• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/odhcpd/src/dhcpv6.c

  1 /**
  2  * Copyright (C) 2012-2013 Steven Barth <steven@midlink.org>
  3  * Copyright (C) 2018 Hans Dedecker <dedeckeh@gmail.com>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License v2 as published by
  7  * the Free Software Foundation.
  8  *
  9  * This program is distributed in the hope that it will be useful,
 10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12  * GNU General Public License for more details.
 13  *
 14  *
 15  */
 16 
 17 #include <errno.h>
 18 #include <unistd.h>
 19 #include <stddef.h>
 20 #include <resolv.h>
 21 #include <sys/timerfd.h>
 22 #include <arpa/inet.h>
 23 
 24 #include <libubox/utils.h>
 25 
 26 #include "odhcpd.h"
 27 #include "dhcpv6.h"
 28 #include "dhcpv6-pxe.h"
 29 #ifdef DHCPV4_SUPPORT
 30 #include "dhcpv4.h"
 31 #endif
 32 
 33 static void relay_client_request(struct sockaddr_in6 *source,
 34                 const void *data, size_t len, struct interface *iface);
 35 static void relay_server_response(uint8_t *data, size_t len);
 36 
 37 static void handle_dhcpv6(void *addr, void *data, size_t len,
 38                 struct interface *iface, void *dest);
 39 static void handle_client_request(void *addr, void *data, size_t len,
 40                 struct interface *iface, void *dest_addr);
 41 
 42 
 43 /* Create socket and register events */
 44 int dhcpv6_init(void)
 45 {
 46         return dhcpv6_ia_init();
 47 }
 48 
 49 int dhcpv6_setup_interface(struct interface *iface, bool enable)
 50 {
 51         int ret = 0;
 52 
 53         enable = enable && (iface->dhcpv6 != MODE_DISABLED);
 54 
 55         if (iface->dhcpv6_event.uloop.fd >= 0) {
 56                 uloop_fd_delete(&iface->dhcpv6_event.uloop);
 57                 close(iface->dhcpv6_event.uloop.fd);
 58                 iface->dhcpv6_event.uloop.fd = -1;
 59         }
 60 
 61         /* Configure multicast settings */
 62         if (enable) {
 63                 struct sockaddr_in6 bind_addr = {AF_INET6, htons(DHCPV6_SERVER_PORT),
 64                                         0, IN6ADDR_ANY_INIT, 0};
 65                 struct ipv6_mreq mreq;
 66                 int val = 1;
 67 
 68                 iface->dhcpv6_event.uloop.fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
 69                 if (iface->dhcpv6_event.uloop.fd < 0) {
 70                         syslog(LOG_ERR, "socket(AF_INET6): %m");
 71                         ret = -1;
 72                         goto out;
 73                 }
 74 
 75                 /* Basic IPv6 configuration */
 76                 if (setsockopt(iface->dhcpv6_event.uloop.fd, SOL_SOCKET, SO_BINDTODEVICE,
 77                                         iface->ifname, strlen(iface->ifname)) < 0) {
 78                         syslog(LOG_ERR, "setsockopt(SO_BINDTODEVICE): %m");
 79                         ret = -1;
 80                         goto out;
 81                 }
 82 
 83                 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_V6ONLY,
 84                                         &val, sizeof(val)) < 0) {
 85                         syslog(LOG_ERR, "setsockopt(IPV6_V6ONLY): %m");
 86                         ret = -1;
 87                         goto out;
 88                 }
 89 
 90                 if (setsockopt(iface->dhcpv6_event.uloop.fd, SOL_SOCKET, SO_REUSEADDR,
 91                                         &val, sizeof(val)) < 0) {
 92                         syslog(LOG_ERR, "setsockopt(SO_REUSEADDR): %m");
 93                         ret = -1;
 94                         goto out;
 95                 }
 96 
 97                 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
 98                                         &val, sizeof(val)) < 0) {
 99                         syslog(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %m");
100                         ret = -1;
101                         goto out;
102                 }
103 
104                 val = DHCPV6_HOP_COUNT_LIMIT;
105                 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
106                                         &val, sizeof(val)) < 0) {
107                         syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m");
108                         ret = -1;
109                         goto out;
110                 }
111 
112                 val = 0;
113                 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
114                                         &val, sizeof(val)) < 0) {
115                         syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_LOOP): %m");
116                         ret = -1;
117                         goto out;
118                 }
119 
120                 if (bind(iface->dhcpv6_event.uloop.fd, (struct sockaddr*)&bind_addr,
121                                         sizeof(bind_addr)) < 0) {
122                         syslog(LOG_ERR, "bind(): %m");
123                         ret = -1;
124                         goto out;
125                 }
126 
127                 memset(&mreq, 0, sizeof(mreq));
128                 inet_pton(AF_INET6, ALL_DHCPV6_RELAYS, &mreq.ipv6mr_multiaddr);
129                 mreq.ipv6mr_interface = iface->ifindex;
130 
131                 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP,
