Internet Software Consortium Dynamic Host Configuration Protocol Distribution Version 2 Patchlevel 3 July 19, 2000 Release Notes Version 2 of the ISC DHCP Distribution includes the ISC DHCP server, DHCP Client and DHCP/BOOTP Relay Agent. This version has been in a near feature freeze since January of 1998, was in Beta test from that time to June of 1999, and has now been released in its final form. It has a number of important features, and is the release that we would expect most sites to run. For information on how to install, configure and run this software, as well as how to find documentation and report bugs, please consult the README file. CHANGELOG This log describes the changes that have been made in version 2.0 since June of 1997. CHANGES FROM VERSION 2.0 PATCHLEVEL 2 - Rather than calling a client environment setup script, set the environment up directly, so as to avoid any possible exploit making use of clever shell metacharacter hacks. This is a security fix that applies to the DHCP client *only*. CHANGES FROM VERSION 2.0 PATCHLEVEL 1 - Fix a case where an unitialized pointer could result from an exceptional case in DHCPRELEASE and cause a core dump. CHANGES FROM VERSION 2.0 - Clean up DHCPRELEASE support. - Don't use the broadcast flag when doing BOOTP unless we need to. - Clean up the fallback mess. - Quote all shell special characters in the client script. - Fix ethernet header alignment on arm32. - Clarify the "no subnet declaration" message. - Correctly store the tftp server name in the lease file and the client script file. - Avoid a potential spin loop in client when script file creation fails for reasons other than the presence of an existing file of the same name. - Add support for Linux kernel versions greater than 2.2. - Fix a problem in raw.c on Irix. Thanks to Don Badrak for the patch. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 29 - Define BYTE_ORDER in includes/cf/hpux.h so that ip.h will compile correctly on HP-UX. - Fix a long-standing but minor bug in the way the program name for syslog was derived. - Fix a long-standing bug that prevented the DHCP server from broadcasting responses to BOOTP clients that requested a broadcast response. - In dhcprequest(), check to make sure that there's a lease before trying to acknowledge it to the client. This fixes a potential core dump that a few people observed. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 28 - Fix some pastos I introduced when merging Andrew Chittenden's token ring support. - Apply a patch to the token ring support from Andrew Chittenden. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 27 - Add dependencies to makefiles. - Don't use ping -w 1 in freebsd client script. - Token ring support for LPF, contributed by Andrew Chittenden. - Fix a subtle bug that would cause the server to respond incorrectly in some cases when the client sent duplicate DHCPREQUEST packets. - Fix option pretty printing for 'X' format. - Add some special cases to deal with DHCPREQUEST packets from RFC1541 clients. - Fix an obscure bug in nested subnet mask handling. - Fix a bug in abandoned lease reclamation. - Allow maximum message size to be set in configuration file. - Allow parameter request list to be supplied in configuration file. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 26 - Fix UDP/IP checksum code - Fix UDP payload length computation to prevent logging of spurious errors. - Support compilation on MacOS X - Add support for some options that were added in RFC2132. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 25 - Use the udp header's length rather than computing the length based on the number of bytes received, because some broken relay agents send packets with ip lengths that are longer than then sum of the ip header size and the udp length. - Do path keyword substitution on unformatted manual pages before installing them. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 24 - D'oh! Fix a really stupid mistake in hash.c. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 23 - Support an always-reply-rfc1048 flag, which says to reply with an RFC1048-style vendor extensions buffer even if the client didn't send an RFC1048-style magic number. - Fix a null pointer dereference. - Use netmask from subnet if no netmask option specified. - IRIX support (thanks to Don Badrak). - Install unformatted manual pages on Linux. - Add note in README about zcat vs. gzcat on BSD/os. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 22 - Test for lease before dereferencing it in dhcprequest. - Free the client parameter request list in dhcpnak if there is one. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 21 - Fix a pasto in options.c that will cause a core dump whenever a client sends in a request without a parameter request list. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 20 - Actually do the client fix mentioned below - Patchlevel 20 only contained half of the fix. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 19 - Removed arp table clearing code from solaris client script. - Document Linux "protocol not configured" error more thoroughly. - Clean up some unused variables. - Add entry and exit hooks to all dhcp client scripts, along with a make_resolv_conf function that can be redefined in the entry hooks. Document this new feature set. - Fix client to take advantage of network APIs that allow it to receive a unicast instead of requesting that the DHCP server broadcast its response. - Add -pf flag to all daemons allowing user to specify PID file name on command line. - Undo a previous change that attempted to be clever about testing interface flags but wound up being stupid instead. - Enforce access control on DHCPREQUEST messages as well as DHCPDISCOVER messages. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 18 - Support added for AIX 4.1.5.0 (and hopefully other versions). - Use /var/run instead of /etc on Digital Unix. - Change DHCP client exponential backoff code to back off more slowly, so that it is more robust in lossy environments, at the expense of being a bit less polite to the server. - Don't request a specific lease interval in the client unless the user says to do so. - Don't print DHCPXXX in wrong xxx messages unless DEBUG is defined. - Fix handling of secs field. - Fix handling of append statement. - Fix documentation for append and prepend statements. - Fix server support for parameter request list and maximum message size. - Parameterize more hardware types in discover_interfaces. Check for IFF_BROADCAST instead of !IFF_POINTOPOINT - Print kernel configuration warning message if we get EINVAL when opening or configuring the Linux packet filter. - Fix a bug in UDP checksum code (thanks to John Nemeth for figuring this out) and re-enable UDP checksumming. This allows the client to work with some buggy DHCP servers that can't handle zero checksums in the UDP header - in particular, the one John's cable modem ISP is using. - Don't report packet header checksum errors unless we see a lot of them. It's perfectly normal for some number of checksum errors to occur. - Refer to the dhcpd.leases man page when printing an error message prior to exiting because there's no lease database. - Add information to the README telling the reader how to get to the manual pages. - Fix the server packet transmission code to unicast when it can. - Fix a typo in the dhcpd.conf manual page. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 17 - Fix a bug in the relay agent where messages to the client would be unicast in the IP header but broadcast in the link header. The Microsoft DHCP client would reject such packets, preventing it from being configured. This was only a problem on non-socket-API platforms. - Do not attempt to reclaim requested abandoned leases in response to DHCPDISCOVER messages. - Allow the maximum lease time parameter in a host declaration to override the maximum lease time parameter in a subnet declaration. - Better document the -p flag for dhclient, dhcrelay and dhcpd. - Apply John Wehle's patch to fix the endianness bug in the dlpi packet filter on Solaris. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 16 - Fix linux man page install location. - Fix some confusion in the dhclient-script man page. - Fix error in includes/cf/linux.h that would have made network API selections in site.h work incorrectly. - Fix some major stupidity in the code that figures out where or not a client owns a particular lease. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 15 - Fix Makefile.conf on Linux to refer to /var/state/dhcp instead of /var/state/dhcpd. - Eliminate redundant #defines in includes/cf/linux.h (for neatness). - Fix an obscure case where dhcpd is started by the /etc/rc system with exactly the same pid each time, dhcpd.pid is not erased on reboot, and therefore dhcpd would detect a server (itself) with the pid in dhcpd.pid and decide that another server was running and exit. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 14 - Install the dhcp databases in /var/state/dhcp instead of /etc or /var/dhcpd, as suggested in the Linux Filesystem Hierarchy Standard. - Fix an endianness bug in dlpi.c. As a consequence, make the Solaris/i386 use dlpi again. - Fix a bunch of bugs in the Solaris client script. - Add some more information about Solaris to the README file. - Adjust startup message in interface probe so that the relay agent and client's unattached status will not trigger questions. - Update some error messages to provide more help to new users for some common mistakes. - Create an interface alias on Solaris when setting up IP aliases, rather than trying to do things the *BSD way. - Fix a null pointer dereference bug (this time I went through the whole function and audited it for more null pointer dereferences, and I didn't find any, for what that's worth). - Don't ever release leases in response to a DHCPDISCOVER (I think this was unlikely anyway, but why not be correct?). - Remove the shared-network example from the sample dhcpd.conf file. - Make ``make install'' make all first. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 13 - Support DESTDIR on installs. - Fix a bug in dhcp.c where a store through a null pointer would be made under some reasonably common circumstances. - Add test for ARPHRD_TUNNEL so that client and server do not fail on versions of Linux running IPsec implementations or the like. - Move tests for constants defined in O.S. headers into osdep.h - test for HAVE_whatever in .c files. Define relevant HAVE_whatevers in linux.h, so that versions of linux that define these constants as enums will still work. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 12 - Initialize the "quiet" variable in dhclient.c to zero (it was used without first having been initialized). - Fix the parser code for the authoritative keyword. - Adjust lease discovery code to NAK more aggressively for addresses the server knows it owns. - Add several new messages for DHCPNAK. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 11 - Use DLPI only on sparcs running Solaris, since it seems not to work on i386 boxes running Solaris for reasons yet to be determined. - In the client, close standard I/O descriptors when forking a daemon. - Don't let large lease lengths wrap lease expiry times - just use what fits into a TIME value. - Fix a bug in the SIOCGIFCONF interface scanning code. - Fix a core dump in the interface scanner that crops up on Linux when an interface is specified on the command line. - Don't use %D in strftime because egcs complains about it. - Print the error message if SO_BINDTODEVICE fails. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 10 - Update top-level Makefile so that it exits correctly on errors in submakes under bash/gnu make (dunno which is the culprit, and don't really care). - Print a more helpful message if no free BPF devices are found. - Add support for specifying that the server is or is not authoritative for a particular network segment. - Fix two stupid typos in lpf.c. - Print a more helpful message if we can't create an LPF socket or can't attach a filter to it. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 9 - Correct the hopelessly outdated information about Linux at the top of the README - many apologies to the Linux people who have had to read that nonsense for the past couple of snapshots and have been confused or annoyed by it. I simply hadn't read it recently, and didn't realize how out-of-date it was. - Print a message if the client finds no broadcast interfaces to configure. - Add support for use-lease-addr-for-default-route flag in server, so that Windows machines can be made to ARP for all addresses. - Update README file to mention new Linux gotchas. - After finally understanding Brian Murrel's code (my fault, not his) to get interface names from /proc/net/dev on Linux, fix what I broke of his code and document it. - Use sendto rather than send for SOCK_PACKET sockets, because they can't be connected, only bound. :'( - Fix up SOCK_PACKET creation so that the kernel doesn't complain about it. - Fix incorrect tests in linux client script: [ $relmajor == 2 ] -> [ $relmajor -eq 2 ] - Make typedefs for u8, u16 and u32 types. These are Linux kernel internal data types which are unfortunately exposed in the linux packetfilter header file. - Don't include in lpf.c - it defines things we're already correctly defining elsewhere, and doesn't define any useful new stuff. - Finally fix client PREINIT bug that causes interfaces not specified on the command line to be preinitialized. If no interfaces are specified on the command line, all interfaces are still preinitialized. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 8 - Fix socket API fallback setup code, which was causing Linux servers and clients to loop endlessly on select when run as daemons. - Add support for Linux 2.2 version number (treated the same as Linux 2.1, for now). - Correct apparent error in DHCPREQUEST destination address handling when in INIT-REBOOT state. - Do not set BROADCAST flag if we have a valid IP address. - Remove hard-coded filenames and use system-specific manifest constants. - Add entry and exit hooks to Linux dhclient-script (should be added to all operating systems once tested). - Test for linux major and minor version so as to correctly invoke network configuration programs. - Add support for Linux's gratuitous name change of bpf_insn structure (can't pollute precious Linux sources with the "Berkeley" word, I guess. - Correct USE_BPF_{SEND,RECEIVE} ifdefs for if_reinitialize_* functions. - Ensure that we have ifreq structure before initializing interface - if an interface was specified on the command line on Linux, this was not the case. - Get rid of references to enstamp structure in lpf.c. Correctly declare and initialize sock_fprog structure (aka bpf_filter structure on non-Linux machines). - Define ssize_t on Ultrix. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 7 - Generalize FDDI support. - Fix potential core dump in interface discovery code. - Put explicit release versions on startup messages. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 6 - Add support for Linux Packet Filter (thanks to Brian Murrell, Interlinx). - Add support for FDDI hardware type. - Fix a long-standing bug in DLPI support where the ethertype was being set incorrectly (thanks to Gong Wei, CCENet). - Don't use DLPI RAW mode on Solaris. - In the client, when a lease expires, the interface to which that lease is attached is unconfigured. On systems that use the socket API, the interface needs to then be reconfigured with the 0.0.0.0 address so that it can be used to get a new address. - Add fallback support for Linux. This fixes a problem with the relay agent when relaying over non-broadcast links, and may also fix some obscure problems with unicasting DHCPACKs in both the server and relay agent. - When allocating leases, if the oldest lease is abandoned, try to find a younger-but-still-expired lease rather than reclaiming the abandoned lease. - Add more documentation to README. - The absence of the /etc/dhclient.conf file is no longer considered an error. - The dhcp client's lease file name can be specified on the command line. - The DHCP client should no longer zap interfaces that it has not been directed to configure. - If a client starts up in the init-reboot state, the xid will be a "random" number rather than always being zero, as was previously the case. - In addition to comparing transaction IDs, compare hardware addresses in response packets to verify that they are ours. - Rewrite the client lease database after 20 leases have been written. - Fix the exponential backoff code. - Add a Y2k comment to indicate that something suspicious-looking is in fact _not_ a problem. - Use mkstemp if possible. - Add missing fi in various client scripts. - Use "search" instead of "domain" in linux resolv.conf files. - Specify a hop count in all route command on solaris. - If an allocation fails, don't try to zero out the allocation buffer we didn't get. - Support subnets that are subsets of other subnets - that is, for example, 10.0.1.0/24 and 10.0.0.0/16. This is useful in fairly obscure circumstances. - Don't set the lease end time if it's already expired. - Don't define INADDR_LOOPBACK on FreeBSD if it's already defined in a system header. - Use the broadcast address in the relay agent if we are using the BSD socket API. - Allow host declarations without names. - Allow the server identifier option to be specified. - Don't dump hostnames into the lease file if they contain non-printable characters. - Copy the entire client hardware address buffer that the client sends to the output packet, not just the portion of it that's supposedly significant according to the hardware address length field. This is done for the benefit of certain Microsoft clients. - Don't send a second ICMP echo request if we receive two DHCPDISCOVER messages in quick succession. This prevents a rather annoying timing race in configuring some Win95 clients. - Fix up dhcp-options man page to make it more readable. Note that netbios-name-server is the same thing as WINS. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 5 - Define some extra DLPI support flags that make DLPI work much better on Solaris. - Fix inet_aton prototype/declaration to match Internet Software Consortium BIND distribution. - Document new server-identifier functionality. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 4 - Do not use -Wstrict-prototypes on Solaris with gcc - if the Internet Software Consortium BIND distribution is not installed, this produces errors. - Actually use the new DLPI support on Solaris - although the code was added in Patchlevel 2, it wasn't enabled (blush). - Fix a prototype bug that's exposed when DLPI support is enabled on Solaris. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 3 - Fix a makefile botch that prevents the DHCP Distribution from from compiling on Solaris with gcc. Sigh. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 2 - Allow server-identifier in any scope. Use in-scope server identifier option rather than the default, if one exists. - Delete newlines from abandoned lease reclaimation warning. - Only release other applicable leases held by a client when the client sends a DHCPREQUEST. - Fix core dump when find_lease didn't find a lease. - Update dhcpd.leases man page. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 1 - Use -Wno-char-subscript on Solaris to prevent bogus warnings from gcc on Solaris 2.6. - Add support for Apple's new Rhapsody operating system. - Use DLPI on Solaris instead of using the BSD Sockets API. - Fix two network input buffer overflow problems which could allow an attacker to pervert the stack. - Fix an ancient typo that could theoretically cause memory corruption. - Sort abandoned leases in at current time rather than end of time. This allows abandoned leases to be reclaimed if there are no available free leases. - If a client explicitly requests a lease that's been abandoned, it's probably the system that was answering pings on that address, so let it have the lease. - Fix a bunch of type conversion errors that are flagged by the Solaris C compiler. CHANGES FROM VERSION 2.0 BETA 1 PATCHLEVEL 0 - Fix two potential buffer overflow problems. - Differentiate between versions of Linux for better success in compiling. - Fix bug in linux client script regarding routing setup. - Clarify socket API error message on multiple interfaces. - Fix broken comparison that was setting IP source address to zero. - Reclaim abandoned leases if we run out of free leases. CHANGES FROM THE DECEMBER 2, 1997 SNAPSHOT - Use %ld to print pid_t and cast pid_t values to long to avoid inconsistent declarations between different POSIX flavours. - Add support for ARPHRD_IEEE802 (token ring) hardware type. - If we own an address and a client requests it, but we can't assign it to that client, we now NAK it so that the client doesn't try to reuse it. CHANGES FROM THE JUNE SNAPSHOT - Support for NeXTstep 3.x and 4.x - Added man pages for dhcpd.leases, dhclient-script, dhclient.leases and dhclient.conf. Move general documentation of DHCP options into a seperate man page which is referred to by the dhclient.conf and dhcpd.conf man pages. - Updated README to answer some frequently asked questions. - Fixed a bug in command-line interface specification in dhclient - it was formerly not possible to specify that only certain interfaces be configured. - Do not leave client scripts lying around in /tmp after they've been used unless the -D flag is specified. - Add a new, non-standard, not-guaranteed-to-stay-the-same system configuration status message server which can be used to trigger the client to recheck its address, e.g., after a laptop has been put to sleep and then awakened (this has yet to be documented). - Fix handling of media selection in the REBOOT phase - previously the media type would not be remembered, which could cause severe delays in reacquiring an address if the default media type was wrong. - Allocate space for a NUL terminator on the end of client options - this was previously overlooked, and could cause garbage characters to be written to the temporary client script files. - Use mkstemp if it's available. - Supply network number and broadcast address to the client script so that on systems that need these values, they don't need to be computed with an awk script. - Keep a PID file for the client and the relay agent, and have the relay agent background itself by default. - Add client script for bsd/os, fix many niggling bugs in existing client scripts and add support for static routing tables to all bsd scripts. - Add a -q option to the client, server and relay agent so that they can be started from /etc/rc scripts without spewing a bunch of garbage on the console. By default, all three daemons still print startup messages, since these are helpful in bug reporting. - Don't print anything to stderr or stdout after going into background. - Fix bug where hostname keyword was not being recognized in dhcpd.leases file, resulting in the loss of lease database entries. - Fix problem on some operating systems where zero-length ifreq structures were being offset incorrectly when scanning the interface list on startup. - Unless a BOOTP client requests it, never send more than 64 bytes of options. - Don't ping static leases, since we don't have a lease structure on the heap to work with later. - Fixed a compile problem on Solaris 2.6. - Support interface aliases on Solaris. - Print day and month with leading zero in lease files if less than ten, for easier parsing by perl/sed/awk scripts. - Never make the lease database world writable, even if dhcpd is invoked with a bogus umask. - Fix DHCPRELEASE handling (before, addressed would never be released.) - If there is more than one lease for a particular client on a particular network, find the lease the client is asking for so as to avoid a cycle of NAKs. - If a BOOTP request is received from a particular client and that client has previously received a DHCP address, make sure that we still find a valid BOOTP lease so that we don't cycle through addresses. - Remove server-identifier option from documentation, other than to document that it has been deprecated. - Don't give up if we get an EINTR or EAGAIN while polling or selecting - these return statuses can occur spuriously without indicating a fatal problem. - Do not select for exceptions, since we don't handle them. This was causing massive CPU consumption on some systems. - When a DHCP client has been assigned a fixed address but had previously had a lease, it will request the old leased address. In such an event, send a DHCPNAK so that it will discover its new static binding.