2 * Copyright (C) 2013 Steven Barth <steven@midlink.org>
3 * Copyright (C) 2016 Hans Dedecker <dedeckeh@gmail.com>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License v2 as published by
7 * the Free Software Foundation.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
32 #include <arpa/inet.h>
33 #include <sys/timerfd.h>
35 #include <libubox/md5.h>
36 #include <libubox/usock.h>
38 #define ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs) \
39 ((iface)->dhcpv6_assignall || (i) == (m) || \
40 (addrs)[(i)].prefix > 64)
42 static void dhcpv6_netevent_cb(unsigned long event, struct netevent_handler_info *info);
43 static void set_border_assignment_size(struct interface *iface, struct dhcp_assignment *b);
44 static void handle_addrlist_change(struct netevent_handler_info *info);
45 static void start_reconf(struct dhcp_assignment *a);
46 static void stop_reconf(struct dhcp_assignment *a);
47 static void valid_until_cb(struct uloop_timeout *event);
49 static struct netevent_handler dhcpv6_netevent_handler = { .cb = dhcpv6_netevent_cb, };
50 static struct uloop_timeout valid_until_timeout = {.cb = valid_until_cb};
51 static uint32_t serial = 0;
52 static uint8_t statemd5[16];
54 int dhcpv6_ia_init(void)
56 uloop_timeout_set(&valid_until_timeout, 1000);
58 netlink_add_netevent_handler(&dhcpv6_netevent_handler);
63 int dhcpv6_ia_setup_interface(struct interface *iface, bool enable)
66 struct dhcp_assignment *c;
68 while (!list_empty(&iface->ia_assignments)) {
69 c = list_first_entry(&iface->ia_assignments, struct dhcp_assignment, head);
74 if (enable && iface->dhcpv6 == MODE_SERVER) {
75 struct dhcp_assignment *border;
77 if (list_empty(&iface->ia_assignments)) {
78 border = alloc_assignment(0);
81 syslog(LOG_ERR, "Failed to alloc border on %s", iface->name);
86 list_add(&border->head, &iface->ia_assignments);
88 border = list_last_entry(&iface->ia_assignments, struct dhcp_assignment, head);
90 set_border_assignment_size(iface, border);
96 static void dhcpv6_netevent_cb(unsigned long event, struct netevent_handler_info *info)
98 struct interface *iface = info->iface;
100 if (!iface || iface->dhcpv6 != MODE_SERVER)
104 case NETEV_ADDR6LIST_CHANGE:
105 handle_addrlist_change(info);
113 static inline bool valid_prefix_length(const struct dhcp_assignment *a, const uint8_t prefix_length)
115 return (a->managed_size || a->length > prefix_length);
118 static inline bool valid_addr(const struct odhcpd_ipaddr *addr, time_t now)
120 return (addr->prefix <= 96 && addr->preferred > (uint32_t)now);
123 static size_t get_preferred_addr(const struct odhcpd_ipaddr *addrs, const size_t addrlen)
127 for (i = 0, m = 0; i < addrlen; ++i) {
128 if (addrs[i].preferred > addrs[m].preferred ||
129 (addrs[i].preferred == addrs[m].preferred &&
130 memcmp(&addrs[i].addr, &addrs[m].addr, 16) > 0))
137 static int send_reconf(struct dhcp_assignment *assign)
140 struct dhcpv6_client_header hdr;
144 uint16_t hardware_type;
149 struct dhcpv6_auth_reconfigure auth;
152 uint8_t clid_data[128];
153 } __attribute__((packed)) reconf_msg = {
154 .hdr = {DHCPV6_MSG_RECONFIGURE, {0, 0, 0}},
155 .srvid_type = htons(DHCPV6_OPT_SERVERID),
156 .srvid_len = htons(10),
157 .duid_type = htons(3),
158 .hardware_type = htons(1),
159 .msg_type = htons(DHCPV6_OPT_RECONF_MSG),
161 .msg_id = DHCPV6_MSG_RENEW,
162 .auth = {htons(DHCPV6_OPT_AUTH),
163 htons(sizeof(reconf_msg.auth) - 4), 3, 1, 0,
164 {htonl(time(NULL)), htonl(++serial)}, 2, {0}},
165 .clid_type = htons(DHCPV6_OPT_CLIENTID),
166 .clid_len = htons(assign->clid_len),
169 struct interface *iface = assign->iface;
171 odhcpd_get_mac(iface, reconf_msg.mac);
172 memcpy(reconf_msg.clid_data, assign->clid_data, assign->clid_len);
173 struct iovec iov = {&reconf_msg, sizeof(reconf_msg) - 128 + assign->clid_len};
176 uint8_t secretbytes[64];
177 memset(secretbytes, 0, sizeof(secretbytes));
178 memcpy(secretbytes, assign->key, sizeof(assign->key));
180 for (size_t i = 0; i < sizeof(secretbytes); ++i)
181 secretbytes[i] ^= 0x36;
184 md5_hash(secretbytes, sizeof(secretbytes), &md5);
185 md5_hash(iov.iov_base, iov.iov_len, &md5);
186 md5_end(reconf_msg.auth.key, &md5);
188 for (size_t i = 0; i < sizeof(secretbytes); ++i) {
189 secretbytes[i] ^= 0x36;
190 secretbytes[i] ^= 0x5c;
194 md5_hash(secretbytes, sizeof(secretbytes), &md5);
195 md5_hash(reconf_msg.auth.key, 16, &md5);
