configure.ac
removed --enable-secs-byteorder support
includes/dhcpd.h
added SV_CHECK_SECS_BYTE_ORDER
includes/failover.h
added extern int check_secs_byte_order
server/dhcpd.c
postconf_initialization() - added logic to
set check_secs_byte_order
server/failover.c
load_balance_mine() - replaced conditional comp
directives with runtime test of check_secs_byte_order
Added release note and updated man page.
Add support for manipluating the queues holding leaes for time
based events (free, backup, active, expired, abandoned and reserved)
via a binary search instead of walking through the linked list.
Patch for 36810 & 20352
This coves several related problems
1) When the primary is in conflict done it allows the secondary to
transition around resolution interrupted and potentical conflict previously
the primary would die on an illegal state.
2) It allows the servers to restart a bind update request. Previously if
one of the servers sent an udpate request and there died (or had the communications
interrupted) in some states the first server wouldn't retransmit a new
update request and the other server wouldn't send any bind updates. This
was noticed in potential conflict.
3) Updated the state transitions to move the leases on the ack queue
back to the update queue in case of conflict-done as we might need to
retransmit them all.
4) Updated a transition from startup to potentical conflict instead
of resolution interrupted when the servers reconnect during the startup
phase in order to avoid a diffferent dead lock.
Emit a log message when the server had completed initialization
and is about to start dispatching. And emit log messages when
both peers in a failover pair have reached the normal state.
[ISC-Bugs #26108]
Add a compile time option, enable-secs-byteorder, to deal with
clients that do the byte ordering on the secs field incorrectly.
This field should be in network byte order but some clients
get it wrong. When this option is enabled the server will examine
the secs field and if it looks wrong (high byte non zero and low
byte zero) swap the bytes. The default is disabled. This option
is only useful when doing load balancing within failover.
[rt30320]
When processing a failover request with an unexpected name
create an option block the relationship_name instead of using
the one from the incoming message. This avoids problems when
the option is freed.
Also add code to free the relationship_name from the incoming
mesasage when we free the message.
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the txt and ptr records
weren't removed from the DNS.
[ISC-BUGS #27858]
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
[ISC-Bugs #27078]
CVE: CVE-2011-4868
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. [ISC-Bugs #22679]
CERT: VU#159528 CVE: CVE-2010-3616
which permits a DHCP server operating in communications-interrupted state
to 'rewind' a lease to the state most recently transmitted to its peer,
greatly increasing a server's endurance in communications-interrupted.
This is supported using a new 'rewind state' record on the dhcpd.leases
entry for each lease. [ISC-Bugs #19601]
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding scopes
will now be removed if a change in identity of a lease's active client is
detected, rather than simply if a lease is noticed to have expired (which it
may have expired without a failover server noticing in some situations).
[ISC-Bugs #19826b]
environments where DHCP servers can be reasonably guaranteed to be
"down" when the failover TCP socket is severed, "auto-partner-down".
This parameter is not generally safe, and by default is disabled, so
please carefully review the documentation of this parameter in the
dhcpd.conf(5) manpage before determining to use it yourself.
[ISC-Bugs #19600]
in scheduling a failover reconnection, if the link had not negotiated a
failover connect yet (e.g.: connection refused, asynch socket connect()
timeouts). [ISC-Bugs #19684]
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state. [ISC-Bugs #19548]
- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h. [ISC-Bugs #19548]
high frequency messages moved to a deeper debugging symbol.
- The CLTT parameter in failover is now only updated by client activity,
and not by failover binding updates (taking on the peer's CLTT).
- Failover BNDUPD messages are now discarded if they conflict with an
update that has been trasnmitted, but not acknowledged.
[ISC-Bugs #17577c]
version 3.0.x failover server, a warning that the failover wire protocol
is incompatible is printed. [ISC-Bugs #17129]
- The failover server no longer issues a floating point error if it encounters
a previously undefined option code. [ISC-Bugs #17129]
was repaired. [ISC-Bugs #17228]
- A flaw in failover pool rebalancing that could cause POOLREQ messages to
be sent outside of the min-balance/max-balance scheduled intervals has
been repaired. [ISC-Bugs #17228]
