summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-10-08dhcpv6: Add error checks to message parsersAnatole Denis
There were missing error checks in the Message and RelayMessage parsers, so that truncated headers would be incorrectly accepted as valid messages. For example the single byte "0" (0x30) would be accepted as a valid message, then reserialized to 0x30,0x00,0x00,0x00,0x00 Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-10-08dhcpv6: Reject empty messagesAnatole Denis
The uio library doesn't report errors on a per-operation basis, but accumulates them so they can be checked after a batch of operations in a separate Error() function. Unfortunately this makes it easy to forget, thus parse incorrect messages go-fuzz found immediately that an empty message would be parsed without error, and reserialize to a different message (one with some bytes of zeros) Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-10-07dhcpv6: Add a fuzzing entrypoint for go-fuzzAnatole Denis
This adds the required function for running [go-fuzz](https://github.com/dvyukov/go-fuzz) on the dhcpv6 library. It tests the following behaviour: * Parsing messages doesn't crash * Parsed messages are identical after being serialized and deserialized Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-10-02Merge pull request #323 from Natolumin/return_concrete_type_from_conn_creationPablo Mazzini
server{4,6}: Return UDPConn from NewIPv*UDPConn
2019-10-01server{4,6}: Return UDPConn from NewIPv*UDPConnAnatole Denis
The concrete type under the interface is known here since we create the connection in the same function. Since *net.UDPConn implements net.PacketConn anyway, returning the concrete type here is more powerful and less risky than having downstream users cast the value themselves There should be no code change for downstream users, with the exception of explicit casts (`udpc := conn.(*net.UDPConn)`), which can simply be removed Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-09-25dhcpv6: simplify boot file URLChris Koch
Signed-off-by: Chris Koch <chrisko@google.com>
2019-09-25server6: allow nil IP in addition to unspecifiedChris K
Signed-off-by: Chris Koch <chrisko@google.com>
2019-09-25dhcpv4: combine small filesChris Koch
Signed-off-by: Chris Koch <chrisko@google.com>
2019-09-24nclient6: copy & paste log infra to v6Chris Koch
Signed-off-by: Chris Koch <chrisko@google.com>
2019-09-23Merge pull request #316 from Natolumin/v6_multicast_fixPablo Mazzini
DHCPv6 Server multicast handling improvements
2019-09-18server6: Create UDP conn manually for more controlAnatole Denis
Similar to server4 where the UDP connection is manually created using the socket interfaces, this creates a connection with adequate options: * SO_BINDTODEVICE or equivalent if an interface is requested * V6ONLY when supported by the operating system * Allows binding to a multicast address specifically instead of falling back to wildcard Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-09-17dhcpv4: Move BindToInterface to interfaces packageAnatole Denis
This moves the implementations of the BindToInterface to the interfaces/ package, since they aren't ipv4-specific. The BindToInterface function remains in dhcpv4 (simply wraps the one in interfaces) to keep backwards-compatibility Additionally, fold bindtodevice_darwin into bindtodevice_bsd: darwin is mostly a BSD, and happens to support IP_RECVIF, so use that instead of IP_BOUND_IF, which only affects sends, not receives according to the code comments in bsd/netinet/ip_output.c as well as being v4-only Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-09-17server6: Fix listening on multicast addressesAnatole Denis
Joining a multicast group with an address that can't be received on a socket is ineffective, at least on linux. This updates the logic of NewServer in a mostly backwards-compatible way, to enable listening on arbitrary multicast addresses: * Unicast addresses see no user-visible change, but don't join a multicast group for which they don't receive traffic anyway * Multicast addresses start actually receiving traffic for the group they represent, and don't join the default group. **this is a behaviour change**: previously they would receive traffic for the default group if it was on the same port and **not** for the group they represent. I consider that previous behaviour a bug * Wildcard addresses, if on the proper port, will join both AllDHCPRelayAgentsAndServers and AllDHCPServers **this is a behaviour change**: previously only AllDHCPRelayAgentsAndServers was joined * Wildcard addresses on another port: no visible change, same as unicast case Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-09-16dhcpv4: Mark all options as requested absent PRL (#315)Anatole Denis