196 md5_end(reconf_msg.auth.key, &md5);
198 return odhcpd_send(iface->dhcpv6_event.uloop.fd, &assign->peer, &iov, 1, iface);
201 static void dhcpv6_ia_free_assignment(struct dhcp_assignment *a)
203 if (a->managed_sock.fd.registered) {
204 ustream_free(&a->managed_sock.stream);
205 close(a->managed_sock.fd.fd);
214 void dhcpv6_ia_enum_addrs(struct interface *iface, struct dhcp_assignment *c,
215 time_t now, dhcpv6_binding_cb_handler_t func, void *arg)
217 struct odhcpd_ipaddr *addrs = (c->managed) ? c->managed : iface->addr6;
218 size_t addrlen = (c->managed) ? (size_t)c->managed_size : iface->addr6_len;
219 size_t m = get_preferred_addr(addrs, addrlen);
221 for (size_t i = 0; i < addrlen; ++i) {
222 struct in6_addr addr;
223 uint32_t pref, valid;
224 int prefix = c->managed ? addrs[i].prefix : c->length;
226 if (!valid_addr(&addrs[i], now))
229 addr = addrs[i].addr.in6;
230 pref = addrs[i].preferred;
231 valid = addrs[i].valid;
233 if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs))
236 addr.s6_addr32[3] = htonl(c->assigned);
238 if (!valid_prefix_length(c, addrs[i].prefix))
241 addr.s6_addr32[1] |= htonl(c->assigned);
242 addr.s6_addr32[2] = addr.s6_addr32[3] = 0;
245 if (pref != UINT32_MAX)
248 if (valid != UINT32_MAX)
251 func(&addr, prefix, pref, valid, arg);
258 struct dhcp_assignment *c;
259 struct interface *iface;
265 static void dhcpv6_write_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref,
266 _unused uint32_t valid, void *arg)
268 struct write_ctxt *ctxt = (struct write_ctxt *)arg;
269 char ipbuf[INET6_ADDRSTRLEN];
271 inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf) - 1);
273 if (ctxt->c->length == 128 && ctxt->c->hostname &&
274 !(ctxt->c->flags & OAF_BROKEN_HOSTNAME)) {
275 fputs(ipbuf, ctxt->fp);
278 if (dn_expand(ctxt->iface->search, ctxt->iface->search + ctxt->iface->search_len,
279 ctxt->iface->search, b, sizeof(b)) > 0)
280 fprintf(ctxt->fp, "\t%s.%s", ctxt->c->hostname, b);
282 fprintf(ctxt->fp, "\t%s\n", ctxt->c->hostname);
283 md5_hash(ipbuf, strlen(ipbuf), &ctxt->md5);
284 md5_hash(ctxt->c->hostname, strlen(ctxt->c->hostname), &ctxt->md5);
287 ctxt->buf_idx += snprintf(ctxt->buf + ctxt->buf_idx,ctxt->buf_len - ctxt->buf_idx,
288 "%s/%d ", ipbuf, prefix);
291 void dhcpv6_ia_write_statefile(void)
293 struct write_ctxt ctxt;
295 md5_begin(&ctxt.md5);
297 if (config.dhcp_statefile) {
298 time_t now = odhcpd_time(), wall_time = time(NULL);
299 int fd = open(config.dhcp_statefile, O_CREAT | O_WRONLY | O_CLOEXEC, 0644);
305 ret = lockf(fd, F_LOCK, 0);
310 if (ftruncate(fd, 0) < 0) {}
312 ctxt.fp = fdopen(fd, "w");
319 ctxt.buf_len = sizeof(leasebuf);
321 avl_for_each_element(&interfaces, ctxt.iface, avl) {
322 if (ctxt.iface->dhcpv6 != MODE_SERVER &&
323 ctxt.iface->dhcpv4 != MODE_SERVER)
326 if (ctxt.iface->dhcpv6 == MODE_SERVER) {
327 list_for_each_entry(ctxt.c, &ctxt.iface->ia_assignments, head) {
328 if (!(ctxt.c->flags & OAF_BOUND) || ctxt.c->managed_size < 0)
333 odhcpd_hexlify(duidbuf, ctxt.c->clid_data, ctxt.c->clid_len);
335 /* iface DUID iaid hostname lifetime assigned length [addrs...] */
336 ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s %x %s%s %ld %x %u ",
337 ctxt.iface->ifname, duidbuf, ntohl(ctxt.c->iaid),
338 (ctxt.c->flags & OAF_BROKEN_HOSTNAME) ? "broken\\x20" : "",
339 (ctxt.c->hostname ? ctxt.c->hostname : "-"),
340 (ctxt.c->valid_until > now ?
341 (ctxt.c->valid_until - now + wall_time) :
342 (INFINITE_VALID(ctxt.c->valid_until) ? -1 : 0)),
343 ctxt.c->assigned, (unsigned)ctxt.c->length);
345 if (INFINITE_VALID(ctxt.c->valid_until) || ctxt.c->valid_until > now)
346 dhcpv6_ia_enum_addrs(ctxt.iface, ctxt.c, now,
347 dhcpv6_write_ia_addr, &ctxt);
349 ctxt.buf[ctxt.buf_idx - 1] = '\n';
350 fwrite(ctxt.buf, 1, ctxt.buf_idx, ctxt.fp);
354 if (ctxt.iface->dhcpv4 == MODE_SERVER) {
355 struct dhcp_assignment *c;
357 list_for_each_entry(c, &ctxt.iface->dhcpv4_assignments, head) {
358 if (!(c->flags & OAF_BOUND))
361 char ipbuf[INET6_ADDRSTRLEN];
363 odhcpd_hexlify(duidbuf, c->hwaddr, sizeof(c->hwaddr));
365 /* iface DUID iaid hostname lifetime assigned length [addrs...] */
366 ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s ipv4 %s%s %ld %x 32 ",
367 ctxt.iface->ifname, duidbuf,
368 (c->flags & OAF_BROKEN_HOSTNAME) ? "broken\\x20" : "",
369 (c->hostname ? c->hostname : "-"),
370 (c->valid_until > now ?
