From: krw Date: Mon, 24 Apr 2017 14:58:36 +0000 (+0000) Subject: Add 'echo-client-id' statment, so that RFC 6842 behaviour can be X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a51e987248c39601466de9e183d3901b5b7303cf;p=openbsd Add 'echo-client-id' statment, so that RFC 6842 behaviour can be turned off for those clients and networks that find it impossible to move past RFC 2131. Modelled on the same statement in recent ISC versions, though we default to 'on' (a.k.a. RFC 6842) rather that 'off' (a.k.a. RFC 2131). Problems reported by Bastien Durel (Xerox Phaser 6022 printer) and Bryan Vyhmeister (Hon Hai Precision router) via misc@. Thanks! --- diff --git a/usr.sbin/dhcpd/conflex.c b/usr.sbin/dhcpd/conflex.c index 73d463ac4e6..c66be485b65 100644 --- a/usr.sbin/dhcpd/conflex.c +++ b/usr.sbin/dhcpd/conflex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conflex.c,v 1.18 2017/04/12 19:12:01 krw Exp $ */ +/* $OpenBSD: conflex.c,v 1.19 2017/04/24 14:58:36 krw Exp $ */ /* Lexical scanner for dhcpd config file... */ @@ -311,6 +311,7 @@ static const struct keywords { { "dynamic-bootp", TOK_DYNAMIC_BOOTP }, { "dynamic-bootp-lease-cutoff", TOK_DYNAMIC_BOOTP_LEASE_CUTOFF }, { "dynamic-bootp-lease-length", TOK_DYNAMIC_BOOTP_LEASE_LENGTH }, + { "echo-client-id", TOK_ECHO_CLIENT_ID }, { "ends", TOK_ENDS }, { "ethernet", TOK_ETHERNET }, { "filename", TOK_FILENAME }, diff --git a/usr.sbin/dhcpd/confpars.c b/usr.sbin/dhcpd/confpars.c index 820556eb7d1..1dd4a55d2a2 100644 --- a/usr.sbin/dhcpd/confpars.c +++ b/usr.sbin/dhcpd/confpars.c @@ -1,4 +1,4 @@ -/* $OpenBSD: confpars.c,v 1.32 2017/04/12 19:12:01 krw Exp $ */ +/* $OpenBSD: confpars.c,v 1.33 2017/04/24 14:58:36 krw Exp $ */ /* * Copyright (c) 1995, 1996, 1997 The Internet Software Consortium. @@ -82,6 +82,7 @@ readconf(void) root_group.allow_bootp = 1; root_group.allow_booting = 1; root_group.authoritative = 1; + root_group.echo_client_id = 1; if ((cfile = fopen(path_dhcpd_conf, "r")) == NULL) fatal("Can't open %s", path_dhcpd_conf); @@ -319,6 +320,10 @@ parse_statement(FILE *cfile, struct group *group, int type, group->always_reply_rfc1048 = parse_boolean(cfile); break; + case TOK_ECHO_CLIENT_ID: + group->echo_client_id = parse_boolean(cfile); + break; + case TOK_USE_HOST_DECL_NAMES: if (type == HOST_DECL) parse_warn("use-host-decl-names not allowed here."); diff --git a/usr.sbin/dhcpd/dhcp.c b/usr.sbin/dhcpd/dhcp.c index 27355ebccab..e55f4d4e40d 100644 --- a/usr.sbin/dhcpd/dhcp.c +++ b/usr.sbin/dhcpd/dhcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcp.c,v 1.55 2017/02/13 23:04:05 krw Exp $ */ +/* $OpenBSD: dhcp.c,v 1.56 2017/04/24 14:58:36 krw Exp $ */ /* * Copyright (c) 1995, 1996, 1997, 1998, 1999 @@ -708,7 +708,7 @@ ack_lease(struct packet *packet, struct lease *lease, unsigned int offer, struct lease_state *state; time_t lease_time, offered_lease_time, max_lease_time, default_lease_time; struct class *vendor_class, *user_class; - int ulafdr, i; + int ulafdr, echo_client_id, i; /* If we're already acking this lease, don't do it again. */ if (lease->state) { @@ -1239,8 +1239,16 @@ ack_lease(struct packet *packet, struct lease *lease, unsigned int offer, memset(&state->options[i], 0, sizeof(state->options[i])); /* Echo