1 /** 2 * Copyright (C) 2012-2013 Steven Barth <steven@midlink.org> 3 * Copyright (C) 2018 Hans Dedecker <dedeckeh@gmail.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License v2 as published by 7 * the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * 15 */ 16 17 #include <errno.h> 18 #include <unistd.h> 19 #include <stddef.h> 20 #include <resolv.h> 21 #include <sys/timerfd.h> 22 #include <arpa/inet.h> 23 24 #include <libubox/utils.h> 25 26 #include "odhcpd.h" 27 #include "dhcpv6.h" 28 #include "dhcpv6-pxe.h" 29 #ifdef DHCPV4_SUPPORT 30 #include "dhcpv4.h" 31 #endif 32 33 static void relay_client_request(struct sockaddr_in6 *source, 34 const void *data, size_t len, struct interface *iface); 35 static void relay_server_response(uint8_t *data, size_t len); 36 37 static void handle_dhcpv6(void *addr, void *data, size_t len, 38 struct interface *iface, void *dest); 39 static void handle_client_request(void *addr, void *data, size_t len, 40 struct interface *iface, void *dest_addr); 41 42 43 /* Create socket and register events */ 44 int dhcpv6_init(void) 45 { 46 return dhcpv6_ia_init(); 47 } 48 49 int dhcpv6_setup_interface(struct interface *iface, bool enable) 50 { 51 int ret = 0; 52 53 enable = enable && (iface->dhcpv6 != MODE_DISABLED); 54 55 if (iface->dhcpv6_event.uloop.fd >= 0) { 56 uloop_fd_delete(&iface->dhcpv6_event.uloop); 57 close(iface->dhcpv6_event.uloop.fd); 58 iface->dhcpv6_event.uloop.fd = -1; 59 } 60 61 /* Configure multicast settings */ 62 if (enable) { 63 struct sockaddr_in6 bind_addr = {AF_INET6, htons(DHCPV6_SERVER_PORT), 64 0, IN6ADDR_ANY_INIT, 0}; 65 struct ipv6_mreq mreq; 66 int val = 1; 67 68 iface->dhcpv6_event.uloop.fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP); 69 if (iface->dhcpv6_event.uloop.fd < 0) { 70 syslog(LOG_ERR, "socket(AF_INET6): %m"); 71 ret = -1; 72 goto out; 73 } 74 75 /* Basic IPv6 configuration */ 76 if (setsockopt(iface->dhcpv6_event.uloop.fd, SOL_SOCKET, SO_BINDTODEVICE, 77 iface->ifname, strlen(iface->ifname)) < 0) { 78 syslog(LOG_ERR, "setsockopt(SO_BINDTODEVICE): %m"); 79 ret = -1; 80 goto out; 81 } 82 83 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_V6ONLY, 84 &val, sizeof(val)) < 0) { 85 syslog(LOG_ERR, "setsockopt(IPV6_V6ONLY): %m"); 86 ret = -1; 87 goto out; 88 } 89 90 if (setsockopt(iface->dhcpv6_event.uloop.fd, SOL_SOCKET, SO_REUSEADDR, 91 &val, sizeof(val)) < 0) { 92 syslog(LOG_ERR, "setsockopt(SO_REUSEADDR): %m"); 93 ret = -1; 94 goto out; 95 } 96 97 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, 98 &val, sizeof(val)) < 0) { 99 syslog(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %m"); 100 ret = -1; 101 goto out; 102 } 103 104 val = DHCPV6_HOP_COUNT_LIMIT; 105 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, 106 &val, sizeof(val)) < 0) { 107 syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_HOPS): %m"); 108 ret = -1; 109 goto out; 110 } 111 112 val = 0; 113 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, 114 &val, sizeof(val)) < 0) { 115 syslog(LOG_ERR, "setsockopt(IPV6_MULTICAST_LOOP): %m"); 116 ret = -1; 117 goto out; 118 } 119 120 if (bind(iface->dhcpv6_event.uloop.fd, (struct sockaddr*)&bind_addr, 121 sizeof(bind_addr)) < 0) { 122 syslog(LOG_ERR, "bind(): %m"); 123 ret = -1; 124 goto out; 125 } 126 127 memset(&mreq, 0, sizeof(mreq)); 128 inet_pton(AF_INET6, ALL_DHCPV6_RELAYS, &mreq.ipv6mr_multiaddr); 129 mreq.ipv6mr_interface = iface->ifindex; 130 131 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, 132 &mreq, sizeof(mreq)) < 0) { 133 syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m"); 134 ret = -1; 135 goto out; 136 } 137 138 if (iface->dhcpv6 == MODE_SERVER) { 