ISC DHCP 4.4.3-P1
A reference DHCPv4 and DHCPv6 implementation
 
Loading...
Searching...
No Matches
dhcpv6.c
Go to the documentation of this file.
1/*
2 * Copyright (C) 2006-2017 by Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
15 */
16
18
19#include "dhcpd.h"
20
21#ifdef DHCPv6
22
23#ifdef DHCP4o6
24static void forw_dhcpv4_query(struct packet *packet);
25static void send_dhcpv4_response(struct data_string *raw);
26
27static void recv_dhcpv4_query(struct data_string *raw);
28static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29 struct packet *packet);
30
31struct udp_data4o6 {
32 u_int16_t src_port;
33 u_int8_t rsp_opt_exist;
34 u_int8_t reserved;
35};
36
37static int offset_data4o6 = 36; /* 16+16+4 */
38#endif
39
40/*
41 * We use print_hex_1() to output DUID values. We could actually output
42 * the DUID with more information... MAC address if using type 1 or 3,
43 * and so on. However, RFC 3315 contains Grave Warnings against actually
44 * attempting to understand a DUID.
45 */
46
47/*
48 * TODO: gettext() or other method of localization for the messages
49 * for status codes (and probably for log formats eventually)
50 * TODO: refactoring (simplify, simplify, simplify)
51 * TODO: support multiple shared_networks on each interface (this
52 * will allow the server to issue multiple IPv6 addresses to
53 * a single interface)
54 */
55
56/*
57 * DHCPv6 Reply workflow assist. A Reply packet is built by various
58 * different functions; this gives us one location where we keep state
59 * regarding a reply.
60 */
61struct reply_state {
62 /* root level persistent state */
63 struct shared_network *shared;
64 struct host_decl *host;
65 struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
66 struct option_state *opt_state;
67 struct packet *packet;
68 struct data_string client_id;
69
70 /* IA level persistent state */
71 unsigned ia_count;
72 unsigned pd_count;
73 unsigned client_resources;
74 isc_boolean_t resources_included;
75 isc_boolean_t static_lease;
76 unsigned static_prefixes;
77 struct ia_xx *ia;
78 struct ia_xx *old_ia;
79 struct option_state *reply_ia;
80 struct data_string fixed;
81 struct iaddrcidrnet fixed_pref; /* static prefix for logging */
82
83 /* IAADDR/PREFIX level persistent state */
84 struct iasubopt *lease;
85
86 /*
87 * "t1", "t2", preferred, and valid lifetimes records for calculating
88 * t1 and t2 (min/max).
89 */
90 u_int32_t renew, rebind, min_prefer, min_valid;
91
92 /* Client-requested valid and preferred lifetimes. */
93 u_int32_t client_valid, client_prefer;
94
95 /* Chosen values to transmit for valid and preferred lifetimes. */
96 u_int32_t send_valid, send_prefer;
97
98 /* Preferred prefix length (-1 is any). */
99 int preflen;
100
101 /* Index into the data field that has been consumed. */
102 unsigned cursor;
103
104 /* Space for the on commit statements for a fixed host */
105 struct on_star on_star;
106
107 union reply_buffer {
108 unsigned char data[65536];
109 struct dhcpv6_packet reply;
110 } buf;
111};
112
113/*
114 * Prototypes local to this file.
115 */
116static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
117 struct data_string *enc_opt_data,
118 struct packet *packet,
119 struct option_cache *oc,
120 int offset);
121static void build_dhcpv6_reply(struct data_string *, struct packet *);
122static isc_result_t shared_network_from_packet6(struct shared_network **shared,
123 struct packet *packet);
124static void seek_shared_host(struct host_decl **hp,
125 struct shared_network *shared);
126static isc_boolean_t fixed_matches_shared(struct host_decl *host,
127 struct shared_network *shared);
128static isc_result_t reply_process_ia_na(struct reply_state *reply,
129 struct option_cache *ia);
130static isc_result_t reply_process_ia_ta(struct reply_state *reply,
131 struct option_cache *ia);
132static isc_result_t reply_process_addr(struct reply_state *reply,
133 struct option_cache *addr);
134static isc_boolean_t address_is_owned(struct reply_state *reply,
135 struct iaddr *addr);
136static isc_boolean_t temporary_is_available(struct reply_state *reply,
137 struct iaddr *addr);
138static isc_result_t find_client_temporaries(struct reply_state *reply);
139static isc_result_t reply_process_try_addr(struct reply_state *reply,
140 struct iaddr *addr);
141static isc_result_t find_client_address(struct reply_state *reply);
142static isc_result_t reply_process_is_addressed(struct reply_state *reply,
143 struct binding_scope **scope,
144 struct group *group);
145static isc_result_t reply_process_send_addr(struct reply_state *reply,
146 struct iaddr *addr);
147static struct iasubopt *lease_compare(struct iasubopt *alpha,
148 struct iasubopt *beta);
149static isc_result_t reply_process_ia_pd(struct reply_state *reply,
150 struct option_cache *ia_pd);
151static struct group *find_group_by_prefix(struct reply_state *reply);
152static isc_result_t reply_process_prefix(struct reply_state *reply,
153 struct option_cache *pref);
154static isc_boolean_t prefix_is_owned(struct reply_state *reply,
155 struct iaddrcidrnet *pref);
156static isc_result_t find_client_prefix(struct reply_state *reply);
157static isc_result_t reply_process_try_prefix(struct reply_state *reply,
158 struct iaddrcidrnet *pref);
159static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
160 struct binding_scope **scope,
161 struct group *group);
162static isc_result_t reply_process_send_prefix(struct reply_state *reply,
163 struct iaddrcidrnet *pref);
164static struct iasubopt *prefix_compare(struct reply_state *reply,
165 struct iasubopt *alpha,
166 struct iasubopt *beta);
167static void schedule_lease_timeout_reply(struct reply_state *reply);
168
169static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
170static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
171 int prefix_mode);
172
173static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
174 const struct data_string *client_id,
175 const struct data_string *server_id);
176
177static isc_boolean_t is_unicast_option_defined(struct packet *packet);
178static isc_result_t shared_network_from_requested_addr (struct shared_network
179 **shared,
180 struct packet* packet);
181static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
182 struct iaddr* iaddr);
183
184static void
185set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
186
187static const char *iasubopt_plen_str(struct iasubopt *lease);
188static int release_on_roam(struct reply_state *reply);
189
190static int reuse_lease6(struct reply_state *reply, struct iasubopt *lease);
191static void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
192 time_t age, int threshold);
193static void write_to_packet(struct reply_state *reply, unsigned ia_cursor);
194static const char *iasubopt_plen_str(struct iasubopt *lease);
195
196#ifdef NSUPDATE
197static void ddns_update_static6(struct reply_state* reply);
198#endif
199
200#ifdef DHCP4o6
201/*
202 * \brief Omapi I/O handler
203 *
204 * The inter-process communication receive handler.
205 * Get the message, put it into the raw data_string
206 * and call \ref send_dhcpv4_response() (DHCPv6 side) or
207 * \ref recv_dhcpv4_query() (DHCPv4 side)
208 *
209 * \param h the OMAPI object
210 * \return a result for I/O success or error (used by the I/O subsystem)
211 */
212isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
213 char buf[65536];
214 struct data_string raw;
215 int cc;
216
217 if (h->type != dhcp4o6_type)
218 return DHCP_R_INVALIDARG;
219
220 cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
221
222 if (cc < DHCP_FIXED_NON_UDP + offset_data4o6)
223 return ISC_R_UNEXPECTED;
224 memset(&raw, 0, sizeof(raw));
225 if (!buffer_allocate(&raw.buffer, cc, MDL)) {
226 log_error("dhcpv4o6_handler: no memory buffer.");
227 return ISC_R_NOMEMORY;
228 }
229 raw.data = raw.buffer->data;
230 raw.len = cc;
231 memcpy(raw.buffer->data, buf, cc);
232
233 if (local_family == AF_INET6) {
234 send_dhcpv4_response(&raw);
235 } else {
236 recv_dhcpv4_query(&raw);
237 }
238
239 data_string_forget(&raw, MDL);
240
241 return ISC_R_SUCCESS;
242}
243
244/*
245 * \brief Send the DHCPv4-response back to the DHCPv6 side
246 * (DHCPv6 server function)
247 *
248 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-response message
249 *
250 * \param raw the IPC message content
251 */
252static void send_dhcpv4_response(struct data_string *raw) {
253 struct interface_info *ip;
254 char name[16 + 1];
255 struct sockaddr_in6 to_addr;
256 char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
257 struct udp_data4o6 udp_data;
258 int send_ret;
259
260 memset(name, 0, sizeof(name));
261 memcpy(name, raw->data, 16);
262 for (ip = interfaces; ip != NULL; ip = ip->next) {
263 if (!strcmp(name, ip->name))
264 break;
265 }
266 if (ip == NULL) {
267 log_error("send_dhcpv4_response: can't find interface %s.",
268 name);
269 return;
270 }
271
272 memset(&to_addr, 0, sizeof(to_addr));
273 to_addr.sin6_family = AF_INET6;
274 memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
275 memset(&udp_data, 0, sizeof(udp_data));
276 memcpy(&udp_data, raw->data + 32, 4);
277 if ((raw->data[36] == DHCPV6_RELAY_FORW) ||
278 (raw->data[36] == DHCPV6_RELAY_REPL)) {
279 if (udp_data.rsp_opt_exist) {
280 to_addr.sin6_port = udp_data.src_port;
281 } else {
282 to_addr.sin6_port = local_port;
283 }
284 } else {
285 to_addr.sin6_port = remote_port;
286 }
287
288 log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
289 dhcpv6_type_names[raw->data[36]],
290 name,
291 inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
292 ntohs(to_addr.sin6_port));
293
294 send_ret = send_packet6(ip, raw->data + 36, raw->len - 36, &to_addr);
295 if (send_ret < 0) {
296 log_error("send_dhcpv4_response: send_packet6(): %m");
297 } else if (send_ret != raw->len - 36) {
298 log_error("send_dhcpv4_response: send_packet6() "
299 "sent %d of %d bytes",
300 send_ret, raw->len - 36);
301 }
302}
303#endif /* DHCP4o6 */
304
305/*
306 * Schedule lease timeouts for all of the iasubopts in the reply.
307 * This is currently used to schedule timeouts for soft leases.
308 */
309
310static void
311schedule_lease_timeout_reply(struct reply_state *reply) {
312 struct iasubopt *tmp;
313 int i;
314
315 /* sanity check the reply */
316 if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
317 return;
318
319 /* walk through the list, scheduling as we go */
320 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
321 tmp = reply->ia->iasubopt[i];
323 }
324}
325
326/*
327 * This function returns the time since DUID time start for the
328 * given time_t value.
329 */
330static u_int32_t
331duid_time(time_t when) {
332 /*
333 * This time is modulo 2^32.
334 */
335 while ((when - DUID_TIME_EPOCH) > 4294967295u) {
336 /* use 2^31 to avoid spurious compiler warnings */
337 when -= 2147483648u;
338 when -= 2147483648u;
339 }
340
341 return when - DUID_TIME_EPOCH;
342}
343
344
345/*
346 * Server DUID.
347 *
348 * This must remain the same for the lifetime of this server, because
349 * clients return the server DUID that we sent them in Request packets.
350 *
351 * We pick the server DUID like this:
352 *
353 * 1. Check dhcpd.conf - any value the administrator has configured
354 * overrides any possible values.
355 * 2. Check the leases.txt - we want to use the previous value if
356 * possible.
357 * 3. Check if dhcpd.conf specifies a type of server DUID to use,
358 * and generate that type.
359 * 4. Generate a type 1 (time + hardware address) DUID.
360 */
361static struct data_string server_duid;
362
363/*
364 * Check if the server_duid has been set.
365 */
367server_duid_isset(void) {
368 return (server_duid.data != NULL);
369}
370
371/*
372 * Return the server_duid.
373 */
374void
375copy_server_duid(struct data_string *ds, const char *file, int line) {
376 data_string_copy(ds, &server_duid, file, line);
377}
378
379/*
380 * Set the server DUID to a specified value. This is used when
381 * the server DUID is stored in persistent memory (basically the
382 * leases.txt file).
383 */
384void
385set_server_duid(struct data_string *new_duid) {
386 /* INSIST(new_duid != NULL); */
387 /* INSIST(new_duid->data != NULL); */
388
389 if (server_duid_isset()) {
390 data_string_forget(&server_duid, MDL);
391 }
392 data_string_copy(&server_duid, new_duid, MDL);
393}
394
395
396/*
397 * Set the server DUID based on the D6O_SERVERID option. This handles
398 * the case where the administrator explicitly put it in the dhcpd.conf
399 * file.
400 */
401isc_result_t
403 struct option_state *opt_state;
404 struct option_cache *oc;
405 struct data_string option_duid;
406 isc_result_t ret_val;
407
408 opt_state = NULL;
409 if (!option_state_allocate(&opt_state, MDL)) {
410 log_fatal("No memory for server DUID.");
411 }
412
413 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
414 opt_state, &global_scope, root_group,
415 NULL, NULL);
416
417 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
418 if (oc == NULL) {
419 ret_val = ISC_R_NOTFOUND;
420 } else {
421 memset(&option_duid, 0, sizeof(option_duid));
422 if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
423 opt_state, NULL, &global_scope,
424 oc, MDL)) {
425 ret_val = ISC_R_UNEXPECTED;
426 } else {
427 set_server_duid(&option_duid);
428 data_string_forget(&option_duid, MDL);
429 ret_val = ISC_R_SUCCESS;
430 }
431 }
432
433 option_state_dereference(&opt_state, MDL);
434
435 return ret_val;
436}
437
438/*
439 * DUID layout, as defined in RFC 3315, section 9.
440 *
441 * We support type 1 (hardware address plus time) and type 3 (hardware
442 * address).
443 *
444 * We can support type 2 for specific vendors in the future, if they
445 * publish the specification. And of course there may be additional
446 * types later.
447 */
448static int server_duid_type = DUID_LLT;
449
450/*
451 * Set the DUID type.
452 */
453void
454set_server_duid_type(int type) {
455 server_duid_type = type;
456}
457
458/*
459 * Generate a new server DUID. This is done if there was no DUID in
460 * the leases.txt or in the dhcpd.conf file.
461 */
462isc_result_t
464 struct interface_info *p;
465 u_int32_t time_val;
466 struct data_string generated_duid;
467
468 /*
469 * Verify we have a type that we support.
470 */
471 if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
472 log_error("Invalid DUID type %d specified, "
473 "only LL and LLT types supported", server_duid_type);
474 return DHCP_R_INVALIDARG;
475 }
476
477 /*
478 * Find an interface with a hardware address.
479 * Any will do. :)
480 */
481 for (p = interfaces; p != NULL; p = p->next) {
482 if (p->hw_address.hlen > 0) {
483 break;
484 }
485 if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
486 log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
487 }
488 }
489 if (p == NULL) {
490 return ISC_R_UNEXPECTED;
491 }
492
493 /*
494 * Build our DUID.
495 */
496 memset(&generated_duid, 0, sizeof(generated_duid));
497 if (server_duid_type == DUID_LLT) {
498 time_val = duid_time(time(NULL));
499 generated_duid.len = 8 + p->hw_address.hlen - 1;
500 if (!buffer_allocate(&generated_duid.buffer,
501 generated_duid.len, MDL)) {
502 log_fatal("No memory for server DUID.");
503 }
504 generated_duid.data = generated_duid.buffer->data;
505 putUShort(generated_duid.buffer->data, DUID_LLT);
506 putUShort(generated_duid.buffer->data + 2,
507 p->hw_address.hbuf[0]);
508 putULong(generated_duid.buffer->data + 4, time_val);
509 memcpy(generated_duid.buffer->data + 8,
510 p->hw_address.hbuf+1, p->hw_address.hlen-1);
511 } else if (server_duid_type == DUID_LL) {
512 generated_duid.len = 4 + p->hw_address.hlen - 1;
513 if (!buffer_allocate(&generated_duid.buffer,
514 generated_duid.len, MDL)) {
515 log_fatal("No memory for server DUID.");
516 }
517 generated_duid.data = generated_duid.buffer->data;
518 putUShort(generated_duid.buffer->data, DUID_LL);
519 putUShort(generated_duid.buffer->data + 2,
520 p->hw_address.hbuf[0]);
521 memcpy(generated_duid.buffer->data + 4,
522 p->hw_address.hbuf+1, p->hw_address.hlen-1);
523 } else {
524 log_fatal("Unsupported server DUID type %d.", server_duid_type);
525 }
526
527 set_server_duid(&generated_duid);
528 data_string_forget(&generated_duid, MDL);
529
530 return ISC_R_SUCCESS;
531}
532
533/*
534 * Get the client identifier from the packet.
535 */
536isc_result_t
537get_client_id(struct packet *packet, struct data_string *client_id) {
538 struct option_cache *oc;
539
540 /*
541 * Verify our client_id structure is empty.
542 */
543 if ((client_id->data != NULL) || (client_id->len != 0)) {
544 return DHCP_R_INVALIDARG;
545 }
546
548 if (oc == NULL) {
549 return ISC_R_NOTFOUND;
550 }
551
552 if (!evaluate_option_cache(client_id, packet, NULL, NULL,
553 packet->options, NULL,
554 &global_scope, oc, MDL)) {
555 return ISC_R_FAILURE;
556 }
557
558 return ISC_R_SUCCESS;
559}
560
561/*
562 * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
563 *
564 * Servers MUST discard any Solicit messages that do not include a
565 * Client Identifier option or that do include a Server Identifier
566 * option.
567 */
568int
569valid_client_msg(struct packet *packet, struct data_string *client_id) {
570 int ret_val;
571 struct option_cache *oc;
572 struct data_string data;
573
574 ret_val = 0;
575 memset(client_id, 0, sizeof(*client_id));
576 memset(&data, 0, sizeof(data));
577
578 switch (get_client_id(packet, client_id)) {
579 case ISC_R_SUCCESS:
580 break;
581 case ISC_R_NOTFOUND:
582 log_debug("Discarding %s from %s; "
583 "client identifier missing",
586 goto exit;
587 default:
588 log_error("Error processing %s from %s; "
589 "unable to evaluate Client Identifier",
592 goto exit;
593 }
594
595 /*
596 * Required by RFC 3315, section 15.
597 */
598 if (packet->unicast) {
599 log_debug("Discarding %s from %s; packet sent unicast "
600 "(CLIENTID %s)",
603 print_hex_1(client_id->len, client_id->data, 60));
604 goto exit;
605 }
606
607
609 if (oc != NULL) {
610 if (evaluate_option_cache(&data, packet, NULL, NULL,
611 packet->options, NULL,
612 &global_scope, oc, MDL)) {
613 log_debug("Discarding %s from %s; "
614 "server identifier found "
615 "(CLIENTID %s, SERVERID %s)",
618 print_hex_1(client_id->len,
619 client_id->data, 60),
620 print_hex_2(data.len,
621 data.data, 60));
622 } else {
623 log_debug("Discarding %s from %s; "
624 "server identifier found "
625 "(CLIENTID %s)",
627 print_hex_1(client_id->len,
628 client_id->data, 60),
630 }
631 goto exit;
632 }
633
634 /* looks good */
635 ret_val = 1;
636
637exit:
639 if (!ret_val) {
640 data_string_forget(client_id, MDL);
641 }
642 return ret_val;
643}
644
645/*
646 * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
647 * 15.9 (slightly different wording, but same meaning):
648 *
649 * Servers MUST discard any received Request message that meet any of
650 * the following conditions:
651 *
652 * - the message does not include a Server Identifier option.
653 * - the contents of the Server Identifier option do not match the
654 * server's DUID.
655 * - the message does not include a Client Identifier option.
656 */
657int
658valid_client_resp(struct packet *packet,
659 struct data_string *client_id,
660 struct data_string *server_id)
661{
662 int ret_val;
663 struct option_cache *oc;
664
665 /* INSIST((duid.data != NULL) && (duid.len > 0)); */
666
667 ret_val = 0;
668 memset(client_id, 0, sizeof(*client_id));
669 memset(server_id, 0, sizeof(*server_id));
670
671 switch (get_client_id(packet, client_id)) {
672 case ISC_R_SUCCESS:
673 break;
674 case ISC_R_NOTFOUND:
675 log_debug("Discarding %s from %s; "
676 "client identifier missing",
679 goto exit;
680 default:
681 log_error("Error processing %s from %s; "
682 "unable to evaluate Client Identifier",
685 goto exit;
686 }
687
689 if (oc == NULL) {
690 log_debug("Discarding %s from %s: "
691 "server identifier missing (CLIENTID %s)",
694 print_hex_1(client_id->len, client_id->data, 60));
695 goto exit;
696 }
697 if (!evaluate_option_cache(server_id, packet, NULL, NULL,
698 packet->options, NULL,
699 &global_scope, oc, MDL)) {
700 log_error("Error processing %s from %s; "
701 "unable to evaluate Server Identifier (CLIENTID %s)",
704 print_hex_1(client_id->len, client_id->data, 60));
705 goto exit;
706 }
707 if ((server_duid.len != server_id->len) ||
708 (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
709 log_debug("Discarding %s from %s; "
710 "not our server identifier "
711 "(CLIENTID %s, SERVERID %s, server DUID %s)",
714 print_hex_1(client_id->len, client_id->data, 60),
715 print_hex_2(server_id->len, server_id->data, 60),
716 print_hex_3(server_duid.len, server_duid.data, 60));
717 goto exit;
718 }
719
720 /* looks good */
721 ret_val = 1;
722
723exit:
724 if (!ret_val) {
725 data_string_forget(server_id, MDL);
726 data_string_forget(client_id, MDL);
727 }
728 return ret_val;
729}
730
731/*
732 * Information request validation, defined in RFC 3315, section 15.12:
733 *
734 * Servers MUST discard any received Information-request message that
735 * meets any of the following conditions:
736 *
737 * - The message includes a Server Identifier option and the DUID in
738 * the option does not match the server's DUID.
739 *
740 * - The message includes an IA option.
741 */
742int
743valid_client_info_req(struct packet *packet, struct data_string *server_id) {
744 int ret_val;
745 struct option_cache *oc;
746 struct data_string client_id;
747 char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
748 plus a few more for extra information */
749
750 ret_val = 0;
751 memset(server_id, 0, sizeof(*server_id));
752 memset(&client_id, 0, sizeof(client_id));
753
754 /*
755 * Make a string that we can print out to give more
756 * information about the client if we need to.
757 *
758 * By RFC 3315, Section 18.1.5 clients SHOULD have a
759 * client-id on an Information-request packet, but it
760 * is not strictly necessary.
761 */
762 if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
763 snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
764 print_hex_1(client_id.len, client_id.data, 60));
765 data_string_forget(&client_id, MDL);
766 } else {
767 client_id_str[0] = '\0';
768 }
769
770 /*
771 * Required by RFC 3315, section 15.
772 */
773 if (packet->unicast) {
774 log_debug("Discarding %s from %s; packet sent unicast%s",
776 piaddr(packet->client_addr), client_id_str);
777 goto exit;
778 }
779
781 if (oc != NULL) {
782 log_debug("Discarding %s from %s; "
783 "IA_NA option present%s",
785 piaddr(packet->client_addr), client_id_str);
786 goto exit;
787 }
789 if (oc != NULL) {
790 log_debug("Discarding %s from %s; "
791 "IA_TA option present%s",
793 piaddr(packet->client_addr), client_id_str);
794 goto exit;
795 }
797 if (oc != NULL) {
798 log_debug("Discarding %s from %s; "
799 "IA_PD option present%s",
801 piaddr(packet->client_addr), client_id_str);
802 goto exit;
803 }
804
806 if (oc != NULL) {
807 if (!evaluate_option_cache(server_id, packet, NULL, NULL,
808 packet->options, NULL,
809 &global_scope, oc, MDL)) {
810 log_error("Error processing %s from %s; "
811 "unable to evaluate Server Identifier%s",
813 piaddr(packet->client_addr), client_id_str);
814 goto exit;
815 }
816 if ((server_duid.len != server_id->len) ||
817 (memcmp(server_duid.data, server_id->data,
818 server_duid.len) != 0)) {
819 log_debug("Discarding %s from %s; "
820 "not our server identifier "
821 "(SERVERID %s, server DUID %s)%s",
824 print_hex_1(server_id->len,
825 server_id->data, 60),
826 print_hex_2(server_duid.len,
827 server_duid.data, 60),
828 client_id_str);
829 goto exit;
830 }
831 }
832
833 /* looks good */
834 ret_val = 1;
835
836exit:
837 if (!ret_val) {
838 data_string_forget(server_id, MDL);
839 }
840 return ret_val;
841}
842
843/*
844 * Options that we want to send, in addition to what was requested
845 * via the ORO.
846 */
847static const int required_opts[] = {
852 0
853};
854static const int required_opts_solicit[] = {
857 D6O_IA_NA,
858 D6O_IA_TA,
859 D6O_IA_PD,
864 0
865};
866static const int required_opts_agent[] = {
868#if defined(RELAY_PORT)
870#endif
872 0
873};
874static const int required_opts_IA[] = {
877 0
878};
879static const int required_opts_IA_PD[] = {
882 0
883};
884static const int required_opts_STATUS_CODE[] = {
886 0
887};
888#ifdef DHCP4o6
889static const int required_opts_4o6[] = {
891 0
892};
893#endif
894
895static const int unicast_reject_opts[] = {
899 0
900};
901
902
903/*
904 * Extracts from packet contents an IA_* option, storing the IA structure
905 * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
906 * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
907 * where in the IA_* the DHCPv6 options commence.
908 */
909static int
910get_encapsulated_IA_state(struct option_state **enc_opt_state,
911 struct data_string *enc_opt_data,
912 struct packet *packet,
913 struct option_cache *oc,
914 int offset)
915{
916 /*
917 * Get the raw data for the encapsulated options.
918 */
919 memset(enc_opt_data, 0, sizeof(*enc_opt_data));
920 if (!evaluate_option_cache(enc_opt_data, packet,
921 NULL, NULL, packet->options, NULL,
922 &global_scope, oc, MDL)) {
923 log_error("get_encapsulated_IA_state: "
924 "error evaluating raw option.");
925 return 0;
926 }
927 if (enc_opt_data->len < offset) {
928 log_error("get_encapsulated_IA_state: raw option too small.");
929 data_string_forget(enc_opt_data, MDL);
930 return 0;
931 }
932
933 /*
934 * Now create the option state structure, and pass it to the
935 * function that parses options.
936 */
937 *enc_opt_state = NULL;
938 if (!option_state_allocate(enc_opt_state, MDL)) {
939 log_error("get_encapsulated_IA_state: no memory for options.");
940 data_string_forget(enc_opt_data, MDL);
941 return 0;
942 }
943 if (!parse_option_buffer(*enc_opt_state,
944 enc_opt_data->data + offset,
945 enc_opt_data->len - offset,
946 &dhcpv6_universe)) {
947 log_error("get_encapsulated_IA_state: error parsing options.");
948 option_state_dereference(enc_opt_state, MDL);
949 data_string_forget(enc_opt_data, MDL);
950 return 0;
951 }
952
953 return 1;
954}
955
956static int
957set_status_code(u_int16_t status_code, const char *status_message,
958 struct option_state *opt_state)
959{
960 struct data_string d;
961 int ret_val;
962
963 memset(&d, 0, sizeof(d));
964 d.len = sizeof(status_code) + strlen(status_message);
965 if (!buffer_allocate(&d.buffer, d.len, MDL)) {
966 log_fatal("set_status_code: no memory for status code.");
967 }
968 d.data = d.buffer->data;
969 putUShort(d.buffer->data, status_code);
970 memcpy(d.buffer->data + sizeof(status_code),
971 status_message, d.len - sizeof(status_code));
972 if (!save_option_buffer(&dhcpv6_universe, opt_state,
973 d.buffer, (unsigned char *)d.data, d.len,
974 D6O_STATUS_CODE, 0)) {
975 log_error("set_status_code: error saving status code.");
976 ret_val = 0;
977 } else {
978 ret_val = 1;
979 }
981 return ret_val;
982}
983
984void check_pool6_threshold(struct reply_state *reply,
985 struct iasubopt *lease)
986{
987 struct ipv6_pond *pond;
988 isc_uint64_t used, count, high_threshold;
989 int poolhigh = 0, poollow = 0;
990 char *shared_name = "no name";
991 char tmp_addr[INET6_ADDRSTRLEN];
992
993 if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
994 return;
995 pond = lease->ipv6_pool->ipv6_pond;
996
997 /* If the address range is too large to track, just skip all this. */
998 if (pond->jumbo_range == 1) {
999 return;
1000 }
1001
1002 count = pond->num_total;
1003 used = pond->num_active;
1004
1005 /* get network name for logging */
1006 if ((pond->shared_network != NULL) &&
1007 (pond->shared_network->name != NULL)) {
1008 shared_name = pond->shared_network->name;
1009 }
1010
1011 /* The logged flag indicates if we have already crossed the high
1012 * threshold and emitted a log message. If it is set we check to
1013 * see if we have re-crossed the low threshold and need to reset
1014 * things. When we cross the high threshold we determine what
1015 * the low threshold is and save it into the low_threshold value.
1016 * When we cross that threshold we reset the logged flag and
1017 * the low_threshold to 0 which allows the high threshold message
1018 * to be emitted once again.
1019 * if we haven't recrossed the boundry we don't need to do anything.
1020 */
1021 if (pond->logged !=0) {
1022 if (used <= pond->low_threshold) {
1023 pond->low_threshold = 0;
1024 pond->logged = 0;
1025 log_error("Pool threshold reset - shared subnet: %s; "
1026 "address: %s; low threshold %llu/%llu.",
1027 shared_name,
1028 inet_ntop(AF_INET6, &lease->addr,
1029 tmp_addr, sizeof(tmp_addr)),
1030 (long long unsigned)(used),
1031 (long long unsigned)(count));
1032 }
1033 return;
1034 }
1035
1036 /* find the high threshold */
1037 if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1038 NULL, reply->packet->options, reply->opt_state,
1039 reply->opt_state, &lease->scope,
1040 SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1041 /* no threshold bail out */
1042 return;
1043 }
1044
1045 /* We do have a threshold for this pool, see if its valid */
1046 if ((poolhigh <= 0) || (poolhigh > 100)) {
1047 /* not valid */
1048 return;
1049 }
1050
1051 /* we have a valid value, have we exceeded it */
1052 high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1053 if (used < high_threshold) {
1054 /* nope, no more to do */
1055 return;
1056 }
1057
1058 /* we've exceeded it, output a message */
1059 log_error("Pool threshold exceeded - shared subnet: %s; "
1060 "address: %s; high threshold %d%% %llu/%llu.",
1061 shared_name,
1062 inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1063 poolhigh, (long long unsigned)(used),
1064 (long long unsigned)(count));
1065
1066 /* handle the low threshold now, if we don't
1067 * have one we default to 0. */
1068 if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1069 NULL, reply->packet->options, reply->opt_state,
1070 reply->opt_state, &lease->scope,
1071 SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1072 (poollow > 100)) {
1073 poollow = 0;
1074 }
1075
1076 /*
1077 * If the low theshold is higher than the high threshold we continue to log
1078 * If it isn't then we set the flag saying we already logged and determine
1079 * what the reset threshold is.
1080 */
1081 if (poollow < poolhigh) {
1082 pond->logged = 1;
1083 pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1084 }
1085}
1086
1087/*
1088 * We have a set of operations we do to set up the reply packet, which
1089 * is the same for many message types.
1090 */
1091static int
1092start_reply(struct packet *packet,
1093 const struct data_string *client_id,
1094 const struct data_string *server_id,
1095 struct option_state **opt_state,
1096 struct dhcpv6_packet *reply)
1097{
1098 struct option_cache *oc;
1099 const unsigned char *server_id_data;
1100 int server_id_len;
1101
1102 /*
1103 * Build our option state for reply.
1104 */
1105 *opt_state = NULL;
1106 if (!option_state_allocate(opt_state, MDL)) {
1107 log_error("start_reply: no memory for option_state.");
1108 return 0;
1109 }
1110 execute_statements_in_scope(NULL, packet, NULL, NULL,
1111 packet->options, *opt_state,
1112 &global_scope, root_group, NULL, NULL);
1113
1114 /*
1115 * A small bit of special handling for Solicit messages.
1116 *
1117 * We could move the logic into a flag, but for now just check
1118 * explicitly.
1119 */
1121 reply->msg_type = DHCPV6_ADVERTISE;
1122
1123 /*
1124 * If:
1125 * - this message type supports rapid commit (Solicit), and
1126 * - the server is configured to supply a rapid commit, and
1127 * - the client requests a rapid commit,
1128 * Then we add a rapid commit option, and send Reply (instead
1129 * of an Advertise).
1130 */
1132 *opt_state, D6O_RAPID_COMMIT);
1133 if (oc != NULL) {
1136 if (oc != NULL) {
1137 /* Rapid-commit in action. */
1138 reply->msg_type = DHCPV6_REPLY;
1139 } else {
1140 /* Don't want a rapid-commit in advertise. */
1142 *opt_state, D6O_RAPID_COMMIT);
1143 }
1144 }
1145 } else {
1146 reply->msg_type = DHCPV6_REPLY;
1147 /* Delete the rapid-commit from the sent options. */
1149 *opt_state, D6O_RAPID_COMMIT);
1150 if (oc != NULL) {
1152 *opt_state, D6O_RAPID_COMMIT);
1153 }
1154 }
1155
1156 /*
1157 * Use the client's transaction identifier for the reply.
1158 */
1160 sizeof(reply->transaction_id));
1161
1162 /*
1163 * RFC 3315, section 18.2 says we need server identifier and
1164 * client identifier.
1165 *
1166 * If the server ID is defined via the configuration file, then
1167 * it will already be present in the option state at this point,
1168 * so we don't need to set it.
1169 *
1170 * If we have a server ID passed in from the caller,
1171 * use that, otherwise use the global DUID.
1172 */
1173 oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1174 if (oc == NULL) {
1175 if (server_id == NULL) {
1176 server_id_data = server_duid.data;
1177 server_id_len = server_duid.len;
1178 } else {
1179 server_id_data = server_id->data;
1180 server_id_len = server_id->len;
1181 }
1182 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1183 NULL, (unsigned char *)server_id_data,
1184 server_id_len, D6O_SERVERID, 0)) {
1185 log_error("start_reply: "
1186 "error saving server identifier.");
1187 return 0;
1188 }
1189 }
1190
1191 if (client_id->buffer != NULL) {
1192 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1193 client_id->buffer,
1194 (unsigned char *)client_id->data,
1195 client_id->len,
1196 D6O_CLIENTID, 0)) {
1197 log_error("start_reply: error saving "
1198 "client identifier.");
1199 return 0;
1200 }
1201 }
1202
1203 /*
1204 * If the client accepts reconfiguration, let it know that we
1205 * will send them.
1206 *
1207 * Note: we don't actually do this yet, but DOCSIS requires we
1208 * claim to.
1209 */
1212 if (oc != NULL) {
1213 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1214 NULL, (unsigned char *)"", 0,
1215 D6O_RECONF_ACCEPT, 0)) {
1216 log_error("start_reply: "
1217 "error saving RECONF_ACCEPT option.");
1218 option_state_dereference(opt_state, MDL);
1219 return 0;
1220 }
1221 }
1222
1223 return 1;
1224}
1225
1226/*
1227 * Try to get the IPv6 address the client asked for from the
1228 * pool.
