Commit 0af5df0e authored by Shawn Routhier's avatar Shawn Routhier
Browse files

[v4_1_esv]

[ISC-Bugs #26108]
Add a compile time option, enable-secs-byteorder, to deal with
clients that do the byte ordering on the secs field incorrectly.
This field should be in network byte order but some clients
get it wrong.  When this option is enabled the server will examine
the secs field and if it looks wrong (high byte non zero and low
byte zero) swap the bytes.  The default is disabled.  This option
is only useful when doing load balancing within failover.
parent 98212f38
......@@ -153,6 +153,11 @@ system; otherwise, it will complain. If it can't figure out what
system you are using, that system is not supported - you are on
your own.
Several options may be enabled or disabled via the configure command.
You can get a list of these by typing:
./configure --help
DYNAMIC DNS UPDATES
A fully-featured implementation of dynamic DNS updates is included in
......
......@@ -63,6 +63,15 @@ work on other platforms. Please report any problems and suggested fixes to
freed in other cases.
[ISC-Bugs #30320]
- Add a compile time option, enable-secs-byteorder, to deal with
clients that do the byte ordering on the secs field incorrectly.
This field should be in network byte order but some clients
get it wrong. When this option is enabled the server will examine
the secs field and if it looks wrong (high byte non zero and low
byte zero) swap the bytes. The default is disabled. This option
is only useful when doing load balancing within failover.
[ISC-Bugs #26108]
Changes since 4.1-ESV-R6
- Existing legacy unit-tests have been migrated to Automated Test
......
......@@ -169,6 +169,17 @@ if test "$enable_use_sockets" = "yes"; then
[Define to 1 to use the standard BSD socket API.])
fi
# Try to hnadle incorrect byte order for secs field
# This is off by default
AC_ARG_ENABLE(secs_byteorder,
AC_HELP_STRING([--enable-secs-byteorder],
[Correct bad byteorders in the secs field (default is no).]))
if test "$enable_secs_byteorder" = "yes" ; then
AC_DEFINE([SECS_BYTEORDER], [1],
[Define to correct bad byteorders in secs field.])
fi
# Testing section
atf_path="no"
......
......@@ -5757,38 +5757,52 @@ int load_balance_mine (struct packet *packet, dhcp_failover_state_t *state)
struct data_string ds;
unsigned char hbaix;
int hm;
u_int16_t ec;
if (state -> load_balance_max_secs < ntohs (packet -> raw -> secs)) {
return 1;
ec = ntohs(packet->raw->secs);
#if defined(SECS_BYTEORDER)
/*
* If desired check to see if the secs field may have been byte
* swapped. We assume it has if the high order byte isn't cleared
* while the low order byte is cleared. In this case we swap the
* bytes and continue processing.
*/
if ((ec > 255) && ((ec & 0xff) == 0)) {
ec = (ec >> 8) | (ec << 8);
}
#endif
if (state->load_balance_max_secs < ec) {
return (1);
}
/* If we don't have a hash bucket array, we can't tell if this
one's ours, so we assume it's not. */
if (!state -> hba)
return 0;
if (!state->hba)
return (0);
oc = lookup_option (&dhcp_universe, packet -> options,
DHO_DHCP_CLIENT_IDENTIFIER);
memset (&ds, 0, sizeof ds);
oc = lookup_option(&dhcp_universe, packet->options,
DHO_DHCP_CLIENT_IDENTIFIER);
memset(&ds, 0, sizeof ds);
if (oc &&
evaluate_option_cache (&ds, packet, (struct lease *)0,
(struct client_state *)0,
packet -> options, (struct option_state *)0,
&global_scope, oc, MDL)) {
hbaix = loadb_p_hash (ds.data, ds.len);
evaluate_option_cache(&ds, packet, NULL, NULL,
packet->options, NULL,
&global_scope, oc, MDL)) {
hbaix = loadb_p_hash(ds.data, ds.len);
data_string_forget(&ds, MDL);
} else {
hbaix = loadb_p_hash (packet -> raw -> chaddr,
packet -> raw -> hlen);
hbaix = loadb_p_hash(packet->raw->chaddr,
packet->raw->hlen);
}
hm = state->hba[(hbaix >> 3) & 0x1F] & (1 << (hbaix & 0x07));
if (state -> i_am == primary)
return hm;
if (state->i_am == primary)
return (hm);
else
return !hm;
return (!hm);
}
/* The inverse of load_balance_mine ("load balance theirs"). We can't
......
......@@ -28,7 +28,7 @@ if HAVE_ATF
check: $(ATF_TESTS)
atf-run | atf-report
ATF_TESTS += dhcpd_unittests legacy_unittests hash_unittests
ATF_TESTS += dhcpd_unittests legacy_unittests hash_unittests load_bal_unittests
dhcpd_unittests_SOURCES = $(DHCPSRC)
dhcpd_unittests_SOURCES += simple_unittest.c
......@@ -46,6 +46,9 @@ hash_unittests_LDADD = $(DHCPLIBS) $(ATF_LDFLAGS)
legacy_unittests_SOURCES = $(DHCPSRC) mdb6_unittest.c
legacy_unittests_LDADD = $(DHCPLIBS) $(ATF_LDFLAGS)
load_bal_unittests_SOURCES = $(DHCPSRC) load_bal_unittest.c
load_bal_unittests_LDADD = $(DHCPLIBS) $(ATF_LDFLAGS)
endif
check_PROGRAMS = $(ATF_TESTS) $(TESTS)
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#include <config.h>
#include "dhcpd.h"
#include <atf-c.h>
/*
* Test the load balancing code.