139 memset(&mreq, 0, sizeof(mreq)); 140 inet_pton(AF_INET6, ALL_DHCPV6_SERVERS, &mreq.ipv6mr_multiaddr); 141 mreq.ipv6mr_interface = iface->ifindex; 142 143 if (setsockopt(iface->dhcpv6_event.uloop.fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, 144 &mreq, sizeof(mreq)) < 0) { 145 syslog(LOG_ERR, "setsockopt(IPV6_ADD_MEMBERSHIP): %m"); 146 ret = -1; 147 goto out; 148 } 149 } 150 151 iface->dhcpv6_event.handle_dgram = handle_dhcpv6; 152 odhcpd_register(&iface->dhcpv6_event); 153 } 154 155 ret = dhcpv6_ia_setup_interface(iface, enable); 156 157 out: 158 if (ret < 0 && iface->dhcpv6_event.uloop.fd >= 0) { 159 close(iface->dhcpv6_event.uloop.fd); 160 iface->dhcpv6_event.uloop.fd = -1; 161 } 162 163 return ret; 164 } 165 166 enum { 167 IOV_NESTED = 0, 168 IOV_DEST, 169 IOV_MAXRT, 170 #define IOV_STAT IOV_MAXRT 171 IOV_RAPID_COMMIT, 172 IOV_DNS, 173 IOV_DNS_ADDR, 174 IOV_SEARCH, 175 IOV_SEARCH_DOMAIN, 176 IOV_PDBUF, 177 #define IOV_REFRESH IOV_PDBUF 178 IOV_CERID, 179 IOV_DHCPV6_RAW, 180 IOV_NTP, 181 IOV_NTP_ADDR, 182 IOV_SNTP, 183 IOV_SNTP_ADDR, 184 IOV_RELAY_MSG, 185 IOV_DHCPV4O6_SERVER, 186 IOV_DNR, 187 IOV_BOOTFILE_URL, 188 IOV_TOTAL 189 }; 190 191 static void handle_nested_message(uint8_t *data, size_t len, 192 struct dhcpv6_client_header **c_hdr, uint8_t **opts, 193 uint8_t **end, struct iovec iov[IOV_TOTAL]) 194 { 195 struct dhcpv6_relay_header *r_hdr = (struct dhcpv6_relay_header *)data; 196 uint16_t otype, olen; 197 uint8_t *odata; 198 199 if (iov[IOV_NESTED].iov_base == NULL) { 200 iov[IOV_NESTED].iov_base = data; 201 iov[IOV_NESTED].iov_len = len; 202 } 203 204 if (len < sizeof(struct dhcpv6_client_header)) 205 return; 206 207 if (r_hdr->msg_type != DHCPV6_MSG_RELAY_FORW) { 208 iov[IOV_NESTED].iov_len = data - (uint8_t *)iov[IOV_NESTED].iov_base; 209 *c_hdr = (void *)data; 210 *opts = (uint8_t *)&(*c_hdr)[1]; 211 *end = data + len; 212 return; 213 } 214 215 dhcpv6_for_each_option(r_hdr->options, data + len, otype, olen, odata) { 216 if (otype == DHCPV6_OPT_RELAY_MSG) { 217 iov[IOV_RELAY_MSG].iov_base = odata + olen; 218 iov[IOV_RELAY_MSG].iov_len = (((uint8_t *)iov[IOV_NESTED].iov_base) + 219 iov[IOV_NESTED].iov_len) - (odata + olen); 220 handle_nested_message(odata, olen, c_hdr, opts, end, iov); 221 return; 222 } 223 } 224 } 225 226 227 static void update_nested_message(uint8_t *data, size_t len, ssize_t pdiff) 228 { 229 struct dhcpv6_relay_header *hdr = (struct dhcpv6_relay_header*)data; 230 if (hdr->msg_type != DHCPV6_MSG_RELAY_FORW) 231 return; 232 233 hdr->msg_type = DHCPV6_MSG_RELAY_REPL; 234 235 uint16_t otype, olen; 236 uint8_t *odata; 237 dhcpv6_for_each_option(hdr->options, data + len, otype, olen, odata) { 238 if (otype == DHCPV6_OPT_RELAY_MSG) { 239 olen += pdiff; 240 odata[-2] = (olen >> 8) & 0xff; 241 odata[-1] = olen & 0xff; 242 update_nested_message(odata, olen - pdiff, pdiff); 243 return; 244 } 245 } 246 } 247 248 #ifdef DHCPV4_SUPPORT 249 250 struct dhcpv4_msg_data { 251 uint8_t *msg; 252 size_t maxsize; 253 ssize_t len; 254 }; 255 256 static int send_reply(_unused const void *buf, size_t len, 257 _unused const struct sockaddr *dest, _unused socklen_t dest_len, 258 _unused void *opaque) 259 { 260 struct dhcpv4_msg_data *reply = opaque; 261 262 if (len > reply->maxsize) { 263 syslog(LOG_ERR, "4o6: reply too large, %zu > %zu", len, reply->maxsize); 264 reply->len = -1; 265 } else { 266 memcpy(reply->msg, buf, len); 267 reply->len = len; 268 } 269 270 return reply->len; 271 } 272 273 static ssize_t dhcpv6_4o6_query(uint8_t *buf, size_t buflen, 274 struct interface *iface, 275 const struct sockaddr_in6 *addr, 276 const void *data, const uint8_t *end) 277 { 278 