[docker-dhcp-relay]: convert dhcp-relay docker to buster (#4671)

Upgrade isc-dhcp to 4.4.1-2 (buster version)
Update libevent dependency for dhcpmon to 2.1-6

Signed-off-by: Joyas Joseph <joyas_joseph@dell.com>
This commit is contained in:
joyas-joseph 2020-06-22 15:34:21 -07:00 committed by GitHub
parent 67987e9c0e
commit b48d274f69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 125 additions and 448 deletions

View File

@ -1,5 +1,5 @@
{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
FROM docker-config-engine-stretch
FROM docker-config-engine-buster
ARG docker_container_name
RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf

View File

@ -7,20 +7,18 @@ DOCKER_DHCP_RELAY_DBG = $(DOCKER_DHCP_RELAY_STEM)-$(DBG_IMAGE_MARK).gz
$(DOCKER_DHCP_RELAY)_PATH = $(DOCKERS_PATH)/$(DOCKER_DHCP_RELAY_STEM)
$(DOCKER_DHCP_RELAY)_DEPENDS += $(ISC_DHCP_RELAY) $(REDIS_TOOLS) $(SONIC_DHCPMON)
$(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_STRETCH)_DBG_DEPENDS)
$(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS)
$(DOCKER_DHCP_RELAY)_DBG_DEPENDS += $(ISC_DHCP_RELAY_DBG)
$(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_STRETCH)_DBG_IMAGE_PACKAGES)
$(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_IMAGE_PACKAGES)
$(DOCKER_DHCP_RELAY)_LOAD_DOCKERS = $(DOCKER_CONFIG_ENGINE_STRETCH)
$(DOCKER_DHCP_RELAY)_LOAD_DOCKERS = $(DOCKER_CONFIG_ENGINE_BUSTER)
SONIC_DOCKER_IMAGES += $(DOCKER_DHCP_RELAY)
SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_DHCP_RELAY)
SONIC_STRETCH_DOCKERS += $(DOCKER_DHCP_RELAY)
SONIC_DOCKER_DBG_IMAGES += $(DOCKER_DHCP_RELAY_DBG)
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DHCP_RELAY_DBG)
SONIC_STRETCH_DBG_DOCKERS += $(DOCKER_DHCP_RELAY_DBG)
$(DOCKER_DHCP_RELAY)_CONTAINER_NAME = dhcp_relay
$(DOCKER_DHCP_RELAY)_RUN_OPT += --privileged -t

View File

@ -1,12 +1,15 @@
# isc-dhcp packages
ISC_DHCP_VERSION = 4.3.5-2
ISC_DHCP_VERSION = 4.4.1
ISC_DHCP_VERSION_FULL = ${ISC_DHCP_VERSION}-2
export ISC_DHCP_VERSION
export ISC_DHCP_VERSION ISC_DHCP_VERSION_FULL
ISC_DHCP_RELAY = isc-dhcp-relay_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
ISC_DHCP_RELAY = isc-dhcp-relay_$(ISC_DHCP_VERSION_FULL)_$(CONFIGURED_ARCH).deb
$(ISC_DHCP_RELAY)_SRC_PATH = $(SRC_PATH)/isc-dhcp
SONIC_MAKE_DEBS += $(ISC_DHCP_RELAY)
ISC_DHCP_RELAY_DBG = isc-dhcp-relay-dbgsym_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
ISC_DHCP_RELAY_DBG = isc-dhcp-relay-dbgsym_$(ISC_DHCP_VERSION_FULL)_$(CONFIGURED_ARCH).deb
$(eval $(call add_derived_package,$(ISC_DHCP_RELAY),$(ISC_DHCP_RELAY_DBG)))
export ISC_DHCP_RELAY ISC_DHCP_RELAY_DBG

View File

@ -12,5 +12,5 @@ Package: sonic-dhcpmon
Architecture: any
Built-Using: ${misc:Built-Using}
Depends: libexplain51,
libevent-2.0-5
libevent-2.1-6
Description: SONiC DHCP Monitor

View File

@ -2,8 +2,8 @@
SHELL = /bin/bash
.SHELLFLAGS += -e
MAIN_TARGET = isc-dhcp-relay_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
DERIVED_TARGETS = isc-dhcp-relay-dbgsym_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
MAIN_TARGET = $(ISC_DHCP_RELAY)
DERIVED_TARGETS = $(ISC_DHCP_RELAY_DBG)
$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
# Remove any stale files
@ -16,7 +16,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
# Reset HEAD to the commit of the proper tag
# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
# which stg doesn't like, so we use this method instead
git reset --hard debian/$(ISC_DHCP_VERSION)
git reset --hard debian/$(ISC_DHCP_VERSION_FULL)
# Apply patches
stg init

