/usr/src/sbin/dhclient/dhclient.c

Bug Summary

File:	src/sbin/dhclient/dhclient.c
Warning:	line 649, column 41 Potential leak of memory pointed to by 'p'
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name dhclient.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sbin/dhclient/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/sbin/dhclient/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/sbin/dhclient/dhclient.c
1/*	$OpenBSD: dhclient.c,v 1.727 2022/07/02 17:21:32 deraadt Exp $	*/

3/*
* Copyright 2004 Henning Brauer <henning@openbsd.org>
* Copyright (c) 1995, 1996, 1997, 1998, 1999
* The Internet Software Consortium.    All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of The Internet Software Consortium nor the names
*    of its contributors may be used to endorse or promote products derived
*    from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
* CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This software has been written for the Internet Software Consortium
* by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
* Enterprises.  To learn more about the Internet Software Consortium,
* see ``http://www.vix.com/isc''.  To learn more about Vixie
* Enterprises, see ``http://www.vix.com''.
*
* This client was substantially modified and enhanced by Elliot Poger
* for use on Linux while he was working on the MosquitoNet project at
* Stanford.
*
* The current version owes much to Elliot's Linux enhancements, but
* was substantially reorganized and partially rewritten by Ted Lemon
* so as to use the same networking framework that the Internet Software
* Consortium DHCP server uses.   Much system-specific configuration code
* was moved into a shell script so that as support for more operating
* systems is added, it will not be necessary to port and maintain
* system-specific configuration code to these operating systems - instead,
* the shell script can invoke the native tools to accomplish the same
* purpose.
*/

56#include <sys/types.h>
57#include <sys/socket.h>
58#include <sys/stat.h>
59#include <sys/ioctl.h>
60#include <sys/uio.h>
61#include <sys/queue.h>

63#include <net/if.h>
64#include <net/if_types.h>
65#include <net/if_dl.h>
66#include <net/route.h>

68#include <netinet/in.h>
69#include <netinet/if_ether.h>

71#include <net80211/ieee80211.h>
72#include <net80211/ieee80211_ioctl.h>

74#include <arpa/inet.h>

76#include <ctype.h>
77#include <errno(*__errno()).h>
78#include <fcntl.h>
79#include <ifaddrs.h>
80#include <imsg.h>
81#include <limits.h>
82#include <paths.h>
83#include <poll.h>
84#include <pwd.h>
85#include <resolv.h>
86#include <signal.h>
87#include <stdint.h>
88#include <stdlib.h>
89#include <string.h>
90#include <syslog.h>
91#include <unistd.h>

93#include "dhcp.h"
94#include "dhcpd.h"
95#include "log.h"
96#include "privsep.h"

98char *path_dhclient_conf;
99char *path_lease_db;
100char *log_procname;

102int nullfd = -1;
103int cmd_opts;
104int quit;

106const struct in_addr inaddr_any = { INADDR_ANY((u_int32_t)(0x00000000)) };
107const struct in_addr inaddr_broadcast = { INADDR_BROADCAST((u_int32_t)(0xffffffff)) };

109struct client_config *config;
110struct imsgbuf *unpriv_ibuf;

112void		 usage(void);
113int		 res_hnok_list(const char *);
114int		 addressinuse(char *, struct in_addr, char *);

116void		 fork_privchld(struct interface_info *, int, int);
117void		 get_name(struct interface_info *, int, char *);
118void		 get_ssid(struct interface_info *, int);
119void		 get_sockets(struct interface_info *);
120int		 get_routefd(int);
121void		 set_iff_up(struct interface_info *, int);
122void		 set_user(char *);
123int		 get_ifa_family(char *, int);
124struct ifaddrs	*get_link_ifa(const char *, struct ifaddrs *);
125void		 interface_state(struct interface_info *);
126struct interface_info *initialize_interface(char *, int);
127void		 tick_msg(const char *, int);
128void		 rtm_dispatch(struct interface_info *, struct rt_msghdr *);

130struct client_lease *apply_defaults(struct client_lease *);
131struct client_lease *clone_lease(struct client_lease *);

133void state_reboot(struct interface_info *);
134void state_init(struct interface_info *);
135void state_selecting(struct interface_info *);
136void state_bound(struct interface_info *);
137void state_panic(struct interface_info *);

139void set_interval(struct interface_info *, struct timespec *);
140void set_resend_timeout(struct interface_info *, struct timespec *,
  void (*where)(struct interface_info *));
142void set_secs(struct interface_info *, struct timespec *);

144void send_discover(struct interface_info *);
145void send_request(struct interface_info *);
146void send_decline(struct interface_info *);
147void send_release(struct interface_info *);

149void process_offer(struct interface_info *, struct option_data *,
  const char *);
151void bind_lease(struct interface_info *);

153void make_discover(struct interface_info *, struct client_lease *);
154void make_request(struct interface_info *, struct client_lease *);
155void make_decline(struct interface_info *, struct client_lease *);
156void make_release(struct interface_info *, struct client_lease *);

158void release_lease(struct interface_info *);
159void propose_release(struct interface_info *);

161void write_lease_db(struct interface_info *);
162char *lease_as_string(char *, struct client_lease *);
163struct proposal *lease_as_proposal(struct client_lease *);
164struct unwind_info *lease_as_unwind_info(struct client_lease *);
165void append_statement(char *, size_t, char *, char *);
166time_t lease_expiry(struct client_lease *);
167time_t lease_renewal(struct client_lease *);
168time_t lease_rebind(struct client_lease *);
169void   get_lease_timeouts(struct interface_info *, struct client_lease *);

171struct client_lease *packet_to_lease(struct interface_info *,
  struct option_data *);
173void go_daemon(void);
174int rdaemon(int);
175int take_charge(struct interface_info *, int, char *);
176int autoconf(struct interface_info *);
177struct client_lease *get_recorded_lease(struct interface_info *);

179#define ROUNDUP(a)((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof
(long))	\
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
181#define	ADVANCE(x, n)(x += (((n)->sa_len) > 0 ? (1 + ((((n)->sa_len) - 1)
 | (sizeof(long) - 1))) : sizeof(long))) (x += ROUNDUP((n)->sa_len)(((n)->sa_len) > 0 ? (1 + ((((n)->sa_len) - 1) | (sizeof
(long) - 1))) : sizeof(long)))

183#define	TICK_WAIT0	0
184#define	TICK_SUCCESS1	1
185#define	TICK_DAEMON2	2

187static FILE *leaseFile;

189int
190get_ifa_family(char *cp, int n)
191{
struct sockaddr		*sa;
unsigned int		 i;

for (i = 1; i; i <<= 1) {
if ((i & n) != 0) {
	sa = (struct sockaddr *)cp;
	if (i == RTA_IFA0x20)
		return sa->sa_family;
	ADVANCE(cp, sa)(cp += (((sa)->sa_len) > 0 ? (1 + ((((sa)->sa_len) -
 1) | (sizeof(long) - 1))) : sizeof(long)));
}
}

return AF_UNSPEC0;
205}

207struct ifaddrs *
208get_link_ifa(const char *name, struct ifaddrs *ifap)
209{
struct ifaddrs		*ifa;
struct sockaddr_dl	*sdl;

for (ifa = ifap; ifa != NULL((void *)0); ifa = ifa->ifa_next) {
if (strcmp(name, ifa->ifa_name) == 0 &&
    (ifa->ifa_flags & IFF_LOOPBACK0x8) == 0 &&
    (ifa->ifa_flags & IFF_POINTOPOINT0x10) == 0 &&
    ifa->ifa_data != NULL((void *)0) && /* NULL shouldn't be possible. */
    ifa->ifa_addr != NULL((void *)0) &&
    ifa->ifa_addr->sa_family == AF_LINK18) {
	sdl = (struct sockaddr_dl *)ifa->ifa_addr;
	if (sdl->sdl_alen == ETHER_ADDR_LEN6 &&
	    (sdl->sdl_type == IFT_ETHER0x06 ||
	    sdl->sdl_type == IFT_CARP0xf7))
		break;
}
}

if (ifa == NULL((void *)0))
fatal("get_link_ifa()");

return ifa;
232}

234void
235interface_state(struct interface_info *ifi)
236{
struct ifaddrs			*ifap, *ifa;
struct if_data			*ifd;
struct sockaddr_dl		*sdl;
char				*oldlladdr;
int				 newlinkup, oldlinkup;

oldlinkup = LINK_STATE_IS_UP(ifi->link_state)((ifi->link_state) >= 4 || (ifi->link_state) == 0);

if (getifaddrs(&ifap) == -1)
fatal("getifaddrs");

ifa = get_link_ifa(ifi->name, ifap);
sdl = (struct sockaddr_dl *)ifa->ifa_addr;
ifd = (struct if_data *)ifa->ifa_data;

if ((ifa->ifa_flags & IFF_UP0x1) == 0 ||
   (ifa->ifa_flags & IFF_RUNNING0x40) == 0) {
ifi->link_state = LINK_STATE_DOWN2;
} else {
ifi->link_state = ifd->ifi_link_state;
ifi->mtu = ifd->ifi_mtu;
}

newlinkup = LINK_STATE_IS_UP(ifi->link_state)((ifi->link_state) >= 4 || (ifi->link_state) == 0);
if (newlinkup != oldlinkup) {
log_debug("%s: link %s -> %s", log_procname,
    (oldlinkup != 0) ? "up" : "down",
    (newlinkup != 0) ? "up" : "down");
tick_msg("link", newlinkup ? TICK_SUCCESS1 : TICK_WAIT0);
}

if (memcmp(&ifi->hw_address, LLADDR(sdl)((caddr_t)((sdl)->sdl_data + (sdl)->sdl_nlen)), ETHER_ADDR_LEN6) != 0) {
if (log_getverbose()) {
	oldlladdr = strdup(ether_ntoa(&ifi->hw_address));
	if (oldlladdr == NULL((void *)0))
		fatal("oldlladdr");
	log_debug("%s: LLADDR %s -> %s", log_procname,
	    oldlladdr,
	    ether_ntoa((struct ether_addr *)LLADDR(sdl)((caddr_t)((sdl)->sdl_data + (sdl)->sdl_nlen))));
	free(oldlladdr);
}
memcpy(&ifi->hw_address, LLADDR(sdl)((caddr_t)((sdl)->sdl_data + (sdl)->sdl_nlen)), ETHER_ADDR_LEN6);
quit = RESTART2;	/* Even if MTU has changed. */
}

freeifaddrs(ifap);
283}

285struct interface_info *
286initialize_interface(char *name, int noaction)
287{
struct interface_info		*ifi;
struct ifaddrs			*ifap, *ifa;
struct if_data			*ifd;
struct sockaddr_dl		*sdl;
int				 ioctlfd;

ifi = calloc(1, sizeof(*ifi));
if (ifi == NULL((void *)0))
fatal("ifi");

ifi->rbuf_max = RT_BUF_SIZE2048;
ifi->rbuf = malloc(ifi->rbuf_max);
if (ifi->rbuf == NULL((void *)0))
fatal("rbuf");

if ((ioctlfd = socket(AF_INET2, SOCK_DGRAM2, 0)) == -1)
fatal("socket(AF_INET, SOCK_DGRAM)");

get_name(ifi, ioctlfd, name);
ifi->index = if_nametoindex(ifi->name);
if (ifi->index == 0)
fatalx("if_nametoindex(%s) == 0", ifi->name);

if (getifaddrs(&ifap) == -1)
fatal("getifaddrs()");

ifa = get_link_ifa(ifi->name, ifap);
sdl = (struct sockaddr_dl *)ifa->ifa_addr;
ifd = (struct if_data *)ifa->ifa_data;

if ((ifa->ifa_flags & IFF_UP0x1) == 0 ||
   (ifa->ifa_flags & IFF_RUNNING0x40) == 0)
ifi->link_state = LINK_STATE_DOWN2;
else
ifi->link_state = ifd->ifi_link_state;

memcpy(ifi->hw_address.ether_addr_octet, LLADDR(sdl)((caddr_t)((sdl)->sdl_data + (sdl)->sdl_nlen)), ETHER_ADDR_LEN6);
ifi->rdomain = ifd->ifi_rdomain;

get_sockets(ifi);
get_ssid(ifi, ioctlfd);

if (noaction == 0 && !LINK_STATE_IS_UP(ifi->link_state)((ifi->link_state) >= 4 || (ifi->link_state) == 0))
set_iff_up(ifi, ioctlfd);

close(ioctlfd);
freeifaddrs(ifap);

return ifi;
337}

339void
340get_name(struct interface_info *ifi, int ioctlfd, char *arg)
341{
struct ifgroupreq	 ifgr;
size_t			 len;

if (strcmp(arg, "egress") == 0) {
memset(&ifgr, 0, sizeof(ifgr));
strlcpy(ifgr.ifgr_name, "egress", sizeof(ifgr.ifgr_name));
if (ioctl(ioctlfd, SIOCGIFGMEMB(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifgroupreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((138))), (caddr_t)&ifgr) == -1)
	fatal("SIOCGIFGMEMB");
if (ifgr.ifgr_len > sizeof(struct ifg_req))
	fatalx("too many interfaces in group egress");
if ((ifgr.ifgr_groupsifgr_ifgru.ifgru_groups = calloc(1, ifgr.ifgr_len)) == NULL((void *)0))
	fatalx("ifgr_groups");
if (ioctl(ioctlfd, SIOCGIFGMEMB(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifgroupreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((138))), (caddr_t)&ifgr) == -1)
	fatal("SIOCGIFGMEMB");
len = strlcpy(ifi->name, ifgr.ifgr_groupsifgr_ifgru.ifgru_groups->ifgrq_memberifgrq_ifgrqu.ifgrqu_member,
    IFNAMSIZ16);
free(ifgr.ifgr_groupsifgr_ifgru.ifgru_groups);
} else
len = strlcpy(ifi->name, arg, IFNAMSIZ16);

if (len >= IFNAMSIZ16)
fatalx("interface name too long");
364}

366void
367get_ssid(struct interface_info *ifi, int ioctlfd)
368{
struct ieee80211_nwid		nwid;
struct ifreq			ifr;

memset(&ifr, 0, sizeof(ifr));
memset(&nwid, 0, sizeof(nwid));

ifr.ifr_dataifr_ifru.ifru_data = (caddr_t)&nwid;
strlcpy(ifr.ifr_name, ifi->name, sizeof(ifr.ifr_name));

if (ioctl(ioctlfd, SIOCG80211NWID(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((231))), (caddr_t)&ifr) == 0) {
memset(ifi->ssid, 0, sizeof(ifi->ssid));
memcpy(ifi->ssid, nwid.i_nwid, nwid.i_len);
ifi->ssid_len = nwid.i_len;
}
383}