1229 *
1230 * addr is the result (should be a pointer to NULL on entry)
1231 * pool is the pool to search in
1232 * requested_addr is the address the client wants
1233 */
1234static isc_result_t
1235try_client_v6_address(struct iasubopt **addr,
1236 struct ipv6_pool *pool,
1237 const struct data_string *requested_addr)
1238{
1239 struct in6_addr tmp_addr;
1240 isc_result_t result;
1241
1242 if (requested_addr->len < sizeof(tmp_addr)) {
1243 return DHCP_R_INVALIDARG;
1244 }
1245 memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1246 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1247 return ISC_R_FAILURE;
1248 }
1249
1250 /*
1251 * The address is not covered by this (or possibly any) dynamic
1252 * range.
1253 */
1254 if (!ipv6_in_pool(&tmp_addr, pool)) {
1255 return ISC_R_ADDRNOTAVAIL;
1256 }
1257
1258 if (lease6_exists(pool, &tmp_addr)) {
1259 return ISC_R_ADDRINUSE;
1260 }
1261
1262 result = iasubopt_allocate(addr, MDL);
1263 if (result != ISC_R_SUCCESS) {
1264 return result;
1265 }
1266 (*addr)->addr = tmp_addr;
1267 (*addr)->plen = 0;
1268
1269 /* Default is soft binding for 2 minutes. */
1270 result = add_lease6(pool, *addr, cur_time + 120);
1271 if (result != ISC_R_SUCCESS) {
1273 }
1274 return result;
1275}
1276
1298static isc_result_t
1299pick_v6_address(struct reply_state *reply)
1300{
1301 struct ipv6_pool *p = NULL;
1302 struct ipv6_pond *pond;
1303 int i;
1304 int start_pool;
1305 unsigned int attempts;
1306 char tmp_buf[INET6_ADDRSTRLEN];
1307 struct iasubopt **addr = &reply->lease;
1308 isc_uint64_t total = 0;
1309 isc_uint64_t active = 0;
1310 isc_uint64_t abandoned = 0;
1311 int jumbo_range = 0;
1312 char *shared_name = (reply->shared->name ?
1313 reply->shared->name : "(no name)");
1314
1315 /*
1316 * Do a quick walk through of the ponds and pools
1317 * to see if we have any NA address pools
1318 */
1319 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1320 if (pond->ipv6_pools == NULL)
1321 continue;
1322
1323 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1324 if (p->pool_type == D6O_IA_NA)
1325 break;
1326 }
1327 if (p != NULL)
1328 break;
1329 }
1330
1331 /* If we get here and p is NULL we have no useful pools */
1332 if (p == NULL) {
1333 log_debug("Unable to pick client address: "
1334 "no IPv6 pools on this shared network");
1335 return ISC_R_NORESOURCES;
1336 }
1337
1338 /*
1339 * We have at least one pool that could provide an address
1340 * Now we walk through the ponds and pools again and check
1341 * to see if the client is permitted and if an address is
1342 * available
1343 *
1344 * Within a given pond we start looking at the last pool we
1345 * allocated from, unless it had a collision trying to allocate
1346 * an address. This will tend to move us into less-filled pools.
1347 */
1348
1349 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1350 isc_result_t result = ISC_R_FAILURE;
1351
1352 if (((pond->prohibit_list != NULL) &&
1353 (permitted(reply->packet, pond->prohibit_list))) ||
1354 ((pond->permit_list != NULL) &&
1355 (!permitted(reply->packet, pond->permit_list))))
1356 continue;
1357
1358#ifdef EUI_64
1359 /* If pond is EUI-64 but client duid isn't a valid EUI-64
1360 * id, then skip this pond */
1361 if (pond->use_eui_64 &&
1362 !valid_eui_64_duid(&reply->ia->iaid_duid, IAID_LEN)) {
1363 continue;
1364 }
1365#endif
1366
1367 start_pool = pond->last_ipv6_pool;
1368 i = start_pool;
1369 do {
1370 p = pond->ipv6_pools[i];
1371 if (p->pool_type == D6O_IA_NA) {
1372#ifdef EUI_64
1373 if (pond->use_eui_64) {
1374 result =
1375 create_lease6_eui_64(p, addr,
1376 &reply->ia->iaid_duid,
1377 cur_time + 120);
1378 }
1379 else
1380#endif
1381 {
1382 result =
1383 create_lease6(p, addr, &attempts,
1384 &reply->ia->iaid_duid,
1385 cur_time + 120);
1386
1387 }
1388
1389 if (result == ISC_R_SUCCESS) {
1390 /*
1391 * Record the pool used (or next one if
1392 * there was a collision).
1393 */
1394 if (attempts > 1) {
1395 i++;
1396 if (pond->ipv6_pools[i]
1397 == NULL) {
1398 i = 0;
1399 }
1400 }
1401
1402 pond->last_ipv6_pool = i;
1403
1404 log_debug("Picking pool address %s",
1405 inet_ntop(AF_INET6,
1406 &((*addr)->addr),
1407 tmp_buf, sizeof(tmp_buf)));
1408 return (ISC_R_SUCCESS);
1409 }
1410 }
1411
1412 i++;
1413 if (pond->ipv6_pools[i] == NULL) {
1414 i = 0;
1415 }
1416 } while (i != start_pool);
1417
1418 if (result == ISC_R_NORESOURCES) {
1419 jumbo_range += pond->jumbo_range;
1420 total += pond->num_total;
1421 active += pond->num_active;
1422 abandoned += pond->num_abandoned;
1423 }
1424 }
1425
1426 /*
1427 * If we failed to pick an IPv6 address from any of the subnets.
1428 * Presumably that means we have no addresses for the client.
1429 */
1430 if (jumbo_range != 0) {
1431 log_debug("Unable to pick client address: "
1432 "no addresses available - shared network %s: "
1433 " 2^64-1 < total, %llu active, %llu abandoned",
1434 shared_name, (long long unsigned)(active - abandoned),
1435 (long long unsigned)(abandoned));
1436 } else {
1437 log_debug("Unable to pick client address: "
1438 "no addresses available - shared network %s: "
1439 "%llu total, %llu active, %llu abandoned",
1440 shared_name, (long long unsigned)(total),
1441 (long long unsigned)(active - abandoned),
1442 (long long unsigned)(abandoned));
1443 }
1444
1445 return ISC_R_NORESOURCES;
1446}
1447
1448/*
1449 * Try to get the IPv6 prefix the client asked for from the
1450 * prefix pool.
1451 *
1452 * pref is the result (should be a pointer to NULL on entry)
1453 * pool is the prefix pool to search in
1454 * requested_pref is the address the client wants
1455 */
1456static isc_result_t
1457try_client_v6_prefix(struct iasubopt **pref,
1458 struct ipv6_pool *pool,
1459 const struct data_string *requested_pref)
1460{
1461 u_int8_t tmp_plen;
1462 struct in6_addr tmp_pref;
1463 struct iaddr ia;
1464 isc_result_t result;
1465
1466 if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1467 return DHCP_R_INVALIDARG;
1468 }
1469
1470 tmp_plen = (int) requested_pref->data[0];
1471 if ((tmp_plen < 3) || (tmp_plen > 128)) {
1472 return ISC_R_FAILURE;
1473 }
1474
1475 memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1476 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1477 return ISC_R_FAILURE;
1478 }
1479
1480 ia.len = 16;
1481 memcpy(&ia.iabuf, &tmp_pref, 16);
1482 if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1483 return ISC_R_FAILURE;
1484 }
1485
1486 if (!ipv6_in_pool(&tmp_pref, pool) ||
1487 ((int)tmp_plen != pool->units)) {
1488 return ISC_R_ADDRNOTAVAIL;
1489 }
1490
1491 if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1492 return ISC_R_ADDRINUSE;
1493 }
1494
1495 result = iasubopt_allocate(pref, MDL);
1496 if (result != ISC_R_SUCCESS) {
1497 return result;
1498 }
1499
1500 (*pref)->addr = tmp_pref;
1501 (*pref)->plen = tmp_plen;
1502
1503 /* Default is soft binding for 2 minutes. */
1504 result = add_lease6(pool, *pref, cur_time + 120);
1505 if (result != ISC_R_SUCCESS) {
1507 }
1508
1509 return result;
1510}
1511
1551static isc_result_t
1552pick_v6_prefix(struct reply_state *reply) {
1553 struct ipv6_pool *p = NULL;
1554 struct ipv6_pond *pond;
1555 int i;
1556 isc_result_t result;
1557
1558 /*
1559 * Do a quick walk through of the ponds and pools
1560 * to see if we have any prefix pools
1561 */
1562 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1563 if (pond->ipv6_pools == NULL)
1564 continue;
1565
1566 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1567 if (p->pool_type == D6O_IA_PD)
1568 break;
1569 }
1570 if (p != NULL)
1571 break;
1572 }
1573
1574 /* If we get here and p is NULL we have no useful pools */
1575 if (p == NULL) {
1576 log_debug("Unable to pick client prefix: "
1577 "no IPv6 pools on this shared network");
1578 return ISC_R_NORESOURCES;
1579 }
1580
1581 if (reply->preflen <= 0) {
1582 /* If we didn't get a plen (-1) or client plen is 0, then just
1583 * select first available (same as PLM_INGORE) */
1584 result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1585 } else {
1586 switch (prefix_length_mode) {
1587 case PLM_PREFER:
1588 /* First we look for an exact match, if not found
1589 * then first available */
1590 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1591 if (result != ISC_R_SUCCESS) {
1592 result = pick_v6_prefix_helper(reply,
1593 PLM_IGNORE);
1594 }
1595 break;
1596
1597 case PLM_EXACT:
1598 /* Match exactly or fail */
1599 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1600 break;
1601
1602 case PLM_MINIMUM:
1603 case PLM_MAXIMUM:
1604 /* First we look for an exact match, if not found
1605 * then first available by mode */
1606 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1607 if (result != ISC_R_SUCCESS) {
1608 result = pick_v6_prefix_helper(reply,
1610 }
1611 break;
1612
1613 default:
1614 /* First available */
1615 result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1616 break;
1617 }
1618 }
1619
1620 if (result == ISC_R_SUCCESS) {
1621 char tmp_buf[INET6_ADDRSTRLEN];
1622
1623 log_debug("Picking pool prefix %s/%u",
1624 inet_ntop(AF_INET6, &(reply->lease->addr),
1625 tmp_buf, sizeof(tmp_buf)),
1626 (unsigned)(reply->lease->plen));
1627 return (ISC_R_SUCCESS);
1628 }
1629
1630 /*
1631 * If we failed to pick an IPv6 prefix
1632 * Presumably that means we have no prefixes for the client.
1633 */
1634 log_debug("Unable to pick client prefix: no prefixes available");
1635 return ISC_R_NORESOURCES;
1636}
1637
1661isc_result_t
1662pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1663 struct ipv6_pool *p = NULL;
1664 struct ipv6_pond *pond;
1665 int i;
1666 unsigned int attempts;
1667 struct iasubopt **pref = &reply->lease;
1668
1669 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1670 if (((pond->prohibit_list != NULL) &&
1671 (permitted(reply->packet, pond->prohibit_list))) ||
1672 ((pond->permit_list != NULL) &&
1673 (!permitted(reply->packet, pond->permit_list))))
1674 continue;
1675
1676 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1677 if ((p->pool_type == D6O_IA_PD) &&
1678 (eval_prefix_mode(p->units, reply->preflen,
1679 prefix_mode) == 1) &&
1680 (create_prefix6(p, pref, &attempts,
1681 &reply->ia->iaid_duid,
1682 cur_time + 120) == ISC_R_SUCCESS)) {
1683 return (ISC_R_SUCCESS);
1684 }
1685 }
1686 }
1687
1688 return ISC_R_NORESOURCES;
1689}
1690
1705int
1706eval_prefix_mode(int len, int preflen, int prefix_mode) {
1707 int use_it = 1;
1708 switch (prefix_mode) {
1709 case PLM_EXACT:
1710 use_it = (len == preflen);
1711 break;
1712 case PLM_MINIMUM:
1713 /* they asked for a prefix length no "shorter" than preflen */
1714 use_it = (len >= preflen);
1715 break;
1716 case PLM_MAXIMUM:
1717 /* they asked for a prefix length no "longer" than preflen */
1718 use_it = (len <= preflen);
1719 break;
1720 default:
1721 /* otherwise use it */
1722 break;
1723 }
1724
1725 return (use_it);
1726}
1727
1728/*
1729 *! \file server/dhcpv6.c
1730 *
1731 * \brief construct a reply containing information about a client's lease
1732 *
1733 * lease_to_client() is called from several messages to construct a
1734 * reply that contains all that we know about the client's correct lease
1735 * (or projected lease).
1736 *
1737 * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1738 * send what we "may" give them on a request.
1739 *
1740 * Request - "Hard" binding, but ignore supplied addresses (just provide what
1741 * the client should really use).
1742 *
1743 * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1744 * Rebind out any "wrong" addresses the client sends. This means we send
1745 * an empty IA_NA with a status code of NoBinding or NotOnLink or
1746 * possibly send the address with zeroed lifetimes.
1747 *
1748 * Information-Request - No binding.
1749 *
1750 * The basic structure is to traverse the client-supplied data first, and
1751 * validate and echo back any contents that can be. If the client-supplied
1752 * data does not error out (on renew/rebind as above), but we did not send
1753 * any addresses, attempt to allocate one.
1754 *
1755 * At the end of the this function we call commit_leases_timed() to
1756 * fsync and rotate the file as necessary. commit_leases_timed() will
1757 * check that we have written at least one lease to the file and that
1758 * some time has passed before doing any fsync or file rewrite so we
1759 * don't bother tracking if we did a write_ia during this function.
1760 */
1761/* TODO: look at client hints for lease times */
1762
1763static void
1764lease_to_client(struct data_string *reply_ret,
1765 struct packet *packet,
1766 const struct data_string *client_id,
1767 const struct data_string *server_id)
1768{
1769 static struct reply_state reply;
1770 struct option_cache *oc;
1771 struct data_string packet_oro;
1772 int i;
1773
1774 memset(&packet_oro, 0, sizeof(packet_oro));
1775
1776 /* Locate the client. */
1777 if (shared_network_from_packet6(&reply.shared,
1779 goto exit;
1780
1781 /*
1782 * Initialize the reply.
1783 */
1784 packet_reference(&reply.packet, packet, MDL);
1785 data_string_copy(&reply.client_id, client_id, MDL);
1786
1787 if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1788 &reply.buf.reply))
1789 goto exit;
1790
1791 /* Set the write cursor to just past the reply header. */
1792 reply.cursor = REPLY_OPTIONS_INDEX;
1793
1794 /*
1795 * Get the ORO from the packet, if any.
1796 */
1798 if (oc != NULL) {
1799 if (!evaluate_option_cache(&packet_oro, packet,
1800 NULL, NULL,
1801 packet->options, NULL,
1802 &global_scope, oc, MDL)) {
1803 log_error("lease_to_client: error evaluating ORO.");
1804 goto exit;
1805 }
1806 }
1807
1808 /*
1809 * Find a host record that matches the packet, if any, and is
1810 * valid for the shared network the client is on.
1811 */
1812 if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1813 packet->known = 1;
1814 seek_shared_host(&reply.host, reply.shared);
1815 }
1816
1817 /* Process the client supplied IA's onto the reply buffer. */
1818 reply.ia_count = 0;
1820
1821 for (; oc != NULL ; oc = oc->next) {
1822 isc_result_t status;
1823
1824 /* Start counting resources (addresses) offered. */
1825 reply.client_resources = 0;
1826 reply.resources_included = ISC_FALSE;
1827
1828 status = reply_process_ia_na(&reply, oc);
1829
1830 /*
1831 * We continue to try other IA's whether we can address
1832 * this one or not. Any other result is an immediate fail.
1833 */
1834 if ((status != ISC_R_SUCCESS) &&
1835 (status != ISC_R_NORESOURCES))
1836 goto exit;
1837 }
1839 for (; oc != NULL ; oc = oc->next) {
1840 isc_result_t status;
1841
1842 /* Start counting resources (addresses) offered. */
1843 reply.client_resources = 0;
1844 reply.resources_included = ISC_FALSE;
1845
1846 status = reply_process_ia_ta(&reply, oc);
1847
1848 /*
1849 * We continue to try other IA's whether we can address
1850 * this one or not. Any other result is an immediate fail.
1851 */
1852 if ((status != ISC_R_SUCCESS) &&
1853 (status != ISC_R_NORESOURCES))
1854 goto exit;
1855 }
1856
1857 /* Same for IA_PD's. */
1858 reply.pd_count = 0;
1860 for (; oc != NULL ; oc = oc->next) {
1861 isc_result_t status;
1862
1863 /* Start counting resources (prefixes) offered. */
1864 reply.client_resources = 0;
1865 reply.resources_included = ISC_FALSE;
1866
1867 status = reply_process_ia_pd(&reply, oc);
1868
1869 /*
1870 * We continue to try other IA_PD's whether we can address
1871 * this one or not. Any other result is an immediate fail.
1872 */
1873 if ((status != ISC_R_SUCCESS) &&
1874 (status != ISC_R_NORESOURCES))
1875 goto exit;
1876 }
1877
1878 /*
1879 * Make no reply if we gave no resources and is not
1880 * for Information-Request.
1881 */
1882 if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1883 if (reply.packet->dhcpv6_msg_type !=
1885 goto exit;
1886
1887 /*
1888 * Because we only execute statements on a per-IA basis,
1889 * we need to execute statements in any non-IA reply to
1890 * source configuration.
1891 */
1892 execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1893 reply.packet->options,
1894 reply.opt_state, &global_scope,
1895 reply.shared->group, root_group,
1896 NULL);
1897
1898 /* Execute statements from class scopes. */
1899 for (i = reply.packet->class_count; i > 0; i--) {
1900 execute_statements_in_scope(NULL, reply.packet,
1901 NULL, NULL,
1902 reply.packet->options,
1903 reply.opt_state,
1904 &global_scope,
1905 reply.packet->classes[i - 1]->group,
1906 reply.shared->group, NULL);
1907 }
1908
1909 /* Bring in any configuration from a host record. */
1910 if (reply.host != NULL)
1911 execute_statements_in_scope(NULL, reply.packet,
1912 NULL, NULL,
1913 reply.packet->options,
1914 reply.opt_state,
1915 &global_scope,
1916 reply.host->group,
1917 reply.shared->group, NULL);
1918 }
1919
1920 /*
1921 * RFC3315 section 17.2.2 (Solicit):
1922 *
1923 * If the server will not assign any addresses to any IAs in a
1924 * subsequent Request from the client, the server MUST send an
1925 * Advertise message to the client that includes only a Status
1926 * Code option with code NoAddrsAvail and a status message for
1927 * the user, a Server Identifier option with the server's DUID,
1928 * and a Client Identifier option with the client's DUID.
1929 *
1930 * This has been updated by an errata such that the server
1931 * can always send an IA.
1932 *
1933 * Section 18.2.1 (Request):
1934 *
1935 * If the server cannot assign any addresses to an IA in the
1936 * message from the client, the server MUST include the IA in
1937 * the Reply message with no addresses in the IA and a Status
1938 * Code option in the IA containing status code NoAddrsAvail.
1939 *
1940 * Section 18.1.8 (Client Behavior):
1941 *
1942 * Leave unchanged any information about addresses the client has
1943 * recorded in the IA but that were not included in the IA from
1944 * the server.
1945 * Sends a Renew/Rebind if the IA is not in the Reply message.
1946 */
1947
1948 /*
1949 * Having stored the client's IA's, store any options that
1950 * will fit in the remaining space.
1951 */
1952 reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1953 sizeof(reply.buf) - reply.cursor,
1954 reply.opt_state, reply.packet,
1955 required_opts_solicit,
1956 &packet_oro);
1957
1958 /* Return our reply to the caller. */
1959 reply_ret->len = reply.cursor;
1960 reply_ret->buffer = NULL;
1961 if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1962 log_fatal("No memory to store Reply.");
1963 }
1964 memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1965 reply_ret->data = reply_ret->buffer->data;
1966
1967 /* If appropriate commit and rotate the lease file */
1968 (void) commit_leases_timed();
1969
1970 exit:
1971 /* Cleanup. */
1972 if (reply.shared != NULL)
1973 shared_network_dereference(&reply.shared, MDL);
1974 if (reply.host != NULL)
1975 host_dereference(&reply.host, MDL);
1976 if (reply.opt_state != NULL)
1977 option_state_dereference(&reply.opt_state, MDL);
1978 if (reply.packet != NULL)
1979 packet_dereference(&reply.packet, MDL);
1980 if (reply.client_id.data != NULL)
1981 data_string_forget(&reply.client_id, MDL);
1982 if (packet_oro.buffer != NULL)
1983 data_string_forget(&packet_oro, MDL);
1984 reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1985 reply.cursor = 0;
1986}
1987
1988/* Process a client-supplied IA_NA. This may append options to the tail of
1989 * the reply packet being built in the reply_state structure.
1990 */
1991static isc_result_t
1992reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1993 isc_result_t status = ISC_R_SUCCESS;
1994 u_int32_t iaid;
1995 unsigned ia_cursor;
1996 struct option_state *packet_ia;
1997 struct option_cache *oc;
1998 struct data_string ia_data, data;
1999
2000 /* Initialize values that will get cleaned up on return. */
2001 packet_ia = NULL;
2002 memset(&ia_data, 0, sizeof(ia_data));
2003 memset(&data, 0, sizeof(data));
2004 /*
2005 * Note that find_client_address() may set reply->lease.
2006 */
2007
2008 /* Make sure there is at least room for the header. */
2009 if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
2010 log_error("reply_process_ia_na: Reply too long for IA.");
2011 return ISC_R_NOSPACE;
2012 }
2013
2014
2015 /* Fetch the IA_NA contents. */
2016 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2017 ia, IA_NA_OFFSET)) {
2018 log_error("reply_process_ia_na: error evaluating ia");
2019 status = ISC_R_FAILURE;
2020 goto cleanup;
2021 }
2022
2023 /* Extract IA_NA header contents. */
2024 iaid = getULong(ia_data.data);
2025 reply->renew = getULong(ia_data.data + 4);
2026 reply->rebind = getULong(ia_data.data + 8);
2027
2028 /* Create an IA_NA structure. */
2029 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2030 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2031 log_error("reply_process_ia_na: no memory for ia.");
2032 status = ISC_R_NOMEMORY;
2033 goto cleanup;
2034 }
2035 reply->ia->ia_type = D6O_IA_NA;
2036
2037 /* Cache pre-existing IA, if any. */
2038 ia_hash_lookup(&reply->old_ia, ia_na_active,
2039 (unsigned char *)reply->ia->iaid_duid.data,
2040 reply->ia->iaid_duid.len, MDL);
2041
2042 /*
2043 * Create an option cache to carry the IA_NA option contents, and
2044 * execute any user-supplied values into it.
2045 */
2046 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2047 status = ISC_R_NOMEMORY;
2048 goto cleanup;
2049 }
2050
2051 /* Check & cache the fixed host record. */
2052 if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2053 struct iaddr tmp_addr;
2054
2055 if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2056 NULL, NULL, &global_scope,
2057 reply->host->fixed_addr, MDL)) {
2058 log_error("reply_process_ia_na: unable to evaluate "
2059 "fixed address.");
2060 status = ISC_R_FAILURE;
2061 goto cleanup;
2062 }
2063
2064 if (reply->fixed.len < 16) {
2065 log_error("reply_process_ia_na: invalid fixed address.");
2066 status = DHCP_R_INVALIDARG;
2067 goto cleanup;
2068 }
2069
2070 /* Find the static lease's subnet. */
2071 tmp_addr.len = 16;
2072 memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2073
2074 if (find_grouped_subnet(&reply->subnet, reply->shared,
2075 tmp_addr, MDL) == 0)
2076 log_fatal("Impossible condition at %s:%d.", MDL);
2077
2078 reply->static_lease = ISC_TRUE;
2079 } else
2080 reply->static_lease = ISC_FALSE;
2081
2082 /*
2083 * Save the cursor position at the start of the IA, so we can
2084 * set length and adjust t1/t2 values later. We write a temporary
2085 * header out now just in case we decide to adjust the packet
2086 * within sub-process functions.
2087 */
2088 ia_cursor = reply->cursor;
2089
2090 /* Initialize the IA_NA header. First the code. */
2091 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2092 reply->cursor += 2;
2093
2094 /* Then option length. */
2095 putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2096 reply->cursor += 2;
2097
2098 /* Then IA_NA header contents; IAID. */
2099 putULong(reply->buf.data + reply->cursor, iaid);
2100 reply->cursor += 4;
2101
2102 /* We store the client's t1 for now, and may over-ride it later. */
2103 putULong(reply->buf.data + reply->cursor, reply->renew);
2104 reply->cursor += 4;
2105
2106 /* We store the client's t2 for now, and may over-ride it later. */
2107 putULong(reply->buf.data + reply->cursor, reply->rebind);
2108 reply->cursor += 4;
2109
2110 /*
2111 * For each address in this IA_NA, decide what to do about it.
2112 *
2113 * Guidelines:
2114 *
2115 * The client leaves unchanged any information about addresses
2116 * it has recorded but are not included ("cancel/break" below).
2117 * A not included IA ("cleanup" below) could give a Renew/Rebind.
2118 */
2119 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2120 reply->min_valid = reply->min_prefer = INFINITE_TIME;
2121 reply->client_valid = reply->client_prefer = 0;
2122 for (; oc != NULL ; oc = oc->next) {
2123 status = reply_process_addr(reply, oc);
2124
2125 /*
2126 * Canceled means we did not allocate addresses to the
2127 * client, but we're "done" with this IA - we set a status
2128 * code. So transmit this reply, e.g., move on to the next
2129 * IA.
2130 */
2131 if (status == ISC_R_CANCELED)
2132 break;
2133
2134 if ((status != ISC_R_SUCCESS) &&
2135 (status != ISC_R_ADDRINUSE) &&
2136 (status != ISC_R_ADDRNOTAVAIL))
2137 goto cleanup;
2138 }
2139
2140 reply->ia_count++;
2141
2142 /*
2143 * If we fell through the above and never gave the client
2144 * an address, give it one now.
2145 */
2146 if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2147 status = find_client_address(reply);
2148
2149 if (status == ISC_R_NORESOURCES) {
2150 switch (reply->packet->dhcpv6_msg_type) {
2151 case DHCPV6_SOLICIT:
2152 /*
2153 * No address for any IA is handled
2154 * by the caller.
2155 */
2156 /* FALL THROUGH */
2157
2158 case DHCPV6_REQUEST:
2159 /* Section 18.2.1 (Request):
2160 *
2161 * If the server cannot assign any addresses to
2162 * an IA in the message from the client, the
2163 * server MUST include the IA in the Reply
2164 * message with no addresses in the IA and a
2165 * Status Code option in the IA containing
2166 * status code NoAddrsAvail.
2167 */
2168 option_state_dereference(&reply->reply_ia, MDL);
2169 if (!option_state_allocate(&reply->reply_ia,
2170 MDL))
2171 {
2172 log_error("reply_process_ia_na: No "
2173 "memory for option state "
2174 "wipe.");
2175 status = ISC_R_NOMEMORY;
2176 goto cleanup;
2177 }
2178
2179 if (!set_status_code(STATUS_NoAddrsAvail,
2180 "No addresses available "
2181 "for this interface.",
2182 reply->reply_ia)) {
2183 log_error("reply_process_ia_na: Unable "
2184 "to set NoAddrsAvail status "
2185 "code.");
2186 status = ISC_R_FAILURE;
2187 goto cleanup;
2188 }
2189
2190 status = ISC_R_SUCCESS;
2191 break;
2192
2193 default:
2194 /*
2195 * RFC 3315 does not tell us to emit a status
2196 * code in this condition, or anything else.
2197 *
2198 * If we included non-allocated addresses
2199 * (zeroed lifetimes) in an IA, then the client
2200 * will deconfigure them.
2201 *
2202 * So we want to include the IA even if we
2203 * can't give it a new address if it includes
2204 * zeroed lifetime addresses.
2205 *
2206 * We don't want to include the IA if we
2207 * provide zero addresses including zeroed
2208 * lifetimes.
2209 */
2210 if (reply->resources_included)
2211 status = ISC_R_SUCCESS;
2212 else
2213 goto cleanup;
2214 break;
2215 }
2216 }
2217
2218 if (status != ISC_R_SUCCESS)
2219 goto cleanup;
2220 }
2221
2222 /*
2223 * yes, goto's aren't the best but we also want to avoid extra
2224 * indents
2225 */
2226 if (status == ISC_R_CANCELED) {
2227 /* We're replying with a status code so we still need to
2228 * write it out in wire-format to the outbound buffer */
2229 write_to_packet(reply, ia_cursor);
2230 goto cleanup;
2231 }
2232
2233 /*
2234 * Handle static leases, we always log stuff and if it's
2235 * a hard binding we run any commit statements that we have
2236 */
2237 if (reply->static_lease) {
2238 char tmp_addr[INET6_ADDRSTRLEN];
2239 log_info("%s NA: address %s to client with duid %s iaid = %d "
2240 "static",
2241 dhcpv6_type_names[reply->buf.reply.msg_type],
2242 inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2243 sizeof(tmp_addr)),
2244 print_hex_1(reply->client_id.len,
2245 reply->client_id.data, 60),
2246 iaid);
2247
2248 /* Write the lease out in wire-format to the outbound buffer */
2249 write_to_packet(reply, ia_cursor);
2250#ifdef NSUPDATE
2251 /* Performs DDNS updates if we're configured to do them */
2252 ddns_update_static6(reply);
2253#endif
2254 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2255 (reply->on_star.on_commit != NULL)) {
2256 execute_statements(NULL, reply->packet, NULL, NULL,
2257 reply->packet->options,
2258 reply->opt_state, NULL,
2259 reply->on_star.on_commit, NULL);
2261 (&reply->on_star.on_commit, MDL);
2262 }
2263 goto cleanup;
2264 }
2265
2266 /*
2267 * If we have any addresses log what we are doing.
2268 */
2269 if (reply->ia->num_iasubopt != 0) {
2270 struct iasubopt *tmp;
2271 int i;
2272 char tmp_addr[INET6_ADDRSTRLEN];
2273
2274 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2275 tmp = reply->ia->iasubopt[i];
2276
2277 log_info("%s NA: address %s to client with duid %s "
2278 "iaid = %d valid for %u seconds",
2279 dhcpv6_type_names[reply->buf.reply.msg_type],
2280 inet_ntop(AF_INET6, &tmp->addr,
2281 tmp_addr, sizeof(tmp_addr)),
2282 print_hex_1(reply->client_id.len,
2283 reply->client_id.data, 60),
2284 iaid, tmp->valid);
2285 }
2286 }
2287
2288 /*
2289 * If this is not a 'soft' binding, consume the new changes into
2290 * the database (if any have been attached to the ia_na).
2291 *
2292 * Loop through the assigned dynamic addresses, referencing the
2293 * leases onto this IA_NA rather than any old ones, and updating
2294 * pool timers for each (if any).
2295 *
2296 * Note that we must do ddns_updates() before we test for lease
2297 * reuse (so we'll know if DNS entries are different). To ensure
2298 * we don't break any configs, we run on_commit statements before
2299 * we do ddns_updates() just in case the former affects the later.
2300 * This is symetrical with v4 logic. We always run on_commit and
2301 * ddns_udpates() whether a lease is reused or renewed.
2302 */
2303 if ((reply->ia->num_iasubopt != 0) &&
2304 (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2305 int must_commit = 0;
2306 struct iasubopt *tmp;
2307 struct data_string *ia_id;
2308 int i;
2309
2310 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2311 tmp = reply->ia->iasubopt[i];
2312 if (tmp->ia != NULL) {
2313 ia_dereference(&tmp->ia, MDL);
2314 }
2315
2316 ia_reference(&tmp->ia, reply->ia, MDL);
2317
2318 /* If we have anything to do on commit do it now */
2319 if (tmp->on_star.on_commit != NULL) {
2320 execute_statements(NULL, reply->packet,
2321 NULL, NULL,
2322 reply->packet->options,
2323 reply->opt_state,
2324 &tmp->scope,
2325 tmp->on_star.on_commit,
2326 &tmp->on_star);
2328 (&tmp->on_star.on_commit, MDL);
2329 }
2330
2331#if defined (NSUPDATE)
2332
2333 /* Perform ddns updates */
2334 oc = lookup_option(&server_universe, reply->opt_state,
2336 if ((oc == NULL) ||
2337 evaluate_boolean_option_cache(NULL, reply->packet,
2338 NULL, NULL,
2339 reply->packet->options,
2340 reply->opt_state,
2341 &tmp->scope,
2342 oc, MDL)) {
2343 ddns_updates(reply->packet, NULL, NULL,
2344 tmp, NULL, reply->opt_state);
2345 }
2346#endif
2347 if (!reuse_lease6(reply, tmp)) {
2348 /* Commit 'hard' bindings. */
2349 must_commit = 1;
2350 renew_lease6(tmp->ipv6_pool, tmp);
2352
2353 /* Do our threshold check. */
2354 check_pool6_threshold(reply, tmp);
2355 }
2356 }
2357
2358 /* write the IA_NA in wire-format to the outbound buffer */
2359 write_to_packet(reply, ia_cursor);
2360
2361 /* Remove any old ia from the hash. */
2362 if (reply->old_ia != NULL) {
2363 if (!release_on_roam(reply)) {
2364 ia_id = &reply->old_ia->iaid_duid;
2365 ia_hash_delete(ia_na_active,
2366 (unsigned char *)ia_id->data,
2367 ia_id->len, MDL);
2368 }
2369
2370 ia_dereference(&reply->old_ia, MDL);
2371 }
2372
2373 /* Put new ia into the hash. */
2374 reply->ia->cltt = cur_time;
2375 ia_id = &reply->ia->iaid_duid;
2376 ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2377 ia_id->len, reply->ia, MDL);
2378
2379 /* If we couldn't reuse all of the iasubopts, we
2380 * must update udpate the lease db */
2381 if (must_commit) {
2382 write_ia(reply->ia);
2383 }
2384 } else {
2385 /* write the IA_NA in wire-format to the outbound buffer */
2386 write_to_packet(reply, ia_cursor);
2387 schedule_lease_timeout_reply(reply);
2388 }
2389
2390 cleanup:
2391 if (packet_ia != NULL)
2392 option_state_dereference(&packet_ia, MDL);
2393 if (reply->reply_ia != NULL)
2394 option_state_dereference(&reply->reply_ia, MDL);
2395 if (ia_data.data != NULL)
2396 data_string_forget(&ia_data, MDL);
2397 if (data.data != NULL)
2399 if (reply->ia != NULL)
2400 ia_dereference(&reply->ia, MDL);
2401 if (reply->old_ia != NULL)
2402 ia_dereference(&reply->old_ia, MDL);
2403 if (reply->lease != NULL)
2404 iasubopt_dereference(&reply->lease, MDL);
2405 if (reply->fixed.data != NULL)
2406 data_string_forget(&reply->fixed, MDL);
2407 if (reply->subnet != NULL)
2408 subnet_dereference(&reply->subnet, MDL);
2409 if (reply->on_star.on_expiry != NULL)
2411 (&reply->on_star.on_expiry, MDL);
2412 if (reply->on_star.on_release != NULL)
2414 (&reply->on_star.on_release, MDL);
2415
2416 /*
2417 * ISC_R_CANCELED is a status code used by the addr processing to
2418 * indicate we're replying with a status code. This is still a
2419 * success at higher layers.