const struct dhcpv6_client_header *hdr = data; 279 uint16_t otype, olen, msgv4_len = 0; 280 uint8_t *msgv4_data = NULL; 281 uint8_t *start = (uint8_t *)&hdr[1], *odata; 282 struct sockaddr_in addrv4; 283 struct dhcpv4_msg_data reply = { .msg = buf, .maxsize = buflen, .len = -1 }; 284 285 dhcpv6_for_each_option(start, end, otype, olen, odata) { 286 if (otype == DHCPV6_OPT_DHCPV4_MSG) { 287 msgv4_data = odata; 288 msgv4_len = olen; 289 } 290 } 291 292 if (!msgv4_data || msgv4_len == 0) { 293 syslog(LOG_ERR, "4o6: missing DHCPv4 message option (%d)", DHCPV6_OPT_DHCPV4_MSG); 294 return -1; 295 } 296 297 // Dummy IPv4 address 298 memset(&addrv4, 0, sizeof(addrv4)); 299 addrv4.sin_family = AF_INET; 300 addrv4.sin_addr.s_addr = INADDR_ANY; 301 addrv4.sin_port = htons(DHCPV4_CLIENT_PORT); 302 303 dhcpv4_handle_msg(&addrv4, msgv4_data, msgv4_len, 304 iface, NULL, send_reply, &reply); 305 306 return reply.len; 307 } 308 #endif /* DHCPV4_SUPPORT */ 309 310 /* Simple DHCPv6-server for information requests */ 311 static void handle_client_request(void *addr, void *data, size_t len, 312 struct interface *iface, void *dest_addr) 313 { 314 struct dhcpv6_client_header *hdr = data; 315 uint8_t *opts = (uint8_t *)&hdr[1], *opts_end = (uint8_t *)data + len; 316 bool o_rapid_commit = false; 317 318 if (len < sizeof(*hdr)) 319 return; 320 321 syslog(LOG_DEBUG, "Got a DHCPv6-request on %s", iface->name); 322 323 /* Construct reply message */ 324 struct __attribute__((packed)) { 325 uint8_t msg_type; 326 uint8_t tr_id[3]; 327 uint16_t serverid_type; 328 uint16_t serverid_length; 329 uint16_t duid_type; 330 uint16_t hardware_type; 331 uint8_t mac[6]; 332 uint16_t clientid_type; 333 uint16_t clientid_length; 334 uint8_t clientid_buf[130]; 335 } dest = { 336 .msg_type = DHCPV6_MSG_REPLY, 337 .serverid_type = htons(DHCPV6_OPT_SERVERID), 338 .serverid_length = htons(10), 339 .duid_type = htons(3), 340 .hardware_type = htons(1), 341 .clientid_type = htons(DHCPV6_OPT_CLIENTID), 342 .clientid_buf = {0} 343 }; 344 odhcpd_get_mac(iface, dest.mac); 345 346 struct __attribute__((packed)) { 347 uint16_t type; 348 uint16_t len; 349 uint32_t value; 350 } maxrt = {htons(DHCPV6_OPT_SOL_MAX_RT), htons(sizeof(maxrt) - 4), 351 htonl(60)}; 352 353 struct __attribute__((packed)) { 354 uint16_t type; 355 uint16_t len; 356 } rapid_commit = {htons(DHCPV6_OPT_RAPID_COMMIT), 0}; 357 358 struct __attribute__((packed)) { 359 uint16_t type; 360 uint16_t len; 361 uint16_t value; 362 } stat = {htons(DHCPV6_OPT_STATUS), htons(sizeof(stat) - 4), 363 htons(DHCPV6_STATUS_USEMULTICAST)}; 364 365 struct __attribute__((packed)) { 366 uint16_t type; 367 uint16_t len; 368 uint32_t value; 369 } refresh = {htons(DHCPV6_OPT_INFO_REFRESH), htons(sizeof(uint32_t)), 370 htonl(600)}; 371 372 struct in6_addr dns_addr, *dns_addr_ptr = iface->dns; 373 size_t dns_cnt = iface->dns_cnt; 374 375 if ((dns_cnt == 0) && 376 !odhcpd_get_interface_dns_addr(iface, &dns_addr)) { 377 dns_addr_ptr = &dns_addr; 378 dns_cnt = 1; 379 } 380 381 struct { 382 uint16_t type; 383 uint16_t len; 384 } dns = {htons(DHCPV6_OPT_DNS_SERVERS), htons(dns_cnt * sizeof(*dns_addr_ptr))}; 385 386 /* SNTP */ 387 struct in6_addr *sntp_addr_ptr = iface->dhcpv6_sntp; 388 size_t sntp_cnt = 0; 389 struct { 390 uint16_t type; 391 uint16_t len; 392 } dhcpv6_sntp; 393 394 /* NTP */ 395 uint8_t *ntp_ptr = iface->dhcpv6_ntp; 396 uint16_t ntp_len = iface->dhcpv6_ntp_len; 397 size_t ntp_cnt = 0; 398 struct { 399 uint16_t type; 400 uint16_t len; 401 } ntp; 402 403 /* DNR */ 404 struct dhcpv6_dnr { 405 uint16_t type; 406 uint16_t len; 407 uint16_t priority; 408 uint16_t adn_len; 409 uint8_t body[]; 410 }; 411 