chiark / gitweb /
sd-dhcp-client: recevie_message - verify cmsg_len before reading
[elogind.git] / src / libsystemd-network / sd-dhcp-client.c
index f4a83fb..392e294 100644 (file)
@@ -22,6 +22,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <net/ethernet.h>
+#include <net/if_arp.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
 
@@ -46,7 +47,10 @@ struct sd_dhcp_client {
         size_t req_opts_allocated;
         size_t req_opts_size;
         be32_t last_addr;
-        struct ether_addr mac_addr;
+        struct {
+                uint8_t type;
+                struct ether_addr mac_addr;
+        } _packed_ client_id;
         uint32_t xid;
         usec_t start_time;
         uint16_t secs;
@@ -140,19 +144,26 @@ int sd_dhcp_client_set_index(sd_dhcp_client *client, int interface_index) {
 
 int sd_dhcp_client_set_mac(sd_dhcp_client *client,
                            const struct ether_addr *addr) {
+        bool need_restart = false;
+
         assert_return(client, -EINVAL);
-        assert_return(client->state == DHCP_STATE_INIT, -EBUSY);
+        assert_return(addr, -EINVAL);
 
-        log_dhcp_client(client, "set MAC address to "
-                        "%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx",
-                        addr->ether_addr_octet[0],
-                        addr->ether_addr_octet[1],
-                        addr->ether_addr_octet[2],
-                        addr->ether_addr_octet[3],
-                        addr->ether_addr_octet[4],
-                        addr->ether_addr_octet[5]);
+        if (memcmp(&client->client_id.mac_addr, addr, ETH_ALEN) == 0)
+                return 0;
 
-        memcpy(&client->mac_addr, addr, ETH_ALEN);
+        if (client->state != DHCP_STATE_INIT) {
+                log_dhcp_client(client, "Changing MAC address on running DHCP "
+                                "client, restarting");
+                sd_dhcp_client_stop(client);
+                need_restart = true;
+        }
+
+        memcpy(&client->client_id.mac_addr, addr, ETH_ALEN);
+        client->client_id.type = 0x01;
+
+        if (need_restart)
+                sd_dhcp_client_start(client);
 
         return 0;
 }
@@ -178,15 +189,13 @@ static int client_notify(sd_dhcp_client *client, int event) {
         return 0;
 }
 
-static int client_stop(sd_dhcp_client *client, int error) {
+static int client_initialize(sd_dhcp_client *client) {
         assert_return(client, -EINVAL);
 
         client->receive_message =
                 sd_event_source_unref(client->receive_message);
 
-        if (client->fd >= 0)
-                close_nointr_nofail(client->fd);
-        client->fd = -1;
+        client->fd = safe_close(client->fd);
 
         client->timeout_resend = sd_event_source_unref(client->timeout_resend);
 
@@ -196,26 +205,36 @@ static int client_stop(sd_dhcp_client *client, int error) {
 
         client->attempt = 1;
 
-        client_notify(client, error);
-
-        client->start_time = 0;
-        client->secs = 0;
         client->state = DHCP_STATE_INIT;
+        client->xid = 0;
 
         if (client->lease)
                 client->lease = sd_dhcp_lease_unref(client->lease);
 
+        return 0;
+}
+
+static int client_stop(sd_dhcp_client *client, int error) {
+        assert_return(client, -EINVAL);
+
+        client_notify(client, error);
+
+        client_initialize(client);
+
         log_dhcp_client(client, "STOPPED");
 
         return 0;
 }
 
 static int client_message_init(sd_dhcp_client *client, DHCPMessage *message,
-                               uint8_t type, uint16_t secs, uint8_t **opt,
-                               size_t *optlen) {
+                               uint8_t type, uint8_t **opt, size_t *optlen) {
         int r;
 
-        assert(secs);
+        assert(client);
+        assert(client->secs);
+        assert(message);
+        assert(opt);
+        assert(optlen);
 
         r = dhcp_message_init(message, BOOTREQUEST, client->xid, type, opt,
                               optlen);
@@ -224,9 +243,9 @@ static int client_message_init(sd_dhcp_client *client, DHCPMessage *message,
 
         /* Although 'secs' field is a SHOULD in RFC 2131, certain DHCP servers
            refuse to issue an DHCP lease if 'secs' is set to zero */
-        message->secs = htobe16(secs);
+        message->secs = htobe16(client->secs);
 
-        memcpy(&message->chaddr, &client->mac_addr, ETH_ALEN);
+        memcpy(&message->chaddr, &client->client_id.mac_addr, ETH_ALEN);
 
         if (client->state == DHCP_STATE_RENEWING ||
             client->state == DHCP_STATE_REBINDING)
@@ -235,7 +254,7 @@ static int client_message_init(sd_dhcp_client *client, DHCPMessage *message,
         /* Some DHCP servers will refuse to issue an DHCP lease if the Client
            Identifier option is not set */
         r = dhcp_option_append(opt, optlen, DHCP_OPTION_CLIENT_IDENTIFIER,
-                               ETH_ALEN, &client->mac_addr);
+                               sizeof(client->client_id), &client->client_id);
         if (r < 0)
                 return r;
 