385void
386set_iff_up(struct interface_info *ifi, int ioctlfd)
387{
struct ifreq	 ifr;

memset(&ifr, 0, sizeof(ifr));
strlcpy(ifr.ifr_name, ifi->name, sizeof(ifr.ifr_name));

if (ioctl(ioctlfd, SIOCGIFFLAGS(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((17))), (caddr_t)&ifr) == -1)
fatal("%s: SIOCGIFFLAGS", ifi->name);

if ((ifr.ifr_flagsifr_ifru.ifru_flags & IFF_UP0x1) == 0) {
ifi->link_state = LINK_STATE_DOWN2;
ifr.ifr_flagsifr_ifru.ifru_flags |= IFF_UP0x1;
if (ioctl(ioctlfd, SIOCSIFFLAGS((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((16))), (caddr_t)&ifr) == -1)
	fatal("%s: SIOCSIFFLAGS", ifi->name);
}
402}

404void
405set_user(char *user)
406{
struct passwd		*pw;

pw = getpwnam(user);
if (pw == NULL((void *)0))
fatalx("no such user: %s", user);

if (chroot(pw->pw_dir) == -1)
fatal("chroot(%s)", pw->pw_dir);
if (chdir("/") == -1)
fatal("chdir(\"/\")");
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
fatal("setresgid");
if (setgroups(1, &pw->pw_gid) == -1)
fatal("setgroups");
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
fatal("setresuid");

endpwent();
425}

427void
428get_sockets(struct interface_info *ifi)
429{
unsigned char		*newp;
size_t			 newsize;

ifi->udpfd = get_udp_sock(ifi->rdomain);
ifi->bpffd = get_bpf_sock(ifi->name);

newsize = configure_bpf_sock(ifi->bpffd);
if (newsize > ifi->rbuf_max) {
if ((newp = realloc(ifi->rbuf, newsize)) == NULL((void *)0))
	fatal("rbuf");
ifi->rbuf = newp;
ifi->rbuf_max = newsize;
}
443}

445int
446get_routefd(int rdomain)
447{
int		routefd, rtfilter;

if ((routefd = socket(AF_ROUTE17, SOCK_RAW3, AF_INET2)) == -1)
fatal("socket(AF_ROUTE, SOCK_RAW)");

rtfilter = ROUTE_FILTER(RTM_PROPOSAL)(1 << (0x13)) | ROUTE_FILTER(RTM_IFINFO)(1 << (0xe)) |
   ROUTE_FILTER(RTM_NEWADDR)(1 << (0xc)) | ROUTE_FILTER(RTM_DELADDR)(1 << (0xd)) |
   ROUTE_FILTER(RTM_IFANNOUNCE)(1 << (0xf)) | ROUTE_FILTER(RTM_80211INFO)(1 << (0x15));

if (setsockopt(routefd, AF_ROUTE17, ROUTE_MSGFILTER1,
   &rtfilter, sizeof(rtfilter)) == -1)
fatal("setsockopt(ROUTE_MSGFILTER)");
if (setsockopt(routefd, AF_ROUTE17, ROUTE_TABLEFILTER2, &rdomain,
   sizeof(rdomain)) == -1)
fatal("setsockopt(ROUTE_TABLEFILTER)");

return routefd;
465}

467void
468routefd_handler(struct interface_info *ifi, int routefd)
469{
struct rt_msghdr		*rtm;
unsigned char			*buf = ifi->rbuf;
unsigned char			*lim, *next;
ssize_t				 n;

do {
n = read(routefd, buf, RT_BUF_SIZE2048);
} while (n == -1 && errno(*__errno()) == EINTR4);
if (n == -1) {
log_warn("%s: routing socket", log_procname);
return;
}
if (n == 0)
fatalx("%s: routing socket closed", log_procname);

lim = buf + n;
for (next = buf; next < lim && quit == 0; next += rtm->rtm_msglen) {
rtm = (struct rt_msghdr *)next;
if (lim < next + sizeof(rtm->rtm_msglen) ||
    lim < next + rtm->rtm_msglen)
	fatalx("%s: partial rtm in buffer", log_procname);

if (rtm->rtm_version != RTM_VERSION5)
	continue;

rtm_dispatch(ifi, rtm);
}
497}

499void
500rtm_dispatch(struct interface_info *ifi, struct rt_msghdr *rtm)
501{
struct if_msghdr		*ifm;
struct if_announcemsghdr	*ifan;
struct ifa_msghdr		*ifam;
struct if_ieee80211_data	*ifie;
char				*oldssid;
uint32_t			 oldmtu;

switch (rtm->rtm_type) {
case RTM_PROPOSAL0x13:
if (rtm->rtm_priority == RTP_PROPOSAL_SOLICIT62) {
	if (quit == 0 && ifi->active != NULL((void *)0))
		tell_unwind(ifi->unwind_info, ifi->flags);
	return;
}
if (rtm->rtm_index != ifi->index ||
    rtm->rtm_priority != RTP_PROPOSAL_DHCLIENT58)
	return;
if ((rtm->rtm_flags & RTF_PROTO30x2000) != 0) {
	if (rtm->rtm_seq == (int32_t)ifi->xid) {
		ifi->flags |= IFI_IN_CHARGE0x01;
		return;
	} else if ((ifi->flags & IFI_IN_CHARGE0x01) != 0) {
		log_debug("%s: yielding responsibility",
		    log_procname);
		quit = TERMINATE1;
	}
} else if ((rtm->rtm_flags & RTF_PROTO20x4000) != 0) {
	release_lease(ifi); /* OK even if we sent it. */
	quit = TERMINATE1;
} else
	return; /* Ignore tell_unwind() proposals. */
break;

case RTM_DESYNC0x10:
log_warnx("%s: RTM_DESYNC", log_procname);
break;

case RTM_IFINFO0xe:
ifm = (struct if_msghdr *)rtm;
if (ifm->ifm_index != ifi->index)
	break;
if ((rtm->rtm_flags & RTF_UP0x1) == 0)
	fatalx("down");

oldmtu = ifi->mtu;
interface_state(ifi);
if (oldmtu == ifi->mtu)
	quit = RESTART2;
else
	log_debug("%s: MTU %u -> %u",
	    log_procname, oldmtu, ifi->mtu);
break;

case RTM_80211INFO0x15:
if (rtm->rtm_index != ifi->index)
	break;
ifie = &((struct if_ieee80211_msghdr *)rtm)->ifim_ifie;
if (ifi->ssid_len != ifie->ifie_nwid_len || memcmp(ifi->ssid,
    ifie->ifie_nwid, ifie->ifie_nwid_len) != 0) {
	if (log_getverbose()) {
		oldssid = strdup(pretty_print_string(ifi->ssid,
		    ifi->ssid_len, 1));
		if (oldssid == NULL((void *)0))
			fatal("oldssid");
		log_debug("%s: SSID %s -> %s", log_procname,
		    oldssid, pretty_print_string(ifie->ifie_nwid,
		    ifie->ifie_nwid_len, 1));
		free(oldssid);
	}
	quit = RESTART2;
}
break;

case RTM_IFANNOUNCE0xf:
ifan = (struct if_announcemsghdr *)rtm;
if (ifan->ifan_what == IFAN_DEPARTURE1 && ifan->ifan_index ==
    ifi->index)
	fatalx("departed");
break;

case RTM_NEWADDR0xc:
case RTM_DELADDR0xd:
/* Need to check if it is time to write resolv.conf. */
ifam = (struct ifa_msghdr *)rtm;
if (get_ifa_family((char *)ifam + ifam->ifam_hdrlen,
    ifam->ifam_addrs) != AF_INET2)
	return;
break;

default:
break;
}

/*
* Responsibility for resolv.conf may have changed hands.
*/
if (quit == 0 && ifi->active != NULL((void *)0) &&
   (ifi->flags & IFI_IN_CHARGE0x01) != 0 &&
   ifi->state == S_BOUND)
write_resolv_conf();
602}

604int
605main(int argc, char *argv[])
606{
uint8_t			 actions[DHO_END255];
struct stat		 sb;
struct interface_info	*ifi;
char			*ignore_list, *p;
int			 fd, socket_fd[2];
int			 routefd;
int			 ch, i;

if (isatty(STDERR_FILENO2) != 0)
1
Assuming the condition is false→
2
←
Taking false branch→
log_init(1, LOG_DEBUG7); /* log to stderr until daemonized */
else
log_init(0, LOG_DEBUG7); /* can't log to stderr */

log_setverbose(0);	/* Don't show log_debug() messages. */

if (lstat(_PATH_DHCLIENT_CONF"/etc/dhclient.conf", &sb) == 0)
3
←
Assuming the condition is false→
4
←
Taking false branch→
path_dhclient_conf = _PATH_DHCLIENT_CONF"/etc/dhclient.conf";
memset(actions, ACTION_USELEASE, sizeof(actions));

while ((ch = getopt(argc, argv, "c:di:nrv")) != -1) {
5
←
Assuming the condition is true→
6
←
Loop condition is true.  Entering loop body→
syslog(LOG_ALERT1 | LOG_CONS0x02,
    "dhclient will go away, so -%c option will not exist", ch);
switch (ch) {
7
←
Control jumps to 'case 105:'  at line 641→
case 'c':
	if (strlen(optarg) == 0)
		path_dhclient_conf = NULL((void *)0);
	else if (lstat(optarg, &sb) == 0)
		path_dhclient_conf = optarg;
	else
		fatal("lstat(%s)", optarg);
	break;
case 'd':
	cmd_opts |= OPT_FOREGROUND0x04;
	break;
case 'i':
	syslog(LOG_ALERT1 | LOG_CONS0x02,
	    "dhclient will go away, for -i learn dhcpleased.conf");
	if (strlen(optarg) == 0)
8
←
Assuming the condition is false→
9
←
Taking false branch→
		break;
	ignore_list = strdup(optarg);
10
←
Memory is allocated→
	if (ignore_list == NULL((void *)0))
11
←
Assuming 'ignore_list' is not equal to NULL→
12
←
Taking false branch→
		fatal("ignore_list");
	for (p = strsep(&ignore_list, ", "); p12.1
'p' is not equal to NULL
 != NULL((void *)0);
13
←
Loop condition is true.  Entering loop body→
16
←
 Execution continues on line 650→
17
←
Potential leak of memory pointed to by 'p'
	     p = strsep(&ignore_list, ", ")) {
		if (*p == '\0')
14
←
Assuming the condition is true→
15
←
Taking true branch→
			continue;
		i = name_to_code(p);
		if (i == DHO_END255)
			fatalx("invalid option name: '%s'", p);
		actions[i] = ACTION_IGNORE;
	}
	free(ignore_list);
	break;
case 'n':
	cmd_opts |= OPT_NOACTION0x01;
	break;
case 'r':
	cmd_opts |= OPT_RELEASE0x08;
	break;
case 'v':
	cmd_opts |= OPT_VERBOSE0x02;
	break;
default:
	usage();
}
}

argc -= optind;
argv += optind;

if (argc != 1)
usage();

syslog(LOG_ALERT1 | LOG_CONS0x02,
   "dhclient will go away, stop using it");

execl("/sbin/ifconfig", "ifconfig", argv[0], "inet", "autoconf", NULL((void *)0));

if ((cmd_opts & (OPT_FOREGROUND0x04 | OPT_NOACTION0x01)) != 0)
cmd_opts |= OPT_VERBOSE0x02;

if ((cmd_opts & OPT_VERBOSE0x02) != 0)
log_setverbose(1);	/* Show log_debug() messages. */

ifi = initialize_interface(argv[0], cmd_opts & OPT_NOACTION0x01);

log_procname = strdup(ifi->name);
if (log_procname == NULL((void *)0))
fatal("log_procname");
setproctitle("%s", log_procname);
log_procinit(log_procname);

tzset();

if (setrtable(ifi->rdomain) == -1)
fatal("setrtable(%u)", ifi->rdomain);

if ((cmd_opts & OPT_RELEASE0x08) != 0) {
if ((cmd_opts & OPT_NOACTION0x01) == 0)
	propose_release(ifi);
exit(0);
}

signal(SIGPIPE13, SIG_IGN(void (*)(int))1);	/* Don't wait for go_daemon()! */

if (socketpair(AF_UNIX1, SOCK_STREAM1 | SOCK_NONBLOCK0x4000 | SOCK_CLOEXEC0x8000, 0,
   socket_fd) == -1)
fatal("socketpair");

if ((nullfd = open(_PATH_DEVNULL"/dev/null", O_RDWR0x0002)) == -1)
fatal("open(%s)", _PATH_DEVNULL"/dev/null");

fork_privchld(ifi, socket_fd[0], socket_fd[1]);

close(socket_fd[0]);
if ((unpriv_ibuf = malloc(sizeof(*unpriv_ibuf))) == NULL((void *)0))
fatal("unpriv_ibuf");
imsg_init(unpriv_ibuf, socket_fd[1]);

read_conf(ifi->name, actions, &ifi->hw_address);
if ((cmd_opts & OPT_NOACTION0x01) != 0)
return 0;

if (asprintf(&path_lease_db, "%s.%s", _PATH_LEASE_DB"/var/db/dhclient.leases", ifi->name) == -1)
fatal("path_lease_db");

routefd = get_routefd(ifi->rdomain);
fd = take_charge(ifi, routefd, path_lease_db);	/* Kill other dhclients. */
if (autoconf(ifi)) {
/* dhcpleased has been notified to request a new lease. */
return 0;
}
if (fd != -1)
read_lease_db(&ifi->lease_db);

if ((leaseFile = fopen(path_lease_db, "w")) == NULL((void *)0))
log_warn("%s: fopen(%s)", log_procname, path_lease_db);
write_lease_db(ifi);

set_user("_dhcp");

if ((cmd_opts & OPT_FOREGROUND0x04) == 0) {
if (pledge("stdio inet dns route proc", NULL((void *)0)) == -1)
	fatal("pledge");
} else {
if (pledge("stdio inet dns route", NULL((void *)0)) == -1)
	fatal("pledge");
}

tick_msg("link", LINK_STATE_IS_UP(ifi->link_state)((ifi->link_state) >= 4 || (ifi->link_state) == 0) ? TICK_SUCCESS1 :
   TICK_WAIT0);
quit = RESTART2;
dispatch(ifi, routefd);

return 0;
762}

764void
765usage(void)
766{
extern char	*__progname;

fprintf(stderr(&__sF[2]),
   "usage: %s [-dnrv] [-c file] [-i options] "
   "interface\n", __progname);
exit(1);
773}