371 (c->valid_until - now + wall_time) :
372 (INFINITE_VALID(c->valid_until) ? -1 : 0)),
375 struct in_addr addr = {.s_addr = c->addr};
376 inet_ntop(AF_INET, &addr, ipbuf, sizeof(ipbuf) - 1);
378 if (c->hostname && !(c->flags & OAF_BROKEN_HOSTNAME)) {
379 fputs(ipbuf, ctxt.fp);
382 if (dn_expand(ctxt.iface->search,
383 ctxt.iface->search + ctxt.iface->search_len,
384 ctxt.iface->search, b, sizeof(b)) > 0)
385 fprintf(ctxt.fp, "\t%s.%s", c->hostname, b);
387 fprintf(ctxt.fp, "\t%s\n", c->hostname);
388 md5_hash(ipbuf, strlen(ipbuf), &ctxt.md5);
389 md5_hash(c->hostname, strlen(c->hostname), &ctxt.md5);
392 ctxt.buf_idx += snprintf(ctxt.buf + ctxt.buf_idx,
393 ctxt.buf_len - ctxt.buf_idx,
395 ctxt.buf[ctxt.buf_idx - 1] = '\n';
396 fwrite(ctxt.buf, 1, ctxt.buf_idx, ctxt.fp);
405 md5_end(newmd5, &ctxt.md5);
407 if (config.dhcp_cb && memcmp(newmd5, statemd5, sizeof(newmd5))) {
408 memcpy(statemd5, newmd5, sizeof(statemd5));
409 char *argv[2] = {config.dhcp_cb, NULL};
411 execv(argv[0], argv);
417 static void __apply_lease(struct interface *iface, struct dhcp_assignment *a,
418 struct odhcpd_ipaddr *addrs, ssize_t addr_len, bool add)
423 for (ssize_t i = 0; i < addr_len; ++i) {
424 struct in6_addr prefix = addrs[i].addr.in6;
425 prefix.s6_addr32[1] |= htonl(a->assigned);
426 prefix.s6_addr32[2] = prefix.s6_addr32[3] = 0;
427 netlink_setup_route(&prefix, (a->managed_size) ? addrs[i].prefix : a->length,
428 iface->ifindex, &a->peer.sin6_addr, 1024, add);
432 static void apply_lease(struct interface *iface, struct dhcp_assignment *a, bool add)
434 struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6;
435 ssize_t addrlen = (a->managed) ? a->managed_size : (ssize_t)iface->addr6_len;
437 __apply_lease(iface, a, addrs, addrlen, add);
440 /* Set border assignment size based on the IPv6 address prefixes */
441 static void set_border_assignment_size(struct interface *iface, struct dhcp_assignment *b)
443 time_t now = odhcpd_time();
446 for (size_t i = 0; i < iface->addr6_len; ++i) {
447 if (iface->addr6[i].preferred > (uint32_t)now &&
448 iface->addr6[i].prefix < 64 &&
449 iface->addr6[i].prefix > minprefix)
450 minprefix = iface->addr6[i].prefix;
453 if (minprefix > 32 && minprefix <= 64)
454 b->assigned = 1U << (64 - minprefix);
459 /* More data was received from TCP connection */
460 static void managed_handle_pd_data(struct ustream *s, _unused int bytes_new)
462 struct ustream_fd *fd = container_of(s, struct ustream_fd, stream);
463 struct dhcp_assignment *c = container_of(fd, struct dhcp_assignment, managed_sock);
464 time_t now = odhcpd_time();
465 bool first = c->managed_size < 0;
469 char *data = ustream_get_read_buf(s, &pending);
470 char *end = memmem(data, pending, "\n\n", 2);
479 if (c->accept_reconf)
483 for (char *line = strtok_r(data, "\n", &saveptr); line; line = strtok_r(NULL, "\n", &saveptr)) {
484 c->managed = realloc(c->managed, (c->managed_size + 1) * sizeof(*c->managed));
485 struct odhcpd_ipaddr *n = &c->managed[c->managed_size];
487 char *saveptr2, *x = strtok_r(line, "/", &saveptr2);
488 if (!x || inet_pton(AF_INET6, x, &n->addr) < 1)
491 x = strtok_r(NULL, ",", &saveptr2);
492 if (sscanf(x, "%hhu", &n->prefix) < 1)
495 x = strtok_r(NULL, ",", &saveptr2);
496 if (sscanf(x, "%u", &n->preferred) < 1)
499 x = strtok_r(NULL, ",", &saveptr2);
500 if (sscanf(x, "%u", &n->valid) < 1)
503 if (n->preferred > n->valid)
506 if (UINT32_MAX - now < n->preferred)
507 n->preferred = UINT32_MAX;
511 if (UINT32_MAX - now < n->valid)
512 n->valid = UINT32_MAX;
521 ustream_consume(s, end - data);
524 if (first && c->managed_size == 0)
526 else if (first && !(c->flags & OAF_STATIC))
527 c->valid_until = now + 150;
531 /* TCP transmission has ended, either because of success or timeout or other error */
532 static void managed_handle_pd_done(struct ustream *s)
534 struct ustream_fd *fd = container_of(s, struct ustream_fd, stream);
535 struct dhcp_assignment *c = container_of(fd, struct dhcp_assignment, managed_sock);
537 if (!(c->flags & OAF_STATIC))
538 c->valid_until = odhcpd_time() + 15;
542 if (c->accept_reconf)
546 static bool assign_pd(struct interface *iface, struct dhcp_assignment *assign)
