Handle DHCPINFORM from clients behind a DHCP relay.

The dhcpinform() function has assumed that ciaddr matches the packet's
IP source address and didn't consider a relay, such as dhcrelay(8) -
indicated by giaddr, has forwarded the request.

Tested by landry@
OK krw@

Add 'echo-client-id' statment, so that RFC 6842 behaviour can be
turned off for those clients and networks that find it impossible to
move past RFC 2131. Modelled on the same statement in recent ISC
versions, though we default to 'on' (a.k.a. RFC 6842) rather that
'off' (a.k.a. RFC 2131).

Problems reported by Bastien Durel (Xerox Phaser 6022 printer) and
Bryan Vyhmeister (Hon Hai Precision router) via misc@. Thanks!

branches: 1.55.4;
Eliminate pointless'%m' (a.k.a. hand rolled strerror()) by using fatal() and
log_warn(). Zap a couple of explicit 'syslog()' calls.

Adjust some long lines.

Switch from old errwarn.c logging to shiny new log.[ch].

ok benno@

Compare server-identifiers and reject packets only *after* applying
value specified in dhcpd.conf.

i.e. don't assume it is always the primary address of the interface
the packet arrived on.

Fixes issues with redundant dhcpd servers and CARP'd interfaces.

Issue reported and fix tested by Johan Huldtgren

client_identifier is not a string so using strlen() on it is
inappropriate. Which is why client_identifier_len exists.

Replace copy&pasted strlen() with client_identifier_len.

Symptoms (crash) and cause (bad c&p) spotted by sthen@.

tested & ok sthen@

Stop pretending we use RFC 3046/Option 82/Relay Agent Information.

RFC 3042 says servers that do not understand the option will not
echo it.

Plus, our desultory attempt at echoing was almost certainly broken
for OFFERs (use after free of packet data) and not even attempted
for NACKs.

ok millert@

Add support for RFC 6842. RFC 2131 said the server MUST NOT echo
the client-identifier value. RFC 6842 says the server MUST echo it.

Echoing the information disambiguates packets for relays and clients
when chaddr is 0. Similar to what dhcpv6 does.

Use consistant idiom (intermediate variable 'i' rather than repeated
uses of very long #define names) to access option data in nak_lease()
and ack_lease().

Shortens a lot of lines, which allows a number of line splits to
be eliminates.

Makes some upcoming diffs easier to integrate.

No intentional functional change.

Zap stray whitespace.

Don't leak the option data of non-DHCPINFORM messages received on
the udp socket.

Found by David Carlier.

ok yasuoka@

Eliminate #include inside *.h files and include only needed headers in
each *.c file.

Inspired by mention of header silliness by Edgar Pettijohn and mmcc@
on tech@.

remove NULL-checks before free()

stdlib.h is in scope; do not cast malloc/calloc/realloc*
ok millert krw

Avoid using inet_ntoa() twice in a single printf() parameter list
by caching the results from excess inet_ntoa() calls before doing
the printf(). Should improve usefullness (?) of DHCPRELEASE log
entries by actually printing ciaddr and giaddr correctly when
dhcprelays stand between servers and clients.

Looks good to dlg@.

Tweak the the DHCPACK to DHCPINFORM log entry so that it is
less threatening and more informative.

e.g.

DHCPACK on <null address> to 5c:51:4f:56:81:c3 via em0

changes to

DHCPACK to 192.168.19.62 (3c:97:0e:0c:0c:d7) via em0

Issue noted and diff tested by Marc Peters. Thanks!

ok yasuoka@ millert@

Typo: consitent -> consistent.

validate len field for proper length, not just "not zero."

ok krw@

Fix DHCPINFORM not to lookup the lease database, not to fill the yiaddr
field and not to include the lease time parameters.

ok krw

Add -u option to bind UDP port as a socket to answer DHCPINFORM from
the clients on non ethernet interfaces (eg. tun(4) or pppx(4)).

input krw
ok krw

send_packet() and writev() return ssize_t, not int. Use correct
type to store the returned value. From dhill.

RFC 2131 4.3.1 seems clear that a server MUST NOT include the
client-identifier option in OFFER or ACK messages. So stop
doing so.

