* NetBSD: Can be build without ARP support but listen to kernel DaD
* ND6: Removed NA support from SMALL builds
* ND6: Remove and warn about NA on OS's other than NetBSD and Linux
* script: tmp files are removed for systems without open_memstream(3)
* configure: open_memstream(3) detected on recent glibc
* DHCP: Avoid duplicate read of UDP socket when BPF is also open
* IP: Avoid adding address if already exists on OS other than Linux
* IP6: Avoid adding address is already exists on Solaris
* route: Fixed a NULL de-reference error on static routes
* DHCP6: Move to REQUEST if any IA has no-binding in REWNEW/REBIND
* DragonFlyBSD: Now compiles and works for
* IP: Accept packets with IP header options
* ARP now supports many requests
* Routing tables now use Red-Black Trees
* Script variables are no longer allocated manually
* DHCP addresses are added with vltime of the lease time and pltime
of the rebind time (Linux only)
* OpenBSD: compiles again
* BSD: Check RTM lengths incase of kernel issues
* DHCP6: Don't stop even when last router goes away
* DHCP6: Fix inform from RA
* hostname: Fix short hostname check
* DHCP: Ensure dhcp is running on the interface received from
* BSD: Link handling has been simplified, however it is expected
that if an interface supports SIOCGIFMEDIA then it reports
the correct link status via route(4) for reliable operations
* BPF: ARP filter is more robust
* BSD and sun: Validate RTM message lengths
This security issue has been addressed
* DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE
Many thanks to Maxime Villard <max@m00nbsd.net> for discovering this issue.
* Solaris: Many more issues fixed
* OpenBSD: Don't spam syslog when cannot send NA
* FreeBSD: Fix fetching IPv6 address lifetimes
These security issues are also addressed:
* auth: Use consttime_memequal to avoid latency attack
consttime_memequal is supplied if libc does not support it
dhcpcd >=6.2 <7.2.1 are vulnerable
* DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
dhcpcd >=4 <7.2.1 are vulnerable
* DHCPv6: Fix a potential buffer overflow reading NA/TA addresses
dhcpcd >=7 <7.2.1 are vulnerable
Many thanks to Maxime Villard <max@m00nbsd.net> for discovering these issues.
* build: latest gmake-3 works once more
* build: exits on error in a subdir
* BSD: PF_LINK sockets now closed when no longer needed
* BSD: Fix detecting interface for scoped routes
* Solaris: Many, many, many fixes - pretty much works now
* script: Allow "" to mean /dev/null
* script: Add static routers and routes to env
* DHCP: outbound interface is no longer dictated with IP_PKTINFO
* DHCP: BPF sockets now closed when no longer needed
* DHCPv6: Allow nooption dhcp6_unicast to work
* DHCPv6: Don't spam syslog if we always get the same error
* route: Log pid which deleted routes of interest
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
* FreeBSD: Avoid panicing kernel for IPv6 prefix routes
* OpenBSD: works alongside slaacd(8)
* NetBSD: sets SO_RERROR on to detect receive socket overflow
* BSD: route improvements to avoid listening for own changes
* Linux: use NETLINK_BROADCAST_ERROR
* BSD: avoid late address deletion messages by testing address existance
* IP6: implement IP6 address sharing
* BSD: catch UP/DOWN events when interfaces does support media changes
* IPv4LL: remember old address when carrier is lost
* Don't use IP_PKTINFO on NetBSD-7 as it's incomplete.
* Workaround RTM_NEWADDR sending the wrong broadcast address
on NetBSD-7.
* Silence diagnostics if an address vanishes when reading
it's flags on all BSD's.
* Misc compiler warnings fixed.
