Contributed by rueda on from the we-are-pleased-too dept.
With the following
commit,
Florian Obser (florian@
) imported
dhcpleased(8),
DHCP daemon to acquire IPv4 address leases
from servers, plus
dhcpleasectl(8),
a utility to control the daemon:
CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2021/02/26 09:16:37 Added files: sbin/dhcpleased: Makefile bpf.c bpf.h checksum.c checksum.h control.c control.h dhcpleased.8 dhcpleased.c dhcpleased.h engine.c engine.h frontend.c frontend.h log.c log.h usr.sbin/dhcpleasectl: Makefile dhcpleasectl.8 dhcpleasectl.c parser.c parser.h Log message: Import dhcpleased(8) - a dhcp daemon to acquire IPv4 address leases from servers.
dhcpleased(8) follows the well known three process design of all our privsep daemons. It uses pledge(2) and unveil(2) to restrict access further. In particular the "engine" process, responsible for parsing of untrusted data, is pledge'd "stdio". It cannot access the outside world nor the filesystem at all. Like slaacd(8) for IPv6 it will be always running and acquire addresses for all interface with the autoconf4 flag set. The flag can be set by "ifconfig $if inet autoconf" or by adding "inet autoconf" to /etc/hostname.if. An existing "dhcp" line should be removed. Various iterations tested by deraadt@ The hardest part, finding a name, was handled by jmatthew@ & otto@ "get to it :)" deraadt@
The new daemon is (linked to the build and) enabled by default.
(Comments are closed)
By Damon (oneofthedamons) undeadly@damon.sarahsempire.com on
What is the use case for this compared with dhclient(8)
Comments
By Damon (oneofthedamons) undeadly@damon.sarahsempire.com on
sorry that was a genuine question not a statement — truncated the question mark…
By Daniel Gracia (Paladdin) guardame_el_secreto@yahoo.es on https://www.egracia.es
Same. Advantage point is: 'dhcpleased(8) follows the well known three process design of all our privsep daemons. It uses pledge(2) and unveil(2) to restrict access further. In particular the "engine" process, responsible for parsing of untrusted data, is pledge'd "stdio". It cannot access the outside world nor the filesystem at all.'
By Brian Marshall (bmwl) brian.marshall@tolko.com on
Hello,
Will the rewrite of this daemon deal with the edge-case of ISPs who require DHCP for static addresses? I'm struggling with wiring up a Rube Goldberg collection of ifstated/dhclient/vether to make a CARP interface work somewhat reliably without stomping over the other interfaces or just outright not working...
I'm willing to help with (any combination of) code/compile/test this use case if there's an appetite to making it possible
Thanks!
-Brian