Bug #1022

dhcp from OpenBSD

Added by voroskoi over 6 years ago. Updated about 6 years ago.

Status:ClosedStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hi,

I have continued Matthias' work
(http://leaf.dragonflybsd.org/mailarchive/submit/2008-03/msg00025.html)
on porting dhclient, dhcrelay and dhcpd. They build now, but i've only
tested dhclient.

http://gitorious.org/projects/dfly-dhcp

I'm aware of Chris' problem with it
(http://leaf.dragonflybsd.org/mailarchive/submit/2008-03/msg00029.html)
and I am willing to fix it later.

But here comes my problem: Do we really want dhcrelay and dhcpd in the src tree?
Well, dhclient is necessary for sure, but you can install dhcpd and
dhcrelay from the pkgsrc tree. Having those in out tree just makes the
tree bigger. Also pkgsrc reacts faster when security related issues
comes up and the user base is also bigger.
So if I should run a dhcpd server for some reason i would use the one in pkgsrc.

On the other hand dhcpd and dhcrealy from OpenBSD has nice privilege
separation which can be useful.

So, please let me know if you are interested in this work at all. I do
not want to go further if you agree with the removal.

Have a nice day!

History

#1 Updated by erik-wikstrom over 6 years ago

Might it be possible to have the best of two worlds and get the OpenBSD
dhcpd and dhcrelay into pkgsrc?

#2 Updated by mneumann over 6 years ago

VOROSKOI Andras wrote:
> Hi,
>
> I have continued Matthias' work
> (http://leaf.dragonflybsd.org/mailarchive/submit/2008-03/msg00025.html)
> on porting dhclient, dhcrelay and dhcpd. They build now, but i've only
> tested dhclient.

FYI NetBSD just commited dhcpcd 4.0.0-beta5 [1], an alternative dhcp
client, to their source tree (into src/dist). Maybe it's worth to
evaluate this as well.

[1]: http://roy.marples.name/dhcpcd

#3 Updated by voroskoi over 6 years ago

I can hardly image that. OpenBSD does not create portable versions of
those programs, so you end up in a bringing in changes from OpenBSD
and updating porting patches circle. So that is even more work than
simply add it to our tree. I do not want to do that.

#4 Updated by joerg over 6 years ago

Besides the maintaince hassle, I don't see any point in that.

Joerg

#5 Updated by voroskoi over 6 years ago

On Sun, May 25, 2008 at 5:14 PM, Michael Neumann
<> wrote:
>
> FYI NetBSD just commited dhcpcd 4.0.0-beta5 [1], an alternative dhcp
> client, to their source tree (into src/dist). Maybe it's worth to
> evaluate this as well.
>
> [1]: http://roy.marples.name/dhcpcd

Well, it's simple and small, so why not? I have added this one too to
the dfly-dhcp tree and I'll play with it.
It comes with regular releases which seems to easier to follow than
the OpenBSD CVS tree.

#6 Updated by dillon over 6 years ago

Ok, let me see if I understand the state of affairs, please tell me if
this is correct:

* dhclient ported, intended for base system. Here I am agreeing that
it would be an unnecessarily complex effort to try to turn it into
a pkgsrc package. It should simply be directly ported into our base
system, which is what Andras has done.

* dhcpd and dhcrelay exist in pkgsrc and work? Did I understand that
correctly? If so then I agree that they should NOT be placed in the
base system but should simply be used from pkgsrc.

* With regards to OpenBSD's new dhcpcd 4.0.0-beta5, my recommendation
is that we not worry about it at the moment but I'd like to see what
Andras thinks about it after taking a quick look, since he is
currently our point man with the dhcp work.

At the moment I think that the current dhclient work by Matthias and
Andras should be brought into the base system. It represents a great
deal of effort by two individuals and should not go to waste. If at some
later point the new privilage-separated code from OpenBSD becomes a
clear winner we can always port that, but we do not want to get into
the situation where we string along our porters with ever-new versions
of dhcp. That would be a bit unfair :-)

-Matt
Matthew Dillon
<>

#7 Updated by joerg over 6 years ago

Yes. It is a current version and regulary updated.

s/OpenBSD/NetBSD/

I've done the review and import of the code. It still needs some
polishing work to integrate it, but it is nice, small code.
E.g. the dhclient binary is 6x larger than dhcpcd :-)

I'm not convinced that privilege separation is buying much for a dhcp
server, but I haven't bothered to check which parts are having what
priveleges.