132                                         &mreq, sizeof(mreq)) < 0) {
133                         syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m");
134                         ret = -1;
135                         goto out;
136                 }
137 
138                 if (iface->dhcpv6 == MODE_SERVER) {
139                         memset(&mreq, 0, sizeof(mreq));
140                         inet_pton(AF_INET6, ALL_DHCPV6_SERVERS, &mreq.ipv6mr_multiaddr);
141                         mreq.ipv6mr_interface = iface->ifindex;
142 
143                         if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP,
144                                                 &mreq, sizeof(mreq)) < 0) {
145                                 syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m");
146                                 ret = -1;
147                                 goto out;
148                         }
149                 }
150 
151                 iface->dhcpv6_event.handle_dgram = handle_dhcpv6;
152                 odhcpd_register(&iface->dhcpv6_event);
153         }
154 
155         ret = dhcpv6_ia_setup_interface(iface, enable);
156 
157 out:
158         if (ret < 0 && iface->dhcpv6_event.uloop.fd >= 0) {
159                 close(iface->dhcpv6_event.uloop.fd);
160                 iface->dhcpv6_event.uloop.fd = -1;
161         }
162 
163         return ret;
164 }
165 
166 enum {
167         IOV_NESTED = 0,
168         IOV_DEST,
169         IOV_MAXRT,
170 #define IOV_STAT IOV_MAXRT
171         IOV_RAPID_COMMIT,
172         IOV_DNS,
173         IOV_DNS_ADDR,
174         IOV_SEARCH,
175         IOV_SEARCH_DOMAIN,
176         IOV_PDBUF,
177 #define IOV_REFRESH IOV_PDBUF
178         IOV_CERID,
179         IOV_DHCPV6_RAW,
180         IOV_NTP,
181         IOV_NTP_ADDR,
182         IOV_SNTP,
183         IOV_SNTP_ADDR,
184         IOV_RELAY_MSG,
185         IOV_DHCPV4O6_SERVER,
186         IOV_DNR,
187         IOV_BOOTFILE_URL,
188         IOV_TOTAL
189 };
190 
191 static void handle_nested_message(uint8_t *data, size_t len,
192                                   struct dhcpv6_client_header **c_hdr, uint8_t **opts,
193                                   uint8_t **end, struct iovec iov[IOV_TOTAL])
194 {
195         struct dhcpv6_relay_header *r_hdr = (struct dhcpv6_relay_header *)data;
196         uint16_t otype, olen;
197         uint8_t *odata;
198 
199         if (iov[IOV_NESTED].iov_base == NULL) {
200                 iov[IOV_NESTED].iov_base = data;
201                 iov[IOV_NESTED].iov_len = len;
202         }
203 
204         if (len < sizeof(struct dhcpv6_client_header))
205                 return;
206 
207         if (r_hdr->msg_type != DHCPV6_MSG_RELAY_FORW) {
208                 iov[IOV_NESTED].iov_len = data - (uint8_t *)iov[IOV_NESTED].iov_base;
209                 *c_hdr = (void *)data;
210                 *opts = (uint8_t *)&(*c_hdr)[1];
211                 *end = data + len;
212                 return;
213         }
214 
215         dhcpv6_for_each_option(r_hdr->options, data + len, otype, olen, odata) {
216                 if (otype == DHCPV6_OPT_RELAY_MSG) {
217                         iov[IOV_RELAY_MSG].iov_base = odata + olen;
218                         iov[IOV_RELAY_MSG].iov_len = (((uint8_t *)iov[IOV_NESTED].iov_base) +
219                                         iov[IOV_NESTED].iov_len) - (odata + olen);
220                         handle_nested_message(odata, olen, c_hdr, opts, end, iov);
221                         return;
222                 }
223         }
224 }
225 
226 
227 static void update_nested_message(uint8_t *data, size_t len, ssize_t pdiff)
228 {
229         struct dhcpv6_relay_header *hdr = (struct dhcpv6_relay_header*)data;
230         if (hdr->msg_type != DHCPV6_MSG_RELAY_FORW)
231                 return;
232 
233         hdr->msg_type = DHCPV6_MSG_RELAY_REPL;
234 
235         uint16_t otype, olen;
236         uint8_t *odata;
237         dhcpv6_for_each_option(hdr->options, data + len, otype, olen, odata) {
238                 if (otype == DHCPV6_OPT_RELAY_MSG) {
239                         olen += pdiff;
240                         odata[-2] = (olen >> 8) & 0xff;
241                         odata[-1] = olen & 0xff;
242                         update_nested_message(odata, olen - pdiff, pdiff);
243                         return;
244                 }
245         }
246 }
247 
248 #ifdef DHCPV4_SUPPORT
249 
250 struct dhcpv4_msg_data {
251         uint8_t *msg;
252         size_t maxsize;
253         ssize_t len;
254 };
255 
256 static int send_reply(_unused const void *buf, size_t len,
257                       _unused const struct sockaddr *dest, _unused socklen_t dest_len,
258                       _unused void *opaque)
259 {
260         struct dhcpv4_msg_data *reply = opaque;
261 
262         if (len > reply->maxsize) {
263                 syslog(LOG_ERR, "4o6: reply too large, %zu > %zu", len, reply->maxsize);
264                 reply->len = -1;
265         } else {
266                 memcpy(reply->msg, buf, len);
267                 reply->len = len;
268         }
269 
270         return reply->len;
271 }
272 
273 static ssize_t dhcpv6_4o6_query(uint8_t *buf, size_t buflen,
274                                 struct interface *iface,