struct dhcpv6_dnr *dnrs = NULL; 412 size_t dnrs_len = 0; 413 414 uint16_t otype, olen; 415 uint8_t *odata; 416 uint16_t *reqopts = NULL; 417 size_t reqopts_cnt = 0; 418 419 /* FIXME: this should be merged with the second loop further down */ 420 dhcpv6_for_each_option(opts, opts_end, otype, olen, odata) { 421 /* Requested options, array of uint16_t, RFC 8415 ยง21.7 */ 422 if (otype == DHCPV6_OPT_ORO) { 423 reqopts_cnt = olen / sizeof(uint16_t); 424 reqopts = (uint16_t *)odata; 425 break; 426 } 427 } 428 429 /* Requested options */ 430 for (size_t i = 0; i < reqopts_cnt; i++) { 431 uint16_t opt = ntohs(reqopts[i]); 432 433 switch (opt) { 434 case DHCPV6_OPT_SNTP_SERVERS: 435 sntp_cnt = iface->dhcpv6_sntp_cnt; 436 dhcpv6_sntp.type = htons(DHCPV6_OPT_SNTP_SERVERS); 437 dhcpv6_sntp.len = htons(sntp_cnt * sizeof(*sntp_addr_ptr)); 438 break; 439 440 case DHCPV6_OPT_NTP_SERVERS: 441 ntp_cnt = iface->dhcpv6_ntp_cnt; 442 ntp.type = htons(DHCPV6_OPT_NTP_SERVERS); 443 ntp.len = htons(ntp_len); 444 break; 445 446 case DHCPV6_OPT_DNR: 447 for (size_t i = 0; i < iface->dnr_cnt; i++) { 448 struct dnr_options *dnr = &iface->dnr[i]; 449 450 if (dnr->addr6_cnt == 0 && dnr->addr4_cnt > 0) 451 continue; 452 453 dnrs_len += sizeof(struct dhcpv6_dnr); 454 dnrs_len += dnr->adn_len; 455 456 if (dnr->addr6_cnt > 0 || dnr->svc_len > 0) { 457 dnrs_len += sizeof(uint16_t); 458 dnrs_len += dnr->addr6_cnt * sizeof(*dnr->addr6); 459 dnrs_len += dnr->svc_len; 460 } 461 } 462 463 dnrs = alloca(dnrs_len); 464 uint8_t *pos = (uint8_t *)dnrs; 465 466 for (size_t i = 0; i < iface->dnr_cnt; i++) { 467 struct dnr_options *dnr = &iface->dnr[i]; 468 struct dhcpv6_dnr *d6dnr = (struct dhcpv6_dnr *)pos; 469 uint16_t d6dnr_type_be = htons(DHCPV6_OPT_DNR); 470 uint16_t d6dnr_len = 2 * sizeof(uint16_t) + dnr->adn_len; 471 uint16_t d6dnr_len_be; 472 uint16_t d6dnr_priority_be = htons(dnr->priority); 473 uint16_t d6dnr_adn_len_be = htons(dnr->adn_len); 474 475 if (dnr->addr6_cnt == 0 && dnr->addr4_cnt > 0) 476 continue; 477 478 /* memcpy as the struct is unaligned */ 479 memcpy(&d6dnr->type, &d6dnr_type_be, sizeof(d6dnr_type_be)); 480 memcpy(&d6dnr->priority, &d6dnr_priority_be, sizeof(d6dnr_priority_be)); 481 memcpy(&d6dnr->adn_len, &d6dnr_adn_len_be, sizeof(d6dnr_adn_len_be)); 482 483 pos = d6dnr->body; 484 memcpy(pos, dnr->adn, dnr->adn_len); 485 pos += dnr->adn_len; 486 487 if (dnr->addr6_cnt > 0 || dnr->svc_len > 0) { 488 uint16_t addr6_len = dnr->addr6_cnt * sizeof(*dnr->addr6); 489 uint16_t addr6_len_be = htons(addr6_len); 490 491 memcpy(pos, &addr6_len_be, sizeof(addr6_len_be)); 492 pos += sizeof(addr6_len_be); 493 memcpy(pos, dnr->addr6, addr6_len); 494 pos += addr6_len; 495 memcpy(pos, dnr->svc, dnr->svc_len); 496 pos += dnr->svc_len; 497 498 d6dnr_len += sizeof(addr6_len_be) + addr6_len + dnr->svc_len; 499 } 500 501 d6dnr_len_be = htons(d6dnr_len); 502 memcpy(&d6dnr->len, &d6dnr_len_be, sizeof(d6dnr_len_be)); 503 } 504 break; 505 } 506 } 507 508 /* DNS Search options */ 509 uint8_t search_buf[256], *search_domain = iface->search; 510 size_t search_len = iface->search_len; 511 512 if (!search_domain && !res_init() && _res.dnsrch[0] && _res.dnsrch[0][0]) { 513 int len = dn_comp(_res.dnsrch[0], search_buf, 514 sizeof(search_buf), NULL, NULL); 515 if (len > 0) { 516 search_domain = search_buf; 517 search_len = len; 518 } 519 } 520 521 struct { 522 uint16_t type; 523 uint16_t len; 524 } search = {htons(DHCPV6_OPT_DNS_DOMAIN), htons(search_len)}; 525 526 527 struct __attribute__((packed)) dhcpv4o6_server { 528 uint16_t type; 529 uint16_t len; 530 struct in6_addr addr; 531 } dhcpv4o6_server = {htons(DHCPV6_OPT_4O6_SERVER), htons(sizeof(struct