548 struct dhcp_assignment *c;
550 if (iface->dhcpv6_pd_manager[0]) {
551 int fd = usock(USOCK_UNIX | USOCK_TCP, iface->dhcpv6_pd_manager, NULL);
553 struct pollfd pfd = { .fd = fd, .events = POLLIN };
556 odhcpd_hexlify(iaidbuf, assign->clid_data, assign->clid_len);
558 assign->managed_sock.stream.notify_read = managed_handle_pd_data;
559 assign->managed_sock.stream.notify_state = managed_handle_pd_done;
560 ustream_fd_init(&assign->managed_sock, fd);
561 ustream_printf(&assign->managed_sock.stream, "%s,%x\n::/%d,0,0\n\n",
562 iaidbuf, assign->iaid, assign->length);
563 ustream_write_pending(&assign->managed_sock.stream);
564 assign->managed_size = -1;
566 if (!(assign->flags & OAF_STATIC))
567 assign->valid_until = odhcpd_time() + 15;
569 list_add(&assign->head, &iface->ia_assignments);
571 /* Wait initial period of up to 250ms for immediate assignment */
572 if (poll(&pfd, 1, 250) < 0) {
573 syslog(LOG_ERR, "poll(): %m");
577 managed_handle_pd_data(&assign->managed_sock.stream, 0);
579 if (fcntl(fd, F_GETFL) >= 0 && assign->managed_size > 0)
584 } else if (iface->addr6_len < 1)
587 /* Try honoring the hint first */
588 uint32_t current = 1, asize = (1 << (64 - assign->length)) - 1;
589 if (assign->assigned) {
590 list_for_each_entry(c, &iface->ia_assignments, head) {
591 if (c->length == 128 || c->length == 0)
594 if (assign->assigned >= current && assign->assigned + asize < c->assigned) {
595 list_add_tail(&assign->head, &c->head);
597 if (assign->flags & OAF_BOUND)
598 apply_lease(iface, assign, true);
603 if (c->assigned != 0)
604 current = (c->assigned + (1 << (64 - c->length)));
608 /* Fallback to a variable assignment */
610 list_for_each_entry(c, &iface->ia_assignments, head) {
611 if (c->length == 128 || c->length == 0)
614 current = (current + asize) & (~asize);
615 if (current + asize < c->assigned) {
616 assign->assigned = current;
617 list_add_tail(&assign->head, &c->head);
619 if (assign->flags & OAF_BOUND)
620 apply_lease(iface, assign, true);
625 if (c->assigned != 0)
626 current = (c->assigned + (1 << (64 - c->length)));
632 static bool assign_na(struct interface *iface, struct dhcp_assignment *a)
634 struct dhcp_assignment *c;
637 /* Preconfigured assignment by static lease */
639 list_for_each_entry(c, &iface->ia_assignments, head) {
643 if (c->assigned > a->assigned || c->length != 128) {
644 list_add_tail(&a->head, &c->head);
646 } else if (c->assigned == a->assigned)
651 /* Seed RNG with checksum of DUID */
652 for (size_t i = 0; i < a->clid_len; ++i)
653 seed += a->clid_data[i];
656 /* Try to assign up to 100x */
657 for (size_t i = 0; i < 100; ++i) {
659 do try = ((uint32_t)rand()) % 0x0fff; while (try < 0x100);
661 if (config_find_lease_by_hostid(try))
664 list_for_each_entry(c, &iface->ia_assignments, head) {
668 if (c->assigned > try || c->length != 128) {
670 list_add_tail(&a->head, &c->head);
672 } else if (c->assigned == try)
680 static void handle_addrlist_change(struct netevent_handler_info *info)
682 struct interface *iface = info->iface;
683 struct dhcp_assignment *c, *d, *border = list_last_entry(
684 &iface->ia_assignments, struct dhcp_assignment, head);
685 struct list_head reassign = LIST_HEAD_INIT(reassign);
686 time_t now = odhcpd_time();
688 list_for_each_entry(c, &iface->ia_assignments, head) {
689 if (c != border && iface->ra_managed == RA_MANAGED_NO_MFLAG
690 && (c->flags & OAF_BOUND))
691 __apply_lease(iface, c, info->addrs_old.addrs,
692 info->addrs_old.len, false);
695 set_border_assignment_size(iface, border);
697 list_for_each_entry_safe(c, d, &iface->ia_assignments, head) {
698 if (c->clid_len == 0 || (!INFINITE_VALID(c->valid_until) && c->valid_until < now) ||
702 if (c->length < 128 && c->assigned >= border->assigned && c != border)
703 list_move(&c->head, &reassign);
704 else if (c != border && (c->flags & OAF_BOUND))
705 apply_lease(iface, c, true);
707 if (c->accept_reconf && c->reconf_cnt == 0) {
708 struct dhcp_assignment *a;
712 /* Leave all other assignments of that client alone */
713 list_for_each_entry(a, &iface->ia_assignments, head)
714 if (a != c && a->clid_len == c->clid_len &&
715 !memcmp(a->clid_data, c->clid_data, a->clid_len))