RFC 2131 says don't ACK any REQUEST messages that contain a
server-identifier option that specifies a different dhcp server.

So don't.

Pointed put and fix tested by Andy via bugs@

Obey RFC 2131 and when the broadcast flag is set send reply back
via udp broadcast and link-local broadcast. Not udp broadcast to
link address of client. Fixes at least some switches who
use the broadcast flag.

Bug submitted by Andy via bugs@, and fix tested by same. Thanks!

ok beck@

Initialize 'flags' field of tree_cache stack variables to 0. Paranoia.

Always put server id in NAK's to requests. Some router/switches
need this, as reported in PR#6339.

Fix tested by submitter, Marcel Widget, who also supplied the diff
that I tweaked.

ok beck@

Eliminate all uses of dmalloc() where the returned pointer
is checked for NULL and a specific error/warning issued. Add
two such manual warning/error checks and kill those dmalloc
calls. And then there were none, so kill dmalloc(). Whew.

Eliminate all uses of dfree() where the pointer is either dereferenced
immediately before the use or the pointer is checked for NULL before
the call. And then there were none, so kill dfree().

Echo back the Relay Agent Information option if present (RFC 3046).
Also add support for the "ipsec-tunnel" hardware type as described in
RFC 3456.

ok henning@ krw@ (but needs more testing from others)

Initial stab at DHCPINFORM support. OK phessler@

Add synchronisation support for dhcpd - this allows for two dhcpd's
with the same configuration to be run on the same net and they will
keep their lease files/state in synch, and therefore allowing you to
run redundant dhcpd's. Synchronization code stolen from spamd, uses
an hmac key in /var/db/dhcpd.key if it exists.
ok krw@ deraadt@

small KNF

Move the transmission of privsep messages into its own function. Wherever
we might have conditionally sent a message, we now just call the pfmsg()
function, and let it figure out whether the message should be sent or not.

ok henning

This diff makes dhcpd able to manipulate pf tables on certain lease events.

dhcpd is now able to place abandoned addresses into a table (to offer some
protection against machines camping on an address) and remove them from the
table if they are properly leased.

When dhcpd assigns an IP to a new hardware address, it can remove that
address from a table. This is for use with the overload table in pf; newly
arrived machines will not be punished for the actions of a machine that
went away.

beck@ and krw@ liked previous versions of this, henning@ final ok

KNF. No binary change.

tiny bit of delinting; ok krw@

fix problem of dhcp server looping with "already acking lease"
when busy with short lease times. Fix by and discussed with millert
over a year ago, run at u of a for over a year, but never committed.
ok millert@ cloder@

Be a bit more paranoid about leases that are currently acked. There is a
small window where it is possible that a lease is acked and simultaniously
removed and so the state is not removed. This may be a cause for the
"already acking" issue. OK millert@

Simply use the ethernet source address of the request as new ethernet
destination instead of the one included in the dhcp packet. Especially
because there are to many cases where the supplied address is wrong.
This hopefully solves all problems with gateways involved, like the
one reported by Dylan Martin.
OK krw@ henning@ millert@

Fix memory leak when supersede_lease() fails and it is a DHCPACK
or a dynamic BOOTREPLY offer. OK claudio@

Bah, unbreak. from not form. Noticed by Dan Harnett.

Set correct source address for relayed packets. This affects only setups that
use 'next-server' config option. From Hans Kremers. OK henning@

avoid aliasing with libc functions; ok henning

Remove the not initialized fallback_interface code and use the normal bpf
interface for that. Also store the hardware (ethernet) address in the state
so that relayed dhcp request are sent to the correct destination.
OK henning@ requested by deraadt@ tested otto@

typo; From: Andrey Matveev <andrushock@korovino.net>

remove DEBUG_PACKET stuff; henning ok

remove things not used, spotted by lint mostly; ok henning

filter writes and lock bpf descriptor, ok henning@

$OpenBSD$

Catch negative lease times. From openbsd@nerd-marrow.com in PR 2888,
which this closes (though the PR was for usr.sbin/dhcpd/server/).

ok henning@

spacing

various knf; henning ok

a bunch of knf, ok henning

spaces

time_t and kill a few dumb defines

may the whacking begin