275                                 const struct sockaddr_in6 *addr,
276                                 const void *data, const uint8_t *end)
277 {
278         const struct dhcpv6_client_header *hdr = data;
279         uint16_t otype, olen, msgv4_len = 0;
280         uint8_t *msgv4_data = NULL;
281         uint8_t *start = (uint8_t *)&hdr[1], *odata;
282         struct sockaddr_in addrv4;
283         struct dhcpv4_msg_data reply = { .msg = buf, .maxsize = buflen, .len = -1 };
284 
285         dhcpv6_for_each_option(start, end, otype, olen, odata) {
286                 if (otype == DHCPV6_OPT_DHCPV4_MSG) {
287                         msgv4_data = odata;
288                         msgv4_len = olen;
289                 }
290         }
291 
292         if (!msgv4_data || msgv4_len == 0) {
293                 syslog(LOG_ERR, "4o6: missing DHCPv4 message option (%d)", DHCPV6_OPT_DHCPV4_MSG);
294                 return -1;
295         }
296 
297         // Dummy IPv4 address
298         memset(&addrv4, 0, sizeof(addrv4));
299         addrv4.sin_family = AF_INET;
300         addrv4.sin_addr.s_addr = INADDR_ANY;
301         addrv4.sin_port = htons(DHCPV4_CLIENT_PORT);
302 
303         dhcpv4_handle_msg(&addrv4, msgv4_data, msgv4_len,
304                           iface, NULL, send_reply, &reply);
305 
306         return reply.len;
307 }
308 #endif  /* DHCPV4_SUPPORT */
309 
310 /* Simple DHCPv6-server for information requests */
311 static void handle_client_request(void *addr, void *data, size_t len,
312                 struct interface *iface, void *dest_addr)
313 {
314         struct dhcpv6_client_header *hdr = data;
315         uint8_t *opts = (uint8_t *)&hdr[1], *opts_end = (uint8_t *)data + len;
316         bool o_rapid_commit = false;
317 
318         if (len < sizeof(*hdr))
319                 return;
320 
321         syslog(LOG_DEBUG, "Got a DHCPv6-request on %s", iface->name);
322 
323         /* Construct reply message */
324         struct __attribute__((packed)) {
325                 uint8_t msg_type;
326                 uint8_t tr_id[3];
327                 uint16_t serverid_type;
328                 uint16_t serverid_length;
329                 uint16_t duid_type;
330                 uint16_t hardware_type;
331                 uint8_t mac[6];
332                 uint16_t clientid_type;
333                 uint16_t clientid_length;
334                 uint8_t clientid_buf[130];
335         } dest = {
336                 .msg_type = DHCPV6_MSG_REPLY,
337                 .serverid_type = htons(DHCPV6_OPT_SERVERID),
338                 .serverid_length = htons(10),
339                 .duid_type = htons(3),
340                 .hardware_type = htons(1),
341                 .clientid_type = htons(DHCPV6_OPT_CLIENTID),
342                 .clientid_buf = {0}
343         };
344         odhcpd_get_mac(iface, dest.mac);
345 
346         struct __attribute__((packed)) {
347                 uint16_t type;
348                 uint16_t len;
349                 uint32_t value;
350         } maxrt = {htons(DHCPV6_OPT_SOL_MAX_RT), htons(sizeof(maxrt) - 4),
351                         htonl(60)};
352 
353         struct __attribute__((packed)) {
354                 uint16_t type;
355                 uint16_t len;
356         } rapid_commit = {htons(DHCPV6_OPT_RAPID_COMMIT), 0};
357 
358         struct __attribute__((packed)) {
359                 uint16_t type;
360                 uint16_t len;
361                 uint16_t value;
362         } stat = {htons(DHCPV6_OPT_STATUS), htons(sizeof(stat) - 4),
363                         htons(DHCPV6_STATUS_USEMULTICAST)};
364 
365         struct __attribute__((packed)) {
366                 uint16_t type;
367                 uint16_t len;
368                 uint32_t value;
369         } refresh = {htons(DHCPV6_OPT_INFO_REFRESH), htons(sizeof(uint32_t)),
370                         htonl(600)};
371 
372         struct in6_addr dns_addr, *dns_addr_ptr = iface->dns;
373         size_t dns_cnt = iface->dns_cnt;
374 
375         if ((dns_cnt == 0) &&
376                 !odhcpd_get_interface_dns_addr(iface, &dns_addr)) {
377                 dns_addr_ptr = &dns_addr;
378                 dns_cnt = 1;
379         }
380 
381         struct {
382                 uint16_t type;
383                 uint16_t len;
384         } dns = {htons(DHCPV6_OPT_DNS_SERVERS), htons(dns_cnt * sizeof(*dns_addr_ptr))};
385 
386         /* SNTP */
387         struct in6_addr *sntp_addr_ptr = iface->dhcpv6_sntp;
388         size_t sntp_cnt = 0;
389         struct {
390                 uint16_t type;
391                 uint16_t len;
392         } dhcpv6_sntp;
393 
394         /* NTP */
395         uint8_t *ntp_ptr = iface->dhcpv6_ntp;
396         uint16_t ntp_len = iface->dhcpv6_ntp_len;
397         size_t ntp_cnt = 0;
398         struct {
399                 uint16_t type;
400                 uint16_t len;
401         } ntp;
402 
403         /* DNR */
404         struct dhcpv6_dnr {
405                 uint16_t type;
406                 uint16_t len;
407                 uint16_t priority;
408                 uint16_t adn_len;
409                 uint8_t body[];
410         };
411         struct dhcpv6_dnr *dnrs = NULL;
412         size_t dnrs_len = 0;
413 
414         uint16_t otype, olen;