View File

@ -8,7 +8,7 @@ Subject: [PATCH] Customizable Option 82 circuit ID and remote ID fields
1 file changed, 147 insertions(+), 24 deletions(-)
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 344cee7..7b4c1ef 100644
index 0cb2ef6..418b943 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -75,6 +75,8 @@ int bad_circuit_id = 0; /* Circuit ID option in matching RAI option
@ -19,8 +19,8 @@ index 344cee7..7b4c1ef 100644
+const char *agent_remote_id_fmt = NULL; /* Remote ID custom format string. */
int max_hop_count = 10; /* Maximum hop count */
#ifdef DHCPv6
@@ -148,9 +150,19 @@ static const char url[] =
int no_daemon = 0;
@@ -151,10 +153,20 @@ static const char url[] =
char *progname;
@ -35,35 +35,66 @@ index 344cee7..7b4c1ef 100644
+" %%I DHCP relay agent IP Address\n" \
+
#ifdef DHCPv6
#ifdef RELAY_PORT
#define DHCRELAY_USAGE \
-"Usage: %s [-4] [-d] [-q] [-a] [-D]\n"\
-"Usage: %s [-4] [-d] [-q] [-a] [-D]\n" \
+"Usage: %s [-4] [-d] [-q] [-a <circuit_id> <remote_id>] [-D]\n"\
" [-A <length>] [-c <hops>]\n" \
" [-p <port> | -rp <relay-port>]\n" \
" [-pf <pid-file>] [--no-pid]\n"\
@@ -171,11 +183,11 @@ char *progname;
" -l lower0 [ ... -l lowerN]\n" \
" -u upper0 [ ... -u upperN]\n" \
" lower (client link): [address%%]interface[#index]\n" \
-" upper (server link): [address%%]interface\n\n" \
+" upper (server link): [address%%]interface\n\n" DHCRELAY_OPTION82_USAGE \
" %s {--version|--help|-h}"
#else
#define DHCRELAY_USAGE \
-"Usage: %s [-4] [-d] [-q] [-a] [-D]\n" \
+"Usage: %s [-4] [-d] [-q] [-a <circuit_id> <remote_id>] [-D]\n"\
" [-A <length>] [-c <hops>] [-p <port>]\n" \
" [-pf <pid-file>] [--no-pid]\n"\
" [-m append|replace|forward|discard]\n" \
@@ -165,17 +177,18 @@ char *progname;
@@ -190,13 +202,13 @@ char *progname;
" -l lower0 [ ... -l lowerN]\n" \
" -u upper0 [ ... -u upperN]\n" \
" lower (client link): [address%%]interface[#index]\n" \
-" upper (server link): [address%%]interface"
+" upper (server link): [address%%]interface\n\n" DHCRELAY_OPTION82_USAGE
-" upper (server link): [address%%]interface\n\n" \
+" upper (server link): [address%%]interface\n\n" DHCRELAY_OPTION82_USAGE \
" %s {--version|--help|-h}"
#endif
#else /* !DHCPv6 */
#ifdef RELAY_PORT
#define DHCRELAY_USAGE \
-"Usage: %s [-d] [-q] [-a] [-D] [-A <length>] [-c <hops>]\n" \
+"Usage: %s [-d] [-q] [-a <circuit_id> <remote_id>] [-D] [-A <length>] [-c <hops>]\n" \
" [-p <port> | -rp <relay-port>]\n" \
" [-pf <pid-file>] [--no-pid]\n" \
" [-m append|replace|forward|discard]\n" \
@@ -204,18 +216,18 @@ char *progname;
" [-iu interface0 [ ... -iu interfaceN]\n" \
" [-id interface0 [ ... -id interfaceN]\n" \
" [-U interface]\n" \
-" server0 [ ... serverN]\n\n" \
+" server0 [ ... serverN]\n\n" DHCRELAY_OPTION82_USAGE \
" %s {--version|--help|-h}"
#else
#define DHCRELAY_USAGE \
-"Usage: %s [-d] [-q] [-a] [-D] [-A <length>] [-c <hops>] [-p <port>]\n" \
+"Usage: %s [-d] [-q] [-a <circuit_id> <remote_id>] [-D]\n" \
+" [-A <length>] [-c <hops>] [-p <port>]\n" \
+"Usage: %s [-d] [-q] [-a <circuit_id> <remote_id>] [-D] [-A <length>] [-c <hops>] [-p <port>]\n" \
" [-pf <pid-file>] [--no-pid]\n" \
" [-m append|replace|forward|discard]\n" \
" [-i interface0 [ ... -i interfaceN]\n" \
" [-iu interface0 [ ... -iu interfaceN]\n" \
" [-id interface0 [ ... -id interfaceN]\n" \
" [-U interface]\n" \
-" server0 [ ... serverN]\n\n"
+" server0 [ ... serverN]\n\n" DHCRELAY_OPTION82_USAGE
-" server0 [ ... serverN]\n\n" \
+" server0 [ ... serverN]\n\n" DHCRELAY_OPTION82_USAGE \
" %s {--version|--help|-h}"
#endif
/*!
@@ -354,6 +367,15 @@ main(int argc, char **argv) {
#endif
@@ -471,6 +483,15 @@ main(int argc, char **argv) {
local_family_set = 1;
local_family = AF_INET;
#endif
@ -79,7 +110,7 @@ index 344cee7..7b4c1ef 100644
add_agent_options = 1;
} else if (!strcmp(argv[i], "-A")) {
#ifdef DHCPv6
@@ -1050,6 +1072,81 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
@@ -1171,6 +1192,81 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
return (-1);
}
@ -161,7 +192,7 @@ index 344cee7..7b4c1ef 100644
/*
* Examine a packet to see if it's a candidate to have a Relay
* Agent Information option tacked onto its tail. If it is, tack
@@ -1059,9 +1156,12 @@ static int
@@ -1180,9 +1276,12 @@ static int
add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
unsigned length, struct in_addr giaddr) {
int is_dhcp = 0, mms;
@ -175,7 +206,7 @@ index 344cee7..7b4c1ef 100644
/* If we're not adding agent options to packets, we can skip
this. */
@@ -1195,17 +1295,40 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
@@ -1316,17 +1415,40 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
op = sp;
#endif
@ -227,7 +258,7 @@ index 344cee7..7b4c1ef 100644
}
if (adding_link_select) {
@@ -1224,7 +1347,7 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
@@ -1351,7 +1473,7 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
* If not, forward without adding the option.
*/
if (max - sp >= optlen + 3) {
@ -236,7 +267,7 @@ index 344cee7..7b4c1ef 100644
/* Okay, cons up *our* Relay Agent Information option. */
*sp++ = DHO_DHCP_AGENT_OPTIONS;
@@ -1232,16 +1355,16 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
@@ -1359,16 +1481,16 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
/* Copy in the circuit id... */
*sp++ = RAI_CIRCUIT_ID;