in6_addr)), 532 IN6ADDR_ANY_INIT}; 533 534 struct dhcpv6_cer_id cerid = { 535 #ifdef EXT_CER_ID 536 .type = htons(EXT_CER_ID), 537 #endif 538 .len = htons(36), 539 .addr = iface->dhcpv6_pd_cer, 540 }; 541 542 543 uint8_t pdbuf[512]; 544 struct iovec iov[IOV_TOTAL] = { 545 [IOV_NESTED] = {NULL, 0}, 546 [IOV_DEST] = {&dest, (uint8_t*)&dest.clientid_type - (uint8_t*)&dest}, 547 [IOV_MAXRT] = {&maxrt, sizeof(maxrt)}, 548 [IOV_RAPID_COMMIT] = {&rapid_commit, 0}, 549 [IOV_DNS] = {&dns, (dns_cnt) ? sizeof(dns) : 0}, 550 [IOV_DNS_ADDR] = {dns_addr_ptr, dns_cnt * sizeof(*dns_addr_ptr)}, 551 [IOV_SEARCH] = {&search, (search_len) ? sizeof(search) : 0}, 552 [IOV_SEARCH_DOMAIN] = {search_domain, search_len}, 553 [IOV_PDBUF] = {pdbuf, 0}, 554 [IOV_CERID] = {&cerid, 0}, 555 [IOV_DHCPV6_RAW] = {iface->dhcpv6_raw, iface->dhcpv6_raw_len}, 556 [IOV_NTP] = {&ntp, (ntp_cnt) ? sizeof(ntp) : 0}, 557 [IOV_NTP_ADDR] = {ntp_ptr, (ntp_cnt) ? ntp_len : 0}, 558 [IOV_SNTP] = {&dhcpv6_sntp, (sntp_cnt) ? sizeof(dhcpv6_sntp) : 0}, 559 [IOV_SNTP_ADDR] = {sntp_addr_ptr, sntp_cnt * sizeof(*sntp_addr_ptr)}, 560 [IOV_DNR] = {dnrs, dnrs_len}, 561 [IOV_RELAY_MSG] = {NULL, 0}, 562 [IOV_DHCPV4O6_SERVER] = {&dhcpv4o6_server, 0}, 563 [IOV_BOOTFILE_URL] = {NULL, 0} 564 }; 565 566 if (hdr->msg_type == DHCPV6_MSG_RELAY_FORW) 567 handle_nested_message(data, len, &hdr, &opts, &opts_end, iov); 568 569 switch (hdr->msg_type) { 570 case DHCPV6_MSG_SOLICIT: 571 case DHCPV6_MSG_REQUEST: 572 case DHCPV6_MSG_CONFIRM: 573 case DHCPV6_MSG_RENEW: 574 case DHCPV6_MSG_REBIND: 575 case DHCPV6_MSG_RELEASE: 576 case DHCPV6_MSG_DECLINE: 577 case DHCPV6_MSG_INFORMATION_REQUEST: 578 case DHCPV6_MSG_RELAY_FORW: 579 #ifdef DHCPV4_SUPPORT 580 case DHCPV6_MSG_DHCPV4_QUERY: 581 #endif 582 break; /* Valid message types for clients */ 583 case DHCPV6_MSG_ADVERTISE: 584 case DHCPV6_MSG_REPLY: 585 case DHCPV6_MSG_RECONFIGURE: 586 case DHCPV6_MSG_RELAY_REPL: 587 case DHCPV6_MSG_DHCPV4_RESPONSE: 588 #ifndef DHCPV4_SUPPORT 589 case DHCPV6_MSG_DHCPV4_QUERY: 590 #endif 591 default: 592 return; /* Invalid message types for clients */ 593 } 594 595 if (!IN6_IS_ADDR_MULTICAST((struct in6_addr *)dest_addr) && iov[IOV_NESTED].iov_len == 0 && 596 (hdr->msg_type == DHCPV6_MSG_SOLICIT || hdr->msg_type == DHCPV6_MSG_CONFIRM || 597 hdr->msg_type == DHCPV6_MSG_REBIND || hdr->msg_type == DHCPV6_MSG_INFORMATION_REQUEST)) 598 return; 599 600 memcpy(dest.tr_id, hdr->transaction_id, sizeof(dest.tr_id)); 601 602 /* Go through options and find what we need */ 603 dhcpv6_for_each_option(opts, opts_end, otype, olen, odata) { 604 if (otype == DHCPV6_OPT_CLIENTID && olen <= 130) { 605 dest.clientid_length = htons(olen); 606 memcpy(dest.clientid_buf, odata, olen); 607 iov[IOV_DEST].iov_len += 4 + olen; 608 } else if (otype == DHCPV6_OPT_SERVERID) { 609 if (olen != ntohs(dest.serverid_length) || 610 memcmp(odata, &dest.duid_type, olen)) 611 return; /* Not for us */ 612 } else if (iface->filter_class && otype == DHCPV6_OPT_USER_CLASS) { 613 uint8_t *c = odata, *cend = &odata[olen]; 614 for (; &c[2] <= cend && &c[2 + (c[0] << 8) + c[1]] <= cend; c = &c[2 + (c[0] << 8) + c[1]]) { 615 size_t elen = strlen(iface->filter_class); 616 if (((((size_t)c[0]) << 8) | c[1]) == elen && !memcmp(&c[2], iface->filter_class, elen)) 617 return; /* Ignore from homenet */ 618 } 619 } else if (otype == DHCPV6_OPT_IA_PD) { 620 #ifdef EXT_CER_ID 621 iov[IOV_CERID].iov_len = sizeof(cerid); 622 623 if (IN6_IS_ADDR_UNSPECIFIED(&cerid.addr)) { 624 struct odhcpd_ipaddr *addrs; 625 ssize_t len = netlink_get_interface_addrs(0, true, &addrs); 626 627 for (ssize_t i = 0; i < len; ++i) 628 if (IN6_IS_ADDR_UNSPECIFIED(&cerid.addr) 