DHCPv6-PD, it seems some satellite-based internet provider sends PD from
a routable address rather than the usual link-local.
Based on a diff from William Graeber but I tweaked a little (mainly removed
the src addr limit from the outbound rule and use "received-on none" instead,
so that the local machine can send from any address without allowing forwarded
packets).
If we need to make an exception we can do it and properly document the
reason but by default we should just use the default login class.
rc.d uses daemon or the login class provided in login.conf.d so this has
no impact there.
discussed with sthen@, tb@ and robert@
praying that my grep/sed skills did not break anything and still
believing in portbump :-)
some improvements for control socket handling with privsep (one specific
thing this fixes is if you run "dhcpcd -U6 badger", i.e. invalid interface
name, previously dhcpcd would not accept any more control connections,
now it works as expected).
Once every few minutes dhcpcd prints two lines into /var/log/messages:
dhcpcd[89340]: make_env: Undefined error: 0
dhcpcd[89340]: script_runreason: Undefined error: 0
Apparently OpenBSD allows interfaces with the same priority number whereas
NetBSD doesn't. This would break the ordering used in the routes tree and
RB-tree insertion would fail. The upstream fix sets errno to make the log
messages more meaningful and fixes RB-tree insertion. It also plugs a leak
in this error path.
Fix from https://roy.marples.name/archives/dhcpcd-discuss/0003426.html
ok sthen
they were moved from a kernel header to src/usr.sbin/rad/rad.h
(ADV_PREFERRED_LIFETIME and ADV_VALID_LIFETIME). Use dhcpcd's own
constants instead. From florian@
DHCP: Ensure dhcp is running on the interface received from
BSD: Link handling has been simplified, however it is expected
that if an interface supports SIOCGIFMEDIA then it reports
the correct link status via route(4) for reliable operations
BPF: ARP filter is more robust
BSD and sun: Validate RTM message lengths
DHCPv6 (security): Fix a potential read overflow with D6_OPTION_PD_EXCLUDE
* auth: Use consttime_memequal to avoid latency attack
consttime_memequal is supplied if libc does not support it
dhcpcd >=6.2 <7.2.1 are vulnerable
* DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
dhcpcd >=4 <7.2.1 are vulnerable
* DHCPv6: Fix a potential buffer overflow reading NA/TA addresses
dhcpcd >=7 <7.2.1 are vulnerable