View File

@ -9,10 +9,10 @@ Subject: [PATCH] Support for obtaining name of physical interface that is a
1 file changed, 65 insertions(+), 2 deletions(-)
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 4659660..0f7d658 100644
index db1af9c..f2418e8 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -1072,6 +1072,47 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
@@ -1192,6 +1192,47 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
return (-1);
}
@ -60,7 +60,7 @@ index 4659660..0f7d658 100644
/*
* Format the message that will be used by circuit_id and remote_id
*/
@@ -1104,8 +1145,30 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
@@ -1224,8 +1265,30 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
break;
case 'p': /* Name of interface that we received the request from */

View File

@ -9,10 +9,10 @@ Subject: [PATCH] Support for loading port alias map file to replace port name
1 file changed, 104 insertions(+), 1 deletion(-)
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 0f7d658..797dac6 100644
index 00c81d3..54f132a 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -126,6 +126,14 @@ static void setup_streams(void);
@@ -129,6 +129,14 @@ static void setup_streams(void);
char *dhcrelay_sub_id = NULL;
#endif
@ -27,7 +27,7 @@ index 0f7d658..797dac6 100644
static void do_relay4(struct interface_info *, struct dhcp_packet *,
unsigned int, unsigned int, struct iaddr,
struct hardware *);
@@ -140,6 +148,10 @@ static int strip_relay_agent_options(struct interface_info *,
@@ -143,6 +151,10 @@ static int strip_relay_agent_options(struct interface_info *,
static void request_v4_interface(const char* name, int flags);
@ -36,9 +36,9 @@ index 0f7d658..797dac6 100644
+static void free_interface_alias_map(void);
+
static const char copyright[] =
"Copyright 2004-2016 Internet Systems Consortium.";
"Copyright 2004-2018 Internet Systems Consortium.";
static const char arr[] = "All rights reserved.";
@@ -155,7 +167,7 @@ char *progname;
@@ -158,7 +170,7 @@ char *progname;
"\n" \
" %%%% A single %%\n" \
" %%h Hostname of device\n" \
@ -47,23 +47,23 @@ index 0f7d658..797dac6 100644
" %%P Hardware address of interface that generated the request\n" \
" %%C Client hardware address\n" \
" %%I DHCP relay agent IP Address\n" \
@@ -166,6 +178,7 @@ char *progname;
" [-A <length>] [-c <hops>] [-p <port>]\n" \
@@ -171,6 +183,7 @@ char *progname;
" [-p <port> | -rp <relay-port>]\n" \
" [-pf <pid-file>] [--no-pid]\n"\
" [-m append|replace|forward|discard]\n" \
+" [--name-alias-map-file <name-alias-map-file>]\n" \
" [-i interface0 [ ... -i interfaceN]\n" \
" [-iu interface0 [ ... -iu interfaceN]\n" \
" [-id interface0 [ ... -id interfaceN]\n" \
@@ -173,6 +186,7 @@ char *progname;
" server0 [ ... serverN]\n\n" \
" %s -6 [-d] [-q] [-I] [-c <hops>] [-p <port>]\n" \
@@ -179,6 +192,7 @@ char *progname;
" %s -6 [-d] [-q] [-I] [-c <hops>]\n" \
" [-p <port> | -rp <relay-port>]\n" \
" [-pf <pid-file>] [--no-pid]\n" \
+" [--name-alias-map-file <name-alias-map-file>]\n" \
" [-s <subscriber-id>]\n" \
" -l lower0 [ ... -l lowerN]\n" \
" -u upper0 [ ... -u upperN]\n" \
@@ -503,6 +517,11 @@ main(int argc, char **argv) {
@@ -619,6 +633,11 @@ main(int argc, char **argv) {
no_dhcrelay_pid = ISC_TRUE;
} else if (!strcmp(argv[i], "--no-pid")) {
no_pid_file = ISC_TRUE;
@ -72,10 +72,10 @@ index 0f7d658..797dac6 100644
+ usage(use_noarg, argv[i-1]);
+ if (load_interface_alias_map(argv[i]) != 0)
+ log_fatal("Failed to load interface name-alias map.");
} else if (!strcmp(argv[i], "--version")) {
log_info("isc-dhcrelay-%s", PACKAGE_VERSION);
exit(0);
@@ -726,6 +745,7 @@ main(int argc, char **argv) {
} else if (argv[i][0] == '-') {
usage("Unknown command: %s", argv[i]);
} else {
@@ -841,6 +860,7 @@ main(int argc, char **argv) {
dispatch();
/* In fact dispatch() never returns. */
@ -83,7 +83,7 @@ index 0f7d658..797dac6 100644
return (0);
}
@@ -1151,6 +1171,7 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
@@ -1271,6 +1291,7 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
*/
if (packet->htype && !packet->giaddr.s_addr) {
int ret = 0, vlanid = 0;
@ -91,7 +91,7 @@ index 0f7d658..797dac6 100644
ret = _bridgefdbquery(print_hw_addr(packet->htype, packet->hlen, packet->chaddr),
ifname,
@@ -1167,6 +1188,18 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
@@ -1287,6 +1308,18 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
strncpy(ifname, ip->name, IFNAMSIZ);
}
@ -110,7 +110,7 @@ index 0f7d658..797dac6 100644
str = ifname;
}
break;
@@ -2096,3 +2129,73 @@ void request_v4_interface(const char* name, int flags) {
@@ -2313,3 +2346,73 @@ void request_v4_interface(const char* name, int flags) {
interface_snorf(tmp, (INTERFACE_REQUESTED | flags));
interface_dereference(&tmp, MDL);
}

