dhcp-4.3.6

[bdubbs@…]

New point version.

[Armin K]

This release doesn't need the client script patch. Similar version was merged upstream.

[bdubbs@…]

The major "theme" for ISC DHCP 4.3.x was to update the support for DHCPv6 to include several of the features that have been available for DHCPv4. These include:

• Support the use of classes

• Support for on_commit, on_expiry and on_release statements

• Better logging of address assignments

• Support for using DHCPv6 relay options in expressions

This release also adds support for the standard DDNS as described in the current RFCs as well as enhancing support for dynamically adding and removing subclasses via OMAPI.

There are a number of DHCPv6 limitations and features missing in this release, which will be addressed in the future:

• Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.

• DHCPv6 includes human-readable text in status code messages, in English. A method to reconfigure or support other languages would be preferable.

• The "host-identifier" option is limited to a simple token.

• The client and server can only operate DHCPv4 or DHCPv6 at a time, not both. To use both protocols simultaneously, two instances of the relevant daemon are required, one with the '-6' command line option.

Changes since 4.3.5

• The server now allows the client identifier (option 61) to own leases in more than one subnet concurrently. Prior to this the server would incorrectly release an existing lease in one subnet prior to assigning a lease in another subnet. Note that the prior behavior can be still be achieved by enabling one-lease-per-client. Thanks to both David Zych at the University of Illinois and Norm Proffitt of Infoblox for reporting the issue; and Norm for suggesting a solution. [ISC-Bugs #41358]

• When replying to a DHCPINFORM, the server will now include options specified at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. Prior to this the server only evaluated options down to the subnet scope. Thanks to Fernando Soto at BlueCat Networks for reporting the issue. [ISC-Bugs #43219] [ISC-Bugs #45051]

• When memory allocation fails in a repeated way the process writes "Run out of memory." on the standard error and exists with status 1. [ISC-Bugs #32744]

• The new lmdb (Lightning Memory DataBase) bind9 configure option is now disabled by default to avoid the presence of this library to be detected which can lead to a link failure. [ISC-Bugs #45069]

• The linux interface discovery code has been modified to use getifaddrs() as is done for BSD and OS-X. Prior to this the code would only recognize the first address on an interface and thereby omit vlans. Thanks to Jiri Popelka at Redhat, Marius Tomaschewski at SUSE, and Wei Kong at Novell, who all submitted patches. [ISC-Bugs #28761] [ISC-Bugs #31992] [ISC-Bugs #25428] [ISC-Bugs #31940] [ISC-Bugs #32935]
• Fixed a bug in OMAPI that causes omshell to crash when a name-value pair with a zero length value is shipped in an object. Thanks to Fernando Soto at BlueCat Networks for reporting the issue and supplying the patch. [ISC-Bugs #29108]

• On 64-bit platforms, dhclient now generates the correct value for the script environment variable, "expiry", the lease expiry value exceeds 0x7FFFFFFF. Prior to this such values would produce negative values for expiry in the script environment. [ISC-Bugs #43326]

• Common timer logic was modified to cap the maximum timeout values at 0x7FFFFFFF - 1. Values larger than that were causing fatal timer out of range errors on 64-bit platforms. Thanks to Jiri Popelka at Red Hat for reporting the issue. [ISC-Bugs #28038]

• DHCP6 FQDN option unpacking code now correctly handles values that contain spaces, special, or non-printable characters. Prior to this the buffer size needed was underestimated causing a conversion error message to be logged and DNS updates to be skipped. Thanks to Fernando Soto at BlueCat Networks for bringing the matter to our attention. [ISC-Bugs #43592]

• When running in -6 mode, dhclient can enforce the require option statement and will discard offered leases that do not contain all the required options specified in the client configuration. If not enabled the client will still consider such leases. This must be enabled at compile time (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h). Thanks to Mritunjaykumar Dubey at Nokia for reporting the issue. [ISC-Bugs #41473]

• Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit OS systems when using -1 or large values for default-lease-time. Rollover values will be replaced with 0x7FFFFFFF - 1. This alleviates unintentionally short expiration times being handed out when infinite lease times (-1) in conjunction with failover. Our thanks to Alessandro Gherardi for bringing the issue to our attention. [ISC-Bugs #41976]

• Added new compile time option --with-srv-conf-file which specifies a default location of the server configuration file. [ISC-Bugs #44765]

• Added --dad-wait-time parameter to dhclient. It specifies the maximum time, in seconds, that the client process should wait for the duplicate address detection to complete before initiating DHCP requests. This value is propagated to the dhclient script and the script is responsible for waiting the specified amount of time or until DAD has completed. If the script does not support it, specifying this parameter has no effect. The default value is 0 which specifies that the script should not wait for DAD. With this change the following scripts have been modified to support the new parameter: freebsd, linux, macos, netbsd, openbsd. [ISC-Bugs #36169]

• The server nows checks both the address and length of a prefix delegation when attempting to match it to a prefix pool. This ensures the server responds properly when pool configurations change such that once valid, "in-pool" delegations are now treated as being invalid. During lease file loading at startup, the server will discard any PD leases that are deemed "out-of-pool" either by address or mis-matched prefix length. Clients seeking to renew or rebind such leases will get a response of No Binding in the case of the former, and the prefix delegation with lifetimes set to zero in the case of the latter. Thanks to Mark Nejedlo at TDS Telecom for reporting this issue. [ISC-Bugs #35378]

• Modified DDNS support initialization such that DNS related ports will only be opened by the server (dhcpd) at startup if ddns-update-style is not "none"; by dhclient only if and when the it first attempts an update; and never by dhcrelay. Prior to this all three always did the initialization at startup which causes them to always open on and listen for traffic on two random ports. Thanks to Rodney Beede for reporting this issue. [ISC-Bugs #45290] [ISC-Bugs #33377]

• Added error logging to two memory allocation failure checks. Thanks to Bill Parker (wp02855 at gmail dot com) for reporting the issue. [ISC-Bugs #41185]

• Corrected a dhclient -6 issue that caused the client to crash with an "Impossible condition" error after de-preferencing its only IA binding. The crash occurred when server configuration changes rendered the existing binding out-of-range and no other leases were available to offer. Thanks to Pierre Clerissi for bringing this issue to our attention. [ISC-Bugs #44373]

• By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will now call the script with reason set to FAIL when run with -1 (one try) and there are no server responses. This applies to IPv4 mode only. Thanks for a patch by Martin Pitt which got to us via Andrew Pollock. [ISC-bugs #18183]

• The server now detects failover peers that are not referenced in at least one pool when run with the command line option for test mode, -T. Prior to this the check was performed too far down stream to be detected in test mode. [ISC-Bugs #29892]

• Linux script updated. The script is now based on Debian version. It uses ip tool from iproute2 package and ifconfig is no longer used. This also addresses an issue of calling arping with inappropriate parameter. [ISC-bugs #19430] [ISC-bugs #18111]

• Changed severity of the log message indicating UDP checksum errors in the received packets from 'info' to 'debug' to avoid logging excessive number of false positives when UDP checksum offloading is enabled. [ISC-bugs #41757]

• The directory minires has been removed from the source tree. It has long been obsolete for branches other than v4_1_esv. Additionally, includes/minires.h was renamed includes/ns_name.h. [ISC-bugs #45471]

• Replaced ifconfig parameters "add" and "delete" with "alias" and "-alias" for IPv6 mode in the client scripts, netbsd and openbsd. This was preventing IPv6 addresses from being added or removed from interfaces. Thanks to Tim Dean for reporting this issue. [ISC-bugs #31573]

[bdubbs@…]

Fixed at revision 18991.