]> git.ipfire.org Git - thirdparty/dhcp.git/blob - server/dhcpv6.c
projects / thirdparty / dhcp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update RELNOTES
[thirdparty/dhcp.git] / server / dhcpv6.c
1 /*
2 * Copyright (C) 2006-2017 by Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 /*! \file server/dhcpv6.c */
18
19 #include "dhcpd.h"
20
21 #ifdef DHCPv6
22
23 #ifdef DHCP4o6
24 static void forw_dhcpv4_query(struct packet *packet);
25 static void send_dhcpv4_response(struct data_string *raw);
26
27 static void recv_dhcpv4_query(struct data_string *raw);
28 static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29 struct packet *packet);
30
31 struct udp_data4o6 {
32 u_int16_t src_port;
33 u_int8_t rsp_opt_exist;
34 u_int8_t reserved;
35 };
36
37 static int offset_data4o6 = 36; /* 16+16+4 */
38 #endif
39
40 /*
41 * We use print_hex_1() to output DUID values. We could actually output
42 * the DUID with more information... MAC address if using type 1 or 3,
43 * and so on. However, RFC 3315 contains Grave Warnings against actually
44 * attempting to understand a DUID.
45 */
46
47 /*
48 * TODO: gettext() or other method of localization for the messages
49 * for status codes (and probably for log formats eventually)
50 * TODO: refactoring (simplify, simplify, simplify)
51 * TODO: support multiple shared_networks on each interface (this
52 * will allow the server to issue multiple IPv6 addresses to
53 * a single interface)
54 */
55
56 /*
57 * DHCPv6 Reply workflow assist. A Reply packet is built by various
58 * different functions; this gives us one location where we keep state
59 * regarding a reply.
60 */
61 struct reply_state {
62 /* root level persistent state */
63 struct shared_network *shared;
64 struct host_decl *host;
65 struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
66 struct option_state *opt_state;
67 struct packet *packet;
68 struct data_string client_id;
69
70 /* IA level persistent state */
71 unsigned ia_count;
72 unsigned pd_count;
73 unsigned client_resources;
74 isc_boolean_t resources_included;
75 isc_boolean_t static_lease;
76 unsigned static_prefixes;
77 struct ia_xx *ia;
78 struct ia_xx *old_ia;
79 struct option_state *reply_ia;
80 struct data_string fixed;
81 struct iaddrcidrnet fixed_pref; /* static prefix for logging */
82
83 /* IAADDR/PREFIX level persistent state */
84 struct iasubopt *lease;
85
86 /*
87 * "t1", "t2", preferred, and valid lifetimes records for calculating
88 * t1 and t2 (min/max).
89 */
90 u_int32_t renew, rebind, min_prefer, min_valid;
91
92 /* Client-requested valid and preferred lifetimes. */
93 u_int32_t client_valid, client_prefer;
94
95 /* Chosen values to transmit for valid and preferred lifetimes. */
96 u_int32_t send_valid, send_prefer;
97
98 /* Preferred prefix length (-1 is any). */
99 int preflen;
100
101 /* Index into the data field that has been consumed. */
102 unsigned cursor;
103
104 /* Space for the on commit statements for a fixed host */
105 struct on_star on_star;
106
107 union reply_buffer {
108 unsigned char data[65536];
109 struct dhcpv6_packet reply;
110 } buf;
111 };
112
113 /*
114 * Prototypes local to this file.
115 */
116 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
117 struct data_string *enc_opt_data,
118 struct packet *packet,
119 struct option_cache *oc,
120 int offset);
121 static void build_dhcpv6_reply(struct data_string *, struct packet *);
122 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
123 struct packet *packet);
124 static void seek_shared_host(struct host_decl **hp,
125 struct shared_network *shared);
126 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
127 struct shared_network *shared);
128 static isc_result_t reply_process_ia_na(struct reply_state *reply,
129 struct option_cache *ia);
130 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
131 struct option_cache *ia);
132 static isc_result_t reply_process_addr(struct reply_state *reply,
133 struct option_cache *addr);
134 static isc_boolean_t address_is_owned(struct reply_state *reply,
135 struct iaddr *addr);
136 static isc_boolean_t temporary_is_available(struct reply_state *reply,
137 struct iaddr *addr);
138 static isc_result_t find_client_temporaries(struct reply_state *reply);
139 static isc_result_t reply_process_try_addr(struct reply_state *reply,
140 struct iaddr *addr);
141 static isc_result_t find_client_address(struct reply_state *reply);
142 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
143 struct binding_scope **scope,
144 struct group *group);
145 static isc_result_t reply_process_send_addr(struct reply_state *reply,
146 struct iaddr *addr);
147 static struct iasubopt *lease_compare(struct iasubopt *alpha,
148 struct iasubopt *beta);
149 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
150 struct option_cache *ia_pd);
151 static struct group *find_group_by_prefix(struct reply_state *reply);
152 static isc_result_t reply_process_prefix(struct reply_state *reply,
153 struct option_cache *pref);
154 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
155 struct iaddrcidrnet *pref);
156 static isc_result_t find_client_prefix(struct reply_state *reply);
157 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
158 struct iaddrcidrnet *pref);
159 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
160 struct binding_scope **scope,
161 struct group *group);
162 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
163 struct iaddrcidrnet *pref);
164 static struct iasubopt *prefix_compare(struct reply_state *reply,
165 struct iasubopt *alpha,
166 struct iasubopt *beta);
167 static void schedule_lease_timeout_reply(struct reply_state *reply);
168
169 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
170 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
171 int prefix_mode);
172
173 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
174 const struct data_string *client_id,
175 const struct data_string *server_id);
176
177 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
178 static isc_result_t shared_network_from_requested_addr (struct shared_network
179 **shared,
180 struct packet* packet);
181 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
182 struct iaddr* iaddr);
183
184 static void
185 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
186
187 static const char *iasubopt_plen_str(struct iasubopt *lease);
188 static int release_on_roam(struct reply_state *reply);
189
190 static int reuse_lease6(struct reply_state *reply, struct iasubopt *lease);
191 static void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
192 time_t age, int threshold);
193 static void write_to_packet(struct reply_state *reply, unsigned ia_cursor);
194 static const char *iasubopt_plen_str(struct iasubopt *lease);
195
196 #ifdef NSUPDATE
197 static void ddns_update_static6(struct reply_state* reply);
198 #endif
199
200 #ifdef DHCP4o6
201 /*
202 * \brief Omapi I/O handler
203 *
204 * The inter-process communication receive handler.
205 * Get the message, put it into the raw data_string
206 * and call \ref send_dhcpv4_response() (DHCPv6 side) or
207 * \ref recv_dhcpv4_query() (DHCPv4 side)
208 *
209 * \param h the OMAPI object
210 * \return a result for I/O success or error (used by the I/O subsystem)
211 */
212 isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
213 char buf[65536];
214 struct data_string raw;
215 int cc;
216
217 if (h->type != dhcp4o6_type)
218 return DHCP_R_INVALIDARG;
219
220 cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
221
222 if (cc < DHCP_FIXED_NON_UDP + offset_data4o6)
223 return ISC_R_UNEXPECTED;
224 memset(&raw, 0, sizeof(raw));
225 if (!buffer_allocate(&raw.buffer, cc, MDL)) {
226 log_error("dhcpv4o6_handler: no memory buffer.");
227 return ISC_R_NOMEMORY;
228 }
229 raw.data = raw.buffer->data;
230 raw.len = cc;
231 memcpy(raw.buffer->data, buf, cc);
232
233 if (local_family == AF_INET6) {
234 send_dhcpv4_response(&raw);
235 } else {
236 recv_dhcpv4_query(&raw);
237 }
238
239 data_string_forget(&raw, MDL);
240
241 return ISC_R_SUCCESS;
242 }
243
244 /*
245 * \brief Send the DHCPv4-response back to the DHCPv6 side
246 * (DHCPv6 server function)
247 *
248 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-response message
249 *
250 * \param raw the IPC message content
251 */
252 static void send_dhcpv4_response(struct data_string *raw) {
253 struct interface_info *ip;
254 char name[16 + 1];
255 struct sockaddr_in6 to_addr;
256 char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
257 struct udp_data4o6 udp_data;
258 int send_ret;
259
260 memset(name, 0, sizeof(name));
261 memcpy(name, raw->data, 16);
262 for (ip = interfaces; ip != NULL; ip = ip->next) {
263 if (!strcmp(name, ip->name))
264 break;
265 }
266 if (ip == NULL) {
267 log_error("send_dhcpv4_response: can't find interface %s.",
268 name);
269 return;
270 }
271
272 memset(&to_addr, 0, sizeof(to_addr));
273 to_addr.sin6_family = AF_INET6;
274 memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
275 memset(&udp_data, 0, sizeof(udp_data));
276 memcpy(&udp_data, raw->data + 32, 4);
277 if ((raw->data[36] == DHCPV6_RELAY_FORW) ||
278 (raw->data[36] == DHCPV6_RELAY_REPL)) {
279 if (udp_data.rsp_opt_exist) {
280 to_addr.sin6_port = udp_data.src_port;
281 } else {
282 to_addr.sin6_port = local_port;
283 }
284 } else {
285 to_addr.sin6_port = remote_port;
286 }
287
288 log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
289 dhcpv6_type_names[raw->data[36]],
290 name,
291 inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
292 ntohs(to_addr.sin6_port));
293
294 send_ret = send_packet6(ip, raw->data + 36, raw->len - 36, &to_addr);
295 if (send_ret < 0) {
296 log_error("send_dhcpv4_response: send_packet6(): %m");
297 } else if (send_ret != raw->len - 36) {
298 log_error("send_dhcpv4_response: send_packet6() "
299 "sent %d of %d bytes",
300 send_ret, raw->len - 36);
301 }
302 }
303 #endif /* DHCP4o6 */
304
305 /*
306 * Schedule lease timeouts for all of the iasubopts in the reply.
307 * This is currently used to schedule timeouts for soft leases.
308 */
309
310 static void
311 schedule_lease_timeout_reply(struct reply_state *reply) {
312 struct iasubopt *tmp;
313 int i;
314
315 /* sanity check the reply */
316 if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
317 return;
318
319 /* walk through the list, scheduling as we go */
320 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
321 tmp = reply->ia->iasubopt[i];
322 schedule_lease_timeout(tmp->ipv6_pool);
323 }
324 }
325
326 /*
327 * This function returns the time since DUID time start for the
328 * given time_t value.
329 */
330 static u_int32_t
331 duid_time(time_t when) {
332 /*
333 * This time is modulo 2^32.
334 */
335 while ((when - DUID_TIME_EPOCH) > 4294967295u) {
336 /* use 2^31 to avoid spurious compiler warnings */
337 when -= 2147483648u;
338 when -= 2147483648u;
339 }
340
341 return when - DUID_TIME_EPOCH;
342 }
343
344
345 /*
346 * Server DUID.
347 *
348 * This must remain the same for the lifetime of this server, because
349 * clients return the server DUID that we sent them in Request packets.
350 *
351 * We pick the server DUID like this:
352 *
353 * 1. Check dhcpd.conf - any value the administrator has configured
354 * overrides any possible values.
355 * 2. Check the leases.txt - we want to use the previous value if
356 * possible.
357 * 3. Check if dhcpd.conf specifies a type of server DUID to use,
358 * and generate that type.
359 * 4. Generate a type 1 (time + hardware address) DUID.
360 */
361 static struct data_string server_duid;
362
363 /*
364 * Check if the server_duid has been set.
365 */
366 isc_boolean_t
367 server_duid_isset(void) {
368 return (server_duid.data != NULL);
369 }
370
371 /*
372 * Return the server_duid.
373 */
374 void
375 copy_server_duid(struct data_string *ds, const char *file, int line) {
376 data_string_copy(ds, &server_duid, file, line);
377 }
378
379 /*
380 * Set the server DUID to a specified value. This is used when
381 * the server DUID is stored in persistent memory (basically the
382 * leases.txt file).
383 */
384 void
385 set_server_duid(struct data_string *new_duid) {
386 /* INSIST(new_duid != NULL); */
387 /* INSIST(new_duid->data != NULL); */
388
389 if (server_duid_isset()) {
390 data_string_forget(&server_duid, MDL);
391 }
392 data_string_copy(&server_duid, new_duid, MDL);
393 }
394
395
396 /*
397 * Set the server DUID based on the D6O_SERVERID option. This handles
398 * the case where the administrator explicitly put it in the dhcpd.conf
399 * file.
400 */
401 isc_result_t
402 set_server_duid_from_option(void) {
403 struct option_state *opt_state;
404 struct option_cache *oc;
405 struct data_string option_duid;
406 isc_result_t ret_val;
407
408 opt_state = NULL;
409 if (!option_state_allocate(&opt_state, MDL)) {
410 log_fatal("No memory for server DUID.");
411 }
412
413 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
414 opt_state, &global_scope, root_group,
415 NULL, NULL);
416
417 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
418 if (oc == NULL) {
419 ret_val = ISC_R_NOTFOUND;
420 } else {
421 memset(&option_duid, 0, sizeof(option_duid));
422 if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
423 opt_state, NULL, &global_scope,
424 oc, MDL)) {
425 ret_val = ISC_R_UNEXPECTED;
426 } else {
427 set_server_duid(&option_duid);
428 data_string_forget(&option_duid, MDL);
429 ret_val = ISC_R_SUCCESS;
430 }
431 }
432
433 option_state_dereference(&opt_state, MDL);
434
435 return ret_val;
436 }
437
438 /*
439 * DUID layout, as defined in RFC 3315, section 9.
440 *
441 * We support type 1 (hardware address plus time) and type 3 (hardware
442 * address).
443 *
444 * We can support type 2 for specific vendors in the future, if they
445 * publish the specification. And of course there may be additional
446 * types later.
447 */
448 static int server_duid_type = DUID_LLT;
449
450 /*
451 * Set the DUID type.
452 */
453 void
454 set_server_duid_type(int type) {
455 server_duid_type = type;
456 }
457
458 /*
459 * Generate a new server DUID. This is done if there was no DUID in
460 * the leases.txt or in the dhcpd.conf file.
461 */
462 isc_result_t
463 generate_new_server_duid(void) {
464 struct interface_info *p;
465 u_int32_t time_val;
466 struct data_string generated_duid;
467
468 /*
469 * Verify we have a type that we support.
470 */
471 if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
472 log_error("Invalid DUID type %d specified, "
473 "only LL and LLT types supported", server_duid_type);
474 return DHCP_R_INVALIDARG;
475 }
476
477 /*
478 * Find an interface with a hardware address.
479 * Any will do. :)
480 */
481 for (p = interfaces; p != NULL; p = p->next) {
482 if (p->hw_address.hlen > 0) {
483 break;
484 }
485 }
486 if (p == NULL) {
487 return ISC_R_UNEXPECTED;
488 }
489
490 /*
491 * Build our DUID.
492 */
493 memset(&generated_duid, 0, sizeof(generated_duid));
494 if (server_duid_type == DUID_LLT) {
495 time_val = duid_time(time(NULL));
496 generated_duid.len = 8 + p->hw_address.hlen - 1;
497 if (!buffer_allocate(&generated_duid.buffer,
498 generated_duid.len, MDL)) {
499 log_fatal("No memory for server DUID.");
500 }
501 generated_duid.data = generated_duid.buffer->data;
502 putUShort(generated_duid.buffer->data, DUID_LLT);
503 putUShort(generated_duid.buffer->data + 2,
504 p->hw_address.hbuf[0]);
505 putULong(generated_duid.buffer->data + 4, time_val);
506 memcpy(generated_duid.buffer->data + 8,
507 p->hw_address.hbuf+1, p->hw_address.hlen-1);
508 } else if (server_duid_type == DUID_LL) {
509 generated_duid.len = 4 + p->hw_address.hlen - 1;
510 if (!buffer_allocate(&generated_duid.buffer,
511 generated_duid.len, MDL)) {
512 log_fatal("No memory for server DUID.");
513 }
514 generated_duid.data = generated_duid.buffer->data;
515 putUShort(generated_duid.buffer->data, DUID_LL);
516 putUShort(generated_duid.buffer->data + 2,
517 p->hw_address.hbuf[0]);
518 memcpy(generated_duid.buffer->data + 4,
519 p->hw_address.hbuf+1, p->hw_address.hlen-1);
520 } else {
521 log_fatal("Unsupported server DUID type %d.", server_duid_type);
522 }
523
524 set_server_duid(&generated_duid);
525 data_string_forget(&generated_duid, MDL);
526
527 return ISC_R_SUCCESS;
528 }
529
530 /*
531 * Get the client identifier from the packet.
532 */
533 isc_result_t
534 get_client_id(struct packet *packet, struct data_string *client_id) {
535 struct option_cache *oc;
536
537 /*
538 * Verify our client_id structure is empty.
539 */
540 if ((client_id->data != NULL) || (client_id->len != 0)) {
541 return DHCP_R_INVALIDARG;
542 }
543
544 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_CLIENTID);
545 if (oc == NULL) {
546 return ISC_R_NOTFOUND;
547 }
548
549 if (!evaluate_option_cache(client_id, packet, NULL, NULL,
550 packet->options, NULL,
551 &global_scope, oc, MDL)) {
552 return ISC_R_FAILURE;
553 }
554
555 return ISC_R_SUCCESS;
556 }
557
558 /*
559 * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
560 *
561 * Servers MUST discard any Solicit messages that do not include a
562 * Client Identifier option or that do include a Server Identifier
563 * option.
564 */
565 int
566 valid_client_msg(struct packet *packet, struct data_string *client_id) {
567 int ret_val;
568 struct option_cache *oc;
569 struct data_string data;
570
571 ret_val = 0;
572 memset(client_id, 0, sizeof(*client_id));
573 memset(&data, 0, sizeof(data));
574
575 switch (get_client_id(packet, client_id)) {
576 case ISC_R_SUCCESS:
577 break;
578 case ISC_R_NOTFOUND:
579 log_debug("Discarding %s from %s; "
580 "client identifier missing",
581 dhcpv6_type_names[packet->dhcpv6_msg_type],
582 piaddr(packet->client_addr));
583 goto exit;
584 default:
585 log_error("Error processing %s from %s; "
586 "unable to evaluate Client Identifier",
587 dhcpv6_type_names[packet->dhcpv6_msg_type],
588 piaddr(packet->client_addr));
589 goto exit;
590 }
591
592 /*
593 * Required by RFC 3315, section 15.
594 */
595 if (packet->unicast) {
596 log_debug("Discarding %s from %s; packet sent unicast "
597 "(CLIENTID %s)",
598 dhcpv6_type_names[packet->dhcpv6_msg_type],
599 piaddr(packet->client_addr),
600 print_hex_1(client_id->len, client_id->data, 60));
601 goto exit;
602 }
603
604
605 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID);
606 if (oc != NULL) {
607 if (evaluate_option_cache(&data, packet, NULL, NULL,
608 packet->options, NULL,
609 &global_scope, oc, MDL)) {
610 log_debug("Discarding %s from %s; "
611 "server identifier found "
612 "(CLIENTID %s, SERVERID %s)",
613 dhcpv6_type_names[packet->dhcpv6_msg_type],
614 piaddr(packet->client_addr),
615 print_hex_1(client_id->len,
616 client_id->data, 60),
617 print_hex_2(data.len,
618 data.data, 60));
619 } else {
620 log_debug("Discarding %s from %s; "
621 "server identifier found "
622 "(CLIENTID %s)",
623 dhcpv6_type_names[packet->dhcpv6_msg_type],
624 print_hex_1(client_id->len,
625 client_id->data, 60),
626 piaddr(packet->client_addr));
627 }
628 goto exit;
629 }
630
631 /* looks good */
632 ret_val = 1;
633
634 exit:
635 data_string_forget(&data, MDL);
636 if (!ret_val) {
637 data_string_forget(client_id, MDL);
638 }
639 return ret_val;
640 }
641
642 /*
643 * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
644 * 15.9 (slightly different wording, but same meaning):
645 *
646 * Servers MUST discard any received Request message that meet any of
647 * the following conditions:
648 *
649 * - the message does not include a Server Identifier option.
650 * - the contents of the Server Identifier option do not match the
651 * server's DUID.
652 * - the message does not include a Client Identifier option.
653 */
654 int
655 valid_client_resp(struct packet *packet,
656 struct data_string *client_id,
657 struct data_string *server_id)
658 {
659 int ret_val;
660 struct option_cache *oc;
661
662 /* INSIST((duid.data != NULL) && (duid.len > 0)); */
663
664 ret_val = 0;
665 memset(client_id, 0, sizeof(*client_id));
666 memset(server_id, 0, sizeof(*server_id));
667
668 switch (get_client_id(packet, client_id)) {
669 case ISC_R_SUCCESS:
670 break;
671 case ISC_R_NOTFOUND:
672 log_debug("Discarding %s from %s; "
673 "client identifier missing",
674 dhcpv6_type_names[packet->dhcpv6_msg_type],
675 piaddr(packet->client_addr));
676 goto exit;
677 default:
678 log_error("Error processing %s from %s; "
679 "unable to evaluate Client Identifier",
680 dhcpv6_type_names[packet->dhcpv6_msg_type],
681 piaddr(packet->client_addr));
682 goto exit;
683 }
684
685 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID);
686 if (oc == NULL) {
687 log_debug("Discarding %s from %s: "
688 "server identifier missing (CLIENTID %s)",
689 dhcpv6_type_names[packet->dhcpv6_msg_type],
690 piaddr(packet->client_addr),
691 print_hex_1(client_id->len, client_id->data, 60));
692 goto exit;
693 }
694 if (!evaluate_option_cache(server_id, packet, NULL, NULL,
695 packet->options, NULL,
696 &global_scope, oc, MDL)) {
697 log_error("Error processing %s from %s; "
698 "unable to evaluate Server Identifier (CLIENTID %s)",
699 dhcpv6_type_names[packet->dhcpv6_msg_type],
700 piaddr(packet->client_addr),
701 print_hex_1(client_id->len, client_id->data, 60));
702 goto exit;
703 }
704 if ((server_duid.len != server_id->len) ||
705 (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
706 log_debug("Discarding %s from %s; "
707 "not our server identifier "
708 "(CLIENTID %s, SERVERID %s, server DUID %s)",
709 dhcpv6_type_names[packet->dhcpv6_msg_type],
710 piaddr(packet->client_addr),
711 print_hex_1(client_id->len, client_id->data, 60),
712 print_hex_2(server_id->len, server_id->data, 60),
713 print_hex_3(server_duid.len, server_duid.data, 60));
714 goto exit;
715 }
716
717 /* looks good */
718 ret_val = 1;
719
720 exit:
721 if (!ret_val) {
722 data_string_forget(server_id, MDL);
723 data_string_forget(client_id, MDL);
724 }
725 return ret_val;
726 }
727
728 /*
729 * Information request validation, defined in RFC 3315, section 15.12:
730 *
731 * Servers MUST discard any received Information-request message that
732 * meets any of the following conditions:
733 *
734 * - The message includes a Server Identifier option and the DUID in
735 * the option does not match the server's DUID.
736 *
737 * - The message includes an IA option.
738 */
739 int
740 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
741 int ret_val;
742 struct option_cache *oc;
743 struct data_string client_id;
744 char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
745 plus a few more for extra information */
746
747 ret_val = 0;
748 memset(server_id, 0, sizeof(*server_id));
749 memset(&client_id, 0, sizeof(client_id));
750
751 /*
752 * Make a string that we can print out to give more
753 * information about the client if we need to.
754 *
755 * By RFC 3315, Section 18.1.5 clients SHOULD have a
756 * client-id on an Information-request packet, but it
757 * is not strictly necessary.
758 */
759 if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
760 snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
761 print_hex_1(client_id.len, client_id.data, 60));
762 data_string_forget(&client_id, MDL);
763 } else {
764 client_id_str[0] = '\0';
765 }
766
767 /*
768 * Required by RFC 3315, section 15.
769 */
770 if (packet->unicast) {
771 log_debug("Discarding %s from %s; packet sent unicast%s",
772 dhcpv6_type_names[packet->dhcpv6_msg_type],
773 piaddr(packet->client_addr), client_id_str);
774 goto exit;
775 }
776
777 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
778 if (oc != NULL) {
779 log_debug("Discarding %s from %s; "
780 "IA_NA option present%s",
781 dhcpv6_type_names[packet->dhcpv6_msg_type],
782 piaddr(packet->client_addr), client_id_str);
783 goto exit;
784 }
785 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_TA);
786 if (oc != NULL) {
787 log_debug("Discarding %s from %s; "
788 "IA_TA option present%s",
789 dhcpv6_type_names[packet->dhcpv6_msg_type],
790 piaddr(packet->client_addr), client_id_str);
791 goto exit;
792 }
793 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
794 if (oc != NULL) {
795 log_debug("Discarding %s from %s; "
796 "IA_PD option present%s",
797 dhcpv6_type_names[packet->dhcpv6_msg_type],
798 piaddr(packet->client_addr), client_id_str);
799 goto exit;
800 }
801
802 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID);
803 if (oc != NULL) {
804 if (!evaluate_option_cache(server_id, packet, NULL, NULL,
805 packet->options, NULL,
806 &global_scope, oc, MDL)) {
807 log_error("Error processing %s from %s; "
808 "unable to evaluate Server Identifier%s",
809 dhcpv6_type_names[packet->dhcpv6_msg_type],
810 piaddr(packet->client_addr), client_id_str);
811 goto exit;
812 }
813 if ((server_duid.len != server_id->len) ||
814 (memcmp(server_duid.data, server_id->data,
815 server_duid.len) != 0)) {
816 log_debug("Discarding %s from %s; "
817 "not our server identifier "
818 "(SERVERID %s, server DUID %s)%s",
819 dhcpv6_type_names[packet->dhcpv6_msg_type],
820 piaddr(packet->client_addr),
821 print_hex_1(server_id->len,
822 server_id->data, 60),
823 print_hex_2(server_duid.len,
824 server_duid.data, 60),
825 client_id_str);
826 goto exit;
827 }
828 }
829
830 /* looks good */
831 ret_val = 1;
832
833 exit:
834 if (!ret_val) {
835 data_string_forget(server_id, MDL);
836 }
837 return ret_val;
838 }
839
840 /*
841 * Options that we want to send, in addition to what was requested
842 * via the ORO.
843 */
844 static const int required_opts[] = {
845 D6O_CLIENTID,
846 D6O_SERVERID,
847 D6O_STATUS_CODE,
848 D6O_PREFERENCE,
849 0
850 };
851 static const int required_opts_solicit[] = {
852 D6O_CLIENTID,
853 D6O_SERVERID,
854 D6O_IA_NA,
855 D6O_IA_TA,
856 D6O_IA_PD,
857 D6O_RAPID_COMMIT,
858 D6O_STATUS_CODE,
859 D6O_RECONF_ACCEPT,
860 D6O_PREFERENCE,
861 0
862 };
863 static const int required_opts_agent[] = {
864 D6O_INTERFACE_ID,
865 #if defined(RELAY_PORT)
866 D6O_RELAY_SOURCE_PORT,
867 #endif
868 D6O_RELAY_MSG,
869 0
870 };
871 static const int required_opts_IA[] = {
872 D6O_IAADDR,
873 D6O_STATUS_CODE,
874 0
875 };
876 static const int required_opts_IA_PD[] = {
877 D6O_IAPREFIX,
878 D6O_STATUS_CODE,
879 0
880 };
881 static const int required_opts_STATUS_CODE[] = {
882 D6O_STATUS_CODE,
883 0
884 };
885 #ifdef DHCP4o6
886 static const int required_opts_4o6[] = {
887 D6O_DHCPV4_MSG,
888 0
889 };
890 #endif
891
892 static const int unicast_reject_opts[] = {
893 D6O_CLIENTID,
894 D6O_SERVERID,
895 D6O_STATUS_CODE,
896 0
897 };
898
899
900 /*
901 * Extracts from packet contents an IA_* option, storing the IA structure
902 * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
903 * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
904 * where in the IA_* the DHCPv6 options commence.
905 */
906 static int
907 get_encapsulated_IA_state(struct option_state **enc_opt_state,
908 struct data_string *enc_opt_data,
909 struct packet *packet,
910 struct option_cache *oc,
911 int offset)
912 {
913 /*
914 * Get the raw data for the encapsulated options.
915 */
916 memset(enc_opt_data, 0, sizeof(*enc_opt_data));
917 if (!evaluate_option_cache(enc_opt_data, packet,
918 NULL, NULL, packet->options, NULL,
919 &global_scope, oc, MDL)) {
920 log_error("get_encapsulated_IA_state: "
921 "error evaluating raw option.");
922 return 0;
923 }
924 if (enc_opt_data->len < offset) {
925 log_error("get_encapsulated_IA_state: raw option too small.");
926 data_string_forget(enc_opt_data, MDL);
927 return 0;
928 }
929
930 /*
931 * Now create the option state structure, and pass it to the
932 * function that parses options.