View File

@ -9,15 +9,15 @@ Subject: [PATCH 1/3] Add --enable-use-sockets to configure flags in
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/rules b/debian/rules
index 114606b..9919237 100755
index d3fcc1d..2a7219d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -23,7 +23,7 @@ CFLAGS+=-D_PATH_DHCLIENT_CONF='\"/etc/dhcp/dhclient.conf\"'
@@ -24,7 +24,7 @@ CFLAGS+=-D_PATH_DHCLIENT_CONF='\"/etc/dhcp/dhclient.conf\"'
CFLAGS+=-D_PATH_DHCLIENT_DB='\"$(LEASE_PATH)/dhclient.leases\"'
CFLAGS+=-D_PATH_DHCLIENT6_DB='\"$(LEASE_PATH)/dhclient6.leases\"'
-CONFFLAGS=--prefix=/usr --enable-log-pid --enable-paranoia
+CONFFLAGS=--prefix=/usr --enable-log-pid --enable-paranoia --enable-use-sockets
-CONFFLAGS=--prefix=/usr --with-libbind=/usr --enable-log-pid --enable-paranoia
+CONFFLAGS=--prefix=/usr --with-libbind=/usr --enable-log-pid --enable-paranoia --enable-use-sockets
# cross-architecture building
ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))

View File

@ -12,10 +12,10 @@ Subject: [PATCH 3/3] If destination of BOOTREQUEST is directed broadcast,
3 files changed, 131 insertions(+), 16 deletions(-)
diff --git a/common/discover.c b/common/discover.c
index 8e7f632..73eb8a9 100644
index 98ac46a..53afecc 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -227,6 +227,7 @@ struct iface_conf_list {
@@ -236,6 +236,7 @@ struct iface_conf_list {
struct iface_info {
char name[IF_NAMESIZE+1]; /* name of the interface, e.g. "bge0" */
struct sockaddr_storage addr; /* address information */
@ -23,17 +23,9 @@ index 8e7f632..73eb8a9 100644
isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
};
@@ -401,6 +402,7 @@ struct iface_conf_list {
struct iface_info {
char name[IFNAMSIZ]; /* name of the interface, e.g. "eth0" */
struct sockaddr_storage addr; /* address information */
+ struct sockaddr_storage netmask; /* netmask information */
isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
};
@@ -576,6 +578,17 @@ next_iface4(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
@@ -367,6 +368,17 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
}
memcpy(&info->addr, &tmp.ifr_addr, sizeof(tmp.ifr_addr));
info->flags = tmp.lifr_flags;
+ if (ioctl(ifaces->sock, SIOCGIFNETMASK, &tmp) < 0) {
+ if (errno == EADDRNOTAVAIL) {
@ -46,10 +38,10 @@ index 8e7f632..73eb8a9 100644
+ }
+ memcpy(&info->netmask, &tmp.ifr_netmask, sizeof(tmp.ifr_netmask));
+
memset(&tmp, 0, sizeof(tmp));
strncpy(tmp.ifr_name, name, sizeof(tmp.ifr_name) - 1);
if (ioctl(ifaces->sock, SIOCGIFFLAGS, &tmp) < 0) {
@@ -780,6 +793,7 @@ struct iface_conf_list {
ifaces->next++;
*err = 0;
return 1;
@@ -410,6 +422,7 @@ struct iface_conf_list {
struct iface_info {
char name[IFNAMSIZ]; /* name of the interface, e.g. "bge0" */
struct sockaddr_storage addr; /* address information */
@ -57,7 +49,7 @@ index 8e7f632..73eb8a9 100644
isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
};
@@ -840,7 +854,8 @@ end_iface_scan(struct iface_conf_list *ifaces) {