415         uint8_t *odata;
416         uint16_t *reqopts = NULL;
417         size_t reqopts_cnt = 0;
418 
419         /* FIXME: this should be merged with the second loop further down */
420         dhcpv6_for_each_option(opts, opts_end, otype, olen, odata) {
421                 /* Requested options, array of uint16_t, RFC 8415 ยง21.7 */
422                 if (otype == DHCPV6_OPT_ORO) {
423                         reqopts_cnt = olen / sizeof(uint16_t);
424                         reqopts = (uint16_t *)odata;
425                         break;
426                 }
427         }
428 
429         /* Requested options */
430         for (size_t i = 0; i < reqopts_cnt; i++) {
431                 uint16_t opt = ntohs(reqopts[i]);
432 
433                 switch (opt) {
434                 case DHCPV6_OPT_SNTP_SERVERS:
435                         sntp_cnt = iface->dhcpv6_sntp_cnt;
436                         dhcpv6_sntp.type = htons(DHCPV6_OPT_SNTP_SERVERS);
437                         dhcpv6_sntp.len = htons(sntp_cnt * sizeof(*sntp_addr_ptr));
438                         break;
439 
440                 case DHCPV6_OPT_NTP_SERVERS:
441                         ntp_cnt = iface->dhcpv6_ntp_cnt;
442                         ntp.type = htons(DHCPV6_OPT_NTP_SERVERS);
443                         ntp.len = htons(ntp_len);
444                         break;
445 
446                 case DHCPV6_OPT_DNR:
447                         for (size_t i = 0; i < iface->dnr_cnt; i++) {
448                                 struct dnr_options *dnr = &iface->dnr[i];
449 
450                                 if (dnr->addr6_cnt == 0 && dnr->addr4_cnt > 0)
451                                         continue;
452 
453                                 dnrs_len += sizeof(struct dhcpv6_dnr);
454                                 dnrs_len += dnr->adn_len;
455 
456                                 if (dnr->addr6_cnt > 0 || dnr->svc_len > 0) {
457                                         dnrs_len += sizeof(uint16_t);
458                                         dnrs_len += dnr->addr6_cnt * sizeof(*dnr->addr6);
459                                         dnrs_len += dnr->svc_len;
460                                 }
461                         }
462 
463                         dnrs = alloca(dnrs_len);
464                         uint8_t *pos = (uint8_t *)dnrs;
465 
466                         for (size_t i = 0; i < iface->dnr_cnt; i++) {
467                                 struct dnr_options *dnr = &iface->dnr[i];
468                                 struct dhcpv6_dnr *d6dnr = (struct dhcpv6_dnr *)pos;
469                                 uint16_t d6dnr_type_be = htons(DHCPV6_OPT_DNR);
470                                 uint16_t d6dnr_len = 2 * sizeof(uint16_t) + dnr->adn_len;
471                                 uint16_t d6dnr_len_be;
472                                 uint16_t d6dnr_priority_be = htons(dnr->priority);
473                                 uint16_t d6dnr_adn_len_be = htons(dnr->adn_len);
474 
475                                 if (dnr->addr6_cnt == 0 && dnr->addr4_cnt > 0)
476                                         continue;
477 
478                                 /* memcpy as the struct is unaligned */
479                                 memcpy(&d6dnr->type, &d6dnr_type_be, sizeof(d6dnr_type_be));
480                                 memcpy(&d6dnr->priority, &d6dnr_priority_be, sizeof(d6dnr_priority_be));
481                                 memcpy(&d6dnr->adn_len, &d6dnr_adn_len_be, sizeof(d6dnr_adn_len_be));
482 
483                                 pos = d6dnr->body;
484                                 memcpy(pos, dnr->adn, dnr->adn_len);
485                                 pos += dnr->adn_len;
486 
487                                 if (dnr->addr6_cnt > 0 || dnr->svc_len > 0) {
488                                         uint16_t addr6_len = dnr->addr6_cnt * sizeof(*dnr->addr6);
489                                         uint16_t addr6_len_be = htons(addr6_len);
490 
491                                         memcpy(pos, &addr6_len_be, sizeof(addr6_len_be));
492                                         pos += sizeof(addr6_len_be);
493                                         memcpy(pos, dnr->addr6, addr6_len);
494                                         pos += addr6_len;
495                                         memcpy(pos, dnr->svc, dnr->svc_len);
496                                         pos += dnr->svc_len;
497 
498                                         d6dnr_len += sizeof(addr6_len_be) + addr6_len + dnr->svc_len;
499                                 }
500 
501                                 d6dnr_len_be = htons(d6dnr_len);
502                                 memcpy(&d6dnr->len, &d6dnr_len_be, sizeof(d6dnr_len_be));
503                         }
504                         break;
505                 }
506         }
507 
508         /* DNS Search options */
509         uint8_t search_buf[256], *search_domain = iface->search;
510         size_t search_len = iface->search_len;
511 
512         if (!search_domain && !res_init() && _res.dnsrch[0] && _res.dnsrch[0][0]) {
513                 int len = dn_comp(_res.dnsrch[0], search_buf,
514                                 sizeof(search_buf), NULL, NULL);