* dhcp: Clarified some checksumming code, style and commentary
(thanks to Maxime Villard)
* dhcp6: IAID is now unique per IA type rather than global
* ip6: if an IA callback causes a fork, exit earlier
* OpenBSD: Fix adding INET6 on-link routes without an address
* Linux: Improve interface renaming
* Linux: If listening to dev manager, let it remove interfaces
* Routing: Fix case when cloning route changes but needs to be replaced
* DHCP6: Transpose DHCP userclass option into DHCP6
* DHCP6: Fix sending custom vendor class option
* Auth: Allow zero value replay detection data
* Auth: Allow different tokens for send and receive
* ND6: Warn if router lifetime is set to zero
* DHCP6: Softwire Address and Port-Mapped Clients, RFC7598
* udev: uses the logerr framework
* BSD: fix segfault when IPv6 addresses exist and carrier changes
* dhcp6: fix a null termination overflow on status messages
* options: static routes can be setup in global context again
* routes: dhcpcd added host routes are now reported correctly
* Added support for setproctitle(3)
* Kernel RA is no longer disabled when IPv6 is disabled in dhcpcd
* DHCPv6 PD is no longer stopped if no Routers are found
* If the DHCP leased address is deleted, enter the reboot state
* DHCPv6 unicast is no longer performed when not in master mode
* dhcpcd will now detect netlink/route socket overflows ad re-sync
* hooks: remove use of local builtin for better portability
* Fix build issue when `__GNUC__ <= 2` (thanks to Chris Hathhorn)
* dhcpcd: don't log errors working out carrier for departed interfaces
* ipv4: allow configuration of static broadcast address
* if: don't set MTU during interface discovery
* if: don't activate non matching interfaces to commandline ones
* configure: make `--includedir=/usr/src/foo` work
* eloop-bench: fix hangs when using a large number of cycles
* dhcp: don't bind when we've just probed an address to inform
* dhcp: when unicasting on L3, unicast on L2 as well
* dhcp: when rebooting, don't set cidaddr
* dhcp6: don't listen on IPv6 addresses when not using DHCPv6
* dhcp: only set probe state when probing (fixes REBOOT reason)
* linux: use IFA_F_NOPREFIXROUTE for IPv4 addresses
* ipv6: disable kernel RA if interface is active
* hooks: set protocol to link for link layer events
* Mark routes as set by RA/DHCP in Linux
* Don't flush prefix routes/routers if kernel does not support RA
* Remove OpenBSD route labels
* dhcp: improve errors around UDP checksum failure
* dhcp: announce existing addresses before rebooting
* bpf: rework loop so that we can close/reopen fd inside and abort
* ipv6nd: don't handle NA/RA for non active interfaces
* dhcp6: listen on all addresses in non master mode
* dhcpcd-run-hooks: set protocol in dhcpcd, don't guess
* Ensure that xid is unique across all interfaces
* dhcp6: redirect message to interface which uses the xid
* bsd: strip scope from LL addresses when detecting their addition
* ipv6nd: fix address lifetime overflow on carrier up
* dhcp6: fix confirmation of lease on carrier up
* eloop: fix signal catching before eloop is started on Linux
* Fixed handling RA's from multiple routers
* Fixed changing to a better route based on gateway
* IPv6 default route is now deleted when config is not persistent
* Use hmac(3) if available in libc to reduce binary size
* Default to use VLANID>0 for IAID instead of MAC address
* BSD: Add support for RTA_LABEL
* Stop sharing the DHCPv6 port in master mode with other processes
* Fix some prefix delegation issues when the carrier drops or
addresses become stale
* Fix a crash when starting dhcpcd with -n
* Fix test for preferring a fake lease over a real one
* Show to real address lifetimes being added when adding IPv6
addresses
* Install dhcpcd-definitions.conf to the correct directory
* Restore the -G, --nogateway option
* restored --logfile support as a few people complained it vanished
The new logging code even makes the overall binary size smaller
on most platforms.
* BPF filter now trims garbage trailing the payload
OK, it's not garbage, but userland doesn't know some drivers append
FCS to it.
* install udev.so on supported platforms to fix segfaults.
* support NetBSD's RO_MSGFILTER socket option to reduce avoid context
switching for route(4) messages that don't interest us.
* support OpenBSD's ROUTE_MSGFILTER which does the same.
* Don't open sockets if just sending signals.
* HMAC-MD5 test's now check expectations in code rather than relying
on visual confirmation.