629 || memcmp(&addrs[i].addr, &cerid.addr, sizeof(cerid.addr)) < 0) 630 cerid.addr = addrs[i].addr.in6; 631 632 free(addrs); 633 } 634 #endif 635 } else if (otype == DHCPV6_OPT_RAPID_COMMIT && hdr->msg_type == DHCPV6_MSG_SOLICIT) { 636 iov[IOV_RAPID_COMMIT].iov_len = sizeof(rapid_commit); 637 o_rapid_commit = true; 638 } else if (otype == DHCPV6_OPT_ORO) { 639 for (int i=0; i < olen/2; i++) { 640 uint16_t option = ntohs(((uint16_t *)odata)[i]); 641 642 switch (option) { 643 #ifdef DHCPV4_SUPPORT 644 case DHCPV6_OPT_4O6_SERVER: 645 if (iface->dhcpv4) { 646 /* According to RFC 7341, 7.2. DHCP 4o6 Server Address Option Format: 647 * This option may also carry no IPv6 addresses, which instructs the 648 * client to use the All_DHCP_Relay_Agents_and_Servers multicast address 649 * as the destination address. 650 * 651 * The ISC dhclient logs a missing IPv6 address as an error but seems to 652 * work anyway: 653 * dhcp4-o-dhcp6-server: expecting at least 16 bytes; got 0 654 * 655 * Include the All_DHCP_Relay_Agents_and_Servers multicast address 656 * to make it explicit which address to use. */ 657 struct dhcpv4o6_server *server = iov[IOV_DHCPV4O6_SERVER].iov_base; 658 659 inet_pton(AF_INET6, ALL_DHCPV6_RELAYS, &server->addr); 660 661 iov[IOV_DHCPV4O6_SERVER].iov_len = sizeof(dhcpv4o6_server); 662 } 663 break; 664 #endif /* DHCPV4_SUPPORT */ 665 default: 666 break; 667 } 668 } 669 } else if (otype == DHCPV6_OPT_CLIENT_ARCH) { 670 uint16_t arch_code = ntohs(((uint16_t*)odata)[0]); 671 ipv6_pxe_serve_boot_url(arch_code, &iov[IOV_BOOTFILE_URL]); 672 } 673 } 674 675 if (!IN6_IS_ADDR_MULTICAST((struct in6_addr *)dest_addr) && iov[IOV_NESTED].iov_len == 0 && 676 (hdr->msg_type == DHCPV6_MSG_REQUEST || hdr->msg_type == DHCPV6_MSG_RENEW || 677 hdr->msg_type == DHCPV6_MSG_RELEASE || hdr->msg_type == DHCPV6_MSG_DECLINE)) { 678 iov[IOV_STAT].iov_base = &stat; 679 iov[IOV_STAT].iov_len = sizeof(stat); 680 681 for (ssize_t i = IOV_STAT + 1; i < IOV_TOTAL; ++i) 682 iov[i].iov_len = 0; 683 684 odhcpd_send(iface->dhcpv6_event.uloop.fd, addr, iov, ARRAY_SIZE(iov), iface); 685 return; 686 } 687 688 if (hdr->msg_type == DHCPV6_MSG_SOLICIT && !o_rapid_commit) { 689 dest.msg_type = DHCPV6_MSG_ADVERTISE; 690 } else if (hdr->msg_type == DHCPV6_MSG_INFORMATION_REQUEST) { 691 iov[IOV_REFRESH].iov_base = &refresh; 692 iov[IOV_REFRESH].iov_len = sizeof(refresh); 693 694 /* Return inf max rt option in reply to information request */ 695 maxrt.type = htons(DHCPV6_OPT_INF_MAX_RT); 696 } 697 698 #ifdef DHCPV4_SUPPORT 699 if (hdr->msg_type == DHCPV6_MSG_DHCPV4_QUERY) { 700 struct _packed dhcpv4_msg_data { 701 uint16_t type; 702 uint16_t len; 703 uint8_t msg[1]; 704 } *msg_opt = (struct dhcpv4_msg_data*)pdbuf; 705 ssize_t msglen; 706 707 memset(pdbuf, 0, sizeof(pdbuf)); 708 709 msglen = dhcpv6_4o6_query(msg_opt->msg, sizeof(pdbuf) - sizeof(*msg_opt) + 1, 710 iface, addr, (const void *)hdr, opts_end); 711 if (msglen <= 0) { 712 syslog(LOG_ERR, "4o6: query failed"); 713 return; 714 } 715 716 msg_opt->type = htons(DHCPV6_OPT_DHCPV4_MSG); 717 msg_opt->len = htons(msglen); 718 iov[IOV_PDBUF].iov_len = sizeof(*msg_opt) - 1 + msglen; 719 dest.msg_type = DHCPV6_MSG_DHCPV4_RESPONSE; 720 } else 721 #endif /* DHCPV4_SUPPORT */ 722 723 if (hdr->msg_type != DHCPV6_MSG_INFORMATION_REQUEST) { 724 ssize_t ialen = dhcpv6_ia_handle_IAs(pdbuf, sizeof(pdbuf), iface, addr, (const void *)hdr, opts_end); 725 726 iov[IOV_PDBUF].iov_len = ialen; 727 if (ialen < 0 || 728 (ialen == 0 && (hdr->msg_type == DHCPV6_MSG_REBIND || hdr->msg_type == DHCPV6_MSG_CONFIRM))) 729 return; 730 } 731 732 if (iov[IOV_NESTED].iov_len > 0) /* Update length */ 733 