716 a->reconf_cnt = INT_MAX;
720 while (!list_empty(&reassign)) {
721 c = list_first_entry(&reassign, struct dhcp_assignment, head);
722 list_del_init(&c->head);
723 if (!assign_pd(iface, c)) {
725 list_add(&c->head, &iface->ia_assignments);
729 dhcpv6_ia_write_statefile();
732 static void reconf_timeout_cb(struct uloop_timeout *event)
734 struct dhcp_assignment *a = container_of(event, struct dhcp_assignment, reconf_timer);
736 if (a->reconf_cnt > 0 && a->reconf_cnt < DHCPV6_REC_MAX_RC) {
738 uloop_timeout_set(&a->reconf_timer,
739 DHCPV6_REC_TIMEOUT << a->reconf_cnt);
745 static void start_reconf(struct dhcp_assignment *a)
747 uloop_timeout_set(&a->reconf_timer,
748 DHCPV6_REC_TIMEOUT << a->reconf_cnt);
749 a->reconf_timer.cb = reconf_timeout_cb;
755 static void stop_reconf(struct dhcp_assignment *a)
757 uloop_timeout_cancel(&a->reconf_timer);
759 a->reconf_timer.cb = NULL;
762 static void valid_until_cb(struct uloop_timeout *event)
764 struct interface *iface;
765 time_t now = odhcpd_time();
767 avl_for_each_element(&interfaces, iface, avl) {
768 struct dhcp_assignment *a, *n;
770 if (iface->dhcpv6 != MODE_SERVER)
773 list_for_each_entry_safe(a, n, &iface->ia_assignments, head) {
774 if (!INFINITE_VALID(a->valid_until) && a->valid_until < now) {
775 if ((a->length < 128 && a->clid_len > 0) ||
776 (a->length == 128 && a->clid_len == 0))
782 uloop_timeout_set(event, 1000);
785 static size_t build_ia(uint8_t *buf, size_t buflen, uint16_t status,
786 const struct dhcpv6_ia_hdr *ia, struct dhcp_assignment *a,
787 struct interface *iface, bool request)
789 struct dhcpv6_ia_hdr o_ia = {
796 size_t ia_len = sizeof(o_ia);
797 time_t now = odhcpd_time();
803 struct __attribute__((packed)) {
808 .type = htons(DHCPV6_OPT_STATUS),
809 .len = htons(sizeof(o_status) - 4),
810 .val = htons(status),
813 memcpy(buf + ia_len, &o_status, sizeof(o_status));
814 ia_len += sizeof(o_status);
816 o_ia.len = htons(ia_len - 4);
817 memcpy(buf, &o_ia, sizeof(o_ia));
826 leasetime = a->leasetime;
828 leasetime = iface->dhcpv4_leasetime;
830 uint32_t pref = leasetime;
831 uint32_t valid = leasetime;
833 struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6;
834 size_t addrlen = (a->managed) ? (size_t)a->managed_size : iface->addr6_len;
835 size_t m = get_preferred_addr(addrs, addrlen);
837 for (size_t i = 0; i < addrlen; ++i) {
838 uint32_t prefix_pref = addrs[i].preferred;
839 uint32_t prefix_valid = addrs[i].valid;
841 if (!valid_addr(&addrs[i], now))
844 if (prefix_pref != UINT32_MAX)
847 if (prefix_valid != UINT32_MAX)
850 if (a->length < 128) {
851 struct dhcpv6_ia_prefix o_ia_p = {
852 .type = htons(DHCPV6_OPT_IA_PREFIX),
853 .len = htons(sizeof(o_ia_p) - 4),
854 .preferred = htonl(prefix_pref),
855 .valid = htonl(prefix_valid),
856 .prefix = (a->managed_size) ? addrs[i].prefix : a->length,
857 .addr = addrs[i].addr.in6,
860 o_ia_p.addr.s6_addr32[1] |= htonl(a->assigned);
861 o_ia_p.addr.s6_addr32[2] = o_ia_p.addr.s6_addr32[3] = 0;
863 if ((a->assigned == 0 && a->managed_size == 0) ||
864 !valid_prefix_length(a, addrs[i].prefix))
867 if (buflen < ia_len + sizeof(o_ia_p))
870 memcpy(buf + ia_len, &o_ia_p, sizeof(o_ia_p));
871 ia_len += sizeof(o_ia_p);
873 struct dhcpv6_ia_addr o_ia_a = {
874 .type = htons(DHCPV6_OPT_IA_ADDR),
875 .len = htons(sizeof(o_ia_a) - 4),
876 .addr = addrs[i].addr.in6,
877 .preferred = htonl(prefix_pref),
878 .valid = htonl(prefix_valid)
881 o_ia_a.addr.s6_addr32[3] = htonl(a->assigned);
883 if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs) ||
887 if (buflen < ia_len + sizeof(o_ia_a))
890 memcpy(buf + ia_len, &o_ia_a, sizeof(o_ia_a));
891 ia_len += sizeof(o_ia_a);
894 /* Calculate T1 / T2 based on non-deprecated addresses */
895 if (prefix_pref > 0) {
896 if (prefix_pref < pref)
899 if (prefix_valid < valid)
900 valid = prefix_valid;
904 if (!INFINITE_VALID(a->valid_until))
905 /* UINT32_MAX is considered as infinite leasetime */
906 a->valid_until = (valid == UINT32_MAX) ? 0 : valid + now;
908 o_ia.t1 = htonl((pref == UINT32_MAX) ? pref : pref * 5 / 10);
909 o_ia.t2 = htonl((pref == UINT32_MAX) ? pref : pref * 8 / 10);