515                 if (len > 0) {
516                         search_domain = search_buf;
517                         search_len = len;
518                 }
519         }
520 
521         struct {
522                 uint16_t type;
523                 uint16_t len;
524         } search = {htons(DHCPV6_OPT_DNS_DOMAIN), htons(search_len)};
525 
526 
527         struct __attribute__((packed)) dhcpv4o6_server {
528                 uint16_t type;
529                 uint16_t len;
530                 struct in6_addr addr;
531         } dhcpv4o6_server = {htons(DHCPV6_OPT_4O6_SERVER), htons(sizeof(struct in6_addr)),
532                         IN6ADDR_ANY_INIT};
533 
534         struct dhcpv6_cer_id cerid = {
535 #ifdef EXT_CER_ID
536                 .type = htons(EXT_CER_ID),
537 #endif
538                 .len = htons(36),
539                 .addr = iface->dhcpv6_pd_cer,
540         };
541 
542 
543         uint8_t pdbuf[512];
544         struct iovec iov[IOV_TOTAL] = {
545                 [IOV_NESTED] = {NULL, 0},
546                 [IOV_DEST] = {&dest, (uint8_t*)&dest.clientid_type - (uint8_t*)&dest},
547                 [IOV_MAXRT] = {&maxrt, sizeof(maxrt)},
548                 [IOV_RAPID_COMMIT] = {&rapid_commit, 0},
549                 [IOV_DNS] = {&dns, (dns_cnt) ? sizeof(dns) : 0},
550                 [IOV_DNS_ADDR] = {dns_addr_ptr, dns_cnt * sizeof(*dns_addr_ptr)},
551                 [IOV_SEARCH] = {&search, (search_len) ? sizeof(search) : 0},
552                 [IOV_SEARCH_DOMAIN] = {search_domain, search_len},
553                 [IOV_PDBUF] = {pdbuf, 0},
554                 [IOV_CERID] = {&cerid, 0},
555                 [IOV_DHCPV6_RAW] = {iface->dhcpv6_raw, iface->dhcpv6_raw_len},
556                 [IOV_NTP] = {&ntp, (ntp_cnt) ? sizeof(ntp) : 0},
557                 [IOV_NTP_ADDR] = {ntp_ptr, (ntp_cnt) ? ntp_len : 0},
558                 [IOV_SNTP] = {&dhcpv6_sntp, (sntp_cnt) ? sizeof(dhcpv6_sntp) : 0},
559                 [IOV_SNTP_ADDR] = {sntp_addr_ptr, sntp_cnt * sizeof(*sntp_addr_ptr)},
560                 [IOV_DNR] = {dnrs, dnrs_len},
561                 [IOV_RELAY_MSG] = {NULL, 0},
562                 [IOV_DHCPV4O6_SERVER] = {&dhcpv4o6_server, 0},
563                 [IOV_BOOTFILE_URL] = {NULL, 0}
564         };
565 
566         if (hdr->msg_type == DHCPV6_MSG_RELAY_FORW)
567                 handle_nested_message(data, len, &hdr, &opts, &opts_end, iov);
568 
569         switch (hdr->msg_type) {
570         case DHCPV6_MSG_SOLICIT:
571         case DHCPV6_MSG_REQUEST:
572         case DHCPV6_MSG_CONFIRM:
573         case DHCPV6_MSG_RENEW:
574         case DHCPV6_MSG_REBIND:
575         case DHCPV6_MSG_RELEASE:
576         case DHCPV6_MSG_DECLINE:
577         case DHCPV6_MSG_INFORMATION_REQUEST:
578         case DHCPV6_MSG_RELAY_FORW:
579 #ifdef DHCPV4_SUPPORT
580         case DHCPV6_MSG_DHCPV4_QUERY:
581 #endif
582                 break; /* Valid message types for clients */
583         case DHCPV6_MSG_ADVERTISE:
584         case DHCPV6_MSG_REPLY:
585         case DHCPV6_MSG_RECONFIGURE:
586         case DHCPV6_MSG_RELAY_REPL:
587         case DHCPV6_MSG_DHCPV4_RESPONSE:
588 #ifndef DHCPV4_SUPPORT
589         case DHCPV6_MSG_DHCPV4_QUERY:
590 #endif
591         default:
592                 return; /* Invalid message types for clients */
593         }
594 
595         if (!IN6_IS_ADDR_MULTICAST((struct in6_addr *)dest_addr) && iov[IOV_NESTED].iov_len == 0 &&
596             (hdr->msg_type == DHCPV6_MSG_SOLICIT || hdr->msg_type == DHCPV6_MSG_CONFIRM ||
597              hdr->msg_type == DHCPV6_MSG_REBIND || hdr->msg_type == DHCPV6_MSG_INFORMATION_REQUEST))
598                 return;
599 
600         memcpy(dest.tr_id, hdr->transaction_id, sizeof(dest.tr_id));
601 
602         /* Go through options and find what we need */
603         dhcpv6_for_each_option(opts, opts_end, otype, olen, odata) {
604                 if (otype == DHCPV6_OPT_CLIENTID && olen <= 130) {
605                         dest.clientid_length = htons(olen);
606                         memcpy(dest.clientid_buf, odata, olen);
607                         iov[IOV_DEST].iov_len += 4 + olen;
608                 } else if (otype == DHCPV6_OPT_SERVERID) {
609                         if (olen != ntohs(dest.serverid_length) ||
610                                         memcmp(odata, &dest.duid_type, olen))
611                                 return; /* Not for us */
612                 } else if (iface->filter_class && otype == DHCPV6_OPT_USER_CLASS) {
613                         uint8_t *c = odata, *cend = &odata[olen];
614                         for (; &c[2] <= cend && &c[2 + (c[0] << 8) + c[1]] <= cend; c = &c[2 + (c[0] << 8) + c[1]]) {
615                                 size_t elen = strlen(iface->filter_class);
616                                 if (((((size_t)c[0]) << 8) | c[1]) == elen && !memcmp(&c[2], iface->filter_class, elen))
617                                         return; /* Ignore from homenet */
618                         }
619                 } else if (otype == DHCPV6_OPT_IA_PD) {
620 #ifdef EXT_CER_ID
621                         iov[IOV_CERID].iov_len = sizeof(cerid);
622 
623                         if (IN6_IS_ADDR_UNSPECIFIED(&cerid.addr)) {
624                                 struct odhcpd_ipaddr *addrs;