2420 */
2421 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2422}
2423
2424/*
2425 * Writes the populated IA_xx in wire format to the reply buffer
2426 */
2427void
2428write_to_packet(struct reply_state *reply, unsigned ia_cursor) {
2429 reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2430 sizeof(reply->buf) - reply->cursor,
2431 reply->reply_ia, reply->packet,
2432 (reply->ia->ia_type != D6O_IA_PD ?
2433 required_opts_IA : required_opts_IA_PD),
2434 NULL);
2435
2436 /* Reset the length of this IA to match what was just written. */
2437 putUShort(reply->buf.data + ia_cursor + 2,
2438 reply->cursor - (ia_cursor + 4));
2439
2440 if (reply->ia->ia_type != D6O_IA_TA) {
2441 /* Calculate T1/T2 and stuff them in the reply */
2442 set_reply_tee_times(reply, ia_cursor);
2443 }
2444}
2445
2446/*
2447 * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2448 * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2449 * in the event we are replying with a status code and do not wish to process
2450 * more IAADDRs within this IA.
2451 */
2452static isc_result_t
2453reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2454 u_int32_t pref_life, valid_life;
2455 struct binding_scope **scope;
2456 struct group *group;
2457 struct subnet *subnet;
2458 struct iaddr tmp_addr;
2459 struct option_cache *oc;
2460 struct data_string iaaddr, data;
2461 isc_result_t status = ISC_R_SUCCESS;
2462#ifdef EUI_64
2463 int invalid_for_eui_64 = 0;
2464#endif
2465
2466 /* Initializes values that will be cleaned up. */
2467 memset(&iaaddr, 0, sizeof(iaaddr));
2468 memset(&data, 0, sizeof(data));
2469 /* Note that reply->lease may be set by address_is_owned() */
2470
2471 /*
2472 * There is no point trying to process an incoming address if there
2473 * is no room for an outgoing address.
2474 */
2475 if ((reply->cursor + 28) > sizeof(reply->buf)) {
2476 log_error("reply_process_addr: Out of room for address.");
2477 return ISC_R_NOSPACE;
2478 }
2479
2480 /* Extract this IAADDR option. */
2481 if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2482 reply->packet->options, NULL, &global_scope,
2483 addr, MDL) ||
2484 (iaaddr.len < IAADDR_OFFSET)) {
2485 log_error("reply_process_addr: error evaluating IAADDR.");
2486 status = ISC_R_FAILURE;
2487 goto cleanup;
2488 }
2489
2490 /* The first 16 bytes are the IPv6 address. */
2491 pref_life = getULong(iaaddr.data + 16);
2492 valid_life = getULong(iaaddr.data + 20);
2493
2494 if ((reply->client_valid == 0) ||
2495 (reply->client_valid > valid_life))
2496 reply->client_valid = valid_life;
2497
2498 if ((reply->client_prefer == 0) ||
2499 (reply->client_prefer > pref_life))
2500 reply->client_prefer = pref_life;
2501
2502 /*
2503 * Clients may choose to send :: as an address, with the idea to give
2504 * hints about preferred-lifetime or valid-lifetime.
2505 */
2506 tmp_addr.len = 16;
2507 memset(tmp_addr.iabuf, 0, 16);
2508 if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2509 /* Status remains success; we just ignore this one. */
2510 goto cleanup;
2511 }
2512
2513 /* tmp_addr len remains 16 */
2514 memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2515
2516 /*
2517 * Verify that this address is on the client's network.
2518 */
2519 for (subnet = reply->shared->subnets ; subnet != NULL ;
2521 if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2522 subnet->net))
2523 break;
2524 }
2525
2526#ifdef EUI_64
2527 if (subnet) {
2528 /* If the requested address falls into an EUI-64 pool, then
2529 * we need to verify if it has EUI-64 duid AND the requested
2530 * address is correct for that duid. If not we treat it just
2531 * like an not-on-link request. */
2532 struct ipv6_pool* pool = NULL;
2533 struct in6_addr* addr = (struct in6_addr*)(iaaddr.data);
2534 if ((find_ipv6_pool(&pool, D6O_IA_NA, addr) == ISC_R_SUCCESS)
2535 && (pool->ipv6_pond->use_eui_64) &&
2536 (!valid_for_eui_64_pool(pool, &reply->client_id, 0, addr))) {
2537 log_debug ("Requested address: %s,"
2538 " not valid for EUI-64 pool",
2539 pin6_addr(addr));
2540 invalid_for_eui_64 = 1;
2541 }
2542 }
2543#endif
2544
2545 /* Address not found on shared network. */
2546#ifdef EUI_64
2547 if ((subnet == NULL) || invalid_for_eui_64) {
2548#else
2549 if (subnet == NULL) {
2550#endif
2551 /* Ignore this address on 'soft' bindings. */
2552 if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2553 /* disable rapid commit */
2554 reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2556 reply->opt_state,
2558 /* status remains success */
2559 goto cleanup;
2560 }
2561
2562 /*
2563 * RFC3315 section 18.2.1:
2564 *
2565 * If the server finds that the prefix on one or more IP
2566 * addresses in any IA in the message from the client is not
2567 * appropriate for the link to which the client is connected,
2568 * the server MUST return the IA to the client with a Status
2569 * Code option with the value NotOnLink.
2570 */
2571 if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2572 /* Rewind the IA_NA to empty. */
2573 option_state_dereference(&reply->reply_ia, MDL);
2574 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2575 log_error("reply_process_addr: No memory for "
2576 "option state wipe.");
2577 status = ISC_R_NOMEMORY;
2578 goto cleanup;
2579 }
2580
2581 /* Append a NotOnLink status code. */
2582 if (!set_status_code(STATUS_NotOnLink,
2583 "Address not for use on this "
2584 "link.", reply->reply_ia)) {
2585 log_error("reply_process_addr: Failure "
2586 "setting status code.");
2587 status = ISC_R_FAILURE;
2588 goto cleanup;
2589 }
2590
2591 /* Fin (no more IAADDRs). */
2592 status = ISC_R_CANCELED;
2593 goto cleanup;
2594 }
2595
2596 /*
2597 * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2598 *
2599 * If the server finds that any of the addresses are not
2600 * appropriate for the link to which the client is attached,
2601 * the server returns the address to the client with lifetimes
2602 * of 0.
2603 */
2604 if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2605 (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2606 log_error("It is impossible to lease a client that is "
2607 "not sending a solicit, request, renew, or "
2608 "rebind.");
2609 status = ISC_R_FAILURE;
2610 goto cleanup;
2611 }
2612
2613 reply->send_prefer = reply->send_valid = 0;
2614 goto send_addr;
2615 }
2616
2617
2618 /* Verify the address belongs to the client. */
2619 if (!address_is_owned(reply, &tmp_addr)) {
2620 /*
2621 * For solicit and request, any addresses included are
2622 * 'requested' addresses. For rebind, we actually have
2623 * no direction on what to do from 3315 section 18.2.4!
2624 * So I think the best bet is to try and give it out, and if
2625 * we can't, zero lifetimes.
2626 */
2627 if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2628 (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2629 (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2630 status = reply_process_try_addr(reply, &tmp_addr);
2631
2632 /*
2633 * If the address is in use, or isn't in any dynamic
2634 * range, continue as normal. If any other error was
2635 * found, error out.
2636 */
2637 if ((status != ISC_R_SUCCESS) &&
2638 (status != ISC_R_ADDRINUSE) &&
2639 (status != ISC_R_ADDRNOTAVAIL))
2640 goto cleanup;
2641
2642 /*
2643 * If we didn't honor this lease, for solicit and
2644 * request we simply omit it from our answer. For
2645 * rebind, we send it with zeroed lifetimes.
2646 */
2647 if (reply->lease == NULL) {
2648 if (reply->packet->dhcpv6_msg_type ==
2649 DHCPV6_REBIND) {
2650 reply->send_prefer = 0;
2651 reply->send_valid = 0;
2652 goto send_addr;
2653 }
2654
2655 /* status remains success - ignore */
2656 goto cleanup;
2657 }
2658 /*
2659 * RFC3315 section 18.2.3:
2660 *
2661 * If the server cannot find a client entry for the IA the
2662 * server returns the IA containing no addresses with a Status
2663 * Code option set to NoBinding in the Reply message.
2664 *
2665 * On mismatch we (ab)use this pretending we have not the IA
2666 * as soon as we have not an address.
2667 */
2668 } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2669 /* Rewind the IA_NA to empty. */
2670 option_state_dereference(&reply->reply_ia, MDL);
2671 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2672 log_error("reply_process_addr: No memory for "
2673 "option state wipe.");
2674 status = ISC_R_NOMEMORY;
2675 goto cleanup;
2676 }
2677
2678 /* Append a NoBinding status code. */
2679 if (!set_status_code(STATUS_NoBinding,
2680 "Address not bound to this "
2681 "interface.", reply->reply_ia)) {
2682 log_error("reply_process_addr: Unable to "
2683 "attach status code.");
2684 status = ISC_R_FAILURE;
2685 goto cleanup;
2686 }
2687
2688 /* Fin (no more IAADDRs). */
2689 status = ISC_R_CANCELED;
2690 goto cleanup;
2691 } else {
2692 log_error("It is impossible to lease a client that is "
2693 "not sending a solicit, request, renew, or "
2694 "rebind message.");
2695 status = ISC_R_FAILURE;
2696 goto cleanup;
2697 }
2698 }
2699
2700 if (reply->static_lease) {
2701 if (reply->host == NULL)
2702 log_fatal("Impossible condition at %s:%d.", MDL);
2703
2704 scope = &global_scope;
2705 group = reply->subnet->group;
2706 } else {
2707 if (reply->lease == NULL)
2708 log_fatal("Impossible condition at %s:%d.", MDL);
2709
2710 scope = &reply->lease->scope;
2711 group = reply->lease->ipv6_pool->ipv6_pond->group;
2712 }
2713
2714 /*
2715 * If client_resources is nonzero, then the reply_process_is_addressed
2716 * function has executed configuration state into the reply option
2717 * cache. We will use that valid cache to derive configuration for
2718 * whether or not to engage in additional addresses, and similar.
2719 */
2720 if (reply->client_resources != 0) {
2721 unsigned limit = 1;
2722
2723 /*
2724 * Does this client have "enough" addresses already? Default
2725 * to one. Everybody gets one, and one should be enough for
2726 * anybody.
2727 */
2728 oc = lookup_option(&server_universe, reply->opt_state,
2730 if (oc != NULL) {
2731 if (!evaluate_option_cache(&data, reply->packet,
2732 NULL, NULL,
2733 reply->packet->options,
2734 reply->opt_state,
2735 scope, oc, MDL) ||
2736 (data.len != 4)) {
2737 log_error("reply_process_addr: unable to "
2738 "evaluate addrs-per-ia value.");
2739 status = ISC_R_FAILURE;
2740 goto cleanup;
2741 }
2742
2743 limit = getULong(data.data);
2744 data_string_forget(&data, MDL);
2745 }
2746
2747 /*
2748 * If we wish to limit the client to a certain number of
2749 * addresses, then omit the address from the reply.
2750 */
2751 if (reply->client_resources >= limit)
2752 goto cleanup;
2753 }
2754
2755 status = reply_process_is_addressed(reply, scope, group);
2756 if (status != ISC_R_SUCCESS)
2757 goto cleanup;
2758
2759 send_addr:
2760 status = reply_process_send_addr(reply, &tmp_addr);
2761
2762 cleanup:
2763 if (iaaddr.data != NULL)
2764 data_string_forget(&iaaddr, MDL);
2765 if (data.data != NULL)
2766 data_string_forget(&data, MDL);
2767 if (reply->lease != NULL)
2768 iasubopt_dereference(&reply->lease, MDL);
2769
2770 return status;
2771}
2772
2773/*
2774 * Verify the address belongs to the client. If we've got a host
2775 * record with a fixed address, it has to be the assigned address
2776 * (fault out all else). Otherwise it's a dynamic address, so lookup
2777 * that address and make sure it belongs to this DUID:IAID pair.
2778 */
2779static isc_boolean_t
2780address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2781 int i;
2782 struct ipv6_pond *pond;
2783
2784 /*
2785 * This faults out addresses that don't match fixed addresses.
2786 */
2787 if (reply->static_lease) {
2788 if (reply->fixed.data == NULL)
2789 log_fatal("Impossible condition at %s:%d.", MDL);
2790
2791 if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2792 return (ISC_TRUE);
2793
2794 return (ISC_FALSE);
2795 }
2796
2797 if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2798 return (ISC_FALSE);
2799
2800 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2801 struct iasubopt *tmp;
2802
2803 tmp = reply->old_ia->iasubopt[i];
2804
2805 if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2806 if (lease6_usable(tmp) == ISC_FALSE) {
2807 return (ISC_FALSE);
2808 }
2809
2810 pond = tmp->ipv6_pool->ipv6_pond;
2811 if (((pond->prohibit_list != NULL) &&
2812 (permitted(reply->packet, pond->prohibit_list))) ||
2813 ((pond->permit_list != NULL) &&
2814 (!permitted(reply->packet, pond->permit_list))))
2815 return (ISC_FALSE);
2816
2817 iasubopt_reference(&reply->lease, tmp, MDL);
2818
2819 return (ISC_TRUE);
2820 }
2821 }
2822
2823 return (ISC_FALSE);
2824}
2825
2826/* Process a client-supplied IA_TA. This may append options to the tail of
2827 * the reply packet being built in the reply_state structure.
2828 */
2829static isc_result_t
2830reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2831 isc_result_t status = ISC_R_SUCCESS;
2832 u_int32_t iaid;
2833 unsigned ia_cursor;
2834 struct option_state *packet_ia;
2835 struct option_cache *oc;
2836 struct data_string ia_data, data;
2837 struct data_string iaaddr;
2838 u_int32_t pref_life, valid_life;
2839 struct iaddr tmp_addr;
2840
2841 /* Initialize values that will get cleaned up on return. */
2842 packet_ia = NULL;
2843 memset(&ia_data, 0, sizeof(ia_data));
2844 memset(&data, 0, sizeof(data));
2845 memset(&iaaddr, 0, sizeof(iaaddr));
2846
2847 /* Make sure there is at least room for the header. */
2848 if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2849 log_error("reply_process_ia_ta: Reply too long for IA.");
2850 return ISC_R_NOSPACE;
2851 }
2852
2853
2854 /* Fetch the IA_TA contents. */
2855 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2856 ia, IA_TA_OFFSET)) {
2857 log_error("reply_process_ia_ta: error evaluating ia");
2858 status = ISC_R_FAILURE;
2859 goto cleanup;
2860 }
2861
2862 /* Extract IA_TA header contents. */
2863 iaid = getULong(ia_data.data);
2864
2865 /* Create an IA_TA structure. */
2866 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2867 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2868 log_error("reply_process_ia_ta: no memory for ia.");
2869 status = ISC_R_NOMEMORY;
2870 goto cleanup;
2871 }
2872 reply->ia->ia_type = D6O_IA_TA;
2873
2874 /* Cache pre-existing IA, if any. */
2875 ia_hash_lookup(&reply->old_ia, ia_ta_active,
2876 (unsigned char *)reply->ia->iaid_duid.data,
2877 reply->ia->iaid_duid.len, MDL);
2878
2879 /*
2880 * Create an option cache to carry the IA_TA option contents, and
2881 * execute any user-supplied values into it.
2882 */
2883 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2884 status = ISC_R_NOMEMORY;
2885 goto cleanup;
2886 }
2887
2888 /*
2889 * Temporary leases are dynamic by definition.
2890 */
2891 reply->static_lease = ISC_FALSE;
2892
2893 /*
2894 * Save the cursor position at the start of the IA, so we can
2895 * set length later. We write a temporary
2896 * header out now just in case we decide to adjust the packet
2897 * within sub-process functions.
2898 */
2899 ia_cursor = reply->cursor;
2900
2901 /* Initialize the IA_TA header. First the code. */
2902 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2903 reply->cursor += 2;
2904
2905 /* Then option length. */
2906 putUShort(reply->buf.data + reply->cursor, 0x04u);
2907 reply->cursor += 2;
2908
2909 /* Then IA_TA header contents; IAID. */
2910 putULong(reply->buf.data + reply->cursor, iaid);
2911 reply->cursor += 4;
2912
2913 /*
2914 * Deal with an IAADDR for lifetimes.
2915 * For all or none, process IAADDRs as hints.
2916 */
2917 reply->min_valid = reply->min_prefer = INFINITE_TIME;
2918 reply->client_valid = reply->client_prefer = 0;
2919 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2920 for (; oc != NULL; oc = oc->next) {
2921 memset(&iaaddr, 0, sizeof(iaaddr));
2922 if (!evaluate_option_cache(&iaaddr, reply->packet,
2923 NULL, NULL,
2924 reply->packet->options, NULL,
2925 &global_scope, oc, MDL) ||
2926 (iaaddr.len < IAADDR_OFFSET)) {
2927 log_error("reply_process_ia_ta: error "
2928 "evaluating IAADDR.");
2929 status = ISC_R_FAILURE;
2930 goto cleanup;
2931 }
2932 /* The first 16 bytes are the IPv6 address. */
2933 pref_life = getULong(iaaddr.data + 16);
2934 valid_life = getULong(iaaddr.data + 20);
2935
2936 if ((reply->client_valid == 0) ||
2937 (reply->client_valid > valid_life))
2938 reply->client_valid = valid_life;
2939
2940 if ((reply->client_prefer == 0) ||
2941 (reply->client_prefer > pref_life))
2942 reply->client_prefer = pref_life;
2943
2944 /* Nothing more if something has failed. */
2945 if (status == ISC_R_CANCELED)
2946 continue;
2947
2948 tmp_addr.len = 16;
2949 memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2950 if (!temporary_is_available(reply, &tmp_addr))
2951 goto bad_temp;
2952 status = reply_process_is_addressed(reply,
2953 &reply->lease->scope,
2954 reply->lease->ipv6_pool->ipv6_pond->group);
2955 if (status != ISC_R_SUCCESS)
2956 goto bad_temp;
2957 status = reply_process_send_addr(reply, &tmp_addr);
2958 if (status != ISC_R_SUCCESS)
2959 goto bad_temp;
2960 if (reply->lease != NULL)
2961 iasubopt_dereference(&reply->lease, MDL);
2962 continue;
2963
2964 bad_temp:
2965 /* Rewind the IA_TA to empty. */
2966 option_state_dereference(&reply->reply_ia, MDL);
2967 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2968 status = ISC_R_NOMEMORY;
2969 goto cleanup;
2970 }
2971 status = ISC_R_CANCELED;
2972 reply->client_resources = 0;
2973 reply->resources_included = ISC_FALSE;
2974 if (reply->lease != NULL)
2975 iasubopt_dereference(&reply->lease, MDL);
2976 }
2977 reply->ia_count++;
2978
2979 /*
2980 * Give the client temporary addresses.
2981 */
2982 if (reply->client_resources != 0)
2983 goto store;
2984 status = find_client_temporaries(reply);
2985 if (status == ISC_R_NORESOURCES) {
2986 switch (reply->packet->dhcpv6_msg_type) {
2987 case DHCPV6_SOLICIT:
2988 /*
2989 * No address for any IA is handled
2990 * by the caller.
2991 */
2992 /* FALL THROUGH */
2993
2994 case DHCPV6_REQUEST:
2995 /* Section 18.2.1 (Request):
2996 *
2997 * If the server cannot assign any addresses to
2998 * an IA in the message from the client, the
2999 * server MUST include the IA in the Reply
3000 * message with no addresses in the IA and a
3001 * Status Code option in the IA containing
3002 * status code NoAddrsAvail.
3003 */
3004 option_state_dereference(&reply->reply_ia, MDL);
3005 if (!option_state_allocate(&reply->reply_ia, MDL)) {
3006 log_error("reply_process_ia_ta: No "
3007 "memory for option state wipe.");
3008 status = ISC_R_NOMEMORY;
3009 goto cleanup;
3010 }
3011
3012 if (!set_status_code(STATUS_NoAddrsAvail,
3013 "No addresses available "
3014 "for this interface.",
3015 reply->reply_ia)) {
3016 log_error("reply_process_ia_ta: Unable "
3017 "to set NoAddrsAvail status code.");
3018 status = ISC_R_FAILURE;
3019 goto cleanup;
3020 }
3021
3022 status = ISC_R_SUCCESS;
3023 break;
3024
3025 default:
3026 /*
3027 * We don't want to include the IA if we
3028 * provide zero addresses including zeroed
3029 * lifetimes.
3030 */
3031 if (reply->resources_included)
3032 status = ISC_R_SUCCESS;
3033 else
3034 goto cleanup;
3035 break;
3036 }
3037 } else if (status != ISC_R_SUCCESS)
3038 goto cleanup;
3039
3040 store:
3041
3042 /*
3043 * yes, goto's aren't the best but we also want to avoid extra
3044 * indents
3045 */
3046 if (status == ISC_R_CANCELED) {
3047 /* We're replying with a status code so we still need to
3048 * write it out in wire-format to the outbound buffer */
3049 write_to_packet(reply, ia_cursor);
3050 goto cleanup;
3051 }
3052
3053 /*
3054 * If we have any addresses log what we are doing.
3055 */
3056 if (reply->ia->num_iasubopt != 0) {
3057 struct iasubopt *tmp;
3058 int i;
3059 char tmp_addr[INET6_ADDRSTRLEN];
3060
3061 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3062 tmp = reply->ia->iasubopt[i];
3063
3064 log_info("%s TA: address %s to client with duid %s "
3065 "iaid = %d valid for %u seconds",
3066 dhcpv6_type_names[reply->buf.reply.msg_type],
3067 inet_ntop(AF_INET6, &tmp->addr,
3068 tmp_addr, sizeof(tmp_addr)),
3069 print_hex_1(reply->client_id.len,
3070 reply->client_id.data, 60),
3071 iaid,
3072 tmp->valid);
3073 }
3074 }
3075
3076 /*
3077 * For hard bindings we consume the new changes into
3078 * the database (if any have been attached to the ia_ta).
3079 *
3080 * Loop through the assigned dynamic addresses, referencing the
3081 * leases onto this IA_TA rather than any old ones, and updating
3082 * pool timers for each (if any).
3083 */
3084 if ((reply->ia->num_iasubopt != 0) &&
3085 (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
3086 int must_commit = 0;
3087 struct iasubopt *tmp;
3088 struct data_string *ia_id;
3089 int i;
3090
3091 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3092 tmp = reply->ia->iasubopt[i];
3093
3094 if (tmp->ia != NULL)
3095 ia_dereference(&tmp->ia, MDL);
3096 ia_reference(&tmp->ia, reply->ia, MDL);
3097
3098 /* If we have anything to do on commit do it now */
3099 if (tmp->on_star.on_commit != NULL) {
3100 execute_statements(NULL, reply->packet,
3101 NULL, NULL,
3102 reply->packet->options,
3103 reply->opt_state,
3104 &tmp->scope,
3105 tmp->on_star.on_commit,
3106 &tmp->on_star);
3108 (&tmp->on_star.on_commit, MDL);
3109 }
3110
3111#if defined (NSUPDATE)
3112 /*
3113 * Perform ddns updates.
3114 */
3115 oc = lookup_option(&server_universe, reply->opt_state,
3117 if ((oc == NULL) ||
3118 evaluate_boolean_option_cache(NULL, reply->packet,
3119 NULL, NULL,
3120 reply->packet->options,
3121 reply->opt_state,
3122 &tmp->scope,
3123 oc, MDL)) {
3124 ddns_updates(reply->packet, NULL, NULL,
3125 tmp, NULL, reply->opt_state);
3126 }
3127#endif
3128
3129 if (!reuse_lease6(reply, tmp)) {
3130 /* Commit 'hard' bindings. */
3131 must_commit = 1;
3132 renew_lease6(tmp->ipv6_pool, tmp);
3134
3135 /* Do our threshold check. */
3136 check_pool6_threshold(reply, tmp);
3137 }
3138 }
3139
3140 /* write the IA_TA in wire-format to the outbound buffer */
3141 write_to_packet(reply, ia_cursor);
3142
3143 /* Remove any old ia from the hash. */
3144 if (reply->old_ia != NULL) {
3145 if (!release_on_roam(reply)) {
3146 ia_id = &reply->old_ia->iaid_duid;
3147 ia_hash_delete(ia_ta_active,
3148 (unsigned char *)ia_id->data,
3149 ia_id->len, MDL);
3150 }
3151
3152 ia_dereference(&reply->old_ia, MDL);
3153 }
3154
3155 /* Put new ia into the hash. */
3156 reply->ia->cltt = cur_time;
3157 ia_id = &reply->ia->iaid_duid;
3158 ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3159 ia_id->len, reply->ia, MDL);
3160
3161 /* If we couldn't reuse all of the iasubopts, we
3162 * must update udpate the lease db */
3163 if (must_commit) {
3164 write_ia(reply->ia);
3165 }
3166 } else {
3167 /* write the IA_TA in wire-format to the outbound buffer */
3168 write_to_packet(reply, ia_cursor);
3169 schedule_lease_timeout_reply(reply);
3170 }
3171
3172 cleanup:
3173 if (packet_ia != NULL)
3174 option_state_dereference(&packet_ia, MDL);
3175 if (iaaddr.data != NULL)
3176 data_string_forget(&iaaddr, MDL);
3177 if (reply->reply_ia != NULL)
3178 option_state_dereference(&reply->reply_ia, MDL);
3179 if (ia_data.data != NULL)
3180 data_string_forget(&ia_data, MDL);
3181 if (data.data != NULL)
3183 if (reply->ia != NULL)
3184 ia_dereference(&reply->ia, MDL);
3185 if (reply->old_ia != NULL)
3186 ia_dereference(&reply->old_ia, MDL);
3187 if (reply->lease != NULL)
3188 iasubopt_dereference(&reply->lease, MDL);
3189
3190 /*
3191 * ISC_R_CANCELED is a status code used by the addr processing to
3192 * indicate we're replying with other addresses. This is still a
3193 * success at higher layers.
3194 */
3195 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3196}
3197/*
3198 * Determines if a lease (iasubopt) can be reused without extending it.
3199 * If dhcp-cache-threshold is greater than zero (i.e enabled) then
3200 * a lease may be reused without going through a full renewal if
3201 * it meets all the requirements. In short it must be active, younger
3202 * than the threshold, and not have DNS changes.
3203 *
3204 * If it is determined that it can be reused, that a call to
3205 * shorten_lifetimes() is made to reduce the valid and preferred lifetimes
3206 * sent to the client by the age of the lease.
3207 *
3208 * Returns 1 if lease can be reused, 0 otherwise
3209 */
3210int
3211reuse_lease6(struct reply_state *reply, struct iasubopt *lease) {
3212 int threshold = DEFAULT_CACHE_THRESHOLD;
3213 struct option_cache* oc = NULL;
3214 struct data_string d1;
3215 time_t age;
3216 time_t limit;
3217 int reuse_it = 0;
3218
3219 /* In order to even qualify for reuse consideration:
3220 * 1. Lease must be active
3221 * 2. It must have been accepted at least once
3222 * 3. DNS info must not have changed */
3223 if ((lease->state != FTS_ACTIVE) ||
3224 (lease->hard_lifetime_end_time == 0) ||
3225 (lease->ddns_cb != NULL)) {
3226 return (0);
3227 }
3228
3229 /* Look up threshold value */
3230 memset(&d1, 0, sizeof(struct data_string));
3231 oc = lookup_option(&server_universe, reply->opt_state,
3233 if (oc &&
3234 evaluate_option_cache(&d1, reply->packet, NULL, NULL,
3235 reply->packet->options, reply->opt_state,
3236 &lease->scope, oc, MDL)) {
3237 if (d1.len == 1 && (d1.data[0] < 100)) {
3238 threshold = d1.data[0];
3239 }
3240
3241 data_string_forget(&d1, MDL);
3242 }
3243
3244 if (threshold <= 0) {
3245 return (0);
3246 }
3247
3248 if (lease->valid >= MAX_TIME) {
3249 /* Infinite leases are always reused. We have to make
3250 * a choice because we cannot determine when they actually
3251 * began, so we either always reuse them or we never do. */
3252 log_debug ("reusing infinite lease for: %s%s",
3253 pin6_addr(&lease->addr), iasubopt_plen_str(lease));
3254 return (1);
3255 }
3256
3257 age = cur_tv.tv_sec - (lease->hard_lifetime_end_time - lease->valid);
3258 if (lease->valid <= (INT_MAX / threshold))
3259 limit = lease->valid * threshold / 100;
3260 else
3261 limit = lease->valid / 100 * threshold;
3262
3263 if (age < limit) {
3264 /* Reduce valid/preferred going to the client by age */
3265 shorten_lifetimes(reply, lease, age, threshold);
3266 reuse_it = 1;
3267 }
3268
3269 return (reuse_it);
3270}
3271
3272/*
3273 * Reduces the valid and preferred lifetimes for a given lease (iasubopt)
3274 *
3275 * We cannot determine until after a iasubopt has been added to
3276 * the reply if the lease can be reused. Therefore, when we do reuse a
3277 * lease we need a way to alter the lifetimes that will be sent to the client.
3278 * That's where this function comes in handy:
3279 *
3280 * Locate the iasubopt by it's address within the reply the reduce both
3281 * the preferred and valid lifetimes by the given number of seconds.
3282 *
3283 * Note that this function, by necessity, works directly with the
3284 * option_cache data. Sort of a no-no but I don't have any better ideas.
3285 */
3286void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
3287 time_t age, int threshold) {
3288 struct option_cache* oc = NULL;
3289 int subopt_type;
3290 int addr_offset;
3291 int pref_offset;
3292 int val_offset;
3293 int exp_length;
3294
3295 if (reply->ia->ia_type != D6O_IA_PD) {
3296 subopt_type = D6O_IAADDR;
3297 addr_offset = IASUBOPT_NA_ADDR_OFFSET;
3298 pref_offset = IASUBOPT_NA_PREF_OFFSET;
3299 val_offset = IASUBOPT_NA_VALID_OFFSET;
3300 exp_length = IASUBOPT_NA_LEN;
3301 }
3302 else {
3303 subopt_type = D6O_IAPREFIX;
3304 addr_offset = IASUBOPT_PD_PREFIX_OFFSET;
3305 pref_offset = IASUBOPT_PD_PREF_OFFSET;
3306 val_offset = IASUBOPT_PD_VALID_OFFSET;
3307 exp_length = IASUBOPT_PD_LEN;
3308 }
3309
3310 // loop through the iasubopts for the one that matches this lease
3311 oc = lookup_option(&dhcpv6_universe, reply->reply_ia, subopt_type);
3312 for (; oc != NULL ; oc = oc->next) {
3313 if (oc->data.data == NULL || oc->data.len != exp_length) {
3314 /* shouldn't happen */
3315 continue;
3316 }
3317
3318 /* If address matches (and for PDs the prefix len matches)
3319 * we assume this is our subopt, so update the lifetimes */
3320 if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) &&
3321 (subopt_type != D6O_IAPREFIX ||
3323 lease->plen))) {
3324 u_int32_t pref_life = getULong(oc->data.data +
3325 pref_offset);
3326 u_int32_t valid_life = getULong(oc->data.data +
3327 val_offset);
3328
3329 if (pref_life < MAX_TIME && pref_life > age) {
3330 pref_life -= age;
3331 putULong((unsigned char*)(oc->data.data) +
3332 pref_offset, pref_life);
3333
3334 if (reply->min_prefer > pref_life) {
3335 reply->min_prefer = pref_life;
3336 }
3337 }
3338
3339 if (valid_life < MAX_TIME && valid_life > age) {
3340 valid_life -= age;
3341 putULong((unsigned char*)(oc->data.data) +
3342 val_offset, valid_life);
3343
3344 if (reply->min_valid > reply->send_valid) {
3345 reply->min_valid = valid_life;
3346 }
3347 }
3348
3349 log_debug ("Reusing lease for: %s%s, "
3350 "age %ld secs < %d%%,"
3351 " sending shortened lifetimes -"
3352 " preferred: %u, valid %u",
3353 pin6_addr(&lease->addr),
3354 iasubopt_plen_str(lease),
3355 (long)age, threshold,
3356 pref_life, valid_life);
3357 break;
3358 }
3359 }
3360}
3361
3362/*
3363 * Verify the temporary address is available.
3364 */
3365static isc_boolean_t
3366temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3367 struct in6_addr tmp_addr;
3368 struct subnet *subnet;
3369 struct ipv6_pool *pool = NULL;
3370 struct ipv6_pond *pond = NULL;
3371 int i;
3372
3373 memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3374 /*
3375 * Clients may choose to send :: as an address, with the idea to give
3376 * hints about preferred-lifetime or valid-lifetime.
3377 * So this is not a request for this address.
3378 */
3379 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3380 return ISC_FALSE;
3381
3382 /*
3383 * Verify that this address is on the client's network.
3384 */
3385 for (subnet = reply->shared->subnets ; subnet != NULL ;
3387 if (addr_eq(subnet_number(*addr, subnet->netmask),
3388 subnet->net))
3389 break;
3390 }
3391
3392 /* Address not found on shared network. */
3393 if (subnet == NULL)
3394 return ISC_FALSE;
3395
3396 /*
3397 * Check if this address is owned (must be before next step).
3398 */
3399 if (address_is_owned(reply, addr))
3400 return ISC_TRUE;
3401
3402 /*
3403 * Verify that this address is in a temporary pool and try to get it.
3404 */
3405 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3406 if (((pond->prohibit_list != NULL) &&
3407 (permitted(reply->packet, pond->prohibit_list))) ||
3408 ((pond->permit_list != NULL) &&
3409 (!permitted(reply->packet, pond->permit_list))))
3410 continue;
3411
3412 for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3413 if (pool->pool_type != D6O_IA_TA)
3414 continue;
3415
3416 if (ipv6_in_pool(&tmp_addr, pool))
3417 break;
3418 }
3419
3420 if (pool != NULL)
3421 break;
3422 }
3423
3424 if (pool == NULL)
3425 return ISC_FALSE;
3426 if (lease6_exists(pool, &tmp_addr))
3427 return ISC_FALSE;
3428 if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3429 return ISC_FALSE;
3430 reply->lease->addr = tmp_addr;
3431 reply->lease->plen = 0;
3432 /* Default is soft binding for 2 minutes. */
3433 if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3434 return ISC_FALSE;
3435
3436 return ISC_TRUE;
3437}
3438
3439/*
3440 * Get a temporary address per prefix.
3441 */
3442static isc_result_t
3443find_client_temporaries(struct reply_state *reply) {
3444 int i;
3445 struct ipv6_pool *p = NULL;
3446 struct ipv6_pond *pond;
3447 isc_result_t status = ISC_R_NORESOURCES;;
3448 unsigned int attempts;
3449 struct iaddr send_addr;
3450
3451 /*
3452 * Do a quick walk through of the ponds and pools
3453 * to see if we have any prefix pools
3454 */
3455 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3456 if (pond->ipv6_pools == NULL)
3457 continue;
3458
3459 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3460 if (p->pool_type == D6O_IA_TA)
3461 break;
3462 }
3463 if (p != NULL)
3464 break;
3465 }
3466
3467 /* If we get here and p is NULL we have no useful pools */
3468 if (p == NULL) {
3469 log_debug("Unable to get client addresses: "
3470 "no IPv6 pools on this shared network");
3471 return ISC_R_NORESOURCES;
3472 }
3473
3474 /*
3475 * We have at least one pool that could provide an address
3476 * Now we walk through the ponds and pools again and check
3477 * to see if the client is permitted and if an address is
3478 * available
3479 */
3480
3481 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3482 if (((pond->prohibit_list != NULL) &&
3483 (permitted(reply->packet, pond->prohibit_list))) ||
3484 ((pond->permit_list != NULL) &&
3485 (!permitted(reply->packet, pond->permit_list))))
3486 continue;
3487
3488 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3489 if (p->pool_type != D6O_IA_TA) {
3490 continue;
3491 }
3492
3493 /*
3494 * Get an address in this temporary pool.