775void
776state_preboot(struct interface_info *ifi)
777{
interface_state(ifi);
if (quit != 0)
return;

if (LINK_STATE_IS_UP(ifi->link_state)((ifi->link_state) >= 4 || (ifi->link_state) == 0)) {
tick_msg("link", TICK_SUCCESS1);
ifi->state = S_REBOOTING;
state_reboot(ifi);
} else {
tick_msg("link", TICK_WAIT0);
set_timeout(ifi, 1, state_preboot);
}
790}

792/*
* Called when the interface link becomes active.
*/
795void
796state_reboot(struct interface_info *ifi)
797{
const struct timespec	 reboot_intvl = {config->reboot_interval, 0};
struct client_lease	*lease;

cancel_timeout(ifi);

/*
* If there is no recorded lease or the lease is BOOTP then
* go straight to INIT and try to DISCOVER a new lease.
*/
ifi->active = get_recorded_lease(ifi);
if (ifi->active == NULL((void *)0) || BOOTP_LEASE(ifi->active)((ifi->active)->options[53].len == 0)) {
ifi->state = S_INIT;
state_init(ifi);
return;
}
lease = apply_defaults(ifi->active);
get_lease_timeouts(ifi, lease);
free_client_lease(lease);

ifi->xid = arc4random();
make_request(ifi, ifi->active);

ifi->destination.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));
clock_gettime(CLOCK_MONOTONIC3, &ifi->first_sending);
timespecadd(&ifi->first_sending, &reboot_intvl, &ifi->reboot_timeout)do { (&ifi->reboot_timeout)->tv_sec = (&ifi->
first_sending)->tv_sec + (&reboot_intvl)->tv_sec; (
&ifi->reboot_timeout)->tv_nsec = (&ifi->first_sending
)->tv_nsec + (&reboot_intvl)->tv_nsec; if ((&ifi
->reboot_timeout)->tv_nsec >= 1000000000L) { (&ifi
->reboot_timeout)->tv_sec++; (&ifi->reboot_timeout
)->tv_nsec -= 1000000000L; } } while (0);
ifi->interval = 0;

send_request(ifi);
826}

828/*
* Called when a lease has completely expired and we've been unable to
* renew it.
*/
832void
833state_init(struct interface_info *ifi)
834{
const struct timespec	offer_intvl = {config->offer_interval, 0};

ifi->xid = arc4random();
make_discover(ifi, ifi->active);

ifi->destination.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));
ifi->state = S_SELECTING;
clock_gettime(CLOCK_MONOTONIC3, &ifi->first_sending);
timespecadd(&ifi->first_sending, &offer_intvl, &ifi->offer_timeout)do { (&ifi->offer_timeout)->tv_sec = (&ifi->
first_sending)->tv_sec + (&offer_intvl)->tv_sec; (&
ifi->offer_timeout)->tv_nsec = (&ifi->first_sending
)->tv_nsec + (&offer_intvl)->tv_nsec; if ((&ifi
->offer_timeout)->tv_nsec >= 1000000000L) { (&ifi
->offer_timeout)->tv_sec++; (&ifi->offer_timeout
)->tv_nsec -= 1000000000L; } } while (0);
ifi->select_timeout = ifi->offer_timeout;
ifi->interval = 0;

send_discover(ifi);
848}

850/*
* Called when one or more DHCPOFFER packets have been received and a
* configurable period of time has passed.
*/
854void
855state_selecting(struct interface_info *ifi)
856{
cancel_timeout(ifi);

if (ifi->offer == NULL((void *)0)) {
state_panic(ifi);
return;
}

ifi->state = S_REQUESTING;

/* If it was a BOOTREPLY, we can just take the lease right now. */
if (BOOTP_LEASE(ifi->offer)((ifi->offer)->options[53].len == 0)) {
bind_lease(ifi);
return;
}

ifi->destination.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));
clock_gettime(CLOCK_MONOTONIC3, &ifi->first_sending);
ifi->interval = 0;

/*
* Make a DHCPREQUEST packet from the lease we picked. Keep
* the current xid, as all offers should have had the same
* one.
*/
make_request(ifi, ifi->offer);

/* Toss the lease we picked - we'll get it back in a DHCPACK. */
free_client_lease(ifi->offer);
ifi->offer = NULL((void *)0);
free(ifi->offer_src);
ifi->offer_src = NULL((void *)0);

send_request(ifi);
890}

892void
893dhcpoffer(struct interface_info *ifi, struct option_data *options,
  const char *src)
895{
if (ifi->state != S_SELECTING) {
log_debug("%s: unexpected DHCPOFFER from %s - state #%d",
    log_procname, src, ifi->state);
return;
}

log_debug("%s: DHCPOFFER from %s", log_procname, src);
process_offer(ifi, options, src);
904}

906void
907bootreply(struct interface_info *ifi, struct option_data *options,
  const char *src)
909{
if (ifi->state != S_SELECTING) {
log_debug("%s: unexpected BOOTREPLY from %s - state #%d",
    log_procname, src, ifi->state);
return;
}

log_debug("%s: BOOTREPLY from %s", log_procname, src);
process_offer(ifi, options, src);
918}

920void
921process_offer(struct interface_info *ifi, struct option_data *options,
  const char *src)
923{
const struct timespec	 select_intvl = {config->select_interval, 0};
struct timespec		 now;
struct client_lease	*lease;

clock_gettime(CLOCK_MONOTONIC3, &now);

lease = packet_to_lease(ifi, options);
if (lease != NULL((void *)0)) {
if (ifi->offer == NULL((void *)0)) {
	ifi->offer = lease;
	free(ifi->offer_src);
	ifi->offer_src = strdup(src);	/* NULL is OK */
	timespecadd(&now, &select_intvl, &ifi->select_timeout)do { (&ifi->select_timeout)->tv_sec = (&now)->
tv_sec + (&select_intvl)->tv_sec; (&ifi->select_timeout
)->tv_nsec = (&now)->tv_nsec + (&select_intvl)->
tv_nsec; if ((&ifi->select_timeout)->tv_nsec >= 1000000000L
) { (&ifi->select_timeout)->tv_sec++; (&ifi->
select_timeout)->tv_nsec -= 1000000000L; } } while (0);
	if (timespeccmp(&ifi->select_timeout,(((&ifi->select_timeout)->tv_sec == (&ifi->offer_timeout
)->tv_sec) ? ((&ifi->select_timeout)->tv_nsec >
 (&ifi->offer_timeout)->tv_nsec) : ((&ifi->select_timeout
)->tv_sec > (&ifi->offer_timeout)->tv_sec))
	    &ifi->offer_timeout, >)(((&ifi->select_timeout)->tv_sec == (&ifi->offer_timeout
)->tv_sec) ? ((&ifi->select_timeout)->tv_nsec >
 (&ifi->offer_timeout)->tv_nsec) : ((&ifi->select_timeout
)->tv_sec > (&ifi->offer_timeout)->tv_sec)))
		ifi->select_timeout = ifi->offer_timeout;
} else if (lease->address.s_addr ==
    ifi->offer->address.s_addr) {
	/* Decline duplicate offers. */
} else if (lease->address.s_addr ==
    ifi->requested_address.s_addr) {
	free_client_lease(ifi->offer);
	ifi->offer = lease;
	free(ifi->offer_src);
	ifi->offer_src = strdup(src);	/* NULL is OK */
}

if (ifi->offer != lease) {
	make_decline(ifi, lease);
	send_decline(ifi);
	free_client_lease(lease);
} else if (ifi->offer->address.s_addr ==
    ifi->requested_address.s_addr) {
	ifi->select_timeout = now;
}
}

if (timespeccmp(&now, &ifi->select_timeout, >=)(((&now)->tv_sec == (&ifi->select_timeout)->
tv_sec) ? ((&now)->tv_nsec >= (&ifi->select_timeout
)->tv_nsec) : ((&now)->tv_sec >= (&ifi->select_timeout
)->tv_sec)))
state_selecting(ifi);
else {
ifi->timeout = ifi->select_timeout;
ifi->timeout_func = state_selecting;
}
967}

969void
970dhcpack(struct interface_info *ifi, struct option_data *options,
  const char *src)
972{
struct client_lease	*lease;

if (ifi->state != S_REBOOTING &&
   ifi->state != S_REQUESTING &&
   ifi->state != S_RENEWING) {
log_debug("%s: unexpected DHCPACK from %s - state #%d",
    log_procname, src, ifi->state);
return;
}

log_debug("%s: DHCPACK", log_procname);

lease = packet_to_lease(ifi, options);
if (lease == NULL((void *)0)) {
ifi->state = S_INIT;
state_init(ifi);
return;
}

ifi->offer = lease;
ifi->offer_src = strdup(src);	/* NULL is OK */
memcpy(ifi->offer->ssid, ifi->ssid, sizeof(ifi->offer->ssid));
ifi->offer->ssid_len = ifi->ssid_len;

/* Stop resending DHCPREQUEST. */
cancel_timeout(ifi);

bind_lease(ifi);
1001}

1003void
1004dhcpnak(struct interface_info *ifi, const char *src)
1005{
struct client_lease		*ll, *pl;

if (ifi->state != S_REBOOTING &&
   ifi->state != S_REQUESTING &&
   ifi->state != S_RENEWING) {
log_debug("%s: unexpected DHCPNAK from %s - state #%d",
    log_procname, src, ifi->state);
return;
}

log_debug("%s: DHCPNAK", log_procname);

/* Remove the NAK'd address from the database. */
TAILQ_FOREACH_SAFE(ll, &ifi->lease_db, next, pl)for ((ll) = ((&ifi->lease_db)->tqh_first); (ll) != (
(void *)0) && ((pl) = ((ll)->next.tqe_next), 1); (
ll) = (pl)) {
if (ifi->ssid_len == ll->ssid_len &&
    memcmp(ifi->ssid, ll->ssid, ll->ssid_len) == 0 &&
    ll->address.s_addr == ifi->requested_address.s_addr) {
	if (ll == ifi->active) {
		tell_unwind(NULL((void *)0), ifi->flags);
		free(ifi->unwind_info);
		ifi->unwind_info = NULL((void *)0);
		revoke_proposal(ifi->configured);
		free(ifi->configured);
		ifi->configured = NULL((void *)0);
		ifi->active = NULL((void *)0);
	}
	TAILQ_REMOVE(&ifi->lease_db, ll, next)do { if (((ll)->next.tqe_next) != ((void *)0)) (ll)->next
.tqe_next->next.tqe_prev = (ll)->next.tqe_prev; else (&
ifi->lease_db)->tqh_last = (ll)->next.tqe_prev; *(ll
)->next.tqe_prev = (ll)->next.tqe_next; ; ; } while (0);
	free_client_lease(ll);
	write_lease_db(ifi);
}
}

/* Stop sending DHCPREQUEST packets. */
cancel_timeout(ifi);

ifi->state = S_INIT;
state_init(ifi);
1043}

1045void
1046bind_lease(struct interface_info *ifi)
1047{
struct timespec		 now;
struct client_lease	*lease, *pl, *ll;
struct proposal		*effective_proposal = NULL((void *)0);
struct unwind_info	*unwind_info;
char			*msg = NULL((void *)0);
int			 rslt, seen;

tick_msg("lease", TICK_SUCCESS1);
clock_gettime(CLOCK_MONOTONIC3, &now);

lease = apply_defaults(ifi->offer);
get_lease_timeouts(ifi, lease);

/* Replace the old active lease with the accepted offer. */
ifi->active = ifi->offer;
ifi->offer = NULL((void *)0);

/*
* Supply unwind with updated info.
*/
unwind_info = lease_as_unwind_info(ifi->active);
if (ifi->unwind_info == NULL((void *)0) && unwind_info != NULL((void *)0)) {
ifi->unwind_info = unwind_info;
tell_unwind(ifi->unwind_info, ifi->flags);
} else if (ifi->unwind_info != NULL((void *)0) && unwind_info == NULL((void *)0)) {
tell_unwind(NULL((void *)0), ifi->flags);
free(ifi->unwind_info);
ifi->unwind_info = NULL((void *)0);
} else if (ifi->unwind_info != NULL((void *)0) && unwind_info != NULL((void *)0)) {
if (memcmp(ifi->unwind_info, unwind_info,
    sizeof(*ifi->unwind_info)) != 0) {
	tell_unwind(NULL((void *)0), ifi->flags);
	free(ifi->unwind_info);
	ifi->unwind_info = unwind_info;
	tell_unwind(ifi->unwind_info, ifi->flags);
}
}

effective_proposal = lease_as_proposal(lease);
if (ifi->configured != NULL((void *)0)) {
if (memcmp(ifi->configured, effective_proposal,
    sizeof(*ifi->configured)) == 0)
	goto newlease;
}
free(ifi->configured);
ifi->configured = effective_proposal;
effective_proposal = NULL((void *)0);

propose(ifi->configured);
rslt = asprintf(&msg, "%s lease accepted from %s",
   inet_ntoa(ifi->active->address),
   (ifi->offer_src == NULL((void *)0)) ? "<unknown>" : ifi->offer_src);
if (rslt == -1)
fatal("bind msg");

1103newlease:
seen = 0;
TAILQ_FOREACH_SAFE(ll, &ifi->lease_db, next, pl)for ((ll) = ((&ifi->lease_db)->tqh_first); (ll) != (
(void *)0) && ((pl) = ((ll)->next.tqe_next), 1); (
ll) = (pl)) {
if (ifi->ssid_len != ll->ssid_len ||
    memcmp(ifi->ssid, ll->ssid, ll->ssid_len) != 0)
	continue;
if (ifi->active == ll)
	seen = 1;
else if (ll->address.s_addr == ifi->active->address.s_addr) {
	TAILQ_REMOVE(&ifi->lease_db, ll, next)do { if (((ll)->next.tqe_next) != ((void *)0)) (ll)->next
.tqe_next->next.tqe_prev = (ll)->next.tqe_prev; else (&
ifi->lease_db)->tqh_last = (ll)->next.tqe_prev; *(ll
)->next.tqe_prev = (ll)->next.tqe_next; ; ; } while (0);
	free_client_lease(ll);
}
}
if (seen == 0) {
if (ifi->active->epoch == 0)
	time(&ifi->active->epoch);
TAILQ_INSERT_HEAD(&ifi->lease_db, ifi->active,  next)do { if (((ifi->active)->next.tqe_next = (&ifi->
lease_db)->tqh_first) != ((void *)0)) (&ifi->lease_db
)->tqh_first->next.tqe_prev = &(ifi->active)->
next.tqe_next; else (&ifi->lease_db)->tqh_last = &
(ifi->active)->next.tqe_next; (&ifi->lease_db)->
tqh_first = (ifi->active); (ifi->active)->next.tqe_prev
 = &(&ifi->lease_db)->tqh_first; } while (0);
}