625                                 ssize_t len = netlink_get_interface_addrs(0, true, &addrs);
626 
627                                 for (ssize_t i = 0; i < len; ++i)
628                                         if (IN6_IS_ADDR_UNSPECIFIED(&cerid.addr)
629                                                         || memcmp(&addrs[i].addr, &cerid.addr, sizeof(cerid.addr)) < 0)
630                                                 cerid.addr = addrs[i].addr.in6;
631 
632                                 free(addrs);
633                         }
634 #endif
635                 } else if (otype == DHCPV6_OPT_RAPID_COMMIT && hdr->msg_type == DHCPV6_MSG_SOLICIT) {
636                         iov[IOV_RAPID_COMMIT].iov_len = sizeof(rapid_commit);
637                         o_rapid_commit = true;
638                 } else if (otype == DHCPV6_OPT_ORO) {
639                         for (int i=0; i < olen/2; i++) {
640                                 uint16_t option = ntohs(((uint16_t *)odata)[i]);
641 
642                                 switch (option) {
643 #ifdef DHCPV4_SUPPORT
644                                 case DHCPV6_OPT_4O6_SERVER:
645                                         if (iface->dhcpv4) {
646                                                 /* According to RFC 7341, 7.2. DHCP 4o6 Server Address Option Format:
647                                                  * This option may also carry no IPv6 addresses, which instructs the
648                                                  * client to use the All_DHCP_Relay_Agents_and_Servers multicast address
649                                                  * as the destination address.
650                                                  *
651                                                  * The ISC dhclient logs a missing IPv6 address as an error but seems to
652                                                  * work anyway:
653                                                  * dhcp4-o-dhcp6-server: expecting at least 16 bytes; got 0
654                                                  *
655                                                  * Include the All_DHCP_Relay_Agents_and_Servers multicast address
656                                                  * to make it explicit which address to use. */
657                                                 struct dhcpv4o6_server *server = iov[IOV_DHCPV4O6_SERVER].iov_base;
658 
659                                                 inet_pton(AF_INET6, ALL_DHCPV6_RELAYS, &server->addr);
660 
661                                                 iov[IOV_DHCPV4O6_SERVER].iov_len = sizeof(dhcpv4o6_server);
662                                         }
663                                         break;
664 #endif /* DHCPV4_SUPPORT */
665                                 default:
666                                         break;
667                                 }
668                         }
669                 } else if (otype == DHCPV6_OPT_CLIENT_ARCH) {
670                         uint16_t arch_code = ntohs(((uint16_t*)odata)[0]);
671                         ipv6_pxe_serve_boot_url(arch_code, &iov[IOV_BOOTFILE_URL]);
672                 }
673         }
674 
675         if (!IN6_IS_ADDR_MULTICAST((struct in6_addr *)dest_addr) && iov[IOV_NESTED].iov_len == 0 &&
676             (hdr->msg_type == DHCPV6_MSG_REQUEST || hdr->msg_type == DHCPV6_MSG_RENEW ||
677              hdr->msg_type == DHCPV6_MSG_RELEASE || hdr->msg_type == DHCPV6_MSG_DECLINE)) {
678                 iov[IOV_STAT].iov_base = &stat;
679                 iov[IOV_STAT].iov_len = sizeof(stat);
680 
681                 for (ssize_t i = IOV_STAT + 1; i < IOV_TOTAL; ++i)
682                         iov[i].iov_len = 0;
683 
684                 odhcpd_send(iface->dhcpv6_event.uloop.fd, addr, iov, ARRAY_SIZE(iov), iface);
685                 return;
686         }
687 
688         if (hdr->msg_type == DHCPV6_MSG_SOLICIT && !o_rapid_commit) {
689                 dest.msg_type = DHCPV6_MSG_ADVERTISE;
690         } else if (hdr->msg_type == DHCPV6_MSG_INFORMATION_REQUEST) {
691                 iov[IOV_REFRESH].iov_base = &refresh;
692                 iov[IOV_REFRESH].iov_len = sizeof(refresh);
693 
694                 /* Return inf max rt option in reply to information request */
695                 maxrt.type = htons(DHCPV6_OPT_INF_MAX_RT);
696         }
697 
698 #ifdef DHCPV4_SUPPORT
699         if (hdr->msg_type == DHCPV6_MSG_DHCPV4_QUERY) {
700                 struct _packed dhcpv4_msg_data {
701                         uint16_t type;
702                         uint16_t len;
703                         uint8_t msg[1];
704                 } *msg_opt = (struct dhcpv4_msg_data*)pdbuf;
705                 ssize_t msglen;
706 
707                 memset(pdbuf, 0, sizeof(pdbuf));
708 
709                 msglen = dhcpv6_4o6_query(msg_opt->msg, sizeof(pdbuf) - sizeof(*msg_opt) + 1,
710                                                 iface, addr, (const void *)hdr, opts_end);
711                 if (msglen <= 0) {
712                         syslog(LOG_ERR, "4o6: query failed");
713                         return;
714                 }
715 
716                 msg_opt->type = htons(DHCPV6_OPT_DHCPV4_MSG);
717                 msg_opt->len = htons(msglen);