update_nested_message(data, len, iov[IOV_DEST].iov_len + iov[IOV_MAXRT].iov_len + 734 iov[IOV_RAPID_COMMIT].iov_len + iov[IOV_DNS].iov_len + 735 iov[IOV_DNS_ADDR].iov_len + iov[IOV_SEARCH].iov_len + 736 iov[IOV_SEARCH_DOMAIN].iov_len + iov[IOV_PDBUF].iov_len + 737 iov[IOV_DHCPV4O6_SERVER].iov_len + 738 iov[IOV_CERID].iov_len + iov[IOV_DHCPV6_RAW].iov_len + 739 iov[IOV_NTP].iov_len + iov[IOV_NTP_ADDR].iov_len + 740 iov[IOV_SNTP].iov_len + iov[IOV_SNTP_ADDR].iov_len + 741 iov[IOV_DNR].iov_len + iov[IOV_BOOTFILE_URL].iov_len - 742 (4 + opts_end - opts)); 743 744 syslog(LOG_DEBUG, "Sending a DHCPv6-%s on %s", iov[IOV_NESTED].iov_len ? "relay-reply" : "reply", iface->name); 745 746 odhcpd_send(iface->dhcpv6_event.uloop.fd, addr, iov, ARRAY_SIZE(iov), iface); 747 } 748 749 750 /* Central DHCPv6-relay handler */ 751 static void handle_dhcpv6(void *addr, void *data, size_t len, 752 struct interface *iface, void *dest_addr) 753 { 754 if (iface->dhcpv6 == MODE_SERVER) { 755 handle_client_request(addr, data, len, iface, dest_addr); 756 } else if (iface->dhcpv6 == MODE_RELAY) { 757 if (iface->master) 758 relay_server_response(data, len); 759 else 760 relay_client_request(addr, data, len, iface); 761 } 762 } 763 764 765 /* Relay server response (regular relay server handling) */ 766 static void relay_server_response(uint8_t *data, size_t len) 767 { 768 /* Information we need to gather */ 769 uint8_t *payload_data = NULL; 770 size_t payload_len = 0; 771 int32_t ifaceidx = 0; 772 struct sockaddr_in6 target = {AF_INET6, htons(DHCPV6_CLIENT_PORT), 773 0, IN6ADDR_ANY_INIT, 0}; 774 int otype, olen; 775 uint8_t *odata, *end = data + len; 776 /* Relay DHCPv6 reply from server to client */ 777 struct dhcpv6_relay_header *h = (void*)data; 778 779 syslog(LOG_DEBUG, "Got a DHCPv6-relay-reply"); 780 781 if (len < sizeof(*h) || h->msg_type != DHCPV6_MSG_RELAY_REPL) 782 return; 783 784 memcpy(&target.sin6_addr, &h->peer_address, sizeof(struct in6_addr)); 785 786 /* Go through options and find what we need */ 787 dhcpv6_for_each_option(h->options, end, otype, olen, odata) { 788 if (otype == DHCPV6_OPT_INTERFACE_ID 789 && olen == sizeof(ifaceidx)) { 790 memcpy(&ifaceidx, odata, sizeof(ifaceidx)); 791 } else if (otype == DHCPV6_OPT_RELAY_MSG) { 792 payload_data = odata; 793 payload_len = olen; 794 } 795 } 796 797 /* Invalid interface-id or basic payload */ 798 struct interface *iface = odhcpd_get_interface_by_index(ifaceidx); 799 if (!iface || iface->master || !payload_data || payload_len < 4) 800 return; 801 802 bool is_authenticated = false; 803 struct in6_addr *dns_ptr = NULL; 804 size_t dns_count = 0; 805 806 /* If the payload is relay-reply we have to send to the server port */ 807 if (payload_data[0] == DHCPV6_MSG_RELAY_REPL) { 808 target.sin6_port = htons(DHCPV6_SERVER_PORT); 809 } else { /* Go through the payload data */ 810 struct dhcpv6_client_header *h = (void*)payload_data; 811 end = payload_data + payload_len; 812 813 dhcpv6_for_each_option(&h[1], end, otype, olen, odata) { 814 if (otype == DHCPV6_OPT_DNS_SERVERS && olen >= 16) { 815 dns_ptr = (struct in6_addr*)odata; 816 dns_count = olen / 16; 817 } else if (otype == DHCPV6_OPT_AUTH) { 818 is_authenticated = true; 819 } 820 } 821 } 822 823 /* Rewrite DNS servers if requested */ 824 if (iface->always_rewrite_dns && dns_ptr && dns_count > 0) { 825 if (is_authenticated) 826 return; /* Impossible to rewrite */ 827 828 const struct in6_addr *rewrite = iface->dns; 829 struct in6_addr addr; 830 size_t rewrite_cnt = iface->dns_cnt; 831 832 if (rewrite_cnt == 0) { 833 if (odhcpd_get_interface_dns_addr(iface, &addr)) 834 return; /* Unable to get interface address */ 835 