@@ -273,51 +292,62 @@ static int dhcp_client_send_raw(sd_dhcp_client *client, DHCPPacket *packet,
                                             packet, len);
 }
 
-static int client_send_discover(sd_dhcp_client *client, uint16_t secs) {
-        int err = 0;
-        _cleanup_free_ DHCPPacket *discover;
+static int client_send_discover(sd_dhcp_client *client) {
+        _cleanup_free_ DHCPPacket *discover = NULL;
         size_t optlen, len;
         uint8_t *opt;
+        usec_t time_now;
+        int r;
+
+        assert(client);
+
+        r = sd_event_now(client->event, CLOCK_MONOTONIC, &time_now);
+        if (r < 0)
+                return r;
+        assert(time_now >= client->start_time);
+
+        /* seconds between sending first and last DISCOVER
+         * must always be strictly positive to deal with broken servers */
+        client->secs = ((time_now - client->start_time) / USEC_PER_SEC) ? : 1;
 
         optlen = DHCP_MIN_OPTIONS_SIZE;
         len = sizeof(DHCPPacket) + optlen;
 
         discover = malloc0(len);
-
         if (!discover)
                 return -ENOMEM;
 
-        err = client_message_init(client, &discover->dhcp, DHCP_DISCOVER,
-                                  secs, &opt, &optlen);
-        if (err < 0)
-                return err;
+        r = client_message_init(client, &discover->dhcp, DHCP_DISCOVER,
+                                &opt, &optlen);
+        if (r < 0)
+                return r;
 
         if (client->last_addr != INADDR_ANY) {
-                err = dhcp_option_append(&opt, &optlen,
+                r = dhcp_option_append(&opt, &optlen,
                                          DHCP_OPTION_REQUESTED_IP_ADDRESS,
                                          4, &client->last_addr);
-                if (err < 0)
-                        return err;
+                if (r < 0)
+                        return r;
         }
 
-        err = dhcp_option_append(&opt, &optlen, DHCP_OPTION_END, 0, NULL);
-        if (err < 0)
-                return err;
+        r = dhcp_option_append(&opt, &optlen, DHCP_OPTION_END, 0, NULL);
+        if (r < 0)
+                return r;
 
-        err = dhcp_client_send_raw(client, discover, len);
-        if (err < 0)
-                return err;
+        r = dhcp_client_send_raw(client, discover, len - optlen);
+        if (r < 0)
+                return r;
 
         log_dhcp_client(client, "DISCOVER");
 
         return 0;
 }
 
-static int client_send_request(sd_dhcp_client *client, uint16_t secs) {
+static int client_send_request(sd_dhcp_client *client) {
         _cleanup_free_ DHCPPacket *request;
         size_t optlen, len;
-        int err;
         uint8_t *opt;
+        int r;
 
         optlen = DHCP_MIN_OPTIONS_SIZE;
         len = sizeof(DHCPPacket) + optlen;
@@ -326,64 +356,82 @@ static int client_send_request(sd_dhcp_client *client, uint16_t secs) {
         if (!request)
                 return -ENOMEM;
 
-        err = client_message_init(client, &request->dhcp, DHCP_REQUEST, secs,
-                                  &opt, &optlen);
-        if (err < 0)
-                return err;
+        r = client_message_init(client, &request->dhcp, DHCP_REQUEST, &opt,
+                                &optlen);
+        if (r < 0)
+                return r;
+
+        switch (client->state) {
 
-        if (client->state == DHCP_STATE_REQUESTING) {
-                err = dhcp_option_append(&opt, &optlen,
+        case DHCP_STATE_INIT_REBOOT:
+                r = dhcp_option_append(&opt, &optlen,
                                          DHCP_OPTION_REQUESTED_IP_ADDRESS,
-                                         4, &client->lease->address);
-                if (err < 0)
-                        return err;
-
-                err = dhcp_option_append(&opt, &optlen,
-                                         DHCP_OPTION_SERVER_IDENTIFIER,
-                                         4, &client->lease->server_address);
-                if (err < 0)
-                        return err;
+                                         4, &client->last_addr);
+                if (r < 0)
+                        return r;
+                break;
+
+        case DHCP_STATE_REQUESTING:
+                r = dhcp_option_append(&opt, &optlen,
+                                       DHCP_OPTION_REQUESTED_IP_ADDRESS,
+                                       4, &client->lease->address);
+                if (r < 0)
+                        return r;
+
+                r = dhcp_option_append(&opt, &optlen,
+                                       DHCP_OPTION_SERVER_IDENTIFIER,
+                                       4, &client->lease->server_address);
+                if (r < 0)
+                        return r;
+                break;
+
+        case DHCP_STATE_INIT:
+        case DHCP_STATE_SELECTING:
+        case DHCP_STATE_REBOOTING:
+        case DHCP_STATE_BOUND:
+        case DHCP_STATE_RENEWING:
+        case DHCP_STATE_REBINDING:
+
+                break;
         }
 