919 uint8_t *odata, *end = ((uint8_t*)ia) + htons(ia->len) + 4;
920 uint16_t otype, olen;
922 dhcpv6_for_each_option((uint8_t*)&ia[1], end, otype, olen, odata) {
923 struct dhcpv6_ia_prefix *ia_p = (struct dhcpv6_ia_prefix *)&odata[-4];
924 struct dhcpv6_ia_addr *ia_a = (struct dhcpv6_ia_addr *)&odata[-4];
927 if ((otype != DHCPV6_OPT_IA_PREFIX || olen < sizeof(*ia_p) - 4) &&
928 (otype != DHCPV6_OPT_IA_ADDR || olen < sizeof(*ia_a) - 4))
932 struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6;
933 size_t addrlen = (a->managed) ? (size_t)a->managed_size : iface->addr6_len;
935 for (size_t i = 0; i < addrlen; ++i) {
936 if (!valid_addr(&addrs[i], now))
939 struct in6_addr addr = addrs[i].addr.in6;
940 if (ia->type == htons(DHCPV6_OPT_IA_PD)) {
941 addr.s6_addr32[1] |= htonl(a->assigned);
942 addr.s6_addr32[2] = addr.s6_addr32[3] = 0;
944 if (!memcmp(&ia_p->addr, &addr, sizeof(addr)) &&
945 ia_p->prefix == ((a->managed) ? addrs[i].prefix : a->length))
948 addr.s6_addr32[3] = htonl(a->assigned);
950 if (!memcmp(&ia_a->addr, &addr, sizeof(addr)))
957 if (otype == DHCPV6_OPT_IA_PREFIX) {
958 struct dhcpv6_ia_prefix o_ia_p = {
959 .type = htons(DHCPV6_OPT_IA_PREFIX),
960 .len = htons(sizeof(o_ia_p) - 4),
963 .prefix = ia_p->prefix,
967 if (buflen < ia_len + sizeof(o_ia_p))
970 memcpy(buf + ia_len, &o_ia_p, sizeof(o_ia_p));
971 ia_len += sizeof(o_ia_p);
973 struct dhcpv6_ia_addr o_ia_a = {
974 .type = htons(DHCPV6_OPT_IA_ADDR),
975 .len = htons(sizeof(o_ia_a) - 4),
981 if (buflen < ia_len + sizeof(o_ia_a))
984 memcpy(buf + ia_len, &o_ia_a, sizeof(o_ia_a));
985 ia_len += sizeof(o_ia_a);
991 o_ia.len = htons(ia_len - 4);
992 memcpy(buf, &o_ia, sizeof(o_ia));
1002 static void dhcpv6_log_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref,
1003 _unused uint32_t valid, void *arg)
1005 struct log_ctxt *ctxt = (struct log_ctxt *)arg;
1006 char addrbuf[INET6_ADDRSTRLEN];
1008 inet_ntop(AF_INET6, addr, addrbuf, sizeof(addrbuf));
1009 ctxt->buf_idx += snprintf(ctxt->buf + ctxt->buf_idx, ctxt->buf_len - ctxt->buf_idx,
1010 "%s/%d ", addrbuf, prefix);
1013 static void dhcpv6_log(uint8_t msgtype, struct interface *iface, time_t now,
1014 const char *duidbuf, bool is_pd, struct dhcp_assignment *a, int code)
1016 const char *type = "UNKNOWN";
1017 const char *status = "UNKNOWN";
1020 case DHCPV6_MSG_SOLICIT:
1023 case DHCPV6_MSG_REQUEST:
1026 case DHCPV6_MSG_CONFIRM:
1029 case DHCPV6_MSG_RENEW:
1032 case DHCPV6_MSG_REBIND:
1035 case DHCPV6_MSG_RELEASE:
1038 case DHCPV6_MSG_DECLINE:
1044 case DHCPV6_STATUS_OK:
1047 case DHCPV6_STATUS_NOADDRSAVAIL:
1048 status = "no addresses available";
1050 case DHCPV6_STATUS_NOBINDING:
1051 status = "no binding";
1053 case DHCPV6_STATUS_NOTONLINK:
1054 status = "not on-link";
1056 case DHCPV6_STATUS_NOPREFIXAVAIL:
1057 status = "no prefix available";
1061 char leasebuf[256] = "";
1064 struct log_ctxt ctxt = {.buf = leasebuf,
1065 .buf_len = sizeof(leasebuf),
1068 dhcpv6_ia_enum_addrs(iface, a, now, dhcpv6_log_ia_addr, &ctxt);
1071 syslog(LOG_NOTICE, "DHCPV6 %s %s from %s on %s: %s %s", type, (is_pd) ? "IA_PD" : "IA_NA",
1072 duidbuf, iface->name, status, leasebuf);
1075 static bool dhcpv6_ia_on_link(const struct dhcpv6_ia_hdr *ia, struct dhcp_assignment *a,
1076 struct interface *iface)
1078 struct odhcpd_ipaddr *addrs = (a && a->managed) ? a->managed : iface->addr6;
1079 size_t addrlen = (a && a->managed) ? (size_t)a->managed_size : iface->addr6_len;
1080 time_t now = odhcpd_time();
1081 uint8_t *odata, *end = ((uint8_t*)ia) + htons(ia->len) + 4;
1082 uint16_t otype, olen;
1085 dhcpv6_for_each_option((uint8_t*)&ia[1], end, otype, olen, odata) {
1086 struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix *)&odata[-4];
1087 struct dhcpv6_ia_addr *n = (struct dhcpv6_ia_addr *)&odata[-4];
1089 if ((otype != DHCPV6_OPT_IA_PREFIX || olen < sizeof(*p) - 4) &&
1090 (otype != DHCPV6_OPT_IA_ADDR || olen < sizeof(*n) - 4))
1094 for (size_t i = 0; i < addrlen; ++i) {
1095 if (!valid_addr(&addrs[i], now))
1098 if (ia->type == htons(DHCPV6_OPT_IA_PD)) {
1099 if (p->prefix < addrs[i].prefix ||
1100 odhcpd_bmemcmp(&p->addr, &addrs[i].addr.in6, addrs[i].prefix))