/*
* Write out updated information before going daemon.
*
* Some scripts (e.g. the installer in autoinstall mode) assume that
* the bind process is complete and all related information is in
* place when dhclient(8) goes daemon.
*/
write_lease_db(ifi);

free_client_lease(lease);
free(effective_proposal);
free(ifi->offer_src);
ifi->offer_src = NULL((void *)0);

if (msg != NULL((void *)0)) {
if ((cmd_opts & OPT_FOREGROUND0x04) != 0) {
	/* log msg on console only. */
	;
} else if (isatty(STDERR_FILENO2) != 0) {
	/*
	 * log msg to console and then go_daemon() so it is
	 * logged again, this time to /var/log/daemon.
	 */
	log_info("%s: %s", log_procname, msg);
	go_daemon();
}
log_info("%s: %s", log_procname, msg);
free(msg);
}

ifi->state = S_BOUND;
go_daemon();

/*
* Set timeout to start the renewal process.
*
* If the renewal time is in the past, the lease is from the
* leaseDB. Rather than immediately trying to contact a server,
* pause the configured time between attempts.
*/
if (timespeccmp(&now, &ifi->renew, >=)(((&now)->tv_sec == (&ifi->renew)->tv_sec) ?
 ((&now)->tv_nsec >= (&ifi->renew)->tv_nsec
) : ((&now)->tv_sec >= (&ifi->renew)->tv_sec
)))
set_timeout(ifi, config->retry_interval, state_bound);
else {
ifi->timeout = ifi->renew;
ifi->timeout_func = state_bound;
}
1168}

1170/*
* Called when we've successfully bound to a particular lease, but the renewal
* time on that lease has expired.  We are expected to unicast a DHCPREQUEST to
* the server that gave us our original lease.
*/
1175void
1176state_bound(struct interface_info *ifi)
1177{
struct option_data	*opt;
struct in_addr		*dest;

ifi->xid = arc4random();
make_request(ifi, ifi->active);

dest = &ifi->destination;
opt = &ifi->active->options[DHO_DHCP_SERVER_IDENTIFIER54];

if (opt->len == sizeof(*dest))
dest->s_addr = ((struct in_addr *)opt->data)->s_addr;
else
dest->s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));

clock_gettime(CLOCK_MONOTONIC3, &ifi->first_sending);
ifi->interval = 0;
ifi->state = S_RENEWING;

send_request(ifi);
1197}

1199int
1200addressinuse(char *name, struct in_addr address, char *ifname)
1201{
struct ifaddrs		*ifap, *ifa;
struct sockaddr_in	*sin;
int			 used = 0;

if (getifaddrs(&ifap) != 0) {
log_warn("%s: getifaddrs", log_procname);
return 0;
}

for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
if (ifa->ifa_addr == NULL((void *)0) ||
    ifa->ifa_addr->sa_family != AF_INET2)
	continue;

sin = (struct sockaddr_in *)ifa->ifa_addr;
if (memcmp(&address, &sin->sin_addr, sizeof(address)) == 0) {
	strlcpy(ifname, ifa->ifa_name, IF_NAMESIZE16);
	used = 1;
	if (strncmp(ifname, name, IF_NAMESIZE16) != 0)
		break;
}
}

freeifaddrs(ifap);
return used;
1227}

1229/*
* Allocate a client_lease structure and initialize it from the
* parameters in the received packet.
*
* Return NULL and decline the lease if a valid lease cannot be
* constructed.
*/
1236struct client_lease *
1237packet_to_lease(struct interface_info *ifi, struct option_data *options)
1238{
char			 ifname[IF_NAMESIZE16];
struct dhcp_packet	*packet = &ifi->recv_packet;
struct client_lease	*lease;
char			*pretty, *name;
int			 i;

lease = calloc(1, sizeof(*lease));
if (lease == NULL((void *)0)) {
log_warn("%s: lease", log_procname);
return NULL((void *)0);	/* Can't even DECLINE. */
}

/*  Copy the lease addresses. */
lease->address.s_addr = packet->yiaddr.s_addr;
lease->next_server.s_addr = packet->siaddr.s_addr;

/* Copy the lease options. */
for (i = 0; i < DHO_COUNT256; i++) {
if (options[i].len == 0)
	continue;
name = code_to_name(i);
if (i == DHO_DOMAIN_SEARCH119) {
	/* Replace RFC 1035 data with a string. */
	pretty = rfc1035_as_string(options[i].data,
	    options[i].len);
	free(options[i].data);
	options[i].data = strdup(pretty);
	if (options[i].data == NULL((void *)0))
		fatal("RFC1035 string");
	options[i].len = strlen(options[i].data);
} else
	pretty = pretty_print_option(i, &options[i], 0);
if (strlen(pretty) == 0)
	continue;
switch (i) {
case DHO_DOMAIN_SEARCH119:
case DHO_DOMAIN_NAME15:
	/*
	 * Allow deviant but historically blessed
	 * practice of supplying multiple domain names
	 * with DHO_DOMAIN_NAME. Thus allowing multiple
	 * entries in the resolv.conf 'search' statement.
	 */
	if (res_hnok_list(pretty) == 0) {
		log_debug("%s: invalid host name in %s",
		    log_procname, name);
		continue;
	}
	break;
case DHO_HOST_NAME12:
case DHO_NIS_DOMAIN40:
	if (res_hnok__res_hnok(pretty) == 0) {
		log_debug("%s: invalid host name in %s",
		    log_procname, name);
		continue;
	}
	break;
default:
	break;
}
lease->options[i] = options[i];
options[i].data = NULL((void *)0);
options[i].len = 0;
}

/*
* If this lease doesn't supply a required parameter, decline it.
*/
for (i = 0; i < config->required_option_count; i++) {
if (lease->options[config->required_options[i]].len == 0) {
	name = code_to_name(config->required_options[i]);
	log_warnx("%s: %s required but missing", log_procname,
	    name);
	goto decline;
}
}

/*
* If this lease is trying to sell us an address we are already
* using, decline it.
*/
memset(ifname, 0, sizeof(ifname));
if (addressinuse(ifi->name, lease->address, ifname) != 0 &&
   strncmp(ifname, ifi->name, IF_NAMESIZE16) != 0) {
log_warnx("%s: %s already configured on %s", log_procname,
    inet_ntoa(lease->address), ifname);
goto decline;
}

/* If the server name was filled out, copy it. */
if ((lease->options[DHO_DHCP_OPTION_OVERLOAD52].len == 0 ||
   (lease->options[DHO_DHCP_OPTION_OVERLOAD52].data[0] & 2) == 0) &&
   packet->sname[0]) {
lease->server_name = calloc(1, DHCP_SNAME_LEN64 + 1);
if (lease->server_name == NULL((void *)0)) {
	log_warn("%s: SNAME", log_procname);
	goto decline;
}
memcpy(lease->server_name, packet->sname, DHCP_SNAME_LEN64);
if (res_hnok__res_hnok(lease->server_name) == 0) {
	log_debug("%s: invalid host name in SNAME ignored",
	    log_procname);
	free(lease->server_name);
	lease->server_name = NULL((void *)0);
}
}

/* If the file name was filled out, copy it. */
if ((lease->options[DHO_DHCP_OPTION_OVERLOAD52].len == 0 ||
   (lease->options[DHO_DHCP_OPTION_OVERLOAD52].data[0] & 1) == 0) &&
   packet->file[0]) {
/* Don't count on the NUL terminator. */
lease->filename = malloc(DHCP_FILE_LEN128 + 1);
if (lease->filename == NULL((void *)0)) {
	log_warn("%s: filename", log_procname);
	goto decline;
}
memcpy(lease->filename, packet->file, DHCP_FILE_LEN128);
lease->filename[DHCP_FILE_LEN128] = '\0';
}

/*
* Record the client identifier used to obtain the lease.  We already
* checked that the packet client identifier is absent (RFC 2131) or
* matches what we sent (RFC 6842),
*/
i = DHO_DHCP_CLIENT_IDENTIFIER61;
if (lease->options[i].len == 0 && config->send_options[i].len != 0) {
lease->options[i].len = config->send_options[i].len;
lease->options[i].data = malloc(lease->options[i].len);
if (lease->options[i].data == NULL((void *)0))
	fatal("lease client-identifier");
memcpy(lease->options[i].data, config->send_options[i].data,
    lease->options[i].len);
}

time(&lease->epoch);
return lease;

1378decline:
make_decline(ifi, lease);
send_decline(ifi);
free_client_lease(lease);
return NULL((void *)0);
1383}

1385void
1386set_interval(struct interface_info *ifi, struct timespec *now)
1387{
struct timespec		interval;

if (timespeccmp(now, &ifi->timeout, >)(((now)->tv_sec == (&ifi->timeout)->tv_sec) ? ((
now)->tv_nsec > (&ifi->timeout)->tv_nsec) : (
(now)->tv_sec > (&ifi->timeout)->tv_sec)))
ifi->interval = 1;
else {
timespecsub(&ifi->timeout, now, &interval)do { (&interval)->tv_sec = (&ifi->timeout)->
tv_sec - (now)->tv_sec; (&interval)->tv_nsec = (&
ifi->timeout)->tv_nsec - (now)->tv_nsec; if ((&interval
)->tv_nsec < 0) { (&interval)->tv_sec--; (&interval
)->tv_nsec += 1000000000L; } } while (0);
if (interval.tv_sec == 0 || interval.tv_nsec > 500000000LL)
	interval.tv_sec++;
ifi->interval = interval.tv_sec;
}
1398}

1400void
1401set_resend_timeout(struct interface_info *ifi, struct timespec *now,
  void (*where)(struct interface_info *))
1403{
const struct timespec	reboot_intvl = {config->reboot_interval, 0};
const struct timespec	initial_intvl = {config->initial_interval, 0};
const struct timespec	cutoff_intvl = {config->backoff_cutoff, 0};
const struct timespec	onesecond = {1, 0};
struct timespec		interval, when;

if (timespeccmp(now, &ifi->link_timeout, <)(((now)->tv_sec == (&ifi->link_timeout)->tv_sec)
 ? ((now)->tv_nsec < (&ifi->link_timeout)->tv_nsec
) : ((now)->tv_sec < (&ifi->link_timeout)->tv_sec
)))
interval = onesecond;
else if (ifi->interval == 0) {
if (ifi->state == S_REBOOTING)
	interval = reboot_intvl;
else
	interval = initial_intvl;
} else {
timespecclear(&interval)(&interval)->tv_sec = (&interval)->tv_nsec = 0;
interval.tv_sec = ifi->interval + arc4random_uniform(2 *
    ifi->interval);
}
if (timespeccmp(&interval, &onesecond, <)(((&interval)->tv_sec == (&onesecond)->tv_sec) ?
 ((&interval)->tv_nsec < (&onesecond)->tv_nsec
) : ((&interval)->tv_sec < (&onesecond)->tv_sec
)))
interval = onesecond;
else if (timespeccmp(&interval, &cutoff_intvl, >)(((&interval)->tv_sec == (&cutoff_intvl)->tv_sec
) ? ((&interval)->tv_nsec > (&cutoff_intvl)->
tv_nsec) : ((&interval)->tv_sec > (&cutoff_intvl
)->tv_sec)))
interval = cutoff_intvl;

timespecadd(now, &interval, &when)do { (&when)->tv_sec = (now)->tv_sec + (&interval
)->tv_sec; (&when)->tv_nsec = (now)->tv_nsec + (
&interval)->tv_nsec; if ((&when)->tv_nsec >=
 1000000000L) { (&when)->tv_sec++; (&when)->tv_nsec
 -= 1000000000L; } } while (0);
switch (ifi->state) {
case S_REBOOTING:
case S_RENEWING:
if (timespeccmp(&when, &ifi->expiry, >)(((&when)->tv_sec == (&ifi->expiry)->tv_sec)
 ? ((&when)->tv_nsec > (&ifi->expiry)->tv_nsec
) : ((&when)->tv_sec > (&ifi->expiry)->tv_sec
)))
	when = ifi->expiry;
break;
case S_SELECTING:
if (timespeccmp(&when, &ifi->select_timeout, >)(((&when)->tv_sec == (&ifi->select_timeout)->
tv_sec) ? ((&when)->tv_nsec > (&ifi->select_timeout
)->tv_nsec) : ((&when)->tv_sec > (&ifi->select_timeout
)->tv_sec)))
	when = ifi->select_timeout;
break;
case S_REQUESTING:
if (timespeccmp(&when, &ifi->offer_timeout, >)(((&when)->tv_sec == (&ifi->offer_timeout)->
tv_sec) ? ((&when)->tv_nsec > (&ifi->offer_timeout
)->tv_nsec) : ((&when)->tv_sec > (&ifi->offer_timeout
)->tv_sec)))
	when = ifi->offer_timeout;
break;
default:
break;
}

ifi->timeout = when;
ifi->timeout_func = where;
1448}

1450void
1451set_secs(struct interface_info *ifi, struct timespec *now)
1452{
struct timespec interval;

if (ifi->state != S_REQUESTING) {
/* Update the number of seconds since we started sending. */
timespecsub(now, &ifi->first_sending, &interval)do { (&interval)->tv_sec = (now)->tv_sec - (&ifi
->first_sending)->tv_sec; (&interval)->tv_nsec =
 (now)->tv_nsec - (&ifi->first_sending)->tv_nsec
; if ((&interval)->tv_nsec < 0) { (&interval)->
tv_sec--; (&interval)->tv_nsec += 1000000000L; } } while
 (0);
if (interval.tv_nsec > 500000000LL)
	interval.tv_sec++;
if (interval.tv_sec > UINT16_MAX0xffff)
	ifi->secs = UINT16_MAX0xffff;
else
	ifi->secs = interval.tv_sec;
}

ifi->sent_packet.secs = htons(ifi->secs)(__uint16_t)(__builtin_constant_p(ifi->secs) ? (__uint16_t
)(((__uint16_t)(ifi->secs) & 0xffU) << 8 | ((__uint16_t
)(ifi->secs) & 0xff00U) >> 8) : __swap16md(ifi->
secs));
1467}