-        err = dhcp_option_append(&opt, &optlen, DHCP_OPTION_END, 0, NULL);
-        if (err < 0)
-                return err;
+        r = dhcp_option_append(&opt, &optlen, DHCP_OPTION_END, 0, NULL);
+        if (r < 0)
+                return r;
 
         if (client->state == DHCP_STATE_RENEWING) {
-                err = dhcp_network_send_udp_socket(client->fd,
-                                                   client->lease->server_address,
-                                                   DHCP_PORT_SERVER,
-                                                   &request->dhcp,
-                                                   len - DHCP_IP_UDP_SIZE);
+                r = dhcp_network_send_udp_socket(client->fd,
+                                                 client->lease->server_address,
+                                                 DHCP_PORT_SERVER,
+                                                 &request->dhcp,
+                                                 len - optlen - DHCP_IP_UDP_SIZE);
         } else {
-                err = dhcp_client_send_raw(client, request, len);
+                r = dhcp_client_send_raw(client, request, len - optlen);
         }
-        if (err < 0)
-                return err;
+        if (r < 0)
+                return r;
 
         log_dhcp_client(client, "REQUEST");
 
         return 0;
 }
 
-static uint16_t client_update_secs(sd_dhcp_client *client, usec_t time_now)
-{
-        client->secs = ((time_now - client->start_time) / USEC_PER_SEC) ? : 1;
-
-        return client->secs;
-}
-
 static int client_timeout_resend(sd_event_source *s, uint64_t usec,
                                  void *userdata) {
         sd_dhcp_client *client = userdata;
         usec_t next_timeout = 0;
+        uint64_t time_now;
         uint32_t time_left;
-        int r = 0;
+        int r;
 
         assert(s);
         assert(client);
         assert(client->event);
 
+        r = sd_event_now(client->event, CLOCK_MONOTONIC, &time_now);
+        if (r < 0)
+                goto error;
+
         switch (client->state) {
         case DHCP_STATE_RENEWING:
 
@@ -391,7 +439,7 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec,
                 if (time_left < 60)
                         time_left = 60;
 
-                next_timeout = usec + time_left * USEC_PER_SEC;
+                next_timeout = time_now + time_left * USEC_PER_SEC;
 
                 break;
 
@@ -401,12 +449,18 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec,
                 if (time_left < 60)
                         time_left = 60;
 
-                next_timeout = usec + time_left * USEC_PER_SEC;
+                next_timeout = time_now + time_left * USEC_PER_SEC;
                 break;
 
+        case DHCP_STATE_REBOOTING:
+                /* start over as we did not receive a timely ack or nak */
+                client->state = DHCP_STATE_INIT;
+                client->attempt = 1;
+                client->xid = random_u32();
+
+                /* fall through */
         case DHCP_STATE_INIT:
         case DHCP_STATE_INIT_REBOOT:
-        case DHCP_STATE_REBOOTING:
         case DHCP_STATE_SELECTING:
         case DHCP_STATE_REQUESTING:
         case DHCP_STATE_BOUND:
@@ -414,7 +468,7 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec,
                 if (client->attempt < 64)
                         client->attempt *= 2;
 
-                next_timeout = usec + (client->attempt - 1) * USEC_PER_SEC;
+                next_timeout = time_now + (client->attempt - 1) * USEC_PER_SEC;
 
                 break;
         }
@@ -423,11 +477,11 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec,
 
         client->timeout_resend = sd_event_source_unref(client->timeout_resend);
 
-        r = sd_event_add_monotonic(client->event,
-                                     &client->timeout_resend,
-                                     next_timeout,
-                                     10 * USEC_PER_MSEC,
-                                     client_timeout_resend, client);
+        r = sd_event_add_time(client->event,
+                              &client->timeout_resend,
+                              CLOCK_MONOTONIC,
+                              next_timeout, 10 * USEC_PER_MSEC,
+                              client_timeout_resend, client);
         if (r < 0)
                 goto error;
 
@@ -438,10 +492,7 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec,
 
         switch (client->state) {
         case DHCP_STATE_INIT:
-
-                client_update_secs(client, usec);
-
-                r = client_send_discover(client, client->secs);
+                r = client_send_discover(client);
                 if (r >= 0) {
                         client->state = DHCP_STATE_SELECTING;
                         client->attempt = 1;
@@ -453,26 +504,27 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec,
                 break;
 
         case DHCP_STATE_SELECTING:
-                client_update_secs(client, usec);
-
-                r = client_send_discover(client, client->secs);
+                r = client_send_discover(client);
                 if (r < 0 && client->attempt >= 64)
                         goto error;
 
                 break;
 
+        case DHCP_STATE_INIT_REBOOT:
         case DHCP_STATE_REQUESTING:
         case DHCP_STATE_RENEWING:
         case DHCP_STATE_REBINDING:
-                r = client_send_request(client, client->secs);
+                r = client_send_request(client);
                 if (r < 0 && client->attempt >= 64)
                          goto error;
 
-                client->request_sent = usec;
+                if (client->state == DHCP_STATE_INIT_REBOOT)
+                        client->state = DHCP_STATE_REBOOTING;
+
+                client->request_sent = time_now;
 
                 break;
 
-        case DHCP_STATE_INIT_REBOOT:
         case DHCP_STATE_REBOOTING:
         case DHCP_STATE_BOUND:
 
@@ -490,8 +542,7 @@ error:
 }
 
 static int client_initialize_events(sd_dhcp_client *client,
-                                    sd_event_io_handler_t io_callback,
-                                    usec_t usec) {
+                                    sd_event_io_handler_t io_callback) {
         int r;
 
         assert(client);
@@ -510,10 +561,11 @@ static int client_initialize_events(sd_dhcp_client *client,
 
         client->timeout_resend = sd_event_source_unref(client->timeout_resend);
 
-        r = sd_event_add_monotonic(client->event,
-                                   &client->timeout_resend,
-                                   usec, 0,
-                                   client_timeout_resend, client);
+        r = sd_event_add_time(client->event,
+                              &client->timeout_resend,
+                              CLOCK_MONOTONIC,
+                              0, 0,
+                              client_timeout_resend, client);
         if (r < 0)
                 goto error;
 
@@ -528,13 +580,48 @@ error:
 
 }
 
+static int client_start(sd_dhcp_client *client) {
+        int r;
+
+        assert_return(client, -EINVAL);
+        assert_return(client->event, -EINVAL);
+        assert_return(client->index > 0, -EINVAL);
+        assert_return(client->fd < 0, -EBUSY);
+        assert_return(client->xid == 0, -EINVAL);
+        assert_return(client->state == DHCP_STATE_INIT ||
+                      client->state == DHCP_STATE_INIT_REBOOT, -EBUSY);
+
+        client->xid = random_u32();
+
+        r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid);
+
+        if (r < 0) {
+                client_stop(client, r);
+                return r;
+        }
+        client->fd = r;
+
+        if (client->state == DHCP_STATE_INIT) {
+                client->start_time = now(CLOCK_MONOTONIC);
+                client->secs = 0;
+        }
+
+        log_dhcp_client(client, "STARTED");
+
+        return client_initialize_events(client, client_receive_message_raw);
+}
+
 static int client_timeout_expire(sd_event_source *s, uint64_t usec,
                                  void *userdata) {
         sd_dhcp_client *client = userdata;
 
         log_dhcp_client(client, "EXPIRED");
 
-        client_stop(client, DHCP_EVENT_EXPIRED);
+        client_notify(client, DHCP_EVENT_EXPIRED);
+
+        /* start over as the lease was lost */
+        client_initialize(client);
+        client_start(client);
 
         return 0;
 }
@@ -543,17 +630,13 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata)
         sd_dhcp_client *client = userdata;
         int r;
 
-        if (client->fd >= 0) {
-                client->receive_message =
-                        sd_event_source_unref(client->receive_message);
-                close_nointr_nofail(client->fd);
-                client->fd = -1;
-        }
+        client->receive_message = sd_event_source_unref(client->receive_message);
+        client->fd = safe_close(client->fd);
 
         client->state = DHCP_STATE_REBINDING;
         client->attempt = 1;
 
-        r = dhcp_network_bind_raw_socket(client->index, &client->link);
+        r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid);
         if (r < 0) {
                 client_stop(client, r);
                 return 0;
@@ -563,8 +646,7 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata)
 
         log_dhcp_client(client, "TIMEOUT T2");
 
-        return client_initialize_events(client, client_receive_message_raw,
-                                        usec);
+        return client_initialize_events(client, client_receive_message_raw);
 }
 
 static int client_timeout_t1(sd_event_source *s, uint64_t usec,
@@ -587,7 +669,7 @@ static int client_timeout_t1(sd_event_source *s, uint64_t usec,
 
         log_dhcp_client(client, "TIMEOUT T1");
 
-        return client_initialize_events(client, client_receive_message_udp, usec);
+        return client_initialize_events(client, client_receive_message_udp);
 }
 
 static int client_handle_offer(sd_dhcp_client *client, DHCPMessage *offer,
@@ -600,8 +682,10 @@ static int client_handle_offer(sd_dhcp_client *client, DHCPMessage *offer,
                 return r;
 
         r = dhcp_option_parse(offer, len, dhcp_lease_parse_options, lease);
-        if (r != DHCP_OFFER)
+        if (r != DHCP_OFFER) {
+                log_dhcp_client(client, "receieved message was not an OFFER, ignoring");
                 return -ENOMSG;
+        }
 
         lease->next_server = offer->siaddr;
 
@@ -609,9 +693,21 @@ static int client_handle_offer(sd_dhcp_client *client, DHCPMessage *offer,
 
         if (lease->address == INADDR_ANY ||
             lease->server_address == INADDR_ANY ||
-            lease->subnet_mask == INADDR_ANY ||
-            lease->lifetime == 0)
+            lease->lifetime == 0) {
+                log_dhcp_client(client, "receieved lease lacks address, server "
+                                "address or lease lifetime, ignoring");
                 return -ENOMSG;
+        }
+
+        if (lease->subnet_mask == INADDR_ANY) {
+                r = dhcp_lease_set_default_subnet_mask(lease);
+                if (r < 0) {
+                        log_dhcp_client(client, "receieved lease lacks subnet "
+                                        "mask, and a fallback one can not be "
+                                        "generated, ignoring");
+                        return -ENOMSG;
+                }
+        }
 
         client->lease = lease;
         lease = NULL;
@@ -636,8 +732,10 @@ static int client_handle_ack(sd_dhcp_client *client, DHCPMessage *ack,
                 return DHCP_EVENT_NO_LEASE;
         }
 
-        if (r != DHCP_ACK)
+        if (r != DHCP_ACK) {
+                log_dhcp_client(client, "receieved message was not an ACK, ignoring");
                 return -ENOMSG;
+        }
 
         lease->next_server = ack->siaddr;
 
@@ -645,8 +743,21 @@ static int client_handle_ack(sd_dhcp_client *client, DHCPMessage *ack,
 
         if (lease->address == INADDR_ANY ||
             lease->server_address == INADDR_ANY ||
-            lease->subnet_mask == INADDR_ANY || lease->lifetime == 0)
+            lease->lifetime == 0) {
+                log_dhcp_client(client, "receieved lease lacks address, server "
+                                "address or lease lifetime, ignoring");
                 return -ENOMSG;
+        }
+
+        if (lease->subnet_mask == INADDR_ANY) {
+                r = dhcp_lease_set_default_subnet_mask(lease);
+                if (r < 0) {
+                        log_dhcp_client(client, "receieved lease lacks subnet "
+                                        "mask, and a fallback one can not be "
+                                        "generated, ignoring");
+                        return -ENOMSG;
+                }
+        }
 
         r = DHCP_EVENT_IP_ACQUIRE;
         if (client->lease) {
@@ -667,66 +778,114 @@ static int client_handle_ack(sd_dhcp_client *client, DHCPMessage *ack,
         return r;
 }
 
-static uint64_t client_compute_timeout(uint64_t request_sent,
-                                       uint32_t lifetime) {
-        return request_sent + (lifetime - 3) * USEC_PER_SEC +
+static uint64_t client_compute_timeout(sd_dhcp_client *client,
+                                       uint32_t lifetime, double factor) {
+        assert(client);
+        assert(client->request_sent);
+        assert(lifetime);
+
+        return client->request_sent + ((lifetime - 3) * USEC_PER_SEC * factor) +
                 + (random_u32() & 0x1fffff);
 }
 
-static int client_set_lease_timeouts(sd_dhcp_client *client, uint64_t usec) {
-        uint64_t next_timeout;
+static int client_set_lease_timeouts(sd_dhcp_client *client) {
+        usec_t time_now;
+        uint64_t lifetime_timeout;
+        uint64_t t2_timeout;
+        uint64_t t1_timeout;
+        char time_string[FORMAT_TIMESPAN_MAX];
         int r;
 
         assert(client);
         assert(client->event);
-
-        if (client->lease->lifetime < 10)
-                return -EINVAL;
+        assert(client->lease);
+        assert(client->lease->lifetime);
 
         client->timeout_t1 = sd_event_source_unref(client->timeout_t1);
         client->timeout_t2 = sd_event_source_unref(client->timeout_t2);
         client->timeout_expire = sd_event_source_unref(client->timeout_expire);
 
-        if (!client->lease->t1)
-                client->lease->t1 = client->lease->lifetime / 2;
+        /* don't set timers for infinite leases */
+        if (client->lease->lifetime == 0xffffffff)
+                return 0;
 
-        next_timeout = client_compute_timeout(client->request_sent,
-                                              client->lease->t1);
-        if (next_timeout < usec)
-                return -EINVAL;
+        r = sd_event_now(client->event, CLOCK_MONOTONIC, &time_now);
+        if (r < 0)
+                return r;
+        assert(client->request_sent <= time_now);
+
+        /* convert the various timeouts from relative (secs) to absolute (usecs) */
+        lifetime_timeout = client_compute_timeout(client, client->lease->lifetime, 1);
+        if (client->lease->t1 && client->lease->t2) {
+                /* both T1 and T2 are given */
+                if (client->lease->t1 < client->lease->t2 &&
+                    client->lease->t2 < client->lease->lifetime) {
+                        /* they are both valid */
+                        t2_timeout = client_compute_timeout(client, client->lease->t2, 1);
+                        t1_timeout = client_compute_timeout(client, client->lease->t1, 1);
+                } else {
+                        /* discard both */
+                        t2_timeout = client_compute_timeout(client, client->lease->lifetime, 7.0 / 8.0);
+                        client->lease->t2 = (client->lease->lifetime * 7) / 8;
+                        t1_timeout = client_compute_timeout(client, client->lease->lifetime, 0.5);
+                        client->lease->t1 = client->lease->lifetime / 2;
+                }
+        } else if (client->lease->t2 && client->lease->t2 < client->lease->lifetime) {
+                /* only T2 is given, and it is valid */
+                t2_timeout = client_compute_timeout(client, client->lease->t2, 1);
+                t1_timeout = client_compute_timeout(client, client->lease->lifetime, 0.5);
+                client->lease->t1 = client->lease->lifetime / 2;
+                if (t2_timeout <= t1_timeout) {
+                        /* the computed T1 would be invalid, so discard T2 */
+                        t2_timeout = client_compute_timeout(client, client->lease->lifetime, 7.0 / 8.0);
+                        client->lease->t2 = (client->lease->lifetime * 7) / 8;
+                }
+        } else if (client->lease->t1 && client->lease->t1 < client->lease->lifetime) {
+                /* only T1 is given, and it is valid */
+                t1_timeout = client_compute_timeout(client, client->lease->t1, 1);
+                t2_timeout = client_compute_timeout(client, client->lease->lifetime, 7.0 / 8.0);
+                client->lease->t2 = (client->lease->lifetime * 7) / 8;
+                if (t2_timeout <= t1_timeout) {
+                        /* the computed T2 would be invalid, so discard T1 */
+                        t2_timeout = client_compute_timeout(client, client->lease->lifetime, 0.5);
+                        client->lease->t2 = client->lease->lifetime / 2;
+                }
+        } else {
+                /* fall back to the default timeouts */
+                t1_timeout = client_compute_timeout(client, client->lease->lifetime, 0.5);
+                client->lease->t1 = client->lease->lifetime / 2;
+                t2_timeout = client_compute_timeout(client, client->lease->lifetime, 7.0 / 8.0);
+                client->lease->t2 = (client->lease->lifetime * 7) / 8;
+        }
 
-        r = sd_event_add_monotonic(client->event,
-                                     &client->timeout_t1,
-                                     next_timeout,
-                                     10 * USEC_PER_MSEC,
-                                     client_timeout_t1, client);
+        /* arm lifetime timeout */
+        r = sd_event_add_time(client->event, &client->timeout_expire,
+                              CLOCK_MONOTONIC,
+                              lifetime_timeout, 10 * USEC_PER_MSEC,
+                              client_timeout_expire, client);
         if (r < 0)
                 return r;
 
-        r = sd_event_source_set_priority(client->timeout_t1,
+        r = sd_event_source_set_priority(client->timeout_expire,
                                          client->event_priority);
         if (r < 0)
                 return r;
 
-        if (!client->lease->t2)
-                client->lease->t2 = client->lease->lifetime * 7 / 8;
-
-        if (client->lease->t2 < client->lease->t1)
-                return -EINVAL;
-
-        if (client->lease->lifetime < client->lease->t2)
-                return -EINVAL;
+        log_dhcp_client(client, "lease expires in %s",
+                        format_timespan(time_string, FORMAT_TIMESPAN_MAX,
+                        lifetime_timeout - time_now, 0));
 
-        next_timeout = client_compute_timeout(client->request_sent,
-                                              client->lease->t2);
-        if (next_timeout < usec)
-                return -EINVAL;
+        /* don't arm earlier timeouts if this has already expired */
+        if (lifetime_timeout <= time_now)
+                return 0;
 
-        r = sd_event_add_monotonic(client->event,
-                                     &client->timeout_t2,
-                                     next_timeout,
-                                     10 * USEC_PER_MSEC,
-                                     client_timeout_t2, client);
+        /* arm T2 timeout */
+        r = sd_event_add_time(client->event,
+                              &client->timeout_t2,
+                              CLOCK_MONOTONIC,
+                              t2_timeout,
+                              10 * USEC_PER_MSEC,
+                              client_timeout_t2, client);
         if (r < 0)
                 return r;
 
@@ -735,37 +894,45 @@ static int client_set_lease_timeouts(sd_dhcp_client *client, uint64_t usec) {
         if (r < 0)
                 return r;
 
-        next_timeout = client_compute_timeout(client->request_sent,
-                                              client->lease->lifetime);
-        if (next_timeout < usec)
-                return -EINVAL;
+        log_dhcp_client(client, "T2 expires in %s",
+                        format_timespan(time_string, FORMAT_TIMESPAN_MAX,
+                        t2_timeout - time_now, 0));
+
+        /* don't arm earlier timeout if this has already expired */
+        if (t2_timeout <= time_now)
+                return 0;
 
-        r = sd_event_add_monotonic(client->event,
-                                     &client->timeout_expire, next_timeout,
-                                     10 * USEC_PER_MSEC,
-                                     client_timeout_expire, client);
+        /* arm T1 timeout */
+        r = sd_event_add_time(client->event,
+                              &client->timeout_t1,
+                              CLOCK_MONOTONIC,
+                              t1_timeout, 10 * USEC_PER_MSEC,
+                              client_timeout_t1, client);
         if (r < 0)
                 return r;
 
-        r = sd_event_source_set_priority(client->timeout_expire,
+        r = sd_event_source_set_priority(client->timeout_t1,
                                          client->event_priority);
         if (r < 0)
                 return r;
 
+        log_dhcp_client(client, "T1 expires in %s",
+                        format_timespan(time_string, FORMAT_TIMESPAN_MAX,
+                        t1_timeout - time_now, 0));
+
         return 0;
 }
 
 static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
-                                 int len, usec_t time_now) {
+                                 int len) {
         int r = 0, notify_event = 0;
 
         assert(client);
         assert(client->event);
         assert(message);
 
-        if (len < DHCP_MESSAGE_SIZE) {
-                log_dhcp_client(client, "message too small (%d bytes): "
-                                "ignoring", len);
+        if (be32toh(message->magic) != DHCP_MAGIC_COOKIE) {
+                log_dhcp_client(client, "not a DHCP message: ignoring");
                 return 0;
         }
 
@@ -781,8 +948,13 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
                 return 0;
         }
 
-        if (memcmp(&message->chaddr[0], &client->mac_addr.ether_addr_octet,
-                   ETHER_ADDR_LEN)) {
+        if (message->htype != ARPHRD_ETHER || message->hlen != ETHER_ADDR_LEN) {
+                log_dhcp_client(client, "not an ethernet packet");
+                return 0;
+        }
+
+        if (memcmp(&message->chaddr[0], &client->client_id.mac_addr,
+                   ETH_ALEN)) {
                 log_dhcp_client(client, "received chaddr does not match "
                                 "expected: ignoring");
                 return 0;
@@ -800,11 +972,11 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
                         client->state = DHCP_STATE_REQUESTING;
                         client->attempt = 1;
 
-                        r = sd_event_add_monotonic(client->event,
-                                                   &client->timeout_resend,
-                                                   time_now, 0,
-                                                   client_timeout_resend,
-                                                   client);
+                        r = sd_event_add_time(client->event,
+                                              &client->timeout_resend,
+                                              CLOCK_MONOTONIC,
+                                              0, 0,
+                                              client_timeout_resend, client);
                         if (r < 0)
                                 goto error;
 
@@ -812,24 +984,40 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
                                                          client->event_priority);
                         if (r < 0)
                                 goto error;
-                }
+                } else if (r == -ENOMSG)
+                        /* invalid message, let's ignore it */
+                        return 0;
 
                 break;
 
+        case DHCP_STATE_REBOOTING:
         case DHCP_STATE_REQUESTING:
         case DHCP_STATE_RENEWING:
         case DHCP_STATE_REBINDING:
 
                 r = client_handle_ack(client, message, len);
+                if (r == DHCP_EVENT_NO_LEASE) {
 
-                if (r == DHCP_EVENT_NO_LEASE)
-                        goto error;
+                        client->timeout_resend =
+                                sd_event_source_unref(client->timeout_resend);
 
-                if (r >= 0) {
+                        if (client->state == DHCP_STATE_REBOOTING) {
+                                r = client_initialize(client);
+                                if (r < 0)
+                                        goto error;
+
+                                r = client_start(client);
+                                if (r < 0)
+                                        goto error;
+                        }
+
+                        goto error;
+                } else if (r >= 0) {
                         client->timeout_resend =
                                 sd_event_source_unref(client->timeout_resend);
 
-                        if (client->state == DHCP_STATE_REQUESTING)
+                        if (IN_SET(client->state, DHCP_STATE_REQUESTING,
+                                   DHCP_STATE_REBOOTING))
                                 notify_event = DHCP_EVENT_IP_ACQUIRE;
                         else if (r != DHCP_EVENT_IP_ACQUIRE)
                                 notify_event = r;
@@ -839,7 +1027,7 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
 
                         client->last_addr = client->lease->address;
 
-                        r = client_set_lease_timeouts(client, time_now);
+                        r = client_set_lease_timeouts(client);
                         if (r < 0)
                                 goto error;
 
@@ -848,17 +1036,15 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
 
                         client->receive_message =
                                 sd_event_source_unref(client->receive_message);
-                        close_nointr_nofail(client->fd);
-                        client->fd = -1;
-                }
-
-                r = 0;
+                        client->fd = safe_close(client->fd);
+                } else if (r == -ENOMSG)
+                        /* invalid message, let's ignore it */
+                        return 0;
 
                 break;
 
         case DHCP_STATE_INIT:
         case DHCP_STATE_INIT_REBOOT:
-        case DHCP_STATE_REBOOTING:
         case DHCP_STATE_BOUND:
 
                 break;
@@ -876,11 +1062,9 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
         sd_dhcp_client *client = userdata;
         _cleanup_free_ DHCPMessage *message = NULL;
         int buflen = 0, len, r;
-        usec_t time_now;
 
         assert(s);
         assert(client);
-        assert(client->event);
 
         r = ioctl(fd, FIONREAD, &buflen);
         if (r < 0 || buflen <= 0)
@@ -891,22 +1075,20 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
                 return -ENOMEM;
 
         len = read(fd, message, buflen);
-        if (len < 0)
+        if (len < 0) {
+                log_dhcp_client(client, "could not receive message from UDP "
+                                "socket: %s", strerror(errno));
+                return 0;
+        } else if ((size_t)len < sizeof(DHCPMessage))
                 return 0;
 
-        r = sd_event_get_now_monotonic(client->event, &time_now);
-        if (r < 0)
-                return client_stop(client, r);
-
-        return client_handle_message(client, message, len,
-                                     time_now);
+        return client_handle_message(client, message, len);
 }
 
 static int client_receive_message_raw(sd_event_source *s, int fd,
                                       uint32_t revents, void *userdata) {
         sd_dhcp_client *client = userdata;
         _cleanup_free_ DHCPPacket *packet = NULL;
-        usec_t time_now;
         uint8_t cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))];
         struct iovec iov = {};
         struct msghdr msg = {
@@ -921,7 +1103,6 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
 
         assert(s);
         assert(client);
-        assert(client->event);
 
         r = ioctl(fd, FIONREAD, &buflen);
         if (r < 0 || buflen <= 0)
@@ -939,11 +1120,14 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
                 log_dhcp_client(client, "could not receive message from raw "
                                 "socket: %s", strerror(errno));
                 return 0;
-        }
+        } else if ((size_t)len < sizeof(DHCPPacket))
+                return 0;
 
         for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
-                if (cmsg->cmsg_level == SOL_PACKET && cmsg->cmsg_type == PACKET_AUXDATA) {
-                        struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
+                if (cmsg->cmsg_level == SOL_PACKET &&
+                    cmsg->cmsg_type == PACKET_AUXDATA &&
+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct tpacket_auxdata))) {
+                        struct tpacket_auxdata *aux = (struct tpacket_auxdata*)CMSG_DATA(cmsg);
 
                         checksum = !(aux->tp_status & TP_STATUS_CSUMNOTREADY);
                         break;
@@ -956,39 +1140,22 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
 
         len -= DHCP_IP_UDP_SIZE;
 
-        r = sd_event_get_now_monotonic(client->event, &time_now);
-        if (r < 0)
-                return client_stop(client, r);
-
-        return client_handle_message(client, &packet->dhcp, len, time_now);
+        return client_handle_message(client, &packet->dhcp, len);
 }
 
 int sd_dhcp_client_start(sd_dhcp_client *client) {
         int r;
 
         assert_return(client, -EINVAL);
-        assert_return(client->event, -EINVAL);
-        assert_return(client->index > 0, -EINVAL);
-        assert_return(client->state == DHCP_STATE_INIT ||
-                      client->state == DHCP_STATE_INIT_REBOOT, -EBUSY);
-
-        client->xid = random_u32();
-
-        r = dhcp_network_bind_raw_socket(client->index, &client->link);
 
-        if (r < 0) {
-                client_stop(client, r);
+        r = client_initialize(client);
+        if (r < 0)
                 return r;
-        }
 
-        client->fd = r;
-        client->start_time = now(CLOCK_MONOTONIC);
-        client->secs = 0;
-
-        log_dhcp_client(client, "STARTED");
+        if (client->last_addr)
+                client->state = DHCP_STATE_INIT_REBOOT;
 
-        return client_initialize_events(client, client_receive_message_raw,
-                                        client->start_time);
+        return client_start(client);
 }
 
 int sd_dhcp_client_stop(sd_dhcp_client *client) {