* added eloop-bench to test performance of eloop with available
polling mechanisms.
Summary of changes since dhcpcd-6.11.5:
* source file locations reworked:
dhcpcd source is in src
dhcpcd hooks are in hooks
compat is in compat
* README split into README.md and BUILDING.md
* internal routing is now protocol agnostic
* avoid using __packed and use compile time asserts instead
* addresses some alignment issues
* disable some ARP code on kernels which support RFC5227
* BSD IPv6 kernel settings are now updated to reflect dhcpcd config
* custom logger has been removed, syslog handles everything
as such, the --logfile option has been removed as well.
If you need better/earlier logging, get a better syslogger!
* distinfo and signed distinfo files are now available alongside
release taraballs from this point onwards
* default DBDIR has changed from /var/db to /var/db/dhcpcd
* /etc/dhcpcd.duid moves to DBDIR/duid
* /etc/dhcpcd.secret moves to DBDIR/secret
* lease file names have dhcpcd removed from them as they are now
inside a directory of the same name
* fixed issues with reject routes not working on some platforms
* improved nl80211 support on Linux for working out the SSID
* no longer request NTP by default in dhcpcd.conf
* fix detecting IPv6 DAD on OpenBSD
* remove custom Solaris DLPI filtering in favour of BPF
(note there seems to be a kernel issue where the DHCP
fd receives ARP's as well, the only side effect is
a noisy syslog)
* BPF filtering vastly improved so dhcpcd only wake up on
ARP or DHCP packets destined for it
* support for MUD URL (draft-ietf-opsawg-mud-05)
* if the kernel isn't doing DAD, don't insist on waiting for it
to actually do it
* fix a potential crash where the DHCP or ARP states could be
freed before the packet processing loop naturally breaks
* removed gateway and nogateway options
(these can be controlled by the nooption directive which
works for more than just gateways)
* removed ipv6ra_own and ipv6ra_own_default options
(these can be controled by the ipv6rs/noipv6rs directive)
* fix a memory leak on systems where posix_spawnattr_init
allocates memory by calling posix_spawnattr_destroy afterwards
* fix a crash receiving SIGUSR1
* Fixed octal and hex string parsing in options.
* Ignore bogus RTM_DELADDR on FreeBSD when the interface goes down.
* Several statically sized buffers have been removed and replaced
with dynamically sized ones where we have no real idea of what
the size will be.
* Reverse IPv4 route removal order.
* Improved handling of Netlink messages on Linux.
* Poll for tentative link-local addresses if needed.
* Added --small configure directive to reduce binary size
* Allow DHCPv6, IPv4lL and authentication to be compiled out
* dhcpcd requries the interface to be up when considering link status
* Add support for ifa_addrflags in getifaddrs(3)
* Add support for ifam_addrflags and ifam_pid from route(4)
* If T1 or T2 are not set in DHCPv6 messages, use a default from the
lowest pltime instead of the expiration time.
* Validate lease before moving to REQUEST when both ends use
rapid commit.
* If lease validation fails, don't restart the DISCOVER phase if
we're already in it.
* Workaround a 14 year old BSD issue where initial address lifetimes
are transfered to the prefix route and are not updated again,
causing the kernel to remove the route.
The fix is to initially add the address with infinite lifetimes
and then change the lifetimes to the correct ones.
* IPv6 RA routes are now expired by dhcpcd.
* Fix gateway interface assignment on BSD.
* Only mask off signals we do something with
(allows coredumps on some platforms)
* Fix a memory issue where an old lease could be read and discarded
but the buffer length not reset.
* Bind DHCPv6 to the link-local address when not running in master
mode so that many dhcpcd instances can run per interface.
* It's now possible to exclude the vendor-class option.
* pkg-config can now be host selectable in configure,
thanks to Heiko Becker.
* Fixed a NULL pointer dereference when checking ARP conflicts.
* Revert a change in 6.11.1 which causes some packets not to be
read correctly from the BPF socket.
* Commandline options are now applied to profiles.
* Fixed some potential memory issues for non embebbeded configs,
thanks to Koichi Okamoto.