1469/*
* Send out a DHCPDISCOVER packet, and set a timeout to send out another
* one after the right interval has expired.  If we don't get an offer by
* the time we reach the panic interval, call the panic function.
*/
1474void
1475send_discover(struct interface_info *ifi)
1476{
struct timespec		 now;
ssize_t			 rslt;

clock_gettime(CLOCK_MONOTONIC3, &now);
if (timespeccmp(&now, &ifi->offer_timeout, >=)(((&now)->tv_sec == (&ifi->offer_timeout)->tv_sec
) ? ((&now)->tv_nsec >= (&ifi->offer_timeout
)->tv_nsec) : ((&now)->tv_sec >= (&ifi->offer_timeout
)->tv_sec))) {
state_panic(ifi);
return;
}

set_resend_timeout(ifi, &now, send_discover);
set_interval(ifi, &now);
set_secs(ifi, &now);

rslt = send_packet(ifi, inaddr_any, inaddr_broadcast, "DHCPDISCOVER");
if (rslt != -1)
log_debug("%s: DHCPDISCOVER %s", log_procname,
    (ifi->requested_address.s_addr == INADDR_ANY((u_int32_t)(0x00000000))) ? "" :
    inet_ntoa(ifi->requested_address));

tick_msg("lease", TICK_WAIT0);
1497}

1499/*
* Called if we haven't received any offers in a preset amount of time. When
* this happens, we try to use existing leases that haven't yet expired.
*
* If LINK_STATE_UNKNOWN, do NOT use recorded leases.
*/
1505void
1506state_panic(struct interface_info *ifi)
1507{
log_debug("%s: no acceptable DHCPOFFERS received", log_procname);

if (ifi->link_state >= LINK_STATE_UP4) {
ifi->offer = get_recorded_lease(ifi);
if (ifi->offer != NULL((void *)0)) {
	ifi->state = S_REQUESTING;
	ifi->offer_src = strdup(path_lease_db); /* NULL is OK. */
	bind_lease(ifi);
	return;
}
}

/*
* No leases were available, or what was available didn't work
*/
log_debug("%s: no working leases in persistent database - sleeping",
   log_procname);
ifi->state = S_INIT;
set_timeout(ifi, config->retry_interval, state_init);
tick_msg("lease", TICK_DAEMON2);
1528}

1530void
1531send_request(struct interface_info *ifi)
1532{
struct sockaddr_in	 destination;
struct in_addr		 from;
struct timespec		 now;
ssize_t			 rslt;
char			*addr;

cancel_timeout(ifi);
clock_gettime(CLOCK_MONOTONIC3, &now);

switch (ifi->state) {
case S_REBOOTING:
if (timespeccmp(&now, &ifi->reboot_timeout, >=)(((&now)->tv_sec == (&ifi->reboot_timeout)->
tv_sec) ? ((&now)->tv_nsec >= (&ifi->reboot_timeout
)->tv_nsec) : ((&now)->tv_sec >= (&ifi->reboot_timeout
)->tv_sec)))
	ifi->state = S_INIT;
else {
	destination.sin_addr.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));
	if (ifi->active == NULL((void *)0))
		from.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
	else
		from.s_addr = ifi->active->address.s_addr;
}
break;
case S_RENEWING:
if (timespeccmp(&now, &ifi->expiry, >=)(((&now)->tv_sec == (&ifi->expiry)->tv_sec) ?
 ((&now)->tv_nsec >= (&ifi->expiry)->tv_nsec
) : ((&now)->tv_sec >= (&ifi->expiry)->tv_sec
)))
	ifi->state = S_INIT;
else {
	if (timespeccmp(&now, &ifi->rebind, >=)(((&now)->tv_sec == (&ifi->rebind)->tv_sec) ?
 ((&now)->tv_nsec >= (&ifi->rebind)->tv_nsec
) : ((&now)->tv_sec >= (&ifi->rebind)->tv_sec
)))
		destination.sin_addr.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));
	else
		destination.sin_addr.s_addr = ifi->destination.s_addr;
	if (ifi->active == NULL((void *)0))
		from.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
	else
		from.s_addr = ifi->active->address.s_addr;
}
break;
case S_REQUESTING:
if (timespeccmp(&now, &ifi->offer_timeout, >=)(((&now)->tv_sec == (&ifi->offer_timeout)->tv_sec
) ? ((&now)->tv_nsec >= (&ifi->offer_timeout
)->tv_nsec) : ((&now)->tv_sec >= (&ifi->offer_timeout
)->tv_sec)))
	ifi->state = S_INIT;
else {
	destination.sin_addr.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));
	from.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
}
break;
default:
ifi->state = S_INIT;
break;
}

if (ifi->state == S_INIT) {
/* Something has gone wrong. Start over. */
state_init(ifi);
return;
}

set_resend_timeout(ifi, &now, send_request);
set_interval(ifi, &now);
set_secs(ifi, &now);

rslt = send_packet(ifi, from, destination.sin_addr, "DHCPREQUEST");
if (rslt != -1 && log_getverbose()) {
addr = strdup(inet_ntoa(ifi->requested_address));
if (addr == NULL((void *)0))
	fatal("strdup(ifi->requested_address)");
if (destination.sin_addr.s_addr == INADDR_BROADCAST((u_int32_t)(0xffffffff)))
	log_debug("%s: DHCPREQUEST %s", log_procname, addr);
else
	log_debug("%s: DHCPREQUEST %s from %s", log_procname,
	    addr, inet_ntoa(destination.sin_addr));
free(addr);
}

tick_msg("lease", TICK_WAIT0);
1605}

1607void
1608send_decline(struct interface_info *ifi)
1609{
ssize_t		rslt;

rslt = send_packet(ifi, inaddr_any, inaddr_broadcast, "DHCPDECLINE");
if (rslt != -1)
log_debug("%s: DHCPDECLINE", log_procname);
1615}

1617void
1618send_release(struct interface_info *ifi)
1619{
ssize_t		rslt;

rslt = send_packet(ifi, ifi->configured->address, ifi->destination,
   "DHCPRELEASE");
if (rslt != -1)
log_debug("%s: DHCPRELEASE", log_procname);
1626}

1628void
1629make_discover(struct interface_info *ifi, struct client_lease *lease)
1630{
struct option_data	 options[DHO_COUNT256];
struct dhcp_packet	*packet = &ifi->sent_packet;
unsigned char		 discover = DHCPDISCOVER1;
int			 i;

memset(options, 0, sizeof(options));
memset(packet, 0, sizeof(*packet));

/* Set DHCP_MESSAGE_TYPE to DHCPDISCOVER */
i = DHO_DHCP_MESSAGE_TYPE53;
options[i].data = &discover;
options[i].len = sizeof(discover);

/* Request the options we want */
i  = DHO_DHCP_PARAMETER_REQUEST_LIST55;
options[i].data = config->requested_options;
options[i].len = config->requested_option_count;

/* If we had an address, try to get it again. */
if (lease != NULL((void *)0)) {
ifi->requested_address = lease->address;
i = DHO_DHCP_REQUESTED_ADDRESS50;
options[i].data = (char *)&lease->address;
options[i].len = sizeof(lease->address);
} else
ifi->requested_address.s_addr = INADDR_ANY((u_int32_t)(0x00000000));

/* Send any options requested in the config file. */
for (i = 0; i < DHO_COUNT256; i++)
if (options[i].data == NULL((void *)0) &&
    config->send_options[i].data != NULL((void *)0)) {
	options[i].data = config->send_options[i].data;
	options[i].len = config->send_options[i].len;
}

/*
* Set up the option buffer to fit in a 576-byte UDP packet, which
* RFC 791 says is the largest packet that *MUST* be accepted
* by any host.
*/
i = pack_options(ifi->sent_packet.options, 576 - DHCP_FIXED_LEN(236 + (20 + 8)),
   options);
if (i == -1 || packet->options[i] != DHO_END255)
fatalx("options do not fit in DHCPDISCOVER packet");
ifi->sent_packet_length = DHCP_FIXED_NON_UDP236+i+1;
if (ifi->sent_packet_length < BOOTP_MIN_LEN300)
ifi->sent_packet_length = BOOTP_MIN_LEN300;

packet->op = BOOTREQUEST1;
packet->htype = HTYPE_ETHER1;
packet->hlen = ETHER_ADDR_LEN6;
packet->hops = 0;
packet->xid = ifi->xid;
packet->secs = 0; /* filled in by send_discover. */
packet->flags = 0;

packet->ciaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->yiaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->siaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->giaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));

memcpy(&packet->chaddr, ifi->hw_address.ether_addr_octet,
   ETHER_ADDR_LEN6);
1694}

1696void
1697make_request(struct interface_info *ifi, struct client_lease *lease)
1698{
struct option_data	 options[DHO_COUNT256];
struct dhcp_packet	*packet = &ifi->sent_packet;
unsigned char		 request = DHCPREQUEST3;
int			 i;

memset(options, 0, sizeof(options));
memset(packet, 0, sizeof(*packet));

/* Set DHCP_MESSAGE_TYPE to DHCPREQUEST */
i = DHO_DHCP_MESSAGE_TYPE53;
options[i].data = &request;
options[i].len = sizeof(request);

/* Request the options we want */
i = DHO_DHCP_PARAMETER_REQUEST_LIST55;
options[i].data = config->requested_options;
options[i].len = config->requested_option_count;

/*
* If we are requesting an address that hasn't yet been assigned
* to us, use the DHCP Requested Address option.
*/
if (ifi->state == S_REQUESTING) {
/* Send back the server identifier. */
i = DHO_DHCP_SERVER_IDENTIFIER54;
options[i].data = lease->options[i].data;
options[i].len = lease->options[i].len;
}
if (ifi->state == S_REQUESTING ||
   ifi->state == S_REBOOTING) {
i = DHO_DHCP_REQUESTED_ADDRESS50;
options[i].data = (char *)&lease->address.s_addr;
options[i].len = sizeof(lease->address.s_addr);
}

/* Send any options requested in the config file. */
for (i = 0; i < DHO_COUNT256; i++)
if (options[i].data == NULL((void *)0) &&
    config->send_options[i].data != NULL((void *)0)) {
	options[i].data = config->send_options[i].data;
	options[i].len = config->send_options[i].len;
}

/*
* Set up the option buffer to fit in a 576-byte UDP packet, which
* RFC 791 says is the largest packet that *MUST* be accepted
* by any host.
*/
i = pack_options(ifi->sent_packet.options, 576 - DHCP_FIXED_LEN(236 + (20 + 8)),
   options);
if (i == -1 || packet->options[i] != DHO_END255)
fatalx("options do not fit in DHCPREQUEST packet");
ifi->sent_packet_length = DHCP_FIXED_NON_UDP236+i+1;
if (ifi->sent_packet_length < BOOTP_MIN_LEN300)
ifi->sent_packet_length = BOOTP_MIN_LEN300;

packet->op = BOOTREQUEST1;
packet->htype = HTYPE_ETHER1;
packet->hlen = ETHER_ADDR_LEN6;
packet->hops = 0;
packet->xid = ifi->xid;
packet->secs = 0; /* Filled in by send_request. */
packet->flags = 0;

/*
* If we own the address we're requesting, put it in ciaddr. Otherwise
* set ciaddr to zero.
*/
ifi->requested_address = lease->address;
if (ifi->state == S_BOUND ||
   ifi->state == S_RENEWING)
packet->ciaddr.s_addr = lease->address.s_addr;
else
packet->ciaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));

packet->yiaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->siaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->giaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));

memcpy(&packet->chaddr, ifi->hw_address.ether_addr_octet,
   ETHER_ADDR_LEN6);
1780}

1782void
1783make_decline(struct interface_info *ifi, struct client_lease *lease)
1784{
struct option_data	 options[DHO_COUNT256];
struct dhcp_packet	*packet = &ifi->sent_packet;
unsigned char		 decline = DHCPDECLINE4;
int			 i;

memset(options, 0, sizeof(options));
memset(packet, 0, sizeof(*packet));

/* Set DHCP_MESSAGE_TYPE to DHCPDECLINE */
i = DHO_DHCP_MESSAGE_TYPE53;
options[i].data = &decline;
options[i].len = sizeof(decline);

/* Send back the server identifier. */
i = DHO_DHCP_SERVER_IDENTIFIER54;
options[i].data = lease->options[i].data;
options[i].len = lease->options[i].len;

/* Send back the address we're declining. */
i = DHO_DHCP_REQUESTED_ADDRESS50;
options[i].data = (char *)&lease->address.s_addr;
options[i].len = sizeof(lease->address.s_addr);

/* Send the uid if the user supplied one. */
i = DHO_DHCP_CLIENT_IDENTIFIER61;
if (config->send_options[i].len != 0) {
options[i].data = config->send_options[i].data;
options[i].len = config->send_options[i].len;
}

/*
* Set up the option buffer to fit in a 576-byte UDP packet, which
* RFC 791 says is the largest packet that *MUST* be accepted
* by any host.
*/
i = pack_options(ifi->sent_packet.options, 576 - DHCP_FIXED_LEN(236 + (20 + 8)),
   options);
if (i == -1 || packet->options[i] != DHO_END255)
fatalx("options do not fit in DHCPDECLINE packet");
ifi->sent_packet_length = DHCP_FIXED_NON_UDP236+i+1;
if (ifi->sent_packet_length < BOOTP_MIN_LEN300)
ifi->sent_packet_length = BOOTP_MIN_LEN300;

packet->op = BOOTREQUEST1;
packet->htype = HTYPE_ETHER1;
packet->hlen = ETHER_ADDR_LEN6;
packet->hops = 0;
packet->xid = ifi->xid;
packet->secs = 0;
packet->flags = 0;

/* ciaddr must always be zero. */
packet->ciaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->yiaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->siaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->giaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));

memcpy(&packet->chaddr, ifi->hw_address.ether_addr_octet,
   ETHER_ADDR_LEN6);
1844}

1846void
1847make_release(struct interface_info *ifi, struct client_lease *lease)
1848{
struct option_data	 options[DHO_COUNT256];
struct dhcp_packet	*packet = &ifi->sent_packet;
unsigned char		 release = DHCPRELEASE7;
int			 i;

memset(options, 0, sizeof(options));
memset(packet, 0, sizeof(*packet));

/* Set DHCP_MESSAGE_TYPE to DHCPRELEASE */
i = DHO_DHCP_MESSAGE_TYPE53;
options[i].data = &release;
options[i].len = sizeof(release);