3495 */
3496 status = create_lease6(p, &reply->lease, &attempts,
3497 &reply->client_id,
3498 cur_time + 120);
3499
3500 if (status != ISC_R_SUCCESS) {
3501 log_debug("Unable to get a temporary address.");
3502 goto cleanup;
3503 }
3504
3505 status = reply_process_is_addressed(reply,
3506 &reply->lease->scope,
3507 pond->group);
3508 if (status != ISC_R_SUCCESS) {
3509 goto cleanup;
3510 }
3511 send_addr.len = 16;
3512 memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3513 status = reply_process_send_addr(reply, &send_addr);
3514 if (status != ISC_R_SUCCESS) {
3515 goto cleanup;
3516 }
3517 /*
3518 * reply->lease can't be null as we use it above
3519 * add check if that changes
3520 */
3521 iasubopt_dereference(&reply->lease, MDL);
3522 }
3523 }
3524
3525 cleanup:
3526 if (reply->lease != NULL) {
3527 iasubopt_dereference(&reply->lease, MDL);
3528 }
3529 return status;
3530}
3531
3532/*
3533 * This function only returns failure on 'hard' failures. If it succeeds,
3534 * it will leave a lease structure behind.
3535 */
3536static isc_result_t
3537reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3538 isc_result_t status = ISC_R_ADDRNOTAVAIL;
3539 struct ipv6_pool *pool = NULL;
3540 struct ipv6_pond *pond = NULL;
3541 int i;
3542 struct data_string data_addr;
3543
3544 if ((reply == NULL) || (reply->shared == NULL) ||
3545 (addr == NULL) || (reply->lease != NULL))
3546 return (DHCP_R_INVALIDARG);
3547
3548 /*
3549 * Do a quick walk through of the ponds and pools
3550 * to see if we have any NA address pools
3551 */
3552 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3553 if (pond->ipv6_pools == NULL)
3554 continue;
3555
3556 for (i = 0; ; i++) {
3557 pool = pond->ipv6_pools[i];
3558 if ((pool == NULL) ||
3559 (pool->pool_type == D6O_IA_NA))
3560 break;
3561 }
3562 if (pool != NULL)
3563 break;
3564 }
3565
3566 /* If we get here and p is NULL we have no useful pools */
3567 if (pool == NULL) {
3568 return (ISC_R_ADDRNOTAVAIL);
3569 }
3570
3571 memset(&data_addr, 0, sizeof(data_addr));
3572 data_addr.len = addr->len;
3573 data_addr.data = addr->iabuf;
3574
3575 /*
3576 * We have at least one pool that could provide an address
3577 * Now we walk through the ponds and pools again and check
3578 * to see if the client is permitted and if an address is
3579 * available
3580 *
3581 * Within a given pond we start looking at the last pool we
3582 * allocated from, unless it had a collision trying to allocate
3583 * an address. This will tend to move us into less-filled pools.
3584 */
3585
3586 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3587 if (((pond->prohibit_list != NULL) &&
3588 (permitted(reply->packet, pond->prohibit_list))) ||
3589 ((pond->permit_list != NULL) &&
3590 (!permitted(reply->packet, pond->permit_list))))
3591 continue;
3592
3593 for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3594 if (pool->pool_type != D6O_IA_NA)
3595 continue;
3596
3597 status = try_client_v6_address(&reply->lease, pool,
3598 &data_addr);
3599 if (status == ISC_R_SUCCESS)
3600 break;
3601 }
3602
3603 if (status == ISC_R_SUCCESS)
3604 break;
3605 }
3606
3607 /* Note that this is just pedantry. There is no allocation to free. */
3608 data_string_forget(&data_addr, MDL);
3609 /* Return just the most recent status... */
3610 return (status);
3611}
3612
3613/* Look around for an address to give the client. First, look through the
3614 * old IA for addresses we can extend. Second, try to allocate a new address.
3615 * Finally, actually add that address into the current reply IA.
3616 */
3617static isc_result_t
3618find_client_address(struct reply_state *reply) {
3619 struct iaddr send_addr;
3620 isc_result_t status = ISC_R_NORESOURCES;
3621 struct iasubopt *lease, *best_lease = NULL;
3622 struct binding_scope **scope;
3623 struct group *group;
3624 int i;
3625
3626 if (reply->static_lease) {
3627 if (reply->host == NULL)
3628 return DHCP_R_INVALIDARG;
3629
3630 send_addr.len = 16;
3631 memcpy(send_addr.iabuf, reply->fixed.data, 16);
3632
3633 scope = &global_scope;
3634 group = reply->subnet->group;
3635 goto send_addr;
3636 }
3637
3638 if (reply->old_ia != NULL) {
3639 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3640 struct shared_network *candidate_shared;
3641 struct ipv6_pond *pond;
3642
3643 lease = reply->old_ia->iasubopt[i];
3644 candidate_shared = lease->ipv6_pool->shared_network;
3645 pond = lease->ipv6_pool->ipv6_pond;
3646
3647 /*
3648 * Look for the best lease on the client's shared
3649 * network, that is still permitted
3650 */
3651
3652 if ((candidate_shared != reply->shared) ||
3654 continue;
3655
3656 if (((pond->prohibit_list != NULL) &&
3657 (permitted(reply->packet, pond->prohibit_list))) ||
3658 ((pond->permit_list != NULL) &&
3659 (!permitted(reply->packet, pond->permit_list))))
3660 continue;
3661
3662 best_lease = lease_compare(lease, best_lease);
3663 }
3664 }
3665
3666 /* Try to pick a new address if we didn't find one, or if we found an
3667 * abandoned lease.
3668 */
3669 if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3670 status = pick_v6_address(reply);
3671 } else if (best_lease != NULL) {
3672 iasubopt_reference(&reply->lease, best_lease, MDL);
3673 status = ISC_R_SUCCESS;
3674 }
3675
3676 /* Pick the abandoned lease as a last resort. */
3677 if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3678 /* I don't see how this is supposed to be done right now. */
3679 log_error("Best match for DUID %s is an abandoned address,"
3680 " This may be a result of multiple clients attempting"
3681 " to use this DUID",
3682 print_hex_1(reply->client_id.len,
3683 reply->client_id.data, 60));
3684 /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3685 }
3686
3687 /* Give up now if we didn't find a lease. */
3688 if (status != ISC_R_SUCCESS)
3689 return status;
3690
3691 if (reply->lease == NULL)
3692 log_fatal("Impossible condition at %s:%d.", MDL);
3693
3694 /* Draw binding scopes from the lease's binding scope, and config
3695 * from the lease's containing subnet and higher. Note that it may
3696 * be desirable to place the group attachment directly in the pool.
3697 */
3698 scope = &reply->lease->scope;
3699 group = reply->lease->ipv6_pool->ipv6_pond->group;
3700
3701 send_addr.len = 16;
3702 memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3703
3704 send_addr:
3705 status = reply_process_is_addressed(reply, scope, group);
3706 if (status != ISC_R_SUCCESS)
3707 return status;
3708
3709 status = reply_process_send_addr(reply, &send_addr);
3710 return status;
3711}
3712
3713/* Once an address is found for a client, perform several common functions;
3714 * Calculate and store valid and preferred lease times, draw client options
3715 * into the option state.
3716 */
3717static isc_result_t
3718reply_process_is_addressed(struct reply_state *reply,
3719 struct binding_scope **scope, struct group *group)
3720{
3721 isc_result_t status = ISC_R_SUCCESS;
3722 struct data_string data;
3723 struct option_cache *oc;
3724 struct option_state *tmp_options = NULL;
3725 struct on_star *on_star;
3726 int i;
3727
3728 /* Initialize values we will cleanup. */
3729 memset(&data, 0, sizeof(data));
3730
3731 /*
3732 * Find the proper on_star block to use. We use the
3733 * one in the lease if we have a lease or the one in
3734 * the reply if we don't have a lease because this is
3735 * a static instance
3736 */
3737 if (reply->lease) {
3738 on_star = &reply->lease->on_star;
3739 } else {
3740 on_star = &reply->on_star;
3741 }
3742
3743 /*
3744 * Bring in the root configuration. We only do this to bring
3745 * in the on * statements, as we didn't have the lease available
3746 * we did it the first time.
3747 */
3748 option_state_allocate(&tmp_options, MDL);
3749 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3750 reply->packet->options, tmp_options,
3751 &global_scope, root_group, NULL,
3752 on_star);
3753 if (tmp_options != NULL) {
3754 option_state_dereference(&tmp_options, MDL);
3755 }
3756
3757 /*
3758 * Bring configured options into the root packet level cache - start
3759 * with the lease's closest enclosing group (passed in by the caller
3760 * as 'group').
3761 */
3762 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3763 reply->packet->options, reply->opt_state,
3764 scope, group, root_group, on_star);
3765
3766 /* Execute statements from class scopes. */
3767 for (i = reply->packet->class_count; i > 0; i--) {
3768 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3769 reply->packet->options,
3770 reply->opt_state, scope,
3771 reply->packet->classes[i - 1]->group,
3772 group, on_star);
3773 }
3774
3775 /*
3776 * If there is a host record, over-ride with values configured there,
3777 * without re-evaluating configuration from the previously executed
3778 * group or its common enclosers.
3779 */
3780 if (reply->host != NULL)
3781 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3782 reply->packet->options,
3783 reply->opt_state, scope,
3784 reply->host->group, group,
3785 on_star);
3786
3787 /* Determine valid lifetime. */
3788 if (reply->client_valid == 0)
3789 reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3790 else
3791 reply->send_valid = reply->client_valid;
3792
3793 oc = lookup_option(&server_universe, reply->opt_state,
3795 if (oc != NULL) {
3796 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3797 reply->packet->options,
3798 reply->opt_state,
3799 scope, oc, MDL) ||
3800 (data.len != 4)) {
3801 log_error("reply_process_is_addressed: unable to "
3802 "evaluate default lease time");
3803 status = ISC_R_FAILURE;
3804 goto cleanup;
3805 }
3806
3807 reply->send_valid = getULong(data.data);
3808 data_string_forget(&data, MDL);
3809 }
3810
3811 /* Check to see if the lease time would cause us to wrap
3812 * in which case we make it infinite.
3813 * The following doesn't work on at least some systems:
3814 * (cur_time + reply->send_valid < cur_time)
3815 */
3816 if (reply->send_valid != INFINITE_TIME) {
3817 time_t test_time = cur_time + reply->send_valid;
3818 if (test_time < cur_time)
3819 reply->send_valid = INFINITE_TIME;
3820 }
3821
3822 if (reply->client_prefer == 0)
3823 reply->send_prefer = reply->send_valid;
3824 else
3825 reply->send_prefer = reply->client_prefer;
3826
3827 if ((reply->send_prefer >= reply->send_valid) &&
3828 (reply->send_valid != INFINITE_TIME))
3829 reply->send_prefer = (reply->send_valid / 2) +
3830 (reply->send_valid / 8);
3831
3832 oc = lookup_option(&server_universe, reply->opt_state,
3834 if (oc != NULL) {
3835 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3836 reply->packet->options,
3837 reply->opt_state,
3838 scope, oc, MDL) ||
3839 (data.len != 4)) {
3840 log_error("reply_process_is_addressed: unable to "
3841 "evaluate preferred lease time");
3842 status = ISC_R_FAILURE;
3843 goto cleanup;
3844 }
3845
3846 reply->send_prefer = getULong(data.data);
3847 data_string_forget(&data, MDL);
3848 }
3849
3850 /* Note lowest values for later calculation of renew/rebind times. */
3851 if (reply->min_prefer > reply->send_prefer)
3852 reply->min_prefer = reply->send_prefer;
3853
3854 if (reply->min_valid > reply->send_valid)
3855 reply->min_valid = reply->send_valid;
3856
3857#if 0
3858 /*
3859 * XXX: Old 4.0.0 alpha code would change the host {} record
3860 * XXX: uid upon lease assignment. This was intended to cover the
3861 * XXX: case where a client first identifies itself using vendor
3862 * XXX: options in a solicit, or request, but later neglects to include
3863 * XXX: these options in a Renew or Rebind. It is not clear that this
3864 * XXX: is required, and has some startling ramifications (such as
3865 * XXX: how to recover this dynamic host {} state across restarts).
3866 */
3867 if (reply->host != NULL)
3868 change_host_uid(host, reply->client_id->data,
3869 reply->client_id->len);
3870#endif /* 0 */
3871
3872 /* Perform dynamic lease related update work. */
3873 if (reply->lease != NULL) {
3874 /* Cached lifetimes */
3875 reply->lease->prefer = reply->send_prefer;
3876 reply->lease->valid = reply->send_valid;
3877
3878 /* Advance (or rewind) the valid lifetime.
3879 * In the protocol 0xFFFFFFFF is infinite
3880 * when connecting to the lease file MAX_TIME is
3881 */
3882 if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3883 if (reply->send_valid == INFINITE_TIME) {
3884 reply->lease->soft_lifetime_end_time = MAX_TIME;
3885 } else {
3886 reply->lease->soft_lifetime_end_time =
3887 cur_time + reply->send_valid;
3888 }
3889 /* Wait before renew! */
3890 }
3891
3892 status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3893 if (status != ISC_R_SUCCESS) {
3894 log_fatal("reply_process_is_addressed: Unable to "
3895 "attach lease to new IA: %s",
3896 isc_result_totext(status));
3897 }
3898
3899 /*
3900 * If this is a new lease, make sure it is attached somewhere.
3901 */
3902 if (reply->lease->ia == NULL) {
3903 ia_reference(&reply->lease->ia, reply->ia, MDL);
3904 }
3905 }
3906
3907 /* Bring a copy of the relevant options into the IA scope. */
3908 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3909 reply->packet->options, reply->reply_ia,
3910 scope, group, root_group, NULL);
3911
3912 /* Execute statements from class scopes. */
3913 for (i = reply->packet->class_count; i > 0; i--) {
3914 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3915 reply->packet->options,
3916 reply->reply_ia, scope,
3917 reply->packet->classes[i - 1]->group,
3918 group, NULL);
3919 }
3920
3921 /*
3922 * And bring in host record configuration, if any, but not to overlap
3923 * the previous group or its common enclosers.
3924 */
3925 if (reply->host != NULL)
3926 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3927 reply->packet->options,
3928 reply->reply_ia, scope,
3929 reply->host->group, group, NULL);
3930
3931 cleanup:
3932 if (data.data != NULL)
3933 data_string_forget(&data, MDL);
3934
3935 if (status == ISC_R_SUCCESS)
3936 reply->client_resources++;
3937
3938 return status;
3939}
3940
3941/* Simply send an IAADDR within the IA scope as described. */
3942static isc_result_t
3943reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3944 isc_result_t status = ISC_R_SUCCESS;
3945 struct data_string data;
3946
3947 memset(&data, 0, sizeof(data));
3948
3949 /* Now append the lease. */
3950 data.len = IAADDR_OFFSET;
3951 if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3952 log_error("reply_process_send_addr: out of memory"
3953 "allocating new IAADDR buffer.");
3954 status = ISC_R_NOMEMORY;
3955 goto cleanup;
3956 }
3957 data.data = data.buffer->data;
3958
3959 memcpy(data.buffer->data, addr->iabuf, 16);
3960 putULong(data.buffer->data + 16, reply->send_prefer);
3961 putULong(data.buffer->data + 20, reply->send_valid);
3962
3963 if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3964 data.buffer, data.buffer->data,
3965 data.len, D6O_IAADDR, 0)) {
3966 log_error("reply_process_send_addr: unable "
3967 "to save IAADDR option");
3968 status = ISC_R_FAILURE;
3969 goto cleanup;
3970 }
3971
3972 reply->resources_included = ISC_TRUE;
3973
3974 cleanup:
3975 if (data.data != NULL)
3977
3978 return status;
3979}
3980
3981/* Choose the better of two leases. */
3982static struct iasubopt *
3983lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3984 if (alpha == NULL)
3985 return beta;
3986 if (beta == NULL)
3987 return alpha;
3988
3989 switch(alpha->state) {
3990 case FTS_ACTIVE:
3991 switch(beta->state) {
3992 case FTS_ACTIVE:
3993 /* Choose the lease with the longest lifetime (most
3994 * likely the most recently allocated).
3995 */
3996 if (alpha->hard_lifetime_end_time <
3998 return beta;
3999 else
4000 return alpha;
4001
4002 case FTS_EXPIRED:
4003 case FTS_ABANDONED:
4004 return alpha;
4005
4006 default:
4007 log_fatal("Impossible condition at %s:%d.", MDL);
4008 }
4009 break;
4010
4011 case FTS_EXPIRED:
4012 switch (beta->state) {
4013 case FTS_ACTIVE:
4014 return beta;
4015
4016 case FTS_EXPIRED:
4017 /* Choose the most recently expired lease. */
4018 if (alpha->hard_lifetime_end_time <
4020 return beta;
4021 else if ((alpha->hard_lifetime_end_time ==
4022 beta->hard_lifetime_end_time) &&
4023 (alpha->soft_lifetime_end_time <
4025 return beta;
4026 else
4027 return alpha;
4028
4029 case FTS_ABANDONED:
4030 return alpha;
4031
4032 default:
4033 log_fatal("Impossible condition at %s:%d.", MDL);
4034 }
4035 break;
4036
4037 case FTS_ABANDONED:
4038 switch (beta->state) {
4039 case FTS_ACTIVE:
4040 case FTS_EXPIRED:
4041 return alpha;
4042
4043 case FTS_ABANDONED:
4044 /* Choose the lease that was abandoned longest ago. */
4045 if (alpha->hard_lifetime_end_time <
4047 return alpha;
4048 else
4049 return beta;
4050
4051 default:
4052 log_fatal("Impossible condition at %s:%d.", MDL);
4053 }
4054 break;
4055
4056 default:
4057 log_fatal("Impossible condition at %s:%d.", MDL);
4058 }
4059
4060 log_fatal("Triple impossible condition at %s:%d.", MDL);
4061 return NULL;
4062}
4063
4064/* Process a client-supplied IA_PD. This may append options to the tail of
4065 * the reply packet being built in the reply_state structure.
4066 */
4067static isc_result_t
4068reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
4069 isc_result_t status = ISC_R_SUCCESS;
4070 u_int32_t iaid;
4071 unsigned ia_cursor;
4072 struct option_state *packet_ia;
4073 struct option_cache *oc;
4074 struct data_string ia_data, data;
4075
4076 /* Initialize values that will get cleaned up on return. */
4077 packet_ia = NULL;
4078 memset(&ia_data, 0, sizeof(ia_data));
4079 memset(&data, 0, sizeof(data));
4080 /*
4081 * Note that find_client_prefix() may set reply->lease.
4082 */
4083
4084 /* Make sure there is at least room for the header. */
4085 if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
4086 log_error("reply_process_ia_pd: Reply too long for IA.");
4087 return ISC_R_NOSPACE;
4088 }
4089
4090
4091 /* Fetch the IA_PD contents. */
4092 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
4093 ia, IA_PD_OFFSET)) {
4094 log_error("reply_process_ia_pd: error evaluating ia");
4095 status = ISC_R_FAILURE;
4096 goto cleanup;
4097 }
4098
4099 /* Extract IA_PD header contents. */
4100 iaid = getULong(ia_data.data);
4101 reply->renew = getULong(ia_data.data + 4);
4102 reply->rebind = getULong(ia_data.data + 8);
4103
4104 /* Create an IA_PD structure. */
4105 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
4106 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
4107 log_error("reply_process_ia_pd: no memory for ia.");
4108 status = ISC_R_NOMEMORY;
4109 goto cleanup;
4110 }
4111 reply->ia->ia_type = D6O_IA_PD;
4112
4113 /* Cache pre-existing IA_PD, if any. */
4114 ia_hash_lookup(&reply->old_ia, ia_pd_active,
4115 (unsigned char *)reply->ia->iaid_duid.data,
4116 reply->ia->iaid_duid.len, MDL);
4117
4118 /*
4119 * Create an option cache to carry the IA_PD option contents, and
4120 * execute any user-supplied values into it.
4121 */
4122 if (!option_state_allocate(&reply->reply_ia, MDL)) {
4123 status = ISC_R_NOMEMORY;
4124 goto cleanup;
4125 }
4126
4127 /* Check & count the fixed prefix host records. */
4128 reply->static_prefixes = 0;
4129 if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
4130 struct iaddrcidrnetlist *fp;
4131
4132 for (fp = reply->host->fixed_prefix; fp != NULL;
4133 fp = fp->next) {
4134 reply->static_prefixes += 1;
4135 }
4136 }
4137
4138 /*
4139 * Save the cursor position at the start of the IA_PD, so we can
4140 * set length and adjust t1/t2 values later. We write a temporary
4141 * header out now just in case we decide to adjust the packet
4142 * within sub-process functions.
4143 */
4144 ia_cursor = reply->cursor;
4145
4146 /* Initialize the IA_PD header. First the code. */
4147 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
4148 reply->cursor += 2;
4149
4150 /* Then option length. */
4151 putUShort(reply->buf.data + reply->cursor, 0x0Cu);
4152 reply->cursor += 2;
4153
4154 /* Then IA_PD header contents; IAID. */
4155 putULong(reply->buf.data + reply->cursor, iaid);
4156 reply->cursor += 4;
4157
4158 /* We store the client's t1 for now, and may over-ride it later. */
4159 putULong(reply->buf.data + reply->cursor, reply->renew);
4160 reply->cursor += 4;
4161
4162 /* We store the client's t2 for now, and may over-ride it later. */
4163 putULong(reply->buf.data + reply->cursor, reply->rebind);
4164 reply->cursor += 4;
4165
4166 /*
4167 * For each prefix in this IA_PD, decide what to do about it.
4168 */
4169 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
4170 reply->min_valid = reply->min_prefer = INFINITE_TIME;
4171 reply->client_valid = reply->client_prefer = 0;
4172 reply->preflen = -1;
4173 for (; oc != NULL ; oc = oc->next) {
4174 status = reply_process_prefix(reply, oc);
4175
4176 /*
4177 * Canceled means we did not allocate prefixes to the
4178 * client, but we're "done" with this IA - we set a status
4179 * code. So transmit this reply, e.g., move on to the next
4180 * IA.
4181 */
4182 if (status == ISC_R_CANCELED)
4183 break;
4184
4185 if ((status != ISC_R_SUCCESS) &&
4186 (status != ISC_R_ADDRINUSE) &&
4187 (status != ISC_R_ADDRNOTAVAIL))
4188 goto cleanup;
4189 }
4190
4191 reply->pd_count++;
4192
4193 /*
4194 * If we fell through the above and never gave the client
4195 * a prefix, give it one now.
4196 */
4197 if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
4198 status = find_client_prefix(reply);
4199
4200 if (status == ISC_R_NORESOURCES) {
4201 switch (reply->packet->dhcpv6_msg_type) {
4202 case DHCPV6_SOLICIT:
4203 /*
4204 * No prefix for any IA is handled
4205 * by the caller.
4206 */
4207 /* FALL THROUGH */
4208
4209 case DHCPV6_REQUEST:
4210 /* Same than for addresses. */
4211 option_state_dereference(&reply->reply_ia, MDL);
4212 if (!option_state_allocate(&reply->reply_ia,
4213 MDL))
4214 {
4215 log_error("reply_process_ia_pd: No "
4216 "memory for option state "
4217 "wipe.");
4218 status = ISC_R_NOMEMORY;
4219 goto cleanup;
4220 }
4221
4222 if (!set_status_code(STATUS_NoPrefixAvail,
4223 "No prefixes available "
4224 "for this interface.",
4225 reply->reply_ia)) {
4226 log_error("reply_process_ia_pd: "
4227 "Unable to set "
4228 "NoPrefixAvail status "
4229 "code.");
4230 status = ISC_R_FAILURE;
4231 goto cleanup;
4232 }
4233
4234 status = ISC_R_SUCCESS;
4235 break;
4236
4237 default:
4238 if (reply->resources_included)
4239 status = ISC_R_SUCCESS;
4240 else
4241 goto cleanup;
4242 break;
4243 }
4244 }
4245
4246 if (status != ISC_R_SUCCESS)
4247 goto cleanup;
4248 }
4249
4250 /*
4251 * yes, goto's aren't the best but we also want to avoid extra
4252 * indents
4253 */
4254 if (status == ISC_R_CANCELED) {
4255 /* We're replying with a status code so we still need to
4256 * write it out in wire-format to the outbound buffer */
4257 write_to_packet(reply, ia_cursor);
4258 goto cleanup;
4259 }
4260
4261 /*
4262 * Handle static prefixes, we always log stuff and if it's
4263 * a hard binding we run any commit statements that we have
4264 */
4265 if (reply->static_prefixes != 0) {
4266 char tmp_addr[INET6_ADDRSTRLEN];
4267 log_info("%s PD: address %s/%d to client with duid %s "
4268 "iaid = %d static",
4269 dhcpv6_type_names[reply->buf.reply.msg_type],
4270 inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
4271 tmp_addr, sizeof(tmp_addr)),
4272 reply->fixed_pref.bits,
4273 print_hex_1(reply->client_id.len,
4274 reply->client_id.data, 60),
4275 iaid);
4276
4277 /* Write the lease out in wire-format to the outbound buffer */
4278 write_to_packet(reply, ia_cursor);
4279
4280 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4281 (reply->on_star.on_commit != NULL)) {
4282 execute_statements(NULL, reply->packet, NULL, NULL,
4283 reply->packet->options,
4284 reply->opt_state,
4285 NULL, reply->on_star.on_commit,
4286 NULL);
4288 (&reply->on_star.on_commit, MDL);
4289 }
4290 goto cleanup;
4291 }
4292
4293 /*
4294 * If we have any addresses log what we are doing.
4295 */
4296 if (reply->ia->num_iasubopt != 0) {
4297 struct iasubopt *tmp;
4298 int i;
4299 char tmp_addr[INET6_ADDRSTRLEN];
4300
4301 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4302 tmp = reply->ia->iasubopt[i];
4303
4304 log_info("%s PD: address %s/%d to client with duid %s"
4305 " iaid = %d valid for %u seconds",
4306 dhcpv6_type_names[reply->buf.reply.msg_type],
4307 inet_ntop(AF_INET6, &tmp->addr,
4308 tmp_addr, sizeof(tmp_addr)),
4309 (int)tmp->plen,
4310 print_hex_1(reply->client_id.len,
4311 reply->client_id.data, 60),
4312 iaid, tmp->valid);
4313 }
4314 }
4315
4316 /*
4317 * If this is not a 'soft' binding, consume the new changes into
4318 * the database (if any have been attached to the ia_pd).
4319 *
4320 * Loop through the assigned dynamic prefixes, referencing the
4321 * prefixes onto this IA_PD rather than any old ones, and updating
4322 * prefix pool timers for each (if any).
4323 *
4324 * If a lease can be reused we skip renewing it or checking the
4325 * pool threshold. If it can't we flag that the IA must be commited
4326 * to the db and do the renewal and pool check.
4327 */
4328 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4329 (reply->ia->num_iasubopt != 0)) {
4330 int must_commit = 0;
4331 struct iasubopt *tmp;
4332 struct data_string *ia_id;
4333 int i;
4334
4335 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4336 tmp = reply->ia->iasubopt[i];
4337
4338 if (tmp->ia != NULL)
4339 ia_dereference(&tmp->ia, MDL);
4340 ia_reference(&tmp->ia, reply->ia, MDL);
4341
4342 /* If we have anything to do on commit do it now */
4343 if (tmp->on_star.on_commit != NULL) {
4344 execute_statements(NULL, reply->packet,
4345 NULL, NULL,
4346 reply->packet->options,
4347 reply->opt_state,
4348 &tmp->scope,
4349 tmp->on_star.on_commit,
4350 &tmp->on_star);
4352 (&tmp->on_star.on_commit, MDL);
4353 }
4354
4355 if (!reuse_lease6(reply, tmp)) {
4356 /* Commit 'hard' bindings. */
4357 must_commit = 1;
4358 renew_lease6(tmp->ipv6_pool, tmp);
4360
4361 /* Do our threshold check. */
4362 check_pool6_threshold(reply, tmp);
4363 }
4364 }
4365
4366 /* write the IA_PD in wire-format to the outbound buffer */
4367 write_to_packet(reply, ia_cursor);
4368
4369 /* Remove any old ia from the hash. */
4370 if (reply->old_ia != NULL) {
4371 if (!release_on_roam(reply)) {
4372 ia_id = &reply->old_ia->iaid_duid;
4373 ia_hash_delete(ia_pd_active,
4374 (unsigned char *)ia_id->data,
4375 ia_id->len, MDL);
4376 }
4377
4378 ia_dereference(&reply->old_ia, MDL);
4379 }
4380
4381 /* Put new ia into the hash. */
4382 reply->ia->cltt = cur_time;
4383 ia_id = &reply->ia->iaid_duid;
4384 ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4385 ia_id->len, reply->ia, MDL);
4386
4387 /* If we couldn't reuse all of the iasubopts, we
4388 * must udpate the lease db */
4389 if (must_commit) {
4390 write_ia(reply->ia);
4391 }
4392 } else {
4393 /* write the IA_PD in wire-format to the outbound buffer */
4394 write_to_packet(reply, ia_cursor);
4395 schedule_lease_timeout_reply(reply);
4396 }
4397
4398 cleanup:
4399 if (packet_ia != NULL)
4400 option_state_dereference(&packet_ia, MDL);
4401 if (reply->reply_ia != NULL)
4402 option_state_dereference(&reply->reply_ia, MDL);
4403 if (ia_data.data != NULL)
4404 data_string_forget(&ia_data, MDL);
4405 if (data.data != NULL)
4407 if (reply->ia != NULL)
4408 ia_dereference(&reply->ia, MDL);
4409 if (reply->old_ia != NULL)
4410 ia_dereference(&reply->old_ia, MDL);
4411 if (reply->lease != NULL)
4412 iasubopt_dereference(&reply->lease, MDL);
4413 if (reply->on_star.on_expiry != NULL)
4415 (&reply->on_star.on_expiry, MDL);
4416 if (reply->on_star.on_release != NULL)
4418 (&reply->on_star.on_release, MDL);
4419
4420 /*
4421 * ISC_R_CANCELED is a status code used by the prefix processing to
4422 * indicate we're replying with a status code. This is still a
4423 * success at higher layers.
4424 */
4425 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4426}
4427
4446
4447static struct group *
4448find_group_by_prefix(struct reply_state *reply) {
4449 /* default group if we don't find anything better */
4450 struct group *group = reply->shared->group;
4451 struct subnet *subnet = NULL;
4452 struct iaddr tmp_addr;
4453 struct data_string fixed_addr;
4454
4455 /* Try with the prefix first */
4456 if (find_grouped_subnet(&subnet, reply->shared,
4457 reply->fixed_pref.lo_addr, MDL) != 0) {
4458 group = subnet->group;
4459 subnet_dereference(&subnet, MDL);
4460 return (group);
4461 }
4462
4463 /* Didn't find a subnet via prefix, what about fixed address */
4464 /* The caller has already tested reply->host != NULL */
4465
4466 memset(&fixed_addr, 0, sizeof(fixed_addr));
4467
4468 if ((reply->host->fixed_addr != NULL) &&
4469 (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4470 NULL, NULL, &global_scope,
4471 reply->host->fixed_addr, MDL))) {
4472 if (fixed_addr.len >= 16) {
4473 tmp_addr.len = 16;
4474 memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4475 if (find_grouped_subnet(&subnet, reply->shared,
4476 tmp_addr, MDL) != 0) {
4477 group = subnet->group;
4478 subnet_dereference(&subnet, MDL);
4479 }
4480 }
4481 data_string_forget(&fixed_addr, MDL);
4482 }
4483
4484 /* return whatever we got */
4485 return (group);
4486}
4487
4488/*
4489 * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4490 * contents into the reply's current ia_pd-scoped option cache. Returns
4491 * ISC_R_CANCELED in the event we are replying with a status code and do
4492 * not wish to process more IAPREFIXes within this IA_PD.
4493 */
4494static isc_result_t
4495reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4496 u_int32_t pref_life, valid_life;
4497 struct binding_scope **scope;
4498 struct iaddrcidrnet tmp_pref;
4499 struct option_cache *oc;
4500 struct data_string iapref, data;
4501 isc_result_t status = ISC_R_SUCCESS;
4502 struct group *group;
4503
4504 /* Initializes values that will be cleaned up. */
4505 memset(&iapref, 0, sizeof(iapref));
4506 memset(&data, 0, sizeof(data));
4507 /* Note that reply->lease may be set by prefix_is_owned() */
4508
4509 /*
4510 * There is no point trying to process an incoming prefix if there
4511 * is no room for an outgoing prefix.
4512 */
4513 if ((reply->cursor + 29) > sizeof(reply->buf)) {
4514 log_error("reply_process_prefix: Out of room for prefix.");
4515 return ISC_R_NOSPACE;
4516 }
4517
4518 /* Extract this IAPREFIX option. */
4519 if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4520 reply->packet->options, NULL, &global_scope,
4521 pref, MDL) ||
4522 (iapref.len < IAPREFIX_OFFSET)) {
4523 log_error("reply_process_prefix: error evaluating IAPREFIX.");
4524 status = ISC_R_FAILURE;
4525 goto cleanup;
4526 }
4527
4528 /*
4529 * Layout: preferred and valid lifetimes followed by the prefix
4530 * length and the IPv6 address.
4531 */
4532 pref_life = getULong(iapref.data);
4533 valid_life = getULong(iapref.data + 4);
4534
4535 if ((reply->client_valid == 0) ||
4536 (reply->client_valid > valid_life))
4537 reply->client_valid = valid_life;
4538
4539 if ((reply->client_prefer == 0) ||
4540 (reply->client_prefer > pref_life))
4541 reply->client_prefer = pref_life;
4542
4543 /*
4544 * Clients may choose to send ::/0 as a prefix, with the idea to give
4545 * hints about preferred-lifetime or valid-lifetime.
4546 */
4547 tmp_pref.lo_addr.len = 16;
4548 memset(tmp_pref.lo_addr.iabuf, 0, 16);
4549 if ((iapref.data[8] == 0) &&
4550 (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4551 /* Status remains success; we just ignore this one. */
4552 goto cleanup;
4553 }
4554
4555 /*
4556 * Clients may choose to send ::/X as a prefix to specify a
4557 * preferred/requested prefix length. Note X is never zero here.
4558 */
4559 tmp_pref.bits = (int) iapref.data[8];
4560 if (reply->preflen < 0) {
4561 /* Cache the first preferred prefix length. */
4562 reply->preflen = tmp_pref.bits;
4563 }
4564 if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4565 goto cleanup;
4566 }
4567
4568 memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4569
4570 /* Verify the prefix belongs to the client. */
4571 if (!prefix_is_owned(reply, &tmp_pref)) {
4572 /* Same than for addresses. */
4573 if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4574 (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4575 (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4576 status = reply_process_try_prefix(reply, &tmp_pref);
4577
4578 /* Either error out or skip this prefix. */
4579 if ((status != ISC_R_SUCCESS) &&
4580 (status != ISC_R_ADDRINUSE) &&
4581 (status != ISC_R_ADDRNOTAVAIL))
4582 goto cleanup;
4583
4584 if (reply->lease == NULL) {
4585 if (reply->packet->dhcpv6_msg_type ==
4586 DHCPV6_REBIND) {
4587 reply->send_prefer = 0;
4588 reply->send_valid = 0;
4589 goto send_pref;
4590 }
4591
4592 /* status remains success - ignore */
4593 goto cleanup;
4594 }
4595 /*
4596 * RFC3633 section 18.2.3:
4597 *
4598 * If the delegating router cannot find a binding
4599 * for the requesting router's IA_PD the delegating
4600 * router returns the IA_PD containing no prefixes
4601 * with a Status Code option set to NoBinding in the
4602 * Reply message.