1103 } else if (odhcpd_bmemcmp(&n->addr, &addrs[i].addr.in6, addrs[i].prefix))
1116 ssize_t dhcpv6_ia_handle_IAs(uint8_t *buf, size_t buflen, struct interface *iface,
1117 const struct sockaddr_in6 *addr, const void *data, const uint8_t *end)
1120 struct dhcp_assignment *first = NULL;
1121 const struct dhcpv6_client_header *hdr = data;
1122 time_t now = odhcpd_time();
1123 uint16_t otype, olen, clid_len = 0;
1124 uint8_t *start = (uint8_t *)&hdr[1], *odata;
1125 uint8_t *clid_data = NULL, mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1126 size_t hostname_len = 0, response_len = 0;
1127 bool notonlink = false, rapid_commit = false, accept_reconf = false;
1128 char duidbuf[261], hostname[256];
1130 dhcpv6_for_each_option(start, end, otype, olen, odata) {
1131 if (otype == DHCPV6_OPT_CLIENTID) {
1135 if (olen == 14 && odata[0] == 0 && odata[1] == 1)
1136 memcpy(mac, &odata[8], sizeof(mac));
1137 else if (olen == 10 && odata[0] == 0 && odata[1] == 3)
1138 memcpy(mac, &odata[4], sizeof(mac));
1141 odhcpd_hexlify(duidbuf, odata, olen);
1142 } else if (otype == DHCPV6_OPT_FQDN && olen >= 2 && olen <= 255) {
1143 uint8_t fqdn_buf[256];
1144 memcpy(fqdn_buf, odata, olen);
1145 fqdn_buf[olen++] = 0;
1147 if (dn_expand(&fqdn_buf[1], &fqdn_buf[olen], &fqdn_buf[1], hostname, sizeof(hostname)) > 0)
1148 hostname_len = strcspn(hostname, ".");
1149 } else if (otype == DHCPV6_OPT_RECONF_ACCEPT)
1150 accept_reconf = true;
1151 else if (otype == DHCPV6_OPT_RAPID_COMMIT && hdr->msg_type == DHCPV6_MSG_SOLICIT)
1152 rapid_commit = true;
1155 if (!clid_data || !clid_len || clid_len > 130)
1158 l = config_find_lease_by_duid(clid_data, clid_len);
1160 l = config_find_lease_by_mac(mac);
1162 dhcpv6_for_each_option(start, end, otype, olen, odata) {
1163 bool is_pd = (otype == DHCPV6_OPT_IA_PD);
1164 bool is_na = (otype == DHCPV6_OPT_IA_NA);
1165 bool ia_addr_present = false;
1166 if (!is_pd && !is_na)
1169 struct dhcpv6_ia_hdr *ia = (struct dhcpv6_ia_hdr*)&odata[-4];
1170 size_t ia_response_len = 0;
1171 uint8_t reqlen = (is_pd) ? 62 : 128;
1172 uint32_t reqhint = 0;
1174 /* Parse request hint for IA-PD */
1177 uint16_t stype, slen;
1178 dhcpv6_for_each_option(&ia[1], odata + olen, stype, slen, sdata) {
1179 if (stype != DHCPV6_OPT_IA_PREFIX || slen < sizeof(struct dhcpv6_ia_prefix) - 4)
1182 struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix*)&sdata[-4];
1185 reqhint = ntohl(p->addr.s6_addr32[1]);
1186 if (reqlen > 32 && reqlen <= 64)
1187 reqhint &= (1U << (64 - reqlen)) - 1;
1195 uint16_t stype, slen;
1196 dhcpv6_for_each_option(&ia[1], odata + olen, stype, slen, sdata) {
1197 if (stype != DHCPV6_OPT_IA_ADDR || slen < sizeof(struct dhcpv6_ia_addr) - 4)
1200 ia_addr_present = true;
1204 /* Find assignment */
1205 struct dhcp_assignment *c, *a = NULL;
1206 list_for_each_entry(c, &iface->ia_assignments, head) {
1207 if ((c->clid_len == clid_len && !memcmp(c->clid_data, clid_data, clid_len)) &&
1208 c->iaid == ia->iaid && (INFINITE_VALID(c->valid_until) || now < c->valid_until) &&
1209 ((is_pd && c->length <= 64) || (is_na && c->length == 128))) {
1213 if (a->flags & OAF_BOUND)
1214 apply_lease(iface, a, false);
1221 if (l && a && a->lease != l) {
1226 /* Generic message handling */
1227 uint16_t status = DHCPV6_STATUS_OK;
1228 if (a && a->managed_size < 0)
1231 if (hdr->msg_type == DHCPV6_MSG_SOLICIT ||
1232 hdr->msg_type == DHCPV6_MSG_REQUEST ||
1233 (hdr->msg_type == DHCPV6_MSG_REBIND && !a)) {
1234 bool assigned = !!a;
1237 if ((!iface->no_dynamic_dhcp || (l && is_na)) &&
1238 (iface->dhcpv6_pd || iface->dhcpv6_na)) {
1239 /* Create new binding */
1240 a = alloc_assignment(clid_len);
1243 a->clid_len = clid_len;
1244 memcpy(a->clid_data, clid_data, clid_len);
1248 a->assigned = is_na && l ? l->hostid : reqhint;
1249 /* Set valid time to 0 for static lease indicating */
1250 /* infinite lifetime otherwise current time */
1251 a->valid_until = l ? 0 : now;
1252 a->dhcp_free_cb = dhcpv6_ia_free_assignment;
1254 a->flags = OAF_DHCPV6;
1257 memcpy(a->key, first->key, sizeof(a->key));
1259 odhcpd_urandom(a->key, sizeof(a->key));
1261 if (is_pd && iface->dhcpv6_pd)
1262 while (!(assigned = assign_pd(iface, a)) &&