@@ -487,7 +500,8 @@ end_iface_scan(struct iface_conf_list *ifaces) {
/* XXX: perhaps create drealloc() rather than do it manually */
void
add_ipv4_addr_to_interface(struct interface_info *iface,
@ -67,11 +59,10 @@ index 8e7f632..73eb8a9 100644
/*
* We don't expect a lot of addresses per IPv4 interface, so
* we use 4, as our "chunk size" for collecting addresses.
@@ -851,6 +866,12 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
@@ -498,6 +512,11 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
log_fatal("Out of memory saving IPv4 address "
"on interface.");
}
+
+ iface->netmasks = dmalloc(4 * sizeof(struct in_addr), MDL);
+ if (iface->netmasks == NULL) {
+ log_fatal("Out of memory saving IPv4 netmask "
@ -80,14 +71,7 @@ index 8e7f632..73eb8a9 100644
iface->address_count = 0;
iface->address_max = 4;
} else if (iface->address_count >= iface->address_max) {
@@ -863,14 +884,28 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
log_fatal("Out of memory saving IPv4 address "
"on interface.");
}
- memcpy(tmp,
- iface->addresses,
+ memcpy(tmp,
+ iface->addresses,
@@ -515,9 +534,23 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
iface->address_max * sizeof(struct in_addr));
dfree(iface->addresses, MDL);
iface->addresses = tmp;
@ -112,7 +96,7 @@ index 8e7f632..73eb8a9 100644
}
#ifdef DHCPv6
@@ -1005,6 +1040,7 @@ discover_interfaces(int state) {
@@ -656,6 +689,7 @@ discover_interfaces(int state) {
if ((info.addr.ss_family == AF_INET) &&
(local_family == AF_INET)) {
struct sockaddr_in *a = (struct sockaddr_in*)&info.addr;
@ -120,7 +104,7 @@ index 8e7f632..73eb8a9 100644
struct iaddr addr;
/* We don't want the loopback interface. */
@@ -1019,7 +1055,7 @@ discover_interfaces(int state) {
@@ -670,7 +704,7 @@ discover_interfaces(int state) {
if (a->sin_addr.s_addr != htonl(INADDR_ANY))
tmp->configured = 1;
@ -130,10 +114,10 @@ index 8e7f632..73eb8a9 100644
/* invoke the setup hook */
addr.len = 4;
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 261714d..89bfe82 100644
index df3da59..2c7f059 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -1347,6 +1347,9 @@ struct interface_info {
@@ -1369,6 +1369,9 @@ struct interface_info {
struct in_addr *addresses; /* Addresses associated with this
* interface.
*/
@ -144,7 +128,7 @@ index 261714d..89bfe82 100644
int address_max; /* Size of addresses buffer. */
struct in6_addr *v6addresses; /* IPv6 addresses associated with
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index c9b6d8e..8aac4b3 100644
index 54f132a..beae977 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -30,6 +30,7 @@
@ -155,7 +139,7 @@ index c9b6d8e..8aac4b3 100644
#include <isc/file.h>
TIME default_lease_time = 43200; /* 12 hours... */
@@ -881,20 +882,95 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet,
@@ -1001,20 +1002,95 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet,
/* Otherwise, it's a BOOTREQUEST, so forward it to all the
servers. */
for (sp = servers; sp; sp = sp->next) {