/* Send back the server identifier. */
i = DHO_DHCP_SERVER_IDENTIFIER54;
options[i].data = lease->options[i].data;
options[i].len = lease->options[i].len;

i = pack_options(ifi->sent_packet.options, 576 - DHCP_FIXED_LEN(236 + (20 + 8)),
   options);
if (i == -1 || packet->options[i] != DHO_END255)
fatalx("options do not fit in DHCPRELEASE packet");
ifi->sent_packet_length = DHCP_FIXED_NON_UDP236+i+1;
if (ifi->sent_packet_length < BOOTP_MIN_LEN300)
ifi->sent_packet_length = BOOTP_MIN_LEN300;

packet->op = BOOTREQUEST1;
packet->htype = HTYPE_ETHER1;
packet->hlen = ETHER_ADDR_LEN6;
packet->hops = 0;
packet->xid = ifi->xid;
packet->secs = 0;
packet->flags = 0;

/*
* Note we return the *offered* address. NOT the configured address
* which could have been changed via dhclient.conf. But the packet
* is sent from the *configured* address.
*
* This might easily confuse a server, but if you play with fire
* by modifying the address you are on your own!
*/
packet->ciaddr.s_addr = ifi->active->address.s_addr;
packet->yiaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->siaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));
packet->giaddr.s_addr = INADDR_ANY((u_int32_t)(0x00000000));

memcpy(&packet->chaddr, ifi->hw_address.ether_addr_octet,
   ETHER_ADDR_LEN6);
1898}

1900void
1901free_client_lease(struct client_lease *lease)
1902{
int	 i;

if (lease == NULL((void *)0))
return;

free(lease->server_name);
free(lease->filename);
for (i = 0; i < DHO_COUNT256; i++)
free(lease->options[i].data);

free(lease);
1914}

1916void
1917write_lease_db(struct interface_info *ifi)
1918{
struct client_lease_tq *lease_db = &ifi->lease_db;
struct client_lease	*lp, *pl;
char			*leasestr;

TAILQ_FOREACH_SAFE(lp, lease_db, next, pl)for ((lp) = ((lease_db)->tqh_first); (lp) != ((void *)0) &&
 ((pl) = ((lp)->next.tqe_next), 1); (lp) = (pl)) {
if (lp != ifi->active && lease_expiry(lp) == 0) {
	TAILQ_REMOVE(lease_db, lp, next)do { if (((lp)->next.tqe_next) != ((void *)0)) (lp)->next
.tqe_next->next.tqe_prev = (lp)->next.tqe_prev; else (lease_db
)->tqh_last = (lp)->next.tqe_prev; *(lp)->next.tqe_prev
 = (lp)->next.tqe_next; ; ; } while (0);
	free_client_lease(lp);
}
}

if (leaseFile == NULL((void *)0))
return;

rewind(leaseFile);

/*
* The leases file is kept in chronological order, with the
* most recently bound lease last. When the file was read
* leases that were not expired were added to the head of the
* TAILQ ifi->leases as they were read. Therefore write out
* the leases in ifi->leases in reverse order to recreate
* the chonological order required.
*/
TAILQ_FOREACH_REVERSE(lp, lease_db, client_lease_tq, next)for((lp) = (*(((struct client_lease_tq *)((lease_db)->tqh_last
))->tqh_last)); (lp) != ((void *)0); (lp) = (*(((struct client_lease_tq
 *)((lp)->next.tqe_prev))->tqh_last))) {
leasestr = lease_as_string("lease", lp);
if (leasestr != NULL((void *)0))
	fprintf(leaseFile, "%s", leasestr);
else
	log_warnx("%s: cannot make lease into string",
	    log_procname);
}

fflush(leaseFile);
ftruncate(fileno(leaseFile)(!__isthreaded ? ((leaseFile)->_file) : (fileno)(leaseFile
)), ftello(leaseFile));
fsync(fileno(leaseFile)(!__isthreaded ? ((leaseFile)->_file) : (fileno)(leaseFile
)));
1955}

1957void
1958append_statement(char *string, size_t sz, char *s1, char *s2)
1959{
strlcat(string, s1, sz);
strlcat(string, s2, sz);
strlcat(string, ";\n", sz);
1963}

1965struct unwind_info *
1966lease_as_unwind_info(struct client_lease *lease)
1967{
struct unwind_info	*unwind_info;
struct option_data	*opt;
unsigned int		 servers;

unwind_info = calloc(1, sizeof(*unwind_info));
if (unwind_info == NULL((void *)0))
fatal("unwind_info");

opt = &lease->options[DHO_DOMAIN_NAME_SERVERS6];
if (opt->len != 0) {
servers = opt->len / sizeof(in_addr_t);
if (servers > MAXNS3)
	servers = MAXNS3;
if (servers > 0) {
	unwind_info->count = servers;
	memcpy(unwind_info->ns, opt->data, servers *
	    sizeof(in_addr_t));
}
}

if (unwind_info->count == 0) {
free(unwind_info);
unwind_info = NULL((void *)0);
}

return unwind_info;
1994}

1996struct proposal *
1997lease_as_proposal(struct client_lease *lease)
1998{
uint8_t			 defroute[5];	/* 1 + sizeof(in_addr_t) */
struct option_data	 fake;
struct option_data	*opt;
struct proposal		*proposal;
uint8_t			*ns, *p, *routes, *domains;
unsigned int		 routes_len = 0, domains_len = 0, ns_len = 0;
uint16_t		 mtu;

/* Determine sizes of variable length data. */
opt = NULL((void *)0);
if (lease->options[DHO_CLASSLESS_STATIC_ROUTES121].len != 0) {
opt = &lease->options[DHO_CLASSLESS_STATIC_ROUTES121];
} else if (lease->options[DHO_CLASSLESS_MS_STATIC_ROUTES249].len != 0) {
opt = &lease->options[DHO_CLASSLESS_MS_STATIC_ROUTES249];
} else if (lease->options[DHO_ROUTERS3].len != 0) {
/* Fake a classless static default route. */
opt = &lease->options[DHO_ROUTERS3];
fake.len = sizeof(defroute);
fake.data = defroute;
fake.data[0] = 0;
memcpy(&fake.data[1], opt->data, sizeof(defroute) - 1);
opt = &fake;
}
if (opt != NULL((void *)0)) {
routes_len = opt->len;
routes = opt->data;
}

opt = NULL((void *)0);
if (lease->options[DHO_DOMAIN_SEARCH119].len != 0)
opt = &lease->options[DHO_DOMAIN_SEARCH119];
else if (lease->options[DHO_DOMAIN_NAME15].len != 0)
opt = &lease->options[DHO_DOMAIN_NAME15];
if (opt != NULL((void *)0)) {
domains_len = opt->len;
domains = opt->data;
}

if (lease->options[DHO_DOMAIN_NAME_SERVERS6].len != 0) {
opt = &lease->options[DHO_DOMAIN_NAME_SERVERS6];
ns_len = opt->len;
ns = opt->data;
}

/* Allocate proposal. */
proposal = calloc(1, sizeof(*proposal) + routes_len + domains_len +
   ns_len);
if (proposal == NULL((void *)0))
fatal("proposal");

/* Fill in proposal. */
proposal->address = lease->address;

opt = &lease->options[DHO_INTERFACE_MTU26];
if (opt->len == sizeof(mtu)) {
memcpy(&mtu, opt->data, sizeof(mtu));
proposal->mtu = ntohs(mtu)(__uint16_t)(__builtin_constant_p(mtu) ? (__uint16_t)(((__uint16_t
)(mtu) & 0xffU) << 8 | ((__uint16_t)(mtu) & 0xff00U
) >> 8) : __swap16md(mtu));
}

opt = &lease->options[DHO_SUBNET_MASK1];
if (opt->len == sizeof(proposal->netmask))
memcpy(&proposal->netmask, opt->data, opt->len);

/* Append variable length uint8_t data. */
p = (uint8_t *)proposal + sizeof(struct proposal);
memcpy(p, routes, routes_len);
p += routes_len;
proposal->routes_len = routes_len;
memcpy(p, domains, domains_len);
p += domains_len;
proposal->domains_len = domains_len;
memcpy(p, ns, ns_len);
proposal->ns_len = ns_len;

return proposal;
2074}

2076char *
2077lease_as_string(char *type, struct client_lease *lease)
2078{
static char		 string[8192];
char			 timebuf[27];	/* 6 2017/04/08 05:47:50 UTC; */
struct option_data	*opt;
char			*buf, *name;
time_t			 t;
size_t			 rslt;
int			 i;

memset(string, 0, sizeof(string));

strlcat(string, type, sizeof(string));
strlcat(string, " {\n", sizeof(string));
strlcat(string, BOOTP_LEASE(lease)((lease)->options[53].len == 0) ? "  bootp;\n" : "", sizeof(string));

append_statement(string, sizeof(string), "  fixed-address ",
   inet_ntoa(lease->address));
append_statement(string, sizeof(string), "  next-server ",
   inet_ntoa(lease->next_server));

if (lease->filename != NULL((void *)0)) {
buf = pretty_print_string(lease->filename,
    strlen(lease->filename), 1);
if (buf == NULL((void *)0))
	return NULL((void *)0);
append_statement(string, sizeof(string), "  filename ", buf);
}
if (lease->server_name != NULL((void *)0)) {
buf = pretty_print_string(lease->server_name,
    strlen(lease->server_name), 1);
if (buf == NULL((void *)0))
	return NULL((void *)0);
append_statement(string, sizeof(string), "  server-name ",
    buf);
}
if (lease->ssid_len != 0) {
buf = pretty_print_string(lease->ssid, lease->ssid_len, 1);
if (buf == NULL((void *)0))
	return NULL((void *)0);
append_statement(string, sizeof(string), "  ssid ", buf);
}

for (i = 0; i < DHO_COUNT256; i++) {
opt = &lease->options[i];
if (opt->len == 0)
	continue;
name = code_to_name(i);

buf = pretty_print_option(i, opt, 1);
if (strlen(buf) == 0)
	continue;
strlcat(string, "  option ", sizeof(string));
strlcat(string, name, sizeof(string));
append_statement(string, sizeof(string), " ", buf);
}

i = asprintf(&buf, "%lld", (long long)lease->epoch);
if (i == -1)
return NULL((void *)0);
append_statement(string, sizeof(string), "  epoch ", buf);
free(buf);

t = lease->epoch + lease_renewal(lease);
rslt = strftime(timebuf, sizeof(timebuf), DB_TIMEFMT"%w %Y/%m/%d %T UTC", gmtime(&t));
if (rslt == 0)
return NULL((void *)0);
append_statement(string, sizeof(string), "  renew ", timebuf);

t = lease->epoch + lease_rebind(lease);
rslt = strftime(timebuf, sizeof(timebuf), DB_TIMEFMT"%w %Y/%m/%d %T UTC", gmtime(&t));
if (rslt == 0)
return NULL((void *)0);
append_statement(string, sizeof(string), "  rebind ", timebuf);

t = lease->epoch + lease_expiry(lease);
rslt = strftime(timebuf, sizeof(timebuf), DB_TIMEFMT"%w %Y/%m/%d %T UTC", gmtime(&t));
if (rslt == 0)
return NULL((void *)0);
append_statement(string, sizeof(string), "  expire ", timebuf);

rslt = strlcat(string, "}\n", sizeof(string));
if (rslt >= sizeof(string))
return NULL((void *)0);

return string;
2163}

2165void
2166go_daemon(void)
2167{
static int	 daemonized = 0;

if ((cmd_opts & OPT_FOREGROUND0x04) != 0 || daemonized != 0)
return;

daemonized = 1;

if (rdaemon(nullfd) == -1)
fatal("daemonize");

/* Stop logging to stderr. */
log_init(0, LOG_DAEMON(3<<3));
if ((cmd_opts & OPT_VERBOSE0x02) != 0)
log_setverbose(1);	/* Show log_debug() messages. */
log_procinit(log_procname);

setproctitle("%s", log_procname);
signal(SIGHUP1, SIG_IGN(void (*)(int))1);
signal(SIGPIPE13, SIG_IGN(void (*)(int))1);
2187}

2189int
2190rdaemon(int devnull)
2191{
if (devnull == -1) {
errno(*__errno()) = EBADF9;
return -1;
}
if (fcntl(devnull, F_GETFL3) == -1)
return -1;

switch (fork()) {
case -1:
return -1;
case 0:
break;
default:
_exit(0);
}

if (setsid() == -1)
return -1;

(void)dup2(devnull, STDIN_FILENO0);
(void)dup2(devnull, STDOUT_FILENO1);
(void)dup2(devnull, STDERR_FILENO2);
if (devnull > 2)
(void)close(devnull);

return 0;
2218}

2220/*
* resolv_conf(5) says a max of DHCP_DOMAIN_SEARCH_CNT domains and total
* length of DHCP_DOMAIN_SEARCH_LEN bytes are acceptable for the 'search'
* statement.
*/
2225int
2226res_hnok_list(const char *names)
2227{
char	*dupnames, *hn, *inputstring;
int	 count;

if (strlen(names) >= DHCP_DOMAIN_SEARCH_LEN1024)
return 0;

dupnames = inputstring = strdup(names);
if (inputstring == NULL((void *)0))
fatal("domain name list");

count = 0;
while ((hn = strsep(&inputstring, " \t")) != NULL((void *)0)) {
if (strlen(hn) == 0)
	continue;
if (res_hnok__res_hnok(hn) == 0)
	break;
count++;
if (count > DHCP_DOMAIN_SEARCH_CNT6)
	break;
}

free(dupnames);

return count > 0 && count < 7 && hn == NULL((void *)0);
2252}

2254/*
* Decode a byte string encoding a list of domain names as specified in RFC1035
* section 4.1.4.
*
* The result is a string consisting of a blank separated list of domain names.
*
* e.g.
*
* 3:65:6e:67:5:61:70:70:6c:65:3:63:6f:6d:0:9:6d:61:72:6b:65:74:69:6e:67:c0:04
*
* which represents
*
*    3 |'e'|'n'|'g'| 5 |'a'|'p'|'p'|'l'|
*   'e'| 3 |'c'|'o'|'m'| 0 | 9 |'m'|'a'|
*   'r'|'k'|'e'|'t'|'i'|'n'|'g'|xC0|x04|
*
* will be translated to
*
* "eng.apple.com. marketing.apple.com."
*/
2274char *
2275rfc1035_as_string(unsigned char *src, size_t srclen)
2276{
static char		 search[DHCP_DOMAIN_SEARCH_LEN1024];
unsigned char		 name[DHCP_DOMAIN_SEARCH_LEN1024];
unsigned char		*endsrc, *cp;
int			 len, domains;

memset(search, 0, sizeof(search));