*
* The two main variables are:
* packet => the "packet" being processed
* state => the "state" of the failover peer
* We only fill in the fields necessary for our testing
* packet->raw->secs => amount of time the client has been trying
* packet->raw->hlen => the length of the mac address of the client
* packet->raw->chaddr => the mac address of the client
* To simplify the tests the mac address will be only 1 byte long and
* not really matter. Instead the hba will be all 1s and the tests
* will use the primary/secondary flag to change the expected result.
*
* state->i_am => primary or secondary
* state->load_balance_max_secs => maxixum time for a client to be trying
* before the other peer responds
* set to 5 for these tests
* state->hba = array of hash buckets assigning the hash to primary or secondary
* set to all ones (all primary) for theses tests
*/
ATF_TC(load_balance);
ATF_TC_HEAD(load_balance, tc)
{
atf_tc_set_md_var(tc, "descr", "This test case checks that "
"load balancing works.");
}
ATF_TC_BODY(load_balance, tc)
{
struct packet packet;
struct dhcp_packet raw;
dhcp_failover_state_t pstate, sstate;
u_int8_t hba[256];
memset(&packet, 0, sizeof(struct packet));
memset(&raw, 0, sizeof(struct dhcp_packet));
packet.raw = &raw;
raw.hlen = 1;
raw.chaddr[0] = 14;
memset(hba, 0xFF, 256);
/* primary state */
memset(&pstate, 0, sizeof(dhcp_failover_state_t));
pstate.i_am = primary;
pstate.load_balance_max_secs = 5;
pstate.hba = hba;
/* secondary state, we can reuse the hba as it doesn't change */
memset(&sstate, 0, sizeof(dhcp_failover_state_t));
sstate.i_am = secondary;
sstate.load_balance_max_secs = 5;
sstate.hba = hba;
/* Basic check, primary accepted, secondary not */
raw.secs = htons(0);
if (load_balance_mine(&packet, &pstate) != 1) {
atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
}
if (load_balance_mine(&packet, &sstate) != 0) {
atf_tc_fail("ERROR: secondary accepted %s:%d", MDL);
}
/* Timeout not exceeded, primary accepted, secondary not */
raw.secs = htons(2);
if (load_balance_mine(&packet, &pstate) != 1) {
atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
}
if (load_balance_mine(&packet, &sstate) != 0) {
atf_tc_fail("ERROR: secondary accepted %s:%d", MDL);
}
/* Timeout exceeded, both accepted */
raw.secs = htons(6);
if (load_balance_mine(&packet, &pstate) != 1) {
atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
}
if (load_balance_mine(&packet, &sstate) != 1) {
atf_tc_fail("ERROR: secondary not accepted %s:%d", MDL);
}
/* Timeout exeeded with a large value, both accepted */
raw.secs = htons(257);
if (load_balance_mine(&packet, &pstate) != 1) {
atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
}
if (load_balance_mine(&packet, &sstate) != 1) {
atf_tc_fail("ERROR: secondary not accepted %s:%d", MDL);
}
}
ATF_TC(load_balance_swap);
ATF_TC_HEAD(load_balance_swap, tc)
{
atf_tc_set_md_var(tc, "descr", "This test case checks that "
"load balancing works with byteswapping.");
}
ATF_TC_BODY(load_balance_swap, tc)
{
#if defined(SECS_BYTEORDER)
struct packet packet;
struct dhcp_packet raw;
dhcp_failover_state_t pstate, sstate;
u_int8_t hba[256];
memset(&packet, 0, sizeof(struct packet));
memset(&raw, 0, sizeof(struct dhcp_packet));
packet.raw = &raw;
raw.hlen = 1;
raw.chaddr[0] = 14;
memset(hba, 0xFF, 256);
/* primary state */
memset(&pstate, 0, sizeof(dhcp_failover_state_t));
pstate.i_am = primary;
pstate.load_balance_max_secs = 5;
pstate.hba = hba;
/* secondary state, we can reuse the hba as it doesn't change */
memset(&sstate, 0, sizeof(dhcp_failover_state_t));
sstate.i_am = secondary;
sstate.load_balance_max_secs = 5;
sstate.hba = hba;
/* Small byteswapped timeout, primary accepted, secondary not*/
raw.secs = htons(256);
if (load_balance_mine(&packet, &pstate) != 1) {
atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
}
if (load_balance_mine(&packet, &sstate) != 0) {
atf_tc_fail("ERROR: secondary accepted %s:%d", MDL);
}
/* Large byteswapped timeout, both accepted*/
raw.secs = htons(256 * 6);
if (load_balance_mine(&packet, &pstate) != 1) {
atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
}
if (load_balance_mine(&packet, &sstate) != 1) {
atf_tc_fail("ERROR: secondary not accepted %s:%d", MDL);
}
#else
atf_tc_skip("SECS_BYTEORDER not defined");
#endif
}
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, load_balance);
ATF_TP_ADD_TC(tp, load_balance_swap);
return (atf_no_error());
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment