1 /** 2 * Copyright (C) 2013 Steven Barth <steven@midlink.org> 3 * Copyright (C) 2016 Hans Dedecker <dedeckeh@gmail.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License v2 as published by 7 * the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 */ 15 16 #include "odhcpd.h" 17 #include "dhcpv6.h" 18 #include "dhcpv4.h" 19 20 #include <time.h> 21 #include <errno.h> 22 #include <fcntl.h> 23 #include <stdio.h> 24 #include <poll.h> 25 #include <alloca.h> 26 #include <resolv.h> 27 #include <limits.h> 28 #include <stdlib.h> 29 #include <string.h> 30 #include <unistd.h> 31 #include <libgen.h> 32 #include <stdbool.h> 33 #include <arpa/inet.h> 34 #include <sys/timerfd.h> 35 36 #include <libubox/md5.h> 37 #include <libubox/usock.h> 38 39 #define ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs) \ 40 ((iface)->dhcpv6_assignall || (i) == (m) || \ 41 (addrs)[(i)].prefix > 64) 42 43 static void dhcpv6_netevent_cb(unsigned long event, struct netevent_handler_info *info); 44 static void apply_lease(struct dhcp_assignment *a, bool add); 45 static void set_border_assignment_size(struct interface *iface, struct dhcp_assignment *b); 46 static void handle_addrlist_change(struct netevent_handler_info *info); 47 static void start_reconf(struct dhcp_assignment *a); 48 static void stop_reconf(struct dhcp_assignment *a); 49 static void valid_until_cb(struct uloop_timeout *event); 50 51 static struct netevent_handler dhcpv6_netevent_handler = { .cb = dhcpv6_netevent_cb, }; 52 static struct uloop_timeout valid_until_timeout = {.cb = valid_until_cb}; 53 static uint32_t serial = 0; 54 static uint8_t statemd5[16]; 55 56 int dhcpv6_ia_init(void) 57 { 58 uloop_timeout_set(&valid_until_timeout, 1000); 59 60 netlink_add_netevent_handler(&dhcpv6_netevent_handler); 61 62 return 0; 63 } 64 65 int dhcpv6_ia_setup_interface(struct interface *iface, bool enable) 66 { 67 enable = enable && (iface->dhcpv6 == MODE_SERVER); 68 69 if (enable) { 70 struct dhcp_assignment *border; 71 72 if (list_empty(&iface->ia_assignments)) { 73 border = alloc_assignment(0); 74 75 if (!border) { 76 syslog(LOG_WARNING, "Failed to alloc border on %s", iface->name); 77 return -1; 78 } 79 80 border->length = 64; 81 list_add(&border->head, &iface->ia_assignments); 82 } else 83 border = list_last_entry(&iface->ia_assignments, struct dhcp_assignment, head); 84 85 set_border_assignment_size(iface, border); 86 } else { 87 struct dhcp_assignment *c; 88 89 while (!list_empty(&iface->ia_assignments)) { 90 c = list_first_entry(&iface->ia_assignments, struct dhcp_assignment, head); 91 free_assignment(c); 92 } 93 } 94 95 return 0; 96 } 97 98 99 static void dhcpv6_netevent_cb(unsigned long event, struct netevent_handler_info *info) 100 { 101 struct interface *iface = info->iface; 102 103 if (!iface || iface->dhcpv6 != MODE_SERVER) 104 return; 105 106 switch (event) { 107 case NETEV_ADDR6LIST_CHANGE: 108 handle_addrlist_change(info); 109 break; 110 default: 111 break; 112 } 113 } 114 115 116 static inline bool valid_prefix_length(const struct dhcp_assignment *a, const uint8_t prefix_length) 117 { 118 return (a->managed_size || a->length > prefix_length); 119 } 120 121 static inline bool valid_addr(const struct odhcpd_ipaddr *addr, time_t now) 122 { 123 return (addr->prefix <= 96 && addr->preferred > (uint32_t)now); 124 } 125 126 static size_t get_preferred_addr(const struct odhcpd_ipaddr *addrs, const size_t addrlen) 127 { 128 size_t i, m; 129 130 for (i = 0, m = 0; i < addrlen; ++i) { 131 if (addrs[i].preferred > addrs[m].preferred || 132 (addrs[i].preferred == addrs[m].preferred && 133 memcmp(&addrs[i].addr, &addrs[m].addr, 16) > 0)) 134 m = i; 135 } 136 137 return m; 138 } 139 140 static int send_reconf(struct dhcp_assignment *assign) 141 { 142 struct { 143 struct dhcpv6_client_header hdr; 144 uint16_t srvid_type; 145 uint16_t srvid_len; 146 uint16_t duid_type; 147 uint16_t hardware_type; 148 uint8_t mac[6]; 149 uint16_t msg_type; 150 uint16_t msg_len; 151 uint8_t msg_id; 152 struct dhcpv6_auth_reconfigure auth; 153 uint16_t clid_type; 154 uint16_t clid_len; 155 uint8_t clid_data[128]; 156 } __attribute__((packed)) reconf_msg = { 157 .hdr = {DHCPV6_MSG_RECONFIGURE, {0, 0, 0}}, 158 .srvid_type = htons(DHCPV6_OPT_SERVERID), 159 .srvid_len = htons(10), 160 .duid_type = htons(3), 161 .hardware_type = htons(1), 162 .msg_type = htons(DHCPV6_OPT_RECONF_MSG), 163 .msg_len = htons(1), 164 .msg_id = DHCPV6_MSG_RENEW, 165 .auth = {htons(DHCPV6_OPT_AUTH), 166 htons(sizeof(reconf_msg.auth) - 4), 3, 1, 0, 167 {htonl(time(NULL)), htonl(++serial)}, 2, {0}}, 168 .clid_type = htons(DHCPV6_OPT_CLIENTID), 169 .clid_len = htons(assign->clid_len), 170 .clid_data = {0}, 171 }; 172 struct interface *iface = assign->iface; 173 174 odhcpd_get_mac(iface, reconf_msg.mac); 175 memcpy(reconf_msg.clid_data, assign->clid_data, assign->clid_len); 176 struct iovec iov = {&reconf_msg, sizeof(reconf_msg) - 128 + assign->clid_len}; 177 178 md5_ctx_t md5; 179 uint8_t secretbytes[64]; 180 memset(secretbytes, 0, sizeof(secretbytes)); 181 memcpy(secretbytes, assign->key, sizeof(assign->key)); 182 183 for (size_t i = 0; i < sizeof(secretbytes); ++i) 184 secretbytes[i] ^= 0x36; 185 186 md5_begin(&md5); 187 md5_hash(secretbytes, sizeof(secretbytes), &md5); 188 md5_hash(iov.iov_base, iov.iov_len, &md5); 189 md5_end(reconf_msg.auth.key, &md5); 190 191 for (size_t i = 0; i < sizeof(secretbytes); ++i) { 192 secretbytes[i] ^= 0x36; 193 secretbytes[i] ^= 0x5c; 194 } 195 196 md5_begin(&md5); 197 md5_hash(secretbytes, sizeof(secretbytes), &md5); 198 md5_hash(reconf_msg.auth.key, 16, &md5); 199 md5_end(reconf_msg.auth.key, &md5); 200 201 return odhcpd_send(iface->dhcpv6_event.uloop.fd, &assign->peer, &iov, 1, iface); 202 } 203 204 static void dhcpv6_ia_free_assignment(struct dhcp_assignment *a) 205 { 206 if (a->managed_sock.fd.registered) { 207 ustream_free(&a->managed_sock.stream); 208 close(a->managed_sock.fd.fd); 209 } 210 211 if ((a->flags & OAF_BOUND) && (a->flags & OAF_DHCPV6_PD)) 212 apply_lease(a, false); 213 214 if (a->reconf_cnt) 215 stop_reconf(a); 216 217 free(a->managed); 218 } 219 220 void dhcpv6_ia_enum_addrs(struct interface *iface, struct dhcp_assignment *c, 221 time_t now, dhcpv6_binding_cb_handler_t func, void *arg) 222 { 223 struct odhcpd_ipaddr *addrs = (c->managed) ? c->managed : iface->addr6; 224 size_t addrlen = (c->managed) ? (size_t)c->managed_size : iface->addr6_len; 225 size_t m = get_preferred_addr(addrs, addrlen); 226 227 for (size_t i = 0; i < addrlen; ++i) { 228 struct in6_addr addr; 229 uint32_t pref, valid; 230 int prefix = c->managed ? addrs[i].prefix : c->length; 231 232 if (!valid_addr(&addrs[i], now)) 233 continue; 234 235 /* Filter Out Prefixes */ 236 if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface)) { 237 char addrbuf[INET6_ADDRSTRLEN]; 238 syslog(LOG_INFO, "Address %s filtered out on %s", 239 inet_ntop(AF_INET6, &addrs[i].addr.in6, addrbuf, sizeof(addrbuf)), 240 iface->name); 241 continue; 242 } 243 244 addr = addrs[i].addr.in6; 245 pref = addrs[i].preferred; 246 valid = addrs[i].valid; 247 248 if (c->flags & OAF_DHCPV6_NA) { 249 if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs)) 250 continue; 251 252 addr.s6_addr32[2] = htonl(c->assigned_host_id >> 32); 253 addr.s6_addr32[3] = htonl(c->assigned_host_id & UINT32_MAX); 254 } else { 255 if (!valid_prefix_length(c, addrs[i].prefix)) 256 continue; 257 258 addr.s6_addr32[1] |= htonl(c->assigned_subnet_id); 259 addr.s6_addr32[2] = addr.s6_addr32[3] = 0; 260 } 261 262 if (pref > (uint32_t)c->preferred_until) 263 pref = c->preferred_until; 264 265 if (pref > (uint32_t)c->valid_until) 266 pref = c->valid_until; 267 268 if (pref != UINT32_MAX) 269 pref -= now; 270 271 if (valid > (uint32_t)c->valid_until) 272 valid = c->valid_until; 273 274 if (valid != UINT32_MAX) 275 valid -= now; 276 277 func(&addr, prefix, pref, valid, arg); 278 } 279 } 280 281 struct write_ctxt { 282 FILE *fp; 283 md5_ctx_t md5; 284 struct dhcp_assignment *c; 285 struct interface *iface; 286 char *buf; 287 int buf_len; 288 int buf_idx; 289 }; 290 291 static void dhcpv6_write_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref, 292 _unused uint32_t valid, void *arg) 293 { 294 struct write_ctxt *ctxt = (struct write_ctxt *)arg; 295 char ipbuf[INET6_ADDRSTRLEN]; 296 297 inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf) - 1); 298 299 if ((ctxt->c->flags & OAF_DHCPV6_NA) && ctxt->c->hostname && 300 !(ctxt->c->flags & OAF_BROKEN_HOSTNAME)) { 301 fputs(ipbuf, ctxt->fp); 302 303 char b[256]; 304 if (dn_expand(ctxt->iface->search, ctxt->iface->search + ctxt->iface->search_len, 305 ctxt->iface->search, b, sizeof(b)) > 0) 306 fprintf(ctxt->fp, "\t%s.%s", ctxt->c->hostname, b); 307 308 fprintf(ctxt->fp, "\t%s\n", ctxt->c->hostname); 309 md5_hash(ipbuf, strlen(ipbuf), &ctxt->md5); 310 md5_hash(ctxt->c->hostname, strlen(ctxt->c->hostname), &ctxt->md5); 311 } 312 313 ctxt->buf_idx += snprintf(ctxt->buf + ctxt->buf_idx,ctxt->buf_len - ctxt->buf_idx, 314 "%s/%d ", ipbuf, prefix); 315 } 316 317 void dhcpv6_ia_write_statefile(void) 318 { 319 struct write_ctxt ctxt; 320 321 md5_begin(&ctxt.md5); 322 323 if (config.dhcp_statefile) { 324 unsigned statefile_strlen = strlen(config.dhcp_statefile) + 1; 325 unsigned tmp_statefile_strlen = statefile_strlen + 1; /* space for . */ 326 char *tmp_statefile = alloca(tmp_statefile_strlen); 327 328 char *dir_statefile; 329 char *base_statefile; 330 char *pdir_statefile; 331 char *pbase_statefile; 332 333 time_t now = odhcpd_time(), wall_time = time(NULL); 334 int fd, ret; 335 char leasebuf[512]; 336 337 dir_statefile = strndup(config.dhcp_statefile, statefile_strlen); 338 base_statefile = strndup(config.dhcp_statefile, statefile_strlen); 339 340 pdir_statefile = dirname(dir_statefile); 341 pbase_statefile = basename(base_statefile); 342 343 snprintf(tmp_statefile, tmp_statefile_strlen, "%s/.%s", pdir_statefile, pbase_statefile); 344 345 free(dir_statefile); 346 free(base_statefile); 347 348 fd = open(tmp_statefile, O_CREAT | O_WRONLY | O_CLOEXEC, 0644); 349 if (fd < 0) 350 return; 351 352 ret = lockf(fd, F_LOCK, 0); 353 if (ret < 0) { 354 close(fd); 355 return; 356 } 357 358 if (ftruncate(fd, 0) < 0) {} 359 360 ctxt.fp = fdopen(fd, "w"); 361 if (!ctxt.fp) { 362 close(fd); 363 return; 364 } 365 366 ctxt.buf = leasebuf; 367 ctxt.buf_len = sizeof(leasebuf); 368 369 avl_for_each_element(&interfaces, ctxt.iface, avl) { 370 if (ctxt.iface->dhcpv6 != MODE_SERVER && 371 ctxt.iface->dhcpv4 != MODE_SERVER) 372 continue; 373 374 if (ctxt.iface->dhcpv6 == MODE_SERVER) { 375 list_for_each_entry(ctxt.c, &ctxt.iface->ia_assignments, head) { 376 if (!(ctxt.c->flags & OAF_BOUND) || ctxt.c->managed_size < 0) 377 continue; 378 379 char duidbuf[264]; 380 381 odhcpd_hexlify(duidbuf, ctxt.c->clid_data, ctxt.c->clid_len); 382 383 /* iface DUID iaid hostname lifetime assigned_host_id length [addrs...] */ 384 ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s %x %s%s %"PRId64" ", 385 ctxt.iface->ifname, duidbuf, ntohl(ctxt.c->iaid), 386 (ctxt.c->flags & OAF_BROKEN_HOSTNAME) ? "broken\\x20" : "", 387 (ctxt.c->hostname ? ctxt.c->hostname : "-"), 388 (ctxt.c->valid_until > now ? 389 (int64_t)(ctxt.c->valid_until - now + wall_time) : 390 (INFINITE_VALID(ctxt.c->valid_until) ? -1 : 0))); 391 392 if (ctxt.c->flags & OAF_DHCPV6_NA) 393 ctxt.buf_idx += snprintf(ctxt.buf + ctxt.buf_idx, ctxt.buf_len - ctxt.buf_idx, 394 "%" PRIx64" %u ", ctxt.c->assigned_host_id, (unsigned)ctxt.c->length); 395 else 396 ctxt.buf_idx += snprintf(ctxt.buf + ctxt.buf_idx, ctxt.buf_len - ctxt.buf_idx, 397 "%" PRIx32" %u ", ctxt.c->assigned_subnet_id, (unsigned)ctxt.c->length); 398 399 if (INFINITE_VALID(ctxt.c->valid_until) || ctxt.c->valid_until > now) 400 dhcpv6_ia_enum_addrs(ctxt.iface, ctxt.c, now, 401 dhcpv6_write_ia_addr, &ctxt); 402 403 ctxt.buf[ctxt.buf_idx - 1] = '\n'; 404 fwrite(ctxt.buf, 1, ctxt.buf_idx, ctxt.fp); 405 } 406 } 407 408 if (ctxt.iface->dhcpv4 == MODE_SERVER) { 409 struct dhcp_assignment *c; 410 411 list_for_each_entry(c, &ctxt.iface->dhcpv4_assignments, head) { 412 if (!(c->flags & OAF_BOUND)) 413 continue; 414 415 char ipbuf[INET6_ADDRSTRLEN]; 416 char duidbuf[16]; 417 odhcpd_hexlify(duidbuf, c->hwaddr, sizeof(c->hwaddr)); 418 419 /* iface DUID iaid hostname lifetime assigned length [addrs...] */ 420 ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s ipv4 %s%s %"PRId64" %x 32 ", 421 ctxt.iface->ifname, duidbuf, 422 (c->flags & OAF_BROKEN_HOSTNAME) ? "broken\\x20" : "", 423 (c->hostname ? c->hostname : "-"), 424 (c->valid_until > now ? 425 (int64_t)(c->valid_until - now + wall_time) : 426 (INFINITE_VALID(c->valid_until) ? -1 : 0)), 427 ntohl(c->addr)); 428 429 struct in_addr addr = {.s_addr = c->addr}; 430 inet_ntop(AF_INET, &addr, ipbuf, sizeof(ipbuf) - 1); 431 432 if (c->hostname && !(c->flags & OAF_BROKEN_HOSTNAME)) { 433 fputs(ipbuf, ctxt.fp); 434 435 char b[256]; 436 if (dn_expand(ctxt.iface->search, 437 ctxt.iface->search + ctxt.iface->search_len, 438 ctxt.iface->search, b, sizeof(b)) > 0) 439 fprintf(ctxt.fp, "\t%s.%s", c->hostname, b); 440 441 fprintf(ctxt.fp, "\t%s\n", c->hostname); 442 md5_hash(ipbuf, strlen(ipbuf), &ctxt.md5); 443 md5_hash(c->hostname, strlen(c->hostname), &ctxt.md5); 444 } 445 446 ctxt.buf_idx += snprintf(ctxt.buf + ctxt.buf_idx, 447 ctxt.buf_len - ctxt.buf_idx, 448 "%s/32 ", ipbuf); 449 ctxt.buf[ctxt.buf_idx - 1] = '\n'; 450 fwrite(ctxt.buf, 1, ctxt.buf_idx, ctxt.fp); 451 } 452 } 453 } 454 455 fclose(ctxt.fp); 456 457 uint8_t newmd5[16]; 458 md5_end(newmd5, &ctxt.md5); 459 460 if (memcmp(newmd5, statemd5, sizeof(newmd5))) { 461 memcpy(statemd5, newmd5, sizeof(statemd5)); 462 rename(tmp_statefile, config.dhcp_statefile); 463 464 if (config.dhcp_cb) { 465 char *argv[2] = {config.dhcp_cb, NULL}; 466 if (!vfork()) { 467 execv(argv[0], argv); 468 _exit(128); 469 } 470 } 471 } else { 472 unlink(tmp_statefile); 473 } 474 } 475 } 476 477 static void __apply_lease(struct dhcp_assignment *a, 478 struct odhcpd_ipaddr *addrs, ssize_t addr_len, bool add) 479 { 480 if (a->flags & OAF_DHCPV6_NA) 481 return; 482 483 for (ssize_t i = 0; i < addr_len; ++i) { 484 struct in6_addr prefix; 485 486 if (ADDR_MATCH_PIO_FILTER(&addrs[i], a->iface)) 487 continue; 488 489 prefix = addrs[i].addr.in6; 490 prefix.s6_addr32[1] |= htonl(a->assigned_subnet_id); 491 prefix.s6_addr32[2] = prefix.s6_addr32[3] = 0; 492 netlink_setup_route(&prefix, (a->managed_size) ? addrs[i].prefix : a->length, 493 a->iface->ifindex, &a->peer.sin6_addr, 1024, add); 494 } 495 } 496 497 static void apply_lease(struct dhcp_assignment *a, bool add) 498 { 499 struct interface *iface = a->iface; 500 struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6; 501 ssize_t addrlen = (a->managed) ? a->managed_size : (ssize_t)iface->addr6_len; 502 503 __apply_lease(a, addrs, addrlen, add); 504 } 505 506 /* Set border assignment size based on the IPv6 address prefixes */ 507 static void set_border_assignment_size(struct interface *iface, struct dhcp_assignment *b) 508 { 509 time_t now = odhcpd_time(); 510 int minprefix = -1; 511 512 for (size_t i = 0; i < iface->addr6_len; ++i) { 513 struct odhcpd_ipaddr *addr = &iface->addr6[i]; 514 515 if (ADDR_MATCH_PIO_FILTER(addr, iface)) 516 continue; 517 518 if (addr->preferred > (uint32_t)now && 519 addr->prefix < 64 && 520 addr->prefix > minprefix) 521 minprefix = addr->prefix; 522 } 523 524 if (minprefix > 32 && minprefix <= 64) 525 b->assigned_subnet_id = 1U << (64 - minprefix); 526 else 527 b->assigned_subnet_id = 0; 528 } 529 530 /* More data was received from TCP connection */ 531 static void managed_handle_pd_data(struct ustream *s, _unused int bytes_new) 532 { 533 struct ustream_fd *fd = container_of(s, struct ustream_fd, stream); 534 struct dhcp_assignment *c = container_of(fd, struct dhcp_assignment, managed_sock); 535 time_t now = odhcpd_time(); 536 bool first = c->managed_size < 0; 537 538 for (;;) { 539 int pending; 540 char *data = ustream_get_read_buf(s, &pending); 541 char *end = memmem(data, pending, "\n\n", 2); 542 543 if (!end) 544 break; 545 546 end += 2; 547 end[-1] = 0; 548 549 c->managed_size = 0; 550 if (c->accept_reconf) 551 c->reconf_cnt = 1; 552 553 char *saveptr; 554 for (char *line = strtok_r(data, "\n", &saveptr); line; line = strtok_r(NULL, "\n", &saveptr)) { 555 c->managed = realloc(c->managed, (c->managed_size + 1) * sizeof(*c->managed)); 556 struct odhcpd_ipaddr *n = &c->managed[c->managed_size]; 557 558 char *saveptr2, *x = strtok_r(line, "/", &saveptr2); 559 if (!x || inet_pton(AF_INET6, x, &n->addr) < 1) 560 continue; 561 562 x = strtok_r(NULL, ",", &saveptr2); 563 if (sscanf(x, "%hhu", &n->prefix) < 1) 564 continue; 565 566 x = strtok_r(NULL, ",", &saveptr2); 567 if (sscanf(x, "%u", &n->preferred) < 1) 568 continue; 569 570 x = strtok_r(NULL, ",", &saveptr2); 571 if (sscanf(x, "%u", &n->valid) < 1) 572 continue; 573 574 if (n->preferred > n->valid) 575 continue; 576 577 if (UINT32_MAX - now < n->preferred) 578 n->preferred = UINT32_MAX; 579 else 580 n->preferred += now; 581 582 if (UINT32_MAX - now < n->valid) 583 n->valid = UINT32_MAX; 584 else 585 n->valid += now; 586 587 n->dprefix = 0; 588 589 ++c->managed_size; 590 } 591 592 ustream_consume(s, end - data); 593 } 594 595 if (first && c->managed_size == 0) 596 free_assignment(c); 597 else if (first) 598 c->valid_until = now + 150; 599 } 600 601 602 /* TCP transmission has ended, either because of success or timeout or other error */ 603 static void managed_handle_pd_done(struct ustream *s) 604 { 605 struct ustream_fd *fd = container_of(s, struct ustream_fd, stream); 606 struct dhcp_assignment *c = container_of(fd, struct dhcp_assignment, managed_sock); 607 608 c->valid_until = odhcpd_time() + 15; 609 610 c->managed_size = 0; 611 612 if (c->accept_reconf) 613 c->reconf_cnt = 1; 614 } 615 616 static bool assign_pd(struct interface *iface, struct dhcp_assignment *assign) 617 { 618 struct dhcp_assignment *c; 619 620 if (iface->dhcpv6_pd_manager[0]) { 621 int fd = usock(USOCK_UNIX | USOCK_TCP, iface->dhcpv6_pd_manager, NULL); 622 if (fd >= 0) { 623 struct pollfd pfd = { .fd = fd, .events = POLLIN }; 624 char iaidbuf[298]; 625 626 odhcpd_hexlify(iaidbuf, assign->clid_data, assign->clid_len); 627 628 assign->managed_sock.stream.notify_read = managed_handle_pd_data; 629 assign->managed_sock.stream.notify_state = managed_handle_pd_done; 630 ustream_fd_init(&assign->managed_sock, fd); 631 ustream_printf(&assign->managed_sock.stream, "%s,%x\n::/%d,0,0\n\n", 632 iaidbuf, assign->iaid, assign->length); 633 ustream_write_pending(&assign->managed_sock.stream); 634 assign->managed_size = -1; 635 636 assign->valid_until = odhcpd_time() + 15; 637 638 list_add(&assign->head, &iface->ia_assignments); 639 640 /* Wait initial period of up to 250ms for immediate assignment */ 641 if (poll(&pfd, 1, 250) < 0) { 642 syslog(LOG_ERR, "poll(): %m"); 643 return false; 644 } 645 646 managed_handle_pd_data(&assign->managed_sock.stream, 0); 647 648 if (fcntl(fd, F_GETFL) >= 0 && assign->managed_size > 0) 649 return true; 650 } 651 652 return false; 653 } else if (iface->addr6_len < 1) 654 return false; 655 656 /* Try honoring the hint first */ 657 uint32_t current = 1, asize = (1 << (64 - assign->length)) - 1; 658 if (assign->assigned_subnet_id) { 659 list_for_each_entry(c, &iface->ia_assignments, head) { 660 if (c->flags & OAF_DHCPV6_NA) 661 continue; 662 663 if (assign->assigned_subnet_id >= current && assign->assigned_subnet_id + asize < c->assigned_subnet_id) { 664 list_add_tail(&assign->head, &c->head); 665 666 if (assign->flags & OAF_BOUND) 667 apply_lease(assign, true); 668 669 return true; 670 } 671 672 current = (c->assigned_subnet_id + (1 << (64 - c->length))); 673 } 674 } 675 676 /* Fallback to a variable assignment */ 677 current = 1; 678 list_for_each_entry(c, &iface->ia_assignments, head) { 679 if (c->flags & OAF_DHCPV6_NA) 680 continue; 681 682 current = (current + asize) & (~asize); 683 684 if (current + asize < c->assigned_subnet_id) { 685 assign->assigned_subnet_id = current; 686 list_add_tail(&assign->head, &c->head); 687 688 if (assign->flags & OAF_BOUND) 689 apply_lease(assign, true); 690 691 return true; 692 } 693 694 current = (c->assigned_subnet_id + (1 << (64 - c->length))); 695 } 696 697 return false; 698 } 699 700 /* Check iid against reserved IPv6 interface identifiers. 701 Refer to: 702 http://www.iana.org/assignments/ipv6-interface-ids */ 703 static bool is_reserved_ipv6_iid(uint64_t iid) 704 { 705 if (iid == 0x0000000000000000) 706 /* Subnet-Router Anycast [RFC4291] */ 707 return true; 708 709 if ((iid & 0xFFFFFFFFFF000000) == 0x02005EFFFE000000) 710 /* Reserved IPv6 Interface Identifiers corresponding 711 to the IANA Ethernet Block [RFC4291] */ 712 return true; 713 714 if ((iid & 0xFFFFFFFFFFFFFF80) == 0xFDFFFFFFFFFFFF80) 715 /* Reserved Subnet Anycast Addresses [RFC2526] */ 716 return true; 717 718 return false; 719 } 720 721 static bool assign_na(struct interface *iface, struct dhcp_assignment *a) 722 { 723 struct dhcp_assignment *c; 724 uint32_t seed = 0; 725 726 /* Preconfigured assignment by static lease */ 727 if (a->assigned_host_id) { 728 list_for_each_entry(c, &iface->ia_assignments, head) { 729 if (!(c->flags & OAF_DHCPV6_NA) || c->assigned_host_id > a->assigned_host_id ) { 730 list_add_tail(&a->head, &c->head); 731 return true; 732 } else if (c->assigned_host_id == a->assigned_host_id) 733 return false; 734 } 735 } 736 737 /* Seed RNG with checksum of DUID */ 738 for (size_t i = 0; i < a->clid_len; ++i) 739 seed += a->clid_data[i]; 740 srandom(seed); 741 742 /* Try to assign up to 100x */ 743 for (size_t i = 0; i < 100; ++i) { 744 uint64_t try; 745 746 if (iface->dhcpv6_hostid_len > 32) { 747 uint32_t mask_high; 748 749 if (iface->dhcpv6_hostid_len >= 64) 750 mask_high = UINT32_MAX; 751 else 752 mask_high = (1 << (iface->dhcpv6_hostid_len - 32)) - 1; 753 754 do { 755 try = (uint32_t)random(); 756 try |= (uint64_t)((uint32_t)random() & mask_high) << 32; 757 } while (try < 0x100); 758 } else { 759 uint32_t mask_low; 760 761 if (iface->dhcpv6_hostid_len == 32) 762 mask_low = UINT32_MAX; 763 else 764 mask_low = (1 << iface->dhcpv6_hostid_len) - 1; 765 do try = ((uint32_t)random()) & mask_low; while (try < 0x100); 766 } 767 768 if (is_reserved_ipv6_iid(try)) 769 continue; 770 771 if (config_find_lease_by_hostid(try)) 772 continue; 773 774 list_for_each_entry(c, &iface->ia_assignments, head) { 775 if (!(c->flags & OAF_DHCPV6_NA) || c->assigned_host_id > try) { 776 a->assigned_host_id = try; 777 list_add_tail(&a->head, &c->head); 778 return true; 779 } else if (c->assigned_host_id == try) 780 break; 781 } 782 } 783 784 return false; 785 } 786 787 static void handle_addrlist_change(struct netevent_handler_info *info) 788 { 789 struct interface *iface = info->iface; 790 struct dhcp_assignment *c, *d, *border = list_last_entry( 791 &iface->ia_assignments, struct dhcp_assignment, head); 792 struct list_head reassign = LIST_HEAD_INIT(reassign); 793 time_t now = odhcpd_time(); 794 795 list_for_each_entry(c, &iface->ia_assignments, head) { 796 if ((c->flags & OAF_DHCPV6_PD) && !(iface->ra_flags & ND_RA_FLAG_MANAGED) 797 && (c->flags & OAF_BOUND)) 798 __apply_lease(c, info->addrs_old.addrs, 799 info->addrs_old.len, false); 800 } 801 802 set_border_assignment_size(iface, border); 803 804 list_for_each_entry_safe(c, d, &iface->ia_assignments, head) { 805 if (c->clid_len == 0 || 806 !(c->flags & OAF_DHCPV6_PD) || 807 (!INFINITE_VALID(c->valid_until) && c->valid_until < now) || 808 c->managed_size) 809 continue; 810 811 if (c->assigned_subnet_id >= border->assigned_subnet_id) 812 list_move(&c->head, &reassign); 813 else if (c->flags & OAF_BOUND) 814 apply_lease(c, true); 815 816 if (c->accept_reconf && c->reconf_cnt == 0) { 817 struct dhcp_assignment *a; 818 819 start_reconf(c); 820 821 /* Leave all other assignments of that client alone */ 822 list_for_each_entry(a, &iface->ia_assignments, head) 823 if (a != c && a->clid_len == c->clid_len && 824 !memcmp(a->clid_data, c->clid_data, a->clid_len)) 825 a->reconf_cnt = INT_MAX; 826 } 827 } 828 829 while (!list_empty(&reassign)) { 830 c = list_first_entry(&reassign, struct dhcp_assignment, head); 831 list_del_init(&c->head); 832 if (!assign_pd(iface, c)) 833 free_assignment(c); 834 } 835 836 dhcpv6_ia_write_statefile(); 837 } 838 839 static void reconf_timeout_cb(struct uloop_timeout *event) 840 { 841 struct dhcp_assignment *a = container_of(event, struct dhcp_assignment, reconf_timer); 842 843 if (a->reconf_cnt > 0 && a->reconf_cnt < DHCPV6_REC_MAX_RC) { 844 send_reconf(a); 845 uloop_timeout_set(&a->reconf_timer, 846 DHCPV6_REC_TIMEOUT << a->reconf_cnt); 847 a->reconf_cnt++; 848 } else 849 stop_reconf(a); 850 } 851 852 static void start_reconf(struct dhcp_assignment *a) 853 { 854 uloop_timeout_set(&a->reconf_timer, 855 DHCPV6_REC_TIMEOUT << a->reconf_cnt); 856 a->reconf_timer.cb = reconf_timeout_cb; 857 a->reconf_cnt++; 858 859 send_reconf(a); 860 } 861 862 static void stop_reconf(struct dhcp_assignment *a) 863 { 864 uloop_timeout_cancel(&a->reconf_timer); 865 a->reconf_cnt = 0; 866 a->reconf_timer.cb = NULL; 867 } 868 869 static void valid_until_cb(struct uloop_timeout *event) 870 { 871 struct interface *iface; 872 time_t now = odhcpd_time(); 873 874 avl_for_each_element(&interfaces, iface, avl) { 875 struct dhcp_assignment *a, *n; 876 877 if (iface->dhcpv6 != MODE_SERVER) 878 continue; 879 880 list_for_each_entry_safe(a, n, &iface->ia_assignments, head) { 881 if (a->clid_len > 0 && !INFINITE_VALID(a->valid_until) && a->valid_until < now) 882 free_assignment(a); 883 } 884 } 885 uloop_timeout_set(event, 1000); 886 } 887 888 static size_t build_ia(uint8_t *buf, size_t buflen, uint16_t status, 889 const struct dhcpv6_ia_hdr *ia, struct dhcp_assignment *a, 890 struct interface *iface, bool request) 891 { 892 struct dhcpv6_ia_hdr o_ia = { 893 .type = ia->type, 894 .len = 0, 895 .iaid = ia->iaid, 896 .t1 = 0, 897 .t2 = 0, 898 }; 899 size_t ia_len = sizeof(o_ia); 900 time_t now = odhcpd_time(); 901 902 if (buflen < ia_len) 903 return 0; 904 905 if (status) { 906 struct __attribute__((packed)) { 907 uint16_t type; 908 uint16_t len; 909 uint16_t val; 910 } o_status = { 911 .type = htons(DHCPV6_OPT_STATUS), 912 .len = htons(sizeof(o_status) - 4), 913 .val = htons(status), 914 }; 915 916 memcpy(buf + ia_len, &o_status, sizeof(o_status)); 917 ia_len += sizeof(o_status); 918 919 o_ia.len = htons(ia_len - 4); 920 memcpy(buf, &o_ia, sizeof(o_ia)); 921 922 return ia_len; 923 } 924 925 if (a) { 926 uint32_t leasetime, pref; 927 928 if (a->leasetime) { 929 leasetime = a->leasetime; 930 pref = a->leasetime; 931 } else { 932 leasetime = iface->dhcp_leasetime; 933 pref = iface->preferred_lifetime; 934 } 935 936 uint32_t valid = leasetime; 937 938 struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6; 939 size_t addrlen = (a->managed) ? (size_t)a->managed_size : iface->addr6_len; 940 size_t m = get_preferred_addr(addrs, addrlen); 941 942 for (size_t i = 0; i < addrlen; ++i) { 943 uint32_t prefix_pref, prefix_valid; 944 945 if (!valid_addr(&addrs[i], now)) 946 continue; 947 948 /* Filter Out Prefixes */ 949 if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface)) { 950 char addrbuf[INET6_ADDRSTRLEN]; 951 syslog(LOG_INFO, "Address %s filtered out on %s", 952 inet_ntop(AF_INET6, &addrs[i].addr.in6, addrbuf, sizeof(addrbuf)), 953 iface->name); 954 continue; 955 } 956 957 prefix_pref = addrs[i].preferred; 958 prefix_valid = addrs[i].valid; 959 960 if (prefix_pref != UINT32_MAX) 961 prefix_pref -= now; 962 963 if (prefix_pref > pref) 964 prefix_pref = pref; 965 966 if (prefix_valid != UINT32_MAX) 967 prefix_valid -= now; 968 969 if (prefix_valid > leasetime) 970 prefix_valid = leasetime; 971 972 if (prefix_pref > prefix_valid) 973 prefix_pref = prefix_valid; 974 975 if (a->flags & OAF_DHCPV6_PD) { 976 struct dhcpv6_ia_prefix o_ia_p = { 977 .type = htons(DHCPV6_OPT_IA_PREFIX), 978 .len = htons(sizeof(o_ia_p) - 4), 979 .preferred = htonl(prefix_pref), 980 .valid = htonl(prefix_valid), 981 .prefix = (a->managed_size) ? addrs[i].prefix : a->length, 982 .addr = addrs[i].addr.in6, 983 }; 984 985 o_ia_p.addr.s6_addr32[1] |= htonl(a->assigned_subnet_id); 986 o_ia_p.addr.s6_addr32[2] = o_ia_p.addr.s6_addr32[3] = 0; 987 988 if (!valid_prefix_length(a, addrs[i].prefix)) 989 continue; 990 991 if (buflen < ia_len + sizeof(o_ia_p)) 992 return 0; 993 994 memcpy(buf + ia_len, &o_ia_p, sizeof(o_ia_p)); 995 ia_len += sizeof(o_ia_p); 996 } 997 998 if (a->flags & OAF_DHCPV6_NA) { 999 struct dhcpv6_ia_addr o_ia_a = { 1000 .type = htons(DHCPV6_OPT_IA_ADDR), 1001 .len = htons(sizeof(o_ia_a) - 4), 1002 .addr = addrs[i].addr.in6, 1003 .preferred = htonl(prefix_pref), 1004 .valid = htonl(prefix_valid) 1005 }; 1006 1007 o_ia_a.addr.s6_addr32[2] = htonl(a->assigned_host_id >> 32); 1008 o_ia_a.addr.s6_addr32[3] = htonl(a->assigned_host_id & UINT32_MAX); 1009 1010 if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs)) 1011 continue; 1012 1013 if (buflen < ia_len + sizeof(o_ia_a)) 1014 return 0; 1015 1016 memcpy(buf + ia_len, &o_ia_a, sizeof(o_ia_a)); 1017 ia_len += sizeof(o_ia_a); 1018 } 1019 1020 /* Calculate T1 / T2 based on non-deprecated addresses */ 1021 if (prefix_pref > 0) { 1022 if (prefix_pref < pref) 1023 pref = prefix_pref; 1024 1025 if (prefix_valid < valid) 1026 valid = prefix_valid; 1027 } 1028 } 1029 1030 if (!INFINITE_VALID(a->valid_until)) 1031 /* UINT32_MAX is considered as infinite leasetime */ 1032 a->valid_until = (valid == UINT32_MAX) ? 0 : valid + now; 1033 1034 if (!INFINITE_VALID(a->preferred_until)) 1035 /* UINT32_MAX is considered as infinite leasetime */ 1036 a->preferred_until = (pref == UINT32_MAX) ? 0 : pref + now; 1037 1038 o_ia.t1 = htonl((pref == UINT32_MAX) ? pref : pref * 5 / 10); 1039 o_ia.t2 = htonl((pref == UINT32_MAX) ? pref : pref * 8 / 10); 1040 1041 if (!o_ia.t1) 1042 o_ia.t1 = htonl(1); 1043 1044 if (!o_ia.t2) 1045 o_ia.t2 = htonl(1); 1046 } 1047 1048 if (!request) { 1049 uint8_t *odata, *end = ((uint8_t*)ia) + htons(ia->len) + 4; 1050 uint16_t otype, olen; 1051 1052 dhcpv6_for_each_option((uint8_t*)&ia[1], end, otype, olen, odata) { 1053 struct dhcpv6_ia_prefix *ia_p = (struct dhcpv6_ia_prefix *)&odata[-4]; 1054 struct dhcpv6_ia_addr *ia_a = (struct dhcpv6_ia_addr *)&odata[-4]; 1055 bool found = false; 1056 1057 if ((otype != DHCPV6_OPT_IA_PREFIX || olen < sizeof(*ia_p) - 4) && 1058 (otype != DHCPV6_OPT_IA_ADDR || olen < sizeof(*ia_a) - 4)) 1059 continue; 1060 1061 if (a) { 1062 struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6; 1063 size_t addrlen = (a->managed) ? (size_t)a->managed_size : iface->addr6_len; 1064 1065 for (size_t i = 0; i < addrlen; ++i) { 1066 struct in6_addr addr; 1067 1068 if (!valid_addr(&addrs[i], now)) 1069 continue; 1070 1071 if (!valid_prefix_length(a, addrs[i].prefix)) 1072 continue; 1073 1074 if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface)) 1075 continue; 1076 1077 addr = addrs[i].addr.in6; 1078 if (ia->type == htons(DHCPV6_OPT_IA_PD)) { 1079 addr.s6_addr32[1] |= htonl(a->assigned_subnet_id); 1080 addr.s6_addr32[2] = addr.s6_addr32[3] = 0; 1081 1082 if (!memcmp(&ia_p->addr, &addr, sizeof(addr)) && 1083 ia_p->prefix == ((a->managed) ? addrs[i].prefix : a->length)) 1084 found = true; 1085 } else { 1086 addr.s6_addr32[2] = htonl(a->assigned_host_id >> 32); 1087 addr.s6_addr32[3] = htonl(a->assigned_host_id & UINT32_MAX); 1088 1089 if (!memcmp(&ia_a->addr, &addr, sizeof(addr))) 1090 found = true; 1091 } 1092 } 1093 } 1094 1095 if (!found) { 1096 if (otype == DHCPV6_OPT_IA_PREFIX) { 1097 struct dhcpv6_ia_prefix o_ia_p = { 1098 .type = htons(DHCPV6_OPT_IA_PREFIX), 1099 .len = htons(sizeof(o_ia_p) - 4), 1100 .preferred = 0, 1101 .valid = 0, 1102 .prefix = ia_p->prefix, 1103 .addr = ia_p->addr, 1104 }; 1105 1106 if (buflen < ia_len + sizeof(o_ia_p)) 1107 return 0; 1108 1109 memcpy(buf + ia_len, &o_ia_p, sizeof(o_ia_p)); 1110 ia_len += sizeof(o_ia_p); 1111 } else { 1112 struct dhcpv6_ia_addr o_ia_a = { 1113 .type = htons(DHCPV6_OPT_IA_ADDR), 1114 .len = htons(sizeof(o_ia_a) - 4), 1115 .addr = ia_a->addr, 1116 .preferred = 0, 1117 .valid = 0, 1118 }; 1119 1120 if (buflen < ia_len + sizeof(o_ia_a)) 1121 continue; 1122 1123 memcpy(buf + ia_len, &o_ia_a, sizeof(o_ia_a)); 1124 ia_len += sizeof(o_ia_a); 1125 } 1126 } 1127 } 1128 } 1129 1130 o_ia.len = htons(ia_len - 4); 1131 memcpy(buf, &o_ia, sizeof(o_ia)); 1132 return ia_len; 1133 } 1134 1135 struct log_ctxt { 1136 char *buf; 1137 int buf_len; 1138 int buf_idx; 1139 }; 1140 1141 static void dhcpv6_log_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref, 1142 _unused uint32_t valid, void *arg) 1143 { 1144 struct log_ctxt *ctxt = (struct log_ctxt *)arg; 1145 char addrbuf[INET6_ADDRSTRLEN]; 1146 1147 inet_ntop(AF_INET6, addr, addrbuf, sizeof(addrbuf)); 1148 ctxt->buf_idx += snprintf(ctxt->buf + ctxt->buf_idx, ctxt->buf_len - ctxt->buf_idx, 1149 "%s/%d ", addrbuf, prefix); 1150 } 1151 1152 static void dhcpv6_log(uint8_t msgtype, struct interface *iface, time_t now, 1153 const char *duidbuf, bool is_pd, struct dhcp_assignment *a, int code) 1154 { 1155 const char *type = "UNKNOWN"; 1156 const char *status = "UNKNOWN"; 1157 1158 switch (msgtype) { 1159 case DHCPV6_MSG_SOLICIT: 1160 type = "SOLICIT"; 1161 break; 1162 case DHCPV6_MSG_REQUEST: 1163 type = "REQUEST"; 1164 break; 1165 case DHCPV6_MSG_CONFIRM: 1166 type = "CONFIRM"; 1167 break; 1168 case DHCPV6_MSG_RENEW: 1169 type = "RENEW"; 1170 break; 1171 case DHCPV6_MSG_REBIND: 1172 type = "REBIND"; 1173 break; 1174 case DHCPV6_MSG_RELEASE: 1175 type = "RELEASE"; 1176 break; 1177 case DHCPV6_MSG_DECLINE: 1178 type = "DECLINE"; 1179 break; 1180 } 1181 1182 switch (code) { 1183 case DHCPV6_STATUS_OK: 1184 status = "ok"; 1185 break; 1186 case DHCPV6_STATUS_NOADDRSAVAIL: 1187 status = "no addresses available"; 1188 break; 1189 case DHCPV6_STATUS_NOBINDING: 1190 status = "no binding"; 1191 break; 1192 case DHCPV6_STATUS_NOTONLINK: 1193 status = "not on-link"; 1194 break; 1195 case DHCPV6_STATUS_NOPREFIXAVAIL: 1196 status = "no prefix available"; 1197 break; 1198 } 1199 1200 char leasebuf[256] = ""; 1201 1202 if (a) { 1203 struct log_ctxt ctxt = {.buf = leasebuf, 1204 .buf_len = sizeof(leasebuf), 1205 .buf_idx = 0 }; 1206 1207 dhcpv6_ia_enum_addrs(iface, a, now, dhcpv6_log_ia_addr, &ctxt); 1208 } 1209 1210 syslog(LOG_INFO, "DHCPV6 %s %s from %s on %s: %s %s", type, (is_pd) ? "IA_PD" : "IA_NA", 1211 duidbuf, iface->name, status, leasebuf); 1212 } 1213 1214 static bool dhcpv6_ia_on_link(const struct dhcpv6_ia_hdr *ia, struct dhcp_assignment *a, 1215 struct interface *iface) 1216 { 1217 struct odhcpd_ipaddr *addrs = (a && a->managed) ? a->managed : iface->addr6; 1218 size_t addrlen = (a && a->managed) ? (size_t)a->managed_size : iface->addr6_len; 1219 time_t now = odhcpd_time(); 1220 uint8_t *odata, *end = ((uint8_t*)ia) + htons(ia->len) + 4; 1221 uint16_t otype, olen; 1222 bool onlink = true; 1223 1224 dhcpv6_for_each_option((uint8_t*)&ia[1], end, otype, olen, odata) { 1225 struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix *)&odata[-4]; 1226 struct dhcpv6_ia_addr *n = (struct dhcpv6_ia_addr *)&odata[-4]; 1227 1228 if ((otype != DHCPV6_OPT_IA_PREFIX || olen < sizeof(*p) - 4) && 1229 (otype != DHCPV6_OPT_IA_ADDR || olen < sizeof(*n) - 4)) 1230 continue; 1231 1232 onlink = false; 1233 for (size_t i = 0; i < addrlen; ++i) { 1234 if (!valid_addr(&addrs[i], now)) 1235 continue; 1236 1237 if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface)) 1238 continue; 1239 1240 if (ia->type == htons(DHCPV6_OPT_IA_PD)) { 1241 if (p->prefix < addrs[i].prefix || 1242 odhcpd_bmemcmp(&p->addr, &addrs[i].addr.in6, addrs[i].prefix)) 1243 continue; 1244 1245 } else if (odhcpd_bmemcmp(&n->addr, &addrs[i].addr.in6, addrs[i].prefix)) 1246 continue; 1247 1248 onlink = true; 1249 } 1250 1251 if (!onlink) 1252 break; 1253 } 1254 1255 return onlink; 1256 } 1257 1258 ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *iface, 1259 const struct sockaddr_in6 *addr, const void *data, const uint8_t *end) 1260 { 1261 struct lease *l; 1262 struct dhcp_assignment *first = NULL; 1263 const struct dhcpv6_client_header *hdr = data; 1264 time_t now = odhcpd_time(); 1265 uint16_t otype, olen, clid_len = 0; 1266 uint8_t *start = (uint8_t *)&hdr[1], *odata; 1267 uint8_t *clid_data = NULL, mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1268 size_t hostname_len = 0, response_len = 0; 1269 bool notonlink = false, rapid_commit = false, accept_reconf = false; 1270 char duidbuf[261], hostname[256]; 1271 1272 dhcpv6_for_each_option(start, end, otype, olen, odata) { 1273 if (otype == DHCPV6_OPT_CLIENTID) { 1274 clid_data = odata; 1275 clid_len = olen; 1276 1277 if (olen == 14 && odata[0] == 0 && odata[1] == 1) 1278 memcpy(mac, &odata[8], sizeof(mac)); 1279 else if (olen == 10 && odata[0] == 0 && odata[1] == 3) 1280 memcpy(mac, &odata[4], sizeof(mac)); 1281 1282 if (olen <= 130) 1283 odhcpd_hexlify(duidbuf, odata, olen); 1284 } else if (otype == DHCPV6_OPT_FQDN && olen >= 2 && olen <= 255) { 1285 uint8_t fqdn_buf[256]; 1286 memcpy(fqdn_buf, odata, olen); 1287 fqdn_buf[olen++] = 0; 1288 1289 if (dn_expand(&fqdn_buf[1], &fqdn_buf[olen], &fqdn_buf[1], hostname, sizeof(hostname)) > 0) 1290 hostname_len = strcspn(hostname, "."); 1291 } else if (otype == DHCPV6_OPT_RECONF_ACCEPT) 1292 accept_reconf = true; 1293 else if (otype == DHCPV6_OPT_RAPID_COMMIT && hdr->msg_type == DHCPV6_MSG_SOLICIT) 1294 rapid_commit = true; 1295 } 1296 1297 if (!clid_data || !clid_len || clid_len > 130) 1298 goto out; 1299 1300 l = config_find_lease_by_duid(clid_data, clid_len); 1301 if (!l) 1302 l = config_find_lease_by_mac(mac); 1303 1304 dhcpv6_for_each_option(start, end, otype, olen, odata) { 1305 bool is_pd = (otype == DHCPV6_OPT_IA_PD); 1306 bool is_na = (otype == DHCPV6_OPT_IA_NA); 1307 bool ia_addr_present = false; 1308 if (!is_pd && !is_na) 1309 continue; 1310 1311 struct dhcpv6_ia_hdr *ia = (struct dhcpv6_ia_hdr*)&odata[-4]; 1312 size_t ia_response_len = 0; 1313 uint8_t reqlen = (is_pd) ? 62 : 128; 1314 uint32_t reqhint = 0; 1315 1316 /* Parse request hint for IA-PD */ 1317 if (is_pd) { 1318 uint8_t *sdata; 1319 uint16_t stype, slen; 1320 dhcpv6_for_each_option(&ia[1], odata + olen, stype, slen, sdata) { 1321 if (stype != DHCPV6_OPT_IA_PREFIX || slen < sizeof(struct dhcpv6_ia_prefix) - 4) 1322 continue; 1323 1324 struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix*)&sdata[-4]; 1325 if (p->prefix) { 1326 reqlen = p->prefix; 1327 reqhint = ntohl(p->addr.s6_addr32[1]); 1328 if (reqlen > 32 && reqlen <= 64) 1329 reqhint &= (1U << (64 - reqlen)) - 1; 1330 } 1331 } 1332 1333 if (reqlen > 64) 1334 reqlen = 64; 1335 } else if (is_na) { 1336 uint8_t *sdata; 1337 uint16_t stype, slen; 1338 dhcpv6_for_each_option(&ia[1], odata + olen, stype, slen, sdata) { 1339 if (stype != DHCPV6_OPT_IA_ADDR || slen < sizeof(struct dhcpv6_ia_addr) - 4) 1340 continue; 1341 1342 ia_addr_present = true; 1343 } 1344 } 1345 1346 /* Find assignment */ 1347 struct dhcp_assignment *c, *a = NULL; 1348 list_for_each_entry(c, &iface->ia_assignments, head) { 1349 if ((c->clid_len == clid_len && !memcmp(c->clid_data, clid_data, clid_len)) && 1350 c->iaid == ia->iaid && (INFINITE_VALID(c->valid_until) || now < c->valid_until) && 1351 ((is_pd && (c->flags & OAF_DHCPV6_PD)) || (is_na && (c->flags & OAF_DHCPV6_NA)))) { 1352 a = c; 1353 1354 /* Reset state */ 1355 if (a->flags & OAF_BOUND) 1356 apply_lease(a, false); 1357 1358 stop_reconf(a); 1359 break; 1360 } 1361 } 1362 1363 if (l && a && a->lease != l) { 1364 free_assignment(a); 1365 a = NULL; 1366 } 1367 1368 /* Generic message handling */ 1369 uint16_t status = DHCPV6_STATUS_OK; 1370 if (a && a->managed_size < 0) 1371 return -1; 1372 1373 if (hdr->msg_type == DHCPV6_MSG_SOLICIT || 1374 hdr->msg_type == DHCPV6_MSG_REQUEST || 1375 (hdr->msg_type == DHCPV6_MSG_REBIND && !a)) { 1376 bool assigned = !!a; 1377 1378 if (!a) { 1379 if ((!iface->no_dynamic_dhcp || (l && is_na)) && 1380 (iface->dhcpv6_pd || iface->dhcpv6_na)) { 1381 /* Create new binding */ 1382 a = alloc_assignment(clid_len); 1383 1384 if (a) { 1385 a->clid_len = clid_len; 1386 memcpy(a->clid_data, clid_data, clid_len); 1387 a->iaid = ia->iaid; 1388 a->length = reqlen; 1389 a->peer = *addr; 1390 if (is_na) 1391 a->assigned_host_id = l ? l->hostid : 0; 1392 else 1393 a->assigned_subnet_id = reqhint; 1394 a->valid_until = now; 1395 a->preferred_until = now; 1396 a->dhcp_free_cb = dhcpv6_ia_free_assignment; 1397 a->iface = iface; 1398 a->flags = (is_pd ? OAF_DHCPV6_PD : OAF_DHCPV6_NA); 1399 1400 if (first) 1401 memcpy(a->key, first->key, sizeof(a->key)); 1402 else 1403 odhcpd_urandom(a->key, sizeof(a->key)); 1404 1405 if (is_pd && iface->dhcpv6_pd) 1406 while (!(assigned = assign_pd(iface, a)) && 1407 !a->managed_size && ++a->length <= 64); 1408 else if (is_na && iface->dhcpv6_na) 1409 assigned = assign_na(iface, a); 1410 1411 if (l && assigned) { 1412 a->flags |= OAF_STATIC; 1413 1414 if (l->hostname) 1415 a->hostname = strdup(l->hostname); 1416 1417 if (l->leasetime) 1418 a->leasetime = l->leasetime; 1419 1420 list_add(&a->lease_list, &l->assignments); 1421 a->lease = l; 1422 } 1423 1424 if (a->managed_size && !assigned) 1425 return -1; 1426 } 1427 } 1428 } 1429 1430 if (!assigned || iface->addr6_len == 0) 1431 /* Set error status */ 1432 status = (is_pd) ? DHCPV6_STATUS_NOPREFIXAVAIL : DHCPV6_STATUS_NOADDRSAVAIL; 1433 else if (hdr->msg_type == DHCPV6_MSG_REQUEST && !dhcpv6_ia_on_link(ia, a, iface)) { 1434 /* Send NOTONLINK staus for the IA */ 1435 status = DHCPV6_STATUS_NOTONLINK; 1436 assigned = false; 1437 } else if (accept_reconf && assigned && !first && 1438 hdr->msg_type != DHCPV6_MSG_REBIND) { 1439 size_t handshake_len = 4; 1440 buf[0] = 0; 1441 buf[1] = DHCPV6_OPT_RECONF_ACCEPT; 1442 buf[2] = 0; 1443 buf[3] = 0; 1444 1445 if (hdr->msg_type == DHCPV6_MSG_REQUEST) { 1446 struct dhcpv6_auth_reconfigure auth = { 1447 htons(DHCPV6_OPT_AUTH), 1448 htons(sizeof(auth) - 4), 1449 3, 1, 0, 1450 {htonl(time(NULL)), htonl(++serial)}, 1451 1, 1452 {0} 1453 }; 1454 memcpy(auth.key, a->key, sizeof(a->key)); 1455 memcpy(buf + handshake_len, &auth, sizeof(auth)); 1456 handshake_len += sizeof(auth); 1457 } 1458 1459 1460 buf += handshake_len; 1461 buflen -= handshake_len; 1462 response_len += handshake_len; 1463 1464 first = a; 1465 } 1466 1467 ia_response_len = build_ia(buf, buflen, status, ia, a, iface, 1468 hdr->msg_type == DHCPV6_MSG_REBIND ? false : true); 1469 1470 /* Was only a solicitation: mark binding for removal */ 1471 if (assigned && hdr->msg_type == DHCPV6_MSG_SOLICIT && !rapid_commit) { 1472 a->flags &= ~OAF_BOUND; 1473 a->flags |= OAF_TENTATIVE; 1474 1475 /* Keep tentative assignment around for 60 seconds */ 1476 a->valid_until = now + 60; 1477 1478 } else if (assigned && 1479 ((hdr->msg_type == DHCPV6_MSG_SOLICIT && rapid_commit) || 1480 hdr->msg_type == DHCPV6_MSG_REQUEST || 1481 hdr->msg_type == DHCPV6_MSG_REBIND)) { 1482 if ((!(a->flags & OAF_STATIC) || !a->hostname) && hostname_len > 0) { 1483 a->hostname = realloc(a->hostname, hostname_len + 1); 1484 if (a->hostname) { 1485 memcpy(a->hostname, hostname, hostname_len); 1486 a->hostname[hostname_len] = 0; 1487 1488 if (odhcpd_valid_hostname(a->hostname)) 1489 a->flags &= ~OAF_BROKEN_HOSTNAME; 1490 else 1491 a->flags |= OAF_BROKEN_HOSTNAME; 1492 } 1493 } 1494 a->accept_reconf = accept_reconf; 1495 a->flags &= ~OAF_TENTATIVE; 1496 a->flags |= OAF_BOUND; 1497 apply_lease(a, true); 1498 } else if (!assigned && a && a->managed_size == 0) { 1499 /* Cleanup failed assignment */ 1500 free_assignment(a); 1501 a = NULL; 1502 } 1503 } else if (hdr->msg_type == DHCPV6_MSG_RENEW || 1504 hdr->msg_type == DHCPV6_MSG_RELEASE || 1505 hdr->msg_type == DHCPV6_MSG_REBIND || 1506 hdr->msg_type == DHCPV6_MSG_DECLINE) { 1507 if (!a && hdr->msg_type != DHCPV6_MSG_REBIND) { 1508 status = DHCPV6_STATUS_NOBINDING; 1509 ia_response_len = build_ia(buf, buflen, status, ia, a, iface, false); 1510 } else if (hdr->msg_type == DHCPV6_MSG_RENEW || 1511 hdr->msg_type == DHCPV6_MSG_REBIND) { 1512 ia_response_len = build_ia(buf, buflen, status, ia, a, iface, false); 1513 if (a) { 1514 a->flags |= OAF_BOUND; 1515 apply_lease(a, true); 1516 } 1517 } else if (hdr->msg_type == DHCPV6_MSG_RELEASE) { 1518 a->valid_until = now - 1; 1519 } else if ((a->flags & OAF_DHCPV6_NA) && hdr->msg_type == DHCPV6_MSG_DECLINE) { 1520 a->flags &= ~OAF_BOUND; 1521 1522 if (!(a->flags & OAF_STATIC) || a->lease->hostid != a->assigned_host_id) { 1523 memset(a->clid_data, 0, a->clid_len); 1524 a->valid_until = now + 3600; /* Block address for 1h */ 1525 } else 1526 a->valid_until = now - 1; 1527 } 1528 } else if (hdr->msg_type == DHCPV6_MSG_CONFIRM) { 1529 if (ia_addr_present && !dhcpv6_ia_on_link(ia, a, iface)) { 1530 notonlink = true; 1531 break; 1532 } 1533 1534 if (!ia_addr_present || !a || !(a->flags & OAF_BOUND)) { 1535 response_len = 0; 1536 goto out; 1537 } 1538 } 1539 1540 buf += ia_response_len; 1541 buflen -= ia_response_len; 1542 response_len += ia_response_len; 1543 dhcpv6_log(hdr->msg_type, iface, now, duidbuf, is_pd, a, status); 1544 } 1545 1546 switch (hdr->msg_type) { 1547 case DHCPV6_MSG_RELEASE: 1548 case DHCPV6_MSG_DECLINE: 1549 case DHCPV6_MSG_CONFIRM: 1550 if (response_len + 6 < buflen) { 1551 buf[0] = 0; 1552 buf[1] = DHCPV6_OPT_STATUS; 1553 buf[2] = 0; 1554 buf[3] = 2; 1555 buf[4] = 0; 1556 buf[5] = (notonlink) ? DHCPV6_STATUS_NOTONLINK : DHCPV6_STATUS_OK; 1557 response_len += 6; 1558 } 1559 break; 1560 1561 default: 1562 break; 1563 } 1564 1565 dhcpv6_ia_write_statefile(); 1566 1567 out: 1568 return response_len; 1569 } 1570
This page was automatically generated by LXR 0.3.1. • OpenWrt