* Simplified route handling on BSD.
* Fix expiration of IPv6 routers if a static route was present.
* --inactive now starts with all interfaces inactive.
subsequent calls to dhcpcd can activate/deactivate them.
* Illumos (Solaris) is now a supported plaform.
* Fix truncated packet handling where the DHCP message is less than the
BOOTP size
* Rework the raw socket handling around an fd for initial Solaris support
* Only pull one message from the raw socket - eloop will handle the looping
* Netmask fixes for STATIC and INFORM
* Rework if_address to use struct ipv4_addr, like the ipv6 counter parts
* Split BSD handlink into many smaller functions to improve readability
* empty DNS entries are no longer created
* Test for hostname_fqdn being set to server or blank
* Allow an SLA 0 and prefix length of 0 to delegate the whole prefix
ia_pd 1 wm1/0
* Fix prefix delegation address timings on renew
* pidfile directory is now created correctly at startup.
* bootp "leases" are now stored so dhcpcd can dump them.
* ARP state is keep open so we can detect duplicates
(currently this is only logged, no action is taken).
* --lastleastextend allows dhcpcd to extend a DHCP lease once
it has expired. The lease is dropped if any other node
claims the address.
* Delegated Prefix reject routes will be correctly bound to the
loopback interface. If a delegated address uses the whole prefix,
then the reject route is removed. If this address is removed, the
reject route is restored.
* dhcp code has been reworked around a classic BOOTP structure
instead of a fixed size DHCP structure based on a max MTU of 1500.
Each reference to it also has a size so we know it's length.
Adding an option to a message is now guarded via easy macros.
Option concatenation buffer is no longer a fixed size.
* many more changes so that dhcpcd passes all current Coverity tests.
* Support iSNS, RFC4174
* Fix Prefix Delegation with SLA 0 and warn that it's not
really RFC compliant
* Fix build with --disable-embedded
* On an IPv4LL defence, an ARP announcement is now sent in
accordance with RFC 3927 Section 2.5
dhcpcd-6.10.2 had the following changes:
* Add fix for CVE-2014-7913.
* eloop performance and API improvements.
* Don't send a blank hostname.
* Prefix Delegation default value fixes.
* Prefix Delegation suffix is now configurable.
* dhcpcd.conf now allows embedded comments.
* IPv6 static address support.
* ipv6ra_accept_nopublic has been removed, all prefixes now accepted.
* Support RTF_CONNECTED on NetBSD.
* Fix compile on older platforms which lack O_CLOEXEC.
Thanks to OBATA Akio.
* Remove pidfile handling from dhcpcd and use pidfile_lock(3).
If not available, use a compat shim.
* Fix ignoring messages sent to the kernel and receive via another one
on Linux.
* Fix changing routes on BSD.
* Add -P, --printpidfile to print the pidfile dhcpcd will use to
stdout
* Fix a crash when a non active interface departs
* Add the -1, --oneshot option which causes dhcpcd to exit once an
interface has been configured
* Fix delegation activating interfaces
* --noption requires an argument
* optimise the ARP BPF filter, thanks to Nate Karstens
* send gratuitous ARP each time we apply our IP address
* fix truncation of hostnames based on the short hostname option
* improve routing and address management by always loading all
interfaces, routes and addresses even for interfaces we are
not directly working on
* timezone, lookup-hostname, wpa_supplicant and YP hooks are no
longer installed by default but are installed to an example
directory
* fix compile on kFreeBSD
thanks to Christoph Egger for providing a temporary build host
* improve error logging of packet parsing
* fix ignoring routing messages generated by dhcpcd just before
forking
* fix handling of rapid commit messages (allow ACK after DISCOVER)
* add PROBE state so we can easily reject DHCP messages received
during the ARP probe phase
* fix CVE-2016-1503
* fix CVE-2016-1504
* dhcpcd will now configure chrony if installed and ntp isn't
* dhcpcd no longer attempts temporary address management on Linux
* replace the SixRD decode function with a generic definition
* try harder to ensure only 1 lladdr exists per interface on BSD
* kFreeBSD compiles once more, thanks to JS Junior
* change IPv6 routes on MTU change
* -p works with -x on an already running process started without -p
* fix TEST for IPv4LL
* Correct size allocation for prefix delegation, thanks to Jade
* Add an option to enable DHCPv6 Information Request without the
need for dhcpcd to recieve an IPv6 Router Advertisement with the
Other Configuration bit set.