718                 iov[IOV_PDBUF].iov_len = sizeof(*msg_opt) - 1 + msglen;
719                 dest.msg_type = DHCPV6_MSG_DHCPV4_RESPONSE;
720         } else
721 #endif  /* DHCPV4_SUPPORT */
722 
723         if (hdr->msg_type != DHCPV6_MSG_INFORMATION_REQUEST) {
724                 ssize_t ialen = dhcpv6_ia_handle_IAs(pdbuf, sizeof(pdbuf), iface, addr, (const void *)hdr, opts_end);
725 
726                 iov[IOV_PDBUF].iov_len = ialen;
727                 if (ialen < 0 ||
728                     (ialen == 0 && (hdr->msg_type == DHCPV6_MSG_REBIND || hdr->msg_type == DHCPV6_MSG_CONFIRM)))
729                         return;
730         }
731 
732         if (iov[IOV_NESTED].iov_len > 0) /* Update length */
733                 update_nested_message(data, len, iov[IOV_DEST].iov_len + iov[IOV_MAXRT].iov_len +
734                                       iov[IOV_RAPID_COMMIT].iov_len + iov[IOV_DNS].iov_len +
735                                       iov[IOV_DNS_ADDR].iov_len + iov[IOV_SEARCH].iov_len +
736                                       iov[IOV_SEARCH_DOMAIN].iov_len + iov[IOV_PDBUF].iov_len +
737                                       iov[IOV_DHCPV4O6_SERVER].iov_len +
738                                       iov[IOV_CERID].iov_len + iov[IOV_DHCPV6_RAW].iov_len +
739                                       iov[IOV_NTP].iov_len + iov[IOV_NTP_ADDR].iov_len +
740                                       iov[IOV_SNTP].iov_len + iov[IOV_SNTP_ADDR].iov_len +
741                                       iov[IOV_DNR].iov_len + iov[IOV_BOOTFILE_URL].iov_len -
742                                       (4 + opts_end - opts));
743 
744         syslog(LOG_DEBUG, "Sending a DHCPv6-%s on %s", iov[IOV_NESTED].iov_len ? "relay-reply" : "reply", iface->name);
745 
746         odhcpd_send(iface->dhcpv6_event.uloop.fd, addr, iov, ARRAY_SIZE(iov), iface);
747 }
748 
749 
750 /* Central DHCPv6-relay handler */
751 static void handle_dhcpv6(void *addr, void *data, size_t len,
752                 struct interface *iface, void *dest_addr)
753 {
754         if (iface->dhcpv6 == MODE_SERVER) {
755                 handle_client_request(addr, data, len, iface, dest_addr);
756         } else if (iface->dhcpv6 == MODE_RELAY) {
757                 if (iface->master)
758                         relay_server_response(data, len);
759                 else
760                         relay_client_request(addr, data, len, iface);
761         }
762 }
763 
764 
765 /* Relay server response (regular relay server handling) */
766 static void relay_server_response(uint8_t *data, size_t len)
767 {
768         /* Information we need to gather */
769         uint8_t *payload_data = NULL;
770         size_t payload_len = 0;
771         int32_t ifaceidx = 0;
772         struct sockaddr_in6 target = {AF_INET6, htons(DHCPV6_CLIENT_PORT),
773                 0, IN6ADDR_ANY_INIT, 0};
774         int otype, olen;
775         uint8_t *odata, *end = data + len;
776         /* Relay DHCPv6 reply from server to client */
777         struct dhcpv6_relay_header *h = (void*)data;
778 
779         syslog(LOG_DEBUG, "Got a DHCPv6-relay-reply");
780 
781         if (len < sizeof(*h) || h->msg_type != DHCPV6_MSG_RELAY_REPL)
782                 return;
783 
784         memcpy(&target.sin6_addr, &h->peer_address, sizeof(struct in6_addr));
785 
786         /* Go through options and find what we need */
787         dhcpv6_for_each_option(h->options, end, otype, olen, odata) {
788                 if (otype == DHCPV6_OPT_INTERFACE_ID
789                                 && olen == sizeof(ifaceidx)) {
790                         memcpy(&ifaceidx, odata, sizeof(ifaceidx));
791                 } else if (otype == DHCPV6_OPT_RELAY_MSG) {
792                         payload_data = odata;
793                         payload_len = olen;
794                 }
795         }
796 
797         /* Invalid interface-id or basic payload */
798         struct interface *iface = odhcpd_get_interface_by_index(ifaceidx);
799         if (!iface || iface->master || !payload_data || payload_len < 4)
800                 return;
801 
802         bool is_authenticated = false;
803         struct in6_addr *dns_ptr = NULL;
804         size_t dns_count = 0;
805 
806         /* If the payload is relay-reply we have to send to the server port */
807         if (payload_data[0] == DHCPV6_MSG_RELAY_REPL) {
808                 target.sin6_port = htons(DHCPV6_SERVER_PORT);
809         } else { /* Go through the payload data */
810                 struct dhcpv6_client_header *h = (void*)payload_data;
811                 end = payload_data + payload_len;
812 
813                 dhcpv6_for_each_option(&h[1], end, otype, olen, odata) {
814                         if (otype == DHCPV6_OPT_DNS_SERVERS && olen >= 16) {
815                                 dns_ptr = (struct in6_addr*)odata;
816                                 dns_count = olen / 16;
817                         } else if (otype == DHCPV6_OPT_AUTH) {
818                                 is_authenticated = true;
819                         }
820                 }
821         }
822 
823         /* Rewrite DNS servers if requested */
824         if (iface->always_rewrite_dns && dns_ptr && dns_count > 0) {
825                 if (is_authenticated)