Joerg

#8 Updated by voroskoi over 6 years ago

On Sun, May 25, 2008 at 11:14 PM, Matthew Dillon
<> wrote:
> * dhcpd and dhcrelay exist in pkgsrc and work? Did I understand that
> correctly? If so then I agree that they should NOT be placed in the
> base system but should simply be used from pkgsrc.

So we agree in that. I'll send patches for these removals when
dhclient is ready.

The OpenBSD code is a rewrite of the ISC dhclient, so works the same
way most the time. I mean the config files and so.
OTOH dhcpcd is a clean, fresh code with regular releases. I think
having regular releases makes it easier to maintain the code. But I'm
not sure the config method is the same, also the binary name is
different so we should adjust our rc files to use it.

To make it clear: Matthias ported dhclient from OpenBSD and I used his
work with a newer version. So the dhclient one is the privilege
separated.

The dhcpcd client is Roy Marples' work and NetBSD just use the code.
As for now I think dhcpcd would suit for us as we can keep it in
contrib and update it on releases. But I do not want to make final
statement till I check them both. I think we are not in a rush.

#9 Updated by matthias over 6 years ago

Hi,

sorry for the last reply. Was kinda "busy" over the weekend ;-)

Nah, IIRC we agreed on removing these two from the base. Only the
OpenBSD dhclient with priv-sep should stay. The remaining problem (as
you mentioned) was that simply removing our current dhclient breaks the
build. Removing all of our current dhcp stuff fixes the build, but we
lose the possibility to use dhcpd on our live cd.

So, we should get the pkgsrc dhcpd on our live CD and then do the rest.
I prepared http://leaf.dragonflybsd.org/~matthias/nrelease.diff some
time ago. This should fix the live CD problem, but I never tested an
installation, so it would be nice if someone could do this ...

ACK. dhcpd 4.x.x from pkgsrc works like a charm.

Sure, go ahead.

Regards

Matthias

#10 Updated by dillon over 6 years ago

:So, we should get the pkgsrc dhcpd on our live CD and then do the rest.
:I prepared http://leaf.dragonflybsd.org/~matthias/nrelease.diff some
:time ago. This should fix the live CD problem, but I never tested an
:installation, so it would be nice if someone could do this ...

How about further enhancing that patch to actually include and
install those packages on the live-cd? It should just be a matter
of generating the binary packages and including them in the nrelease
build.

-Matt
Matthew Dillon
<>

#11 Updated by voroskoi over 6 years ago

On Mon, May 26, 2008 at 7:48 PM, Matthew Dillon
<> wrote:
> How about further enhancing that patch to actually include and
> install those packages on the live-cd? It should just be a matter
> of generating the binary packages and including them in the nrelease
> build.

Do we really want these in the nrelease build? I mean there is a GSoC
for a LiveCD/DVD with all the fancy stuff.

Anyway do you mean something like this?
http://frugalware.org/~voroskoi/dfly/nrelease.diff
Or I've misunderstood you?

Btw, here is my latest version of dhclient patch:
http://frugalware.org/~voroskoi/dfly/dhclient.diff
Note that this is > 3.1Mb

The patch includes the following:
- removes dhcp-3.0 from contrib
- removes usr.sbin/{dhcrelay,dhcpd}
- adds dhclient from OpenBSD as of 2008. May 26.
- some trivial warning fixes from me
- add _dhcp user to:
- etc/ftpusers
- etc/group
- etc/mail/aliases
- etc/master.passwd

That's all I think. I'm not sure that simply adding the line to these
files is enough as I had to edit my /etc/master.passwd with vipw(8)

voroskoi ~/git/dfly $ ps aux |grep dhclient
root 203 0.0 0.0 504 16 con- IL 12:31PM 0:00.00
dhclient: vr0 [priv] (dhclient)
_dhcp 217 0.0 0.0 532 60 ?? ILs 12:31PM 0:00.17
dhclient: vr0 (dhclient)

Seems to work. But we should fix the nrelease problem too, so it's not
in final state. Also let me know if you find any problem with it!

Have a nice day!

#12 Updated by hasso about 6 years ago

Committed.

Also available in: Atom PDF