* Introduce the optional option type, which allows embedded options
to be optional
* Mark our logger function as sysloglike because we enjoy using %m
* Don't check link state if not instruted to before working out if
we can fork early or not.
* Add a -N --renew option to renew any existing address early
* Obey the hostname_short option even for configured FQDN hostnames
* -U, --dumplease now works with standard input.
It no longer works with a filename.
* If dumping leases, skip authentication and address expiry checks
* Fix adding host routes via a gateway on Linux
* Fix adding static routes via a gateway on BSD
* Always send LOG_DEBUG to syslog(3) even if we are in quiet mode.
It's upto syslog to filter it.
* If testing or dumping leases, don't send to syslog only
stdout/stderr.
* Only run the IPv4LL script and rebuild routes on drop when
an address is actually dropped.
* Add noup directive to stop master mode bringing an interface up.
* Fix compile for old Linux systems.
* If only IPv4LL addresses exist, assign a default route to the
interface so that IPv4LL can talk to non IPv4LL on the same link.
* Set DHCPv4 MTU on routes instead of the interface.
This matches IPv6 behaviour and works around dodgy interfaces
where a MTU change can reset the PHY causing an infinite loop.
* MTU is now requsted by default in dhcpcd.conf again.
* noauthrequired also allows unauthenticated FORCERENEW and
RECONFIGURE messages.
* Simplify the socket code by adding a custom function instead of
having the same #ifdef mess for systems without SOCK_CLOEXEC.
Thanks to Christos Zoulas.
* Don't do platform init or setting interface MTU if too small when
testing or dumping leases.
* Build new_domain_name from other sources if blank before checking
it's blank to remove any prior config. Thanks to Paul Walrath.
* Describe adding an IPv6 temporary address.
* Don't delete dhcpcd assigned IPv6 link-local addresses when
releasing leases.
* Reference old DHCPv6 FQDN when processing the hostname.
* Change packaging from bz2 to xz
* Fixed waitip
* For Prefix Delegation, servers must now support RFC7550
* Fixed detecting host routes in DHCP messages
* Fixed ARP checking that failed in some situations
* Fixed static address assignment in dhcpcd.conf
* Split IPv4LL state from DHCP and into it's own state
* Reject any NA/RA with a hop limit != 255
* Replace if_oneup with if_afwaited and af_waited for hook scripts
* Fix a potential buffer overrun if an embedded DHCP option is
a zero length or fails to parse - thanks to Paul Stewart
* Check fclose for errors - thanks to Bob
* wpad_url has been added to dhcpcd-definitions.conf
* Fix a double free when failing to send a DHCPv6 RELEASE
Thanks to Todd Blanchard.
* Correct IPv6 public address test, thanks to Micha? K?pie?
* Fix DHCPv6 starting if no public addresses found in the RA
but the M or O bit was set
* Replaced custom uptime() with clock_gettime(2)
* Fix DHCPv6 elapsed time
* Fix IPv6 prefix underflow when confirming deprecated but valid leases
* eloop.c and .h are now 100% portable outside of dhcpcd
(provided the system supports recent POSIX and either you or
the system provide working TAILQ macros)
* Allow waitip to work per interface.
* Handle ND options in the same way we handle DHCP and DHCPv6 options.
* Add new variable of type bitflags:flags where the flags ABCDEFGH,
A is 10000000, B is 01000000, etc.
Variables with the name reserved are no longer processed.
* Improve IN_IFF_TENTATIVE with ip sharing.