933 */
934 *enc_opt_state = NULL;
935 if (!option_state_allocate(enc_opt_state, MDL)) {
936 log_error("get_encapsulated_IA_state: no memory for options.");
937 data_string_forget(enc_opt_data, MDL);
938 return 0;
939 }
940 if (!parse_option_buffer(*enc_opt_state,
941 enc_opt_data->data + offset,
942 enc_opt_data->len - offset,
943 &dhcpv6_universe)) {
944 log_error("get_encapsulated_IA_state: error parsing options.");
945 option_state_dereference(enc_opt_state, MDL);
946 data_string_forget(enc_opt_data, MDL);
947 return 0;
948 }
949
950 return 1;
951 }
952
953 static int
954 set_status_code(u_int16_t status_code, const char *status_message,
955 struct option_state *opt_state)
956 {
957 struct data_string d;
958 int ret_val;
959
960 memset(&d, 0, sizeof(d));
961 d.len = sizeof(status_code) + strlen(status_message);
962 if (!buffer_allocate(&d.buffer, d.len, MDL)) {
963 log_fatal("set_status_code: no memory for status code.");
964 }
965 d.data = d.buffer->data;
966 putUShort(d.buffer->data, status_code);
967 memcpy(d.buffer->data + sizeof(status_code),
968 status_message, d.len - sizeof(status_code));
969 if (!save_option_buffer(&dhcpv6_universe, opt_state,
970 d.buffer, (unsigned char *)d.data, d.len,
971 D6O_STATUS_CODE, 0)) {
972 log_error("set_status_code: error saving status code.");
973 ret_val = 0;
974 } else {
975 ret_val = 1;
976 }
977 data_string_forget(&d, MDL);
978 return ret_val;
979 }
980
981 void check_pool6_threshold(struct reply_state *reply,
982 struct iasubopt *lease)
983 {
984 struct ipv6_pond *pond;
985 isc_uint64_t used, count, high_threshold;
986 int poolhigh = 0, poollow = 0;
987 char *shared_name = "no name";
988 char tmp_addr[INET6_ADDRSTRLEN];
989
990 if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
991 return;
992 pond = lease->ipv6_pool->ipv6_pond;
993
994 /* If the address range is too large to track, just skip all this. */
995 if (pond->jumbo_range == 1) {
996 return;
997 }
998
999 count = pond->num_total;
1000 used = pond->num_active;
1001
1002 /* get network name for logging */
1003 if ((pond->shared_network != NULL) &&
1004 (pond->shared_network->name != NULL)) {
1005 shared_name = pond->shared_network->name;
1006 }
1007
1008 /* The logged flag indicates if we have already crossed the high
1009 * threshold and emitted a log message. If it is set we check to
1010 * see if we have re-crossed the low threshold and need to reset
1011 * things. When we cross the high threshold we determine what
1012 * the low threshold is and save it into the low_threshold value.
1013 * When we cross that threshold we reset the logged flag and
1014 * the low_threshold to 0 which allows the high threshold message
1015 * to be emitted once again.
1016 * if we haven't recrossed the boundry we don't need to do anything.
1017 */
1018 if (pond->logged !=0) {
1019 if (used <= pond->low_threshold) {
1020 pond->low_threshold = 0;
1021 pond->logged = 0;
1022 log_error("Pool threshold reset - shared subnet: %s; "
1023 "address: %s; low threshold %llu/%llu.",
1024 shared_name,
1025 inet_ntop(AF_INET6, &lease->addr,
1026 tmp_addr, sizeof(tmp_addr)),
1027 (long long unsigned)(used),
1028 (long long unsigned)(count));
1029 }
1030 return;
1031 }
1032
1033 /* find the high threshold */
1034 if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1035 NULL, reply->packet->options, reply->opt_state,
1036 reply->opt_state, &lease->scope,
1037 SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1038 /* no threshold bail out */
1039 return;
1040 }
1041
1042 /* We do have a threshold for this pool, see if its valid */
1043 if ((poolhigh <= 0) || (poolhigh > 100)) {
1044 /* not valid */
1045 return;
1046 }
1047
1048 /* we have a valid value, have we exceeded it */
1049 high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1050 if (used < high_threshold) {
1051 /* nope, no more to do */
1052 return;
1053 }
1054
1055 /* we've exceeded it, output a message */
1056 log_error("Pool threshold exceeded - shared subnet: %s; "
1057 "address: %s; high threshold %d%% %llu/%llu.",
1058 shared_name,
1059 inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1060 poolhigh, (long long unsigned)(used),
1061 (long long unsigned)(count));
1062
1063 /* handle the low threshold now, if we don't
1064 * have one we default to 0. */
1065 if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1066 NULL, reply->packet->options, reply->opt_state,
1067 reply->opt_state, &lease->scope,
1068 SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1069 (poollow > 100)) {
1070 poollow = 0;
1071 }
1072
1073 /*
1074 * If the low theshold is higher than the high threshold we continue to log
1075 * If it isn't then we set the flag saying we already logged and determine
1076 * what the reset threshold is.
1077 */
1078 if (poollow < poolhigh) {
1079 pond->logged = 1;
1080 pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1081 }
1082 }
1083
1084 /*
1085 * We have a set of operations we do to set up the reply packet, which
1086 * is the same for many message types.
1087 */
1088 static int
1089 start_reply(struct packet *packet,
1090 const struct data_string *client_id,
1091 const struct data_string *server_id,
1092 struct option_state **opt_state,
1093 struct dhcpv6_packet *reply)
1094 {
1095 struct option_cache *oc;
1096 const unsigned char *server_id_data;
1097 int server_id_len;
1098
1099 /*
1100 * Build our option state for reply.
1101 */
1102 *opt_state = NULL;
1103 if (!option_state_allocate(opt_state, MDL)) {
1104 log_error("start_reply: no memory for option_state.");
1105 return 0;
1106 }
1107 execute_statements_in_scope(NULL, packet, NULL, NULL,
1108 packet->options, *opt_state,
1109 &global_scope, root_group, NULL, NULL);
1110
1111 /*
1112 * A small bit of special handling for Solicit messages.
1113 *
1114 * We could move the logic into a flag, but for now just check
1115 * explicitly.
1116 */
1117 if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
1118 reply->msg_type = DHCPV6_ADVERTISE;
1119
1120 /*
1121 * If:
1122 * - this message type supports rapid commit (Solicit), and
1123 * - the server is configured to supply a rapid commit, and
1124 * - the client requests a rapid commit,
1125 * Then we add a rapid commit option, and send Reply (instead
1126 * of an Advertise).
1127 */
1128 oc = lookup_option(&dhcpv6_universe,
1129 *opt_state, D6O_RAPID_COMMIT);
1130 if (oc != NULL) {
1131 oc = lookup_option(&dhcpv6_universe,
1132 packet->options, D6O_RAPID_COMMIT);
1133 if (oc != NULL) {
1134 /* Rapid-commit in action. */
1135 reply->msg_type = DHCPV6_REPLY;
1136 } else {
1137 /* Don't want a rapid-commit in advertise. */
1138 delete_option(&dhcpv6_universe,
1139 *opt_state, D6O_RAPID_COMMIT);
1140 }
1141 }
1142 } else {
1143 reply->msg_type = DHCPV6_REPLY;
1144 /* Delete the rapid-commit from the sent options. */
1145 oc = lookup_option(&dhcpv6_universe,
1146 *opt_state, D6O_RAPID_COMMIT);
1147 if (oc != NULL) {
1148 delete_option(&dhcpv6_universe,
1149 *opt_state, D6O_RAPID_COMMIT);
1150 }
1151 }
1152
1153 /*
1154 * Use the client's transaction identifier for the reply.
1155 */
1156 memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
1157 sizeof(reply->transaction_id));
1158
1159 /*
1160 * RFC 3315, section 18.2 says we need server identifier and
1161 * client identifier.
1162 *
1163 * If the server ID is defined via the configuration file, then
1164 * it will already be present in the option state at this point,
1165 * so we don't need to set it.
1166 *
1167 * If we have a server ID passed in from the caller,
1168 * use that, otherwise use the global DUID.
1169 */
1170 oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1171 if (oc == NULL) {
1172 if (server_id == NULL) {
1173 server_id_data = server_duid.data;
1174 server_id_len = server_duid.len;
1175 } else {
1176 server_id_data = server_id->data;
1177 server_id_len = server_id->len;
1178 }
1179 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1180 NULL, (unsigned char *)server_id_data,
1181 server_id_len, D6O_SERVERID, 0)) {
1182 log_error("start_reply: "
1183 "error saving server identifier.");
1184 return 0;
1185 }
1186 }
1187
1188 if (client_id->buffer != NULL) {
1189 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1190 client_id->buffer,
1191 (unsigned char *)client_id->data,
1192 client_id->len,
1193 D6O_CLIENTID, 0)) {
1194 log_error("start_reply: error saving "
1195 "client identifier.");
1196 return 0;
1197 }
1198 }
1199
1200 /*
1201 * If the client accepts reconfiguration, let it know that we
1202 * will send them.
1203 *
1204 * Note: we don't actually do this yet, but DOCSIS requires we
1205 * claim to.
1206 */
1207 oc = lookup_option(&dhcpv6_universe, packet->options,
1208 D6O_RECONF_ACCEPT);
1209 if (oc != NULL) {
1210 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1211 NULL, (unsigned char *)"", 0,
1212 D6O_RECONF_ACCEPT, 0)) {
1213 log_error("start_reply: "
1214 "error saving RECONF_ACCEPT option.");
1215 option_state_dereference(opt_state, MDL);
1216 return 0;
1217 }
1218 }
1219
1220 return 1;
1221 }
1222
1223 /*
1224 * Try to get the IPv6 address the client asked for from the
1225 * pool.
1226 *
1227 * addr is the result (should be a pointer to NULL on entry)
1228 * pool is the pool to search in
1229 * requested_addr is the address the client wants
1230 */
1231 static isc_result_t
1232 try_client_v6_address(struct iasubopt **addr,
1233 struct ipv6_pool *pool,
1234 const struct data_string *requested_addr)
1235 {
1236 struct in6_addr tmp_addr;
1237 isc_result_t result;
1238
1239 if (requested_addr->len < sizeof(tmp_addr)) {
1240 return DHCP_R_INVALIDARG;
1241 }
1242 memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1243 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1244 return ISC_R_FAILURE;
1245 }
1246
1247 /*
1248 * The address is not covered by this (or possibly any) dynamic
1249 * range.
1250 */
1251 if (!ipv6_in_pool(&tmp_addr, pool)) {
1252 return ISC_R_ADDRNOTAVAIL;
1253 }
1254
1255 if (lease6_exists(pool, &tmp_addr)) {
1256 return ISC_R_ADDRINUSE;
1257 }
1258
1259 result = iasubopt_allocate(addr, MDL);
1260 if (result != ISC_R_SUCCESS) {
1261 return result;
1262 }
1263 (*addr)->addr = tmp_addr;
1264 (*addr)->plen = 0;
1265
1266 /* Default is soft binding for 2 minutes. */
1267 result = add_lease6(pool, *addr, cur_time + 120);
1268 if (result != ISC_R_SUCCESS) {
1269 iasubopt_dereference(addr, MDL);
1270 }
1271 return result;
1272 }
1273
1274 /*!
1275 *
1276 * \brief Get an IPv6 address for the client.
1277 *
1278 * Attempt to find a usable address for the client. We walk through
1279 * the ponds checking for permit and deny then through the pools
1280 * seeing if they have an available address.
1281 *
1282 * \param reply = the state structure for the current work on this request
1283 * if we create a lease we return it using reply->lease
1284 *
1285 * \return
1286 * ISC_R_SUCCESS = we were able to find an address and are returning a
1287 * pointer to the lease
1288 * ISC_R_NORESOURCES = there don't appear to be any free addresses. This
1289 * is probabalistic. We don't exhaustively try the
1290 * address range, instead we hash the duid and if
1291 * the address derived from the hash is in use we
1292 * hash the address. After a number of failures we
1293 * conclude the pool is basically full.
1294 */
1295 static isc_result_t
1296 pick_v6_address(struct reply_state *reply)
1297 {
1298 struct ipv6_pool *p = NULL;
1299 struct ipv6_pond *pond;
1300 int i;
1301 int start_pool;
1302 unsigned int attempts;
1303 char tmp_buf[INET6_ADDRSTRLEN];
1304 struct iasubopt **addr = &reply->lease;
1305 isc_uint64_t total = 0;
1306 isc_uint64_t active = 0;
1307 isc_uint64_t abandoned = 0;
1308 int jumbo_range = 0;
1309 char *shared_name = (reply->shared->name ?
1310 reply->shared->name : "(no name)");
1311
1312 /*
1313 * Do a quick walk through of the ponds and pools
1314 * to see if we have any NA address pools
1315 */
1316 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1317 if (pond->ipv6_pools == NULL)
1318 continue;
1319
1320 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1321 if (p->pool_type == D6O_IA_NA)
1322 break;
1323 }
1324 if (p != NULL)
1325 break;
1326 }
1327
1328 /* If we get here and p is NULL we have no useful pools */
1329 if (p == NULL) {
1330 log_debug("Unable to pick client address: "
1331 "no IPv6 pools on this shared network");
1332 return ISC_R_NORESOURCES;
1333 }
1334
1335 /*
1336 * We have at least one pool that could provide an address
1337 * Now we walk through the ponds and pools again and check
1338 * to see if the client is permitted and if an address is
1339 * available
1340 *
1341 * Within a given pond we start looking at the last pool we
1342 * allocated from, unless it had a collision trying to allocate
1343 * an address. This will tend to move us into less-filled pools.
1344 */
1345
1346 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1347 isc_result_t result = ISC_R_FAILURE;
1348
1349 if (((pond->prohibit_list != NULL) &&
1350 (permitted(reply->packet, pond->prohibit_list))) ||
1351 ((pond->permit_list != NULL) &&
1352 (!permitted(reply->packet, pond->permit_list))))
1353 continue;
1354
1355 #ifdef EUI_64
1356 /* If pond is EUI-64 but client duid isn't a valid EUI-64
1357 * id, then skip this pond */
1358 if (pond->use_eui_64 &&
1359 !valid_eui_64_duid(&reply->ia->iaid_duid, IAID_LEN)) {
1360 continue;
1361 }
1362 #endif
1363
1364 start_pool = pond->last_ipv6_pool;
1365 i = start_pool;
1366 do {
1367 p = pond->ipv6_pools[i];
1368 if (p->pool_type == D6O_IA_NA) {
1369 #ifdef EUI_64
1370 if (pond->use_eui_64) {
1371 result =
1372 create_lease6_eui_64(p, addr,
1373 &reply->ia->iaid_duid,
1374 cur_time + 120);
1375 }
1376 else
1377 #endif
1378 {
1379 result =
1380 create_lease6(p, addr, &attempts,
1381 &reply->ia->iaid_duid,
1382 cur_time + 120);
1383
1384 }
1385
1386 if (result == ISC_R_SUCCESS) {
1387 /*
1388 * Record the pool used (or next one if
1389 * there was a collision).
1390 */
1391 if (attempts > 1) {
1392 i++;
1393 if (pond->ipv6_pools[i]
1394 == NULL) {
1395 i = 0;
1396 }
1397 }
1398
1399 pond->last_ipv6_pool = i;
1400
1401 log_debug("Picking pool address %s",
1402 inet_ntop(AF_INET6,
1403 &((*addr)->addr),
1404 tmp_buf, sizeof(tmp_buf)));
1405 return (ISC_R_SUCCESS);
1406 }
1407 }
1408
1409 i++;
1410 if (pond->ipv6_pools[i] == NULL) {
1411 i = 0;
1412 }
1413 } while (i != start_pool);
1414
1415 if (result == ISC_R_NORESOURCES) {
1416 jumbo_range += pond->jumbo_range;
1417 total += pond->num_total;
1418 active += pond->num_active;
1419 abandoned += pond->num_abandoned;
1420 }
1421 }
1422
1423 /*
1424 * If we failed to pick an IPv6 address from any of the subnets.
1425 * Presumably that means we have no addresses for the client.
1426 */
1427 if (jumbo_range != 0) {
1428 log_debug("Unable to pick client address: "
1429 "no addresses available - shared network %s: "
1430 " 2^64-1 < total, %llu active, %llu abandoned",
1431 shared_name, (long long unsigned)(active - abandoned),
1432 (long long unsigned)(abandoned));
1433 } else {
1434 log_debug("Unable to pick client address: "
1435 "no addresses available - shared network %s: "
1436 "%llu total, %llu active, %llu abandoned",
1437 shared_name, (long long unsigned)(total),
1438 (long long unsigned)(active - abandoned),
1439 (long long unsigned)(abandoned));
1440 }
1441
1442 return ISC_R_NORESOURCES;
1443 }
1444
1445 /*
1446 * Try to get the IPv6 prefix the client asked for from the
1447 * prefix pool.
1448 *
1449 * pref is the result (should be a pointer to NULL on entry)
1450 * pool is the prefix pool to search in
1451 * requested_pref is the address the client wants
1452 */
1453 static isc_result_t
1454 try_client_v6_prefix(struct iasubopt **pref,
1455 struct ipv6_pool *pool,
1456 const struct data_string *requested_pref)
1457 {
1458 u_int8_t tmp_plen;
1459 struct in6_addr tmp_pref;
1460 struct iaddr ia;
1461 isc_result_t result;
1462
1463 if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1464 return DHCP_R_INVALIDARG;
1465 }
1466
1467 tmp_plen = (int) requested_pref->data[0];
1468 if ((tmp_plen < 3) || (tmp_plen > 128)) {
1469 return ISC_R_FAILURE;
1470 }
1471
1472 memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1473 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1474 return ISC_R_FAILURE;
1475 }
1476
1477 ia.len = 16;
1478 memcpy(&ia.iabuf, &tmp_pref, 16);
1479 if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1480 return ISC_R_FAILURE;
1481 }
1482
1483 if (!ipv6_in_pool(&tmp_pref, pool) ||
1484 ((int)tmp_plen != pool->units)) {
1485 return ISC_R_ADDRNOTAVAIL;
1486 }
1487
1488 if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1489 return ISC_R_ADDRINUSE;
1490 }
1491
1492 result = iasubopt_allocate(pref, MDL);
1493 if (result != ISC_R_SUCCESS) {
1494 return result;
1495 }
1496
1497 (*pref)->addr = tmp_pref;
1498 (*pref)->plen = tmp_plen;
1499
1500 /* Default is soft binding for 2 minutes. */
1501 result = add_lease6(pool, *pref, cur_time + 120);
1502 if (result != ISC_R_SUCCESS) {
1503 iasubopt_dereference(pref, MDL);
1504 }
1505
1506 return result;
1507 }
1508
1509 /*!
1510 *
1511 * \brief Get an IPv6 prefix for the client.
1512 *
1513 * Attempt to find a usable prefix for the client. Based upon the prefix
1514 * length mode and the plen supplied by the client (if one), we make one
1515 * or more calls to pick_v6_prefix_helper() to find a prefix as follows:
1516 *
1517 * PLM_IGNORE or client specifies a plen of zero, use the first available
1518 * prefix regardless of it's length.
1519 *
1520 * PLM_PREFER – look for an exact match to client's plen first, if none
1521 * found, use the first available prefix of any length
1522 *
1523 * PLM_EXACT – look for an exact match first, if none found then fail. This
1524 * is the default behavior.
1525 *
1526 * PLM_MAXIMUM - look for an exact match first, then the first available whose
1527 * prefix length is less than client's plen, otherwise fail.
1528 *
1529 * PLM_MINIMUM - look for an exact match first, then the first available whose
1530 * prefix length is greater than client's plen, otherwise fail.
1531 *
1532 * Note that the selection mode is configurable at the global scope only via
1533 * prefix-len-mode.
1534 *
1535 * \param reply = the state structure for the current work on this request
1536 * if we create a lease we return it using reply->lease
1537 *
1538 * \return
1539 * ISC_R_SUCCESS = we were able to find an prefix and are returning a
1540 * pointer to the lease
1541 * ISC_R_NORESOURCES = there don't appear to be any free addresses. This
1542 * is probabalistic. We don't exhaustively try the
1543 * address range, instead we hash the duid and if
1544 * the address derived from the hash is in use we
1545 * hash the address. After a number of failures we
1546 * conclude the pool is basically full.
1547 */
1548 static isc_result_t
1549 pick_v6_prefix(struct reply_state *reply) {
1550 struct ipv6_pool *p = NULL;
1551 struct ipv6_pond *pond;
1552 int i;
1553 isc_result_t result;
1554
1555 /*
1556 * Do a quick walk through of the ponds and pools
1557 * to see if we have any prefix pools
1558 */
1559 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1560 if (pond->ipv6_pools == NULL)
1561 continue;
1562
1563 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1564 if (p->pool_type == D6O_IA_PD)
1565 break;
1566 }
1567 if (p != NULL)
1568 break;
1569 }
1570
1571 /* If we get here and p is NULL we have no useful pools */
1572 if (p == NULL) {
1573 log_debug("Unable to pick client prefix: "
1574 "no IPv6 pools on this shared network");
1575 return ISC_R_NORESOURCES;
1576 }
1577
1578 if (reply->preflen <= 0) {
1579 /* If we didn't get a plen (-1) or client plen is 0, then just
1580 * select first available (same as PLM_INGORE) */
1581 result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1582 } else {
1583 switch (prefix_length_mode) {
1584 case PLM_PREFER:
1585 /* First we look for an exact match, if not found
1586 * then first available */
1587 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1588 if (result != ISC_R_SUCCESS) {
1589 result = pick_v6_prefix_helper(reply,
1590 PLM_IGNORE);
1591 }
1592 break;
1593
1594 case PLM_EXACT:
1595 /* Match exactly or fail */
1596 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1597 break;
1598
1599 case PLM_MINIMUM:
1600 case PLM_MAXIMUM:
1601 /* First we look for an exact match, if not found
1602 * then first available by mode */
1603 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1604 if (result != ISC_R_SUCCESS) {
1605 result = pick_v6_prefix_helper(reply,
1606 prefix_length_mode);
1607 }
1608 break;
1609
1610 default:
1611 /* First available */
1612 result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1613 break;
1614 }
1615 }
1616
1617 if (result == ISC_R_SUCCESS) {
1618 char tmp_buf[INET6_ADDRSTRLEN];
1619
1620 log_debug("Picking pool prefix %s/%u",
1621 inet_ntop(AF_INET6, &(reply->lease->addr),
1622 tmp_buf, sizeof(tmp_buf)),
1623 (unsigned)(reply->lease->plen));
1624 return (ISC_R_SUCCESS);
1625 }
1626
1627 /*
1628 * If we failed to pick an IPv6 prefix
1629 * Presumably that means we have no prefixes for the client.
1630 */
1631 log_debug("Unable to pick client prefix: no prefixes available");
1632 return ISC_R_NORESOURCES;
1633 }
1634
1635 /*!
1636 *
1637 * \brief Get an IPv6 prefix for the client based upon selection mode.
1638 *
1639 * We walk through the ponds checking for permit and deny. If a pond is
1640 * permissable to use, loop through its PD pools checking prefix lengths
1641 * against the client plen based on the prefix length mode, looking for
1642 * available prefixes.
1643 *
1644 * \param reply = the state structure for the current work on this request
1645 * if we create a lease we return it using reply->lease
1646 * \prefix_mode = selection mode to use
1647 *
1648 * \return
1649 * ISC_R_SUCCESS = we were able to find a prefix and are returning a
1650 * pointer to the lease
1651 * ISC_R_NORESOURCES = there don't appear to be any free addresses. This
1652 * is probabalistic. We don't exhaustively try the
1653 * address range, instead we hash the duid and if
1654 * the address derived from the hash is in use we
1655 * hash the address. After a number of failures we
1656 * conclude the pool is basically full.
1657 */
1658 isc_result_t
1659 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1660 struct ipv6_pool *p = NULL;
1661 struct ipv6_pond *pond;
1662 int i;
1663 unsigned int attempts;
1664 struct iasubopt **pref = &reply->lease;
1665
1666 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1667 if (((pond->prohibit_list != NULL) &&
1668 (permitted(reply->packet, pond->prohibit_list))) ||
1669 ((pond->permit_list != NULL) &&
1670 (!permitted(reply->packet, pond->permit_list))))
1671 continue;
1672
1673 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1674 if ((p->pool_type == D6O_IA_PD) &&
1675 (eval_prefix_mode(p->units, reply->preflen,
1676 prefix_mode) == 1) &&
1677 (create_prefix6(p, pref, &attempts,
1678 &reply->ia->iaid_duid,
1679 cur_time + 120) == ISC_R_SUCCESS)) {
1680 return (ISC_R_SUCCESS);
1681 }
1682 }
1683 }
1684
1685 return ISC_R_NORESOURCES;
1686 }
1687
1688 /*!
1689 *
1690 * \brief Test a prefix length against another based on prefix length mode
1691 *
1692 * \param len - prefix length to test
1693 * \param preflen - preferred prefix length against which to test
1694 * \param prefix_mode - prefix selection mode with which to test
1695 *
1696 * Note that the case of preferred length of 0 is not short-cut here as it
1697 * is assumed to be done at a higher level.
1698 *
1699 * \return 1 if the given length is usable based upon mode and a preferred
1700 * length, 0 if not.
1701 */
1702 int
1703 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1704 int use_it = 1;
1705 switch (prefix_mode) {
1706 case PLM_EXACT:
1707 use_it = (len == preflen);
1708 break;
1709 case PLM_MINIMUM:
1710 /* they asked for a prefix length no "shorter" than preflen */
1711 use_it = (len >= preflen);
1712 break;
1713 case PLM_MAXIMUM:
1714 /* they asked for a prefix length no "longer" than preflen */
1715 use_it = (len <= preflen);
1716 break;
1717 default:
1718 /* otherwise use it */
1719 break;
1720 }
1721
1722 return (use_it);
1723 }
1724
1725 /*
1726 *! \file server/dhcpv6.c
1727 *
1728 * \brief construct a reply containing information about a client's lease
1729 *
1730 * lease_to_client() is called from several messages to construct a
1731 * reply that contains all that we know about the client's correct lease
1732 * (or projected lease).
1733 *
1734 * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1735 * send what we "may" give them on a request.
1736 *
1737 * Request - "Hard" binding, but ignore supplied addresses (just provide what
1738 * the client should really use).
1739 *
1740 * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1741 * Rebind out any "wrong" addresses the client sends. This means we send
1742 * an empty IA_NA with a status code of NoBinding or NotOnLink or
1743 * possibly send the address with zeroed lifetimes.
1744 *
1745 * Information-Request - No binding.
1746 *
1747 * The basic structure is to traverse the client-supplied data first, and
1748 * validate and echo back any contents that can be. If the client-supplied
1749 * data does not error out (on renew/rebind as above), but we did not send
1750 * any addresses, attempt to allocate one.
1751 *
1752 * At the end of the this function we call commit_leases_timed() to
1753 * fsync and rotate the file as necessary. commit_leases_timed() will
1754 * check that we have written at least one lease to the file and that
1755 * some time has passed before doing any fsync or file rewrite so we
1756 * don't bother tracking if we did a write_ia during this function.
1757 */
1758 /* TODO: look at client hints for lease times */
1759
1760 static void
1761 lease_to_client(struct data_string *reply_ret,
1762 struct packet *packet,
1763 const struct data_string *client_id,
1764 const struct data_string *server_id)
1765 {
1766 static struct reply_state reply;
1767 struct option_cache *oc;
1768 struct data_string packet_oro;
1769 int i;
1770
1771 memset(&packet_oro, 0, sizeof(packet_oro));
1772
1773 /* Locate the client. */
1774 if (shared_network_from_packet6(&reply.shared,
1775 packet) != ISC_R_SUCCESS)
1776 goto exit;
1777
1778 /*
1779 * Initialize the reply.
1780 */
1781 packet_reference(&reply.packet, packet, MDL);
1782 data_string_copy(&reply.client_id, client_id, MDL);
1783
1784 if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1785 &reply.buf.reply))
1786 goto exit;
1787
1788 /* Set the write cursor to just past the reply header. */
1789 reply.cursor = REPLY_OPTIONS_INDEX;
1790
1791 /*
1792 * Get the ORO from the packet, if any.
1793 */
1794 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1795 if (oc != NULL) {
1796 if (!evaluate_option_cache(&packet_oro, packet,
1797 NULL, NULL,
1798 packet->options, NULL,
1799 &global_scope, oc, MDL)) {
1800 log_error("lease_to_client: error evaluating ORO.");
1801 goto exit;
1802 }
1803 }
1804
1805 /*
1806 * Find a host record that matches the packet, if any, and is
1807 * valid for the shared network the client is on.
1808 */
1809 if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1810 packet->known = 1;
1811 seek_shared_host(&reply.host, reply.shared);
1812 }
1813
1814 /* Process the client supplied IA's onto the reply buffer. */
1815 reply.ia_count = 0;
1816 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
1817
1818 for (; oc != NULL ; oc = oc->next) {
1819 isc_result_t status;
1820
1821 /* Start counting resources (addresses) offered. */
1822 reply.client_resources = 0;
1823 reply.resources_included = ISC_FALSE;
1824
1825 status = reply_process_ia_na(&reply, oc);
1826
1827 /*
1828 * We continue to try other IA's whether we can address
1829 * this one or not. Any other result is an immediate fail.
1830 */
1831 if ((status != ISC_R_SUCCESS) &&
1832 (status != ISC_R_NORESOURCES))
1833 goto exit;
1834 }
1835 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_TA);
1836 for (; oc != NULL ; oc = oc->next) {
1837 isc_result_t status;
1838
1839 /* Start counting resources (addresses) offered. */
1840 reply.client_resources = 0;
1841 reply.resources_included = ISC_FALSE;
1842
1843 status = reply_process_ia_ta(&reply, oc);
1844
1845 /*
1846 * We continue to try other IA's whether we can address
1847 * this one or not. Any other result is an immediate fail.
1848 */
1849 if ((status != ISC_R_SUCCESS) &&
1850 (status != ISC_R_NORESOURCES))
1851 goto exit;
1852 }
1853
1854 /* Same for IA_PD's. */
1855 reply.pd_count = 0;
1856 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
1857 for (; oc != NULL ; oc = oc->next) {
1858 isc_result_t status;
1859
1860 /* Start counting resources (prefixes) offered. */
1861 reply.client_resources = 0;
1862 reply.resources_included = ISC_FALSE;
1863
1864 status = reply_process_ia_pd(&reply, oc);
1865
1866 /*
1867 * We continue to try other IA_PD's whether we can address
1868 * this one or not. Any other result is an immediate fail.
1869 */
1870 if ((status != ISC_R_SUCCESS) &&
1871 (status != ISC_R_NORESOURCES))
1872 goto exit;
1873 }
1874
1875 /*
1876 * Make no reply if we gave no resources and is not
1877 * for Information-Request.
1878 */
1879 if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1880 if (reply.packet->dhcpv6_msg_type !=
1881 DHCPV6_INFORMATION_REQUEST)
1882 goto exit;
1883
1884 /*
1885 * Because we only execute statements on a per-IA basis,
1886 * we need to execute statements in any non-IA reply to
1887 * source configuration.
1888 */
1889 execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1890 reply.packet->options,
1891 reply.opt_state, &global_scope,
1892 reply.shared->group, root_group,
1893 NULL);
1894
1895 /* Execute statements from class scopes. */
1896 for (i = reply.packet->class_count; i > 0; i--) {
1897 execute_statements_in_scope(NULL, reply.packet,
1898 NULL, NULL,
1899 reply.packet->options,
1900 reply.opt_state,
1901 &global_scope,
1902 reply.packet->classes[i - 1]->group,
1903 reply.shared->group, NULL);
1904 }
1905
1906 /* Bring in any configuration from a host record. */
1907 if (reply.host != NULL)
1908 execute_statements_in_scope(NULL, reply.packet,
1909 NULL, NULL,
1910 reply.packet->options,
1911 reply.opt_state,
1912 &global_scope,
1913 reply.host->group,
1914 reply.shared->group, NULL);
1915 }
1916
1917 /*
1918 * RFC3315 section 17.2.2 (Solicit):
1919 *
1920 * If the server will not assign any addresses to any IAs in a
1921 * subsequent Request from the client, the server MUST send an
1922 * Advertise message to the client that includes only a Status
1923 * Code option with code NoAddrsAvail and a status message for
1924 * the user, a Server Identifier option with the server's DUID,
1925 * and a Client Identifier option with the client's DUID.
1926 *
1927 * This has been updated by an errata such that the server
1928 * can always send an IA.
1929 *
1930 * Section 18.2.1 (Request):
1931 *
1932 * If the server cannot assign any addresses to an IA in the
1933 * message from the client, the server MUST include the IA in
1934 * the Reply message with no addresses in the IA and a Status
1935 * Code option in the IA containing status code NoAddrsAvail.
1936 *
1937 * Section 18.1.8 (Client Behavior):
1938 *
1939 * Leave unchanged any information about addresses the client has
1940 * recorded in the IA but that were not included in the IA from
1941 * the server.
1942 * Sends a Renew/Rebind if the IA is not in the Reply message.
1943 */
1944
1945 /*
1946 * Having stored the client's IA's, store any options that
1947 * will fit in the remaining space.
1948 */
1949 reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1950 sizeof(reply.buf) - reply.cursor,
1951 reply.opt_state, reply.packet,
1952 required_opts_solicit,
1953 &packet_oro);
1954
1955 /* Return our reply to the caller. */
1956 reply_ret->len = reply.cursor;
1957 reply_ret->buffer = NULL;
1958 if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1959 log_fatal("No memory to store Reply.");
1960 }
1961 memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1962 reply_ret->data = reply_ret->buffer->data;
1963
1964 /* If appropriate commit and rotate the lease file */
1965 (void) commit_leases_timed();
1966
1967 exit:
1968 /* Cleanup. */
1969 if (reply.shared != NULL)
1970 shared_network_dereference(&reply.shared, MDL);
1971 if (reply.host != NULL)
1972 host_dereference(&reply.host, MDL);
1973 if (reply.opt_state != NULL)
1974 option_state_dereference(&reply.opt_state, MDL);
1975 if (reply.packet != NULL)
1976 packet_dereference(&reply.packet, MDL);
1977 if (reply.client_id.data != NULL)
1978 data_string_forget(&reply.client_id, MDL);
1979 if (packet_oro.buffer != NULL)
1980 data_string_forget(&packet_oro, MDL);
1981 reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1982 reply.cursor = 0;
1983 }
1984
1985 /* Process a client-supplied IA_NA. This may append options to the tail of
1986 * the reply packet being built in the reply_state structure.
1987 */
1988 static isc_result_t
1989 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1990 isc_result_t status = ISC_R_SUCCESS;
1991 u_int32_t iaid;
1992 unsigned ia_cursor;
1993 struct option_state *packet_ia;
1994 struct option_cache *oc;
1995 struct data_string ia_data, data;
1996
1997 /* Initialize values that will get cleaned up on return. */
1998 packet_ia = NULL;
1999 memset(&ia_data, 0, sizeof(ia_data));
2000 memset(&data, 0, sizeof(data));
2001 /*
2002 * Note that find_client_address() may set reply->lease.
2003 */
2004
2005 /* Make sure there is at least room for the header. */
2006 if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
2007 log_error("reply_process_ia_na: Reply too long for IA.");
2008 return ISC_R_NOSPACE;
2009 }
2010
2011
2012 /* Fetch the IA_NA contents. */
2013 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2014 ia, IA_NA_OFFSET)) {
2015 log_error("reply_process_ia_na: error evaluating ia");
2016 status = ISC_R_FAILURE;
2017 goto cleanup;
2018 }
2019
2020 /* Extract IA_NA header contents. */
2021 iaid = getULong(ia_data.data);
2022 reply->renew = getULong(ia_data.data + 4);
2023 reply->rebind = getULong(ia_data.data + 8);
2024
2025 /* Create an IA_NA structure. */
2026 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2027 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2028 log_error("reply_process_ia_na: no memory for ia.");
2029 status = ISC_R_NOMEMORY;
2030 goto cleanup;
2031 }
2032 reply->ia->ia_type = D6O_IA_NA;
2033
2034 /* Cache pre-existing IA, if any. */
2035 ia_hash_lookup(&reply->old_ia, ia_na_active,
2036 (unsigned char *)reply->ia->iaid_duid.data,
2037 reply->ia->iaid_duid.len, MDL);
2038
2039 /*
2040 * Create an option cache to carry the IA_NA option contents, and
2041 * execute any user-supplied values into it.
2042 */
2043 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2044 status = ISC_R_NOMEMORY;
2045 goto cleanup;
2046 }
2047
2048 /* Check & cache the fixed host record. */
2049 if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2050 struct iaddr tmp_addr;
2051
2052 if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2053 NULL, NULL, &global_scope,
2054 reply->host->fixed_addr, MDL)) {
2055 log_error("reply_process_ia_na: unable to evaluate "
2056 "fixed address.");
2057 status = ISC_R_FAILURE;
2058 goto cleanup;
2059 }
2060
2061 if (reply->fixed.len < 16) {
2062 log_error("reply_process_ia_na: invalid fixed address.");
2063 status = DHCP_R_INVALIDARG;
2064 goto cleanup;
2065 }
2066
2067 /* Find the static lease's subnet. */
2068 tmp_addr.len = 16;
2069 memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2070
2071 if (find_grouped_subnet(&reply->subnet, reply->shared,
2072 tmp_addr, MDL) == 0)
2073 log_fatal("Impossible condition at %s:%d.", MDL);
2074
2075 reply->static_lease = ISC_TRUE;
2076 } else
2077 reply->static_lease = ISC_FALSE;
2078
2079 /*
2080 * Save the cursor position at the start of the IA, so we can
2081 * set length and adjust t1/t2 values later. We write a temporary
2082 * header out now just in case we decide to adjust the packet
2083 * within sub-process functions.
2084 */
2085 ia_cursor = reply->cursor;
2086
2087 /* Initialize the IA_NA header. First the code. */
2088 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2089 reply->cursor += 2;
2090
2091 /* Then option length. */
2092 putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2093 reply->cursor += 2;
2094
2095 /* Then IA_NA header contents; IAID. */
2096 putULong(reply->buf.data + reply->cursor, iaid);
2097 reply->cursor += 4;
2098
2099 /* We store the client's t1 for now, and may over-ride it later. */
2100 putULong(reply->buf.data + reply->cursor, reply->renew);
2101 reply->cursor += 4;
2102
2103 /* We store the client's t2 for now, and may over-ride it later. */
2104 putULong(reply->buf.data + reply->cursor, reply->rebind);
2105 reply->cursor += 4;
2106
2107 /*
2108 * For each address in this IA_NA, decide what to do about it.
2109 *
2110 * Guidelines:
2111 *
2112 * The client leaves unchanged any information about addresses
2113 * it has recorded but are not included ("cancel/break" below).
2114 * A not included IA ("cleanup" below) could give a Renew/Rebind.
2115 */
2116 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2117 reply->min_valid = reply->min_prefer = INFINITE_TIME;
2118 reply->client_valid = reply->client_prefer = 0;
2119 for (; oc != NULL ; oc = oc->next) {
2120 status = reply_process_addr(reply, oc);
2121
2122 /*
2123 * Canceled means we did not allocate addresses to the
2124 * client, but we're "done" with this IA - we set a status
2125 * code. So transmit this reply, e.g., move on to the next
2126 * IA.
2127 */
2128 if (status == ISC_R_CANCELED)
2129 break;
2130
2131 if ((status != ISC_R_SUCCESS) &&
2132 (status != ISC_R_ADDRINUSE) &&
2133 (status != ISC_R_ADDRNOTAVAIL))
2134 goto cleanup;
2135 }
2136
2137 reply->ia_count++;
2138
2139 /*
2140 * If we fell through the above and never gave the client
2141 * an address, give it one now.
2142 */
2143 if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2144 status = find_client_address(reply);
2145
2146 if (status == ISC_R_NORESOURCES) {
2147 switch (reply->packet->dhcpv6_msg_type) {
2148 case DHCPV6_SOLICIT:
2149 /*
2150 * No address for any IA is handled
2151 * by the caller.
2152 */
2153 /* FALL THROUGH */
2154
2155 case DHCPV6_REQUEST:
2156 /* Section 18.2.1 (Request):
2157 *
2158 * If the server cannot assign any addresses to
2159 * an IA in the message from the client, the
2160 * server MUST include the IA in the Reply
2161 * message with no addresses in the IA and a
2162 * Status Code option in the IA containing
2163 * status code NoAddrsAvail.
2164 */
2165 option_state_dereference(&reply->reply_ia, MDL);
2166 if (!option_state_allocate(&reply->reply_ia,
2167 MDL))
2168 {
2169 log_error("reply_process_ia_na: No "
2170 "memory for option state "
2171 "wipe.");
2172 status = ISC_R_NOMEMORY;
2173 goto cleanup;
2174 }
2175
2176 if (!set_status_code(STATUS_NoAddrsAvail,
2177 "No addresses available "
2178 "for this interface.",
2179 reply->reply_ia)) {
2180 log_error("reply_process_ia_na: Unable "
2181 "to set NoAddrsAvail status "
2182 "code.");
2183 status = ISC_R_FAILURE;
2184 goto cleanup;
2185 }
2186
2187 status = ISC_R_SUCCESS;
2188 break;
2189
2190 default:
2191 /*
2192 * RFC 3315 does not tell us to emit a status
2193 * code in this condition, or anything else.
2194 *
2195 * If we included non-allocated addresses
2196 * (zeroed lifetimes) in an IA, then the client
2197 * will deconfigure them.
2198 *
2199 * So we want to include the IA even if we
2200 * can't give it a new address if it includes
2201 * zeroed lifetime addresses.
2202 *
2203 * We don't want to include the IA if we
2204 * provide zero addresses including zeroed
2205 * lifetimes.
2206 */
2207 if (reply->resources_included)
2208 status = ISC_R_SUCCESS;
2209 else
2210 goto cleanup;
2211 break;
2212 }
2213 }
2214
2215 if (status != ISC_R_SUCCESS)
2216 goto cleanup;
2217 }
2218
2219 /*
2220 * yes, goto's aren't the best but we also want to avoid extra
2221 * indents
2222 */
2223 if (status == ISC_R_CANCELED) {
2224 /* We're replying with a status code so we still need to
2225 * write it out in wire-format to the outbound buffer */
2226 write_to_packet(reply, ia_cursor);
2227 goto cleanup;
2228 }
2229
2230 /*
2231 * Handle static leases, we always log stuff and if it's
2232 * a hard binding we run any commit statements that we have
2233 */
2234 if (reply->static_lease) {
2235 char tmp_addr[INET6_ADDRSTRLEN];
2236 log_info("%s NA: address %s to client with duid %s iaid = %d "
2237 "static",
2238 dhcpv6_type_names[reply->buf.reply.msg_type],
2239 inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2240 sizeof(tmp_addr)),
2241 print_hex_1(reply->client_id.len,
2242 reply->client_id.data, 60),
2243 iaid);
2244
2245 /* Write the lease out in wire-format to the outbound buffer */
2246 write_to_packet(reply, ia_cursor);
2247 #ifdef NSUPDATE
2248 /* Performs DDNS updates if we're configured to do them */
2249 ddns_update_static6(reply);
2250 #endif
2251 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2252 (reply->on_star.on_commit != NULL)) {
2253 execute_statements(NULL, reply->packet, NULL, NULL,
2254 reply->packet->options,
2255 reply->opt_state, NULL,
2256 reply->on_star.on_commit, NULL);
2257 executable_statement_dereference
2258 (&reply->on_star.on_commit, MDL);
2259 }
2260 goto cleanup;
2261 }
2262
2263 /*
2264 * If we have any addresses log what we are doing.
2265 */
2266 if (reply->ia->num_iasubopt != 0) {
2267 struct iasubopt *tmp;
2268 int i;
2269 char tmp_addr[INET6_ADDRSTRLEN];
2270
2271 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2272 tmp = reply->ia->iasubopt[i];
2273
2274 log_info("%s NA: address %s to client with duid %s "
2275 "iaid = %d valid for %u seconds",
2276 dhcpv6_type_names[reply->buf.reply.msg_type],
2277 inet_ntop(AF_INET6, &tmp->addr,
2278 tmp_addr, sizeof(tmp_addr)),
2279 print_hex_1(reply->client_id.len,
2280 reply->client_id.data, 60),
2281 iaid, tmp->valid);
2282 }
2283 }
2284
2285 /*
2286 * If this is not a 'soft' binding, consume the new changes into
2287 * the database (if any have been attached to the ia_na).
2288 *
2289 * Loop through the assigned dynamic addresses, referencing the
2290 * leases onto this IA_NA rather than any old ones, and updating
2291 * pool timers for each (if any).
2292 *
2293 * Note that we must do ddns_updates() before we test for lease
2294 * reuse (so we'll know if DNS entries are different). To ensure
2295 * we don't break any configs, we run on_commit statements before
2296 * we do ddns_updates() just in case the former affects the later.
2297 * This is symetrical with v4 logic. We always run on_commit and
2298 * ddns_udpates() whether a lease is reused or renewed.
2299 */
2300 if ((reply->ia->num_iasubopt != 0) &&
2301 (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2302 int must_commit = 0;
2303 struct iasubopt *tmp;
2304 struct data_string *ia_id;
2305 int i;
2306
2307 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2308 tmp = reply->ia->iasubopt[i];
2309 if (tmp->ia != NULL) {
2310 ia_dereference(&tmp->ia, MDL);
2311 }
2312
2313 ia_reference(&tmp->ia, reply->ia, MDL);
2314
2315 /* If we have anything to do on commit do it now */
2316 if (tmp->on_star.on_commit != NULL) {
2317 execute_statements(NULL, reply->packet,
2318 NULL, NULL,
2319 reply->packet->options,
2320 reply->opt_state,
2321 &tmp->scope,
2322 tmp->on_star.on_commit,
2323 &tmp->on_star);
2324 executable_statement_dereference
2325 (&tmp->on_star.on_commit, MDL);
2326 }
2327
2328 #if defined (NSUPDATE)
2329
2330 /* Perform ddns updates */
2331 oc = lookup_option(&server_universe, reply->opt_state,
2332 SV_DDNS_UPDATES);
2333 if ((oc == NULL) ||
2334 evaluate_boolean_option_cache(NULL, reply->packet,
2335 NULL, NULL,
2336 reply->packet->options,
2337 reply->opt_state,
2338 &tmp->scope,
2339 oc, MDL)) {
2340 ddns_updates(reply->packet, NULL, NULL,
2341 tmp, NULL, reply->opt_state);
2342 }
2343 #endif
2344 if (!reuse_lease6(reply, tmp)) {
2345 /* Commit 'hard' bindings. */
2346 must_commit = 1;
2347 renew_lease6(tmp->ipv6_pool, tmp);
2348 schedule_lease_timeout(tmp->ipv6_pool);
2349
2350 /* Do our threshold check. */
2351 check_pool6_threshold(reply, tmp);
2352 }
2353 }
2354
2355 /* write the IA_NA in wire-format to the outbound buffer */
2356 write_to_packet(reply, ia_cursor);
2357
2358 /* Remove any old ia from the hash. */
2359 if (reply->old_ia != NULL) {
2360 if (!release_on_roam(reply)) {
2361 ia_id = &reply->old_ia->iaid_duid;
2362 ia_hash_delete(ia_na_active,
2363 (unsigned char *)ia_id->data,
2364 ia_id->len, MDL);
2365 }
2366
2367 ia_dereference(&reply->old_ia, MDL);
2368 }
2369
2370 /* Put new ia into the hash. */
2371 reply->ia->cltt = cur_time;
2372 ia_id = &reply->ia->iaid_duid;
2373 ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2374 ia_id->len, reply->ia, MDL);
2375
2376 /* If we couldn't reuse all of the iasubopts, we
2377 * must update udpate the lease db */
2378 if (must_commit) {
2379 write_ia(reply->ia);
2380 }
2381 } else {
2382 /* write the IA_NA in wire-format to the outbound buffer */
2383 write_to_packet(reply, ia_cursor);
2384 schedule_lease_timeout_reply(reply);
2385 }
2386
2387 cleanup:
2388 if (packet_ia != NULL)
2389 option_state_dereference(&packet_ia, MDL);
2390 if (reply->reply_ia != NULL)
2391 option_state_dereference(&reply->reply_ia, MDL);
2392 if (ia_data.data != NULL)
2393 data_string_forget(&ia_data, MDL);
2394 if (data.data != NULL)
2395 data_string_forget(&data, MDL);
2396 if (reply->ia != NULL)
2397 ia_dereference(&reply->ia, MDL);
2398 if (reply->old_ia != NULL)
2399 ia_dereference(&reply->old_ia, MDL);
2400 if (reply->lease != NULL)
2401 iasubopt_dereference(&reply->lease, MDL);
2402 if (reply->fixed.data != NULL)
2403 data_string_forget(&reply->fixed, MDL);
2404 if (reply->subnet != NULL)
2405 subnet_dereference(&reply->subnet, MDL);
2406 if (reply->on_star.on_expiry != NULL)
2407 executable_statement_dereference
2408 (&reply->on_star.on_expiry, MDL);
2409 if (reply->on_star.on_release != NULL)
2410 executable_statement_dereference
2411 (&reply->on_star.on_release, MDL);
2412
2413 /*
2414 * ISC_R_CANCELED is a status code used by the addr processing to
2415 * indicate we're replying with a status code. This is still a
2416 * success at higher layers.
2417 */
2418 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2419 }
2420
2421 /*
2422 * Writes the populated IA_xx in wire format to the reply buffer
2423 */
2424 void
2425 write_to_packet(struct reply_state *reply, unsigned ia_cursor) {
2426 reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2427 sizeof(reply->buf) - reply->cursor,
2428 reply->reply_ia, reply->packet,
2429 (reply->ia->ia_type != D6O_IA_PD ?
2430 required_opts_IA : required_opts_IA_PD),
2431 NULL);
2432
2433 /* Reset the length of this IA to match what was just written. */
2434 putUShort(reply->buf.data + ia_cursor + 2,
2435 reply->cursor - (ia_cursor + 4));
2436
2437 if (reply->ia->ia_type != D6O_IA_TA) {
2438 /* Calculate T1/T2 and stuff them in the reply */
2439 set_reply_tee_times(reply, ia_cursor);
2440 }
2441 }
2442
2443 /*
2444 * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2445 * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2446 * in the event we are replying with a status code and do not wish to process
2447 * more IAADDRs within this IA.
2448 */
2449 static isc_result_t
2450 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2451 u_int32_t pref_life, valid_life;
2452 struct binding_scope **scope;
2453 struct group *group;
2454 struct subnet *subnet;
2455 struct iaddr tmp_addr;
2456 struct option_cache *oc;
2457 struct data_string iaaddr, data;
2458 isc_result_t status = ISC_R_SUCCESS;
2459 #ifdef EUI_64
2460 int invalid_for_eui_64 = 0;
2461 #endif
2462
2463 /* Initializes values that will be cleaned up. */
2464 memset(&iaaddr, 0, sizeof(iaaddr));
2465 memset(&data, 0, sizeof(data));
2466 /* Note that reply->lease may be set by address_is_owned() */
2467
2468 /*
2469 * There is no point trying to process an incoming address if there
2470 * is no room for an outgoing address.
2471 */
2472 if ((reply->cursor + 28) > sizeof(reply->buf)) {
2473 log_error("reply_process_addr: Out of room for address.");
2474 return ISC_R_NOSPACE;
2475 }
2476
2477 /* Extract this IAADDR option. */
2478 if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2479 reply->packet->options, NULL, &global_scope,
2480 addr, MDL) ||
2481 (iaaddr.len < IAADDR_OFFSET)) {
2482 log_error("reply_process_addr: error evaluating IAADDR.");
2483 status = ISC_R_FAILURE;
2484 goto cleanup;
2485 }
2486
2487 /* The first 16 bytes are the IPv6 address. */
2488 pref_life = getULong(iaaddr.data + 16);
2489 valid_life = getULong(iaaddr.data + 20);
2490
2491 if ((reply->client_valid == 0) ||
2492 (reply->client_valid > valid_life))
2493 reply->client_valid = valid_life;
2494
2495 if ((reply->client_prefer == 0) ||
2496 (reply->client_prefer > pref_life))
2497 reply->client_prefer = pref_life;
2498
2499 /*
2500 * Clients may choose to send :: as an address, with the idea to give
2501 * hints about preferred-lifetime or valid-lifetime.
2502 */
2503 tmp_addr.len = 16;
2504 memset(tmp_addr.iabuf, 0, 16);
2505 if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2506 /* Status remains success; we just ignore this one. */
2507 goto cleanup;
2508 }
2509
2510 /* tmp_addr len remains 16 */
2511 memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2512
2513 /*
2514 * Verify that this address is on the client's network.
2515 */
2516 for (subnet = reply->shared->subnets ; subnet != NULL ;
2517 subnet = subnet->next_sibling) {
2518 if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2519 subnet->net))
2520 break;
2521 }
2522
2523 #ifdef EUI_64
2524 if (subnet) {
2525 /* If the requested address falls into an EUI-64 pool, then
2526 * we need to verify if it has EUI-64 duid AND the requested
2527 * address is correct for that duid. If not we treat it just
2528 * like an not-on-link request. */
2529 struct ipv6_pool* pool = NULL;
2530 struct in6_addr* addr = (struct in6_addr*)(iaaddr.data);
2531 if ((find_ipv6_pool(&pool, D6O_IA_NA, addr) == ISC_R_SUCCESS)
2532 && (pool->ipv6_pond->use_eui_64) &&
2533 (!valid_for_eui_64_pool(pool, &reply->client_id, 0, addr))) {
2534 log_debug ("Requested address: %s,"
2535 " not valid for EUI-64 pool",
2536 pin6_addr(addr));
2537 invalid_for_eui_64 = 1;
2538 }
2539 }
2540 #endif
2541
2542 /* Address not found on shared network. */
2543 #ifdef EUI_64
2544 if ((subnet == NULL) || invalid_for_eui_64) {
2545 #else
2546 if (subnet == NULL) {
2547 #endif
2548 /* Ignore this address on 'soft' bindings. */
2549 if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2550 /* disable rapid commit */
2551 reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2552 delete_option(&dhcpv6_universe,
2553 reply->opt_state,
2554 D6O_RAPID_COMMIT);
2555 /* status remains success */
2556 goto cleanup;
2557 }
2558
2559 /*
2560 * RFC3315 section 18.2.1:
2561 *
2562 * If the server finds that the prefix on one or more IP
2563 * addresses in any IA in the message from the client is not
2564 * appropriate for the link to which the client is connected,
2565 * the server MUST return the IA to the client with a Status
2566 * Code option with the value NotOnLink.
2567 */
2568 if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2569 /* Rewind the IA_NA to empty. */
2570 option_state_dereference(&reply->reply_ia, MDL);
2571 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2572 log_error("reply_process_addr: No memory for "
2573 "option state wipe.");
2574 status = ISC_R_NOMEMORY;
2575 goto cleanup;
2576 }
2577
2578 /* Append a NotOnLink status code. */
2579 if (!set_status_code(STATUS_NotOnLink,
2580 "Address not for use on this "
2581 "link.", reply->reply_ia)) {
2582 log_error("reply_process_addr: Failure "
2583 "setting status code.");
2584 status = ISC_R_FAILURE;
2585 goto cleanup;
2586 }
2587
2588 /* Fin (no more IAADDRs). */
2589 status = ISC_R_CANCELED;
2590 goto cleanup;
2591 }
2592
2593 /*
2594 * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2595 *
2596 * If the server finds that any of the addresses are not
2597 * appropriate for the link to which the client is attached,
2598 * the server returns the address to the client with lifetimes
2599 * of 0.
2600 */
2601 if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2602 (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2603 log_error("It is impossible to lease a client that is "
2604 "not sending a solicit, request, renew, or "
2605 "rebind.");
2606 status = ISC_R_FAILURE;
2607 goto cleanup;
2608 }
2609
2610 reply->send_prefer = reply->send_valid = 0;
2611 goto send_addr;
2612 }
2613
2614
2615 /* Verify the address belongs to the client. */
2616 if (!address_is_owned(reply, &tmp_addr)) {
2617 /*
2618 * For solicit and request, any addresses included are
2619 * 'requested' addresses. For rebind, we actually have
2620 * no direction on what to do from 3315 section 18.2.4!
2621 * So I think the best bet is to try and give it out, and if
2622 * we can't, zero lifetimes.
2623 */
2624 if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2625 (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2626 (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2627 status = reply_process_try_addr(reply, &tmp_addr);
2628
2629 /*
2630 * If the address is in use, or isn't in any dynamic
2631 * range, continue as normal. If any other error was
2632 * found, error out.
2633 */
2634 if ((status != ISC_R_SUCCESS) &&
2635 (status != ISC_R_ADDRINUSE) &&
2636 (status != ISC_R_ADDRNOTAVAIL))
2637 goto cleanup;
2638
2639 /*
2640 * If we didn't honor this lease, for solicit and
2641 * request we simply omit it from our answer. For
2642 * rebind, we send it with zeroed lifetimes.
2643 */
2644 if (reply->lease == NULL) {
2645 if (reply->packet->dhcpv6_msg_type ==
2646 DHCPV6_REBIND) {
2647 reply->send_prefer = 0;
2648 reply->send_valid = 0;
2649 goto send_addr;
2650 }
2651
2652 /* status remains success - ignore */
2653 goto cleanup;
2654 }
2655 /*
2656 * RFC3315 section 18.2.3:
2657 *
2658 * If the server cannot find a client entry for the IA the
2659 * server returns the IA containing no addresses with a Status
2660 * Code option set to NoBinding in the Reply message.
2661 *
2662 * On mismatch we (ab)use this pretending we have not the IA
2663 * as soon as we have not an address.
2664 */
2665 } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2666 /* Rewind the IA_NA to empty. */
2667 option_state_dereference(&reply->reply_ia, MDL);
2668 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2669 log_error("reply_process_addr: No memory for "
2670 "option state wipe.");
2671 status = ISC_R_NOMEMORY;
2672 goto cleanup;
2673 }
2674
2675 /* Append a NoBinding status code. */
2676 if (!set_status_code(STATUS_NoBinding,
2677 "Address not bound to this "
2678 "interface.", reply->reply_ia)) {
2679 log_error("reply_process_addr: Unable to "
2680 "attach status code.");
2681 status = ISC_R_FAILURE;
2682 goto cleanup;
2683 }
2684
2685 /* Fin (no more IAADDRs). */
2686 status = ISC_R_CANCELED;
2687 goto cleanup;
2688 } else {
2689 log_error("It is impossible to lease a client that is "
2690 "not sending a solicit, request, renew, or "
2691 "rebind message.");
2692 status = ISC_R_FAILURE;
2693 goto cleanup;
2694 }
2695 }
2696
2697 if (reply->static_lease) {
2698 if (reply->host == NULL)
2699 log_fatal("Impossible condition at %s:%d.", MDL);
2700
2701 scope = &global_scope;
2702 group = reply->subnet->group;
2703 } else {
2704 if (reply->lease == NULL)
2705 log_fatal("Impossible condition at %s:%d.", MDL);
2706
2707 scope = &reply->lease->scope;
2708 group = reply->lease->ipv6_pool->ipv6_pond->group;
2709 }
2710
2711 /*
2712 * If client_resources is nonzero, then the reply_process_is_addressed
2713 * function has executed configuration state into the reply option
2714 * cache. We will use that valid cache to derive configuration for
2715 * whether or not to engage in additional addresses, and similar.
2716 */
2717 if (reply->client_resources != 0) {
2718 unsigned limit = 1;
2719
2720 /*
2721 * Does this client have "enough" addresses already? Default
2722 * to one. Everybody gets one, and one should be enough for
2723 * anybody.
2724 */
2725 oc = lookup_option(&server_universe, reply->opt_state,
2726 SV_LIMIT_ADDRS_PER_IA);
2727 if (oc != NULL) {
2728 if (!evaluate_option_cache(&data, reply->packet,
2729 NULL, NULL,
2730 reply->packet->options,
2731 reply->opt_state,
2732 scope, oc, MDL) ||
2733 (data.len != 4)) {
2734 log_error("reply_process_addr: unable to "
2735 "evaluate addrs-per-ia value.");
2736 status = ISC_R_FAILURE;
2737 goto cleanup;
2738 }
2739
2740 limit = getULong(data.data);
2741 data_string_forget(&data, MDL);
2742 }
2743
2744 /*
2745 * If we wish to limit the client to a certain number of
2746 * addresses, then omit the address from the reply.
2747 */
2748 if (reply->client_resources >= limit)
2749 goto cleanup;
2750 }
2751
2752 status = reply_process_is_addressed(reply, scope, group);
2753 if (status != ISC_R_SUCCESS)
2754 goto cleanup;
2755
2756 send_addr:
2757 status = reply_process_send_addr(reply, &tmp_addr);
2758
2759 cleanup:
2760 if (iaaddr.data != NULL)
2761 data_string_forget(&iaaddr, MDL);
2762 if (data.data != NULL)
2763 data_string_forget(&data, MDL);
2764 if (reply->lease != NULL)
2765 iasubopt_dereference(&reply->lease, MDL);
2766
2767 return status;
2768 }
2769
2770 /*
2771 * Verify the address belongs to the client. If we've got a host
2772 * record with a fixed address, it has to be the assigned address
2773 * (fault out all else). Otherwise it's a dynamic address, so lookup
2774 * that address and make sure it belongs to this DUID:IAID pair.
2775 */
2776 static isc_boolean_t
2777 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2778 int i;
2779 struct ipv6_pond *pond;
2780
2781 /*
2782 * This faults out addresses that don't match fixed addresses.
2783 */
2784 if (reply->static_lease) {
2785 if (reply->fixed.data == NULL)
2786 log_fatal("Impossible condition at %s:%d.", MDL);
2787
2788 if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2789 return (ISC_TRUE);
2790
2791 return (ISC_FALSE);
2792 }
2793
2794 if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2795 return (ISC_FALSE);
2796
2797 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2798 struct iasubopt *tmp;
2799
2800 tmp = reply->old_ia->iasubopt[i];
2801
2802 if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2803 if (lease6_usable(tmp) == ISC_FALSE) {
2804 return (ISC_FALSE);
2805 }
2806
2807 pond = tmp->ipv6_pool->ipv6_pond;
2808 if (((pond->prohibit_list != NULL) &&
2809 (permitted(reply->packet, pond->prohibit_list))) ||
2810 ((pond->permit_list != NULL) &&
2811 (!permitted(reply->packet, pond->permit_list))))
2812 return (ISC_FALSE);
2813
2814 iasubopt_reference(&reply->lease, tmp, MDL);
2815
2816 return (ISC_TRUE);
2817 }
2818 }
2819
2820 return (ISC_FALSE);
2821 }
2822
2823 /* Process a client-supplied IA_TA. This may append options to the tail of
2824 * the reply packet being built in the reply_state structure.
2825 */
2826 static isc_result_t
2827 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2828 isc_result_t status = ISC_R_SUCCESS;
2829 u_int32_t iaid;
2830 unsigned ia_cursor;
2831 struct option_state *packet_ia;
2832 struct option_cache *oc;
2833 struct data_string ia_data, data;
2834 struct data_string iaaddr;
2835 u_int32_t pref_life, valid_life;
2836 struct iaddr tmp_addr;
2837
2838 /* Initialize values that will get cleaned up on return. */
2839 packet_ia = NULL;
2840 memset(&ia_data, 0, sizeof(ia_data));
2841 memset(&data, 0, sizeof(data));
2842 memset(&iaaddr, 0, sizeof(iaaddr));
2843
2844 /* Make sure there is at least room for the header. */
2845 if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2846 log_error("reply_process_ia_ta: Reply too long for IA.");
2847 return ISC_R_NOSPACE;
2848 }
2849
2850
2851 /* Fetch the IA_TA contents. */
2852 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2853 ia, IA_TA_OFFSET)) {
2854 log_error("reply_process_ia_ta: error evaluating ia");
2855 status = ISC_R_FAILURE;
2856 goto cleanup;
2857 }
2858
2859 /* Extract IA_TA header contents. */
2860 iaid = getULong(ia_data.data);
2861
2862 /* Create an IA_TA structure. */
2863 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2864 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2865 log_error("reply_process_ia_ta: no memory for ia.");
2866 status = ISC_R_NOMEMORY;
2867 goto cleanup;
2868 }
2869 reply->ia->ia_type = D6O_IA_TA;
2870
2871 /* Cache pre-existing IA, if any. */
2872 ia_hash_lookup(&reply->old_ia, ia_ta_active,
2873 (unsigned char *)reply->ia->iaid_duid.data,
2874 reply->ia->iaid_duid.len, MDL);
2875
2876 /*
2877 * Create an option cache to carry the IA_TA option contents, and
2878 * execute any user-supplied values into it.
2879 */
2880 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2881 status = ISC_R_NOMEMORY;
2882 goto cleanup;
2883 }
2884
2885 /*
2886 * Temporary leases are dynamic by definition.
2887 */
2888 reply->static_lease = ISC_FALSE;
2889
2890 /*
2891 * Save the cursor position at the start of the IA, so we can
2892 * set length later. We write a temporary
2893 * header out now just in case we decide to adjust the packet
2894 * within sub-process functions.
2895 */
2896 ia_cursor = reply->cursor;
2897
2898 /* Initialize the IA_TA header. First the code. */
2899 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2900 reply->cursor += 2;
2901
2902 /* Then option length. */
2903 putUShort(reply->buf.data + reply->cursor, 0x04u);
2904 reply->cursor += 2;
2905
2906 /* Then IA_TA header contents; IAID. */
2907 putULong(reply->buf.data + reply->cursor, iaid);
2908 reply->cursor += 4;
2909
2910 /*
2911 * Deal with an IAADDR for lifetimes.
2912 * For all or none, process IAADDRs as hints.
2913 */
2914 reply->min_valid = reply->min_prefer = INFINITE_TIME;
2915 reply->client_valid = reply->client_prefer = 0;
2916 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2917 for (; oc != NULL; oc = oc->next) {
2918 memset(&iaaddr, 0, sizeof(iaaddr));
2919 if (!evaluate_option_cache(&iaaddr, reply->packet,
2920 NULL, NULL,
2921 reply->packet->options, NULL,
2922 &global_scope, oc, MDL) ||
2923 (iaaddr.len < IAADDR_OFFSET)) {
2924 log_error("reply_process_ia_ta: error "
2925 "evaluating IAADDR.");
2926 status = ISC_R_FAILURE;
2927 goto cleanup;
2928 }
2929 /* The first 16 bytes are the IPv6 address. */
2930 pref_life = getULong(iaaddr.data + 16);
2931 valid_life = getULong(iaaddr.data + 20);
2932
2933 if ((reply->client_valid == 0) ||
2934 (reply->client_valid > valid_life))
2935 reply->client_valid = valid_life;
2936
2937 if ((reply->client_prefer == 0) ||
2938 (reply->client_prefer > pref_life))
2939 reply->client_prefer = pref_life;
2940
2941 /* Nothing more if something has failed. */
2942 if (status == ISC_R_CANCELED)
2943 continue;
2944
2945 tmp_addr.len = 16;
2946 memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2947 if (!temporary_is_available(reply, &tmp_addr))
2948 goto bad_temp;
2949 status = reply_process_is_addressed(reply,
2950 &reply->lease->scope,
2951 reply->lease->ipv6_pool->ipv6_pond->group);
2952 if (status != ISC_R_SUCCESS)
2953 goto bad_temp;
2954 status = reply_process_send_addr(reply, &tmp_addr);
2955 if (status != ISC_R_SUCCESS)
2956 goto bad_temp;
2957 if (reply->lease != NULL)
2958 iasubopt_dereference(&reply->lease, MDL);
2959 continue;
2960
2961 bad_temp:
2962 /* Rewind the IA_TA to empty. */
2963 option_state_dereference(&reply->reply_ia, MDL);
2964 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2965 status = ISC_R_NOMEMORY;
2966 goto cleanup;
2967 }
2968 status = ISC_R_CANCELED;
2969 reply->client_resources = 0;
2970 reply->resources_included = ISC_FALSE;
2971 if (reply->lease != NULL)
2972 iasubopt_dereference(&reply->lease, MDL);
2973 }
2974 reply->ia_count++;
2975
2976 /*
2977 * Give the client temporary addresses.
2978 */
2979 if (reply->client_resources != 0)
2980 goto store;
2981 status = find_client_temporaries(reply);
2982 if (status == ISC_R_NORESOURCES) {
2983 switch (reply->packet->dhcpv6_msg_type) {
2984 case DHCPV6_SOLICIT:
2985 /*
2986 * No address for any IA is handled
2987 * by the caller.
2988 */
2989 /* FALL THROUGH */
2990
2991 case DHCPV6_REQUEST:
2992 /* Section 18.2.1 (Request):
2993 *
2994 * If the server cannot assign any addresses to
2995 * an IA in the message from the client, the
2996 * server MUST include the IA in the Reply
2997 * message with no addresses in the IA and a
2998 * Status Code option in the IA containing
2999 * status code NoAddrsAvail.
3000 */
3001 option_state_dereference(&reply->reply_ia, MDL);
3002 if (!option_state_allocate(&reply->reply_ia, MDL)) {
3003 log_error("reply_process_ia_ta: No "
3004 "memory for option state wipe.");
3005 status = ISC_R_NOMEMORY;
3006 goto cleanup;
3007 }
3008
3009 if (!set_status_code(STATUS_NoAddrsAvail,
3010 "No addresses available "
3011 "for this interface.",
3012 reply->reply_ia)) {
3013 log_error("reply_process_ia_ta: Unable "
3014 "to set NoAddrsAvail status code.");
3015 status = ISC_R_FAILURE;
3016 goto cleanup;
3017 }
3018
3019 status = ISC_R_SUCCESS;
3020 break;
3021
3022 default:
3023 /*
3024 * We don't want to include the IA if we
3025 * provide zero addresses including zeroed
3026 * lifetimes.
3027 */
3028 if (reply->resources_included)
3029 status = ISC_R_SUCCESS;
3030 else
3031 goto cleanup;
3032 break;
3033 }
3034 } else if (status != ISC_R_SUCCESS)
3035 goto cleanup;
3036
3037 store:
3038
3039 /*
3040 * yes, goto's aren't the best but we also want to avoid extra
3041 * indents
3042 */
3043 if (status == ISC_R_CANCELED) {
3044 /* We're replying with a status code so we still need to
3045 * write it out in wire-format to the outbound buffer */
3046 write_to_packet(reply, ia_cursor);
3047 goto cleanup;
3048 }
3049
3050 /*
3051 * If we have any addresses log what we are doing.
3052 */
3053 if (reply->ia->num_iasubopt != 0) {
3054 struct iasubopt *tmp;
3055 int i;
3056 char tmp_addr[INET6_ADDRSTRLEN];
3057
3058 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3059 tmp = reply->ia->iasubopt[i];
3060
3061 log_info("%s TA: address %s to client with duid %s "
3062 "iaid = %d valid for %u seconds",
3063 dhcpv6_type_names[reply->buf.reply.msg_type],
3064 inet_ntop(AF_INET6, &tmp->addr,
3065 tmp_addr, sizeof(tmp_addr)),
3066 print_hex_1(reply->client_id.len,
3067 reply->client_id.data, 60),
3068 iaid,
3069 tmp->valid);
3070 }
3071 }
3072
3073 /*
3074 * For hard bindings we consume the new changes into
3075 * the database (if any have been attached to the ia_ta).
3076 *
3077 * Loop through the assigned dynamic addresses, referencing the
3078 * leases onto this IA_TA rather than any old ones, and updating
3079 * pool timers for each (if any).
3080 */
3081 if ((reply->ia->num_iasubopt != 0) &&
3082 (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
3083 int must_commit = 0;
3084 struct iasubopt *tmp;
3085 struct data_string *ia_id;
3086 int i;
3087
3088 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3089 tmp = reply->ia->iasubopt[i];
3090
3091 if (tmp->ia != NULL)
3092 ia_dereference(&tmp->ia, MDL);
3093 ia_reference(&tmp->ia, reply->ia, MDL);
3094
3095 /* If we have anything to do on commit do it now */
3096 if (tmp->on_star.on_commit != NULL) {
3097 execute_statements(NULL, reply->packet,
3098 NULL, NULL,
3099 reply->packet->options,
3100 reply->opt_state,
3101 &tmp->scope,
3102 tmp->on_star.on_commit,
3103 &tmp->on_star);
3104 executable_statement_dereference
3105 (&tmp->on_star.on_commit, MDL);
3106 }
3107
3108 #if defined (NSUPDATE)
3109 /*
3110 * Perform ddns updates.
3111 */
3112 oc = lookup_option(&server_universe, reply->opt_state,
3113 SV_DDNS_UPDATES);
3114 if ((oc == NULL) ||
3115 evaluate_boolean_option_cache(NULL, reply->packet,
3116 NULL, NULL,
3117 reply->packet->options,
3118 reply->opt_state,
3119 &tmp->scope,
3120 oc, MDL)) {
3121 ddns_updates(reply->packet, NULL, NULL,
3122 tmp, NULL, reply->opt_state);
3123 }
3124 #endif
3125
3126 if (!reuse_lease6(reply, tmp)) {
3127 /* Commit 'hard' bindings. */
3128 must_commit = 1;
3129 renew_lease6(tmp->ipv6_pool, tmp);
3130 schedule_lease_timeout(tmp->ipv6_pool);
3131
3132 /* Do our threshold check. */
3133 check_pool6_threshold(reply, tmp);
3134 }
3135 }
3136
3137 /* write the IA_TA in wire-format to the outbound buffer */
3138 write_to_packet(reply, ia_cursor);
3139
3140 /* Remove any old ia from the hash. */
3141 if (reply->old_ia != NULL) {
3142 if (!release_on_roam(reply)) {
3143 ia_id = &reply->old_ia->iaid_duid;
3144 ia_hash_delete(ia_ta_active,
3145 (unsigned char *)ia_id->data,
3146 ia_id->len, MDL);
3147 }
3148
3149 ia_dereference(&reply->old_ia, MDL);
3150 }
3151
3152 /* Put new ia into the hash. */
3153 reply->ia->cltt = cur_time;
3154 ia_id = &reply->ia->iaid_duid;
3155 ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3156 ia_id->len, reply->ia, MDL);
3157
3158 /* If we couldn't reuse all of the iasubopts, we
3159 * must update udpate the lease db */
3160 if (must_commit) {
3161 write_ia(reply->ia);
3162 }
3163 } else {
3164 /* write the IA_TA in wire-format to the outbound buffer */
3165 write_to_packet(reply, ia_cursor);
3166 schedule_lease_timeout_reply(reply);
3167 }
3168
3169 cleanup:
3170 if (packet_ia != NULL)
3171 option_state_dereference(&packet_ia, MDL);
3172 if (iaaddr.data != NULL)
3173 data_string_forget(&iaaddr, MDL);
3174 if (reply->reply_ia != NULL)
3175 option_state_dereference(&reply->reply_ia, MDL);
3176 if (ia_data.data != NULL)
3177 data_string_forget(&ia_data, MDL);
3178 if (data.data != NULL)
3179 data_string_forget(&data, MDL);
3180 if (reply->ia != NULL)
3181 ia_dereference(&reply->ia, MDL);
3182 if (reply->old_ia != NULL)
3183 ia_dereference(&reply->old_ia, MDL);
3184 if (reply->lease != NULL)
3185 iasubopt_dereference(&reply->lease, MDL);
3186
3187 /*
3188 * ISC_R_CANCELED is a status code used by the addr processing to
3189 * indicate we're replying with other addresses. This is still a
3190 * success at higher layers.
3191 */
3192 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3193 }
3194 /*
3195 * Determines if a lease (iasubopt) can be reused without extending it.
3196 * If dhcp-cache-threshold is greater than zero (i.e enabled) then
3197 * a lease may be reused without going through a full renewal if
3198 * it meets all the requirements. In short it must be active, younger
3199 * than the threshold, and not have DNS changes.
3200 *
3201 * If it is determined that it can be reused, that a call to
3202 * shorten_lifetimes() is made to reduce the valid and preferred lifetimes
3203 * sent to the client by the age of the lease.
3204 *
3205 * Returns 1 if lease can be reused, 0 otherwise
3206 */
3207 int
3208 reuse_lease6(struct reply_state *reply, struct iasubopt *lease) {
3209 int threshold = DEFAULT_CACHE_THRESHOLD;
3210 struct option_cache* oc = NULL;
3211 struct data_string d1;
3212 time_t age;
3213 time_t limit;
3214 int reuse_it = 0;
3215
3216 /* In order to even qualify for reuse consideration:
3217 * 1. Lease must be active
3218 * 2. It must have been accepted at least once
3219 * 3. DNS info must not have changed */
3220 if ((lease->state != FTS_ACTIVE) ||
3221 (lease->hard_lifetime_end_time == 0) ||
3222 (lease->ddns_cb != NULL)) {
3223 return (0);
3224 }
3225
3226 /* Look up threshold value */
3227 memset(&d1, 0, sizeof(struct data_string));
3228 oc = lookup_option(&server_universe, reply->opt_state,
3229 SV_CACHE_THRESHOLD);
3230 if (oc &&
3231 evaluate_option_cache(&d1, reply->packet, NULL, NULL,
3232 reply->packet->options, reply->opt_state,
3233 &lease->scope, oc, MDL)) {
3234 if (d1.len == 1 && (d1.data[0] < 100)) {
3235 threshold = d1.data[0];
3236 }
3237
3238 data_string_forget(&d1, MDL);
3239 }
3240
3241 if (threshold <= 0) {
3242 return (0);
3243 }
3244
3245 if (lease->valid >= MAX_TIME) {
3246 /* Infinite leases are always reused. We have to make
3247 * a choice because we cannot determine when they actually
3248 * began, so we either always reuse them or we never do. */
3249 log_debug ("reusing infinite lease for: %s%s",
3250 pin6_addr(&lease->addr), iasubopt_plen_str(lease));
3251 return (1);
3252 }
3253
3254 age = cur_tv.tv_sec - (lease->hard_lifetime_end_time - lease->valid);
3255 if (lease->valid <= (INT_MAX / threshold))
3256 limit = lease->valid * threshold / 100;
3257 else
3258 limit = lease->valid / 100 * threshold;
3259
3260 if (age < limit) {
3261 /* Reduce valid/preferred going to the client by age */
3262 shorten_lifetimes(reply, lease, age, threshold);
3263 reuse_it = 1;
3264 }
3265
3266 return (reuse_it);
3267 }
3268
3269 /*
3270 * Reduces the valid and preferred lifetimes for a given lease (iasubopt)
3271 *
3272 * We cannot determine until after a iasubopt has been added to
3273 * the reply if the lease can be reused. Therefore, when we do reuse a
3274 * lease we need a way to alter the lifetimes that will be sent to the client.
3275 * That's where this function comes in handy:
3276 *
3277 * Locate the iasubopt by it's address within the reply the reduce both
3278 * the preferred and valid lifetimes by the given number of seconds.
3279 *
3280 * Note that this function, by necessity, works directly with the
3281 * option_cache data. Sort of a no-no but I don't have any better ideas.
3282 */
3283 void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
3284 time_t age, int threshold) {
3285 struct option_cache* oc = NULL;
3286 int subopt_type;
3287 int addr_offset;
3288 int pref_offset;
3289 int val_offset;
3290 int exp_length;
3291
3292 if (reply->ia->ia_type != D6O_IA_PD) {
3293 subopt_type = D6O_IAADDR;
3294 addr_offset = IASUBOPT_NA_ADDR_OFFSET;
3295 pref_offset = IASUBOPT_NA_PREF_OFFSET;
3296 val_offset = IASUBOPT_NA_VALID_OFFSET;
3297 exp_length = IASUBOPT_NA_LEN;
3298 }
3299 else {
3300 subopt_type = D6O_IAPREFIX;
3301 addr_offset = IASUBOPT_PD_PREFIX_OFFSET;
3302 pref_offset = IASUBOPT_PD_PREF_OFFSET;
3303 val_offset = IASUBOPT_PD_VALID_OFFSET;
3304 exp_length = IASUBOPT_PD_LEN;
3305 }
3306
3307 // loop through the iasubopts for the one that matches this lease
3308 oc = lookup_option(&dhcpv6_universe, reply->reply_ia, subopt_type);
3309 for (; oc != NULL ; oc = oc->next) {
3310 if (oc->data.data == NULL || oc->data.len != exp_length) {
3311 /* shouldn't happen */
3312 continue;
3313 }
3314
3315 /* If address matches (and for PDs the prefix len matches)
3316 * we assume this is our subopt, so update the lifetimes */
3317 if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) &&
3318 (subopt_type != D6O_IAPREFIX ||
3319 (oc->data.data[IASUBOPT_PD_PREFLEN_OFFSET] ==
3320 lease->plen))) {
3321 u_int32_t pref_life = getULong(oc->data.data +
3322 pref_offset);
3323 u_int32_t valid_life = getULong(oc->data.data +
3324 val_offset);
3325
3326 if (pref_life < MAX_TIME && pref_life > age) {
3327 pref_life -= age;
3328 putULong((unsigned char*)(oc->data.data) +
3329 pref_offset, pref_life);
3330
3331 if (reply->min_prefer > pref_life) {
3332 reply->min_prefer = pref_life;
3333 }
3334 }
3335
3336 if (valid_life < MAX_TIME && valid_life > age) {
3337 valid_life -= age;
3338 putULong((unsigned char*)(oc->data.data) +
3339 val_offset, valid_life);
3340
3341 if (reply->min_valid > reply->send_valid) {
3342 reply->min_valid = valid_life;
3343 }
3344 }
3345
3346 log_debug ("Reusing lease for: %s%s, "
3347 "age %ld secs < %d%%,"
3348 " sending shortened lifetimes -"
3349 " preferred: %u, valid %u",
3350 pin6_addr(&lease->addr),
3351 iasubopt_plen_str(lease),
3352 (long)age, threshold,
3353 pref_life, valid_life);
3354 break;
3355 }
3356 }
3357 }
3358
3359 /*
3360 * Verify the temporary address is available.
3361 */
3362 static isc_boolean_t
3363 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3364 struct in6_addr tmp_addr;
3365 struct subnet *subnet;
3366 struct ipv6_pool *pool = NULL;
3367 struct ipv6_pond *pond = NULL;
3368 int i;
3369
3370 memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3371 /*
3372 * Clients may choose to send :: as an address, with the idea to give
3373 * hints about preferred-lifetime or valid-lifetime.
3374 * So this is not a request for this address.
3375 */
3376 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3377 return ISC_FALSE;
3378
3379 /*
3380 * Verify that this address is on the client's network.
3381 */
3382 for (subnet = reply->shared->subnets ; subnet != NULL ;
3383 subnet = subnet->next_sibling) {
3384 if (addr_eq(subnet_number(*addr, subnet->netmask),
3385 subnet->net))
3386 break;
3387 }
3388
3389 /* Address not found on shared network. */
3390 if (subnet == NULL)
3391 return ISC_FALSE;
3392
3393 /*
3394 * Check if this address is owned (must be before next step).
3395 */
3396 if (address_is_owned(reply, addr))
3397 return ISC_TRUE;
3398
3399 /*
3400 * Verify that this address is in a temporary pool and try to get it.
3401 */
3402 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3403 if (((pond->prohibit_list != NULL) &&
3404 (permitted(reply->packet, pond->prohibit_list))) ||
3405 ((pond->permit_list != NULL) &&
3406 (!permitted(reply->packet, pond->permit_list))))
3407 continue;
3408
3409 for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3410 if (pool->pool_type != D6O_IA_TA)
3411 continue;
3412
3413 if (ipv6_in_pool(&tmp_addr, pool))
3414 break;
3415 }
3416
3417 if (pool != NULL)
3418 break;
3419 }
3420
3421 if (pool == NULL)
3422 return ISC_FALSE;
3423 if (lease6_exists(pool, &tmp_addr))
3424 return ISC_FALSE;
3425 if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3426 return ISC_FALSE;
3427 reply->lease->addr = tmp_addr;
3428 reply->lease->plen = 0;
3429 /* Default is soft binding for 2 minutes. */
3430 if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3431 return ISC_FALSE;
3432
3433 return ISC_TRUE;
3434 }
3435
3436 /*
3437 * Get a temporary address per prefix.
3438 */
3439 static isc_result_t
3440 find_client_temporaries(struct reply_state *reply) {
3441 int i;
3442 struct ipv6_pool *p = NULL;
3443 struct ipv6_pond *pond;
3444 isc_result_t status = ISC_R_NORESOURCES;;
3445 unsigned int attempts;
3446 struct iaddr send_addr;
3447
3448 /*
3449 * Do a quick walk through of the ponds and pools
3450 * to see if we have any prefix pools
3451 */
3452 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3453 if (pond->ipv6_pools == NULL)
3454 continue;
3455
3456 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3457 if (p->pool_type == D6O_IA_TA)
3458 break;
3459 }
3460 if (p != NULL)
3461 break;
3462 }
3463
3464 /* If we get here and p is NULL we have no useful pools */
3465 if (p == NULL) {
3466 log_debug("Unable to get client addresses: "
3467 "no IPv6 pools on this shared network");
3468 return ISC_R_NORESOURCES;
3469 }
3470
3471 /*
3472 * We have at least one pool that could provide an address
3473 * Now we walk through the ponds and pools again and check
3474 * to see if the client is permitted and if an address is
3475 * available
3476 */
3477
3478 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3479 if (((pond->prohibit_list != NULL) &&
3480 (permitted(reply->packet, pond->prohibit_list))) ||
3481 ((pond->permit_list != NULL) &&
3482 (!permitted(reply->packet, pond->permit_list))))
3483 continue;
3484
3485 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3486 if (p->pool_type != D6O_IA_TA) {
3487 continue;
3488 }
3489
3490 /*
3491 * Get an address in this temporary pool.
3492 */
3493 status = create_lease6(p, &reply->lease, &attempts,
3494 &reply->client_id,
3495 cur_time + 120);
3496
3497 if (status != ISC_R_SUCCESS) {
3498 log_debug("Unable to get a temporary address.");
3499 goto cleanup;
3500 }
3501
3502 status = reply_process_is_addressed(reply,
3503 &reply->lease->scope,
3504 pond->group);
3505 if (status != ISC_R_SUCCESS) {
3506 goto cleanup;
3507 }
3508 send_addr.len = 16;
3509 memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3510 status = reply_process_send_addr(reply, &send_addr);
3511 if (status != ISC_R_SUCCESS) {
3512 goto cleanup;
3513 }
3514 /*
3515 * reply->lease can't be null as we use it above
3516 * add check if that changes
3517 */
3518 iasubopt_dereference(&reply->lease, MDL);
3519 }
3520 }
3521
3522 cleanup:
3523 if (reply->lease != NULL) {
3524 iasubopt_dereference(&reply->lease, MDL);
3525 }
3526 return status;
3527 }
3528
3529 /*
3530 * This function only returns failure on 'hard' failures. If it succeeds,
3531 * it will leave a lease structure behind.
3532 */
3533 static isc_result_t
3534 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3535 isc_result_t status = ISC_R_ADDRNOTAVAIL;
3536 struct ipv6_pool *pool = NULL;
3537 struct ipv6_pond *pond = NULL;
3538 int i;
3539 struct data_string data_addr;
3540
3541 if ((reply == NULL) || (reply->shared == NULL) ||
3542 (addr == NULL) || (reply->lease != NULL))
3543 return (DHCP_R_INVALIDARG);
3544
3545 /*
3546 * Do a quick walk through of the ponds and pools
3547 * to see if we have any NA address pools
3548 */
3549 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3550 if (pond->ipv6_pools == NULL)
3551 continue;
3552
3553 for (i = 0; ; i++) {
3554 pool = pond->ipv6_pools[i];
3555 if ((pool == NULL) ||
3556 (pool->pool_type == D6O_IA_NA))
3557 break;
3558 }
3559 if (pool != NULL)
3560 break;
3561 }
3562
3563 /* If we get here and p is NULL we have no useful pools */
3564 if (pool == NULL) {
3565 return (ISC_R_ADDRNOTAVAIL);
3566 }
3567
3568 memset(&data_addr, 0, sizeof(data_addr));
3569 data_addr.len = addr->len;
3570 data_addr.data = addr->iabuf;
3571
3572 /*
3573 * We have at least one pool that could provide an address
3574 * Now we walk through the ponds and pools again and check
3575 * to see if the client is permitted and if an address is
3576 * available
3577 *
3578 * Within a given pond we start looking at the last pool we
3579 * allocated from, unless it had a collision trying to allocate
3580 * an address. This will tend to move us into less-filled pools.
3581 */
3582
3583 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3584 if (((pond->prohibit_list != NULL) &&
3585 (permitted(reply->packet, pond->prohibit_list))) ||
3586 ((pond->permit_list != NULL) &&
3587 (!permitted(reply->packet, pond->permit_list))))
3588 continue;
3589
3590 for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3591 if (pool->pool_type != D6O_IA_NA)
3592 continue;
3593
3594 status = try_client_v6_address(&reply->lease, pool,
3595 &data_addr);
3596 if (status == ISC_R_SUCCESS)
3597 break;
3598 }
3599
3600 if (status == ISC_R_SUCCESS)
3601 break;
3602 }
3603
3604 /* Note that this is just pedantry. There is no allocation to free. */
3605 data_string_forget(&data_addr, MDL);
3606 /* Return just the most recent status... */
3607 return (status);
3608 }
3609
3610 /* Look around for an address to give the client. First, look through the
3611 * old IA for addresses we can extend. Second, try to allocate a new address.
3612 * Finally, actually add that address into the current reply IA.
3613 */
3614 static isc_result_t
3615 find_client_address(struct reply_state *reply) {
3616 struct iaddr send_addr;
3617 isc_result_t status = ISC_R_NORESOURCES;
3618 struct iasubopt *lease, *best_lease = NULL;
3619 struct binding_scope **scope;
3620 struct group *group;
3621 int i;
3622
3623 if (reply->static_lease) {
3624 if (reply->host == NULL)
3625 return DHCP_R_INVALIDARG;
3626
3627 send_addr.len = 16;
3628 memcpy(send_addr.iabuf, reply->fixed.data, 16);
3629
3630 scope = &global_scope;
3631 group = reply->subnet->group;
3632 goto send_addr;
3633 }
3634
3635 if (reply->old_ia != NULL) {
3636 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3637 struct shared_network *candidate_shared;
3638 struct ipv6_pond *pond;
3639
3640 lease = reply->old_ia->iasubopt[i];
3641 candidate_shared = lease->ipv6_pool->shared_network;
3642 pond = lease->ipv6_pool->ipv6_pond;
3643
3644 /*
3645 * Look for the best lease on the client's shared
3646 * network, that is still permitted
3647 */
3648
3649 if ((candidate_shared != reply->shared) ||
3650 (lease6_usable(lease) != ISC_TRUE))
3651 continue;
3652
3653 if (((pond->prohibit_list != NULL) &&
3654 (permitted(reply->packet, pond->prohibit_list))) ||
3655 ((pond->permit_list != NULL) &&
3656 (!permitted(reply->packet, pond->permit_list))))
3657 continue;
3658
3659 best_lease = lease_compare(lease, best_lease);
3660 }
3661 }
3662
3663 /* Try to pick a new address if we didn't find one, or if we found an
3664 * abandoned lease.
3665 */
3666 if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3667 status = pick_v6_address(reply);
3668 } else if (best_lease != NULL) {
3669 iasubopt_reference(&reply->lease, best_lease, MDL);
3670 status = ISC_R_SUCCESS;
3671 }
3672
3673 /* Pick the abandoned lease as a last resort. */
3674 if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3675 /* I don't see how this is supposed to be done right now. */
3676 log_error("Best match for DUID %s is an abandoned address,"
3677 " This may be a result of multiple clients attempting"
3678 " to use this DUID",
3679 print_hex_1(reply->client_id.len,
3680 reply->client_id.data, 60));
3681 /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3682 }
3683
3684 /* Give up now if we didn't find a lease. */
3685 if (status != ISC_R_SUCCESS)
3686 return status;
3687
3688 if (reply->lease == NULL)
3689 log_fatal("Impossible condition at %s:%d.", MDL);
3690
3691 /* Draw binding scopes from the lease's binding scope, and config
3692 * from the lease's containing subnet and higher. Note that it may
3693 * be desirable to place the group attachment directly in the pool.
3694 */
3695 scope = &reply->lease->scope;
3696 group = reply->lease->ipv6_pool->ipv6_pond->group;
3697
3698 send_addr.len = 16;
3699 memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3700
3701 send_addr:
3702 status = reply_process_is_addressed(reply, scope, group);
3703 if (status != ISC_R_SUCCESS)
3704 return status;
3705
3706 status = reply_process_send_addr(reply, &send_addr);
3707 return status;
3708 }
3709
3710 /* Once an address is found for a client, perform several common functions;
3711 * Calculate and store valid and preferred lease times, draw client options
3712 * into the option state.
3713 */
3714 static isc_result_t
3715 reply_process_is_addressed(struct reply_state *reply,
3716 struct binding_scope **scope, struct group *group)
3717 {
3718 isc_result_t status = ISC_R_SUCCESS;
3719 struct data_string data;
3720 struct option_cache *oc;
3721 struct option_state *tmp_options = NULL;
3722 struct on_star *on_star;
3723 int i;
3724
3725 /* Initialize values we will cleanup. */
3726 memset(&data, 0, sizeof(data));
3727
3728 /*
3729 * Find the proper on_star block to use. We use the
3730 * one in the lease if we have a lease or the one in
3731 * the reply if we don't have a lease because this is
3732 * a static instance
3733 */
3734 if (reply->lease) {
3735 on_star = &reply->lease->on_star;
3736 } else {
3737 on_star = &reply->on_star;
3738 }
3739
3740 /*
3741 * Bring in the root configuration. We only do this to bring
3742 * in the on * statements, as we didn't have the lease available
3743 * we did it the first time.
3744 */
3745 option_state_allocate(&tmp_options, MDL);
3746 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3747 reply->packet->options, tmp_options,
3748 &global_scope, root_group, NULL,
3749 on_star);
3750 if (tmp_options != NULL) {
3751 option_state_dereference(&tmp_options, MDL);
3752 }
3753
3754 /*
3755 * Bring configured options into the root packet level cache - start
3756 * with the lease's closest enclosing group (passed in by the caller
3757 * as 'group').
3758 */
3759 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3760 reply->packet->options, reply->opt_state,
3761 scope, group, root_group, on_star);
3762
3763 /* Execute statements from class scopes. */
3764 for (i = reply->packet->class_count; i > 0; i--) {
3765 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3766 reply->packet->options,
3767 reply->opt_state, scope,
3768 reply->packet->classes[i - 1]->group,
3769 group, on_star);
3770 }
3771
3772 /*
3773 * If there is a host record, over-ride with values configured there,
3774 * without re-evaluating configuration from the previously executed
3775 * group or its common enclosers.
3776 */
3777 if (reply->host != NULL)
3778 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3779 reply->packet->options,
3780 reply->opt_state, scope,
3781 reply->host->group, group,
3782 on_star);
3783
3784 /* Determine valid lifetime. */
3785 if (reply->client_valid == 0)
3786 reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3787 else
3788 reply->send_valid = reply->client_valid;
3789
3790 oc = lookup_option(&server_universe, reply->opt_state,
3791 SV_DEFAULT_LEASE_TIME);
3792 if (oc != NULL) {
3793 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3794 reply->packet->options,
3795 reply->opt_state,
3796 scope, oc, MDL) ||
3797 (data.len != 4)) {
3798 log_error("reply_process_is_addressed: unable to "
3799 "evaluate default lease time");
3800 status = ISC_R_FAILURE;
3801 goto cleanup;
3802 }
3803
3804 reply->send_valid = getULong(data.data);
3805 data_string_forget(&data, MDL);
3806 }
3807
3808 /* Check to see if the lease time would cause us to wrap
3809 * in which case we make it infinite.
3810 * The following doesn't work on at least some systems:
3811 * (cur_time + reply->send_valid < cur_time)
3812 */
3813 if (reply->send_valid != INFINITE_TIME) {
3814 time_t test_time = cur_time + reply->send_valid;
3815 if (test_time < cur_time)
3816 reply->send_valid = INFINITE_TIME;
3817 }
3818
3819 if (reply->client_prefer == 0)
3820 reply->send_prefer = reply->send_valid;
3821 else
3822 reply->send_prefer = reply->client_prefer;
3823
3824 if ((reply->send_prefer >= reply->send_valid) &&
3825 (reply->send_valid != INFINITE_TIME))
3826 reply->send_prefer = (reply->send_valid / 2) +
3827 (reply->send_valid / 8);
3828
3829 oc = lookup_option(&server_universe, reply->opt_state,
3830 SV_PREFER_LIFETIME);
3831 if (oc != NULL) {
3832 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3833 reply->packet->options,
3834 reply->opt_state,
3835 scope, oc, MDL) ||
3836 (data.len != 4)) {
3837 log_error("reply_process_is_addressed: unable to "
3838 "evaluate preferred lease time");
3839 status = ISC_R_FAILURE;
3840 goto cleanup;
3841 }
3842
3843 reply->send_prefer = getULong(data.data);
3844 data_string_forget(&data, MDL);
3845 }
3846
3847 /* Note lowest values for later calculation of renew/rebind times. */
3848 if (reply->min_prefer > reply->send_prefer)
3849 reply->min_prefer = reply->send_prefer;
3850
3851 if (reply->min_valid > reply->send_valid)
3852 reply->min_valid = reply->send_valid;
3853
3854 #if 0
3855 /*
3856 * XXX: Old 4.0.0 alpha code would change the host {} record
3857 * XXX: uid upon lease assignment. This was intended to cover the
3858 * XXX: case where a client first identifies itself using vendor
3859 * XXX: options in a solicit, or request, but later neglects to include
3860 * XXX: these options in a Renew or Rebind. It is not clear that this
3861 * XXX: is required, and has some startling ramifications (such as
3862 * XXX: how to recover this dynamic host {} state across restarts).
3863 */
3864 if (reply->host != NULL)
3865 change_host_uid(host, reply->client_id->data,
3866 reply->client_id->len);
3867 #endif /* 0 */
3868
3869 /* Perform dynamic lease related update work. */
3870 if (reply->lease != NULL) {
3871 /* Cached lifetimes */
3872 reply->lease->prefer = reply->send_prefer;
3873 reply->lease->valid = reply->send_valid;
3874
3875 /* Advance (or rewind) the valid lifetime.
3876 * In the protocol 0xFFFFFFFF is infinite
3877 * when connecting to the lease file MAX_TIME is
3878 */
3879 if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3880 if (reply->send_valid == INFINITE_TIME) {
3881 reply->lease->soft_lifetime_end_time = MAX_TIME;
3882 } else {
3883 reply->lease->soft_lifetime_end_time =
3884 cur_time + reply->send_valid;
3885 }
3886 /* Wait before renew! */
3887 }
3888
3889 status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3890 if (status != ISC_R_SUCCESS) {
3891 log_fatal("reply_process_is_addressed: Unable to "
3892 "attach lease to new IA: %s",
3893 isc_result_totext(status));
3894 }
3895
3896 /*
3897 * If this is a new lease, make sure it is attached somewhere.
3898 */
3899 if (reply->lease->ia == NULL) {
3900 ia_reference(&reply->lease->ia, reply->ia, MDL);
3901 }
3902 }
3903
3904 /* Bring a copy of the relevant options into the IA scope. */
3905 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3906 reply->packet->options, reply->reply_ia,
3907 scope, group, root_group, NULL);
3908
3909 /* Execute statements from class scopes. */
3910 for (i = reply->packet->class_count; i > 0; i--) {
3911 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3912 reply->packet->options,
3913 reply->reply_ia, scope,
3914 reply->packet->classes[i - 1]->group,
3915 group, NULL);
3916 }
3917
3918 /*
3919 * And bring in host record configuration, if any, but not to overlap
3920 * the previous group or its common enclosers.
3921 */
3922 if (reply->host != NULL)
3923 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3924 reply->packet->options,
3925 reply->reply_ia, scope,
3926 reply->host->group, group, NULL);
3927
3928 cleanup:
3929 if (data.data != NULL)
3930 data_string_forget(&data, MDL);
3931
3932 if (status == ISC_R_SUCCESS)
3933 reply->client_resources++;
3934
3935 return status;
3936 }
3937
3938 /* Simply send an IAADDR within the IA scope as described. */
3939 static isc_result_t
3940 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3941 isc_result_t status = ISC_R_SUCCESS;
3942 struct data_string data;
3943
3944 memset(&data, 0, sizeof(data));
3945
3946 /* Now append the lease. */
3947 data.len = IAADDR_OFFSET;
3948 if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3949 log_error("reply_process_send_addr: out of memory"
3950 "allocating new IAADDR buffer.");
3951 status = ISC_R_NOMEMORY;
3952 goto cleanup;
3953 }
3954 data.data = data.buffer->data;
3955
3956 memcpy(data.buffer->data, addr->iabuf, 16);
3957 putULong(data.buffer->data + 16, reply->send_prefer);
3958 putULong(data.buffer->data + 20, reply->send_valid);
3959
3960 if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3961 data.buffer, data.buffer->data,
3962 data.len, D6O_IAADDR, 0)) {
3963 log_error("reply_process_send_addr: unable "
3964 "to save IAADDR option");
3965 status = ISC_R_FAILURE;
3966 goto cleanup;
3967 }
3968
3969 reply->resources_included = ISC_TRUE;
3970
3971 cleanup:
3972 if (data.data != NULL)
3973 data_string_forget(&data, MDL);
3974
3975 return status;
3976 }
3977
3978 /* Choose the better of two leases. */
3979 static struct iasubopt *
3980 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3981 if (alpha == NULL)
3982 return beta;
3983 if (beta == NULL)
3984 return alpha;
3985
3986 switch(alpha->state) {
3987 case FTS_ACTIVE:
3988 switch(beta->state) {
3989 case FTS_ACTIVE:
3990 /* Choose the lease with the longest lifetime (most
3991 * likely the most recently allocated).
3992 */
3993 if (alpha->hard_lifetime_end_time <
3994 beta->hard_lifetime_end_time)
3995 return beta;
3996 else
3997 return alpha;
3998
3999 case FTS_EXPIRED:
4000 case FTS_ABANDONED:
4001 return alpha;
4002
4003 default:
4004 log_fatal("Impossible condition at %s:%d.", MDL);
4005 }
4006 break;
4007
4008 case FTS_EXPIRED:
4009 switch (beta->state) {
4010 case FTS_ACTIVE:
4011 return beta;
4012
4013 case FTS_EXPIRED:
4014 /* Choose the most recently expired lease. */
4015 if (alpha->hard_lifetime_end_time <
4016 beta->hard_lifetime_end_time)
4017 return beta;
4018 else if ((alpha->hard_lifetime_end_time ==
4019 beta->hard_lifetime_end_time) &&
4020 (alpha->soft_lifetime_end_time <
4021 beta->soft_lifetime_end_time))
4022 return beta;
4023 else
4024 return alpha;
4025
4026 case FTS_ABANDONED:
4027 return alpha;
4028
4029 default:
4030 log_fatal("Impossible condition at %s:%d.", MDL);
4031 }
4032 break;
4033
4034 case FTS_ABANDONED:
4035 switch (beta->state) {
4036 case FTS_ACTIVE:
4037 case FTS_EXPIRED:
4038 return alpha;
4039
4040 case FTS_ABANDONED:
4041 /* Choose the lease that was abandoned longest ago. */
4042 if (alpha->hard_lifetime_end_time <
4043 beta->hard_lifetime_end_time)
4044 return alpha;
4045 else
4046 return beta;
4047
4048 default:
4049 log_fatal("Impossible condition at %s:%d.", MDL);
4050 }
4051 break;
4052
4053 default:
4054 log_fatal("Impossible condition at %s:%d.", MDL);
4055 }
4056
4057 log_fatal("Triple impossible condition at %s:%d.", MDL);
4058 return NULL;
4059 }
4060
4061 /* Process a client-supplied IA_PD. This may append options to the tail of
4062 * the reply packet being built in the reply_state structure.
4063 */
4064 static isc_result_t
4065 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
4066 isc_result_t status = ISC_R_SUCCESS;
4067 u_int32_t iaid;
4068 unsigned ia_cursor;
4069 struct option_state *packet_ia;
4070 struct option_cache *oc;
4071 struct data_string ia_data, data;
4072
4073 /* Initialize values that will get cleaned up on return. */
4074 packet_ia = NULL;
4075 memset(&ia_data, 0, sizeof(ia_data));
4076 memset(&data, 0, sizeof(data));
4077 /*
4078 * Note that find_client_prefix() may set reply->lease.
4079 */
4080
4081 /* Make sure there is at least room for the header. */
4082 if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
4083 log_error("reply_process_ia_pd: Reply too long for IA.");
4084 return ISC_R_NOSPACE;
4085 }
4086
4087
4088 /* Fetch the IA_PD contents. */
4089 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
4090 ia, IA_PD_OFFSET)) {
4091 log_error("reply_process_ia_pd: error evaluating ia");
4092 status = ISC_R_FAILURE;
4093 goto cleanup;
4094 }
4095
4096 /* Extract IA_PD header contents. */
4097 iaid = getULong(ia_data.data);
4098 reply->renew = getULong(ia_data.data + 4);
4099 reply->rebind = getULong(ia_data.data + 8);
4100
4101 /* Create an IA_PD structure. */
4102 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
4103 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
4104 log_error("reply_process_ia_pd: no memory for ia.");
4105 status = ISC_R_NOMEMORY;
4106 goto cleanup;
4107 }
4108 reply->ia->ia_type = D6O_IA_PD;
4109
4110 /* Cache pre-existing IA_PD, if any. */
4111 ia_hash_lookup(&reply->old_ia, ia_pd_active,
4112 (unsigned char *)reply->ia->iaid_duid.data,
4113 reply->ia->iaid_duid.len, MDL);
4114
4115 /*
4116 * Create an option cache to carry the IA_PD option contents, and
4117 * execute any user-supplied values into it.
4118 */
4119 if (!option_state_allocate(&reply->reply_ia, MDL)) {
4120 status = ISC_R_NOMEMORY;
4121 goto cleanup;
4122 }
4123
4124 /* Check & count the fixed prefix host records. */
4125 reply->static_prefixes = 0;
4126 if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
4127 struct iaddrcidrnetlist *fp;
4128
4129 for (fp = reply->host->fixed_prefix; fp != NULL;
4130 fp = fp->next) {
4131 reply->static_prefixes += 1;
4132 }
4133 }
4134
4135 /*
4136 * Save the cursor position at the start of the IA_PD, so we can
4137 * set length and adjust t1/t2 values later. We write a temporary
4138 * header out now just in case we decide to adjust the packet
4139 * within sub-process functions.
4140 */
4141 ia_cursor = reply->cursor;
4142
4143 /* Initialize the IA_PD header. First the code. */
4144 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
4145 reply->cursor += 2;
4146
4147 /* Then option length. */
4148 putUShort(reply->buf.data + reply->cursor, 0x0Cu);
4149 reply->cursor += 2;
4150
4151 /* Then IA_PD header contents; IAID. */
4152 putULong(reply->buf.data + reply->cursor, iaid);
4153 reply->cursor += 4;
4154
4155 /* We store the client's t1 for now, and may over-ride it later. */
4156 putULong(reply->buf.data + reply->cursor, reply->renew);
4157 reply->cursor += 4;
4158
4159 /* We store the client's t2 for now, and may over-ride it later. */
4160 putULong(reply->buf.data + reply->cursor, reply->rebind);
4161 reply->cursor += 4;
4162
4163 /*
4164 * For each prefix in this IA_PD, decide what to do about it.
4165 */
4166 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
4167 reply->min_valid = reply->min_prefer = INFINITE_TIME;
4168 reply->client_valid = reply->client_prefer = 0;
4169 reply->preflen = -1;
4170 for (; oc != NULL ; oc = oc->next) {
4171 status = reply_process_prefix(reply, oc);
4172
4173 /*
4174 * Canceled means we did not allocate prefixes to the
4175 * client, but we're "done" with this IA - we set a status
4176 * code. So transmit this reply, e.g., move on to the next
4177 * IA.
4178 */
4179 if (status == ISC_R_CANCELED)
4180 break;
4181
4182 if ((status != ISC_R_SUCCESS) &&
4183 (status != ISC_R_ADDRINUSE) &&
4184 (status != ISC_R_ADDRNOTAVAIL))
4185 goto cleanup;
4186 }
4187
4188 reply->pd_count++;
4189
4190 /*
4191 * If we fell through the above and never gave the client
4192 * a prefix, give it one now.
4193 */
4194 if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
4195 status = find_client_prefix(reply);
4196
4197 if (status == ISC_R_NORESOURCES) {
4198 switch (reply->packet->dhcpv6_msg_type) {
4199 case DHCPV6_SOLICIT:
4200 /*
4201 * No prefix for any IA is handled
4202 * by the caller.
4203 */
4204 /* FALL THROUGH */
4205
4206 case DHCPV6_REQUEST:
4207 /* Same than for addresses. */
4208 option_state_dereference(&reply->reply_ia, MDL);
4209 if (!option_state_allocate(&reply->reply_ia,
4210 MDL))
4211 {
4212 log_error("reply_process_ia_pd: No "
4213 "memory for option state "
4214 "wipe.");
4215 status = ISC_R_NOMEMORY;
4216 goto cleanup;
4217 }
4218
4219 if (!set_status_code(STATUS_NoPrefixAvail,
4220 "No prefixes available "
4221 "for this interface.",
4222 reply->reply_ia)) {
4223 log_error("reply_process_ia_pd: "
4224 "Unable to set "
4225 "NoPrefixAvail status "
4226 "code.");
4227 status = ISC_R_FAILURE;
4228 goto cleanup;
4229 }
4230
4231 status = ISC_R_SUCCESS;
4232 break;
4233
4234 default:
4235 if (reply->resources_included)
4236 status = ISC_R_SUCCESS;
4237 else
4238 goto cleanup;
4239 break;
4240 }
4241 }
4242
4243 if (status != ISC_R_SUCCESS)
4244 goto cleanup;
4245 }
4246
4247 /*
4248 * yes, goto's aren't the best but we also want to avoid extra
4249 * indents
4250 */
4251 if (status == ISC_R_CANCELED) {
4252 /* We're replying with a status code so we still need to
4253 * write it out in wire-format to the outbound buffer */
4254 write_to_packet(reply, ia_cursor);
4255 goto cleanup;
4256 }
4257
4258 /*
4259 * Handle static prefixes, we always log stuff and if it's
4260 * a hard binding we run any commit statements that we have
4261 */
4262 if (reply->static_prefixes != 0) {
4263 char tmp_addr[INET6_ADDRSTRLEN];
4264 log_info("%s PD: address %s/%d to client with duid %s "
4265 "iaid = %d static",
4266 dhcpv6_type_names[reply->buf.reply.msg_type],
4267 inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
4268 tmp_addr, sizeof(tmp_addr)),
4269 reply->fixed_pref.bits,
4270 print_hex_1(reply->client_id.len,
4271 reply->client_id.data, 60),
4272 iaid);
4273
4274 /* Write the lease out in wire-format to the outbound buffer */
4275 write_to_packet(reply, ia_cursor);
4276
4277 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4278 (reply->on_star.on_commit != NULL)) {
4279 execute_statements(NULL, reply->packet, NULL, NULL,
4280 reply->packet->options,
4281 reply->opt_state,
4282 NULL, reply->on_star.on_commit,
4283 NULL);
4284 executable_statement_dereference
4285 (&reply->on_star.on_commit, MDL);
4286 }
4287 goto cleanup;
4288 }
4289
4290 /*
4291 * If we have any addresses log what we are doing.
4292 */
4293 if (reply->ia->num_iasubopt != 0) {
4294 struct iasubopt *tmp;
4295 int i;
4296 char tmp_addr[INET6_ADDRSTRLEN];
4297
4298 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4299 tmp = reply->ia->iasubopt[i];
4300
4301 log_info("%s PD: address %s/%d to client with duid %s"
4302 " iaid = %d valid for %u seconds",
4303 dhcpv6_type_names[reply->buf.reply.msg_type],
4304 inet_ntop(AF_INET6, &tmp->addr,
4305 tmp_addr, sizeof(tmp_addr)),
4306 (int)tmp->plen,
4307 print_hex_1(reply->client_id.len,
4308 reply->client_id.data, 60),
4309 iaid, tmp->valid);
4310 }
4311 }
4312
4313 /*
4314 * If this is not a 'soft' binding, consume the new changes into
4315 * the database (if any have been attached to the ia_pd).
4316 *
4317 * Loop through the assigned dynamic prefixes, referencing the
4318 * prefixes onto this IA_PD rather than any old ones, and updating
4319 * prefix pool timers for each (if any).
4320 *
4321 * If a lease can be reused we skip renewing it or checking the
4322 * pool threshold. If it can't we flag that the IA must be commited
4323 * to the db and do the renewal and pool check.
4324 */
4325 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4326 (reply->ia->num_iasubopt != 0)) {
4327 int must_commit = 0;
4328 struct iasubopt *tmp;
4329 struct data_string *ia_id;
4330 int i;
4331
4332 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4333 tmp = reply->ia->iasubopt[i];
4334
4335 if (tmp->ia != NULL)
4336 ia_dereference(&tmp->ia, MDL);
4337 ia_reference(&tmp->ia, reply->ia, MDL);
4338
4339 /* If we have anything to do on commit do it now */
4340 if (tmp->on_star.on_commit != NULL) {
4341 execute_statements(NULL, reply->packet,
4342 NULL, NULL,
4343 reply->packet->options,
4344 reply->opt_state,
4345 &tmp->scope,
4346 tmp->on_star.on_commit,
4347 &tmp->on_star);
4348 executable_statement_dereference
4349 (&tmp->on_star.on_commit, MDL);
4350 }
4351
4352 if (!reuse_lease6(reply, tmp)) {
4353 /* Commit 'hard' bindings. */
4354 must_commit = 1;
4355 renew_lease6(tmp->ipv6_pool, tmp);
4356 schedule_lease_timeout(tmp->ipv6_pool);
4357
4358 /* Do our threshold check. */
4359 check_pool6_threshold(reply, tmp);
4360 }
4361 }
4362
4363 /* write the IA_PD in wire-format to the outbound buffer */
4364 write_to_packet(reply, ia_cursor);
4365
4366 /* Remove any old ia from the hash. */
4367 if (reply->old_ia != NULL) {
4368 if (!release_on_roam(reply)) {
4369 ia_id = &reply->old_ia->iaid_duid;
4370 ia_hash_delete(ia_pd_active,
4371 (unsigned char *)ia_id->data,
4372 ia_id->len, MDL);
4373 }
4374
4375 ia_dereference(&reply->old_ia, MDL);
4376 }
4377
4378 /* Put new ia into the hash. */
4379 reply->ia->cltt = cur_time;
4380 ia_id = &reply->ia->iaid_duid;
4381 ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4382 ia_id->len, reply->ia, MDL);
4383
4384 /* If we couldn't reuse all of the iasubopts, we
4385 * must udpate the lease db */
4386 if (must_commit) {
4387 write_ia(reply->ia);
4388 }
4389 } else {
4390 /* write the IA_PD in wire-format to the outbound buffer */
4391 write_to_packet(reply, ia_cursor);
4392 schedule_lease_timeout_reply(reply);
4393 }
4394
4395 cleanup:
4396 if (packet_ia != NULL)
4397 option_state_dereference(&packet_ia, MDL);
4398 if (reply->reply_ia != NULL)
4399 option_state_dereference(&reply->reply_ia, MDL);
4400 if (ia_data.data != NULL)
4401 data_string_forget(&ia_data, MDL);
4402 if (data.data != NULL)
4403 data_string_forget(&data, MDL);
4404 if (reply->ia != NULL)
4405 ia_dereference(&reply->ia, MDL);
4406 if (reply->old_ia != NULL)
4407 ia_dereference(&reply->old_ia, MDL);
4408 if (reply->lease != NULL)
4409 iasubopt_dereference(&reply->lease, MDL);
4410 if (reply->on_star.on_expiry != NULL)
4411 executable_statement_dereference
4412 (&reply->on_star.on_expiry, MDL);
4413 if (reply->on_star.on_release != NULL)
4414 executable_statement_dereference
4415 (&reply->on_star.on_release, MDL);
4416
4417 /*
4418 * ISC_R_CANCELED is a status code used by the prefix processing to
4419 * indicate we're replying with a status code. This is still a
4420 * success at higher layers.
4421 */
4422 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4423 }
4424
4425 /*!
4426 *
4427 * \brief Find the proper scoping group for use with a v6 static prefix.
4428 *
4429 * We start by trying to find a subnet based on the given prefix and
4430 * the shared network. If we don't find one then the prefix has been
4431 * declared outside of any subnets. If there is a static address
4432 * associated with the host we use it to try and find a subnet (this
4433 * should succeed). If there isn't a static address we fall back
4434 * to the shared subnet itself.
4435 * Once we have a subnet we extract the group from it and return it.
4436 *
4437 * \param reply - the reply structure we use to collect information
4438 * we will use the fields shared, fixed_pref and host
4439 * from the structure
4440 *
4441 * \return a pointer to the group structure to use for scoping
4442 */
4443
4444 static struct group *
4445 find_group_by_prefix(struct reply_state *reply) {
4446 /* default group if we don't find anything better */
4447 struct group *group = reply->shared->group;
4448 struct subnet *subnet = NULL;
4449 struct iaddr tmp_addr;
4450 struct data_string fixed_addr;
4451
4452 /* Try with the prefix first */
4453 if (find_grouped_subnet(&subnet, reply->shared,
4454 reply->fixed_pref.lo_addr, MDL) != 0) {
4455 group = subnet->group;
4456 subnet_dereference(&subnet, MDL);
4457 return (group);
4458 }
4459
4460 /* Didn't find a subnet via prefix, what about fixed address */
4461 /* The caller has already tested reply->host != NULL */
4462
4463 memset(&fixed_addr, 0, sizeof(fixed_addr));
4464
4465 if ((reply->host->fixed_addr != NULL) &&
4466 (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4467 NULL, NULL, &global_scope,
4468 reply->host->fixed_addr, MDL))) {
4469 if (fixed_addr.len >= 16) {
4470 tmp_addr.len = 16;
4471 memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4472 if (find_grouped_subnet(&subnet, reply->shared,
4473 tmp_addr, MDL) != 0) {
4474 group = subnet->group;
4475 subnet_dereference(&subnet, MDL);
4476 }
4477 }
4478 data_string_forget(&fixed_addr, MDL);
4479 }
4480
4481 /* return whatever we got */
4482 return (group);
4483 }
4484
4485 /*
4486 * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4487 * contents into the reply's current ia_pd-scoped option cache. Returns
4488 * ISC_R_CANCELED in the event we are replying with a status code and do
4489 * not wish to process more IAPREFIXes within this IA_PD.
4490 */
4491 static isc_result_t
4492 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4493 u_int32_t pref_life, valid_life;
4494 struct binding_scope **scope;
4495 struct iaddrcidrnet tmp_pref;
4496 struct option_cache *oc;
4497 struct data_string iapref, data;
4498 isc_result_t status = ISC_R_SUCCESS;
4499 struct group *group;
4500
4501 /* Initializes values that will be cleaned up. */
4502 memset(&iapref, 0, sizeof(iapref));
4503 memset(&data, 0, sizeof(data));
4504 /* Note that reply->lease may be set by prefix_is_owned() */
4505
4506 /*
4507 * There is no point trying to process an incoming prefix if there
4508 * is no room for an outgoing prefix.
4509 */
4510 if ((reply->cursor + 29) > sizeof(reply->buf)) {
4511 log_error("reply_process_prefix: Out of room for prefix.");
4512 return ISC_R_NOSPACE;
4513 }
4514
4515 /* Extract this IAPREFIX option. */
4516 if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4517 reply->packet->options, NULL, &global_scope,
4518 pref, MDL) ||
4519 (iapref.len < IAPREFIX_OFFSET)) {
4520 log_error("reply_process_prefix: error evaluating IAPREFIX.");
4521 status = ISC_R_FAILURE;
4522 goto cleanup;
4523 }
4524
4525 /*
4526 * Layout: preferred and valid lifetimes followed by the prefix
4527 * length and the IPv6 address.
4528 */
4529 pref_life = getULong(iapref.data);
4530 valid_life = getULong(iapref.data + 4);
4531
4532 if ((reply->client_valid == 0) ||
4533 (reply->client_valid > valid_life))
4534 reply->client_valid = valid_life;
4535
4536 if ((reply->client_prefer == 0) ||
4537 (reply->client_prefer > pref_life))
4538 reply->client_prefer = pref_life;
4539
4540 /*
4541 * Clients may choose to send ::/0 as a prefix, with the idea to give
4542 * hints about preferred-lifetime or valid-lifetime.
4543 */
4544 tmp_pref.lo_addr.len = 16;
4545 memset(tmp_pref.lo_addr.iabuf, 0, 16);
4546 if ((iapref.data[8] == 0) &&
4547 (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4548 /* Status remains success; we just ignore this one. */
4549 goto cleanup;
4550 }
4551
4552 /*
4553 * Clients may choose to send ::/X as a prefix to specify a
4554 * preferred/requested prefix length. Note X is never zero here.
4555 */
4556 tmp_pref.bits = (int) iapref.data[8];
4557 if (reply->preflen < 0) {
4558 /* Cache the first preferred prefix length. */
4559 reply->preflen = tmp_pref.bits;
4560 }
4561 if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4562 goto cleanup;
4563 }
4564
4565 memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4566
4567 /* Verify the prefix belongs to the client. */
4568 if (!prefix_is_owned(reply, &tmp_pref)) {
4569 /* Same than for addresses. */
4570 if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4571 (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4572 (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4573 status = reply_process_try_prefix(reply, &tmp_pref);
4574
4575 /* Either error out or skip this prefix. */
4576 if ((status != ISC_R_SUCCESS) &&
4577 (status != ISC_R_ADDRINUSE) &&
4578 (status != ISC_R_ADDRNOTAVAIL))
4579 goto cleanup;
4580
4581 if (reply->lease == NULL) {
4582 if (reply->packet->dhcpv6_msg_type ==
4583 DHCPV6_REBIND) {
4584 reply->send_prefer = 0;
4585 reply->send_valid = 0;
4586 goto send_pref;
4587 }
4588
4589 /* status remains success - ignore */
4590 goto cleanup;
4591 }
4592 /*
4593 * RFC3633 section 18.2.3:
4594 *
4595 * If the delegating router cannot find a binding
4596 * for the requesting router's IA_PD the delegating
4597 * router returns the IA_PD containing no prefixes
4598 * with a Status Code option set to NoBinding in the
4599 * Reply message.
4600 *
4601 * On mismatch we (ab)use this pretending we have not the IA
4602 * as soon as we have not a prefix.
4603 */
4604 } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4605 /* Rewind the IA_PD to empty. */
4606 option_state_dereference(&reply->reply_ia, MDL);
4607 if (!option_state_allocate(&reply->reply_ia, MDL)) {
4608 log_error("reply_process_prefix: No memory "
4609 "for option state wipe.");
4610 status = ISC_R_NOMEMORY;
4611 goto cleanup;
4612 }
4613
4614 /* Append a NoBinding status code. */
4615 if (!set_status_code(STATUS_NoBinding,
4616 "Prefix not bound to this "
4617 "interface.", reply->reply_ia)) {
4618 log_error("reply_process_prefix: Unable to "
4619 "attach status code.");
4620 status = ISC_R_FAILURE;
4621 goto cleanup;
4622 }
4623
4624 /* Fin (no more IAPREFIXes). */
4625 status = ISC_R_CANCELED;
4626 goto cleanup;
4627 } else {
4628 log_error("It is impossible to lease a client that is "
4629 "not sending a solicit, request, renew, or "
4630 "rebind message.");
4631 status = ISC_R_FAILURE;
4632 goto cleanup;
4633 }
4634 }
4635
4636 if (reply->static_prefixes > 0) {
4637 if (reply->host == NULL)
4638 log_fatal("Impossible condition at %s:%d.", MDL);
4639
4640 scope = &global_scope;
4641
4642 /* Copy the static prefix for logging and finding the group */
4643 memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4644
4645 /* Try to find a group for the static prefix */
4646 group = find_group_by_prefix(reply);
4647 } else {
4648 if (reply->lease == NULL)
4649 log_fatal("Impossible condition at %s:%d.", MDL);
4650
4651 scope = &reply->lease->scope;
4652 group = reply->lease->ipv6_pool->ipv6_pond->group;
4653 }
4654
4655 /*
4656 * If client_resources is nonzero, then the reply_process_is_prefixed
4657 * function has executed configuration state into the reply option
4658 * cache. We will use that valid cache to derive configuration for
4659 * whether or not to engage in additional prefixes, and similar.
4660 */
4661 if (reply->client_resources != 0) {
4662 unsigned limit = 1;
4663
4664 /*
4665 * Does this client have "enough" prefixes already? Default
4666 * to one. Everybody gets one, and one should be enough for
4667 * anybody.
4668 */
4669 oc = lookup_option(&server_universe, reply->opt_state,
4670 SV_LIMIT_PREFS_PER_IA);
4671 if (oc != NULL) {
4672 if (!evaluate_option_cache(&data, reply->packet,
4673 NULL, NULL,
4674 reply->packet->options,
4675 reply->opt_state,
4676 scope, oc, MDL) ||
4677 (data.len != 4)) {
4678 log_error("reply_process_prefix: unable to "
4679 "evaluate prefs-per-ia value.");
4680 status = ISC_R_FAILURE;
4681 goto cleanup;
4682 }
4683
4684 limit = getULong(data.data);
4685 data_string_forget(&data, MDL);
4686 }
4687
4688 /*
4689 * If we wish to limit the client to a certain number of
4690 * prefixes, then omit the prefix from the reply.
4691 */
4692 if (reply->client_resources >= limit)
4693 goto cleanup;
4694 }
4695
4696 status = reply_process_is_prefixed(reply, scope, group);
4697 if (status != ISC_R_SUCCESS)
4698 goto cleanup;
4699
4700 send_pref:
4701 status = reply_process_send_prefix(reply, &tmp_pref);
4702
4703 cleanup:
4704 if (iapref.data != NULL)
4705 data_string_forget(&iapref, MDL);
4706 if (data.data != NULL)
4707 data_string_forget(&data, MDL);
4708 if (reply->lease != NULL)
4709 iasubopt_dereference(&reply->lease, MDL);
4710
4711 return status;
4712 }
4713
4714 /*
4715 * Verify the prefix belongs to the client. If we've got a host
4716 * record with fixed prefixes, it has to be an assigned prefix
4717 * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4718 * that prefix and make sure it belongs to this DUID:IAID pair.
4719 */
4720 static isc_boolean_t
4721 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4722 struct iaddrcidrnetlist *l;
4723 int i;
4724 struct ipv6_pond *pond;
4725
4726 /*
4727 * This faults out prefixes that don't match fixed prefixes.
4728 */
4729 if (reply->static_prefixes > 0) {
4730 for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4731 if ((pref->bits == l->cidrnet.bits) &&
4732 (memcmp(pref->lo_addr.iabuf,
4733 l->cidrnet.lo_addr.iabuf, 16) == 0))
4734 return (ISC_TRUE);
4735 }
4736 return (ISC_FALSE);
4737 }
4738
4739 if ((reply->old_ia == NULL) ||
4740 (reply->old_ia->num_iasubopt == 0))
4741 return (ISC_FALSE);
4742
4743 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4744 struct iasubopt *tmp;
4745
4746 tmp = reply->old_ia->iasubopt[i];
4747
4748 if ((pref->bits == (int) tmp->plen) &&
4749 (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4750 if (lease6_usable(tmp) == ISC_FALSE) {
4751 return (ISC_FALSE);
4752 }
4753
4754 pond = tmp->ipv6_pool->ipv6_pond;
4755 if (((pond->prohibit_list != NULL) &&
4756 (permitted(reply->packet, pond->prohibit_list))) ||
4757 ((pond->permit_list != NULL) &&
4758 (!permitted(reply->packet, pond->permit_list))))
4759 return (ISC_FALSE);
4760
4761 iasubopt_reference(&reply->lease, tmp, MDL);
4762 return (ISC_TRUE);
4763 }
4764 }
4765
4766 return (ISC_FALSE);
4767 }
4768
4769 /*
4770 * This function only returns failure on 'hard' failures. If it succeeds,
4771 * it will leave a prefix structure behind.
4772 */
4773 static isc_result_t
4774 reply_process_try_prefix(struct reply_state *reply,
4775 struct iaddrcidrnet *pref) {
4776 isc_result_t status = ISC_R_ADDRNOTAVAIL;
4777 struct ipv6_pool *pool = NULL;
4778 struct ipv6_pond *pond = NULL;
4779 int i;
4780 struct data_string data_pref;
4781
4782 if ((reply == NULL) || (reply->shared == NULL) ||
4783 (pref == NULL) || (reply->lease != NULL))
4784 return (DHCP_R_INVALIDARG);
4785
4786 /*
4787 * Do a quick walk through of the ponds and pools
4788 * to see if we have any prefix pools
4789 */
4790 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4791 if (pond->ipv6_pools == NULL)
4792 continue;
4793
4794 for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4795 if (pool->pool_type == D6O_IA_PD)
4796 break;
4797 }
4798 if (pool != NULL)
4799 break;
4800 }
4801
4802 /* If we get here and p is NULL we have no useful pools */
4803 if (pool == NULL) {
4804 return (ISC_R_ADDRNOTAVAIL);
4805 }
4806
4807 memset(&data_pref, 0, sizeof(data_pref));
4808 data_pref.len = 17;
4809 if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4810 log_error("reply_process_try_prefix: out of memory.");
4811 return (ISC_R_NOMEMORY);
4812 }
4813 data_pref.data = data_pref.buffer->data;
4814 data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4815 memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4816
4817 /*
4818 * We have at least one pool that could provide a prefix
4819 * Now we walk through the ponds and pools again and check
4820 * to see if the client is permitted and if an prefix is
4821 * available
4822 *
4823 */
4824
4825 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4826 if (((pond->prohibit_list != NULL) &&
4827 (permitted(reply->packet, pond->prohibit_list))) ||
4828 ((pond->permit_list != NULL) &&
4829 (!permitted(reply->packet, pond->permit_list))))
4830 continue;
4831
4832 for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4833 if (pool->pool_type != D6O_IA_PD) {
4834 continue;
4835 }
4836
4837 status = try_client_v6_prefix(&reply->lease, pool,
4838 &data_pref);
4839 /* If we found it in this pool (either in use or available),
4840 there is no need to look further. */
4841 if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4842 break;
4843 }
4844 if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4845 break;
4846 }
4847
4848 data_string_forget(&data_pref, MDL);
4849 /* Return just the most recent status... */
4850 return (status);
4851 }
4852
4853 /* Look around for a prefix to give the client. First, look through the old
4854 * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4855 * Finally, actually add that prefix into the current reply IA_PD.
4856 */
4857 static isc_result_t
4858 find_client_prefix(struct reply_state *reply) {
4859 struct iaddrcidrnet send_pref;
4860 isc_result_t status = ISC_R_NORESOURCES;
4861 struct iasubopt *prefix, *best_prefix = NULL;
4862 struct binding_scope **scope;
4863 int i;
4864 struct group *group;
4865
4866 if (reply->static_prefixes > 0) {
4867 struct iaddrcidrnetlist *l;
4868
4869 if (reply->host == NULL)
4870 return DHCP_R_INVALIDARG;
4871
4872 for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4873 if (l->cidrnet.bits == reply->preflen)
4874 break;
4875 }
4876 if (l == NULL) {
4877 /*
4878 * If no fixed prefix has the preferred length,
4879 * get the first one.
4880 */
4881 l = reply->host->fixed_prefix;
4882 }
4883 memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4884
4885 scope = &global_scope;
4886
4887 /* Copy the prefix for logging purposes */
4888 memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4889
4890 /* Try to find a group for the static prefix */
4891 group = find_group_by_prefix(reply);
4892
4893 goto send_pref;
4894 }
4895
4896 if (reply->old_ia != NULL) {
4897 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4898 struct shared_network *candidate_shared;
4899 struct ipv6_pond *pond;
4900
4901 prefix = reply->old_ia->iasubopt[i];
4902 candidate_shared = prefix->ipv6_pool->shared_network;
4903 pond = prefix->ipv6_pool->ipv6_pond;
4904
4905 /*
4906 * Consider this prefix if it is in a global pool or
4907 * if it is scoped in a pool under the client's shared
4908 * network.
4909 */
4910 if (((candidate_shared != NULL) &&
4911 (candidate_shared != reply->shared)) ||
4912 (lease6_usable(prefix) != ISC_TRUE))
4913 continue;
4914
4915 /*
4916 * And check if the prefix is still permitted
4917 */
4918
4919 if (((pond->prohibit_list != NULL) &&
4920 (permitted(reply->packet, pond->prohibit_list))) ||
4921 ((pond->permit_list != NULL) &&
4922 (!permitted(reply->packet, pond->permit_list))))
4923 continue;
4924
4925 best_prefix = prefix_compare(reply, prefix,
4926 best_prefix);
4927 }
4928
4929 /*
4930 * If we have prefix length hint and we're not igoring them,
4931 * then toss the best match if it doesn't match the hint,
4932 * unless this is in response to a rebind. In the latter
4933 * case we're supposed to return it with zero lifetimes.
4934 * (See rt45780) */
4935 if (best_prefix && (reply->preflen > 0)
4936 && (prefix_length_mode != PLM_IGNORE)
4937 && (reply->preflen != best_prefix->plen)
4938 && (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
4939 best_prefix = NULL;
4940 }
4941 }
4942
4943 /* Try to pick a new prefix if we didn't find one, or if we found an
4944 * abandoned prefix.
4945 */
4946 if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4947 status = pick_v6_prefix(reply);
4948 } else if (best_prefix != NULL) {
4949 iasubopt_reference(&reply->lease, best_prefix, MDL);
4950 status = ISC_R_SUCCESS;
4951 }
4952
4953 /* Pick the abandoned prefix as a last resort. */
4954 if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4955 /* I don't see how this is supposed to be done right now. */
4956 log_error("Reclaiming abandoned prefixes is not yet "
4957 "supported. Treating this as an out of space "
4958 "condition.");
4959 /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4960 }
4961
4962 /* Give up now if we didn't find a prefix. */
4963 if (status != ISC_R_SUCCESS)
4964 return status;
4965
4966 if (reply->lease == NULL)
4967 log_fatal("Impossible condition at %s:%d.", MDL);
4968
4969 scope = &reply->lease->scope;
4970 group = reply->lease->ipv6_pool->ipv6_pond->group;
4971
4972 send_pref.lo_addr.len = 16;
4973 memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4974 send_pref.bits = (int) reply->lease->plen;
4975
4976 send_pref:
4977 status = reply_process_is_prefixed(reply, scope, group);
4978 if (status != ISC_R_SUCCESS)
4979 return status;
4980
4981 status = reply_process_send_prefix(reply, &send_pref);
4982 return status;
4983 }
4984
4985 /* Once a prefix is found for a client, perform several common functions;
4986 * Calculate and store valid and preferred prefix times, draw client options
4987 * into the option state.
4988 */
4989 static isc_result_t
4990 reply_process_is_prefixed(struct reply_state *reply,
4991 struct binding_scope **scope, struct group *group)
4992 {
4993 isc_result_t status = ISC_R_SUCCESS;
4994 struct data_string data;
4995 struct option_cache *oc;
4996 struct option_state *tmp_options = NULL;
4997 struct on_star *on_star;
4998 int i;
4999
5000 /* Initialize values we will cleanup. */
5001 memset(&data, 0, sizeof(data));
5002
5003 /*
5004 * Find the proper on_star block to use. We use the
5005 * one in the lease if we have a lease or the one in
5006 * the reply if we don't have a lease because this is
5007 * a static instance
5008 */
5009 if (reply->lease) {
5010 on_star = &reply->lease->on_star;
5011 } else {
5012 on_star = &reply->on_star;
5013 }
5014
5015 /*
5016 * Bring in the root configuration. We only do this to bring
5017 * in the on * statements, as we didn't have the lease available
5018 * we we did it the first time.
5019 */
5020 option_state_allocate(&tmp_options, MDL);
5021 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5022 reply->packet->options, tmp_options,
5023 &global_scope, root_group, NULL,
5024 on_star);
5025 if (tmp_options != NULL) {
5026 option_state_dereference(&tmp_options, MDL);
5027 }
5028
5029 /*
5030 * Bring configured options into the root packet level cache - start
5031 * with the lease's closest enclosing group (passed in by the caller
5032 * as 'group').
5033 */
5034 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5035 reply->packet->options, reply->opt_state,
5036 scope, group, root_group, on_star);
5037
5038 /* Execute statements from class scopes. */
5039 for (i = reply->packet->class_count; i > 0; i--) {
5040 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5041 reply->packet->options,
5042 reply->opt_state, scope,
5043 reply->packet->classes[i - 1]->group,
5044 group, on_star);
5045 }
5046
5047 /*
5048 * If there is a host record, over-ride with values configured there,
5049 * without re-evaluating configuration from the previously executed
5050 * group or its common enclosers.
5051 */
5052 if (reply->host != NULL)
5053 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5054 reply->packet->options,
5055 reply->opt_state, scope,
5056 reply->host->group, group,
5057 on_star);
5058
5059 /* Determine valid lifetime. */
5060 if (reply->client_valid == 0)
5061 reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
5062 else
5063 reply->send_valid = reply->client_valid;
5064
5065 oc = lookup_option(&server_universe, reply->opt_state,
5066 SV_DEFAULT_LEASE_TIME);
5067 if (oc != NULL) {
5068 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5069 reply->packet->options,
5070 reply->opt_state,
5071 scope, oc, MDL) ||
5072 (data.len != 4)) {
5073 log_error("reply_process_is_prefixed: unable to "
5074 "evaluate default prefix time");
5075 status = ISC_R_FAILURE;
5076 goto cleanup;
5077 }
5078
5079 reply->send_valid = getULong(data.data);
5080 data_string_forget(&data, MDL);
5081 }
5082
5083 /* Check to see if the lease time would cause us to wrap
5084 * in which case we make it infinite.
5085 * The following doesn't work on at least some systems:
5086 * (cur_time + reply->send_valid < cur_time)
5087 */
5088 if (reply->send_valid != INFINITE_TIME) {
5089 time_t test_time = cur_time + reply->send_valid;
5090 if (test_time < cur_time)
5091 reply->send_valid = INFINITE_TIME;
5092 }
5093
5094 if (reply->client_prefer == 0)
5095 reply->send_prefer = reply->send_valid;
5096 else
5097 reply->send_prefer = reply->client_prefer;
5098
5099 if ((reply->send_prefer >= reply->send_valid) &&
5100 (reply->send_valid != INFINITE_TIME))
5101 reply->send_prefer = (reply->send_valid / 2) +
5102 (reply->send_valid / 8);
5103
5104 oc = lookup_option(&server_universe, reply->opt_state,
5105 SV_PREFER_LIFETIME);
5106 if (oc != NULL) {
5107 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5108 reply->packet->options,
5109 reply->opt_state,
5110 scope, oc, MDL) ||
5111 (data.len != 4)) {
5112 log_error("reply_process_is_prefixed: unable to "
5113 "evaluate preferred prefix time");
5114 status = ISC_R_FAILURE;
5115 goto cleanup;
5116 }
5117
5118 reply->send_prefer = getULong(data.data);
5119 data_string_forget(&data, MDL);
5120 }
5121
5122 /* Note lowest values for later calculation of renew/rebind times. */
5123 if (reply->min_prefer > reply->send_prefer)
5124 reply->min_prefer = reply->send_prefer;
5125
5126 if (reply->min_valid > reply->send_valid)
5127 reply->min_valid = reply->send_valid;
5128
5129 /* Perform dynamic prefix related update work. */
5130 if (reply->lease != NULL) {
5131 /* Cached lifetimes */
5132 reply->lease->prefer = reply->send_prefer;
5133 reply->lease->valid = reply->send_valid;
5134
5135 /* Advance (or rewind) the valid lifetime.
5136 * In the protocol 0xFFFFFFFF is infinite
5137 * when connecting to the lease file MAX_TIME is
5138 */
5139 if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
5140 if (reply->send_valid == INFINITE_TIME) {
5141 reply->lease->soft_lifetime_end_time = MAX_TIME;
5142 } else {
5143 reply->lease->soft_lifetime_end_time =
5144 cur_time + reply->send_valid;
5145 }
5146 /* Wait before renew! */
5147 }
5148
5149 status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
5150 if (status != ISC_R_SUCCESS) {
5151 log_fatal("reply_process_is_prefixed: Unable to "
5152 "attach prefix to new IA_PD: %s",
5153 isc_result_totext(status));
5154 }
5155
5156 /*
5157 * If this is a new prefix, make sure it is attached somewhere.
5158 */
5159 if (reply->lease->ia == NULL) {
5160 ia_reference(&reply->lease->ia, reply->ia, MDL);
5161 }
5162 }
5163
5164 /* Bring a copy of the relevant options into the IA_PD scope. */
5165 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5166 reply->packet->options, reply->reply_ia,
5167 scope, group, root_group, NULL);
5168
5169 /* Execute statements from class scopes. */
5170 for (i = reply->packet->class_count; i > 0; i--) {
5171 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5172 reply->packet->options,
5173 reply->reply_ia, scope,
5174 reply->packet->classes[i - 1]->group,
5175 group, NULL);
5176 }
5177
5178 /*
5179 * And bring in host record configuration, if any, but not to overlap
5180 * the previous group or its common enclosers.
5181 */
5182 if (reply->host != NULL)
5183 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5184 reply->packet->options,
5185 reply->reply_ia, scope,
5186 reply->host->group, group, NULL);
5187
5188 cleanup:
5189 if (data.data != NULL)
5190 data_string_forget(&data, MDL);
5191
5192 if (status == ISC_R_SUCCESS)
5193 reply->client_resources++;
5194
5195 return status;
5196 }
5197
5198 /* Simply send an IAPREFIX within the IA_PD scope as described. */
5199 static isc_result_t
5200 reply_process_send_prefix(struct reply_state *reply,
5201 struct iaddrcidrnet *pref) {
5202 isc_result_t status = ISC_R_SUCCESS;
5203 struct data_string data;
5204
5205 memset(&data, 0, sizeof(data));
5206
5207 /* Now append the prefix. */
5208 data.len = IAPREFIX_OFFSET;
5209 if (!buffer_allocate(&data.buffer, data.len, MDL)) {
5210 log_error("reply_process_send_prefix: out of memory"
5211 "allocating new IAPREFIX buffer.");
5212 status = ISC_R_NOMEMORY;
5213 goto cleanup;
5214 }
5215 data.data = data.buffer->data;
5216
5217 putULong(data.buffer->data, reply->send_prefer);
5218 putULong(data.buffer->data + 4, reply->send_valid);
5219 data.buffer->data[8] = pref->bits;
5220 memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
5221
5222 if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
5223 data.buffer, data.buffer->data,
5224 data.len, D6O_IAPREFIX, 0)) {
5225 log_error("reply_process_send_prefix: unable "
5226 "to save IAPREFIX option");
5227 status = ISC_R_FAILURE;
5228 goto cleanup;
5229 }
5230
5231 reply->resources_included = ISC_TRUE;
5232
5233 cleanup:
5234 if (data.data != NULL)
5235 data_string_forget(&data, MDL);
5236
5237 return status;
5238 }
5239
5240 /* Choose the better of two prefixes. */
5241 static struct iasubopt *
5242 prefix_compare(struct reply_state *reply,
5243 struct iasubopt *alpha, struct iasubopt *beta) {
5244 if (alpha == NULL)
5245 return beta;
5246 if (beta == NULL)
5247 return alpha;
5248
5249 if (reply->preflen >= 0) {
5250 if ((alpha->plen == reply->preflen) &&
5251 (beta->plen != reply->preflen))
5252 return alpha;
5253 if ((beta->plen == reply->preflen) &&
5254 (alpha->plen != reply->preflen))
5255 return beta;
5256 }
5257
5258 switch(alpha->state) {
5259 case FTS_ACTIVE:
5260 switch(beta->state) {
5261 case FTS_ACTIVE:
5262 /* Choose the prefix with the longest lifetime (most
5263 * likely the most recently allocated).
5264 */
5265 if (alpha->hard_lifetime_end_time <
5266 beta->hard_lifetime_end_time)
5267 return beta;
5268 else
5269 return alpha;
5270
5271 case FTS_EXPIRED:
5272 case FTS_ABANDONED:
5273 return alpha;
5274
5275 default:
5276 log_fatal("Impossible condition at %s:%d.", MDL);
5277 }
5278 break;
5279
5280 case FTS_EXPIRED:
5281 switch (beta->state) {
5282 case FTS_ACTIVE:
5283 return beta;
5284
5285 case FTS_EXPIRED:
5286 /* Choose the most recently expired prefix. */
5287 if (alpha->hard_lifetime_end_time <
5288 beta->hard_lifetime_end_time)
5289 return beta;
5290 else if ((alpha->hard_lifetime_end_time ==
5291 beta->hard_lifetime_end_time) &&
5292 (alpha->soft_lifetime_end_time <
5293 beta->soft_lifetime_end_time))
5294 return beta;
5295 else
5296 return alpha;
5297
5298 case FTS_ABANDONED:
5299 return alpha;
5300
5301 default:
5302 log_fatal("Impossible condition at %s:%d.", MDL);
5303 }
5304 break;
5305
5306 case FTS_ABANDONED:
5307 switch (beta->state) {
5308 case FTS_ACTIVE:
5309 case FTS_EXPIRED:
5310 return alpha;
5311
5312 case FTS_ABANDONED:
5313 /* Choose the prefix that was abandoned longest ago. */
5314 if (alpha->hard_lifetime_end_time <
5315 beta->hard_lifetime_end_time)
5316 return alpha;
5317 else
5318 return beta;
5319
5320 default:
5321 log_fatal("Impossible condition at %s:%d.", MDL);
5322 }
5323 break;
5324
5325 default:
5326 log_fatal("Impossible condition at %s:%d.", MDL);
5327 }
5328
5329 log_fatal("Triple impossible condition at %s:%d.", MDL);
5330 return NULL;
5331 }
5332
5333 /*
5334 * Solicit is how a client starts requesting addresses.
5335 *
5336 * If the client asks for rapid commit, and we support it, we will
5337 * allocate the addresses and reply.
5338 *
5339 * Otherwise we will send an advertise message.
5340 */
5341
5342 static void
5343 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5344 struct data_string client_id;
5345
5346 /*
5347 * Validate our input.