back the client-identifier as RFC 6842 mandates. */ + if (lease->host) + echo_client_id = lease->host->group->echo_client_id; + else if (user_class) + echo_client_id = user_class->group->echo_client_id; + else if (vendor_class) + echo_client_id = vendor_class->group->echo_client_id; + else + echo_client_id = lease->subnet->group->echo_client_id; i = DHO_DHCP_CLIENT_IDENTIFIER; - if (lease->client_identifier) { + if (lease->client_identifier && echo_client_id) { state->options[i] = new_tree_cache("dhcp-client-identifier"); state->options[i]->flags = TC_TEMPORARY; state->options[i]->value = lease->client_identifier; diff --git a/usr.sbin/dhcpd/dhcpd.conf.5 b/usr.sbin/dhcpd/dhcpd.conf.5 index 0910a67c5fd..459756bef14 100644 --- a/usr.sbin/dhcpd/dhcpd.conf.5 +++ b/usr.sbin/dhcpd/dhcpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dhcpd.conf.5,v 1.18 2017/02/04 22:21:57 jca Exp $ +.\" $OpenBSD: dhcpd.conf.5,v 1.19 2017/04/24 14:58:36 krw Exp $ .\" .\" Copyright (c) 1995, 1996, 1997, 1998, 1998, 1999 .\" The Internet Software Consortium. All rights reserved. @@ -36,7 +36,7 @@ .\" see ``http://www.isc.org/isc''. To learn more about Vixie .\" Enterprises, see ``http://www.vix.com''. .\" -.Dd $Mdocdate: February 4 2017 $ +.Dd $Mdocdate: April 24 2017 $ .Dt DHCPD.CONF 5 .Os .Sh NAME @@ -919,6 +919,23 @@ Supplying a value for the option is equivalent to using the .Ic server-identifier statement. +.Pp +The +.Ic echo-client-id +statement +.Pp +.D1 Ic echo-client-id Ar flag ; +.Pp +is used to enable or disable RFC 6842 compliant behavior. +If the +.Ic echo-client-id +statement is present and has a +value of true or on, and a DHCP DISCOVER or REQUEST is received which contains +the client identifier option (Option code 61), the server will copy the option +into its response (DHCP ACK or NAK) per RFC 6842. +In other words if the client sends the option it will receive it back. +By default, this flag is on +and client identifiers will be echoed back to the client. .Sh REFERENCE: OPTION STATEMENTS DHCP option statements are documented in the .Xr dhcp-options 5 diff --git a/usr.sbin/dhcpd/dhcpd.h b/usr.sbin/dhcpd/dhcpd.h index 94a8d862782..3271b2de115 100644 --- a/usr.sbin/dhcpd/dhcpd.h +++ b/usr.sbin/dhcpd/dhcpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcpd.h,v 1.63 2017/04/18 13:59:09 krw Exp $ */ +/* $OpenBSD: dhcpd.h,v 1.64 2017/04/24 14:58:36 krw Exp $ */ /* * Copyright (c) 1995, 1996, 1997, 1998, 1999 @@ -223,6 +223,7 @@ struct group { int use_lease_addr_for_default_route; int authoritative; int always_reply_rfc1048; + int echo_client_id; struct tree_cache *options[256]; }; diff --git a/usr.sbin/dhcpd/dhctoken.h b/usr.sbin/dhcpd/dhctoken.h index b600ab99bf1..c925a791d94 100644 --- a/usr.sbin/dhcpd/dhctoken.h +++ b/usr.sbin/dhcpd/dhctoken.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dhctoken.h,v 1.7 2013/12/05 22:31:35 krw Exp $ */ +/* $OpenBSD: dhctoken.h,v 1.8 2017/04/24 14:58:36 krw Exp $ */ /* Tokens for config file lexer and parser. */ @@ -91,6 +91,7 @@ #define TOK_TOKEN_NOT 334 #define TOK_ALWAYS_REPLY_RFC1048 335 #define TOK_IPSEC_TUNNEL 336 +#define TOK_ECHO_CLIENT_ID 337 #define is_identifier(x) ((x) >= TOK_FIRST_TOKEN && \ (x) != TOK_STRING && \