Page MenuHomeFreeBSD

Import dhcpcd(8) version 8.1.0 into FreeBSD base.
Needs ReviewPublic

Authored by woodsb02 on Oct 13 2019, 6:07 PM.

Details

Summary

Import dhcpcd(8) version 8.1.0 into FreeBSD base.

This introduces DHCPv6 functionality to FreeBSD, and when used can also replace dhclient(8) and rtsol(8).

This exists in parallel with both of these existing tools, which continue to be the default. This can be changed by:

  • setting dhcp_client="dhcpcd" in /etc/rc.conf
  • removing rtsold_enable from /etc/rc.conf
  • removing ifconfig_em0_ipv6="inet6 accept_rtadv" from /etc/rc.conf
  • enabling dhcpcd(8) using one of the two methods below

Once set as the default, dhcpcd(8) can be used in 2 different modes:

  1. Master mode - by setting dhcpcd_enable="YES" in /etc/rc.conf. This will enabled dhcpcd(8) for all network interfaces (except those that cannot utilise DHCP - such as firewire, tap and bridge). By default, dhcpcd(8) will try to configure DHCPv4 and DHCPv6. Consider modifying dhcpcd.conf(5) to further configure per interface settings in this mode.
  2. Interface mode - by setting the following parameters in /etc/rc.conf: ifconfig_em0="DHCP" ifconfig_em0_ipv6="DHCP" Setting these will enable DHCPv4 and DHCPv6 respectively on the specified interface. These can be set independently of each other. dhcpcd_enable should not be set in this mode (it defaults to "NO").

Future improvements which could be made to FreeBSD to improve dhcpcd(8):

  • addition of address flags and process id to ifa_msghdr
  • kernel does not support route message filtering
  • kernel does not allow IPv6 address sharing
  • No SIOCGIFALIAS support
  • cannot detect route socket overflow within kernel
  • kernel does not report IPv6 address flag changes
  • kernel does not support userland sending ND6 advertisements

Future improvements which could be made to dhcpcd(8) to improve security on FreeBSD:

  • privilege separation
  • capsicumize
Test Plan

ifconfig_em0="DHCP" enables DHCPv4 only on interface em0.
ifconfig_em0_ipv6="DHCP" enables DHCPv6 only on interface em0.
dhcpcd_enable="YES" enables both DHCPv4 and DHCPv6 on all interfaces.

In addition to the normal review cycle, given I am only a ports committer (I don’t have a src commit bit), I will need this to be endorsed and approved by a src committer.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 27018
Build 25307: arc lint + arc unit

Event Timeline

woodsb02 retitled this revision from Import dhcpcd(8) into FreeBSD base. to Import dhcpcd(8) version 8.1.0 into FreeBSD base..Oct 13 2019, 6:10 PM
woodsb02 edited the summary of this revision. (Show Details)
woodsb02 edited the test plan for this revision. (Show Details)
In D22012#480875, @imp wrote:

Where was this discussed?

Hi Warner, this is in discussion on the freebsd-net mailing list.
https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054474.html

I didn't see you address Brooks' objection in the posted thread. given the extreme level of exposure here, it needs to be answered satisfactorily

Thank you for doing this work, @woodsb02!

Could we import this as "experimental" in 13.0 like you suggest and slate dhclient and rtsol for removal in 14.0? It makes little sense to have two IPv4 DHCP clients in base.

It would be great if we could make dhcpcd the default in 13.x somewhen already.

bcr added a subscriber: bcr.

OK for the man page part of the change.

Thank you for doing this work, @woodsb02!

Could we import this as "experimental" in 13.0 like you suggest and slate dhclient and rtsol for removal in 14.0? It makes little sense to have two IPv4 DHCP clients in base.

It would be great if we could make dhcpcd the default in 13.x somewhen already.

+1

lwhsu added a subscriber: lwhsu.
In D22012#480886, @imp wrote:

I didn't see you address Brooks' objection in the posted thread. given the extreme level of exposure here, it needs to be answered satisfactorily

I believe all objections have long since been addressed in dhcpcd-9, the latest release being dhcpcd-9.4.0
The level of privilege separation and capsicum integration now far surpases how it's done in dhclient.

I think it might help the discussion to update the review here to the latest version?

sbin/dhcpcd/Makefile
24

This will need MK_INET (and below MK_INET6 checks so one can compile out one or the other protocol family)

75

I may be wrong but normally we do generate these files on import rather than on every build?

sbin/dhcpcd/Makefile
75

I may be wrong but normally we do generate these files on import rather than on every build?

Newer dhcpcd sports an import-src target which sets up headers and sources for import to avoid generation but leaves hooks and manual pages intact.

I can easily adjust the target to include the manual pages but I would need to review the hooks first, but should be doable.

sbin/dhcpcd/Makefile
75

This has now been improved upstream here:
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=b29f653581bfd327a0a49c1015e8759dafc1cd1b
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=55df1b68f64049974ba7625553a1c8d72a20f716

So you could import like so:
./configure
make import-src DESTDIR=/usr/src/contrib/dhcpcd

Just ensure that any specific path changes you need other than the default are given, and ideally let me know so I can change the defaults.

ISC DHCP client/relay end of maintenance:

Note that we use OpenBSD's dhclient version, not ISC's. There's common ancestry, but OpenBSD's has been developed independently for some time. Using dhcpcd may well be the right thing to do for the FreeBSD base system, but ISC's announcement has no real weight on that.