4603 *
4604 * On mismatch we (ab)use this pretending we have not the IA
4605 * as soon as we have not a prefix.
4606 */
4607 } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4608 /* Rewind the IA_PD to empty. */
4609 option_state_dereference(&reply->reply_ia, MDL);
4610 if (!option_state_allocate(&reply->reply_ia, MDL)) {
4611 log_error("reply_process_prefix: No memory "
4612 "for option state wipe.");
4613 status = ISC_R_NOMEMORY;
4614 goto cleanup;
4615 }
4616
4617 /* Append a NoBinding status code. */
4618 if (!set_status_code(STATUS_NoBinding,
4619 "Prefix not bound to this "
4620 "interface.", reply->reply_ia)) {
4621 log_error("reply_process_prefix: Unable to "
4622 "attach status code.");
4623 status = ISC_R_FAILURE;
4624 goto cleanup;
4625 }
4626
4627 /* Fin (no more IAPREFIXes). */
4628 status = ISC_R_CANCELED;
4629 goto cleanup;
4630 } else {
4631 log_error("It is impossible to lease a client that is "
4632 "not sending a solicit, request, renew, or "
4633 "rebind message.");
4634 status = ISC_R_FAILURE;
4635 goto cleanup;
4636 }
4637 }
4638
4639 if (reply->static_prefixes > 0) {
4640 if (reply->host == NULL)
4641 log_fatal("Impossible condition at %s:%d.", MDL);
4642
4643 scope = &global_scope;
4644
4645 /* Copy the static prefix for logging and finding the group */
4646 memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4647
4648 /* Try to find a group for the static prefix */
4649 group = find_group_by_prefix(reply);
4650 } else {
4651 if (reply->lease == NULL)
4652 log_fatal("Impossible condition at %s:%d.", MDL);
4653
4654 scope = &reply->lease->scope;
4655 group = reply->lease->ipv6_pool->ipv6_pond->group;
4656 }
4657
4658 /*
4659 * If client_resources is nonzero, then the reply_process_is_prefixed
4660 * function has executed configuration state into the reply option
4661 * cache. We will use that valid cache to derive configuration for
4662 * whether or not to engage in additional prefixes, and similar.
4663 */
4664 if (reply->client_resources != 0) {
4665 unsigned limit = 1;
4666
4667 /*
4668 * Does this client have "enough" prefixes already? Default
4669 * to one. Everybody gets one, and one should be enough for
4670 * anybody.
4671 */
4672 oc = lookup_option(&server_universe, reply->opt_state,
4674 if (oc != NULL) {
4675 if (!evaluate_option_cache(&data, reply->packet,
4676 NULL, NULL,
4677 reply->packet->options,
4678 reply->opt_state,
4679 scope, oc, MDL) ||
4680 (data.len != 4)) {
4681 log_error("reply_process_prefix: unable to "
4682 "evaluate prefs-per-ia value.");
4683 status = ISC_R_FAILURE;
4684 goto cleanup;
4685 }
4686
4687 limit = getULong(data.data);
4688 data_string_forget(&data, MDL);
4689 }
4690
4691 /*
4692 * If we wish to limit the client to a certain number of
4693 * prefixes, then omit the prefix from the reply.
4694 */
4695 if (reply->client_resources >= limit)
4696 goto cleanup;
4697 }
4698
4699 status = reply_process_is_prefixed(reply, scope, group);
4700 if (status != ISC_R_SUCCESS)
4701 goto cleanup;
4702
4703 send_pref:
4704 status = reply_process_send_prefix(reply, &tmp_pref);
4705
4706 cleanup:
4707 if (iapref.data != NULL)
4708 data_string_forget(&iapref, MDL);
4709 if (data.data != NULL)
4710 data_string_forget(&data, MDL);
4711 if (reply->lease != NULL)
4712 iasubopt_dereference(&reply->lease, MDL);
4713
4714 return status;
4715}
4716
4717/*
4718 * Verify the prefix belongs to the client. If we've got a host
4719 * record with fixed prefixes, it has to be an assigned prefix
4720 * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4721 * that prefix and make sure it belongs to this DUID:IAID pair.
4722 */
4723static isc_boolean_t
4724prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4725 struct iaddrcidrnetlist *l;
4726 int i;
4727 struct ipv6_pond *pond;
4728
4729 /*
4730 * This faults out prefixes that don't match fixed prefixes.
4731 */
4732 if (reply->static_prefixes > 0) {
4733 for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4734 if ((pref->bits == l->cidrnet.bits) &&
4735 (memcmp(pref->lo_addr.iabuf,
4736 l->cidrnet.lo_addr.iabuf, 16) == 0))
4737 return (ISC_TRUE);
4738 }
4739 return (ISC_FALSE);
4740 }
4741
4742 if ((reply->old_ia == NULL) ||
4743 (reply->old_ia->num_iasubopt == 0))
4744 return (ISC_FALSE);
4745
4746 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4747 struct iasubopt *tmp;
4748
4749 tmp = reply->old_ia->iasubopt[i];
4750
4751 if ((pref->bits == (int) tmp->plen) &&
4752 (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4753 if (lease6_usable(tmp) == ISC_FALSE) {
4754 return (ISC_FALSE);
4755 }
4756
4757 pond = tmp->ipv6_pool->ipv6_pond;
4758 if (((pond->prohibit_list != NULL) &&
4759 (permitted(reply->packet, pond->prohibit_list))) ||
4760 ((pond->permit_list != NULL) &&
4761 (!permitted(reply->packet, pond->permit_list))))
4762 return (ISC_FALSE);
4763
4764 iasubopt_reference(&reply->lease, tmp, MDL);
4765 return (ISC_TRUE);
4766 }
4767 }
4768
4769 return (ISC_FALSE);
4770}
4771
4772/*
4773 * This function only returns failure on 'hard' failures. If it succeeds,
4774 * it will leave a prefix structure behind.
4775 */
4776static isc_result_t
4777reply_process_try_prefix(struct reply_state *reply,
4778 struct iaddrcidrnet *pref) {
4779 isc_result_t status = ISC_R_ADDRNOTAVAIL;
4780 struct ipv6_pool *pool = NULL;
4781 struct ipv6_pond *pond = NULL;
4782 int i;
4783 struct data_string data_pref;
4784
4785 if ((reply == NULL) || (reply->shared == NULL) ||
4786 (pref == NULL) || (reply->lease != NULL))
4787 return (DHCP_R_INVALIDARG);
4788
4789 /*
4790 * Do a quick walk through of the ponds and pools
4791 * to see if we have any prefix pools
4792 */
4793 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4794 if (pond->ipv6_pools == NULL)
4795 continue;
4796
4797 for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4798 if (pool->pool_type == D6O_IA_PD)
4799 break;
4800 }
4801 if (pool != NULL)
4802 break;
4803 }
4804
4805 /* If we get here and p is NULL we have no useful pools */
4806 if (pool == NULL) {
4807 return (ISC_R_ADDRNOTAVAIL);
4808 }
4809
4810 memset(&data_pref, 0, sizeof(data_pref));
4811 data_pref.len = 17;
4812 if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4813 log_error("reply_process_try_prefix: out of memory.");
4814 return (ISC_R_NOMEMORY);
4815 }
4816 data_pref.data = data_pref.buffer->data;
4817 data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4818 memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4819
4820 /*
4821 * We have at least one pool that could provide a prefix
4822 * Now we walk through the ponds and pools again and check
4823 * to see if the client is permitted and if an prefix is
4824 * available
4825 *
4826 */
4827
4828 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4829 if (((pond->prohibit_list != NULL) &&
4830 (permitted(reply->packet, pond->prohibit_list))) ||
4831 ((pond->permit_list != NULL) &&
4832 (!permitted(reply->packet, pond->permit_list))))
4833 continue;
4834
4835 for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4836 if (pool->pool_type != D6O_IA_PD) {
4837 continue;
4838 }
4839
4840 status = try_client_v6_prefix(&reply->lease, pool,
4841 &data_pref);
4842 /* If we found it in this pool (either in use or available),
4843 there is no need to look further. */
4844 if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4845 break;
4846 }
4847 if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4848 break;
4849 }
4850
4851 data_string_forget(&data_pref, MDL);
4852 /* Return just the most recent status... */
4853 return (status);
4854}
4855
4856/* Look around for a prefix to give the client. First, look through the old
4857 * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4858 * Finally, actually add that prefix into the current reply IA_PD.
4859 */
4860static isc_result_t
4861find_client_prefix(struct reply_state *reply) {
4862 struct iaddrcidrnet send_pref;
4863 isc_result_t status = ISC_R_NORESOURCES;
4864 struct iasubopt *prefix, *best_prefix = NULL;
4865 struct binding_scope **scope;
4866 int i;
4867 struct group *group;
4868
4869 if (reply->static_prefixes > 0) {
4870 struct iaddrcidrnetlist *l;
4871
4872 if (reply->host == NULL)
4873 return DHCP_R_INVALIDARG;
4874
4875 for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4876 if (l->cidrnet.bits == reply->preflen)
4877 break;
4878 }
4879 if (l == NULL) {
4880 /*
4881 * If no fixed prefix has the preferred length,
4882 * get the first one.
4883 */
4884 l = reply->host->fixed_prefix;
4885 }
4886 memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4887
4888 scope = &global_scope;
4889
4890 /* Copy the prefix for logging purposes */
4891 memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4892
4893 /* Try to find a group for the static prefix */
4894 group = find_group_by_prefix(reply);
4895
4896 goto send_pref;
4897 }
4898
4899 if (reply->old_ia != NULL) {
4900 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4901 struct shared_network *candidate_shared;
4902 struct ipv6_pond *pond;
4903
4904 prefix = reply->old_ia->iasubopt[i];
4905 candidate_shared = prefix->ipv6_pool->shared_network;
4906 pond = prefix->ipv6_pool->ipv6_pond;
4907
4908 /*
4909 * Consider this prefix if it is in a global pool or
4910 * if it is scoped in a pool under the client's shared
4911 * network.
4912 */
4913 if (((candidate_shared != NULL) &&
4914 (candidate_shared != reply->shared)) ||
4915 (lease6_usable(prefix) != ISC_TRUE))
4916 continue;
4917
4918 /*
4919 * And check if the prefix is still permitted
4920 */
4921
4922 if (((pond->prohibit_list != NULL) &&
4923 (permitted(reply->packet, pond->prohibit_list))) ||
4924 ((pond->permit_list != NULL) &&
4925 (!permitted(reply->packet, pond->permit_list))))
4926 continue;
4927
4928 best_prefix = prefix_compare(reply, prefix,
4929 best_prefix);
4930 }
4931
4932 /*
4933 * If we have prefix length hint and we're not igoring them,
4934 * then toss the best match if it doesn't match the hint,
4935 * unless this is in response to a rebind. In the latter
4936 * case we're supposed to return it with zero lifetimes.
4937 * (See rt45780) */
4938 if (best_prefix && (reply->preflen > 0)
4940 && (reply->preflen != best_prefix->plen)
4941 && (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
4942 best_prefix = NULL;
4943 }
4944 }
4945
4946 /* Try to pick a new prefix if we didn't find one, or if we found an
4947 * abandoned prefix.
4948 */
4949 if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4950 status = pick_v6_prefix(reply);
4951 } else if (best_prefix != NULL) {
4952 iasubopt_reference(&reply->lease, best_prefix, MDL);
4953 status = ISC_R_SUCCESS;
4954 }
4955
4956 /* Pick the abandoned prefix as a last resort. */
4957 if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4958 /* I don't see how this is supposed to be done right now. */
4959 log_error("Reclaiming abandoned prefixes is not yet "
4960 "supported. Treating this as an out of space "
4961 "condition.");
4962 /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4963 }
4964
4965 /* Give up now if we didn't find a prefix. */
4966 if (status != ISC_R_SUCCESS)
4967 return status;
4968
4969 if (reply->lease == NULL)
4970 log_fatal("Impossible condition at %s:%d.", MDL);
4971
4972 scope = &reply->lease->scope;
4973 group = reply->lease->ipv6_pool->ipv6_pond->group;
4974
4975 send_pref.lo_addr.len = 16;
4976 memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4977 send_pref.bits = (int) reply->lease->plen;
4978
4979 send_pref:
4980 status = reply_process_is_prefixed(reply, scope, group);
4981 if (status != ISC_R_SUCCESS)
4982 return status;
4983
4984 status = reply_process_send_prefix(reply, &send_pref);
4985 return status;
4986}
4987
4988/* Once a prefix is found for a client, perform several common functions;
4989 * Calculate and store valid and preferred prefix times, draw client options
4990 * into the option state.
4991 */
4992static isc_result_t
4993reply_process_is_prefixed(struct reply_state *reply,
4994 struct binding_scope **scope, struct group *group)
4995{
4996 isc_result_t status = ISC_R_SUCCESS;
4997 struct data_string data;
4998 struct option_cache *oc;
4999 struct option_state *tmp_options = NULL;
5000 struct on_star *on_star;
5001 int i;
5002
5003 /* Initialize values we will cleanup. */
5004 memset(&data, 0, sizeof(data));
5005
5006 /*
5007 * Find the proper on_star block to use. We use the
5008 * one in the lease if we have a lease or the one in
5009 * the reply if we don't have a lease because this is
5010 * a static instance
5011 */
5012 if (reply->lease) {
5013 on_star = &reply->lease->on_star;
5014 } else {
5015 on_star = &reply->on_star;
5016 }
5017
5018 /*
5019 * Bring in the root configuration. We only do this to bring
5020 * in the on * statements, as we didn't have the lease available
5021 * we we did it the first time.
5022 */
5023 option_state_allocate(&tmp_options, MDL);
5024 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5025 reply->packet->options, tmp_options,
5026 &global_scope, root_group, NULL,
5027 on_star);
5028 if (tmp_options != NULL) {
5029 option_state_dereference(&tmp_options, MDL);
5030 }
5031
5032 /*
5033 * Bring configured options into the root packet level cache - start
5034 * with the lease's closest enclosing group (passed in by the caller
5035 * as 'group').
5036 */
5037 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5038 reply->packet->options, reply->opt_state,
5039 scope, group, root_group, on_star);
5040
5041 /* Execute statements from class scopes. */
5042 for (i = reply->packet->class_count; i > 0; i--) {
5043 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5044 reply->packet->options,
5045 reply->opt_state, scope,
5046 reply->packet->classes[i - 1]->group,
5047 group, on_star);
5048 }
5049
5050 /*
5051 * If there is a host record, over-ride with values configured there,
5052 * without re-evaluating configuration from the previously executed
5053 * group or its common enclosers.
5054 */
5055 if (reply->host != NULL)
5056 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5057 reply->packet->options,
5058 reply->opt_state, scope,
5059 reply->host->group, group,
5060 on_star);
5061
5062 /* Determine valid lifetime. */
5063 if (reply->client_valid == 0)
5064 reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
5065 else
5066 reply->send_valid = reply->client_valid;
5067
5068 oc = lookup_option(&server_universe, reply->opt_state,
5070 if (oc != NULL) {
5071 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5072 reply->packet->options,
5073 reply->opt_state,
5074 scope, oc, MDL) ||
5075 (data.len != 4)) {
5076 log_error("reply_process_is_prefixed: unable to "
5077 "evaluate default prefix time");
5078 status = ISC_R_FAILURE;
5079 goto cleanup;
5080 }
5081
5082 reply->send_valid = getULong(data.data);
5083 data_string_forget(&data, MDL);
5084 }
5085
5086 /* Check to see if the lease time would cause us to wrap
5087 * in which case we make it infinite.
5088 * The following doesn't work on at least some systems:
5089 * (cur_time + reply->send_valid < cur_time)
5090 */
5091 if (reply->send_valid != INFINITE_TIME) {
5092 time_t test_time = cur_time + reply->send_valid;
5093 if (test_time < cur_time)
5094 reply->send_valid = INFINITE_TIME;
5095 }
5096
5097 if (reply->client_prefer == 0)
5098 reply->send_prefer = reply->send_valid;
5099 else
5100 reply->send_prefer = reply->client_prefer;
5101
5102 if ((reply->send_prefer >= reply->send_valid) &&
5103 (reply->send_valid != INFINITE_TIME))
5104 reply->send_prefer = (reply->send_valid / 2) +
5105 (reply->send_valid / 8);
5106
5107 oc = lookup_option(&server_universe, reply->opt_state,
5109 if (oc != NULL) {
5110 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5111 reply->packet->options,
5112 reply->opt_state,
5113 scope, oc, MDL) ||
5114 (data.len != 4)) {
5115 log_error("reply_process_is_prefixed: unable to "
5116 "evaluate preferred prefix time");
5117 status = ISC_R_FAILURE;
5118 goto cleanup;
5119 }
5120
5121 reply->send_prefer = getULong(data.data);
5122 data_string_forget(&data, MDL);
5123 }
5124
5125 /* Note lowest values for later calculation of renew/rebind times. */
5126 if (reply->min_prefer > reply->send_prefer)
5127 reply->min_prefer = reply->send_prefer;
5128
5129 if (reply->min_valid > reply->send_valid)
5130 reply->min_valid = reply->send_valid;
5131
5132 /* Perform dynamic prefix related update work. */
5133 if (reply->lease != NULL) {
5134 /* Cached lifetimes */
5135 reply->lease->prefer = reply->send_prefer;
5136 reply->lease->valid = reply->send_valid;
5137
5138 /* Advance (or rewind) the valid lifetime.
5139 * In the protocol 0xFFFFFFFF is infinite
5140 * when connecting to the lease file MAX_TIME is
5141 */
5142 if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
5143 if (reply->send_valid == INFINITE_TIME) {
5144 reply->lease->soft_lifetime_end_time = MAX_TIME;
5145 } else {
5146 reply->lease->soft_lifetime_end_time =
5147 cur_time + reply->send_valid;
5148 }
5149 /* Wait before renew! */
5150 }
5151
5152 status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
5153 if (status != ISC_R_SUCCESS) {
5154 log_fatal("reply_process_is_prefixed: Unable to "
5155 "attach prefix to new IA_PD: %s",
5156 isc_result_totext(status));
5157 }
5158
5159 /*
5160 * If this is a new prefix, make sure it is attached somewhere.
5161 */
5162 if (reply->lease->ia == NULL) {
5163 ia_reference(&reply->lease->ia, reply->ia, MDL);
5164 }
5165 }
5166
5167 /* Bring a copy of the relevant options into the IA_PD scope. */
5168 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5169 reply->packet->options, reply->reply_ia,
5170 scope, group, root_group, NULL);
5171
5172 /* Execute statements from class scopes. */
5173 for (i = reply->packet->class_count; i > 0; i--) {
5174 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5175 reply->packet->options,
5176 reply->reply_ia, scope,
5177 reply->packet->classes[i - 1]->group,
5178 group, NULL);
5179 }
5180
5181 /*
5182 * And bring in host record configuration, if any, but not to overlap
5183 * the previous group or its common enclosers.
5184 */
5185 if (reply->host != NULL)
5186 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5187 reply->packet->options,
5188 reply->reply_ia, scope,
5189 reply->host->group, group, NULL);
5190
5191 cleanup:
5192 if (data.data != NULL)
5193 data_string_forget(&data, MDL);
5194
5195 if (status == ISC_R_SUCCESS)
5196 reply->client_resources++;
5197
5198 return status;
5199}
5200
5201/* Simply send an IAPREFIX within the IA_PD scope as described. */
5202static isc_result_t
5203reply_process_send_prefix(struct reply_state *reply,
5204 struct iaddrcidrnet *pref) {
5205 isc_result_t status = ISC_R_SUCCESS;
5206 struct data_string data;
5207
5208 memset(&data, 0, sizeof(data));
5209
5210 /* Now append the prefix. */
5211 data.len = IAPREFIX_OFFSET;
5212 if (!buffer_allocate(&data.buffer, data.len, MDL)) {
5213 log_error("reply_process_send_prefix: out of memory"
5214 "allocating new IAPREFIX buffer.");
5215 status = ISC_R_NOMEMORY;
5216 goto cleanup;
5217 }
5218 data.data = data.buffer->data;
5219
5220 putULong(data.buffer->data, reply->send_prefer);
5221 putULong(data.buffer->data + 4, reply->send_valid);
5222 data.buffer->data[8] = pref->bits;
5223 memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
5224
5225 if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
5226 data.buffer, data.buffer->data,
5227 data.len, D6O_IAPREFIX, 0)) {
5228 log_error("reply_process_send_prefix: unable "
5229 "to save IAPREFIX option");
5230 status = ISC_R_FAILURE;
5231 goto cleanup;
5232 }
5233
5234 reply->resources_included = ISC_TRUE;
5235
5236 cleanup:
5237 if (data.data != NULL)
5239
5240 return status;
5241}
5242
5243/* Choose the better of two prefixes. */
5244static struct iasubopt *
5245prefix_compare(struct reply_state *reply,
5246 struct iasubopt *alpha, struct iasubopt *beta) {
5247 if (alpha == NULL)
5248 return beta;
5249 if (beta == NULL)
5250 return alpha;
5251
5252 if (reply->preflen >= 0) {
5253 if ((alpha->plen == reply->preflen) &&
5254 (beta->plen != reply->preflen))
5255 return alpha;
5256 if ((beta->plen == reply->preflen) &&
5257 (alpha->plen != reply->preflen))
5258 return beta;
5259 }
5260
5261 switch(alpha->state) {
5262 case FTS_ACTIVE:
5263 switch(beta->state) {
5264 case FTS_ACTIVE:
5265 /* Choose the prefix with the longest lifetime (most
5266 * likely the most recently allocated).
5267 */
5268 if (alpha->hard_lifetime_end_time <
5270 return beta;
5271 else
5272 return alpha;
5273
5274 case FTS_EXPIRED:
5275 case FTS_ABANDONED:
5276 return alpha;
5277
5278 default:
5279 log_fatal("Impossible condition at %s:%d.", MDL);
5280 }
5281 break;
5282
5283 case FTS_EXPIRED:
5284 switch (beta->state) {
5285 case FTS_ACTIVE:
5286 return beta;
5287
5288 case FTS_EXPIRED:
5289 /* Choose the most recently expired prefix. */
5290 if (alpha->hard_lifetime_end_time <
5292 return beta;
5293 else if ((alpha->hard_lifetime_end_time ==
5294 beta->hard_lifetime_end_time) &&
5295 (alpha->soft_lifetime_end_time <
5297 return beta;
5298 else
5299 return alpha;
5300
5301 case FTS_ABANDONED:
5302 return alpha;
5303
5304 default:
5305 log_fatal("Impossible condition at %s:%d.", MDL);
5306 }
5307 break;
5308
5309 case FTS_ABANDONED:
5310 switch (beta->state) {
5311 case FTS_ACTIVE:
5312 case FTS_EXPIRED:
5313 return alpha;
5314
5315 case FTS_ABANDONED:
5316 /* Choose the prefix that was abandoned longest ago. */
5317 if (alpha->hard_lifetime_end_time <
5319 return alpha;
5320 else
5321 return beta;
5322
5323 default:
5324 log_fatal("Impossible condition at %s:%d.", MDL);
5325 }
5326 break;
5327
5328 default:
5329 log_fatal("Impossible condition at %s:%d.", MDL);
5330 }
5331
5332 log_fatal("Triple impossible condition at %s:%d.", MDL);
5333 return NULL;
5334}
5335
5336/*
5337 * Solicit is how a client starts requesting addresses.
5338 *
5339 * If the client asks for rapid commit, and we support it, we will
5340 * allocate the addresses and reply.
5341 *
5342 * Otherwise we will send an advertise message.
5343 */
5344
5345static void
5346dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5347 struct data_string client_id;
5348
5349 /*
5350 * Validate our input.
5351 */
5352 if (!valid_client_msg(packet, &client_id)) {
5353 return;
5354 }
5355
5356 lease_to_client(reply_ret, packet, &client_id, NULL);
5357
5358 /*
5359 * Clean up.
5360 */
5361 data_string_forget(&client_id, MDL);
5362}
5363
5364/*
5365 * Request is how a client actually requests addresses.
5366 *
5367 * Very similar to Solicit handling, except the server DUID is required.
5368 */
5369
5370static void
5371dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5372 struct data_string client_id;
5373 struct data_string server_id;
5374
5375 /*
5376 * Validate our input.
5377 */
5378 if (!valid_client_resp(packet, &client_id, &server_id)) {
5379 return;
5380 }
5381
5382 /* If the REQUEST arrived via unicast and unicast option isn't set,
5383 * reject it per RFC 3315, Sec 18.2.1 */
5384 if (packet->unicast == ISC_TRUE &&
5385 is_unicast_option_defined(packet) == ISC_FALSE) {
5386 unicast_reject(reply_ret, packet, &client_id, &server_id);
5387 } else {
5388 /*
5389 * Issue our lease.
5390 */
5391 lease_to_client(reply_ret, packet, &client_id, &server_id);
5392 }
5393
5394 /*
5395 * Cleanup.
5396 */
5397 data_string_forget(&client_id, MDL);
5398 data_string_forget(&server_id, MDL);
5399}
5400
5401/* Find a DHCPv6 packet's shared network from hints in the packet.
5402 */
5403static isc_result_t
5404shared_network_from_packet6(struct shared_network **shared,
5405 struct packet *packet)
5406{
5407 const struct packet *chk_packet;
5408 const struct in6_addr *link_addr, *first_link_addr;
5409 struct iaddr tmp_addr;
5410 struct subnet *subnet;
5411 isc_result_t status;
5412
5413 if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5414 return DHCP_R_INVALIDARG;
5415
5416 /*
5417 * First, find the link address where the packet from the client
5418 * first appeared (if this packet was relayed).
5419 */
5420 first_link_addr = NULL;
5421 chk_packet = packet->dhcpv6_container_packet;
5422 while (chk_packet != NULL) {
5423 link_addr = &chk_packet->dhcpv6_link_address;
5424 if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5425 !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5426 first_link_addr = link_addr;
5427 break;
5428 }
5429 chk_packet = chk_packet->dhcpv6_container_packet;
5430 }
5431
5432 /*
5433 * If there is a relayed link address, find the subnet associated
5434 * with that, and use that to get the appropriate
5435 * shared_network.
5436 */
5437 if (first_link_addr != NULL) {
5438 tmp_addr.len = sizeof(*first_link_addr);
5439 memcpy(tmp_addr.iabuf,
5440 first_link_addr, sizeof(*first_link_addr));
5441 subnet = NULL;
5442 if (!find_subnet(&subnet, tmp_addr, MDL)) {
5443 log_debug("No subnet found for link-address %s.",
5444 piaddr(tmp_addr));
5445 return ISC_R_NOTFOUND;
5446 }
5447 status = shared_network_reference(shared,
5449 subnet_dereference(&subnet, MDL);
5450
5451 /*
5452 * If there is no link address, we will use the interface
5453 * that this packet came in on to pick the shared_network.
5454 */
5455 } else if (packet->interface != NULL) {
5456 status = shared_network_reference(shared,
5458 MDL);
5459 if (packet->dhcpv6_container_packet != NULL) {
5460 log_info("[L2 Relay] No link address in relay packet "
5461 "assuming L2 relay and using receiving "
5462 "interface");
5463 }
5464
5465 } else {
5466 /*
5467 * We shouldn't be able to get here but if there is no link
5468 * address and no interface we don't know where to get the
5469 * pool from log an error and return an error.
5470 */
5471 log_error("No interface and no link address "
5472 "can't determine pool");
5473 status = DHCP_R_INVALIDARG;
5474 }
5475
5476 return status;
5477}
5478
5479/*
5480 * When a client thinks it might be on a new link, it sends a
5481 * Confirm message.
5482 *
5483 * From RFC3315 section 18.2.2:
5484 *
5485 * When the server receives a Confirm message, the server determines
5486 * whether the addresses in the Confirm message are appropriate for the
5487 * link to which the client is attached. If all of the addresses in the
5488 * Confirm message pass this test, the server returns a status of
5489 * Success. If any of the addresses do not pass this test, the server
5490 * returns a status of NotOnLink. If the server is unable to perform
5491 * this test (for example, the server does not have information about
5492 * prefixes on the link to which the client is connected), or there were
5493 * no addresses in any of the IAs sent by the client, the server MUST
5494 * NOT send a reply to the client.
5495 */
5496
5497static void
5498dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5499 struct shared_network *shared;
5500 struct subnet *subnet;
5501 struct option_cache *ia, *ta, *oc;
5502 struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5503 struct option_state *cli_enc_opt_state, *opt_state;
5504 struct iaddr cli_addr;
5505 int pass;
5506 isc_boolean_t inappropriate, has_addrs;
5507 char reply_data[65536];
5508 struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5509 int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5510
5511 /*
5512 * Basic client message validation.
5513 */
5514 memset(&client_id, 0, sizeof(client_id));
5515 if (!valid_client_msg(packet, &client_id)) {
5516 return;
5517 }
5518
5519 /*
5520 * Do not process Confirms that do not have IA's we do not recognize.
5521 */
5524 if ((ia == NULL) && (ta == NULL))
5525 return;
5526
5527 /*
5528 * IA_PD's are simply ignored.
5529 */
5531
5532 /*
5533 * Bit of variable initialization.
5534 */
5535 opt_state = cli_enc_opt_state = NULL;
5536 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5537 memset(&iaaddr, 0, sizeof(iaaddr));
5538 memset(&packet_oro, 0, sizeof(packet_oro));
5539
5540 /* Determine what shared network the client is connected to. We
5541 * must not respond if we don't have any information about the
5542 * network the client is on.
5543 */
5544 shared = NULL;
5545 if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5546 (shared == NULL))
5547 goto exit;
5548
5549 /* If there are no recorded subnets, then we have no
5550 * information about this subnet - ignore Confirms.
5551 */
5552 subnet = shared->subnets;
5553 if (subnet == NULL)
5554 goto exit;
5555
5556 /* Are the addresses in all the IA's appropriate for that link? */
5557 has_addrs = inappropriate = ISC_FALSE;
5558 pass = D6O_IA_NA;
5559 while(!inappropriate) {
5560 /* If we've reached the end of the IA_NA pass, move to the
5561 * IA_TA pass.
5562 */
5563 if ((pass == D6O_IA_NA) && (ia == NULL)) {
5564 pass = D6O_IA_TA;
5565 ia = ta;
5566 }
5567
5568 /* If we've reached the end of all passes, we're done. */
5569 if (ia == NULL)
5570 break;
5571
5572 if (((pass == D6O_IA_NA) &&
5573 !get_encapsulated_IA_state(&cli_enc_opt_state,
5574 &cli_enc_opt_data,
5575 packet, ia, IA_NA_OFFSET)) ||
5576 ((pass == D6O_IA_TA) &&
5577 !get_encapsulated_IA_state(&cli_enc_opt_state,
5578 &cli_enc_opt_data,
5579 packet, ia, IA_TA_OFFSET))) {
5580 goto exit;
5581 }
5582
5583 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5584 D6O_IAADDR);
5585
5586 for ( ; oc != NULL ; oc = oc->next) {
5587 if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5588 packet->options, NULL,
5589 &global_scope, oc, MDL) ||
5590 (iaaddr.len < IAADDR_OFFSET)) {
5591 log_error("dhcpv6_confirm: "
5592 "error evaluating IAADDR.");
5593 goto exit;
5594 }
5595
5596 /* Copy out the IPv6 address for processing. */
5597 cli_addr.len = 16;
5598 memcpy(cli_addr.iabuf, iaaddr.data, 16);
5599
5600 data_string_forget(&iaaddr, MDL);
5601
5602 /* Record that we've processed at least one address. */
5603 has_addrs = ISC_TRUE;
5604
5605 /* Find out if any subnets cover this address. */
5606 for (subnet = shared->subnets ; subnet != NULL ;
5608 if (addr_eq(subnet_number(cli_addr,
5609 subnet->netmask),
5610 subnet->net))
5611 break;
5612 }
5613
5614 /* If we reach the end of the subnet list, and no
5615 * subnet matches the client address, then it must
5616 * be inappropriate to the link (so far as our
5617 * configuration says). Once we've found one
5618 * inappropriate address, there is no reason to
5619 * continue searching.
5620 */
5621 if (subnet == NULL) {
5622 inappropriate = ISC_TRUE;
5623 break;
5624 }
5625 }
5626
5627 option_state_dereference(&cli_enc_opt_state, MDL);
5628 data_string_forget(&cli_enc_opt_data, MDL);
5629
5630 /* Advance to the next IA_*. */
5631 ia = ia->next;
5632 }
5633
5634 /* If the client supplied no addresses, do not reply. */
5635 if (!has_addrs)
5636 goto exit;
5637
5638 /*
5639 * Set up reply.
5640 */
5641 if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5642 goto exit;
5643 }
5644
5645 /*
5646 * Set our status.
5647 */
5648 if (inappropriate) {
5649 if (!set_status_code(STATUS_NotOnLink,
5650 "Some of the addresses are not on link.",
5651 opt_state)) {
5652 goto exit;
5653 }
5654 } else {
5655 if (!set_status_code(STATUS_Success,
5656 "All addresses still on link.",
5657 opt_state)) {
5658 goto exit;
5659 }
5660 }
5661
5662 /*
5663 * Only one option: add it.
5664 */
5665 reply_ofs += store_options6(reply_data+reply_ofs,
5666 sizeof(reply_data)-reply_ofs,
5667 opt_state, packet,
5668 required_opts, &packet_oro);
5669
5670 /*
5671 * Return our reply to the caller.
5672 */
5673 reply_ret->len = reply_ofs;
5674 reply_ret->buffer = NULL;
5675 if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5676 log_fatal("No memory to store reply.");
5677 }
5678 reply_ret->data = reply_ret->buffer->data;
5679 memcpy(reply_ret->buffer->data, reply, reply_ofs);
5680
5681exit:
5682 /* Cleanup any stale data strings. */
5683 if (cli_enc_opt_data.buffer != NULL)
5684 data_string_forget(&cli_enc_opt_data, MDL);
5685 if (iaaddr.buffer != NULL)
5686 data_string_forget(&iaaddr, MDL);
5687 if (client_id.buffer != NULL)
5688 data_string_forget(&client_id, MDL);
5689 if (packet_oro.buffer != NULL)
5690 data_string_forget(&packet_oro, MDL);
5691
5692 /* Release any stale option states. */
5693 if (cli_enc_opt_state != NULL)
5694 option_state_dereference(&cli_enc_opt_state, MDL);
5695 if (opt_state != NULL)
5696 option_state_dereference(&opt_state, MDL);
5697}
5698
5699/*
5700 * Renew is when a client wants to extend its lease/prefix, at time T1.
5701 *
5702 * We handle this the same as if the client wants a new lease/prefix,
5703 * except for the error code of when addresses don't match.
5704 */
5705
5706static void
5707dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5708 struct data_string client_id;
5709 struct data_string server_id;
5710
5711 /*
5712 * Validate the request.