/* Compute expanded length. */
domains = 0;
cp = src;
endsrc = src + srclen;

while (cp < endsrc && domains < DHCP_DOMAIN_SEARCH_CNT6) {
len = dn_expand(src, endsrc, cp, name, sizeof(name));
if (len == -1)
	goto bad;
cp += len;
if (domains > 0)
	strlcat(search, " ", sizeof(search));
strlcat(search, name, sizeof(search));
if (strlcat(search, ".", sizeof(search)) >= sizeof(search))
	goto bad;
domains++;
}

return search;

2304bad:
memset(search, 0, sizeof(search));
return search;
2307}

2309void
2310fork_privchld(struct interface_info *ifi, int fd, int fd2)
2311{
struct pollfd	 pfd[1];
struct imsgbuf	*priv_ibuf;
ssize_t		 n;
int		 ioctlfd, routefd, nfds, rslt;

switch (fork()) {
case -1:
fatal("fork");
break;
case 0:
break;
default:
return;
}

if (chdir("/") == -1)
fatal("chdir(\"/\")");

go_daemon();

free(log_procname);
rslt = asprintf(&log_procname, "%s [priv]", ifi->name);
if (rslt == -1)
fatal("log_procname");
setproctitle("%s", log_procname);
log_procinit(log_procname);

close(fd2);

if ((priv_ibuf = malloc(sizeof(*priv_ibuf))) == NULL((void *)0))
fatal("priv_ibuf");

imsg_init(priv_ibuf, fd);

if ((ioctlfd = socket(AF_INET2, SOCK_DGRAM2, 0)) == -1)
fatal("socket(AF_INET, SOCK_DGRAM)");
if ((routefd = socket(AF_ROUTE17, SOCK_RAW3, 0)) == -1)
fatal("socket(AF_ROUTE, SOCK_RAW)");

if (unveil(_PATH_RESCONF"/etc/resolv.conf", "wc") == -1)
fatal("unveil %s", _PATH_RESCONF"/etc/resolv.conf");
if (unveil("/etc/resolv.conf.tail", "r") == -1)
fatal("unveil /etc/resolve.conf.tail");
if (unveil(NULL((void *)0), NULL((void *)0)) == -1)
fatal("unveil");

while (quit == 0) {
pfd[0].fd = priv_ibuf->fd;
pfd[0].events = POLLIN0x0001;

nfds = ppoll(pfd, 1, NULL((void *)0), NULL((void *)0));
if (nfds == -1) {
	if (errno(*__errno()) == EINTR4)
		continue;
	log_warn("%s: ppoll(priv_ibuf)", log_procname);
	break;
}
if ((pfd[0].revents & (POLLERR0x0008 | POLLHUP0x0010 | POLLNVAL0x0020)) != 0)
	break;
if (nfds == 0 || (pfd[0].revents & POLLIN0x0001) == 0)
	continue;

if ((n = imsg_read(priv_ibuf)) == -1 && errno(*__errno()) != EAGAIN35) {
	log_warn("%s: imsg_read(priv_ibuf)", log_procname);
	break;
}
if (n == 0) {
	/* Connection closed - other end should log message. */
	break;
}

dispatch_imsg(ifi->name, ifi->rdomain, ioctlfd, routefd,
    priv_ibuf);
}
close(routefd);
close(ioctlfd);

imsg_clear(priv_ibuf);
close(fd);

exit(1);
2393}

2395struct client_lease *
2396apply_defaults(struct client_lease *lease)
2397{
struct option_data	 emptyopt = {0, NULL((void *)0)};
struct client_lease	*newlease;
char			*fmt;
int			 i;

newlease = clone_lease(lease);
if (newlease == NULL((void *)0))
fatalx("unable to clone lease");

if (config->filename != NULL((void *)0)) {
free(newlease->filename);
newlease->filename = strdup(config->filename);
if (newlease->filename == NULL((void *)0))
	fatal("strdup(config->filename)");
}
if (config->server_name != NULL((void *)0)) {
free(newlease->server_name);
newlease->server_name = strdup(config->server_name);
if (newlease->server_name == NULL((void *)0))
	fatal("strdup(config->server_name)");
}
if (config->address.s_addr != INADDR_ANY((u_int32_t)(0x00000000)))
newlease->address.s_addr = config->address.s_addr;
if (config->next_server.s_addr != INADDR_ANY((u_int32_t)(0x00000000)))
newlease->next_server.s_addr = config->next_server.s_addr;

for (i = 0; i < DHO_COUNT256; i++) {
fmt = code_to_format(i);
switch (config->default_actions[i]) {
case ACTION_IGNORE:
	merge_option_data(fmt, &emptyopt, &emptyopt,
	    &newlease->options[i]);
	break;

case ACTION_SUPERSEDE:
	merge_option_data(fmt, &config->defaults[i], &emptyopt,
	    &newlease->options[i]);
	break;

case ACTION_PREPEND:
	merge_option_data(fmt, &config->defaults[i],
	    &lease->options[i], &newlease->options[i]);
	break;

case ACTION_APPEND:
	merge_option_data(fmt, &lease->options[i],
	    &config->defaults[i], &newlease->options[i]);
	break;

case ACTION_DEFAULT:
	if (newlease->options[i].len == 0)
		merge_option_data(fmt, &config->defaults[i],
		    &emptyopt, &newlease->options[i]);
	break;

default:
	break;
}
}

if (newlease->options[DHO_STATIC_ROUTES33].len != 0) {
log_debug("%s: DHO_STATIC_ROUTES (option 33) not supported",
    log_procname);
free(newlease->options[DHO_STATIC_ROUTES33].data);
newlease->options[DHO_STATIC_ROUTES33].data = NULL((void *)0);
newlease->options[DHO_STATIC_ROUTES33].len = 0;
}

/*
* RFC 3442 says client *MUST* ignore DHO_ROUTERS
* when DHO_CLASSLESS_[MS_]_ROUTES present.
*/
if ((newlease->options[DHO_CLASSLESS_MS_STATIC_ROUTES249].len != 0) ||
   (newlease->options[DHO_CLASSLESS_STATIC_ROUTES121].len != 0)) {
free(newlease->options[DHO_ROUTERS3].data);
newlease->options[DHO_ROUTERS3].data = NULL((void *)0);
newlease->options[DHO_ROUTERS3].len = 0;
}

return newlease;
2478}

2480struct client_lease *
2481clone_lease(struct client_lease *oldlease)
2482{
struct client_lease	*newlease;
int			 i;

newlease = calloc(1, sizeof(*newlease));
if (newlease == NULL((void *)0))
goto cleanup;

newlease->epoch = oldlease->epoch;
newlease->address = oldlease->address;
newlease->next_server = oldlease->next_server;
memcpy(newlease->ssid, oldlease->ssid, sizeof(newlease->ssid));
newlease->ssid_len = oldlease->ssid_len;

if (oldlease->server_name != NULL((void *)0)) {
newlease->server_name = strdup(oldlease->server_name);
if (newlease->server_name == NULL((void *)0))
	goto cleanup;
}
if (oldlease->filename != NULL((void *)0)) {
newlease->filename = strdup(oldlease->filename);
if (newlease->filename == NULL((void *)0))
	goto cleanup;
}

for (i = 0; i < DHO_COUNT256; i++) {
if (oldlease->options[i].len == 0)
	continue;
newlease->options[i].len = oldlease->options[i].len;
newlease->options[i].data = calloc(1,
    newlease->options[i].len);
if (newlease->options[i].data == NULL((void *)0))
	goto cleanup;
memcpy(newlease->options[i].data, oldlease->options[i].data,
    newlease->options[i].len);
}

return newlease;

2521cleanup:
free_client_lease(newlease);

return NULL((void *)0);
2525}

2527int
2528autoconf(struct interface_info *ifi)
2529{
struct ifreq            ifr;
int			ioctlfd;

if ((ioctlfd = socket(AF_INET2, SOCK_DGRAM2, 0)) == -1)
fatal("socket(AF_INET, SOCK_DGRAM)");

memset(&ifr, 0, sizeof(ifr));
strlcpy(ifr.ifr_name, ifi->name, sizeof(ifr.ifr_name));

if (ioctl(ioctlfd, SIOCGIFXFLAGS(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((158))), (caddr_t)&ifr) < 0)
fatal("SIOGIFXFLAGS");

close(ioctlfd);

return ifr.ifr_flagsifr_ifru.ifru_flags & IFXF_AUTOCONF40x80;
2545}

2547int
2548take_charge(struct interface_info *ifi, int routefd, char *leasespath)
2549{
const struct timespec	 max_timeout = { 9, 0 };
const struct timespec	 resend_intvl = { 3, 0 };
const struct timespec	 leasefile_intvl = { 0, 3000000 };
struct timespec		 now, resend, stop, timeout;
struct pollfd		 fds[1];
struct rt_msghdr	 rtm;
int			 fd, nfds;

clock_gettime(CLOCK_MONOTONIC3, &now);
resend = now;
timespecadd(&now, &max_timeout, &stop)do { (&stop)->tv_sec = (&now)->tv_sec + (&max_timeout
)->tv_sec; (&stop)->tv_nsec = (&now)->tv_nsec
 + (&max_timeout)->tv_nsec; if ((&stop)->tv_nsec
 >= 1000000000L) { (&stop)->tv_sec++; (&stop)->
tv_nsec -= 1000000000L; } } while (0);

/*
* Send RTM_PROPOSAL with RTF_PROTO3 set.
*
* When it comes back, we're in charge and other dhclients are
* dead processes walking.
*/
memset(&rtm, 0, sizeof(rtm));

rtm.rtm_version = RTM_VERSION5;
rtm.rtm_type = RTM_PROPOSAL0x13;
rtm.rtm_msglen = sizeof(rtm);
rtm.rtm_tableid = ifi->rdomain;
rtm.rtm_index = ifi->index;
rtm.rtm_priority = RTP_PROPOSAL_DHCLIENT58;
rtm.rtm_addrs = 0;
rtm.rtm_flags = RTF_UP0x1 | RTF_PROTO30x2000;

for (fd = -1; fd == -1 && quit != TERMINATE1;) {
clock_gettime(CLOCK_MONOTONIC3, &now);
if (timespeccmp(&now, &stop, >=)(((&now)->tv_sec == (&stop)->tv_sec) ? ((&now
)->tv_nsec >= (&stop)->tv_nsec) : ((&now)->
tv_sec >= (&stop)->tv_sec)))
	fatalx("failed to take charge");

if ((ifi->flags & IFI_IN_CHARGE0x01) == 0) {
	if (timespeccmp(&now, &resend, >=)(((&now)->tv_sec == (&resend)->tv_sec) ? ((&
now)->tv_nsec >= (&resend)->tv_nsec) : ((&now
)->tv_sec >= (&resend)->tv_sec))) {
		timespecadd(&resend, &resend_intvl, &resend)do { (&resend)->tv_sec = (&resend)->tv_sec + (&
resend_intvl)->tv_sec; (&resend)->tv_nsec = (&resend
)->tv_nsec + (&resend_intvl)->tv_nsec; if ((&resend
)->tv_nsec >= 1000000000L) { (&resend)->tv_sec++
; (&resend)->tv_nsec -= 1000000000L; } } while (0);
		rtm.rtm_seq = ifi->xid = arc4random();
		if (write(routefd, &rtm, sizeof(rtm)) == -1)
			fatal("write(routefd)");
	}
	timespecsub(&resend, &now, &timeout)do { (&timeout)->tv_sec = (&resend)->tv_sec - (
&now)->tv_sec; (&timeout)->tv_nsec = (&resend
)->tv_nsec - (&now)->tv_nsec; if ((&timeout)->
tv_nsec < 0) { (&timeout)->tv_sec--; (&timeout)
->tv_nsec += 1000000000L; } } while (0);
} else {
	/*
	 * Keep trying to open leasefile in 3ms intervals
	 * while continuing to process any RTM_* messages
	 * that come in.
	 */
	 timeout = leasefile_intvl;
}

fds[0].fd = routefd;
fds[0].events = POLLIN0x0001;
nfds = ppoll(fds, 1, &timeout, NULL((void *)0));
if (nfds == -1) {
	if (errno(*__errno()) == EINTR4)
		continue;
	fatal("ppoll(routefd)");
}

if ((fds[0].revents & (POLLERR0x0008 | POLLHUP0x0010 | POLLNVAL0x0020)) != 0)
	fatalx("routefd: ERR|HUP|NVAL");
if (nfds == 1 && (fds[0].revents & POLLIN0x0001) == POLLIN0x0001)
	routefd_handler(ifi, routefd);

if (quit != TERMINATE1 && (ifi->flags & IFI_IN_CHARGE0x01) == IFI_IN_CHARGE0x01) {
	fd = open(leasespath, O_NONBLOCK0x0004 |
	    O_RDONLY0x0000|O_EXLOCK0x0020|O_CREAT0x0200|O_NOFOLLOW0x0100, 0640);
	if (fd == -1 && errno(*__errno()) != EWOULDBLOCK35)
		break;
}
}

return fd;
2624}

2626struct client_lease *
2627get_recorded_lease(struct interface_info *ifi)
2628{
char			 ifname[IF_NAMESIZE16];
struct client_lease	*lp;
int			 i;

/* Update on-disk db, which clears out expired leases. */
ifi->active = NULL((void *)0);
write_lease_db(ifi);