5348 */
5349 if (!valid_client_msg(packet, &client_id)) {
5350 return;
5351 }
5352
5353 lease_to_client(reply_ret, packet, &client_id, NULL);
5354
5355 /*
5356 * Clean up.
5357 */
5358 data_string_forget(&client_id, MDL);
5359 }
5360
5361 /*
5362 * Request is how a client actually requests addresses.
5363 *
5364 * Very similar to Solicit handling, except the server DUID is required.
5365 */
5366
5367 static void
5368 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5369 struct data_string client_id;
5370 struct data_string server_id;
5371
5372 /*
5373 * Validate our input.
5374 */
5375 if (!valid_client_resp(packet, &client_id, &server_id)) {
5376 return;
5377 }
5378
5379 /* If the REQUEST arrived via unicast and unicast option isn't set,
5380 * reject it per RFC 3315, Sec 18.2.1 */
5381 if (packet->unicast == ISC_TRUE &&
5382 is_unicast_option_defined(packet) == ISC_FALSE) {
5383 unicast_reject(reply_ret, packet, &client_id, &server_id);
5384 } else {
5385 /*
5386 * Issue our lease.
5387 */
5388 lease_to_client(reply_ret, packet, &client_id, &server_id);
5389 }
5390
5391 /*
5392 * Cleanup.
5393 */
5394 data_string_forget(&client_id, MDL);
5395 data_string_forget(&server_id, MDL);
5396 }
5397
5398 /* Find a DHCPv6 packet's shared network from hints in the packet.
5399 */
5400 static isc_result_t
5401 shared_network_from_packet6(struct shared_network **shared,
5402 struct packet *packet)
5403 {
5404 const struct packet *chk_packet;
5405 const struct in6_addr *link_addr, *first_link_addr;
5406 struct iaddr tmp_addr;
5407 struct subnet *subnet;
5408 isc_result_t status;
5409
5410 if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5411 return DHCP_R_INVALIDARG;
5412
5413 /*
5414 * First, find the link address where the packet from the client
5415 * first appeared (if this packet was relayed).
5416 */
5417 first_link_addr = NULL;
5418 chk_packet = packet->dhcpv6_container_packet;
5419 while (chk_packet != NULL) {
5420 link_addr = &chk_packet->dhcpv6_link_address;
5421 if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5422 !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5423 first_link_addr = link_addr;
5424 break;
5425 }
5426 chk_packet = chk_packet->dhcpv6_container_packet;
5427 }
5428
5429 /*
5430 * If there is a relayed link address, find the subnet associated
5431 * with that, and use that to get the appropriate
5432 * shared_network.
5433 */
5434 if (first_link_addr != NULL) {
5435 tmp_addr.len = sizeof(*first_link_addr);
5436 memcpy(tmp_addr.iabuf,
5437 first_link_addr, sizeof(*first_link_addr));
5438 subnet = NULL;
5439 if (!find_subnet(&subnet, tmp_addr, MDL)) {
5440 log_debug("No subnet found for link-address %s.",
5441 piaddr(tmp_addr));
5442 return ISC_R_NOTFOUND;
5443 }
5444 status = shared_network_reference(shared,
5445 subnet->shared_network, MDL);
5446 subnet_dereference(&subnet, MDL);
5447
5448 /*
5449 * If there is no link address, we will use the interface
5450 * that this packet came in on to pick the shared_network.
5451 */
5452 } else if (packet->interface != NULL) {
5453 status = shared_network_reference(shared,
5454 packet->interface->shared_network,
5455 MDL);
5456 if (packet->dhcpv6_container_packet != NULL) {
5457 log_info("[L2 Relay] No link address in relay packet "
5458 "assuming L2 relay and using receiving "
5459 "interface");
5460 }
5461
5462 } else {
5463 /*
5464 * We shouldn't be able to get here but if there is no link
5465 * address and no interface we don't know where to get the
5466 * pool from log an error and return an error.
5467 */
5468 log_error("No interface and no link address "
5469 "can't determine pool");
5470 status = DHCP_R_INVALIDARG;
5471 }
5472
5473 return status;
5474 }
5475
5476 /*
5477 * When a client thinks it might be on a new link, it sends a
5478 * Confirm message.
5479 *
5480 * From RFC3315 section 18.2.2:
5481 *
5482 * When the server receives a Confirm message, the server determines
5483 * whether the addresses in the Confirm message are appropriate for the
5484 * link to which the client is attached. If all of the addresses in the
5485 * Confirm message pass this test, the server returns a status of
5486 * Success. If any of the addresses do not pass this test, the server
5487 * returns a status of NotOnLink. If the server is unable to perform
5488 * this test (for example, the server does not have information about
5489 * prefixes on the link to which the client is connected), or there were
5490 * no addresses in any of the IAs sent by the client, the server MUST
5491 * NOT send a reply to the client.
5492 */
5493
5494 static void
5495 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5496 struct shared_network *shared;
5497 struct subnet *subnet;
5498 struct option_cache *ia, *ta, *oc;
5499 struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5500 struct option_state *cli_enc_opt_state, *opt_state;
5501 struct iaddr cli_addr;
5502 int pass;
5503 isc_boolean_t inappropriate, has_addrs;
5504 char reply_data[65536];
5505 struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5506 int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5507
5508 /*
5509 * Basic client message validation.
5510 */
5511 memset(&client_id, 0, sizeof(client_id));
5512 if (!valid_client_msg(packet, &client_id)) {
5513 return;
5514 }
5515
5516 /*
5517 * Do not process Confirms that do not have IA's we do not recognize.
5518 */
5519 ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5520 ta = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_TA);
5521 if ((ia == NULL) && (ta == NULL))
5522 return;
5523
5524 /*
5525 * IA_PD's are simply ignored.
5526 */
5527 delete_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
5528
5529 /*
5530 * Bit of variable initialization.
5531 */
5532 opt_state = cli_enc_opt_state = NULL;
5533 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5534 memset(&iaaddr, 0, sizeof(iaaddr));
5535 memset(&packet_oro, 0, sizeof(packet_oro));
5536
5537 /* Determine what shared network the client is connected to. We
5538 * must not respond if we don't have any information about the
5539 * network the client is on.
5540 */
5541 shared = NULL;
5542 if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5543 (shared == NULL))
5544 goto exit;
5545
5546 /* If there are no recorded subnets, then we have no
5547 * information about this subnet - ignore Confirms.
5548 */
5549 subnet = shared->subnets;
5550 if (subnet == NULL)
5551 goto exit;
5552
5553 /* Are the addresses in all the IA's appropriate for that link? */
5554 has_addrs = inappropriate = ISC_FALSE;
5555 pass = D6O_IA_NA;
5556 while(!inappropriate) {
5557 /* If we've reached the end of the IA_NA pass, move to the
5558 * IA_TA pass.
5559 */
5560 if ((pass == D6O_IA_NA) && (ia == NULL)) {
5561 pass = D6O_IA_TA;
5562 ia = ta;
5563 }
5564
5565 /* If we've reached the end of all passes, we're done. */
5566 if (ia == NULL)
5567 break;
5568
5569 if (((pass == D6O_IA_NA) &&
5570 !get_encapsulated_IA_state(&cli_enc_opt_state,
5571 &cli_enc_opt_data,
5572 packet, ia, IA_NA_OFFSET)) ||
5573 ((pass == D6O_IA_TA) &&
5574 !get_encapsulated_IA_state(&cli_enc_opt_state,
5575 &cli_enc_opt_data,
5576 packet, ia, IA_TA_OFFSET))) {
5577 goto exit;
5578 }
5579
5580 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5581 D6O_IAADDR);
5582
5583 for ( ; oc != NULL ; oc = oc->next) {
5584 if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5585 packet->options, NULL,
5586 &global_scope, oc, MDL) ||
5587 (iaaddr.len < IAADDR_OFFSET)) {
5588 log_error("dhcpv6_confirm: "
5589 "error evaluating IAADDR.");
5590 goto exit;
5591 }
5592
5593 /* Copy out the IPv6 address for processing. */
5594 cli_addr.len = 16;
5595 memcpy(cli_addr.iabuf, iaaddr.data, 16);
5596
5597 data_string_forget(&iaaddr, MDL);
5598
5599 /* Record that we've processed at least one address. */
5600 has_addrs = ISC_TRUE;
5601
5602 /* Find out if any subnets cover this address. */
5603 for (subnet = shared->subnets ; subnet != NULL ;
5604 subnet = subnet->next_sibling) {
5605 if (addr_eq(subnet_number(cli_addr,
5606 subnet->netmask),
5607 subnet->net))
5608 break;
5609 }
5610
5611 /* If we reach the end of the subnet list, and no
5612 * subnet matches the client address, then it must
5613 * be inappropriate to the link (so far as our
5614 * configuration says). Once we've found one
5615 * inappropriate address, there is no reason to
5616 * continue searching.
5617 */
5618 if (subnet == NULL) {
5619 inappropriate = ISC_TRUE;
5620 break;
5621 }
5622 }
5623
5624 option_state_dereference(&cli_enc_opt_state, MDL);
5625 data_string_forget(&cli_enc_opt_data, MDL);
5626
5627 /* Advance to the next IA_*. */
5628 ia = ia->next;
5629 }
5630
5631 /* If the client supplied no addresses, do not reply. */
5632 if (!has_addrs)
5633 goto exit;
5634
5635 /*
5636 * Set up reply.
5637 */
5638 if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5639 goto exit;
5640 }
5641
5642 /*
5643 * Set our status.
5644 */
5645 if (inappropriate) {
5646 if (!set_status_code(STATUS_NotOnLink,
5647 "Some of the addresses are not on link.",
5648 opt_state)) {
5649 goto exit;
5650 }
5651 } else {
5652 if (!set_status_code(STATUS_Success,
5653 "All addresses still on link.",
5654 opt_state)) {
5655 goto exit;
5656 }
5657 }
5658
5659 /*
5660 * Only one option: add it.
5661 */
5662 reply_ofs += store_options6(reply_data+reply_ofs,
5663 sizeof(reply_data)-reply_ofs,
5664 opt_state, packet,
5665 required_opts, &packet_oro);
5666
5667 /*
5668 * Return our reply to the caller.
5669 */
5670 reply_ret->len = reply_ofs;
5671 reply_ret->buffer = NULL;
5672 if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5673 log_fatal("No memory to store reply.");
5674 }
5675 reply_ret->data = reply_ret->buffer->data;
5676 memcpy(reply_ret->buffer->data, reply, reply_ofs);
5677
5678 exit:
5679 /* Cleanup any stale data strings. */
5680 if (cli_enc_opt_data.buffer != NULL)
5681 data_string_forget(&cli_enc_opt_data, MDL);
5682 if (iaaddr.buffer != NULL)
5683 data_string_forget(&iaaddr, MDL);
5684 if (client_id.buffer != NULL)
5685 data_string_forget(&client_id, MDL);
5686 if (packet_oro.buffer != NULL)
5687 data_string_forget(&packet_oro, MDL);
5688
5689 /* Release any stale option states. */
5690 if (cli_enc_opt_state != NULL)
5691 option_state_dereference(&cli_enc_opt_state, MDL);
5692 if (opt_state != NULL)
5693 option_state_dereference(&opt_state, MDL);
5694 }
5695
5696 /*
5697 * Renew is when a client wants to extend its lease/prefix, at time T1.
5698 *
5699 * We handle this the same as if the client wants a new lease/prefix,
5700 * except for the error code of when addresses don't match.
5701 */
5702
5703 static void
5704 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5705 struct data_string client_id;
5706 struct data_string server_id;
5707
5708 /*
5709 * Validate the request.
5710 */
5711 if (!valid_client_resp(packet, &client_id, &server_id)) {
5712 return;
5713 }
5714
5715 /* If the RENEW arrived via unicast and unicast option isn't set,
5716 * reject it per RFC 3315, Sec 18.2.3 */
5717 if (packet->unicast == ISC_TRUE &&
5718 is_unicast_option_defined(packet) == ISC_FALSE) {
5719 unicast_reject(reply, packet, &client_id, &server_id);
5720 } else {
5721 /*
5722 * Renew our lease.
5723 */
5724 lease_to_client(reply, packet, &client_id, &server_id);
5725 }
5726
5727 /*
5728 * Cleanup.
5729 */
5730 data_string_forget(&server_id, MDL);
5731 data_string_forget(&client_id, MDL);
5732 }
5733
5734 /*
5735 * Rebind is when a client wants to extend its lease, at time T2.
5736 *
5737 * We handle this the same as if the client wants a new lease, except
5738 * for the error code of when addresses don't match.
5739 */
5740
5741 static void
5742 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5743 struct data_string client_id;
5744
5745 if (!valid_client_msg(packet, &client_id)) {
5746 return;
5747 }
5748
5749 lease_to_client(reply, packet, &client_id, NULL);
5750
5751 data_string_forget(&client_id, MDL);
5752 }
5753
5754 static void
5755 ia_na_match_decline(const struct data_string *client_id,
5756 const struct data_string *iaaddr,
5757 struct iasubopt *lease)
5758 {
5759 char tmp_addr[INET6_ADDRSTRLEN];
5760
5761 log_error("Client %s reports address %s is "
5762 "already in use by another host!",
5763 print_hex_1(client_id->len, client_id->data, 60),
5764 inet_ntop(AF_INET6, iaaddr->data,
5765 tmp_addr, sizeof(tmp_addr)));
5766 if (lease != NULL) {
5767 decline_lease6(lease->ipv6_pool, lease);
5768 lease->ia->cltt = cur_time;
5769 write_ia(lease->ia);
5770 }
5771 }
5772
5773 static void
5774 ia_na_nomatch_decline(const struct data_string *client_id,
5775 const struct data_string *iaaddr,
5776 u_int32_t *ia_na_id,
5777 struct packet *packet,
5778 char *reply_data,
5779 int *reply_ofs,
5780 int reply_len)
5781 {
5782 char tmp_addr[INET6_ADDRSTRLEN];
5783 struct option_state *host_opt_state;
5784 int len;
5785
5786 log_info("Client %s declines address %s, which is not offered to it.",
5787 print_hex_1(client_id->len, client_id->data, 60),
5788 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5789
5790 /*
5791 * Create state for this IA_NA.
5792 */
5793 host_opt_state = NULL;
5794 if (!option_state_allocate(&host_opt_state, MDL)) {
5795 log_error("ia_na_nomatch_decline: out of memory "
5796 "allocating option_state.");
5797 goto exit;
5798 }
5799
5800 if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5801 host_opt_state)) {
5802 goto exit;
5803 }
5804
5805 /*
5806 * Insure we have enough space
5807 */
5808 if (reply_len < (*reply_ofs + 16)) {
5809 log_error("ia_na_nomatch_decline: "
5810 "out of space for reply packet.");
5811 goto exit;
5812 }
5813
5814 /*
5815 * Put our status code into the reply packet.
5816 */
5817 len = store_options6(reply_data+(*reply_ofs)+16,
5818 reply_len-(*reply_ofs)-16,
5819 host_opt_state, packet,
5820 required_opts_STATUS_CODE, NULL);
5821
5822 /*
5823 * Store the non-encapsulated option data for this
5824 * IA_NA into our reply packet. Defined in RFC 3315,
5825 * section 22.4.
5826 */
5827 /* option number */
5828 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5829 /* option length */
5830 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5831 /* IA_NA, copied from the client */
5832 memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5833 /* t1 and t2, odd that we need them, but here it is */
5834 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5835 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5836
5837 /*
5838 * Get ready for next IA_NA.
5839 */
5840 *reply_ofs += (len + 16);
5841
5842 exit:
5843 option_state_dereference(&host_opt_state, MDL);
5844 }
5845
5846 static void
5847 iterate_over_ia_na(struct data_string *reply_ret,
5848 struct packet *packet,
5849 const struct data_string *client_id,
5850 const struct data_string *server_id,
5851 const char *packet_type,
5852 void (*ia_na_match)(),
5853 void (*ia_na_nomatch)())
5854 {
5855 struct option_state *opt_state;
5856 struct host_decl *packet_host;
5857 struct option_cache *ia;
5858 struct option_cache *oc;
5859 /* cli_enc_... variables come from the IA_NA/IA_TA options */
5860 struct data_string cli_enc_opt_data;
5861 struct option_state *cli_enc_opt_state;
5862 struct host_decl *host;
5863 struct data_string iaaddr;
5864 struct data_string fixed_addr;
5865 char reply_data[65536];
5866 struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5867 int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5868 char status_msg[32];
5869 struct iasubopt *lease;
5870 struct ia_xx *existing_ia_na;
5871 int i;
5872 struct data_string key;
5873 u_int32_t iaid;
5874
5875 /*
5876 * Initialize to empty values, in case we have to exit early.
5877 */
5878 opt_state = NULL;
5879 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5880 cli_enc_opt_state = NULL;
5881 memset(&iaaddr, 0, sizeof(iaaddr));
5882 memset(&fixed_addr, 0, sizeof(fixed_addr));
5883 lease = NULL;
5884
5885 /*
5886 * Find the host record that matches from the packet, if any.
5887 */
5888 packet_host = NULL;
5889 find_hosts6(&packet_host, packet, client_id, MDL);
5890
5891 /*
5892 * Set our reply information.
5893 */
5894 reply->msg_type = DHCPV6_REPLY;
5895 memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5896 sizeof(reply->transaction_id));
5897
5898 /*
5899 * Build our option state for reply.
5900 */
5901 opt_state = NULL;
5902 if (!option_state_allocate(&opt_state, MDL)) {
5903 log_error("iterate_over_ia_na: no memory for option_state.");
5904 goto exit;
5905 }
5906 execute_statements_in_scope(NULL, packet, NULL, NULL,
5907 packet->options, opt_state,
5908 &global_scope, root_group, NULL, NULL);
5909
5910 /*
5911 * RFC 3315, section 18.2.7 tells us which options to include.
5912 */
5913 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5914 if (oc == NULL) {
5915 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5916 (unsigned char *)server_duid.data,
5917 server_duid.len, D6O_SERVERID, 0)) {
5918 log_error("iterate_over_ia_na: "
5919 "error saving server identifier.");
5920 goto exit;
5921 }
5922 }
5923
5924 if (!save_option_buffer(&dhcpv6_universe, opt_state,
5925 client_id->buffer,
5926 (unsigned char *)client_id->data,
5927 client_id->len,
5928 D6O_CLIENTID, 0)) {
5929 log_error("iterate_over_ia_na: "
5930 "error saving client identifier.");
5931 goto exit;
5932 }
5933
5934 snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5935 if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5936 goto exit;
5937 }
5938
5939 /*
5940 * Add our options that are not associated with any IA_NA or IA_TA.
5941 */
5942 reply_ofs += store_options6(reply_data+reply_ofs,
5943 sizeof(reply_data)-reply_ofs,
5944 opt_state, packet,
5945 required_opts, NULL);
5946
5947 /*
5948 * Loop through the IA_NA reported by the client, and deal with
5949 * addresses reported as already in use.
5950 */
5951 for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5952 ia != NULL; ia = ia->next) {
5953
5954 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5955 &cli_enc_opt_data,
5956 packet, ia, IA_NA_OFFSET)) {
5957 goto exit;
5958 }
5959
5960 iaid = getULong(cli_enc_opt_data.data);
5961
5962 /*
5963 * XXX: It is possible that we can get multiple addresses
5964 * sent by the client. We don't send multiple
5965 * addresses, so this indicates a client error.
5966 * We should check for multiple IAADDR options, log
5967 * if found, and set as an error.
5968 */
5969 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5970 D6O_IAADDR);
5971 if (oc == NULL) {
5972 /* no address given for this IA, ignore */
5973 option_state_dereference(&cli_enc_opt_state, MDL);
5974 data_string_forget(&cli_enc_opt_data, MDL);
5975 continue;
5976 }
5977
5978 memset(&iaaddr, 0, sizeof(iaaddr));
5979 if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5980 packet->options, NULL,
5981 &global_scope, oc, MDL)) {
5982 log_error("iterate_over_ia_na: "
5983 "error evaluating IAADDR.");
5984 goto exit;
5985 }
5986
5987 /*
5988 * Now we need to figure out which host record matches
5989 * this IA_NA and IAADDR (encapsulated option contents
5990 * matching a host record by option).
5991 *
5992 * XXX: We don't currently track IA_NA separately, but
5993 * we will need to do this!
5994 */
5995 host = NULL;
5996 if (!find_hosts_by_option(&host, packet,
5997 cli_enc_opt_state, MDL)) {
5998 if (packet_host != NULL) {
5999 host = packet_host;
6000 } else {
6001 host = NULL;
6002 }
6003 }
6004 while (host != NULL) {
6005 if (host->fixed_addr != NULL) {
6006 if (!evaluate_option_cache(&fixed_addr, NULL,
6007 NULL, NULL, NULL,
6008 NULL, &global_scope,
6009 host->fixed_addr,
6010 MDL)) {
6011 log_error("iterate_over_ia_na: error "
6012 "evaluating host address.");
6013 goto exit;
6014 }
6015 if ((iaaddr.len >= 16) &&
6016 !memcmp(fixed_addr.data, iaaddr.data, 16)) {
6017 data_string_forget(&fixed_addr, MDL);
6018 break;
6019 }
6020 data_string_forget(&fixed_addr, MDL);
6021 }
6022 host = host->n_ipaddr;
6023 }
6024
6025 if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
6026 /*
6027 * Find existing IA_NA.
6028 */
6029 if (ia_make_key(&key, iaid,
6030 (char *)client_id->data,
6031 client_id->len,
6032 MDL) != ISC_R_SUCCESS) {
6033 log_fatal("iterate_over_ia_na: no memory for "
6034 "key.");
6035 }
6036
6037 existing_ia_na = NULL;
6038 if (ia_hash_lookup(&existing_ia_na, ia_na_active,
6039 (unsigned char *)key.data,
6040 key.len, MDL)) {
6041 /*
6042 * Make sure this address is in the IA_NA.
6043 */
6044 for (i=0; i<existing_ia_na->num_iasubopt; i++) {
6045 struct iasubopt *tmp;
6046 struct in6_addr *in6_addr;
6047
6048 tmp = existing_ia_na->iasubopt[i];
6049 in6_addr = &tmp->addr;
6050 if (memcmp(in6_addr,
6051 iaaddr.data, 16) == 0) {
6052 iasubopt_reference(&lease,
6053 tmp, MDL);
6054 break;
6055 }
6056 }
6057 }
6058
6059 data_string_forget(&key, MDL);
6060 }
6061
6062 if ((host != NULL) || (lease != NULL)) {
6063 ia_na_match(client_id, &iaaddr, lease);
6064 } else {
6065 ia_na_nomatch(client_id, &iaaddr,
6066 (u_int32_t *)cli_enc_opt_data.data,
6067 packet, reply_data, &reply_ofs,
6068 sizeof(reply_data));
6069 }
6070
6071 if (lease != NULL) {
6072 iasubopt_dereference(&lease, MDL);
6073 }
6074
6075 data_string_forget(&iaaddr, MDL);
6076 option_state_dereference(&cli_enc_opt_state, MDL);
6077 data_string_forget(&cli_enc_opt_data, MDL);
6078 }
6079
6080 /*
6081 * Return our reply to the caller.
6082 */
6083 reply_ret->len = reply_ofs;
6084 reply_ret->buffer = NULL;
6085 if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
6086 log_fatal("No memory to store reply.");
6087 }
6088 reply_ret->data = reply_ret->buffer->data;
6089 memcpy(reply_ret->buffer->data, reply, reply_ofs);
6090
6091 exit:
6092 if (lease != NULL) {
6093 iasubopt_dereference(&lease, MDL);
6094 }
6095 if (fixed_addr.buffer != NULL) {
6096 data_string_forget(&fixed_addr, MDL);
6097 }
6098 if (iaaddr.buffer != NULL) {
6099 data_string_forget(&iaaddr, MDL);
6100 }
6101 if (cli_enc_opt_state != NULL) {
6102 option_state_dereference(&cli_enc_opt_state, MDL);
6103 }
6104 if (cli_enc_opt_data.buffer != NULL) {
6105 data_string_forget(&cli_enc_opt_data, MDL);
6106 }
6107 if (opt_state != NULL) {
6108 option_state_dereference(&opt_state, MDL);
6109 }
6110 }
6111
6112 /*
6113 * Decline means a client has detected that something else is using an
6114 * address we gave it.
6115 *
6116 * Since we're only dealing with fixed leases for now, there's not
6117 * much we can do, other that log the occurrence.
6118 *
6119 * When we start issuing addresses from pools, then we will have to
6120 * record our declined addresses and issue another. In general with
6121 * IPv6 there is no worry about DoS by clients exhausting space, but
6122 * we still need to be aware of this possibility.
6123 */
6124
6125 /* TODO: IA_TA */
6126 static void
6127 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
6128 struct data_string client_id;
6129 struct data_string server_id;
6130
6131 /*
6132 * Validate our input.
6133 */
6134 if (!valid_client_resp(packet, &client_id, &server_id)) {
6135 return;
6136 }
6137
6138 /* If the DECLINE arrived via unicast and unicast option isn't set,
6139 * reject it per RFC 3315, Sec 18.2.7 */
6140 if (packet->unicast == ISC_TRUE &&
6141 is_unicast_option_defined(packet) == ISC_FALSE) {
6142 unicast_reject(reply, packet, &client_id, &server_id);
6143 } else {
6144 /*
6145 * Undefined for IA_PD.
6146 */
6147 delete_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6148
6149 /*
6150 * And operate on each IA_NA in this packet.
6151 */
6152 iterate_over_ia_na(reply, packet, &client_id, &server_id,
6153 "Decline", ia_na_match_decline,
6154 ia_na_nomatch_decline);
6155
6156 }
6157
6158 data_string_forget(&server_id, MDL);
6159 data_string_forget(&client_id, MDL);
6160 }
6161
6162 static void
6163 ia_na_match_release(const struct data_string *client_id,
6164 const struct data_string *iaaddr,
6165 struct iasubopt *lease)
6166 {
6167 char tmp_addr[INET6_ADDRSTRLEN];
6168
6169 log_info("Client %s releases address %s",
6170 print_hex_1(client_id->len, client_id->data, 60),
6171 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6172 if (lease != NULL) {
6173 release_lease6(lease->ipv6_pool, lease);
6174 lease->ia->cltt = cur_time;
6175 write_ia(lease->ia);
6176 }
6177 }
6178
6179 static void
6180 ia_na_nomatch_release(const struct data_string *client_id,
6181 const struct data_string *iaaddr,
6182 u_int32_t *ia_na_id,
6183 struct packet *packet,
6184 char *reply_data,
6185 int *reply_ofs,
6186 int reply_len)
6187 {
6188 char tmp_addr[INET6_ADDRSTRLEN];
6189 struct option_state *host_opt_state;
6190 int len;
6191
6192 log_info("Client %s releases address %s, which is not leased to it.",
6193 print_hex_1(client_id->len, client_id->data, 60),
6194 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6195
6196 /*
6197 * Create state for this IA_NA.
6198 */
6199 host_opt_state = NULL;
6200 if (!option_state_allocate(&host_opt_state, MDL)) {
6201 log_error("ia_na_nomatch_release: out of memory "
6202 "allocating option_state.");
6203 goto exit;
6204 }
6205
6206 if (!set_status_code(STATUS_NoBinding,
6207 "Release for non-leased address.",
6208 host_opt_state)) {
6209 goto exit;
6210 }
6211
6212 /*
6213 * Insure we have enough space
6214 */
6215 if (reply_len < (*reply_ofs + 16)) {
6216 log_error("ia_na_nomatch_release: "
6217 "out of space for reply packet.");
6218 goto exit;
6219 }
6220
6221 /*
6222 * Put our status code into the reply packet.
6223 */
6224 len = store_options6(reply_data+(*reply_ofs)+16,
6225 reply_len-(*reply_ofs)-16,
6226 host_opt_state, packet,
6227 required_opts_STATUS_CODE, NULL);
6228
6229 /*
6230 * Store the non-encapsulated option data for this
6231 * IA_NA into our reply packet. Defined in RFC 3315,
6232 * section 22.4.
6233 */
6234 /* option number */
6235 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
6236 /* option length */
6237 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6238 /* IA_NA, copied from the client */
6239 memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
6240 /* t1 and t2, odd that we need them, but here it is */
6241 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6242 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6243
6244 /*
6245 * Get ready for next IA_NA.
6246 */
6247 *reply_ofs += (len + 16);
6248
6249 exit:
6250 option_state_dereference(&host_opt_state, MDL);
6251 }
6252
6253 static void
6254 ia_pd_match_release(const struct data_string *client_id,
6255 const struct data_string *iapref,
6256 struct iasubopt *prefix)
6257 {
6258 char tmp_addr[INET6_ADDRSTRLEN];
6259
6260 log_info("Client %s releases prefix %s/%u",
6261 print_hex_1(client_id->len, client_id->data, 60),
6262 inet_ntop(AF_INET6, iapref->data + 9,
6263 tmp_addr, sizeof(tmp_addr)),
6264 (unsigned) getUChar(iapref->data + 8));
6265 if (prefix != NULL) {
6266 release_lease6(prefix->ipv6_pool, prefix);
6267 prefix->ia->cltt = cur_time;
6268 write_ia(prefix->ia);
6269 }
6270 }
6271
6272 static void
6273 ia_pd_nomatch_release(const struct data_string *client_id,
6274 const struct data_string *iapref,
6275 u_int32_t *ia_pd_id,
6276 struct packet *packet,
6277 char *reply_data,
6278 int *reply_ofs,
6279 int reply_len)
6280 {
6281 char tmp_addr[INET6_ADDRSTRLEN];
6282 struct option_state *host_opt_state;
6283 int len;
6284
6285 log_info("Client %s releases prefix %s/%u, which is not leased to it.",
6286 print_hex_1(client_id->len, client_id->data, 60),
6287 inet_ntop(AF_INET6, iapref->data + 9,
6288 tmp_addr, sizeof(tmp_addr)),
6289 (unsigned) getUChar(iapref->data + 8));
6290
6291 /*
6292 * Create state for this IA_PD.