5713 */
5714 if (!valid_client_resp(packet, &client_id, &server_id)) {
5715 return;
5716 }
5717
5718 /* If the RENEW arrived via unicast and unicast option isn't set,
5719 * reject it per RFC 3315, Sec 18.2.3 */
5720 if (packet->unicast == ISC_TRUE &&
5721 is_unicast_option_defined(packet) == ISC_FALSE) {
5722 unicast_reject(reply, packet, &client_id, &server_id);
5723 } else {
5724 /*
5725 * Renew our lease.
5726 */
5727 lease_to_client(reply, packet, &client_id, &server_id);
5728 }
5729
5730 /*
5731 * Cleanup.
5732 */
5733 data_string_forget(&server_id, MDL);
5734 data_string_forget(&client_id, MDL);
5735}
5736
5737/*
5738 * Rebind is when a client wants to extend its lease, at time T2.
5739 *
5740 * We handle this the same as if the client wants a new lease, except
5741 * for the error code of when addresses don't match.
5742 */
5743
5744static void
5745dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5746 struct data_string client_id;
5747
5748 if (!valid_client_msg(packet, &client_id)) {
5749 return;
5750 }
5751
5752 lease_to_client(reply, packet, &client_id, NULL);
5753
5754 data_string_forget(&client_id, MDL);
5755}
5756
5757static void
5758ia_na_match_decline(const struct data_string *client_id,
5759 const struct data_string *iaaddr,
5760 struct iasubopt *lease)
5761{
5762 char tmp_addr[INET6_ADDRSTRLEN];
5763
5764 log_error("Client %s reports address %s is "
5765 "already in use by another host!",
5766 print_hex_1(client_id->len, client_id->data, 60),
5767 inet_ntop(AF_INET6, iaaddr->data,
5768 tmp_addr, sizeof(tmp_addr)));
5769 if (lease != NULL) {
5770 decline_lease6(lease->ipv6_pool, lease);
5771 lease->ia->cltt = cur_time;
5772 write_ia(lease->ia);
5773 }
5774}
5775
5776static void
5777ia_na_nomatch_decline(const struct data_string *client_id,
5778 const struct data_string *iaaddr,
5779 u_int32_t *ia_na_id,
5780 struct packet *packet,
5781 char *reply_data,
5782 int *reply_ofs,
5783 int reply_len)
5784{
5785 char tmp_addr[INET6_ADDRSTRLEN];
5786 struct option_state *host_opt_state;
5787 int len;
5788
5789 log_info("Client %s declines address %s, which is not offered to it.",
5790 print_hex_1(client_id->len, client_id->data, 60),
5791 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5792
5793 /*
5794 * Create state for this IA_NA.
5795 */
5796 host_opt_state = NULL;
5797 if (!option_state_allocate(&host_opt_state, MDL)) {
5798 log_error("ia_na_nomatch_decline: out of memory "
5799 "allocating option_state.");
5800 goto exit;
5801 }
5802
5803 if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5804 host_opt_state)) {
5805 goto exit;
5806 }
5807
5808 /*
5809 * Insure we have enough space
5810 */
5811 if (reply_len < (*reply_ofs + 16)) {
5812 log_error("ia_na_nomatch_decline: "
5813 "out of space for reply packet.");
5814 goto exit;
5815 }
5816
5817 /*
5818 * Put our status code into the reply packet.
5819 */
5820 len = store_options6(reply_data+(*reply_ofs)+16,
5821 reply_len-(*reply_ofs)-16,
5822 host_opt_state, packet,
5823 required_opts_STATUS_CODE, NULL);
5824
5825 /*
5826 * Store the non-encapsulated option data for this
5827 * IA_NA into our reply packet. Defined in RFC 3315,
5828 * section 22.4.
5829 */
5830 /* option number */
5831 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5832 /* option length */
5833 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5834 /* IA_NA, copied from the client */
5835 memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5836 /* t1 and t2, odd that we need them, but here it is */
5837 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5838 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5839
5840 /*
5841 * Get ready for next IA_NA.
5842 */
5843 *reply_ofs += (len + 16);
5844
5845exit:
5846 option_state_dereference(&host_opt_state, MDL);
5847}
5848
5849static void
5850iterate_over_ia_na(struct data_string *reply_ret,
5851 struct packet *packet,
5852 const struct data_string *client_id,
5853 const struct data_string *server_id,
5854 const char *packet_type,
5855 void (*ia_na_match)(const struct data_string *, const struct data_string *, struct iasubopt *),
5856 void (*ia_na_nomatch)(const struct data_string *, const struct data_string *, u_int32_t *, struct packet *, char *, int *, int))
5857{
5858 struct option_state *opt_state;
5859 struct host_decl *packet_host;
5860 struct option_cache *ia;
5861 struct option_cache *oc;
5862 /* cli_enc_... variables come from the IA_NA/IA_TA options */
5863 struct data_string cli_enc_opt_data;
5864 struct option_state *cli_enc_opt_state;
5865 struct host_decl *host;
5866 struct data_string iaaddr;
5867 struct data_string fixed_addr;
5868 char reply_data[65536];
5869 struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5870 int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5871 char status_msg[32];
5872 struct iasubopt *lease;
5873 struct ia_xx *existing_ia_na;
5874 int i;
5875 struct data_string key;
5876 u_int32_t iaid;
5877
5878 /*
5879 * Initialize to empty values, in case we have to exit early.
5880 */
5881 opt_state = NULL;
5882 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5883 cli_enc_opt_state = NULL;
5884 memset(&iaaddr, 0, sizeof(iaaddr));
5885 memset(&fixed_addr, 0, sizeof(fixed_addr));
5886 lease = NULL;
5887
5888 /*
5889 * Find the host record that matches from the packet, if any.
5890 */
5891 packet_host = NULL;
5892 find_hosts6(&packet_host, packet, client_id, MDL);
5893
5894 /*
5895 * Set our reply information.
5896 */
5897 reply->msg_type = DHCPV6_REPLY;
5899 sizeof(reply->transaction_id));
5900
5901 /*
5902 * Build our option state for reply.
5903 */
5904 opt_state = NULL;
5905 if (!option_state_allocate(&opt_state, MDL)) {
5906 log_error("iterate_over_ia_na: no memory for option_state.");
5907 goto exit;
5908 }
5909 execute_statements_in_scope(NULL, packet, NULL, NULL,
5910 packet->options, opt_state,
5911 &global_scope, root_group, NULL, NULL);
5912
5913 /*
5914 * RFC 3315, section 18.2.7 tells us which options to include.
5915 */
5916 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5917 if (oc == NULL) {
5918 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5919 (unsigned char *)server_duid.data,
5920 server_duid.len, D6O_SERVERID, 0)) {
5921 log_error("iterate_over_ia_na: "
5922 "error saving server identifier.");
5923 goto exit;
5924 }
5925 }
5926
5927 if (!save_option_buffer(&dhcpv6_universe, opt_state,
5928 client_id->buffer,
5929 (unsigned char *)client_id->data,
5930 client_id->len,
5931 D6O_CLIENTID, 0)) {
5932 log_error("iterate_over_ia_na: "
5933 "error saving client identifier.");
5934 goto exit;
5935 }
5936
5937 snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5938 if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5939 goto exit;
5940 }
5941
5942 /*
5943 * Add our options that are not associated with any IA_NA or IA_TA.
5944 */
5945 reply_ofs += store_options6(reply_data+reply_ofs,
5946 sizeof(reply_data)-reply_ofs,
5947 opt_state, packet,
5948 required_opts, NULL);
5949
5950 /*
5951 * Loop through the IA_NA reported by the client, and deal with
5952 * addresses reported as already in use.
5953 */
5955 ia != NULL; ia = ia->next) {
5956
5957 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5958 &cli_enc_opt_data,
5959 packet, ia, IA_NA_OFFSET)) {
5960 goto exit;
5961 }
5962
5963 iaid = getULong(cli_enc_opt_data.data);
5964
5965 /*
5966 * XXX: It is possible that we can get multiple addresses
5967 * sent by the client. We don't send multiple
5968 * addresses, so this indicates a client error.
5969 * We should check for multiple IAADDR options, log
5970 * if found, and set as an error.
5971 */
5972 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5973 D6O_IAADDR);
5974 if (oc == NULL) {
5975 /* no address given for this IA, ignore */
5976 option_state_dereference(&cli_enc_opt_state, MDL);
5977 data_string_forget(&cli_enc_opt_data, MDL);
5978 continue;
5979 }
5980
5981 memset(&iaaddr, 0, sizeof(iaaddr));
5982 if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5983 packet->options, NULL,
5984 &global_scope, oc, MDL)) {
5985 log_error("iterate_over_ia_na: "
5986 "error evaluating IAADDR.");
5987 goto exit;
5988 }
5989
5990 /*
5991 * Now we need to figure out which host record matches
5992 * this IA_NA and IAADDR (encapsulated option contents
5993 * matching a host record by option).
5994 *
5995 * XXX: We don't currently track IA_NA separately, but
5996 * we will need to do this!
5997 */
5998 host = NULL;
5999 if (!find_hosts_by_option(&host, packet,
6000 cli_enc_opt_state, MDL)) {
6001 if (packet_host != NULL) {
6002 host = packet_host;
6003 } else {
6004 host = NULL;
6005 }
6006 }
6007 while (host != NULL) {
6008 if (host->fixed_addr != NULL) {
6009 if (!evaluate_option_cache(&fixed_addr, NULL,
6010 NULL, NULL, NULL,
6011 NULL, &global_scope,
6012 host->fixed_addr,
6013 MDL)) {
6014 log_error("iterate_over_ia_na: error "
6015 "evaluating host address.");
6016 goto exit;
6017 }
6018 if ((iaaddr.len >= 16) &&
6019 !memcmp(fixed_addr.data, iaaddr.data, 16)) {
6020 data_string_forget(&fixed_addr, MDL);
6021 break;
6022 }
6023 data_string_forget(&fixed_addr, MDL);
6024 }
6025 host = host->n_ipaddr;
6026 }
6027
6028 if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
6029 /*
6030 * Find existing IA_NA.
6031 */
6032 if (ia_make_key(&key, iaid,
6033 (char *)client_id->data,
6034 client_id->len,
6035 MDL) != ISC_R_SUCCESS) {
6036 log_fatal("iterate_over_ia_na: no memory for "
6037 "key.");
6038 }
6039
6040 existing_ia_na = NULL;
6041 if (ia_hash_lookup(&existing_ia_na, ia_na_active,
6042 (unsigned char *)key.data,
6043 key.len, MDL)) {
6044 /*
6045 * Make sure this address is in the IA_NA.
6046 */
6047 for (i=0; i<existing_ia_na->num_iasubopt; i++) {
6048 struct iasubopt *tmp;
6049 struct in6_addr *in6_addr;
6050
6051 tmp = existing_ia_na->iasubopt[i];
6052 in6_addr = &tmp->addr;
6053 if (memcmp(in6_addr,
6054 iaaddr.data, 16) == 0) {
6056 tmp, MDL);
6057 break;
6058 }
6059 }
6060 }
6061
6062 data_string_forget(&key, MDL);
6063 }
6064
6065 if ((host != NULL) || (lease != NULL)) {
6066 ia_na_match(client_id, &iaaddr, lease);
6067 } else {
6068 ia_na_nomatch(client_id, &iaaddr,
6069 (u_int32_t *)cli_enc_opt_data.data,
6070 packet, reply_data, &reply_ofs,
6071 sizeof(reply_data));
6072 }
6073
6074 if (lease != NULL) {
6076 }
6077
6078 data_string_forget(&iaaddr, MDL);
6079 option_state_dereference(&cli_enc_opt_state, MDL);
6080 data_string_forget(&cli_enc_opt_data, MDL);
6081 }
6082
6083 /*
6084 * Return our reply to the caller.
6085 */
6086 reply_ret->len = reply_ofs;
6087 reply_ret->buffer = NULL;
6088 if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
6089 log_fatal("No memory to store reply.");
6090 }
6091 reply_ret->data = reply_ret->buffer->data;
6092 memcpy(reply_ret->buffer->data, reply, reply_ofs);
6093
6094exit:
6095 if (lease != NULL) {
6097 }
6098 if (fixed_addr.buffer != NULL) {
6099 data_string_forget(&fixed_addr, MDL);
6100 }
6101 if (iaaddr.buffer != NULL) {
6102 data_string_forget(&iaaddr, MDL);
6103 }
6104 if (cli_enc_opt_state != NULL) {
6105 option_state_dereference(&cli_enc_opt_state, MDL);
6106 }
6107 if (cli_enc_opt_data.buffer != NULL) {
6108 data_string_forget(&cli_enc_opt_data, MDL);
6109 }
6110 if (opt_state != NULL) {
6111 option_state_dereference(&opt_state, MDL);
6112 }
6113}
6114
6115/*
6116 * Decline means a client has detected that something else is using an
6117 * address we gave it.
6118 *
6119 * Since we're only dealing with fixed leases for now, there's not
6120 * much we can do, other that log the occurrence.
6121 *
6122 * When we start issuing addresses from pools, then we will have to
6123 * record our declined addresses and issue another. In general with
6124 * IPv6 there is no worry about DoS by clients exhausting space, but
6125 * we still need to be aware of this possibility.
6126 */
6127
6128/* TODO: IA_TA */
6129static void
6130dhcpv6_decline(struct data_string *reply, struct packet *packet) {
6131 struct data_string client_id;
6132 struct data_string server_id;
6133
6134 /*
6135 * Validate our input.
6136 */
6137 if (!valid_client_resp(packet, &client_id, &server_id)) {
6138 return;
6139 }
6140
6141 /* If the DECLINE arrived via unicast and unicast option isn't set,
6142 * reject it per RFC 3315, Sec 18.2.7 */
6143 if (packet->unicast == ISC_TRUE &&
6144 is_unicast_option_defined(packet) == ISC_FALSE) {
6145 unicast_reject(reply, packet, &client_id, &server_id);
6146 } else {
6147 /*
6148 * Undefined for IA_PD.
6149 */
6151
6152 /*
6153 * And operate on each IA_NA in this packet.
6154 */
6155 iterate_over_ia_na(reply, packet, &client_id, &server_id,
6156 "Decline", ia_na_match_decline,
6157 ia_na_nomatch_decline);
6158
6159 }
6160
6161 data_string_forget(&server_id, MDL);
6162 data_string_forget(&client_id, MDL);
6163}
6164
6165static void
6166ia_na_match_release(const struct data_string *client_id,
6167 const struct data_string *iaaddr,
6168 struct iasubopt *lease)
6169{
6170 char tmp_addr[INET6_ADDRSTRLEN];
6171
6172 log_info("Client %s releases address %s",
6173 print_hex_1(client_id->len, client_id->data, 60),
6174 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6175 if (lease != NULL) {
6176 release_lease6(lease->ipv6_pool, lease);
6177 lease->ia->cltt = cur_time;
6178 write_ia(lease->ia);
6179 }
6180}
6181
6182static void
6183ia_na_nomatch_release(const struct data_string *client_id,
6184 const struct data_string *iaaddr,
6185 u_int32_t *ia_na_id,
6186 struct packet *packet,
6187 char *reply_data,
6188 int *reply_ofs,
6189 int reply_len)
6190{
6191 char tmp_addr[INET6_ADDRSTRLEN];
6192 struct option_state *host_opt_state;
6193 int len;
6194
6195 log_info("Client %s releases address %s, which is not leased to it.",
6196 print_hex_1(client_id->len, client_id->data, 60),
6197 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6198
6199 /*
6200 * Create state for this IA_NA.
6201 */
6202 host_opt_state = NULL;
6203 if (!option_state_allocate(&host_opt_state, MDL)) {
6204 log_error("ia_na_nomatch_release: out of memory "
6205 "allocating option_state.");
6206 goto exit;
6207 }
6208
6209 if (!set_status_code(STATUS_NoBinding,
6210 "Release for non-leased address.",
6211 host_opt_state)) {
6212 goto exit;
6213 }
6214
6215 /*
6216 * Insure we have enough space
6217 */
6218 if (reply_len < (*reply_ofs + 16)) {
6219 log_error("ia_na_nomatch_release: "
6220 "out of space for reply packet.");
6221 goto exit;
6222 }
6223
6224 /*
6225 * Put our status code into the reply packet.
6226 */
6227 len = store_options6(reply_data+(*reply_ofs)+16,
6228 reply_len-(*reply_ofs)-16,
6229 host_opt_state, packet,
6230 required_opts_STATUS_CODE, NULL);
6231
6232 /*
6233 * Store the non-encapsulated option data for this
6234 * IA_NA into our reply packet. Defined in RFC 3315,
6235 * section 22.4.
6236 */
6237 /* option number */
6238 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
6239 /* option length */
6240 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6241 /* IA_NA, copied from the client */
6242 memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
6243 /* t1 and t2, odd that we need them, but here it is */
6244 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6245 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6246
6247 /*
6248 * Get ready for next IA_NA.
6249 */
6250 *reply_ofs += (len + 16);
6251
6252exit:
6253 option_state_dereference(&host_opt_state, MDL);
6254}
6255
6256static void
6257ia_pd_match_release(const struct data_string *client_id,
6258 const struct data_string *iapref,
6259 struct iasubopt *prefix)
6260{
6261 char tmp_addr[INET6_ADDRSTRLEN];
6262
6263 log_info("Client %s releases prefix %s/%u",
6264 print_hex_1(client_id->len, client_id->data, 60),
6265 inet_ntop(AF_INET6, iapref->data + 9,
6266 tmp_addr, sizeof(tmp_addr)),
6267 (unsigned) getUChar(iapref->data + 8));
6268 if (prefix != NULL) {
6269 release_lease6(prefix->ipv6_pool, prefix);
6270 prefix->ia->cltt = cur_time;
6271 write_ia(prefix->ia);
6272 }
6273}
6274
6275static void
6276ia_pd_nomatch_release(const struct data_string *client_id,
6277 const struct data_string *iapref,
6278 u_int32_t *ia_pd_id,
6279 struct packet *packet,
6280 char *reply_data,
6281 int *reply_ofs,
6282 int reply_len)
6283{
6284 char tmp_addr[INET6_ADDRSTRLEN];
6285 struct option_state *host_opt_state;
6286 int len;
6287
6288 log_info("Client %s releases prefix %s/%u, which is not leased to it.",
6289 print_hex_1(client_id->len, client_id->data, 60),
6290 inet_ntop(AF_INET6, iapref->data + 9,
6291 tmp_addr, sizeof(tmp_addr)),
6292 (unsigned) getUChar(iapref->data + 8));
6293
6294 /*
6295 * Create state for this IA_PD.
6296 */
6297 host_opt_state = NULL;
6298 if (!option_state_allocate(&host_opt_state, MDL)) {
6299 log_error("ia_pd_nomatch_release: out of memory "
6300 "allocating option_state.");
6301 goto exit;
6302 }
6303
6304 if (!set_status_code(STATUS_NoBinding,
6305 "Release for non-leased prefix.",
6306 host_opt_state)) {
6307 goto exit;
6308 }
6309
6310 /*
6311 * Insure we have enough space
6312 */
6313 if (reply_len < (*reply_ofs + 16)) {
6314 log_error("ia_pd_nomatch_release: "
6315 "out of space for reply packet.");
6316 goto exit;
6317 }
6318
6319 /*
6320 * Put our status code into the reply packet.
6321 */
6322 len = store_options6(reply_data+(*reply_ofs)+16,
6323 reply_len-(*reply_ofs)-16,
6324 host_opt_state, packet,
6325 required_opts_STATUS_CODE, NULL);
6326
6327 /*
6328 * Store the non-encapsulated option data for this
6329 * IA_PD into our reply packet. Defined in RFC 3315,
6330 * section 22.4.
6331 */
6332 /* option number */
6333 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6334 /* option length */
6335 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6336 /* IA_PD, copied from the client */
6337 memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6338 /* t1 and t2, odd that we need them, but here it is */
6339 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6340 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6341
6342 /*
6343 * Get ready for next IA_PD.
6344 */
6345 *reply_ofs += (len + 16);
6346
6347exit:
6348 option_state_dereference(&host_opt_state, MDL);
6349}
6350
6351static void
6352iterate_over_ia_pd(struct data_string *reply_ret,
6353 struct packet *packet,
6354 const struct data_string *client_id,
6355 const struct data_string *server_id,
6356 const char *packet_type,
6357 void (*ia_pd_match)(const struct data_string *, const struct data_string *, struct iasubopt *),
6358 void (*ia_pd_nomatch)(const struct data_string *, const struct data_string *, u_int32_t *, struct packet *, char *, int *, int))
6359{
6360 struct data_string reply_new;
6361 int reply_len;
6362 struct option_state *opt_state;
6363 struct host_decl *packet_host;
6364 struct option_cache *ia;
6365 struct option_cache *oc;
6366 /* cli_enc_... variables come from the IA_PD options */
6367 struct data_string cli_enc_opt_data;
6368 struct option_state *cli_enc_opt_state;
6369 struct host_decl *host;
6370 struct data_string iaprefix;
6371 char reply_data[65536];
6372 int reply_ofs;
6373 struct iasubopt *prefix;
6374 struct ia_xx *existing_ia_pd;
6375 int i;
6376 struct data_string key;
6377 u_int32_t iaid;
6378
6379 /*
6380 * Initialize to empty values, in case we have to exit early.
6381 */
6382 memset(&reply_new, 0, sizeof(reply_new));
6383 opt_state = NULL;
6384 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6385 cli_enc_opt_state = NULL;
6386 memset(&iaprefix, 0, sizeof(iaprefix));
6387 prefix = NULL;
6388
6389 /*
6390 * Compute the available length for the reply.
6391 */
6392 reply_len = sizeof(reply_data) - reply_ret->len;
6393 reply_ofs = 0;
6394
6395 /*
6396 * Find the host record that matches from the packet, if any.
6397 */
6398 packet_host = NULL;
6399 find_hosts6(&packet_host, packet, client_id, MDL);
6400
6401 /*
6402 * Build our option state for reply.
6403 */
6404 opt_state = NULL;
6405 if (!option_state_allocate(&opt_state, MDL)) {
6406 log_error("iterate_over_ia_pd: no memory for option_state.");
6407 goto exit;
6408 }
6409 execute_statements_in_scope(NULL, packet, NULL, NULL,
6410 packet->options, opt_state,
6411 &global_scope, root_group, NULL, NULL);
6412
6413 /*
6414 * Loop through the IA_PD reported by the client, and deal with
6415 * prefixes reported as already in use.
6416 */
6418 ia != NULL; ia = ia->next) {
6419
6420 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6421 &cli_enc_opt_data,
6422 packet, ia, IA_PD_OFFSET)) {
6423 goto exit;
6424 }
6425
6426 iaid = getULong(cli_enc_opt_data.data);
6427
6428 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6429 D6O_IAPREFIX);
6430 if (oc == NULL) {
6431 /* no prefix given for this IA_PD, ignore */
6432 option_state_dereference(&cli_enc_opt_state, MDL);
6433 data_string_forget(&cli_enc_opt_data, MDL);
6434 continue;
6435 }
6436
6437 for (; oc != NULL; oc = oc->next) {
6438 memset(&iaprefix, 0, sizeof(iaprefix));
6439 if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6440 packet->options, NULL,
6441 &global_scope, oc, MDL)) {
6442 log_error("iterate_over_ia_pd: "
6443 "error evaluating IAPREFIX.");
6444 goto exit;
6445 }
6446
6447 /*
6448 * Now we need to figure out which host record matches
6449 * this IA_PD and IAPREFIX (encapsulated option contents
6450 * matching a host record by option).
6451 *
6452 * XXX: We don't currently track IA_PD separately, but
6453 * we will need to do this!
6454 */
6455 host = NULL;
6456 if (!find_hosts_by_option(&host, packet,
6457 cli_enc_opt_state, MDL)) {
6458 if (packet_host != NULL) {
6459 host = packet_host;
6460 } else {
6461 host = NULL;
6462 }
6463 }
6464 while (host != NULL) {
6465 if (host->fixed_prefix != NULL) {
6466 struct iaddrcidrnetlist *l;
6467 int plen = (int) getUChar(iaprefix.data + 8);
6468
6469 for (l = host->fixed_prefix; l != NULL;
6470 l = l->next) {
6471 if (plen != l->cidrnet.bits)
6472 continue;
6473 if (memcmp(iaprefix.data + 9,
6475 16) == 0)
6476 break;
6477 }
6478 if ((l != NULL) && (iaprefix.len >= 17))
6479 break;
6480 }
6481 host = host->n_ipaddr;
6482 }
6483
6484 if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6485 /*
6486 * Find existing IA_PD.
6487 */
6488 if (ia_make_key(&key, iaid,
6489 (char *)client_id->data,
6490 client_id->len,
6491 MDL) != ISC_R_SUCCESS) {
6492 log_fatal("iterate_over_ia_pd: no memory for "
6493 "key.");
6494 }
6495
6496 existing_ia_pd = NULL;
6497 if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6498 (unsigned char *)key.data,
6499 key.len, MDL)) {
6500 /*
6501 * Make sure this prefix is in the IA_PD.
6502 */
6503 for (i = 0;
6504 i < existing_ia_pd->num_iasubopt;
6505 i++) {
6506 struct iasubopt *tmp;
6507 u_int8_t plen;
6508
6509 plen = getUChar(iaprefix.data + 8);
6510 tmp = existing_ia_pd->iasubopt[i];
6511 if ((tmp->plen == plen) &&
6512 (memcmp(&tmp->addr,
6513 iaprefix.data + 9,
6514 16) == 0)) {
6515 iasubopt_reference(&prefix,
6516 tmp, MDL);
6517 break;
6518 }
6519 }
6520 }
6521
6522 data_string_forget(&key, MDL);
6523 }
6524
6525 if ((host != NULL) || (prefix != NULL)) {
6526 ia_pd_match(client_id, &iaprefix, prefix);
6527 } else {
6528 ia_pd_nomatch(client_id, &iaprefix,
6529 (u_int32_t *)cli_enc_opt_data.data,
6530 packet, reply_data, &reply_ofs,
6531 reply_len - reply_ofs);
6532 }
6533
6534 if (prefix != NULL) {
6535 iasubopt_dereference(&prefix, MDL);
6536 }
6537
6538 data_string_forget(&iaprefix, MDL);
6539 }
6540
6541 option_state_dereference(&cli_enc_opt_state, MDL);
6542 data_string_forget(&cli_enc_opt_data, MDL);
6543 }
6544
6545 /*
6546 * Return our reply to the caller.
6547 * The IA_NA routine has already filled at least the header.
6548 */
6549 reply_new.len = reply_ret->len + reply_ofs;
6550 if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6551 log_fatal("No memory to store reply.");
6552 }
6553 reply_new.data = reply_new.buffer->data;
6554 memcpy(reply_new.buffer->data,
6555 reply_ret->buffer->data, reply_ret->len);
6556 memcpy(reply_new.buffer->data + reply_ret->len,
6557 reply_data, reply_ofs);
6558 data_string_forget(reply_ret, MDL);
6559 data_string_copy(reply_ret, &reply_new, MDL);
6560 data_string_forget(&reply_new, MDL);
6561
6562exit:
6563 if (prefix != NULL) {
6564 iasubopt_dereference(&prefix, MDL);
6565 }
6566 if (iaprefix.buffer != NULL) {
6567 data_string_forget(&iaprefix, MDL);
6568 }
6569 if (cli_enc_opt_state != NULL) {
6570 option_state_dereference(&cli_enc_opt_state, MDL);
6571 }
6572 if (cli_enc_opt_data.buffer != NULL) {
6573 data_string_forget(&cli_enc_opt_data, MDL);
6574 }
6575 if (opt_state != NULL) {
6576 option_state_dereference(&opt_state, MDL);
6577 }
6578}
6579
6580/*
6581 * Release means a client is done with the leases.
6582 */
6583
6584static void
6585dhcpv6_release(struct data_string *reply, struct packet *packet) {
6586 struct data_string client_id;
6587 struct data_string server_id;
6588
6589 /*
6590 * Validate our input.
6591 */
6592 if (!valid_client_resp(packet, &client_id, &server_id)) {
6593 return;
6594 }
6595
6596 /* If the RELEASE arrived via unicast and unicast option isn't set,
6597 * reject it per RFC 3315, Sec 18.2.6 */
6598 if (packet->unicast == ISC_TRUE &&
6599 is_unicast_option_defined(packet) == ISC_FALSE) {
6600 unicast_reject(reply, packet, &client_id, &server_id);
6601 } else {
6602 /*
6603 * And operate on each IA_NA in this packet.
6604 */
6605 iterate_over_ia_na(reply, packet, &client_id, &server_id,
6606 "Release", ia_na_match_release,
6607 ia_na_nomatch_release);
6608
6609 /*
6610 * And operate on each IA_PD in this packet.
6611 */
6612 iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6613 "Release", ia_pd_match_release,
6614 ia_pd_nomatch_release);
6615 }
6616
6617 data_string_forget(&server_id, MDL);
6618 data_string_forget(&client_id, MDL);
6619}
6620
6621/*
6622 * Information-Request is used by clients who have obtained an address
6623 * from other means, but want configuration information from the server.
6624 */
6625
6626static void
6627dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6628 struct data_string client_id;
6629 struct data_string server_id;
6630
6631 /*
6632 * Validate our input.
6633 */
6634 if (!valid_client_info_req(packet, &server_id)) {
6635 return;
6636 }
6637
6638 /*
6639 * Get our client ID, if there is one.
6640 */
6641 memset(&client_id, 0, sizeof(client_id));
6642 if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6643 data_string_forget(&client_id, MDL);
6644 }
6645
6646 /*
6647 * Use the lease_to_client() function. This will work fine,
6648 * because the valid_client_info_req() insures that we
6649 * don't have any IA that would cause us to allocate
6650 * resources to the client.
6651 */
6652 lease_to_client(reply, packet, &client_id,
6653 server_id.data != NULL ? &server_id : NULL);
6654
6655 /*
6656 * Cleanup.
6657 */
6658 if (client_id.data != NULL) {
6659 data_string_forget(&client_id, MDL);
6660 }
6661 data_string_forget(&server_id, MDL);
6662}
6663
6664/*
6665 * The Relay-forw message is sent by relays. It typically contains a
6666 * single option, which encapsulates an entire packet.
6667 *
6668 * We need to build an encapsulated reply.
6669 */
6670
6671/* XXX: this is very, very similar to do_packet6(), and should probably
6672 be combined in a clever way */
6673/* DHCPv6 server side */
6674static void
6675dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6676 struct option_cache *oc;
6677 struct data_string enc_opt_data;
6678 struct packet *enc_packet;
6679 unsigned char msg_type;
6680 const struct dhcpv6_packet *msg;
6681 const struct dhcpv6_relay_packet *relay;
6682 struct data_string enc_reply;
6683 char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6684 char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6685 struct data_string a_opt, packet_ero;
6686 struct option_state *opt_state;
6687 static char reply_data[65536];
6688 struct dhcpv6_relay_packet *reply;
6689 int reply_ofs;
6690
6691 /*
6692 * Initialize variables for early exit.
6693 */
6694 opt_state = NULL;
6695 memset(&a_opt, 0, sizeof(a_opt));
6696 memset(&packet_ero, 0, sizeof(packet_ero));
6697 memset(&enc_reply, 0, sizeof(enc_reply));
6698 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6699 enc_packet = NULL;
6700
6701 /*
6702 * Get our encapsulated relay message.
6703 */
6705 if (oc == NULL) {
6706 inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6707 link_addr, sizeof(link_addr));
6708 inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6709 peer_addr, sizeof(peer_addr));
6710 log_info("Relay-forward from %s with link address=%s and "
6711 "peer address=%s missing Relay Message option.",
6712 piaddr(packet->client_addr), link_addr, peer_addr);
6713 goto exit;
6714 }
6715
6716 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6717 NULL, NULL, &global_scope, oc, MDL)) {
6718 /* should be dhcpv6_relay_forw */
6719 log_error("dhcpv6_forw_relay: error evaluating "
6720 "relayed message.");
6721 goto exit;
6722 }
6723
6724 if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6725 /* should be dhcpv6_relay_forw */
6726 log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6727 goto exit;
6728 }
6729
6730 /*
6731 * Build a packet structure from this encapsulated packet.
6732 */
6733 enc_packet = NULL;
6734 if (!packet_allocate(&enc_packet, MDL)) {
6735 /* should be dhcpv6_relay_forw */
6736 log_error("dhcpv6_forw_relay: "
6737 "no memory for encapsulated packet.");
6738 goto exit;
6739 }
6740
6741 if (!option_state_allocate(&enc_packet->options, MDL)) {
6742 /* should be dhcpv6_relay_forw */
6743 log_error("dhcpv6_forw_relay: "
6744 "no memory for encapsulated packet's options.");
6745 goto exit;
6746 }
6747
6748 enc_packet->client_port = packet->client_port;
6749 enc_packet->client_addr = packet->client_addr;
6750 interface_reference(&enc_packet->interface, packet->interface, MDL);
6751 enc_packet->dhcpv6_container_packet = packet;
6752
6753 msg_type = enc_opt_data.data[0];
6754 if ((msg_type == DHCPV6_RELAY_FORW) ||
6756 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6757 relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6758 enc_packet->dhcpv6_msg_type = relay->msg_type;
6759
6760 /* relay-specific data */
6761 enc_packet->dhcpv6_hop_count = relay->hop_count;
6762 memcpy(&enc_packet->dhcpv6_link_address,
6763 relay->link_address, sizeof(relay->link_address));
6764 memcpy(&enc_packet->dhcpv6_peer_address,
6765 relay->peer_address, sizeof(relay->peer_address));
6766
6767 if (!parse_option_buffer(enc_packet->options,
6768 relay->options,
6769 enc_opt_data.len - relaylen,
6770 &dhcpv6_universe)) {
6771 /* no logging here, as parse_option_buffer() logs all
6772 cases where it fails */
6773 goto exit;
6774 }
6775 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6777#ifdef DHCP4o6
6778 if (!dhcpv4_over_dhcpv6 ||
6780 log_error("dhcpv6_relay_forw: "
6781 "unsupported %s message type.",
6783 goto exit;
6784 }
6785 forw_dhcpv4_query(packet);
6786 goto exit;
6787#else /* DHCP4o6 */
6788 log_error("dhcpv6_relay_forw: unsupported %s message type.",
6790 goto exit;
6791#endif /* DHCP4o6 */
6792 } else {
6793 int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6794 msg = (struct dhcpv6_packet *)enc_opt_data.data;
6795 enc_packet->dhcpv6_msg_type = msg->msg_type;
6796
6797 /* message-specific data */
6798 memcpy(enc_packet->dhcpv6_transaction_id,
6799 msg->transaction_id,
6800 sizeof(enc_packet->dhcpv6_transaction_id));
6801
6802 if (!parse_option_buffer(enc_packet->options,
6803 msg->options,
6804 enc_opt_data.len - msglen,
6805 &dhcpv6_universe)) {
6806 /* no logging here, as parse_option_buffer() logs all
6807 cases where it fails */
6808 goto exit;
6809 }
6810 }
6811
6812 /*
6813 * This is recursive. It is possible to exceed maximum packet size.
6814 * XXX: This will cause the packet send to fail.
6815 */
6816 build_dhcpv6_reply(&enc_reply, enc_packet);
6817
6818 /*
6819 * If we got no encapsulated data, then it is discarded, and
6820 * our reply-forw is also discarded.
6821 */
6822 if (enc_reply.data == NULL) {
6823 goto exit;
6824 }
6825
6826 /*
6827 * Now we can use the reply_data buffer.
6828 * Packet header stuff all comes from the forward message.