/* Run through the list of leases and see if one can be used. */
i = DHO_DHCP_CLIENT_IDENTIFIER61;
TAILQ_FOREACH(lp, &ifi->lease_db, next)for((lp) = ((&ifi->lease_db)->tqh_first); (lp) != (
(void *)0); (lp) = ((lp)->next.tqe_next)) {
if (lp->ssid_len != ifi->ssid_len)
	continue;
if (memcmp(lp->ssid, ifi->ssid, lp->ssid_len) != 0)
	continue;
if ((lp->options[i].len != 0) && ((lp->options[i].len !=
    config->send_options[i].len) ||
    memcmp(lp->options[i].data, config->send_options[i].data,
    lp->options[i].len) != 0))
	continue;
if (addressinuse(ifi->name, lp->address, ifname) != 0 &&
    strncmp(ifname, ifi->name, IF_NAMESIZE16) != 0)
	continue;
break;
}

return lp;
2656}

2658time_t
2659lease_expiry(struct client_lease *lease)
2660{
time_t		cur_time;
uint32_t	expiry;

time(&cur_time);
expiry = 0;
if (lease->options[DHO_DHCP_LEASE_TIME51].len == sizeof(expiry)) {
memcpy(&expiry, lease->options[DHO_DHCP_LEASE_TIME51].data,
    sizeof(expiry));
expiry = ntohl(expiry)(__uint32_t)(__builtin_constant_p(expiry) ? (__uint32_t)(((__uint32_t
)(expiry) & 0xff) << 24 | ((__uint32_t)(expiry) &
 0xff00) << 8 | ((__uint32_t)(expiry) & 0xff0000) >>
| ((__uint32_t)(expiry) & 0xff000000) >> 24) : __swap32md
(expiry));
if (expiry < 60)
	expiry = 60;
}
expiry = lease->epoch + expiry - cur_time;

return (expiry > 0) ? expiry : 0;
2676}

2678time_t
2679lease_renewal(struct client_lease *lease)
2680{
time_t		 cur_time, expiry;
uint32_t	 renewal;

time(&cur_time);
expiry = lease_expiry(lease);

renewal = expiry / 2;
if (lease->options[DHO_DHCP_RENEWAL_TIME58].len == sizeof(renewal)) {
memcpy(&renewal, lease->options[DHO_DHCP_RENEWAL_TIME58].data,
    sizeof(renewal));
renewal = ntohl(renewal)(__uint32_t)(__builtin_constant_p(renewal) ? (__uint32_t)(((__uint32_t
)(renewal) & 0xff) << 24 | ((__uint32_t)(renewal) &
 0xff00) << 8 | ((__uint32_t)(renewal) & 0xff0000) >>
| ((__uint32_t)(renewal) & 0xff000000) >> 24) : __swap32md
(renewal));
}
renewal = lease->epoch + renewal - cur_time;

return (renewal > 0) ? renewal : 0;
2696}

2698time_t
2699lease_rebind(struct client_lease *lease)
2700{
time_t		cur_time, expiry;
uint32_t	rebind;

time(&cur_time);
expiry = lease_expiry(lease);

rebind = (expiry / 8) * 7;
if (lease->options[DHO_DHCP_REBINDING_TIME59].len == sizeof(rebind)) {
memcpy(&rebind, lease->options[DHO_DHCP_REBINDING_TIME59].data,
    sizeof(rebind));
rebind = ntohl(rebind)(__uint32_t)(__builtin_constant_p(rebind) ? (__uint32_t)(((__uint32_t
)(rebind) & 0xff) << 24 | ((__uint32_t)(rebind) &
 0xff00) << 8 | ((__uint32_t)(rebind) & 0xff0000) >>
| ((__uint32_t)(rebind) & 0xff000000) >> 24) : __swap32md
(rebind));
}
rebind = lease->epoch + rebind - cur_time;

return (rebind > 0) ? rebind : 0;
2716}

2718void
2719get_lease_timeouts(struct interface_info *ifi, struct client_lease *lease)
2720{
struct timespec	now, interval;

clock_gettime(CLOCK_MONOTONIC3, &now);
timespecclear(&interval)(&interval)->tv_sec = (&interval)->tv_nsec = 0;

interval.tv_sec = lease_expiry(lease);
timespecadd(&now, &interval, &ifi->expiry)do { (&ifi->expiry)->tv_sec = (&now)->tv_sec
 + (&interval)->tv_sec; (&ifi->expiry)->tv_nsec
 = (&now)->tv_nsec + (&interval)->tv_nsec; if (
(&ifi->expiry)->tv_nsec >= 1000000000L) { (&
ifi->expiry)->tv_sec++; (&ifi->expiry)->tv_nsec
 -= 1000000000L; } } while (0);

interval.tv_sec = lease_rebind(lease);
timespecadd(&now, &interval, &ifi->rebind)do { (&ifi->rebind)->tv_sec = (&now)->tv_sec
 + (&interval)->tv_sec; (&ifi->rebind)->tv_nsec
 = (&now)->tv_nsec + (&interval)->tv_nsec; if (
(&ifi->rebind)->tv_nsec >= 1000000000L) { (&
ifi->rebind)->tv_sec++; (&ifi->rebind)->tv_nsec
 -= 1000000000L; } } while (0);

interval.tv_sec = lease_renewal(lease);
timespecadd(&now, &interval, &ifi->renew)do { (&ifi->renew)->tv_sec = (&now)->tv_sec +
 (&interval)->tv_sec; (&ifi->renew)->tv_nsec
 = (&now)->tv_nsec + (&interval)->tv_nsec; if (
(&ifi->renew)->tv_nsec >= 1000000000L) { (&ifi
->renew)->tv_sec++; (&ifi->renew)->tv_nsec -=
 1000000000L; } } while (0);

if (timespeccmp(&ifi->rebind, &ifi->expiry, >)(((&ifi->rebind)->tv_sec == (&ifi->expiry)->
tv_sec) ? ((&ifi->rebind)->tv_nsec > (&ifi->
expiry)->tv_nsec) : ((&ifi->rebind)->tv_sec >
 (&ifi->expiry)->tv_sec)))
ifi->rebind = ifi->expiry;
if (timespeccmp(&ifi->renew, &ifi->rebind, >)(((&ifi->renew)->tv_sec == (&ifi->rebind)->
tv_sec) ? ((&ifi->renew)->tv_nsec > (&ifi->
rebind)->tv_nsec) : ((&ifi->renew)->tv_sec > (
&ifi->rebind)->tv_sec)))
ifi->renew = ifi->rebind;
2739}

2741void
2742tick_msg(const char *preamble, int action)
2743{
const struct timespec		grace_intvl = {3, 0};
const struct timespec		link_intvl = {config->link_interval, 0};
static struct timespec		grace, stop;
struct timespec			now;
static int			linkup, preamble_sent, sleeping;
int				printmsg;

clock_gettime(CLOCK_MONOTONIC3, &now);

if (!timespecisset(&stop)((&stop)->tv_sec || (&stop)->tv_nsec)) {
preamble_sent = 0;
timespecadd(&now, &link_intvl, &stop)do { (&stop)->tv_sec = (&now)->tv_sec + (&link_intvl
)->tv_sec; (&stop)->tv_nsec = (&now)->tv_nsec
 + (&link_intvl)->tv_nsec; if ((&stop)->tv_nsec
 >= 1000000000L) { (&stop)->tv_sec++; (&stop)->
tv_nsec -= 1000000000L; } } while (0);
timespecadd(&now, &grace_intvl, &grace)do { (&grace)->tv_sec = (&now)->tv_sec + (&
grace_intvl)->tv_sec; (&grace)->tv_nsec = (&now
)->tv_nsec + (&grace_intvl)->tv_nsec; if ((&grace
)->tv_nsec >= 1000000000L) { (&grace)->tv_sec++;
 (&grace)->tv_nsec -= 1000000000L; } } while (0);
return;
}

if (isatty(STDERR_FILENO2) == 0 || sleeping == 1)
printmsg = 0;	/* Already in the background. */
else if (timespeccmp(&now, &grace, <)(((&now)->tv_sec == (&grace)->tv_sec) ? ((&
now)->tv_nsec < (&grace)->tv_nsec) : ((&now)
->tv_sec < (&grace)->tv_sec)))
printmsg = 0;	/* Wait a bit before speaking. */
else if (linkup && strcmp("link", preamble) == 0)
printmsg = 0;	/* One 'got link' is enough for anyone. */
else if (log_getverbose())
printmsg = 0;	/* Verbose has sufficent verbiage. */
else
printmsg = 1;

if (timespeccmp(&now, &stop, >=)(((&now)->tv_sec == (&stop)->tv_sec) ? ((&now
)->tv_nsec >= (&stop)->tv_nsec) : ((&now)->
tv_sec >= (&stop)->tv_sec))) {
if (action == TICK_WAIT0)
	action = TICK_DAEMON2;
if (linkup == 0) {
	log_debug("%s: link timeout (%lld seconds) expired",
	    log_procname, (long long)link_intvl.tv_sec);
	linkup = 1;
}
}

if (printmsg && preamble_sent == 0) {
fprintf(stderr(&__sF[2]), "%s: no %s...", log_procname, preamble);
preamble_sent = 1;
}

switch (action) {
case TICK_SUCCESS1:
if (printmsg)
	fprintf(stderr(&__sF[2]), "got %s\n", preamble);
preamble_sent = 0;
if (strcmp("link", preamble) == 0) {
	linkup = 1;
	/* New silent period for "no lease ... got lease". */
	timespecadd(&now, &grace_intvl, &grace)do { (&grace)->tv_sec = (&now)->tv_sec + (&
grace_intvl)->tv_sec; (&grace)->tv_nsec = (&now
)->tv_nsec + (&grace_intvl)->tv_nsec; if ((&grace
)->tv_nsec >= 1000000000L) { (&grace)->tv_sec++;
 (&grace)->tv_nsec -= 1000000000L; } } while (0);
}
break;
case TICK_WAIT0:
if (printmsg)
	fprintf(stderr(&__sF[2]), ".");
break;
case TICK_DAEMON2:
if (printmsg)
	fprintf(stderr(&__sF[2]), "sleeping\n");
go_daemon();
sleeping = 1;	/* OPT_FOREGROUND means isatty() == 1! */
break;
default:
break;
}

if (printmsg)
fflush(stderr(&__sF[2]));
2813}

2815/*
* Release the lease used to configure the interface.
*
* 1) Send DHCPRELEASE.
* 2) Unconfigure address/routes/etc.
* 3) Remove lease from database & write updated DB.
*/
2822void
2823release_lease(struct interface_info *ifi)
2824{
char			 buf[INET_ADDRSTRLEN16];
struct option_data	*opt;

if (ifi->configured == NULL((void *)0) || ifi->active == NULL((void *)0))
return;	/* Nothing to release. */
strlcpy(buf, inet_ntoa(ifi->configured->address), sizeof(buf));

opt = &ifi->active->options[DHO_DHCP_SERVER_IDENTIFIER54];
if (opt->len == sizeof(in_addr_t))
ifi->destination.s_addr = *(in_addr_t *)opt->data;
else
ifi->destination.s_addr = INADDR_BROADCAST((u_int32_t)(0xffffffff));

ifi->xid = arc4random();
make_release(ifi, ifi->active);
send_release(ifi);

tell_unwind(NULL((void *)0), ifi->flags);

revoke_proposal(ifi->configured);
imsg_flush(unpriv_ibuf);

TAILQ_REMOVE(&ifi->lease_db, ifi->active, next)do { if (((ifi->active)->next.tqe_next) != ((void *)0))
 (ifi->active)->next.tqe_next->next.tqe_prev = (ifi->
active)->next.tqe_prev; else (&ifi->lease_db)->tqh_last
 = (ifi->active)->next.tqe_prev; *(ifi->active)->
next.tqe_prev = (ifi->active)->next.tqe_next; ; ; } while
 (0);
free_client_lease(ifi->active);
ifi->active = NULL((void *)0);
write_lease_db(ifi);

free(ifi->configured);
ifi->configured = NULL((void *)0);
free(ifi->unwind_info);
ifi->unwind_info = NULL((void *)0);

log_warnx("%s: %s RELEASED to %s", log_procname, buf,
   inet_ntoa(ifi->destination));
2859}

2861void
2862propose_release(struct interface_info *ifi)
2863{
const struct timespec	 max_timeout = { 3, 0 };
struct timespec		 now, stop, timeout;
struct pollfd		 fds[1];
struct rt_msghdr	 rtm;
int			 nfds, routefd, rtfilter;

clock_gettime(CLOCK_MONOTONIC3, &now);
timespecadd(&now, &max_timeout, &stop)do { (&stop)->tv_sec = (&now)->tv_sec + (&max_timeout
)->tv_sec; (&stop)->tv_nsec = (&now)->tv_nsec
 + (&max_timeout)->tv_nsec; if ((&stop)->tv_nsec
 >= 1000000000L) { (&stop)->tv_sec++; (&stop)->
tv_nsec -= 1000000000L; } } while (0);

if ((routefd = socket(AF_ROUTE17, SOCK_RAW3, AF_INET2)) == -1)
fatal("socket(AF_ROUTE, SOCK_RAW)");

rtfilter = ROUTE_FILTER(RTM_PROPOSAL)(1 << (0x13));

if (setsockopt(routefd, AF_ROUTE17, ROUTE_MSGFILTER1,
   &rtfilter, sizeof(rtfilter)) == -1)
fatal("setsockopt(ROUTE_MSGFILTER)");
if (setsockopt(routefd, AF_ROUTE17, ROUTE_TABLEFILTER2, &ifi->rdomain,
   sizeof(ifi->rdomain)) == -1)
fatal("setsockopt(ROUTE_TABLEFILTER)");

memset(&rtm, 0, sizeof(rtm));
rtm.rtm_version = RTM_VERSION5;
rtm.rtm_type = RTM_PROPOSAL0x13;
rtm.rtm_msglen = sizeof(rtm);
rtm.rtm_tableid = ifi->rdomain;
rtm.rtm_index = ifi->index;
rtm.rtm_priority = RTP_PROPOSAL_DHCLIENT58;
rtm.rtm_addrs = 0;
rtm.rtm_flags = RTF_UP0x1;
rtm.rtm_flags |= RTF_PROTO20x4000;
rtm.rtm_seq = ifi->xid = arc4random();

if (write(routefd, &rtm, sizeof(rtm)) == -1)
fatal("write(routefd)");
log_debug("%s: sent RTM_PROPOSAL to release lease", log_procname);

while (quit == 0) {
clock_gettime(CLOCK_MONOTONIC3, &now);
if (timespeccmp(&now, &stop, >=)(((&now)->tv_sec == (&stop)->tv_sec) ? ((&now
)->tv_nsec >= (&stop)->tv_nsec) : ((&now)->
tv_sec >= (&stop)->tv_sec)))
	break;
timespecsub(&stop, &now, &timeout)do { (&timeout)->tv_sec = (&stop)->tv_sec - (&
now)->tv_sec; (&timeout)->tv_nsec = (&stop)->
tv_nsec - (&now)->tv_nsec; if ((&timeout)->tv_nsec
 < 0) { (&timeout)->tv_sec--; (&timeout)->tv_nsec
 += 1000000000L; } } while (0);
fds[0].fd = routefd;
fds[0].events = POLLIN0x0001;
nfds = ppoll(fds, 1, &timeout, NULL((void *)0));
if (nfds == -1) {
	if (errno(*__errno()) == EINTR4)
		continue;
	fatal("ppoll(routefd)");
}
if ((fds[0].revents & (POLLERR0x0008 | POLLHUP0x0010 | POLLNVAL0x0020)) != 0)
	fatalx("routefd: ERR|HUP|NVAL");
if (nfds == 0 || (fds[0].revents & POLLIN0x0001) == 0)
	continue;
routefd_handler(ifi, routefd);
}
2920}