In DHCPv4, when the ParameterRequestList option is not present in a request, it should be assumed that the client wants to receive all the options that the server is able to send. This changes the IsOptionRequested method of dhcpv4.DHCPv4 to return true for any request in that situation. The reasoning is based on this wording in [RFC2131ยง3.5](https://tools.ietf.org/html/rfc2131#section-3.5): > Not all clients require initialization of all parameters listed in > Appendix A. Two techniques are used to reduce the number of > parameters transmitted from the server to the client. [...] Second, in > its initial DHCPDISCOVER or DHCPREQUEST message, a client may provide > the server with a list of specific parameters the client is interested > in. Signed-off-by: Anatole Denis <natolumin@unverle.fr>
2019-09-12Increase DHCPv4 IP TTL from 30 to 64 (#314)Ross Hanson
RFC 1700 recommends a value of 64 for the default IP time to live (TTL) parameter. This is only necessary for the V4 client because it uses the net.PacketConn, while the IPv6 implementation uses a net.UDPConn instead. From https://tools.ietf.org/html/rfc1700: IP TIME TO LIVE PARAMETER The current recommended default time to live (TTL) for the Internet Protocol (IP) [45,105] is 64. Signed-off-by: Ross Hanson <rosshanson@google.com>
2019-08-14Bind interface fix (#310)borna-blazevic
Added a bind to interface functionality.
2019-07-29server4: set peer to broadcast if client IP is zeroChris Koch
Clients without an IP set their source address to 0.0.0.0, so the peer returned by ReadFrom may not actually be the address to send to. Clients without an IP should have their response broadcast. Signed-off-by: Chris Koch <chrisko@google.com>
2019-07-22Fixed unnecessary conversions in dhcpv6 (#305)Christian Muehlhaeuser
No need to convert here.
2019-07-22Fixed unnecessary conversions (#304)Christian Muehlhaeuser
No need to convert these types.
2019-07-22Fixed typos in dhcpv4 (#303)Christian Muehlhaeuser
Simple, nit-picky typo fixes.
2019-07-12add contributors to ZTP packagePablo Mazzini
2019-07-05v4 discover: don't ask for broadcastChris Koch
Usually this is used for clients that don't know how to receive any other packets. We can deal with both a unicast or broadcast response packet, so let's let the server decide on its own. Signed-off-by: Chris Koch <chrisko@google.com>
2019-07-05README: add link to godocChris K
Signed-off-by: Chris Koch <chrisko@google.com>
2019-06-27dhcpv4: actually use random number timeoutChris Koch
Signed-off-by: Chris Koch <chrisko@google.com>
2019-06-20Fix TravisCI build (#297)insomniac
2019-06-19dhcpv4: make the short stringer more usefulChris Koch
Nobody gives a hoot about the hardware type. Signed-off-by: Chris Koch <chrisko@google.com>
2019-06-19nclient4: add logging optionsChris Koch
Signed-off-by: Chris Koch <chrisko@google.com>
2019-05-24Changing Arista cid regex forprepended bytes (#293)Akshay Navale
2019-05-22Ignore bytes after end of IP packet in BroadcastRawUDPConn.ReadFrom (#292)lprylli
When reading raw packets from the network, it can happen that the raw ethernet packet read has undefined bytes after the end of the ip packet (either from the network or in some cases from the local stack). Those bytes should not be passed to the dhcp-receiver otherwise the option parser which is picky about final padding byte will silently discard the dhcp-reply. Rename ipLen, udpLen variables with more explicit names to avoid confusion between header, payload, total length possibly considered in this function. Tested: ast2500 bmc reproducing the issue + existing go test for coverage. Signed-off-by: Loic Prylli <lprylli@netflix.com>
2019-05-15Adding Juniper EX pattern for circuit parsing (#291)Akshay Navale
2019-05-14Remove SHIFT IN character bytes from Circuit ID (#289)Akshay Navale
2019-05-14Improve compatibility with some ipv4 networks.Loic Prylli
- dnsmasq has been seen to null-terminate the bootfile option, similar treament can occur for tftp-servername (although tftp-servername option usage is less common). - for the gateway information to be present in final packet, the Router option should be queried again in request as in discover (which matches behavior of udhcpc/dhclient). Tested: pxeboot with u-root on dnsmask/ipv4 client. Signed-off-by: Loic Prylli <lprylli@netflix.com>
2019-05-09NewReplyFromRequest: copy gw ipPablo Mazzini
2019-05-09NewReplyFromRequest: copy gw ipPablo Mazzini
2019-05-09Adding RemoteID option while creating a Relayed Encapsulated Packet (#282)Akshay Navale
2019-05-09[dhcpv4] Do not Gateway IP address on packets sent by clients (#287)Marco Guerri
Relays might drop packets coming from clients if they have the Gateway IP set. This modifier is supposed to be used by relays: `WithReply` is used only by clients.