6829 */
6830 reply = (struct dhcpv6_relay_packet *)reply_data;
6831 reply->msg_type = DHCPV6_RELAY_REPL;
6833 memcpy(reply->link_address, &packet->dhcpv6_link_address,
6834 sizeof(reply->link_address));
6835 memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6836 sizeof(reply->peer_address));
6837 reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6838
6839 /*
6840 * Get the reply option state.
6841 */
6842 opt_state = NULL;
6843 if (!option_state_allocate(&opt_state, MDL)) {
6844 log_error("dhcpv6_relay_forw: no memory for option state.");
6845 goto exit;
6846 }
6847
6848 /*
6849 * Append the interface-id if present.
6850 */
6853 if (oc != NULL) {
6854 if (!evaluate_option_cache(&a_opt, packet,
6855 NULL, NULL,
6856 packet->options, NULL,
6857 &global_scope, oc, MDL)) {
6858 log_error("dhcpv6_relay_forw: error evaluating "
6859 "Interface ID.");
6860 goto exit;
6861 }
6862 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6863 (unsigned char *)a_opt.data,
6864 a_opt.len,
6865 D6O_INTERFACE_ID, 0)) {
6866 log_error("dhcpv6_relay_forw: error saving "
6867 "Interface ID.");
6868 goto exit;
6869 }
6870 data_string_forget(&a_opt, MDL);
6871 }
6872
6873#if defined(RELAY_PORT)
6874 /*
6875 * Append the relay_source_port option if present.
6876 */
6879 if (oc != NULL) {
6880 if (!evaluate_option_cache(&a_opt, packet,
6881 NULL, NULL,
6882 packet->options, NULL,
6883 &global_scope, oc, MDL)) {
6884 log_error("dhcpv6_relay_forw: error evaluating "
6885 "Relay Source Port.");
6886 goto exit;
6887 }
6888 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6889 (unsigned char *)a_opt.data,
6890 a_opt.len,
6892 log_error("dhcpv6_relay_forw: error saving "
6893 "Relay Source Port.");
6894 goto exit;
6895 }
6896 data_string_forget(&a_opt, MDL);
6897
6899 }
6900#endif
6901
6902 /*
6903 * Append our encapsulated stuff for caller.
6904 */
6905 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6906 (unsigned char *)enc_reply.data,
6907 enc_reply.len,
6908 D6O_RELAY_MSG, 0)) {
6909 log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6910 goto exit;
6911 }
6912
6913 /*
6914 * Get the ERO if any.
6915 */
6917 if (oc != NULL) {
6918 unsigned req;
6919 int i;
6920
6921 if (!evaluate_option_cache(&packet_ero, packet,
6922 NULL, NULL,
6923 packet->options, NULL,
6924 &global_scope, oc, MDL) ||
6925 (packet_ero.len & 1)) {
6926 log_error("dhcpv6_relay_forw: error evaluating ERO.");
6927 goto exit;
6928 }
6929
6930 /* Decode and apply the ERO. */
6931 for (i = 0; i < packet_ero.len; i += 2) {
6932 req = getUShort(packet_ero.data + i);
6933 /* Already in the reply? */
6934 oc = lookup_option(&dhcpv6_universe, opt_state, req);
6935 if (oc != NULL)
6936 continue;
6937 /* Get it from the packet if present. */
6939 packet->options,
6940 req);
6941 if (oc == NULL)
6942 continue;
6943 if (!evaluate_option_cache(&a_opt, packet,
6944 NULL, NULL,
6945 packet->options, NULL,
6946 &global_scope, oc, MDL)) {
6947 log_error("dhcpv6_relay_forw: error "
6948 "evaluating option %u.", req);
6949 goto exit;
6950 }
6952 opt_state,
6953 NULL,
6954 (unsigned char *)a_opt.data,
6955 a_opt.len,
6956 req,
6957 0)) {
6958 log_error("dhcpv6_relay_forw: error saving "
6959 "option %u.", req);
6960 goto exit;
6961 }
6962 data_string_forget(&a_opt, MDL);
6963 }
6964 }
6965
6966 reply_ofs += store_options6(reply_data + reply_ofs,
6967 sizeof(reply_data) - reply_ofs,
6968 opt_state, packet,
6969 required_opts_agent, &packet_ero);
6970
6971 /*
6972 * Return our reply to the caller.
6973 */
6974 reply_ret->len = reply_ofs;
6975 reply_ret->buffer = NULL;
6976 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6977 log_fatal("No memory to store reply.");
6978 }
6979 reply_ret->data = reply_ret->buffer->data;
6980 memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6981
6982exit:
6983 if (opt_state != NULL)
6984 option_state_dereference(&opt_state, MDL);
6985 if (a_opt.data != NULL) {
6986 data_string_forget(&a_opt, MDL);
6987 }
6988 if (packet_ero.data != NULL) {
6989 data_string_forget(&packet_ero, MDL);
6990 }
6991 if (enc_reply.data != NULL) {
6992 data_string_forget(&enc_reply, MDL);
6993 }
6994 if (enc_opt_data.data != NULL) {
6995 data_string_forget(&enc_opt_data, MDL);
6996 }
6997 if (enc_packet != NULL) {
6998 packet_dereference(&enc_packet, MDL);
6999 }
7000}
7001
7002#ifdef DHCP4o6
7003/* \brief Internal processing of a relayed DHCPv4-query
7004 * (DHCPv4 server side)
7005 *
7006 * Code copied from \ref dhcpv6_relay_forw() which itself is
7007 * from \ref do_packet6().
7008 *
7009 * \param reply_ret pointer to the response
7010 * \param packet the query
7011 */
7012static void
7013dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
7014 struct option_cache *oc;
7015 struct data_string enc_opt_data;
7016 struct packet *enc_packet;
7017 unsigned char msg_type;
7018 const struct dhcpv6_relay_packet *relay;
7019 const struct dhcpv4_over_dhcpv6_packet *msg;
7020 struct data_string enc_reply;
7021 char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7022 char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7023 struct data_string a_opt, packet_ero;
7024 struct option_state *opt_state;
7025 static char reply_data[65536];
7026 struct dhcpv6_relay_packet *reply;
7027 int reply_ofs;
7028
7029 /*
7030 * Initialize variables for early exit.
7031 */
7032 opt_state = NULL;
7033 memset(&a_opt, 0, sizeof(a_opt));
7034 memset(&packet_ero, 0, sizeof(packet_ero));
7035 memset(&enc_reply, 0, sizeof(enc_reply));
7036 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7037 enc_packet = NULL;
7038
7039 /*
7040 * Get our encapsulated relay message.
7041 */
7043 if (oc == NULL) {
7044 inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
7045 link_addr, sizeof(link_addr));
7046 inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
7047 peer_addr, sizeof(peer_addr));
7048 log_info("Relay-forward from %s with link address=%s and "
7049 "peer address=%s missing Relay Message option.",
7050 piaddr(packet->client_addr), link_addr, peer_addr);
7051 goto exit;
7052 }
7053
7054 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7055 NULL, NULL, &global_scope, oc, MDL)) {
7056 log_error("dhcp4o6_relay_forw: error evaluating "
7057 "relayed message.");
7058 goto exit;
7059 }
7060
7061 if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
7062 log_error("dhcp4o6_relay_forw: "
7063 "encapsulated packet too short.");
7064 goto exit;
7065 }
7066
7067 /*
7068 * Build a packet structure from this encapsulated packet.
7069 */
7070 if (!packet_allocate(&enc_packet, MDL)) {
7071 log_error("dhcp4o6_relay_forw: "
7072 "no memory for encapsulated packet.");
7073 goto exit;
7074 }
7075
7076 if (!option_state_allocate(&enc_packet->options, MDL)) {
7077 log_error("dhcp4o6_relay_forw: "
7078 "no memory for encapsulated packet's options.");
7079 goto exit;
7080 }
7081
7082 enc_packet->client_port = packet->client_port;
7083 enc_packet->client_addr = packet->client_addr;
7084 interface_reference(&enc_packet->interface, packet->interface, MDL);
7085 enc_packet->dhcpv6_container_packet = packet;
7086
7087 msg_type = enc_opt_data.data[0];
7088 if ((msg_type == DHCPV6_RELAY_FORW) ||
7090 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
7091 relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
7092 enc_packet->dhcpv6_msg_type = relay->msg_type;
7093
7094 /* relay-specific data */
7095 enc_packet->dhcpv6_hop_count = relay->hop_count;
7096 memcpy(&enc_packet->dhcpv6_link_address,
7097 relay->link_address, sizeof(relay->link_address));
7098 memcpy(&enc_packet->dhcpv6_peer_address,
7099 relay->peer_address, sizeof(relay->peer_address));
7100
7101 if (!parse_option_buffer(enc_packet->options,
7102 relay->options,
7103 enc_opt_data.len - relaylen,
7104 &dhcpv6_universe)) {
7105 /* no logging here, as parse_option_buffer() logs all
7106 cases where it fails */
7107 goto exit;
7108 }
7109 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7111 int msglen =
7112 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7113 msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
7114 enc_packet->dhcpv6_msg_type = msg->msg_type;
7115
7116 /* message-specific data */
7117 memcpy(enc_packet->dhcp4o6_flags,
7118 msg->flags,
7119 sizeof(enc_packet->dhcp4o6_flags));
7120
7121 if (!parse_option_buffer(enc_packet->options,
7122 msg->options,
7123 enc_opt_data.len - msglen,
7124 &dhcpv6_universe)) {
7125 /* no logging here, as parse_option_buffer() logs all
7126 cases where it fails */
7127 goto exit;
7128 }
7129 } else {
7130 log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
7131 (int)msg_type);
7132 goto exit;
7133 }
7134
7135 /*
7136 * This is recursive. It is possible to exceed maximum packet size.
7137 * XXX: This will cause the packet send to fail.
7138 */
7139 build_dhcpv6_reply(&enc_reply, enc_packet);
7140
7141 /*
7142 * If we got no encapsulated data, then it is discarded, and
7143 * our reply-forw is also discarded.
7144 */
7145 if (enc_reply.data == NULL) {
7146 goto exit;
7147 }
7148
7149 /*
7150 * Now we can use the reply_data buffer.
7151 * Packet header stuff all comes from the forward message.
7152 */
7153 reply = (struct dhcpv6_relay_packet *)reply_data;
7154 reply->msg_type = DHCPV6_RELAY_REPL;
7156 memcpy(reply->link_address, &packet->dhcpv6_link_address,
7157 sizeof(reply->link_address));
7158 memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
7159 sizeof(reply->peer_address));
7160 reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
7161
7162 /*
7163 * Get the reply option state.
7164 */
7165 if (!option_state_allocate(&opt_state, MDL)) {
7166 log_error("dhcp4o6_relay_forw: no memory for option state.");
7167 goto exit;
7168 }
7169
7170 /*
7171 * Append the interface-id if present.
7172 */
7175 if (oc != NULL) {
7176 if (!evaluate_option_cache(&a_opt, packet,
7177 NULL, NULL,
7178 packet->options, NULL,
7179 &global_scope, oc, MDL)) {
7180 log_error("dhcp4o6_relay_forw: error evaluating "
7181 "Interface ID.");
7182 goto exit;
7183 }
7184 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7185 (unsigned char *)a_opt.data,
7186 a_opt.len,
7187 D6O_INTERFACE_ID, 0)) {
7188 log_error("dhcp4o6_relay_forw: error saving "
7189 "Interface ID.");
7190 goto exit;
7191 }
7192 data_string_forget(&a_opt, MDL);
7193 }
7194
7195#if defined(RELAY_PORT)
7196 /*
7197 * Append the relay_source_port option if present.
7198 */
7201 if (oc != NULL) {
7202 if (!evaluate_option_cache(&a_opt, packet,
7203 NULL, NULL,
7204 packet->options, NULL,
7205 &global_scope, oc, MDL)) {
7206 log_error("dhcpv4o6_relay_forw: error evaluating "
7207 "Relay Source Port.");
7208 goto exit;
7209 }
7210 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7211 (unsigned char *)a_opt.data,
7212 a_opt.len,
7214 log_error("dhcpv4o6_relay_forw: error saving "
7215 "Relay Source Port.");
7216 goto exit;
7217 }
7218 data_string_forget(&a_opt, MDL);
7219
7221 }
7222#endif
7223
7224 /*
7225 * Append our encapsulated stuff for caller.
7226 */
7227 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7228 (unsigned char *)enc_reply.data,
7229 enc_reply.len,
7230 D6O_RELAY_MSG, 0)) {
7231 log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
7232 goto exit;
7233 }
7234
7235 /*
7236 * Get the ERO if any.
7237 */
7239 if (oc != NULL) {
7240 unsigned req;
7241 int i;
7242
7243 if (!evaluate_option_cache(&packet_ero, packet,
7244 NULL, NULL,
7245 packet->options, NULL,
7246 &global_scope, oc, MDL) ||
7247 (packet_ero.len & 1)) {
7248 log_error("dhcp4o6_relay_forw: error evaluating ERO.");
7249 goto exit;
7250 }
7251
7252 /* Decode and apply the ERO. */
7253 for (i = 0; i < packet_ero.len; i += 2) {
7254 req = getUShort(packet_ero.data + i);
7255 /* Already in the reply? */
7256 oc = lookup_option(&dhcpv6_universe, opt_state, req);
7257 if (oc != NULL)
7258 continue;
7259 /* Get it from the packet if present. */
7261 packet->options,
7262 req);
7263 if (oc == NULL)
7264 continue;
7265 if (!evaluate_option_cache(&a_opt, packet,
7266 NULL, NULL,
7267 packet->options, NULL,
7268 &global_scope, oc, MDL)) {
7269 log_error("dhcp4o6_relay_forw: error "
7270 "evaluating option %u.", req);
7271 goto exit;
7272 }
7274 opt_state,
7275 NULL,
7276 (unsigned char *)a_opt.data,
7277 a_opt.len,
7278 req,
7279 0)) {
7280 log_error("dhcp4o6_relay_forw: error saving "
7281 "option %u.", req);
7282 goto exit;
7283 }
7284 data_string_forget(&a_opt, MDL);
7285 }
7286 }
7287
7288 reply_ofs += store_options6(reply_data + reply_ofs,
7289 sizeof(reply_data) - reply_ofs,
7290 opt_state, packet,
7291 required_opts_agent, &packet_ero);
7292
7293 /*
7294 * Return our reply to the caller.
7295 */
7296 reply_ret->len = reply_ofs;
7297 reply_ret->buffer = NULL;
7298 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7299 log_fatal("No memory to store reply.");
7300 }
7301 reply_ret->data = reply_ret->buffer->data;
7302 memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
7303
7304exit:
7305 if (opt_state != NULL)
7306 option_state_dereference(&opt_state, MDL);
7307 if (a_opt.data != NULL) {
7308 data_string_forget(&a_opt, MDL);
7309 }
7310 if (packet_ero.data != NULL) {
7311 data_string_forget(&packet_ero, MDL);
7312 }
7313 if (enc_reply.data != NULL) {
7314 data_string_forget(&enc_reply, MDL);
7315 }
7316 if (enc_opt_data.data != NULL) {
7317 data_string_forget(&enc_opt_data, MDL);
7318 }
7319 if (enc_packet != NULL) {
7320 packet_dereference(&enc_packet, MDL);
7321 }
7322}
7323
7324/*
7325 * \brief Internal processing of a DHCPv4-query
7326 * (DHCPv4 server function)
7327 *
7328 * Code copied from \ref do_packet().
7329 *
7330 * \param reply_ret pointer to the response
7331 * \param packet the query
7332 */
7333static void
7334dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
7335 struct option_cache *oc;
7336 struct data_string enc_opt_data;
7337 struct packet *enc_packet;
7338 struct data_string enc_response;
7339 struct option_state *opt_state;
7340 static char response_data[65536];
7341 struct dhcpv4_over_dhcpv6_packet *response;
7342 int response_ofs;
7343
7344 /*
7345 * Initialize variables for early exit.
7346 */
7347 opt_state = NULL;
7348 memset(&enc_response, 0, sizeof(enc_response));
7349 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7350 enc_packet = NULL;
7351
7352 /*
7353 * Get our encapsulated relay message.
7354 */
7356 if (oc == NULL) {
7357 log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
7359 goto exit;
7360 }
7361
7362 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7363 NULL, NULL, &global_scope, oc, MDL)) {
7364 log_error("dhcp4o6_dhcpv4_query: error evaluating "
7365 "DHCPv4 message.");
7366 goto exit;
7367 }
7368
7369 if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
7370 log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
7371 goto exit;
7372 }
7373
7374 /*
7375 * Build a packet structure from this encapsulated packet.
7376 */
7377 if (!packet_allocate(&enc_packet, MDL)) {
7378 log_error("dhcp4o6_dhcpv4_query: "
7379 "no memory for encapsulated packet.");
7380 goto exit;
7381 }
7382
7383 enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7384 enc_packet->packet_length = enc_opt_data.len;
7385 enc_packet->dhcp4o6_response = &enc_response;
7386 enc_packet->client_port = packet->client_port;
7387 enc_packet->client_addr = packet->client_addr;
7388 interface_reference(&enc_packet->interface, packet->interface, MDL);
7389 enc_packet->dhcpv6_container_packet = packet;
7391 enc_packet->unicast = 1;
7392
7393 if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7394 log_info("dhcp4o6_dhcpv4_query: "
7395 "discarding packet with bogus hlen.");
7396 goto exit;
7397 }
7398
7399 /* Allocate packet->options now so it is non-null for all packets */
7400 if (!option_state_allocate (&enc_packet->options, MDL)) {
7401 log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7402 goto exit;
7403 }
7404
7405 /* If there's an option buffer, try to parse it. */
7406 if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7407 struct option_cache *op;
7408 if (!parse_options(enc_packet)) {
7409 if (enc_packet->options)
7411 (&enc_packet->options, MDL);
7412 packet_dereference (&enc_packet, MDL);
7413 goto exit;
7414 }
7415
7416 if (enc_packet->options_valid &&
7418 enc_packet->options,
7420 struct data_string dp;
7421 memset(&dp, 0, sizeof dp);
7422 evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7423 enc_packet->options, NULL,
7424 NULL, op, MDL);
7425 if (dp.len > 0)
7426 enc_packet->packet_type = dp.data[0];
7427 else
7428 enc_packet->packet_type = 0;
7429 data_string_forget(&dp, MDL);
7430 }
7431 }
7432
7433 if (validate_packet(enc_packet) != 0) {
7434 if (enc_packet->packet_type)
7435 dhcp(enc_packet);
7436 else
7437 bootp(enc_packet);
7438 }
7439
7440 /* If the caller kept the packet, they'll have upped the refcnt. */
7441 packet_dereference(&enc_packet, MDL);
7442
7443 /*
7444 * If we got no response data, then it is discarded, and
7445 * our DHCPv4-response is also discarded.
7446 */
7447 if (enc_response.data == NULL) {
7448 goto exit;
7449 }
7450
7451 /*
7452 * Now we can use the response_data buffer.
7453 */
7454 response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7455 response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7456 response->flags[0] = response->flags[1] = response->flags[2] = 0;
7457 response_ofs =
7458 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7459
7460 /*
7461 * Get the response option state.
7462 */
7463 if (!option_state_allocate(&opt_state, MDL)) {
7464 log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7465 goto exit;
7466 }
7467
7468 /*
7469 * Append our encapsulated stuff for caller.
7470 */
7471 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7472 (unsigned char *)enc_response.data,
7473 enc_response.len,
7474 D6O_DHCPV4_MSG, 0)) {
7475 log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7476 goto exit;
7477 }
7478
7479 response_ofs += store_options6(response_data + response_ofs,
7480 sizeof(response_data) - response_ofs,
7481 opt_state, packet,
7482 required_opts_4o6, NULL);
7483
7484 /*
7485 * Return our response to the caller.
7486 */
7487 reply_ret->len = response_ofs;
7488 reply_ret->buffer = NULL;
7489 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7490 log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7491 }
7492 reply_ret->data = reply_ret->buffer->data;
7493 memcpy(reply_ret->buffer->data, response_data, response_ofs);
7494
7495exit:
7496 if (opt_state != NULL)
7497 option_state_dereference(&opt_state, MDL);
7498 if (enc_response.data != NULL) {
7499 data_string_forget(&enc_response, MDL);
7500 }
7501 if (enc_opt_data.data != NULL) {
7502 data_string_forget(&enc_opt_data, MDL);
7503 }
7504 if (enc_packet != NULL) {
7505 packet_dereference(&enc_packet, MDL);
7506 }
7507}
7508
7509/*
7510 * \brief Forward a DHCPv4-query message to the DHCPv4 side
7511 * (DHCPv6 server function)
7512 *
7513 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7514 *
7515 * \brief packet the DHCPv6 DHCPv4-query message
7516 */
7517static void forw_dhcpv4_query(struct packet *packet) {
7518 struct data_string ds;
7519 struct udp_data4o6 udp_data;
7520 unsigned len;
7521 int cc;
7522
7523 /* Get the initial message. */
7524 while (packet->dhcpv6_container_packet != NULL)
7526
7527 /* Check the initial message. */
7528 if ((packet->raw == NULL) ||
7529 (packet->client_addr.len != 16) ||
7530 (packet->interface == NULL)) {
7531 log_error("forw_dhcpv4_query: can't find initial message.");
7532 return;
7533 }
7534
7535 /* Get a buffer. */
7536 len = packet->packet_length + 36;
7537 memset(&ds, 0, sizeof(ds));
7538 if (!buffer_allocate(&ds.buffer, len, MDL)) {
7539 log_error("forw_dhcpv4_query: "
7540 "no memory for encapsulating packet.");
7541 return;
7542 }
7543 ds.data = ds.buffer->data;
7544 ds.len = len;
7545
7546 /* Fill the buffer. */
7547 strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7548 memcpy(ds.buffer->data + 16,
7549 packet->client_addr.iabuf, 16);
7550 memset(&udp_data, 0, sizeof(udp_data));
7551 udp_data.src_port = packet->client_port;
7552 memcpy(ds.buffer->data + 32, &udp_data, 4);
7553 memcpy(ds.buffer->data + 36,
7554 (unsigned char *)packet->raw,
7556
7557 /* Forward to the DHCPv4 server. */
7558 cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7559 if (cc < 0)
7560 log_error("forw_dhcpv4_query: send(): %m");
7561 data_string_forget(&ds, MDL);
7562}
7563#endif
7564
7565static void
7566dhcpv6_discard(struct packet *packet) {
7567 /* INSIST(packet->msg_type > 0); */
7568 /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7569
7570 log_debug("Discarding %s from %s; message type not handled by server",
7573}
7574
7575static void
7576build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7577 memset(reply, 0, sizeof(*reply));
7578
7579 /* I would like to classify the client once here, but
7580 * as I don't want to classify all of the incoming packets
7581 * I need to do it before handling specific types.
7582 * We don't need to classify if we are tossing the packet
7583 * or if it is a relay - the classification step will get
7584 * done when we process the inner client packet.
7585 */
7586
7587 switch (packet->dhcpv6_msg_type) {
7588 case DHCPV6_SOLICIT:
7590 dhcpv6_solicit(reply, packet);
7591 break;
7592 case DHCPV6_ADVERTISE:
7593 dhcpv6_discard(packet);
7594 break;
7595 case DHCPV6_REQUEST:
7597 dhcpv6_request(reply, packet);
7598 break;
7599 case DHCPV6_CONFIRM:
7601 dhcpv6_confirm(reply, packet);
7602 break;
7603 case DHCPV6_RENEW:
7605 dhcpv6_renew(reply, packet);
7606 break;
7607 case DHCPV6_REBIND:
7609 dhcpv6_rebind(reply, packet);
7610 break;
7611 case DHCPV6_REPLY:
7612 dhcpv6_discard(packet);
7613 break;
7614 case DHCPV6_RELEASE:
7616 dhcpv6_release(reply, packet);
7617 break;
7618 case DHCPV6_DECLINE:
7620 dhcpv6_decline(reply, packet);
7621 break;
7622 case DHCPV6_RECONFIGURE:
7623 dhcpv6_discard(packet);
7624 break;
7627 dhcpv6_information_request(reply, packet);
7628 break;
7629 case DHCPV6_RELAY_FORW:
7630#ifdef DHCP4o6
7631 if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7632 dhcp4o6_relay_forw(reply, packet);
7633 else
7634#endif /* DHCP4o6 */
7635 dhcpv6_relay_forw(reply, packet);
7636 break;
7637 case DHCPV6_RELAY_REPL:
7638 dhcpv6_discard(packet);
7639 break;
7640 case DHCPV6_LEASEQUERY:
7642 dhcpv6_leasequery(reply, packet);
7643 break;
7645 dhcpv6_discard(packet);
7646 break;
7648#ifdef DHCP4o6
7649 if (dhcpv4_over_dhcpv6) {
7650 if (local_family == AF_INET6) {
7651 forw_dhcpv4_query(packet);
7652 } else {
7653 dhcp4o6_dhcpv4_query(reply, packet);
7654 }
7655 } else
7656#endif /* DHCP4o6 */
7657 dhcpv6_discard(packet);
7658 break;
7660 dhcpv6_discard(packet);
7661 break;
7662 default:
7663 /* XXX: would be nice if we had "notice" level,
7664 as syslog, for this */
7665 log_info("Discarding unknown DHCPv6 message type %d "
7666 "from %s", packet->dhcpv6_msg_type,
7668 }
7669}
7670
7671static void
7672log_packet_in(const struct packet *packet) {
7673 struct data_string s;
7674 u_int32_t tid;
7675 char tmp_addr[INET6_ADDRSTRLEN];
7676 const void *addr;
7677
7678 memset(&s, 0, sizeof(s));
7679
7681 data_string_sprintfa(&s, "%s message from %s port %d",
7684 ntohs(packet->client_port));
7685 } else {
7687 "Unknown message type %d from %s port %d",
7690 ntohs(packet->client_port));
7691 }
7694 addr = &packet->dhcpv6_link_address;
7695 data_string_sprintfa(&s, ", link address %s",
7696 inet_ntop(AF_INET6, addr,
7697 tmp_addr, sizeof(tmp_addr)));
7698 addr = &packet->dhcpv6_peer_address;
7699 data_string_sprintfa(&s, ", peer address %s",
7700 inet_ntop(AF_INET6, addr,
7701 tmp_addr, sizeof(tmp_addr)));
7702 } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7704 tid = 0;
7705 memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7706 data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7707
7708/*
7709 oc = lookup_option(&dhcpv6_universe, packet->options,
7710 D6O_CLIENTID);
7711 if (oc != NULL) {
7712 memset(&tmp_ds, 0, sizeof(tmp_ds_));
7713 if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7714 packet->options, NULL,
7715 &global_scope, oc, MDL)) {
7716 log_error("Error evaluating Client Identifier");
7717 } else {
7718 data_strint_sprintf(&s, ", client ID %s",
7719
7720 data_string_forget(&tmp_ds, MDL);
7721 }
7722 }
7723*/
7724
7725 }
7726 log_info("%s", s.data);
7727
7729}
7730
7731void
7732dhcpv6(struct packet *packet) {
7733 struct data_string reply;
7734 struct sockaddr_in6 to_addr;
7735 int send_ret;
7736
7737 /*
7738 * Log a message that we received this packet.
7739 */
7740 log_packet_in(packet);
7741
7742 /*
7743 * Build our reply packet.
7744 */
7745 build_dhcpv6_reply(&reply, packet);
7746
7747 if (reply.data != NULL) {
7748 /*
7749 * Send our reply, if we have one.
7750 */
7751 memset(&to_addr, 0, sizeof(to_addr));
7752 to_addr.sin6_family = AF_INET6;
7755 to_addr.sin6_port = local_port;
7756 } else {
7757 to_addr.sin6_port = remote_port;
7758 }
7759
7760#if defined (REPLY_TO_SOURCE_PORT)
7761 /*
7762 * This appears to have been included for testing so we would
7763 * not need a root client, but was accidently left in the
7764 * final code. We continue to include it in case
7765 * some users have come to rely upon it, but leave
7766 * it off by default as it's a bad idea.
7767 */
7768 to_addr.sin6_port = packet->client_port;
7769#endif
7770
7771#if defined(RELAY_PORT)
7772 /*
7773 * Check relay source port.
7774 */
7776 to_addr.sin6_port = packet->client_port;
7777 }
7778#endif
7779
7780 memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7781 sizeof(to_addr.sin6_addr));
7782
7783 log_info("Sending %s to %s port %d",
7784 dhcpv6_type_names[reply.data[0]],
7786 ntohs(to_addr.sin6_port));
7787
7788 send_ret = send_packet6(packet->interface,
7789 reply.data, reply.len, &to_addr);
7790 if (send_ret != reply.len) {
7791 log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7792 send_ret, reply.len);
7793 }
7794 data_string_forget(&reply, MDL);
7795 }
7796}
7797
7798#ifdef DHCP4o6
7799/*
7800 * \brief Receive a DHCPv4-query message from the DHCPv6 side
7801 * (DHCPv4 server function)
7802 *
7803 * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7804 * (code copied from \ref do_packet6() \ref and dhcpv6())
7805 *
7806 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7807 *
7808 * \param raw the DHCPv6 DHCPv4-query message raw content
7809 */
7810static void recv_dhcpv4_query(struct data_string *raw) {
7811 struct interface_info *ip;
7812 char name[16 + 1];
7813 struct iaddr iaddr;
7814 struct packet *packet;
7815 unsigned char msg_type;
7816 const struct dhcpv6_relay_packet *relay;
7817 const struct dhcpv4_over_dhcpv6_packet *msg;
7818 struct data_string reply;
7819 struct data_string ds;
7820 struct udp_data4o6 udp_data;
7821 unsigned len;
7822 int cc;
7823
7824 memset(name, 0, sizeof(name));
7825 memcpy(name, raw->data, 16);
7826 for (ip = interfaces; ip != NULL; ip = ip->next) {
7827 if (!strcmp(name, ip->name))
7828 break;
7829 }
7830 if (ip == NULL) {
7831 log_error("recv_dhcpv4_query: can't find interface %s.",
7832 name);
7833 return;
7834 }
7835
7836 iaddr.len = 16;
7837 memcpy(iaddr.iabuf, raw->data + 16, 16);
7838
7839 memset(&udp_data, 0, sizeof(udp_data));
7840 memcpy(&udp_data, raw->data + 32, 4);
7841
7842 /*
7843 * From do_packet6().
7844 */
7845
7846 if (!packet6_len_okay((char *)raw->data + 36, raw->len - 36)) {
7847 log_error("recv_dhcpv4_query: "
7848 "short packet from %s, len %d, dropped",
7849 piaddr(iaddr), raw->len - 36);
7850 return;
7851 }
7852
7853 /*
7854 * Build a packet structure.
7855 */
7856 packet = NULL;
7857 if (!packet_allocate(&packet, MDL)) {
7858 log_error("recv_dhcpv4_query: no memory for packet.");
7859 return;
7860 }
7861
7863 log_error("recv_dhcpv4_query: no memory for options.");
7865 return;
7866 }
7867
7868 packet->raw = (struct dhcp_packet *)(raw->data + 36);
7869 packet->packet_length = raw->len - 36;
7870 packet->client_port = udp_data.src_port;
7872 interface_reference(&packet->interface, ip, MDL);
7873
7874 msg_type = raw->data[36];
7875 if ((msg_type == DHCPV6_RELAY_FORW) ||
7876 (msg_type == DHCPV6_RELAY_REPL)) {
7877 int relaylen =
7878 (int)(offsetof(struct dhcpv6_relay_packet, options));
7879 relay = (const struct dhcpv6_relay_packet *)(raw->data + 36);
7881
7882 /* relay-specific data */
7884 memcpy(&packet->dhcpv6_link_address,
7885 relay->link_address, sizeof(relay->link_address));
7886 memcpy(&packet->dhcpv6_peer_address,
7887 relay->peer_address, sizeof(relay->peer_address));
7888
7890 relay->options,
7891 raw->len - 36 - relaylen,
7892 &dhcpv6_universe)) {
7893 /* no logging here, as parse_option_buffer() logs all
7894 cases where it fails */
7896 return;
7897 }
7898 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7900 int msglen =
7901 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7902 msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 36);
7904
7905 /* message-specific data */
7906 memcpy(packet->dhcp4o6_flags, msg->flags,
7907 sizeof(packet->dhcp4o6_flags));
7908
7910 msg->options,
7911 raw->len - 36 - msglen,
7912 &dhcpv6_universe)) {
7913 /* no logging here, as parse_option_buffer() logs all
7914 cases where it fails */
7916 return;
7917 }
7918 } else {
7919 log_error("recv_dhcpv4_query: unexpected message of type %d.",
7920 (int)msg_type);
7922 return;
7923 }
7924
7925 /*
7926 * From dhcpv6().
7927 */
7928
7929 /*
7930 * Log a message that we received this packet.
7931 */
7932 /* log_packet_in(packet); */
7933 memset(&ds, 0, sizeof(ds));
7935 data_string_sprintfa(&ds, "%s message from %s",
7938 } else {
7940 "Unknown message type %d from %s",
7943 }
7946 char tmp_addr[INET6_ADDRSTRLEN];
7947 const void *addr;
7948
7949 addr = &packet->dhcpv6_link_address;
7950 data_string_sprintfa(&ds, ", link address %s",
7951 inet_ntop(AF_INET6, addr,
7952 tmp_addr, sizeof(tmp_addr)));
7953 addr = &packet->dhcpv6_peer_address;
7954 data_string_sprintfa(&ds, ", peer address %s",
7955 inet_ntop(AF_INET6, addr,
7956 tmp_addr, sizeof(tmp_addr)));
7957 } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7959 u_int32_t tid = 0;
7960
7961 memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7962 data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7963 }
7964 log_info("%s", ds.data);
7965 data_string_forget(&ds, MDL);
7966
7967 /*
7968 * Build our reply packet.
7969 */
7970 build_dhcpv6_reply(&reply, packet);
7971
7972 if (reply.data == NULL) {
7974 return;
7975 }
7976
7977 /*
7978 * Forward the response.
7979 */
7980 len = reply.len + 36;
7981 memset(&ds, 0, sizeof(ds));
7982 if (!buffer_allocate(&ds.buffer, len, MDL)) {
7983 log_error("recv_dhcpv4_query: no memory.");
7985 return;
7986 }
7987 ds.data = ds.buffer->data;
7988 ds.len = len;
7989
7990 memcpy(ds.buffer->data, name, 16);
7991 memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7992 udp_data.rsp_opt_exist = packet->relay_source_port ? 1 : 0;
7993 memcpy(ds.buffer->data + 32, &udp_data, 4);
7994 memcpy(ds.buffer->data + 36, reply.data, reply.len);
7995
7996 /*
7997 * Now we can release the packet.
7998 */
8000
8001 cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
8002 if (cc < 0)
8003 log_error("recv_dhcpv4_query: send(): %m");
8004 data_string_forget(&ds, MDL);
8005}
8006#endif /* DHCP4o6 */
8007
8008static void
8009seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
8010 struct host_decl *nofixed = NULL;
8011 struct host_decl *seek, *hold = NULL;
8012
8013 /*
8014 * Seek forward through fixed addresses for the right link.
8015 *
8016 * Note: how to do this for fixed prefixes???