826                         return; /* Impossible to rewrite */
827 
828                 const struct in6_addr *rewrite = iface->dns;
829                 struct in6_addr addr;
830                 size_t rewrite_cnt = iface->dns_cnt;
831 
832                 if (rewrite_cnt == 0) {
833                         if (odhcpd_get_interface_dns_addr(iface, &addr))
834                                 return; /* Unable to get interface address */
835 
836                         rewrite = &addr;
837                         rewrite_cnt = 1;
838                 }
839 
840                 /* Copy over any other addresses */
841                 for (size_t i = 0; i < dns_count; ++i) {
842                         size_t j = (i < rewrite_cnt) ? i : rewrite_cnt - 1;
843                         memcpy(&dns_ptr[i], &rewrite[j], sizeof(*rewrite));
844                 }
845         }
846 
847         struct iovec iov = {payload_data, payload_len};
848 
849         syslog(LOG_DEBUG, "Sending a DHCPv6-reply on %s", iface->name);
850 
851         odhcpd_send(iface->dhcpv6_event.uloop.fd, &target, &iov, 1, iface);
852 }
853 
854 static struct odhcpd_ipaddr *relay_link_address(struct interface *iface)
855 {
856         struct odhcpd_ipaddr *addr = NULL;
857         time_t now = odhcpd_time();
858 
859         for (size_t i = 0; i < iface->addr6_len; i++) {
860                 if (iface->addr6[i].valid_lt <= (uint32_t)now)
861                         continue;
862 
863                 if (iface->addr6[i].preferred_lt > (uint32_t)now) {
864                         addr = &iface->addr6[i];
865                         break;
866                 }
867 
868                 if (!addr || (iface->addr6[i].valid_lt > addr->valid_lt))
869                         addr = &iface->addr6[i];
870         }
871 
872         return addr;
873 }
874 
875 /* Relay client request (regular DHCPv6-relay) */
876 static void relay_client_request(struct sockaddr_in6 *source,
877                 const void *data, size_t len, struct interface *iface)
878 {
879         const struct dhcpv6_relay_header *h = data;
880         /* Construct our forwarding envelope */
881         struct dhcpv6_relay_forward_envelope hdr = {
882                 .msg_type = DHCPV6_MSG_RELAY_FORW,
883                 .hop_count = 0,
884                 .interface_id_type = htons(DHCPV6_OPT_INTERFACE_ID),
885                 .interface_id_len = htons(sizeof(uint32_t)),
886                 .relay_message_type = htons(DHCPV6_OPT_RELAY_MSG),
887                 .relay_message_len = htons(len),
888         };
889         struct iovec iov[2] = {{&hdr, sizeof(hdr)}, {(void *)data, len}};
890         struct interface *c;
891         struct odhcpd_ipaddr *ip;
892         struct sockaddr_in6 s;
893 
894         if (h->msg_type == DHCPV6_MSG_RELAY_REPL ||
895             h->msg_type == DHCPV6_MSG_RECONFIGURE ||
896             h->msg_type == DHCPV6_MSG_REPLY ||
897             h->msg_type == DHCPV6_MSG_ADVERTISE)
898                 return; /* Invalid message types for client */
899 
900         syslog(LOG_DEBUG, "Got a DHCPv6-request on %s", iface->name);
901 
902         if (h->msg_type == DHCPV6_MSG_RELAY_FORW) { /* handle relay-forward */
903                 if (h->hop_count >= DHCPV6_HOP_COUNT_LIMIT)
904                         return; /* Invalid hop count */
905 
906                 hdr.hop_count = h->hop_count + 1;
907         }
908 
909         /* use memcpy here as the destination fields are unaligned */
910         memcpy(&hdr.peer_address, &source->sin6_addr, sizeof(struct in6_addr));
911         memcpy(&hdr.interface_id_data, &iface->ifindex, sizeof(iface->ifindex));
912 
913         /* Detect public IP of slave interface to use as link-address */
914         ip = relay_link_address(iface);
915         if (ip)
916                 memcpy(&hdr.link_address, &ip->addr.in6, sizeof(hdr.link_address));
917 
918         memset(&s, 0, sizeof(s));
919         s.sin6_family = AF_INET6;
920         s.sin6_port = htons(DHCPV6_SERVER_PORT);
921         inet_pton(AF_INET6, ALL_DHCPV6_SERVERS, &s.sin6_addr);
922 
923         avl_for_each_element(&interfaces, c, avl) {
924                 if (!c->master || c->dhcpv6 != MODE_RELAY)
925                         continue;
926 
927                 if (!ip) {
928                         /* No suitable address! Is the slave not configured yet?
929                          * Detect public IP of master interface and use it instead
930                          * This is WRONG and probably violates the RFC. However
931                          * otherwise we have a hen and egg problem because the
932                          * slave-interface cannot be auto-configured. */
933                         ip = relay_link_address(c);
934                         if (!ip)
935                                 continue; /* Could not obtain a suitable address */
936 
937                         memcpy(&hdr.link_address, &ip->addr.in6, sizeof(hdr.link_address));
938                         ip = NULL;
939                 }
940 
941                 syslog(LOG_DEBUG, "Sending a DHCPv6-relay-forward on %s", c->name);
942 
943                 odhcpd_send(c->dhcpv6_event.uloop.fd, &s, iov, 2, c);
944         }
945 }
946 

This page was automatically generated by LXR 0.3.1.  •  OpenWrt