View File

@ -1,47 +0,0 @@
From: Thomas Markwalder <tmark@isc.org>
Date: Thu, 7 Dec 2017 11:23:36 -0500
Subject: [master] Plugs a socket descriptor leak in OMAPI
Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
Bug: https://bugs.isc.org/Public/Bug/Display.html?id=46767
Bug-Debian: https://bugs.debian.org/887413
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-3144
Merges in rt46767.
---
diff --git a/omapip/buffer.c b/omapip/buffer.c
index 6e0621b5..a21f0a80 100644
--- a/omapip/buffer.c
+++ b/omapip/buffer.c
@@ -565,6 +565,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
omapi_buffer_dereference (&buffer, MDL);
}
}
+
+ /* If we had data left to write when we're told to disconnect,
+ * we need recall disconnect, now that we're done writing.
+ * See rt46767. */
+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+ omapi_disconnect (h, 1);
+ return ISC_R_SHUTTINGDOWN;
+ }
+
return ISC_R_SUCCESS;
}
diff --git a/omapip/message.c b/omapip/message.c
index ee15d821..37abbd25 100644
--- a/omapip/message.c
+++ b/omapip/message.c
@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
}
#ifdef DEBUG_PROTOCOL
-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
switch (op) {
case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
--
2.16.2

View File

@ -1,13 +0,0 @@
diff --git a/common/discover.c b/common/discover.c
index 3cd64a7..c85d18c 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -547,7 +547,7 @@ next_iface4(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
log_error("Interface name '%s' too long", name);
return 0;
}
- strncpy(info->name, name, sizeof(info->name) - 1);
+ strncpy(info->name, name, sizeof(info->name));
#ifdef ALIAS_NAMED_PERMUTED
/* interface aliases look like "eth0:1" or "wlan1:3" */