1263 !a->managed_size && ++a->length <= 64);
1264 else if (is_na && iface->dhcpv6_na)
1265 assigned = assign_na(iface, a);
1267 if (l && assigned) {
1268 a->flags |= OAF_STATIC;
1271 a->hostname = strdup(l->hostname);
1274 a->leasetime = l->leasetime;
1276 list_add(&a->lease_list, &l->assignments);
1280 if (a->managed_size && !assigned)
1286 if (!assigned || iface->addr6_len == 0)
1287 /* Set error status */
1288 status = (is_pd) ? DHCPV6_STATUS_NOPREFIXAVAIL : DHCPV6_STATUS_NOADDRSAVAIL;
1289 else if (hdr->msg_type == DHCPV6_MSG_REQUEST && !dhcpv6_ia_on_link(ia, a, iface)) {
1290 /* Send NOTONLINK staus for the IA */
1291 status = DHCPV6_STATUS_NOTONLINK;
1293 } else if (accept_reconf && assigned && !first &&
1294 hdr->msg_type != DHCPV6_MSG_REBIND) {
1295 size_t handshake_len = 4;
1297 buf[1] = DHCPV6_OPT_RECONF_ACCEPT;
1301 if (hdr->msg_type == DHCPV6_MSG_REQUEST) {
1302 struct dhcpv6_auth_reconfigure auth = {
1303 htons(DHCPV6_OPT_AUTH),
1304 htons(sizeof(auth) - 4),
1306 {htonl(time(NULL)), htonl(++serial)},
1310 memcpy(auth.key, a->key, sizeof(a->key));
1311 memcpy(buf + handshake_len, &auth, sizeof(auth));
1312 handshake_len += sizeof(auth);
1316 buf += handshake_len;
1317 buflen -= handshake_len;
1318 response_len += handshake_len;
1323 ia_response_len = build_ia(buf, buflen, status, ia, a, iface,
1324 hdr->msg_type == DHCPV6_MSG_REBIND ? false : true);
1326 /* Was only a solicitation: mark binding for removal */
1327 if (assigned && hdr->msg_type == DHCPV6_MSG_SOLICIT && !rapid_commit) {
1328 a->flags &= ~OAF_BOUND;
1329 a->flags |= OAF_TENTATIVE;
1331 if (!(a->flags & OAF_STATIC))
1332 /* Keep tentative assignment around for 60 seconds */
1333 a->valid_until = now + 60;
1335 } else if (assigned &&
1336 ((hdr->msg_type == DHCPV6_MSG_SOLICIT && rapid_commit) ||
1337 hdr->msg_type == DHCPV6_MSG_REQUEST ||
1338 hdr->msg_type == DHCPV6_MSG_REBIND)) {
1339 if ((!(a->flags & OAF_STATIC) || !a->hostname) && hostname_len > 0) {
1340 a->hostname = realloc(a->hostname, hostname_len + 1);
1342 memcpy(a->hostname, hostname, hostname_len);
1343 a->hostname[hostname_len] = 0;
1345 if (odhcpd_valid_hostname(a->hostname))
1346 a->flags &= ~OAF_BROKEN_HOSTNAME;
1348 a->flags |= OAF_BROKEN_HOSTNAME;
1351 a->accept_reconf = accept_reconf;
1352 a->flags &= ~OAF_TENTATIVE;
1353 a->flags |= OAF_BOUND;
1354 apply_lease(iface, a, true);
1355 } else if (!assigned && a && a->managed_size == 0) {
1356 /* Cleanup failed assignment */
1360 } else if (hdr->msg_type == DHCPV6_MSG_RENEW ||
1361 hdr->msg_type == DHCPV6_MSG_RELEASE ||
1362 hdr->msg_type == DHCPV6_MSG_REBIND ||
1363 hdr->msg_type == DHCPV6_MSG_DECLINE) {
1364 if (!a && hdr->msg_type != DHCPV6_MSG_REBIND) {
1365 status = DHCPV6_STATUS_NOBINDING;
1366 ia_response_len = build_ia(buf, buflen, status, ia, a, iface, false);
1367 } else if (hdr->msg_type == DHCPV6_MSG_RENEW ||
1368 hdr->msg_type == DHCPV6_MSG_REBIND) {
1369 ia_response_len = build_ia(buf, buflen, status, ia, a, iface, false);
1371 a->flags |= OAF_BOUND;
1372 apply_lease(iface, a, true);
1374 } else if (hdr->msg_type == DHCPV6_MSG_RELEASE) {
1375 if (!(a->flags & OAF_STATIC))
1376 a->valid_until = now - 1;
1378 if (a->flags & OAF_BOUND) {
1379 apply_lease(iface, a, false);
1380 a->flags &= ~OAF_BOUND;
1382 } else if (hdr->msg_type == DHCPV6_MSG_DECLINE && a->length == 128) {
1383 a->flags &= ~OAF_BOUND;
1385 if (!(a->flags & OAF_STATIC)) {
1387 a->valid_until = now + 3600; /* Block address for 1h */
1390 } else if (hdr->msg_type == DHCPV6_MSG_CONFIRM) {
1391 if (ia_addr_present && !dhcpv6_ia_on_link(ia, a, iface)) {
1396 if (!ia_addr_present || !a || !(a->flags & OAF_BOUND)) {
1402 buf += ia_response_len;
1403 buflen -= ia_response_len;
1404 response_len += ia_response_len;
1405 dhcpv6_log(hdr->msg_type, iface, now, duidbuf, is_pd, a, status);
1408 switch (hdr->msg_type) {
1409 case DHCPV6_MSG_RELEASE:
1410 case DHCPV6_MSG_DECLINE:
1411 case DHCPV6_MSG_CONFIRM:
1412 if (response_len + 6 < buflen) {
1414 buf[1] = DHCPV6_OPT_STATUS;
1418 buf[5] = (notonlink) ? DHCPV6_STATUS_NOTONLINK : DHCPV6_STATUS_OK;
1427 dhcpv6_ia_write_statefile();
1430 return response_len;
projects / oweals / odhcpd.git / blob