2019-05-08[CI] Added lintersAndrea Barberio
Now the CI will also run golangci-lint Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-05-08Addressed more linter warningsAndrea Barberio
Mostly addressed missing error checking. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-05-08Addressed various linter warningsAndrea Barberio
Mostly for dead code and potentially wrong comparisons. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-05-02[dhcpv6] Handle SOLICIT with rapid commit in NewReplyFromMessageAndrea Barberio
NewReplyFromMessage creates a reply from a message. With this patch it can handle Solicit messages with rapid-commit. RFC3315 states that: ``` If the client has included a Rapid Commit option in its Solicit message, the client terminates the waiting process as soon as a Reply message with a Rapid Commit option is received. ``` Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-30[netboot] Return error when there is oneAndrea Barberio
The current implementation has a bug, so that it always returns `nil`, even when an error happened. This PR fixes it. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-29[server6] Server should join multicast addressAndrea Barberio
The previous logic was wrong - there's no "listening" on multicast address, the server should listen on the given address, and join the multicast group. This PR fixes it. Also moved the multicast addresses to a common package. Tested with unit/integ tests, and with coredhcp. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-29[netboot] use rtnl packageAndrea Barberio
After adding the higher-level [rtnl package](https://github.com/jsimonetti/rtnetlink/pull/44) let's switch to it. Pending https://github.com/jsimonetti/rtnetlink/pull/50 Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-24[dhcpv6] Solicit messages derive default IAID from MAC addressAndrea Barberio
IAID must be set by the client. This patch generates the IAID from the MAC address of the interface. To do so, a new WithIAID modifier is added, the interface of NewSolicitWithCID now requires a hwaddr parameter, and NewAdvertiseFromSolicit copies the IA_NA option from the solicit if present. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-23Revert "[dhcpv6] Solicit messages derive default IAID from MAC address"Andrea Barberio
This reverts commit b071bdc86a58037f6c745647c97fca202f3caef9. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-23[dhcpv6] Solicit messages derive default IAID from MAC addressAndrea Barberio
IAID must be set by the client. This patch generates the IAID from the MAC address of the interface. To do so, a new WithIAID modifier is added, the interface of NewSolicitWithCID now requires a hwaddr parameter, and NewAdvertiseFromSolicit copies the IA_NA option from the solicit if present. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-17nclient4: fix conn race conditionChristopher Koch
Why did I ever think this would work?? Signed-off-by: Christopher Koch <chrisko@google.com>
2019-04-17[server] Serve returns an error, and closes when doneAndrea Barberio
Server6 and Server4 had Serve methods that return without reporting an error, changed in this PR. Serve now also closes the connection when done. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-15Replace vishvananda/netlink with jsimonetti/rtnetlink (#271)insomniac
Fixes #257 And saves ~100kb. Signed-off-by: Andrea Barberio <insomniac@slackware.it>
2019-04-09Update .travis.ymlinsomniac