View File

@ -1,131 +0,0 @@
From: Thomas Markwalder <tmark@isc.org>
Date: Fri, 9 Feb 2018 14:46:08 -0500
Subject: [master] Corrected refcnt loss in option parsing
Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8
Bug: https://bugs.isc.org/Public/Bug/Display.html?id=47140
Bug-Debian: https://bugs.debian.org/891785
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5733
Merges in 47140.
---
--- a/common/options.c
+++ b/common/options.c
@@ -177,6 +177,8 @@ int parse_option_buffer (options, buffer
/* If the length is outrageous, the options are bad. */
if (offset + len > length) {
+ /* Avoid reference count overflow */
+ option_dereference(&option, MDL);
reason = "option length exceeds option buffer length";
bogus:
log_error("parse_option_buffer: malformed option "
--- a/common/tests/Makefile.am
+++ b/common/tests/Makefile.am
@@ -10,7 +10,8 @@ ATF_TESTS =
if HAVE_ATF
-ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest
+ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest \
+ option_unittest
alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
alloc_unittest_LDADD = $(ATF_LDFLAGS)
@@ -36,6 +37,14 @@ ns_name_unittest_LDADD += ../libdhcp.a
../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
$(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
+option_unittest_SOURCES = option_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+option_unittest_LDADD = $(ATF_LDFLAGS)
+option_unittest_LDADD += ../libdhcp.@A@ ../../omapip/libomapi.@A@ \
+ @BINDLIBIRSDIR@/libirs.@A@ \
+ @BINDLIBDNSDIR@/libdns.@A@ \
+ @BINDLIBISCCFGDIR@/libisccfg.@A@ \
+ @BINDLIBISCDIR@/libisc.@A@
+
check: $(ATF_TESTS)
@if test $(top_srcdir) != ${top_builddir}; then \
cp $(top_srcdir)/common/tests/Atffile Atffile; \
--- /dev/null
+++ b/common/tests/option_unittest.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+#include <atf-c.h>
+#include "dhcpd.h"
+
+ATF_TC(option_refcnt);
+
+ATF_TC_HEAD(option_refcnt, tc)
+{
+ atf_tc_set_md_var(tc, "descr",
+ "Verify option reference count does not overflow.");
+}
+
+/* This test does a simple check to see if option reference count is
+ * decremented even an error path exiting parse_option_buffer()
+ */
+ATF_TC_BODY(option_refcnt, tc)
+{
+ struct option_state *options;
+ struct option *option;
+ unsigned code;
+ int refcnt;
+ unsigned char buffer[3] = { 15, 255, 0 };
+
+ initialize_common_option_spaces();
+
+ options = NULL;
+ if (!option_state_allocate(&options, MDL)) {
+ atf_tc_fail("can't allocate option state");
+ }
+
+ option = NULL;
+ code = 15; /* domain-name */
+ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
+ &code, 0, MDL)) {
+ atf_tc_fail("can't find option 15");
+ }
+ if (option == NULL) {
+ atf_tc_fail("option is NULL");
+ }
+ refcnt = option->refcnt;
+
+ buffer[0] = 15;
+ buffer[1] = 255; /* invalid */
+ buffer[2] = 0;
+
+ if (parse_option_buffer(options, buffer, 3, &dhcp_universe)) {
+ atf_tc_fail("parse_option_buffer is expected to fail");
+ }
+
+ if (refcnt != option->refcnt) {
+ atf_tc_fail("refcnt changed from %d to %d", refcnt, option->refcnt);
+ }
+}
+
+/* This macro defines main() method that will call specified
+ test cases. tp and simple_test_case names can be whatever you want
+ as long as it is a valid variable identifier. */
+ATF_TP_ADD_TCS(tp)
+{
+ ATF_TP_ADD_TC(tp, option_refcnt);
+
+ return (atf_no_error());
+}