* Compile on QNX
* Fix handling of ND6_IFF_OVERRIDE_RTADV
* Fix adding host routes on BSD
* If RTF_LOCAL is defined, don't create local routes
* Don't destroy existing routes where possible
* Support kqueue(2) and epoll(7) if available
* dhcpcd can now act as a pure BOOTP client
* IPv6 default route only installed when a working address is added
* Fixed host routes inside a CSR option
* Support IN_IFF_TENTATIVE on NetBSD
* Clarify timeout and reboot timeout, make it more sane
* A server should not NAK an INFORM
* The noalias directive will now remove any IPv4 addresses existing on
the interface when we want to add our own
* For BSD systems stop polling for IPv6 router reachability
Instead, expect for cached neighour route additions/changes/removals
to be announced by the kernel. Currently only NetBSD-7.99.3 does this.
* Store acquired time for each IPv6 address so we can correctly offset
pltime and vltime if we need to re-add them
* test mode no longer turns off kernel rtadv handling
* Allow STOPPED to be processed by dhcpcd-run-hooks(8)
* Don't attempt to match IFT to ARP types directly
* If neither dig nor host are present, fallback to getent(1)
* If IFF_UP is not set when we get a carrier up event, poll for it
instead of giving up
* Failure to bind to the DHCP port on the wildcard address when
it's in-use is not an error
* Log which IP address we are ARPing.
* Only free other ARP states if not assinging an IPv4LL address.
* Reload global config when running per interface commands.
This matches the signal behaviour.
* If we don't have a hardware address, fallback to creating a default
IAID from the interface name and index as we used to.
* Loopback interfaces have routes scoped to the host only.
* If we don't have a hwlen and no clientid has been set, force a DUID
based ClientID.
* Disable IPv6RS if a loopback, pointopoint or not a multicast interface.
* If allowinterfaces is not specified, allow all configured interfaces
to work, such as loopback and ppp.
* When not daemonising, don't exit on timeout.
* Zero length UDP packets are not an error condition on the socket.
Thanks to Micha? K?pie?.
* If the IP address is still on the interface when reading a lease,
fake add the address and routes so the lease can be cleaned up if needed.
* TAILQ macros are now pulled in via config.h only so dhcpcd compiles
on systems where sys/queue.h does not exist at all
* Remove DHCP state correctly when the interface departs
* End the IPv4LL state when DHCP is stopped
* Ensure that any DHCP leased offered still exists when assigning an
IPv4LL address
* Log the address IPv4LL defends
* PREINIT, UNKNOWN and CARRIER are not either up nor down states
* ARP code re-written to allow for many ARP states
* IPv4LL address is now pseudo random based on HW address instead
of really random as per RFC 3927 Section 2.1
* If not doing DHCP or DHCP6, disable the DNS requirement in the RA
to fork.
* Treat IPv4LL as fallback and start DHCP discovery even if the prior
lease was IPv4LL when rebooting.
* When we transition from REQUEST to DISCOVER in a reboot,
start IPv4LL at the same time as discover to ensure we have an
address quicker.
* Improve handling of the IPv6LL address at startup
* Support old Linux kernels where IFLA_AF_SPEC may not exist
* When stopping interfaces, skip past pseudo interfaces instead
of finding the master as only the masters are sorted correctly
Added another mirror site, http://cflags.cc/roy/dhcpcd
* Use RTF_PINNED when deleting routes when available
Allows dhcpcd to control IPv4 routing on newer FreeBSDs
* Don't work on bridge, or ptp interfaces unless explicitly told
* Poll for IFF_RUNNING again but avoid constantly sending IFF_UP
(should now fix all carrier problems on BSD virtual interfaces)
* Don't crash when processing IPv6 route calls from the kernel
when IPv6 resources have been disabled in dhcpcd
* Allow the same IP address to be shared across different interfaces
Interface with the lowest metric gets the IP address, will move
to the next highest if dropped (interface departs, carrier drops, etc)
* Use correct interface gateway on FreeBSD, removes need for linkaddr.c
on kFreeBSD
* Delegated prefix addresses are now reported via DELEGATE6
* Fix copying the correct timezone file
* Work better with unknown delegated prefix lengths
* Move IPv4LL and ARP to the DHCP eloop queue to fix timing issues
* Add IA PD documentation update from christos@netbsd.org
