dhclient: remove the need to patch static values
ClosedPublic
Actions

Authored by franco_opnsense.org on Aug 11 2021, 7:40 AM.

Details

Reviewers

kevans
markj

Commits

rG5851803f4bca: dhclient: remove patching of static values in BPF programs

Summary

Imported into FreeBSD from OpenBSD 3.7. Imported in 2004 from
ISC DHCP... Looks like the patching was part of templating for
different things, sort of see:

https://gitlab.isc.org/isc-projects/dhcp/-/blob/master/common/bpf.c

At least we know the BPF filter values should be given in host
order and apparently the whole thing keeps working.

While here enable the IP_MF bit during receiving which seems to be
more consistent.

Test Plan

Running in production in OPNsense 21.7 for two weeks. Requires
another dhclient(1) test on a CURRENT build.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

franco_opnsense.org created this revision.Aug 11 2021, 7:40 AM

Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptAug 11 2021, 7:40 AM

franco_opnsense.org requested review of this revision.Aug 11 2021, 7:40 AM

Harbormaster completed remote builds in B40983: Diff 93528.Aug 11 2021, 7:40 AM

franco_opnsense.org added reviewers: kevans, markj.Aug 18 2021, 6:41 AM

Seems ok to me overall.

At least we know the BPF filter values should be given in host
order and apparently the whole thing keeps working.

Are you sure it worked before? I see that BPF_LD will unconditionally byte-swap the loaded value into A, so on little-endian systems will convert it to host order. Then a subsequent JMP will compare the immediate value with A. So passing in host order is correct, and on big-endian systems BPF filters look to be somewhat broken...

sbin/dhclient/bpf.c
108	Did you consider making these tables const? You would have to write: p.bf_insns = __DECONST(struct bpf_insn *, dhcp_bpf_wfilter); below, but that is worth it IMO.

constify filters and avoid static length variables

Harbormaster completed remote builds in B41118: Diff 93901.Aug 18 2021, 7:58 PM

OpenBSD added the single htons() while adding write filter, but nowhere else. I suspect the fragmentation check is mostly correct so this doesn't matter in the real world.

From the ISC bpf.c I can see no htons() but two ntohs() calls for port definitions that are initialised as:

local_port = htons(67);

If there is an issue with bpf on big endian it should probably be fixed closer to bpf code, but it doesn't seem this way (port filters likely work on big endian as a fundamental assumption for lack of reports)?

sbin/dhclient/bpf.c
108	Agreed, went a little further by inlining the length vars.

In D31502#712599, @franco_opnsense.org wrote:

OpenBSD added the single htons() while adding write filter, but nowhere else. I suspect the fragmentation check is mostly correct so this doesn't matter in the real world.

From the ISC bpf.c I can see no htons() but two ntohs() calls for port definitions that are initialised as:

local_port = htons(67);

If there is an issue with bpf on big endian it should probably be fixed closer to bpf code, but it doesn't seem this way (port filters likely work on big endian as a fundamental assumption for lack of reports)?

Indeed, BPF_LD doesn't byte-swap, I just misread.

This revision is now accepted and ready to land.Aug 18 2021, 8:30 PM

Closed by commit rG5851803f4bca: dhclient: remove patching of static values in BPF programs (authored by franco_opnsense.org, committed by markj). · Explain WhyAug 19 2021, 1:13 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG5851803f4bca: dhclient: remove patching of static values in BPF programs.