8017 */
8018 host_reference(&hold, *hp, MDL);
8019 host_dereference(hp, MDL);
8020 seek = hold;
8021 while (seek != NULL) {
8022 if (seek->fixed_addr == NULL)
8023 nofixed = seek;
8024 else if (fixed_matches_shared(seek, shared))
8025 break;
8026
8027 seek = seek->n_ipaddr;
8028 }
8029
8030 if ((seek == NULL) && (nofixed != NULL))
8031 seek = nofixed;
8032
8033 if (seek != NULL)
8034 host_reference(hp, seek, MDL);
8035}
8036
8037static isc_boolean_t
8038fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
8039 struct subnet *subnet;
8040 struct data_string addr;
8041 isc_boolean_t matched;
8042 struct iaddr fixed;
8043
8044 if (host->fixed_addr == NULL)
8045 return ISC_FALSE;
8046
8047 memset(&addr, 0, sizeof(addr));
8048 if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
8049 &global_scope, host->fixed_addr, MDL))
8050 return ISC_FALSE;
8051
8052 if (addr.len < 16) {
8053 data_string_forget(&addr, MDL);
8054 return ISC_FALSE;
8055 }
8056
8057 fixed.len = 16;
8058 memcpy(fixed.iabuf, addr.data, 16);
8059
8060 matched = ISC_FALSE;
8061 for (subnet = shared->subnets ; subnet != NULL ;
8063 if (addr_eq(subnet_number(fixed, subnet->netmask),
8064 subnet->net)) {
8065 matched = ISC_TRUE;
8066 break;
8067 }
8068 }
8069
8070 data_string_forget(&addr, MDL);
8071 return matched;
8072}
8073
8090void
8091unicast_reject(struct data_string *reply_ret,
8092 struct packet *packet,
8093 const struct data_string *client_id,
8094 const struct data_string *server_id)
8095{
8096 struct reply_state reply;
8097 memset(&reply, 0x0, sizeof(struct reply_state));
8098
8099 /* Locate the client. */
8100 if (shared_network_from_packet6(&reply.shared, packet)
8101 != ISC_R_SUCCESS) {
8102 log_error("unicast_reject: could not locate client.");
8103 return;
8104 }
8105
8106 /* Initialize the reply. */
8107 packet_reference(&reply.packet, packet, MDL);
8108 data_string_copy(&reply.client_id, client_id, MDL);
8109
8110 if (start_reply(packet, client_id, server_id, &reply.opt_state,
8111 &reply.buf.reply)) {
8112 /* Set the UseMulticast status code. */
8113 if (!set_status_code(STATUS_UseMulticast,
8114 "Unicast not allowed by server.",
8115 reply.opt_state)) {
8116 log_error("unicast_reject: Unable to set status code.");
8117 } else {
8118 /* Set write cursor to just past the reply header. */
8119 reply.cursor = REPLY_OPTIONS_INDEX;
8120 reply.cursor += store_options6(((char *)reply.buf.data
8121 + reply.cursor),
8122 (sizeof(reply.buf)
8123 - reply.cursor),
8124 reply.opt_state,
8125 reply.packet,
8126 unicast_reject_opts,
8127 NULL);
8128
8129 /* Return our reply to the caller. */
8130 reply_ret->len = reply.cursor;
8131 reply_ret->buffer = NULL;
8132 if (!buffer_allocate(&reply_ret->buffer,
8133 reply.cursor, MDL)) {
8134 log_fatal("unicast_reject:"
8135 "No memory to store Reply.");
8136 }
8137
8138 memcpy(reply_ret->buffer->data, reply.buf.data,
8139 reply.cursor);
8140 reply_ret->data = reply_ret->buffer->data;
8141 }
8142
8143 }
8144
8145 /* Cleanup. */
8146 if (reply.shared != NULL)
8147 shared_network_dereference(&reply.shared, MDL);
8148 if (reply.opt_state != NULL)
8149 option_state_dereference(&reply.opt_state, MDL);
8150 if (reply.packet != NULL)
8151 packet_dereference(&reply.packet, MDL);
8152 if (reply.client_id.data != NULL)
8153 data_string_forget(&reply.client_id, MDL);
8154}
8155
8175is_unicast_option_defined(struct packet *packet) {
8176 isc_boolean_t is_defined = ISC_FALSE;
8177 struct option_state *opt_state = NULL;
8178 struct option_cache *oc = NULL;
8179 struct shared_network *shared = NULL;
8180
8181 if (!option_state_allocate(&opt_state, MDL)) {
8182 log_fatal("is_unicast_option_defined:"
8183 "No memory for option state.");
8184 }
8185
8186 /* We try to map the packet to a network first by an IA_XX value.
8187 * If that fails, we try by packet source. */
8188 if (((shared_network_from_requested_addr(&shared, packet)
8189 != ISC_R_SUCCESS) &&
8190 (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
8191 || (shared == NULL)) {
8192 /* @todo what would this really mean? I think wrong network
8193 * logic will catch it */
8194 log_error("is_unicast_option_defined:"
8195 "cannot attribute packet to a network.");
8196 return (ISC_FALSE);
8197 }
8198
8199 /* Now that we've mapped it to a network, execute statments to that
8200 * scope, looking for the unicast option. We don't care about the
8201 * value of the option, only whether or not it is defined. */
8202 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
8203 &global_scope, shared->group, NULL, NULL);
8204
8205 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
8206 is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
8207 log_debug("is_unicast_option_defined: option found : %d", is_defined);
8208
8209 if (shared != NULL) {
8210 shared_network_dereference(&shared, MDL);
8211 }
8212
8213 if (opt_state != NULL) {
8214 option_state_dereference(&opt_state, MDL);
8215 }
8216
8217 return (is_defined);
8218}
8219
8235static isc_result_t
8236shared_network_from_requested_addr (struct shared_network **shared,
8237 struct packet* packet) {
8238 struct iaddr iaddr;
8239 struct subnet* subnet = NULL;
8240 isc_result_t status = ISC_R_FAILURE;
8241
8242 /* Try to match first IA_ address or prefix we find to a subnet. In
8243 * theory all IA_ values in a given request are supposed to be in the
8244 * same subnet so we only need to try one right? */
8245 if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
8246 && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
8247 != ISC_R_SUCCESS)
8248 && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
8249 != ISC_R_SUCCESS)) {
8250 /* we found nothing to match against */
8251 log_debug("share_network_from_request_addr: nothing to match");
8252 return (ISC_R_FAILURE);
8253 }
8254
8255 if (!find_subnet(&subnet, iaddr, MDL)) {
8256 log_debug("shared_network_from_requested_addr:"
8257 "No subnet found for addr %s.", piaddr(iaddr));
8258 } else {
8259 status = shared_network_reference(shared,
8261 subnet_dereference(&subnet, MDL);
8262 log_debug("shared_network_from_requested_addr:"
8263 " found shared network %s for address %s.",
8264 ((*shared)->name ? (*shared)->name : "unnamed"),
8265 piaddr(iaddr));
8266 return (status);
8267 }
8268
8269 return (ISC_R_FAILURE);
8270}
8271
8290static isc_result_t
8291get_first_ia_addr_val (struct packet* packet, int addr_type,
8292 struct iaddr* iaddr) {
8293 struct option_cache *ia;
8294 struct option_cache *oc = NULL;
8295 struct data_string cli_enc_opt_data;
8296 struct option_state *cli_enc_opt_state;
8297 int addr_opt_offset;
8298 int addr_opt;
8299 int addr_opt_data_len;
8300 int ip_addr_offset;
8301
8302 isc_result_t status = ISC_R_FAILURE;
8303 memset(iaddr, 0, sizeof(struct iaddr));
8304
8305 /* Set up address type specifics */
8306 switch (addr_type) {
8307 case D6O_IA_NA:
8308 addr_opt_offset = IA_NA_OFFSET;
8309 addr_opt = D6O_IAADDR;
8310 addr_opt_data_len = 24;
8311 ip_addr_offset = 0;
8312 break;
8313 case D6O_IA_TA:
8314 addr_opt_offset = IA_TA_OFFSET;
8315 addr_opt = D6O_IAADDR;
8316 addr_opt_data_len = 24;
8317 ip_addr_offset = 0;
8318 break;
8319 case D6O_IA_PD:
8320 addr_opt_offset = IA_PD_OFFSET;
8321 addr_opt = D6O_IAPREFIX;
8322 addr_opt_data_len = 25;
8323 ip_addr_offset = 9;
8324 break;
8325 default:
8326 /* shouldn't be here */
8327 log_error ("get_first_ia_addr_val: invalid opt type %d",
8328 addr_type);
8329 return (ISC_R_FAILURE);
8330 }
8331
8332 /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
8333 for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
8334 ia != NULL && oc == NULL; ia = ia->next) {
8335 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
8336 &cli_enc_opt_data,
8337 packet, ia, addr_opt_offset)) {
8338 log_debug ("get_first_ia_addr_val:"
8339 " couldn't unroll enclosing option");
8340 return (ISC_R_FAILURE);
8341 }
8342
8343 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
8344 addr_opt);
8345 if (oc == NULL) {
8346 /* no address given for this IA, ignore */
8347 option_state_dereference(&cli_enc_opt_state, MDL);
8348 data_string_forget(&cli_enc_opt_data, MDL);
8349 }
8350 }
8351
8352 /* If we found a non-blank IA_XX then extract its ip address. */
8353 if (oc != NULL) {
8354 struct data_string iaddr_str;
8355
8356 memset(&iaddr_str, 0, sizeof(iaddr_str));
8357 if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
8358 packet->options, NULL, &global_scope,
8359 oc, MDL)) {
8360 log_error("get_first_ia_addr_val: "
8361 "error evaluating IA_XX option.");
8362 } else {
8363 if (iaddr_str.len != addr_opt_data_len) {
8364 log_error("shared_network_from_requested_addr:"
8365 " invalid length %d, expected %d",
8366 iaddr_str.len, addr_opt_data_len);
8367 } else {
8368 iaddr->len = 16;
8369 memcpy (iaddr->iabuf,
8370 iaddr_str.data + ip_addr_offset, 16);
8371 status = ISC_R_SUCCESS;
8372 }
8373 data_string_forget(&iaddr_str, MDL);
8374 }
8375
8376 option_state_dereference(&cli_enc_opt_state, MDL);
8377 data_string_forget(&cli_enc_opt_data, MDL);
8378 }
8379
8380 return (status);
8381}
8382
8383/*
8384* \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
8385*
8386* T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
8387* options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
8388* where these can be configured by an administrator. A value of zero tells the
8389* client it may choose its own value.
8390*
8391* When those options are not defined, the values will be set to zero unless
8392* the global option, dhcpv6-set-tee-times is enabled. When this option is
8393* enabled the values are calculated as recommended by RFC 3315, Section 22.4:
8394*
8395* T1 will be set to 0.5 times the shortest preferred lifetime
8396* in the IA_XX option. If the "shortest" preferred lifetime is
8397* 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
8398*
8399* T2 will be set to 0.8 times the shortest preferred lifetime
8400* in the IA_XX option. If the "shortest" preferred lifetime is
8401* 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
8402*
8403* Note that dhcpv6-set-tee-times is intended to be transitional and will
8404* likely be removed in 4.4.0, leaving the behavior as getting the values
8405* either from the configured parameters (if you want zeros, define them as
8406* zeros) or by calculating them per the RFC.
8407*
8408* \param reply - pointer to the reply_state structure
8409* \param ia_cursor - offset of the beginning of the IA_XX option within the
8410* reply's outbound data buffer
8411*/
8412static void
8413set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8414{
8415 struct option_cache *oc;
8416 int set_tee_times;
8417
8418 /* Found out if calculated values are enabled. */
8419 oc = lookup_option(&server_universe, reply->opt_state,
8421 set_tee_times = (oc &&
8422 evaluate_boolean_option_cache(NULL, reply->packet,
8423 NULL, NULL,
8424 reply->packet->options,
8425 reply->opt_state,
8426 &global_scope, oc, MDL));
8427
8428 oc = lookup_option(&dhcp_universe, reply->opt_state,
8430 if (oc != NULL) {
8431 /* dhcp-renewal-time is defined, use it */
8432 struct data_string data;
8433 memset(&data, 0x00, sizeof(data));
8434
8435 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8436 reply->packet->options,
8437 reply->opt_state, &global_scope,
8438 oc, MDL) ||
8439 (data.len != 4)) {
8440 log_error("Invalid renewal time.");
8441 reply->renew = 0;
8442 } else {
8443 reply->renew = getULong(data.data);
8444 }
8445
8446 if (data.data != NULL)
8448 } else if (set_tee_times) {
8449 /* Setting them is enabled so T1 is either infinite or
8450 * 0.5 * the shortest preferred lifetime in the IA_XX */
8451 if (reply->min_prefer == INFINITE_TIME)
8452 reply->renew = INFINITE_TIME;
8453 else
8454 reply->renew = reply->min_prefer / 2;
8455 } else {
8456 /* Default is to let the client choose */
8457 reply->renew = 0;
8458 }
8459
8460 putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8461
8462 /* Now T2. */
8463 oc = lookup_option(&dhcp_universe, reply->opt_state,
8465 if (oc != NULL) {
8466 /* dhcp-rebinding-time is defined, use it */
8467 struct data_string data;
8468 memset(&data, 0x00, sizeof(data));
8469
8470 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8471 reply->packet->options,
8472 reply->opt_state, &global_scope,
8473 oc, MDL) ||
8474 (data.len != 4)) {
8475 log_error("Invalid rebinding time.");
8476 reply->rebind = 0;
8477 } else {
8478 reply->rebind = getULong(data.data);
8479 }
8480
8481 if (data.data != NULL)
8483 } else if (set_tee_times) {
8484 /* Setting them is enabled so T2 is either infinite or
8485 * 0.8 * the shortest preferred lifetime in the reply */
8486 if (reply->min_prefer == INFINITE_TIME)
8487 reply->rebind = INFINITE_TIME;
8488 else
8489 reply->rebind = (reply->min_prefer / 5) * 4;
8490 } else {
8491 /* Default is to let the client choose */
8492 reply->rebind = 0;
8493 }
8494
8495 putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8496}
8497
8498/*
8499 * Releases the iasubopts in the pre-existing IA, if they are not in
8500 * the same shared-network as the new IA.
8501 *
8502 * returns 1 if the release was done, 0 otherwise
8503 */
8504int
8505release_on_roam(struct reply_state* reply) {
8506 struct ia_xx* old_ia = reply->old_ia;
8507 struct iasubopt *lease = NULL;
8508 int i;
8509
8510 if ((!do_release_on_roam) || old_ia == NULL
8511 || old_ia->num_iasubopt <= 0) {
8512 return(0);
8513 }
8514
8515 /* If the old shared-network and new are the same, client hasn't
8516 * roamed, nothing to do. We only check the first one because you
8517 * cannot have iasubopts on different shared-networks within a
8518 * single ia. */
8519 lease = old_ia->iasubopt[0];
8520 if (lease->ipv6_pool->shared_network == reply->shared) {
8521 return (0);
8522 }
8523
8524 /* Old and new are on different shared networks so the client must
8525 * roamed. Release the old leases. */
8526 for (i = 0; i < old_ia->num_iasubopt; i++) {
8527 lease = old_ia->iasubopt[i];
8528
8529 log_info("Client: %s roamed to new network,"
8530 " releasing lease: %s%s",
8531 print_hex_1(reply->client_id.len,
8532 reply->client_id.data, 60),
8533 pin6_addr(&lease->addr), iasubopt_plen_str(lease));
8534
8535 release_lease6(lease->ipv6_pool, lease);
8536 lease->ia->cltt = cur_time;
8537 write_ia(lease->ia);
8538 }
8539
8540 return (1);
8541}
8542
8543/*
8544 * Convenience function which returns a string (static buffer)
8545 * containing either a "/" followed by the prefix length or an
8546 * empty string depending on the lease type
8547 */
8548const char *iasubopt_plen_str(struct iasubopt *lease) {
8549 static char prefix_buf[16];
8550 *prefix_buf = 0;
8551 if ((lease->ia) && (lease->ia->ia_type == D6O_IA_PD)) {
8552 sprintf(prefix_buf, "/%-d", lease->plen);
8553 }
8554
8555 return (prefix_buf);
8556}
8557
8558#ifdef NSUPDATE
8559/*
8560 * Initiates DDNS updates for static v6 leases if configured to do so.
8561 *
8562 * The function, which must be called after the IA has been written to the
8563 * packet, adds an iasubopt to the IA for static lease. This is done so we
8564 * have an iasubopt to pass into ddns_updates(). A reference to the IA is
8565 * added to the DDNS control block to ensure it and it's iasubopt remain in
8566 * scope until the update is complete.
8567 *
8568 */
8569void ddns_update_static6(struct reply_state* reply) {
8570 struct iasubopt *iasub = NULL;
8571 struct binding_scope *scope = NULL;
8572 struct option_cache *oc = NULL;
8573
8574 oc = lookup_option(&server_universe, reply->opt_state, SV_DDNS_UPDATES);
8575 if ((oc != NULL) &&
8576 (evaluate_boolean_option_cache(NULL, reply->packet, NULL, NULL,
8577 reply->packet->options,
8578 reply->opt_state, NULL,
8579 oc, MDL) == 0)) {
8580 return;
8581 }
8582
8583 oc = lookup_option(&server_universe, reply->opt_state,
8585 if ((oc == NULL) ||
8586 (evaluate_boolean_option_cache(NULL, reply->packet,
8587 NULL, NULL,
8588 reply->packet->options,
8589 reply->opt_state, NULL,
8590 oc, MDL) == 0)) {
8591 return;
8592 }
8593
8594 if (iasubopt_allocate(&iasub, MDL) != ISC_R_SUCCESS) {
8595 log_fatal("No memory for iasubopt.");
8596 }
8597
8598 if (ia_add_iasubopt(reply->ia, iasub, MDL) != ISC_R_SUCCESS) {
8599 log_fatal("Could not add iasubopt.");
8600 }
8601
8602 ia_reference(&iasub->ia, reply->ia, MDL);
8603
8604 memcpy(iasub->addr.s6_addr, reply->fixed.data, 16);
8605 iasub->plen = 0;
8606 iasub->prefer = MAX_TIME;
8607 iasub->valid = MAX_TIME;
8608 iasub->static_lease = 1;
8609
8610 if (!binding_scope_allocate(&scope, MDL)) {
8611 log_fatal("Out of memory for binding scope.");
8612 }
8613
8614 binding_scope_reference(&iasub->scope, scope, MDL);
8615
8616 ddns_updates(reply->packet, NULL, NULL, iasub, NULL, reply->opt_state);
8617}
8618#endif /* NSUPDATE */
8619
8620#endif /* DHCPv6 */
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition alloc.c:679
void data_string_forget(struct data_string *data, const char *file, int line)
Definition alloc.c:1339
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition alloc.c:846
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition alloc.c:911
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition alloc.c:1053
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition alloc.c:1081
int binding_scope_reference(struct binding_scope **ptr, struct binding_scope *bp, const char *file, int line)
Definition alloc.c:1227
int binding_scope_allocate(struct binding_scope **ptr, const char *file, int line)
Definition alloc.c:1194
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition alloc.c:1323
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition alloc.c:1015
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition options.c:2906
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition options.c:2569
int parse_options(struct packet *packet)
Definition options.c:49
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition options.c:2545
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition options.c:2503
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition options.c:2358
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition options.c:1048
int packet6_len_okay(const char *packet, int len)
Definition options.c:4135
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition options.c:119
int validate_packet(struct packet *packet)
Definition options.c:4538
u_int32_t getUShort(const unsigned char *)
void putUShort(unsigned char *, u_int32_t)
Definition convert.c:86
u_int32_t getULong(const unsigned char *)
u_int32_t getUChar(const unsigned char *)
void putULong(unsigned char *, u_int32_t)
Definition convert.c:70
isc_boolean_t
Definition data.h:150
#define ISC_TRUE
Definition data.h:153
#define ISC_FALSE
Definition data.h:152
void bootp(struct packet *packet)
Definition dhclient.c:2256
void dhcp(struct packet *packet)
Definition dhclient.c:2289
u_int16_t remote_port
Definition discover.c:49
u_int16_t local_port
Definition discover.c:48
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition dhclient.c:1567
#define DHCPV6_DECLINE
Definition dhcp6.h:148
#define D6O_RELAY_MSG
Definition dhcp6.h:38
#define IASUBOPT_NA_PREF_OFFSET
Definition dhcp6.h:287
#define D6O_CLIENTID
Definition dhcp6.h:30
#define D6O_IAPREFIX
Definition dhcp6.h:55
#define D6O_STATUS_CODE
Definition dhcp6.h:42
#define DHCPV6_RELAY_REPL
Definition dhcp6.h:152
#define D6O_IAADDR
Definition dhcp6.h:34
#define DHCPV6_RENEW
Definition dhcp6.h:144
#define D6O_RELAY_SOURCE_PORT
Definition dhcp6.h:119
#define IASUBOPT_PD_PREFLEN_OFFSET
Definition dhcp6.h:294
#define DHCPV6_REQUEST
Definition dhcp6.h:142
#define DHCP4O6_QUERY_UNICAST
Definition dhcp6.h:256
#define DHCPV6_REPLY
Definition dhcp6.h:146
#define DHCPV6_RELAY_FORW
Definition dhcp6.h:151
#define DHCPV6_CONFIRM
Definition dhcp6.h:143
#define D6O_RECONF_ACCEPT
Definition dhcp6.h:49
#define STATUS_Success
Definition dhcp6.h:124
#define IASUBOPT_NA_VALID_OFFSET
Definition dhcp6.h:288
#define D6O_ERO
Definition dhcp6.h:72
#define D6O_RAPID_COMMIT
Definition dhcp6.h:43
#define REPLY_OPTIONS_INDEX
Definition dhcp6.h:234
#define D6O_SERVERID
Definition dhcp6.h:31
#define D6O_DHCPV4_MSG
Definition dhcp6.h:116
#define IAID_LEN
Definition dhcp6.h:283
#define D6O_IA_PD
Definition dhcp6.h:54
#define IASUBOPT_PD_PREF_OFFSET
Definition dhcp6.h:292
#define IASUBOPT_NA_LEN
Definition dhcp6.h:289
#define DHCPV6_LEASEQUERY
Definition dhcp6.h:153
#define DUID_LL
Definition dhcp6.h:169
#define DHCPV6_DHCPV4_QUERY
Definition dhcp6.h:159
#define IA_NA_OFFSET
Definition dhcp6.h:173
#define IASUBOPT_PD_PREFIX_OFFSET
Definition dhcp6.h:295
#define IASUBOPT_NA_ADDR_OFFSET
Definition dhcp6.h:286
#define DHCPV6_INFORMATION_REQUEST
Definition dhcp6.h:150
#define IASUBOPT_PD_LEN
Definition dhcp6.h:296
#define STATUS_NoAddrsAvail
Definition dhcp6.h:126
#define IAADDR_OFFSET
Definition dhcp6.h:178
#define DUID_TIME_EPOCH
Definition dhcp6.h:275
#define DUID_LLT
Definition dhcp6.h:167
#define IA_PD_OFFSET
Definition dhcp6.h:175
#define IAPREFIX_OFFSET
Definition dhcp6.h:181
#define D6O_ORO
Definition dhcp6.h:35
#define DHCPV6_RECONFIGURE
Definition dhcp6.h:149
#define D6O_INTERFACE_ID
Definition dhcp6.h:47
#define DHCPV6_ADVERTISE
Definition dhcp6.h:141
#define D6O_UNICAST
Definition dhcp6.h:41
#define DHCPV6_REBIND
Definition dhcp6.h:145
#define DHCPV6_RELEASE
Definition dhcp6.h:147
#define STATUS_UseMulticast
Definition dhcp6.h:129
#define STATUS_NotOnLink
Definition dhcp6.h:128
#define D6O_IA_TA
Definition dhcp6.h:33
#define STATUS_NoPrefixAvail
Definition dhcp6.h:130
#define D6O_IA_NA
Definition dhcp6.h:32
#define IA_TA_OFFSET
Definition dhcp6.h:174
#define IASUBOPT_PD_VALID_OFFSET
Definition dhcp6.h:293
#define DHCPV6_SOLICIT
Definition dhcp6.h:140
#define STATUS_NoBinding
Definition dhcp6.h:127
#define DHCPV6_DHCPV4_RESPONSE
Definition dhcp6.h:160
#define D6O_PREFERENCE
Definition dhcp6.h:36
#define DHCPV6_LEASEQUERY_REPLY
Definition dhcp6.h:154
#define HTYPE_RESERVED
Definition dhcp.h:81
#define DHCP_FIXED_NON_UDP
Definition dhcp.h:36
#define DHO_DHCP_MESSAGE_TYPE
Definition dhcp.h:142
#define DHO_DHCP_RENEWAL_TIME
Definition dhcp.h:147
#define DHO_DHCP_REBINDING_TIME
Definition dhcp.h:148
#define SV_UPDATE_STATIC_LEASES
Definition dhcpd.h:753
#define DEFAULT_DEFAULT_LEASE_TIME
Definition dhcpd.h:858
const char * pin6_addr(const struct in6_addr *)
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition mdb6.c:439
#define SV_DHCPV6_SET_TEE_TIMES
Definition dhcpd.h:807
#define DEFAULT_CACHE_THRESHOLD
Definition dhcpd.h:854
void dhcpv6_leasequery(struct data_string *, struct packet *)
#define FIND_POND6_PERCENT(count, percent)
Definition dhcpd.h:3923
#define PLM_PREFER
Definition dhcpd.h:889
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition mdb6.c:2273
isc_result_t get_client_id(struct packet *, struct data_string *)
ia_hash_t * ia_na_active
#define SV_LOG_THRESHOLD_LOW
Definition dhcpd.h:802
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition mdb6.c:234
isc_result_t generate_new_server_duid(void)
#define print_hex_3(len, data, limit)
Definition dhcpd.h:2640
struct timeval cur_tv
Definition dispatch.c:35
int find_hosts6(struct host_decl **host, struct packet *packet, const struct data_string *client_id, char *file, int line)
Definition mdb6.c:3015
ia_hash_t * ia_ta_active
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition mdb6.c:1776
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition mdb6.c:1554
void set_server_duid(struct data_string *new_duid)
#define MAX_TIME
Definition dhcpd.h:1631
void copy_server_duid(struct data_string *ds, const char *file, int line)
int do_release_on_roam
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition mdb6.c:339
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition mdb6.c:2165
#define cur_time
Definition dhcpd.h:2126
#define SV_LIMIT_PREFS_PER_IA
Definition dhcpd.h:767
#define PLM_MINIMUM
Definition dhcpd.h:891
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition mdb6.c:1894
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition mdb.c:953
void set_server_duid_type(int type)
int prefix_length_mode
#define SV_CACHE_THRESHOLD
Definition dhcpd.h:797
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition mdb.c:184
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int commit_leases_timed(void)
Definition db.c:1064
#define PLM_IGNORE
Definition dhcpd.h:888
struct universe server_universe
Definition stables.c:176
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition mdb6.c:403
struct universe dhcp_universe
#define SV_LIMIT_ADDRS_PER_IA
Definition dhcpd.h:766
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition mdb6.c:311
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition mdb6.c:1526
#define PLM_EXACT
Definition dhcpd.h:890
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition mdb6.c:1032
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition mdb.c:660
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition mdb6.c:1625
#define SV_LOG_THRESHOLD_HIGH
Definition dhcpd.h:803
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition mdb6.c:1801
#define print_hex_2(len, data, limit)
Definition dhcpd.h:2639
ia_hash_t * ia_pd_active
#define FTS_ACTIVE
Definition dhcpd.h:538
isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type, const struct in6_addr *addr)
Definition mdb6.c:2291
const char int line
Definition dhcpd.h:3802
int write_ia(const struct ia_xx *)
Definition db.c:518
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
isc_boolean_t server_duid_isset(void)
void classify_client(struct packet *)
Definition class.c:55
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition mdb6.c:261
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition mdb6.c:1983
#define SV_PREFER_LIFETIME
Definition dhcpd.h:763
#define PLM_MAXIMUM
Definition dhcpd.h:892
#define INFINITE_TIME
Definition dhcpd.h:1630
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition mdb6.c:1416
int permitted(struct packet *, struct permit *)
Definition dhcp.c:5178
void dhcpv6(struct packet *)
#define FTS_ABANDONED
Definition dhcpd.h:541
#define SV_DDNS_UPDATES
Definition dhcpd.h:740
#define SV_DEFAULT_LEASE_TIME
Definition dhcpd.h:711
void cleanup(void)
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition mdb6.c:377
const char * file
Definition dhcpd.h:3802
#define print_hex_1(len, data, limit)
Definition dhcpd.h:2638
#define FTS_EXPIRED
Definition dhcpd.h:539
int local_family
Definition discover.c:59
struct interface_info * interfaces
Definition discover.c:42
int dhcpv4_over_dhcpv6
Definition discover.c:51
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition execute.c:35
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition execute.c:570
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition execute.c:630
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition inet.c:303
const char * piaddr(const struct iaddr addr)
Definition inet.c:579
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition inet.c:166
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition inet.c:34
#define ISC_R_SUCCESS
@ pass
Definition keama.h:37
struct group * root_group
Definition memory.c:31
#define MDL
Definition omapip.h:567
const char int
Definition omapip.h:442
struct __omapi_object omapi_object_t
Definition omapip.h:39
int log_error(const char *,...) __attribute__((__format__(__printf__
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
void log_fatal(const char *,...) __attribute__((__format__(__printf__
int int log_info(const char *,...) __attribute__((__format__(__printf__
#define DHCP_R_INVALIDARG
Definition result.h:49
unsigned char data[1]
Definition tree.h:62
struct buffer * buffer
Definition tree.h:77
const unsigned char * data
Definition tree.h:78
unsigned len
Definition tree.h:79
unsigned char options[DHCP_MAX_OPTION_LEN]
Definition dhcp.h:62
u_int8_t hlen
Definition dhcp.h:50
unsigned char chaddr[16]
Definition dhcp.h:59
unsigned char msg_type
Definition dhcp6.h:252
unsigned char flags[3]
Definition dhcp6.h:253
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition dhcp6.h:254
unsigned char transaction_id[3]
Definition dhcp6.h:229
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition dhcp6.h:230
unsigned char msg_type
Definition dhcp6.h:228
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition dhcp6.h:244
unsigned char link_address[16]
Definition dhcp6.h:242
unsigned char hop_count
Definition dhcp6.h:241
unsigned char msg_type
Definition dhcp6.h:240
unsigned char peer_address[16]
Definition dhcp6.h:243
Definition dhcpd.h:962
u_int8_t hlen
Definition dhcpd.h:492
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition dhcpd.h:493
struct iaddrcidrnetlist * fixed_prefix
Definition dhcpd.h:987
struct option_cache * fixed_addr
Definition dhcpd.h:986
struct host_decl * n_ipaddr
Definition dhcpd.h:976
int num_iasubopt
Definition dhcpd.h:1685
time_t cltt
Definition dhcpd.h:1687
struct iasubopt ** iasubopt
Definition dhcpd.h:1688
Definition inet.h:31
unsigned char iabuf[16]
Definition inet.h:33
unsigned len
Definition inet.h:32
struct iaddr lo_addr
Definition inet.h:71
int bits
Definition inet.h:72
struct iaddrcidrnet cidrnet
Definition inet.h:77
struct iaddrcidrnetlist * next
Definition inet.h:76
u_int8_t plen
Definition dhcpd.h:1649
int static_lease
Definition dhcpd.h:1678
binding_state_t state
Definition dhcpd.h:1650
time_t hard_lifetime_end_time
Definition dhcpd.h:1652
u_int32_t prefer
Definition dhcpd.h:1654
struct in6_addr addr
Definition dhcpd.h:1648
u_int32_t valid
Definition dhcpd.h:1655
struct ia_xx * ia
Definition dhcpd.h:1656
struct binding_scope * scope
Definition dhcpd.h:1651
struct on_star on_star
Definition dhcpd.h:1677
struct ipv6_pool * ipv6_pool
Definition dhcpd.h:1657
time_t soft_lifetime_end_time
Definition dhcpd.h:1653
char name[IFNAMSIZ]
Definition dhcpd.h:1408
struct interface_info * next
Definition dhcpd.h:1383
struct hardware hw_address
Definition dhcpd.h:1386
struct shared_network * shared_network
Definition dhcpd.h:1384
Definition ip.h:47
ipv6_pond structure
Definition dhcpd.h:1745
struct permit * permit_list
Definition dhcpd.h:1751
struct shared_network * shared_network
Definition dhcpd.h:1749
isc_uint64_t num_abandoned
Definition dhcpd.h:1761
int logged
Definition dhcpd.h:1762
int jumbo_range
Definition dhcpd.h:1764
struct ipv6_pool ** ipv6_pools
Definition dhcpd.h:1756
isc_uint64_t num_total
Definition dhcpd.h:1759
struct group * group
Definition dhcpd.h:1748
isc_uint64_t low_threshold
Definition dhcpd.h:1763
int last_ipv6_pool
Definition dhcpd.h:1757
isc_uint64_t num_active
Definition dhcpd.h:1760
struct permit * prohibit_list
Definition dhcpd.h:1752
struct ipv6_pond * next
Definition dhcpd.h:1747
ipv6_pool structure
Definition dhcpd.h:1715
struct ipv6_pond * ipv6_pond
Definition dhcpd.h:1731
u_int16_t pool_type
Definition dhcpd.h:1717
struct shared_network * shared_network
Definition dhcpd.h:1728
int units
Definition dhcpd.h:1720
Definition dhcpd.h:560
struct lease_state * state
Definition dhcpd.h:628
struct dhcp_ddns_cb * ddns_cb
Definition dhcpd.h:650
struct binding_scope * scope
Definition dhcpd.h:575
TIME cltt
Definition dhcpd.h:640
struct executable_statement * on_commit
Definition dhcpd.h:555
struct data_string data
Definition dhcpd.h:390
struct option_cache * next
Definition dhcpd.h:387
struct in6_addr dhcpv6_link_address
Definition dhcpd.h:418
struct packet * dhcpv6_container_packet
Definition dhcpd.h:422
int client_port
Definition dhcpd.h:431
struct dhcp_packet * raw
Definition dhcpd.h:406
unsigned char dhcp4o6_flags[3]
Definition dhcpd.h:425
unsigned char dhcpv6_msg_type
Definition dhcpd.h:411
isc_boolean_t unicast
Definition dhcpd.h:470
unsigned char dhcpv6_hop_count
Definition dhcpd.h:417
struct interface_info * interface
Definition dhcpd.h:433
isc_boolean_t relay_source_port
Definition dhcpd.h:477
struct in6_addr dhcpv6_peer_address
Definition dhcpd.h:419
int known
Definition dhcpd.h:457
struct option_state * options
Definition dhcpd.h:449
unsigned packet_length
Definition dhcpd.h:408
struct data_string * dhcp4o6_response
Definition dhcpd.h:428
int options_valid
Definition dhcpd.h:430
unsigned char dhcpv6_transaction_id[3]
Definition dhcpd.h:414
int packet_type
Definition dhcpd.h:409
struct iaddr client_addr
Definition dhcpd.h:432
Definition dhcpd.h:1029
struct group * group
Definition dhcpd.h:1069
struct subnet * subnets
Definition dhcpd.h:1065
char * name
Definition dhcpd.h:1060
struct group * group
Definition dhcpd.h:1085
struct iaddr netmask
Definition dhcpd.h:1083
struct iaddr net
Definition dhcpd.h:1082
struct subnet * next_sibling
Definition dhcpd.h:1078
struct shared_network * shared_network
Definition dhcpd.h:1079
const int dhcpv6_type_name_max
Definition tables.c:692
const char * dhcpv6_type_names[]
Definition tables.c:668
struct universe dhcpv6_universe
Definition tables.c:351
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition tree.c:2699
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition tree.c:2733
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition tree.c:56
struct binding_scope * global_scope
Definition tree.c:38