836 rewrite = &addr; 837 rewrite_cnt = 1; 838 } 839 840 /* Copy over any other addresses */ 841 for (size_t i = 0; i < dns_count; ++i) { 842 size_t j = (i < rewrite_cnt) ? i : rewrite_cnt - 1; 843 memcpy(&dns_ptr[i], &rewrite[j], sizeof(*rewrite)); 844 } 845 } 846 847 struct iovec iov = {payload_data, payload_len}; 848 849 syslog(LOG_DEBUG, "Sending a DHCPv6-reply on %s", iface->name); 850 851 odhcpd_send(iface->dhcpv6_event.uloop.fd, &target, &iov, 1, iface); 852 } 853 854 static struct odhcpd_ipaddr *relay_link_address(struct interface *iface) 855 { 856 struct odhcpd_ipaddr *addr = NULL; 857 time_t now = odhcpd_time(); 858 859 for (size_t i = 0; i < iface->addr6_len; i++) { 860 if (iface->addr6[i].valid_lt <= (uint32_t)now) 861 continue; 862 863 if (iface->addr6[i].preferred_lt > (uint32_t)now) { 864 addr = &iface->addr6[i]; 865 break; 866 } 867 868 if (!addr || (iface->addr6[i].valid_lt > addr->valid_lt)) 869 addr = &iface->addr6[i]; 870 } 871 872 return addr; 873 } 874 875 /* Relay client request (regular DHCPv6-relay) */ 876 static void relay_client_request(struct sockaddr_in6 *source, 877 const void *data, size_t len, struct interface *iface) 878 { 879 const struct dhcpv6_relay_header *h = data; 880 /* Construct our forwarding envelope */ 881 struct dhcpv6_relay_forward_envelope hdr = { 882 .msg_type = DHCPV6_MSG_RELAY_FORW, 883 .hop_count = 0, 884 .interface_id_type = htons(DHCPV6_OPT_INTERFACE_ID), 885 .interface_id_len = htons(sizeof(uint32_t)), 886 .relay_message_type = htons(DHCPV6_OPT_RELAY_MSG), 887 .relay_message_len = htons(len), 888 }; 889 struct iovec iov[2] = {{&hdr, sizeof(hdr)}, {(void *)data, len}}; 890 struct interface *c; 891 struct odhcpd_ipaddr *ip; 892 struct sockaddr_in6 s; 893 894 if (h->msg_type == DHCPV6_MSG_RELAY_REPL || 895 h->msg_type == DHCPV6_MSG_RECONFIGURE || 896 h->msg_type == DHCPV6_MSG_REPLY || 897 h->msg_type == DHCPV6_MSG_ADVERTISE) 898 return; /* Invalid message types for client */ 899 900 syslog(LOG_DEBUG, "Got a DHCPv6-request on %s", iface->name); 901 902 if (h->msg_type == DHCPV6_MSG_RELAY_FORW) { /* handle relay-forward */ 903 if (h->hop_count >= DHCPV6_HOP_COUNT_LIMIT) 904 return; /* Invalid hop count */ 905 906 hdr.hop_count = h->hop_count + 1; 907 } 908 909 /* use memcpy here as the destination fields are unaligned */ 910 memcpy(&hdr.peer_address, &source->sin6_addr, sizeof(struct in6_addr)); 911 memcpy(&hdr.interface_id_data, &iface->ifindex, sizeof(iface->ifindex)); 912 913 /* Detect public IP of slave interface to use as link-address */ 914 ip = relay_link_address(iface); 915 if (ip) 916 memcpy(&hdr.link_address, &ip->addr.in6, sizeof(hdr.link_address)); 917 918 memset(&s, 0, sizeof(s)); 919 s.sin6_family = AF_INET6; 920 s.sin6_port = htons(DHCPV6_SERVER_PORT); 921 inet_pton(AF_INET6, ALL_DHCPV6_SERVERS, &s.sin6_addr); 922 923 avl_for_each_element(&interfaces, c, avl) { 924 if (!c->master || c->dhcpv6 != MODE_RELAY) 925 continue; 926 927 if (!ip) { 928 /* No suitable address! Is the slave not configured yet? 929 * Detect public IP of master interface and use it instead 930 * This is WRONG and probably violates the RFC. However 931 * otherwise we have a hen and egg problem because the 932 * slave-interface cannot be auto-configured. */ 933 ip = relay_link_address(c); 934 if (!ip) 935 continue; /* Could not obtain a suitable address */ 936 937 memcpy(&hdr.link_address, &ip->addr.in6, sizeof(hdr.link_address)); 938 ip = NULL; 939 } 940 941 syslog(LOG_DEBUG, "Sending a DHCPv6-relay-forward on %s", c->name); 942 943 odhcpd_send(c->dhcpv6_event.uloop.fd, &s, iov, 2, c); 944 } 945 } 946
This page was automatically generated by LXR 0.3.1. • OpenWrt