Install dhcpcd-definitions.conf to the correct directory
* Restore the -G, --nogateway option
* restored --logfile support as a few people complained it vanished
The new logging code even makes the overall binary size smaller
on most platforms.
* BPF filter now trims garbage trailing the payload
OK, it's not garbage, but userland doesn't know some drivers append
FCS to it.
* install udev.so on supported platforms to fix segfaults.
* support NetBSD's RO_MSGFILTER socket option to reduce avoid context
switching for route(4) messages that don't interest us.
* support OpenBSD's ROUTE_MSGFILTER which does the same.
* Don't open sockets if just sending signals.
* HMAC-MD5 test's now check expectations in code rather than relying
on visual confirmation.
* added eloop-bench to test performance of eloop with available
polling mechanisms.
Summary of changes since dhcpcd-6.11.5:
* source file locations reworked:
dhcpcd source is in src
dhcpcd hooks are in hooks
compat is in compat
* README split into README.md and BUILDING.md
* internal routing is now protocol agnostic
* avoid using __packed and use compile time asserts instead
* addresses some alignment issues
* disable some ARP code on kernels which support RFC5227
* BSD IPv6 kernel settings are now updated to reflect dhcpcd config
* custom logger has been removed, syslog handles everything
as such, the --logfile option has been removed as well.
If you need better/earlier logging, get a better syslogger!
* distinfo and signed distinfo files are now available alongside
release taraballs from this point onwards
* default DBDIR has changed from /var/db to /var/db/dhcpcd
* /etc/dhcpcd.duid moves to DBDIR/duid
* /etc/dhcpcd.secret moves to DBDIR/secret
* lease file names have dhcpcd removed from them as they are now
inside a directory of the same name
* fixed issues with reject routes not working on some platforms
* improved nl80211 support on Linux for working out the SSID
* no longer request NTP by default in dhcpcd.conf
* fix detecting IPv6 DAD on OpenBSD
* remove custom Solaris DLPI filtering in favour of BPF
(note there seems to be a kernel issue where the DHCP
fd receives ARP's as well, the only side effect is
a noisy syslog)
* BPF filtering vastly improved so dhcpcd only wake up on
ARP or DHCP packets destined for it
* support for MUD URL (draft-ietf-opsawg-mud-05)
* if the kernel isn't doing DAD, don't insist on waiting for it
to actually do it
* fix a potential crash where the DHCP or ARP states could be
freed before the packet processing loop naturally breaks
* removed gateway and nogateway options
(these can be controlled by the nooption directive which
works for more than just gateways)
* removed ipv6ra_own and ipv6ra_own_default options
(these can be controled by the ipv6rs/noipv6rs directive)
* fix a memory leak on systems where posix_spawnattr_init
allocates memory by calling posix_spawnattr_destroy afterwards
* fix a crash receiving SIGUSR1
* Fixed octal and hex string parsing in options.
* Ignore bogus RTM_DELADDR on FreeBSD when the interface goes down.
* Several statically sized buffers have been removed and replaced
with dynamically sized ones where we have no real idea of what
the size will be.
* Reverse IPv4 route removal order.
* Improved handling of Netlink messages on Linux.
* Poll for tentative link-local addresses if needed.
* Added --small configure directive to reduce binary size
* Allow DHCPv6, IPv4lL and authentication to be compiled out
* dhcpcd requries the interface to be up when considering link status
* Add support for ifa_addrflags in getifaddrs(3)
* Add support for ifam_addrflags and ifam_pid from route(4)
* If T1 or T2 are not set in DHCPv6 messages, use a default from the
lowest pltime instead of the expiration time.
* Validate lease before moving to REQUEST when both ends use
rapid commit.
* If lease validation fails, don't restart the DISCOVER phase if
we're already in it.
* Workaround a 14 year old BSD issue where initial address lifetimes
are transfered to the prefix route and are not updated again,
causing the kernel to remove the route.
The fix is to initially add the address with infinite lifetimes
and then change the lifetimes to the correct ones.
* IPv6 RA routes are now expired by dhcpcd.
* Fix gateway interface assignment on BSD.
* Only mask off signals we do something with
(allows coredumps on some platforms)
* Fix a memory issue where an old lease could be read and discarded
but the buffer length not reset.
* Bind DHCPv6 to the link-local address when not running in master
mode so that many dhcpcd instances can run per interface.
* It's now possible to exclude the vendor-class option.
* pkg-config can now be host selectable in configure,
thanks to Heiko Becker.
* Fixed a NULL pointer dereference when checking ARP conflicts.
* Revert a change in 6.11.1 which causes some packets not to be
read correctly from the BPF socket.
* Commandline options are now applied to profiles.
* Fixed some potential memory issues for non embebbeded configs,
thanks to Koichi Okamoto.
* Simplified route handling on BSD.
* Fix expiration of IPv6 routers if a static route was present.
* --inactive now starts with all interfaces inactive.
subsequent calls to dhcpcd can activate/deactivate them.
* Illumos (Solaris) is now a supported plaform.
* Fix truncated packet handling where the DHCP message is less than the
BOOTP size
* Rework the raw socket handling around an fd for initial Solaris support
* Only pull one message from the raw socket - eloop will handle the looping
* Netmask fixes for STATIC and INFORM
* Rework if_address to use struct ipv4_addr, like the ipv6 counter parts
* Split BSD handlink into many smaller functions to improve readability
* empty DNS entries are no longer created
* Test for hostname_fqdn being set to server or blank
* Allow an SLA 0 and prefix length of 0 to delegate the whole prefix
ia_pd 1 wm1/0
* Fix prefix delegation address timings on renew
* pidfile directory is now created correctly at startup.
* bootp "leases" are now stored so dhcpcd can dump them.
* ARP state is keep open so we can detect duplicates
(currently this is only logged, no action is taken).
* --lastleastextend allows dhcpcd to extend a DHCP lease once
it has expired. The lease is dropped if any other node
claims the address.
* Delegated Prefix reject routes will be correctly bound to the
loopback interface. If a delegated address uses the whole prefix,
then the reject route is removed. If this address is removed, the
reject route is restored.
* dhcp code has been reworked around a classic BOOTP structure
instead of a fixed size DHCP structure based on a max MTU of 1500.
Each reference to it also has a size so we know it's length.
Adding an option to a message is now guarded via easy macros.
Option concatenation buffer is no longer a fixed size.
* many more changes so that dhcpcd passes all current Coverity tests.
* Support iSNS, RFC4174
* Fix Prefix Delegation with SLA 0 and warn that it's not
really RFC compliant
* Fix build with --disable-embedded
* On an IPv4LL defence, an ARP announcement is now sent in
accordance with RFC 3927 Section 2.5
dhcpcd-6.10.2 had the following changes:
* Add fix for CVE-2014-7913.
* eloop performance and API improvements.
* Don't send a blank hostname.
* Prefix Delegation default value fixes.
* Prefix Delegation suffix is now configurable.
* dhcpcd.conf now allows embedded comments.
* IPv6 static address support.
* ipv6ra_accept_nopublic has been removed, all prefixes now accepted.
* Support RTF_CONNECTED on NetBSD.
* Fix compile on older platforms which lack O_CLOEXEC.
Thanks to OBATA Akio.
* Remove pidfile handling from dhcpcd and use pidfile_lock(3).
If not available, use a compat shim.
* Fix ignoring messages sent to the kernel and receive via another one
on Linux.
* Fix changing routes on BSD.