View File

@ -1,144 +0,0 @@
From: Thomas Markwalder <tmark@isc.org>
Date: Sat, 10 Feb 2018 12:15:27 -0500
Subject: [master] Correct buffer overrun in pretty_print_option
Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d
Bug: https://bugs.isc.org/Public/Bug/Display.html?id=47139
Bug-Debian: https://bugs.debian.org/891786
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5732
Merges in rt47139.
---
diff --git a/common/options.c b/common/options.c
index 6f23bc15..fc0e0889 100644
--- a/common/options.c
+++ b/common/options.c
@@ -1776,7 +1776,8 @@ format_min_length(format, oc)
/* Format the specified option so that a human can easily read it. */
-
+/* Maximum pretty printed size */
+#define MAX_OUTPUT_SIZE 32*1024
const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
struct option *option;
const unsigned char *data;
@@ -1784,8 +1785,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
int emit_commas;
int emit_quotes;
{
- static char optbuf [32768]; /* XXX */
- static char *endbuf = &optbuf[sizeof(optbuf)];
+ /* We add 128 byte pad so we don't have to add checks everywhere. */
+ static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */
+ static char *endbuf = optbuf + MAX_OUTPUT_SIZE;
int hunksize = 0;
int opthunk = 0;
int hunkinc = 0;
@@ -2211,7 +2213,14 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
log_error ("Unexpected format code %c",
fmtbuf [j]);
}
+
op += strlen (op);
+ if (op >= endbuf) {
+ log_error ("Option data exceeds"
+ " maximum size %d", MAX_OUTPUT_SIZE);
+ return ("<error>");
+ }
+
if (dp == data + len)
break;
if (j + 1 < numelem && comma != ':')
diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c
index 36236b84..cd52cfb4 100644
--- a/common/tests/option_unittest.c
+++ b/common/tests/option_unittest.c
@@ -43,7 +43,7 @@ ATF_TC_BODY(option_refcnt, tc)
if (!option_state_allocate(&options, MDL)) {
atf_tc_fail("can't allocate option state");
}
-
+
option = NULL;
code = 15; /* domain-name */
if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
@@ -68,12 +68,75 @@ ATF_TC_BODY(option_refcnt, tc)
}
}
+ATF_TC(pretty_print_option);
+
+ATF_TC_HEAD(pretty_print_option, tc)
+{
+ atf_tc_set_md_var(tc, "descr",
+ "Verify pretty_print_option does not overrun its buffer.");
+}
+
+
+/*
+ * This test verifies that pretty_print_option() will not overrun its
+ * internal, static buffer when given large 'x/X' format options.
+ *
+ */
+ATF_TC_BODY(pretty_print_option, tc)
+{
+ struct option *option;
+ unsigned code;
+ unsigned char bad_data[32*1024];
+ unsigned char good_data[] = { 1,2,3,4,5,6 };
+ int emit_commas = 1;
+ int emit_quotes = 1;
+ const char *output_buf;
+
+ /* Initialize whole thing to non-printable chars */
+ memset(bad_data, 0x1f, sizeof(bad_data));
+
+ initialize_common_option_spaces();
+
+ /* We'll use dhcp_client_identitifer because it happens to be format X */
+ code = 61;
+ option = NULL;
+ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
+ &code, 0, MDL)) {
+ atf_tc_fail("can't find option %d", code);
+ }
+
+ if (option == NULL) {
+ atf_tc_fail("option is NULL");
+ }
+
+ /* First we will try a good value we know should fit. */
+ output_buf = pretty_print_option (option, good_data, sizeof(good_data),
+ emit_commas, emit_quotes);
+
+ /* Make sure we get what we expect */
+ if (!output_buf || strcmp(output_buf, "1:2:3:4:5:6")) {
+ atf_tc_fail("pretty_print_option did not return \"<error>\"");
+ }
+
+
+ /* Now we'll try a data value that's too large */
+ output_buf = pretty_print_option (option, bad_data, sizeof(bad_data),
+ emit_commas, emit_quotes);
+
+ /* Make sure we safely get an error */
+ if (!output_buf || strcmp(output_buf, "<error>")) {
+ atf_tc_fail("pretty_print_option did not return \"<error>\"");
+ }
+}
+
+
/* This macro defines main() method that will call specified
test cases. tp and simple_test_case names can be whatever you want
as long as it is a valid variable identifier. */
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, option_refcnt);
+ ATF_TP_ADD_TC(tp, pretty_print_option);
return (atf_no_error());
}
--
2.16.2

View File

@ -6,8 +6,4 @@
0005-Add-enable-use-sockets-to-configure-flags-in-debian-.patch
0006-Bugfix-Ensure-HAVE_SO_BINDTODEVICE-has-a-chance-to-b.patch
0007-If-destination-of-BOOTREQUEST-is-directed-broadcast-.patch
0008-CVE-2017-3144.patch
0009-CVE-2018-5733.patch
0010-CVE-2018-5732.patch
0008-interface-name-maxlen-crash.patch
0012-Don-t-skip-down-interfaces-when-discovering-interfac.patch
0008-Don-t-skip-down-interfaces-when-discovering-interfac.patch