diff options
author | tmarkwalder <tmark@isc.org> | 2017-05-03 10:24:06 -0400 |
---|---|---|
committer | tmarkwalder <tmark@isc.org> | 2017-05-03 10:24:06 -0400 |
commit | a0ba59ad2a3a2ec4705ce1aa69933fbb92232cd1 (patch) | |
tree | 808cfa054be93d37bdc72b3e33e238299ba3ba6e | |
parent | 3ef143022acbd46d8cb2640ad93827bbb9e60117 (diff) | |
download | isc-dhcp-a0ba59ad2a3a2ec4705ce1aa69933fbb92232cd1.tar.gz |
[v4_1_esv] dhclient can now enforce require options statement in -6 mode
Merges in rt41473.
-rw-r--r-- | RELNOTES | 8 | ||||
-rw-r--r-- | client/dhc6.c | 14 | ||||
-rw-r--r-- | client/dhclient.conf.5 | 5 | ||||
-rw-r--r-- | includes/site.h | 7 |
4 files changed, 32 insertions, 2 deletions
@@ -109,6 +109,14 @@ by Eric Young (eay@cryptsoft.com). BlueCat Networks for bringing the matter to our attention. [ISC-Bugs #43592] +- When running in -6 mode, dhclient can enforce the require option statement + and will discard offered leases that do not contain all the required + options specified in the client configuration. If not enabled the client + will still consider such leases. This must be enabled at compile time + (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to + Mritunjaykumar Dubey at Nokia for reporting the issue. + [ISC-Bugs #41473] + Changes since 4.1-ESV-R14b1 - None diff --git a/client/dhc6.c b/client/dhc6.c index 90a6b3af..cc4453dd 100644 --- a/client/dhc6.c +++ b/client/dhc6.c @@ -141,6 +141,8 @@ static isc_result_t dhc6_check_status(isc_result_t rval, struct option_state *options, const char *scope, unsigned *code); +static int dhc6_score_lease(struct client_state *client, + struct dhc6_lease *lease); extern int onetry; extern int stateless; @@ -3193,6 +3195,15 @@ init_handler(struct packet *packet, struct client_state *client) return; } + int lease_score = dhc6_score_lease(client, lease); +#ifdef ENFORCE_DHCPV6_CLIENT_REQUIRE + if (lease_score == 0) { + log_debug("RCV:Advertised lease scored 0, toss it."); + dhc6_lease_destroy(&lease, MDL); + return; + } +#endif + insert_lease(&client->advertised_leases, lease); /* According to RFC3315 section 17.1.2, the client MUST wait for @@ -3206,8 +3217,7 @@ init_handler(struct packet *packet, struct client_state *client) * should not if the advertise contains less than one IA and address. */ if ((client->txcount > 1) || - ((lease->pref == 255) && - (dhc6_score_lease(client, lease) > SCORE_MIN))) { + ((lease->pref == 255) && (lease_score > SCORE_MIN))) { log_debug("RCV: Advertisement immediately selected."); cancel_timeout(do_init6, client); start_selecting6(client); diff --git a/client/dhclient.conf.5 b/client/dhclient.conf.5 index 14739861..21e782ae 100644 --- a/client/dhclient.conf.5 +++ b/client/dhclient.conf.5 @@ -266,6 +266,11 @@ options will be ignored. There is no default require list. also require domain-search; } .fi + +NOTE: For ISC DHCP release 4.1-ESV-R14 and earlier, dhclient running in -6 +mode does not discard offers as described above. This has been corrected as of +release 4.1-ESV-R15 but must be enabled at compile time (see +ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). .PP .I The .B send diff --git a/includes/site.h b/includes/site.h index 803f2399..39212c60 100644 --- a/includes/site.h +++ b/includes/site.h @@ -306,3 +306,10 @@ limit the number of TCP connections that the server will allow at one time. A value of 0 means there is no limit.*/ #define MAX_FD_VALUE 200 + +/* Enable enforcement of the require option statement as documented + * in man page. Instructs the dhclient, when in -6 mode, to discard + * offered leases that do not contain all options specified as required + * in the client's configuration file. The client already enforces this + * in -4 mode. */ +/*#define ENFORCE_DHCPV6_CLIENT_REQUIRE*/ |