6293 */
6294 host_opt_state = NULL;
6295 if (!option_state_allocate(&host_opt_state, MDL)) {
6296 log_error("ia_pd_nomatch_release: out of memory "
6297 "allocating option_state.");
6298 goto exit;
6299 }
6300
6301 if (!set_status_code(STATUS_NoBinding,
6302 "Release for non-leased prefix.",
6303 host_opt_state)) {
6304 goto exit;
6305 }
6306
6307 /*
6308 * Insure we have enough space
6309 */
6310 if (reply_len < (*reply_ofs + 16)) {
6311 log_error("ia_pd_nomatch_release: "
6312 "out of space for reply packet.");
6313 goto exit;
6314 }
6315
6316 /*
6317 * Put our status code into the reply packet.
6318 */
6319 len = store_options6(reply_data+(*reply_ofs)+16,
6320 reply_len-(*reply_ofs)-16,
6321 host_opt_state, packet,
6322 required_opts_STATUS_CODE, NULL);
6323
6324 /*
6325 * Store the non-encapsulated option data for this
6326 * IA_PD into our reply packet. Defined in RFC 3315,
6327 * section 22.4.
6328 */
6329 /* option number */
6330 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6331 /* option length */
6332 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6333 /* IA_PD, copied from the client */
6334 memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6335 /* t1 and t2, odd that we need them, but here it is */
6336 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6337 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6338
6339 /*
6340 * Get ready for next IA_PD.
6341 */
6342 *reply_ofs += (len + 16);
6343
6344 exit:
6345 option_state_dereference(&host_opt_state, MDL);
6346 }
6347
6348 static void
6349 iterate_over_ia_pd(struct data_string *reply_ret,
6350 struct packet *packet,
6351 const struct data_string *client_id,
6352 const struct data_string *server_id,
6353 const char *packet_type,
6354 void (*ia_pd_match)(),
6355 void (*ia_pd_nomatch)())
6356 {
6357 struct data_string reply_new;
6358 int reply_len;
6359 struct option_state *opt_state;
6360 struct host_decl *packet_host;
6361 struct option_cache *ia;
6362 struct option_cache *oc;
6363 /* cli_enc_... variables come from the IA_PD options */
6364 struct data_string cli_enc_opt_data;
6365 struct option_state *cli_enc_opt_state;
6366 struct host_decl *host;
6367 struct data_string iaprefix;
6368 char reply_data[65536];
6369 int reply_ofs;
6370 struct iasubopt *prefix;
6371 struct ia_xx *existing_ia_pd;
6372 int i;
6373 struct data_string key;
6374 u_int32_t iaid;
6375
6376 /*
6377 * Initialize to empty values, in case we have to exit early.
6378 */
6379 memset(&reply_new, 0, sizeof(reply_new));
6380 opt_state = NULL;
6381 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6382 cli_enc_opt_state = NULL;
6383 memset(&iaprefix, 0, sizeof(iaprefix));
6384 prefix = NULL;
6385
6386 /*
6387 * Compute the available length for the reply.
6388 */
6389 reply_len = sizeof(reply_data) - reply_ret->len;
6390 reply_ofs = 0;
6391
6392 /*
6393 * Find the host record that matches from the packet, if any.
6394 */
6395 packet_host = NULL;
6396 find_hosts6(&packet_host, packet, client_id, MDL);
6397
6398 /*
6399 * Build our option state for reply.
6400 */
6401 opt_state = NULL;
6402 if (!option_state_allocate(&opt_state, MDL)) {
6403 log_error("iterate_over_ia_pd: no memory for option_state.");
6404 goto exit;
6405 }
6406 execute_statements_in_scope(NULL, packet, NULL, NULL,
6407 packet->options, opt_state,
6408 &global_scope, root_group, NULL, NULL);
6409
6410 /*
6411 * Loop through the IA_PD reported by the client, and deal with
6412 * prefixes reported as already in use.
6413 */
6414 for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6415 ia != NULL; ia = ia->next) {
6416
6417 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6418 &cli_enc_opt_data,
6419 packet, ia, IA_PD_OFFSET)) {
6420 goto exit;
6421 }
6422
6423 iaid = getULong(cli_enc_opt_data.data);
6424
6425 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6426 D6O_IAPREFIX);
6427 if (oc == NULL) {
6428 /* no prefix given for this IA_PD, ignore */
6429 option_state_dereference(&cli_enc_opt_state, MDL);
6430 data_string_forget(&cli_enc_opt_data, MDL);
6431 continue;
6432 }
6433
6434 for (; oc != NULL; oc = oc->next) {
6435 memset(&iaprefix, 0, sizeof(iaprefix));
6436 if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6437 packet->options, NULL,
6438 &global_scope, oc, MDL)) {
6439 log_error("iterate_over_ia_pd: "
6440 "error evaluating IAPREFIX.");
6441 goto exit;
6442 }
6443
6444 /*
6445 * Now we need to figure out which host record matches
6446 * this IA_PD and IAPREFIX (encapsulated option contents
6447 * matching a host record by option).
6448 *
6449 * XXX: We don't currently track IA_PD separately, but
6450 * we will need to do this!
6451 */
6452 host = NULL;
6453 if (!find_hosts_by_option(&host, packet,
6454 cli_enc_opt_state, MDL)) {
6455 if (packet_host != NULL) {
6456 host = packet_host;
6457 } else {
6458 host = NULL;
6459 }
6460 }
6461 while (host != NULL) {
6462 if (host->fixed_prefix != NULL) {
6463 struct iaddrcidrnetlist *l;
6464 int plen = (int) getUChar(iaprefix.data + 8);
6465
6466 for (l = host->fixed_prefix; l != NULL;
6467 l = l->next) {
6468 if (plen != l->cidrnet.bits)
6469 continue;
6470 if (memcmp(iaprefix.data + 9,
6471 l->cidrnet.lo_addr.iabuf,
6472 16) == 0)
6473 break;
6474 }
6475 if ((l != NULL) && (iaprefix.len >= 17))
6476 break;
6477 }
6478 host = host->n_ipaddr;
6479 }
6480
6481 if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6482 /*
6483 * Find existing IA_PD.
6484 */
6485 if (ia_make_key(&key, iaid,
6486 (char *)client_id->data,
6487 client_id->len,
6488 MDL) != ISC_R_SUCCESS) {
6489 log_fatal("iterate_over_ia_pd: no memory for "
6490 "key.");
6491 }
6492
6493 existing_ia_pd = NULL;
6494 if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6495 (unsigned char *)key.data,
6496 key.len, MDL)) {
6497 /*
6498 * Make sure this prefix is in the IA_PD.
6499 */
6500 for (i = 0;
6501 i < existing_ia_pd->num_iasubopt;
6502 i++) {
6503 struct iasubopt *tmp;
6504 u_int8_t plen;
6505
6506 plen = getUChar(iaprefix.data + 8);
6507 tmp = existing_ia_pd->iasubopt[i];
6508 if ((tmp->plen == plen) &&
6509 (memcmp(&tmp->addr,
6510 iaprefix.data + 9,
6511 16) == 0)) {
6512 iasubopt_reference(&prefix,
6513 tmp, MDL);
6514 break;
6515 }
6516 }
6517 }
6518
6519 data_string_forget(&key, MDL);
6520 }
6521
6522 if ((host != NULL) || (prefix != NULL)) {
6523 ia_pd_match(client_id, &iaprefix, prefix);
6524 } else {
6525 ia_pd_nomatch(client_id, &iaprefix,
6526 (u_int32_t *)cli_enc_opt_data.data,
6527 packet, reply_data, &reply_ofs,
6528 reply_len - reply_ofs);
6529 }
6530
6531 if (prefix != NULL) {
6532 iasubopt_dereference(&prefix, MDL);
6533 }
6534
6535 data_string_forget(&iaprefix, MDL);
6536 }
6537
6538 option_state_dereference(&cli_enc_opt_state, MDL);
6539 data_string_forget(&cli_enc_opt_data, MDL);
6540 }
6541
6542 /*
6543 * Return our reply to the caller.
6544 * The IA_NA routine has already filled at least the header.
6545 */
6546 reply_new.len = reply_ret->len + reply_ofs;
6547 if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6548 log_fatal("No memory to store reply.");
6549 }
6550 reply_new.data = reply_new.buffer->data;
6551 memcpy(reply_new.buffer->data,
6552 reply_ret->buffer->data, reply_ret->len);
6553 memcpy(reply_new.buffer->data + reply_ret->len,
6554 reply_data, reply_ofs);
6555 data_string_forget(reply_ret, MDL);
6556 data_string_copy(reply_ret, &reply_new, MDL);
6557 data_string_forget(&reply_new, MDL);
6558
6559 exit:
6560 if (prefix != NULL) {
6561 iasubopt_dereference(&prefix, MDL);
6562 }
6563 if (iaprefix.buffer != NULL) {
6564 data_string_forget(&iaprefix, MDL);
6565 }
6566 if (cli_enc_opt_state != NULL) {
6567 option_state_dereference(&cli_enc_opt_state, MDL);
6568 }
6569 if (cli_enc_opt_data.buffer != NULL) {
6570 data_string_forget(&cli_enc_opt_data, MDL);
6571 }
6572 if (opt_state != NULL) {
6573 option_state_dereference(&opt_state, MDL);
6574 }
6575 }
6576
6577 /*
6578 * Release means a client is done with the leases.
6579 */
6580
6581 static void
6582 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6583 struct data_string client_id;
6584 struct data_string server_id;
6585
6586 /*
6587 * Validate our input.
6588 */
6589 if (!valid_client_resp(packet, &client_id, &server_id)) {
6590 return;
6591 }
6592
6593 /* If the RELEASE arrived via unicast and unicast option isn't set,
6594 * reject it per RFC 3315, Sec 18.2.6 */
6595 if (packet->unicast == ISC_TRUE &&
6596 is_unicast_option_defined(packet) == ISC_FALSE) {
6597 unicast_reject(reply, packet, &client_id, &server_id);
6598 } else {
6599 /*
6600 * And operate on each IA_NA in this packet.
6601 */
6602 iterate_over_ia_na(reply, packet, &client_id, &server_id,
6603 "Release", ia_na_match_release,
6604 ia_na_nomatch_release);
6605
6606 /*
6607 * And operate on each IA_PD in this packet.
6608 */
6609 iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6610 "Release", ia_pd_match_release,
6611 ia_pd_nomatch_release);
6612 }
6613
6614 data_string_forget(&server_id, MDL);
6615 data_string_forget(&client_id, MDL);
6616 }
6617
6618 /*
6619 * Information-Request is used by clients who have obtained an address
6620 * from other means, but want configuration information from the server.
6621 */
6622
6623 static void
6624 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6625 struct data_string client_id;
6626 struct data_string server_id;
6627
6628 /*
6629 * Validate our input.
6630 */
6631 if (!valid_client_info_req(packet, &server_id)) {
6632 return;
6633 }
6634
6635 /*
6636 * Get our client ID, if there is one.
6637 */
6638 memset(&client_id, 0, sizeof(client_id));
6639 if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6640 data_string_forget(&client_id, MDL);
6641 }
6642
6643 /*
6644 * Use the lease_to_client() function. This will work fine,
6645 * because the valid_client_info_req() insures that we
6646 * don't have any IA that would cause us to allocate
6647 * resources to the client.
6648 */
6649 lease_to_client(reply, packet, &client_id,
6650 server_id.data != NULL ? &server_id : NULL);
6651
6652 /*
6653 * Cleanup.
6654 */
6655 if (client_id.data != NULL) {
6656 data_string_forget(&client_id, MDL);
6657 }
6658 data_string_forget(&server_id, MDL);
6659 }
6660
6661 /*
6662 * The Relay-forw message is sent by relays. It typically contains a
6663 * single option, which encapsulates an entire packet.
6664 *
6665 * We need to build an encapsulated reply.
6666 */
6667
6668 /* XXX: this is very, very similar to do_packet6(), and should probably
6669 be combined in a clever way */
6670 /* DHCPv6 server side */
6671 static void
6672 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6673 struct option_cache *oc;
6674 struct data_string enc_opt_data;
6675 struct packet *enc_packet;
6676 unsigned char msg_type;
6677 const struct dhcpv6_packet *msg;
6678 const struct dhcpv6_relay_packet *relay;
6679 struct data_string enc_reply;
6680 char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6681 char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6682 struct data_string a_opt, packet_ero;
6683 struct option_state *opt_state;
6684 static char reply_data[65536];
6685 struct dhcpv6_relay_packet *reply;
6686 int reply_ofs;
6687
6688 /*
6689 * Initialize variables for early exit.
6690 */
6691 opt_state = NULL;
6692 memset(&a_opt, 0, sizeof(a_opt));
6693 memset(&packet_ero, 0, sizeof(packet_ero));
6694 memset(&enc_reply, 0, sizeof(enc_reply));
6695 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6696 enc_packet = NULL;
6697
6698 /*
6699 * Get our encapsulated relay message.
6700 */
6701 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_RELAY_MSG);
6702 if (oc == NULL) {
6703 inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6704 link_addr, sizeof(link_addr));
6705 inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6706 peer_addr, sizeof(peer_addr));
6707 log_info("Relay-forward from %s with link address=%s and "
6708 "peer address=%s missing Relay Message option.",
6709 piaddr(packet->client_addr), link_addr, peer_addr);
6710 goto exit;
6711 }
6712
6713 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6714 NULL, NULL, &global_scope, oc, MDL)) {
6715 /* should be dhcpv6_relay_forw */
6716 log_error("dhcpv6_forw_relay: error evaluating "
6717 "relayed message.");
6718 goto exit;
6719 }
6720
6721 if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6722 /* should be dhcpv6_relay_forw */
6723 log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6724 goto exit;
6725 }
6726
6727 /*
6728 * Build a packet structure from this encapsulated packet.
6729 */
6730 enc_packet = NULL;
6731 if (!packet_allocate(&enc_packet, MDL)) {
6732 /* should be dhcpv6_relay_forw */
6733 log_error("dhcpv6_forw_relay: "
6734 "no memory for encapsulated packet.");
6735 goto exit;
6736 }
6737
6738 if (!option_state_allocate(&enc_packet->options, MDL)) {
6739 /* should be dhcpv6_relay_forw */
6740 log_error("dhcpv6_forw_relay: "
6741 "no memory for encapsulated packet's options.");
6742 goto exit;
6743 }
6744
6745 enc_packet->client_port = packet->client_port;
6746 enc_packet->client_addr = packet->client_addr;
6747 interface_reference(&enc_packet->interface, packet->interface, MDL);
6748 enc_packet->dhcpv6_container_packet = packet;
6749
6750 msg_type = enc_opt_data.data[0];
6751 if ((msg_type == DHCPV6_RELAY_FORW) ||
6752 (msg_type == DHCPV6_RELAY_REPL)) {
6753 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6754 relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6755 enc_packet->dhcpv6_msg_type = relay->msg_type;
6756
6757 /* relay-specific data */
6758 enc_packet->dhcpv6_hop_count = relay->hop_count;
6759 memcpy(&enc_packet->dhcpv6_link_address,
6760 relay->link_address, sizeof(relay->link_address));
6761 memcpy(&enc_packet->dhcpv6_peer_address,
6762 relay->peer_address, sizeof(relay->peer_address));
6763
6764 if (!parse_option_buffer(enc_packet->options,
6765 relay->options,
6766 enc_opt_data.len - relaylen,
6767 &dhcpv6_universe)) {
6768 /* no logging here, as parse_option_buffer() logs all
6769 cases where it fails */
6770 goto exit;
6771 }
6772 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6773 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6774 #ifdef DHCP4o6
6775 if (!dhcpv4_over_dhcpv6 ||
6776 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6777 log_error("dhcpv6_relay_forw: "
6778 "unsupported %s message type.",
6779 dhcpv6_type_names[msg_type]);
6780 goto exit;
6781 }
6782 forw_dhcpv4_query(packet);
6783 goto exit;
6784 #else /* DHCP4o6 */
6785 log_error("dhcpv6_relay_forw: unsupported %s message type.",
6786 dhcpv6_type_names[msg_type]);
6787 goto exit;
6788 #endif /* DHCP4o6 */
6789 } else {
6790 int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6791 msg = (struct dhcpv6_packet *)enc_opt_data.data;
6792 enc_packet->dhcpv6_msg_type = msg->msg_type;
6793
6794 /* message-specific data */
6795 memcpy(enc_packet->dhcpv6_transaction_id,
6796 msg->transaction_id,
6797 sizeof(enc_packet->dhcpv6_transaction_id));
6798
6799 if (!parse_option_buffer(enc_packet->options,
6800 msg->options,
6801 enc_opt_data.len - msglen,
6802 &dhcpv6_universe)) {
6803 /* no logging here, as parse_option_buffer() logs all
6804 cases where it fails */
6805 goto exit;
6806 }
6807 }
6808
6809 /*
6810 * This is recursive. It is possible to exceed maximum packet size.
6811 * XXX: This will cause the packet send to fail.
6812 */
6813 build_dhcpv6_reply(&enc_reply, enc_packet);
6814
6815 /*
6816 * If we got no encapsulated data, then it is discarded, and
6817 * our reply-forw is also discarded.
6818 */
6819 if (enc_reply.data == NULL) {
6820 goto exit;
6821 }
6822
6823 /*
6824 * Now we can use the reply_data buffer.
6825 * Packet header stuff all comes from the forward message.
6826 */
6827 reply = (struct dhcpv6_relay_packet *)reply_data;
6828 reply->msg_type = DHCPV6_RELAY_REPL;
6829 reply->hop_count = packet->dhcpv6_hop_count;
6830 memcpy(reply->link_address, &packet->dhcpv6_link_address,
6831 sizeof(reply->link_address));
6832 memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6833 sizeof(reply->peer_address));
6834 reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6835
6836 /*
6837 * Get the reply option state.
6838 */
6839 opt_state = NULL;
6840 if (!option_state_allocate(&opt_state, MDL)) {
6841 log_error("dhcpv6_relay_forw: no memory for option state.");
6842 goto exit;
6843 }
6844
6845 /*
6846 * Append the interface-id if present.
6847 */
6848 oc = lookup_option(&dhcpv6_universe, packet->options,
6849 D6O_INTERFACE_ID);
6850 if (oc != NULL) {
6851 if (!evaluate_option_cache(&a_opt, packet,
6852 NULL, NULL,
6853 packet->options, NULL,
6854 &global_scope, oc, MDL)) {
6855 log_error("dhcpv6_relay_forw: error evaluating "
6856 "Interface ID.");
6857 goto exit;
6858 }
6859 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6860 (unsigned char *)a_opt.data,
6861 a_opt.len,
6862 D6O_INTERFACE_ID, 0)) {
6863 log_error("dhcpv6_relay_forw: error saving "
6864 "Interface ID.");
6865 goto exit;
6866 }
6867 data_string_forget(&a_opt, MDL);
6868 }
6869
6870 #if defined(RELAY_PORT)
6871 /*
6872 * Append the relay_source_port option if present.
6873 */
6874 oc = lookup_option(&dhcpv6_universe, packet->options,
6875 D6O_RELAY_SOURCE_PORT);
6876 if (oc != NULL) {
6877 if (!evaluate_option_cache(&a_opt, packet,
6878 NULL, NULL,
6879 packet->options, NULL,
6880 &global_scope, oc, MDL)) {
6881 log_error("dhcpv6_relay_forw: error evaluating "
6882 "Relay Source Port.");
6883 goto exit;
6884 }
6885 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6886 (unsigned char *)a_opt.data,
6887 a_opt.len,
6888 D6O_RELAY_SOURCE_PORT, 0)) {
6889 log_error("dhcpv6_relay_forw: error saving "
6890 "Relay Source Port.");
6891 goto exit;
6892 }
6893 data_string_forget(&a_opt, MDL);
6894
6895 packet->relay_source_port = ISC_TRUE;
6896 }
6897 #endif
6898
6899 /*
6900 * Append our encapsulated stuff for caller.
6901 */
6902 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6903 (unsigned char *)enc_reply.data,
6904 enc_reply.len,
6905 D6O_RELAY_MSG, 0)) {
6906 log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6907 goto exit;
6908 }
6909
6910 /*
6911 * Get the ERO if any.
6912 */
6913 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6914 if (oc != NULL) {
6915 unsigned req;
6916 int i;
6917
6918 if (!evaluate_option_cache(&packet_ero, packet,
6919 NULL, NULL,
6920 packet->options, NULL,
6921 &global_scope, oc, MDL) ||
6922 (packet_ero.len & 1)) {
6923 log_error("dhcpv6_relay_forw: error evaluating ERO.");
6924 goto exit;
6925 }
6926
6927 /* Decode and apply the ERO. */
6928 for (i = 0; i < packet_ero.len; i += 2) {
6929 req = getUShort(packet_ero.data + i);
6930 /* Already in the reply? */
6931 oc = lookup_option(&dhcpv6_universe, opt_state, req);
6932 if (oc != NULL)
6933 continue;
6934 /* Get it from the packet if present. */
6935 oc = lookup_option(&dhcpv6_universe,
6936 packet->options,
6937 req);
6938 if (oc == NULL)
6939 continue;
6940 if (!evaluate_option_cache(&a_opt, packet,
6941 NULL, NULL,
6942 packet->options, NULL,
6943 &global_scope, oc, MDL)) {
6944 log_error("dhcpv6_relay_forw: error "
6945 "evaluating option %u.", req);
6946 goto exit;
6947 }
6948 if (!save_option_buffer(&dhcpv6_universe,
6949 opt_state,
6950 NULL,
6951 (unsigned char *)a_opt.data,
6952 a_opt.len,
6953 req,
6954 0)) {
6955 log_error("dhcpv6_relay_forw: error saving "
6956 "option %u.", req);
6957 goto exit;
6958 }
6959 data_string_forget(&a_opt, MDL);
6960 }
6961 }
6962
6963 reply_ofs += store_options6(reply_data + reply_ofs,
6964 sizeof(reply_data) - reply_ofs,
6965 opt_state, packet,
6966 required_opts_agent, &packet_ero);
6967
6968 /*
6969 * Return our reply to the caller.
6970 */
6971 reply_ret->len = reply_ofs;
6972 reply_ret->buffer = NULL;
6973 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6974 log_fatal("No memory to store reply.");
6975 }
6976 reply_ret->data = reply_ret->buffer->data;
6977 memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6978
6979 exit:
6980 if (opt_state != NULL)
6981 option_state_dereference(&opt_state, MDL);
6982 if (a_opt.data != NULL) {
6983 data_string_forget(&a_opt, MDL);
6984 }
6985 if (packet_ero.data != NULL) {
6986 data_string_forget(&packet_ero, MDL);
6987 }
6988 if (enc_reply.data != NULL) {
6989 data_string_forget(&enc_reply, MDL);
6990 }
6991 if (enc_opt_data.data != NULL) {
6992 data_string_forget(&enc_opt_data, MDL);
6993 }
6994 if (enc_packet != NULL) {
6995 packet_dereference(&enc_packet, MDL);
6996 }
6997 }
6998
6999 #ifdef DHCP4o6
7000 /* \brief Internal processing of a relayed DHCPv4-query
7001 * (DHCPv4 server side)
7002 *
7003 * Code copied from \ref dhcpv6_relay_forw() which itself is
7004 * from \ref do_packet6().
7005 *
7006 * \param reply_ret pointer to the response
7007 * \param packet the query
7008 */
7009 static void
7010 dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
7011 struct option_cache *oc;
7012 struct data_string enc_opt_data;
7013 struct packet *enc_packet;
7014 unsigned char msg_type;
7015 const struct dhcpv6_relay_packet *relay;
7016 const struct dhcpv4_over_dhcpv6_packet *msg;
7017 struct data_string enc_reply;
7018 char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7019 char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7020 struct data_string a_opt, packet_ero;
7021 struct option_state *opt_state;
7022 static char reply_data[65536];
7023 struct dhcpv6_relay_packet *reply;
7024 int reply_ofs;
7025
7026 /*
7027 * Initialize variables for early exit.
7028 */
7029 opt_state = NULL;
7030 memset(&a_opt, 0, sizeof(a_opt));
7031 memset(&packet_ero, 0, sizeof(packet_ero));
7032 memset(&enc_reply, 0, sizeof(enc_reply));
7033 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7034 enc_packet = NULL;
7035
7036 /*
7037 * Get our encapsulated relay message.
7038 */
7039 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_RELAY_MSG);
7040 if (oc == NULL) {
7041 inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
7042 link_addr, sizeof(link_addr));
7043 inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
7044 peer_addr, sizeof(peer_addr));
7045 log_info("Relay-forward from %s with link address=%s and "
7046 "peer address=%s missing Relay Message option.",
7047 piaddr(packet->client_addr), link_addr, peer_addr);
7048 goto exit;
7049 }
7050
7051 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7052 NULL, NULL, &global_scope, oc, MDL)) {
7053 log_error("dhcp4o6_relay_forw: error evaluating "
7054 "relayed message.");
7055 goto exit;
7056 }
7057
7058 if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
7059 log_error("dhcp4o6_relay_forw: "
7060 "encapsulated packet too short.");
7061 goto exit;
7062 }
7063
7064 /*
7065 * Build a packet structure from this encapsulated packet.
7066 */
7067 if (!packet_allocate(&enc_packet, MDL)) {
7068 log_error("dhcp4o6_relay_forw: "
7069 "no memory for encapsulated packet.");
7070 goto exit;
7071 }
7072
7073 if (!option_state_allocate(&enc_packet->options, MDL)) {
7074 log_error("dhcp4o6_relay_forw: "
7075 "no memory for encapsulated packet's options.");
7076 goto exit;
7077 }
7078
7079 enc_packet->client_port = packet->client_port;
7080 enc_packet->client_addr = packet->client_addr;
7081 interface_reference(&enc_packet->interface, packet->interface, MDL);
7082 enc_packet->dhcpv6_container_packet = packet;
7083
7084 msg_type = enc_opt_data.data[0];
7085 if ((msg_type == DHCPV6_RELAY_FORW) ||
7086 (msg_type == DHCPV6_RELAY_REPL)) {
7087 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
7088 relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
7089 enc_packet->dhcpv6_msg_type = relay->msg_type;
7090
7091 /* relay-specific data */
7092 enc_packet->dhcpv6_hop_count = relay->hop_count;
7093 memcpy(&enc_packet->dhcpv6_link_address,
7094 relay->link_address, sizeof(relay->link_address));
7095 memcpy(&enc_packet->dhcpv6_peer_address,
7096 relay->peer_address, sizeof(relay->peer_address));
7097
7098 if (!parse_option_buffer(enc_packet->options,
7099 relay->options,
7100 enc_opt_data.len - relaylen,
7101 &dhcpv6_universe)) {
7102 /* no logging here, as parse_option_buffer() logs all
7103 cases where it fails */
7104 goto exit;
7105 }
7106 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7107 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
7108 int msglen =
7109 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7110 msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
7111 enc_packet->dhcpv6_msg_type = msg->msg_type;
7112
7113 /* message-specific data */
7114 memcpy(enc_packet->dhcp4o6_flags,
7115 msg->flags,
7116 sizeof(enc_packet->dhcp4o6_flags));
7117
7118 if (!parse_option_buffer(enc_packet->options,
7119 msg->options,
7120 enc_opt_data.len - msglen,
7121 &dhcpv6_universe)) {
7122 /* no logging here, as parse_option_buffer() logs all
7123 cases where it fails */
7124 goto exit;
7125 }
7126 } else {
7127 log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
7128 (int)msg_type);
7129 goto exit;
7130 }
7131
7132 /*
7133 * This is recursive. It is possible to exceed maximum packet size.
7134 * XXX: This will cause the packet send to fail.
7135 */
7136 build_dhcpv6_reply(&enc_reply, enc_packet);
7137
7138 /*
7139 * If we got no encapsulated data, then it is discarded, and
7140 * our reply-forw is also discarded.
7141 */
7142 if (enc_reply.data == NULL) {
7143 goto exit;
7144 }
7145
7146 /*
7147 * Now we can use the reply_data buffer.
7148 * Packet header stuff all comes from the forward message.
7149 */
7150 reply = (struct dhcpv6_relay_packet *)reply_data;
7151 reply->msg_type = DHCPV6_RELAY_REPL;
7152 reply->hop_count = packet->dhcpv6_hop_count;
7153 memcpy(reply->link_address, &packet->dhcpv6_link_address,
7154 sizeof(reply->link_address));
7155 memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
7156 sizeof(reply->peer_address));
7157 reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
7158
7159 /*
7160 * Get the reply option state.
7161 */
7162 if (!option_state_allocate(&opt_state, MDL)) {
7163 log_error("dhcp4o6_relay_forw: no memory for option state.");
7164 goto exit;
7165 }
7166
7167 /*
7168 * Append the interface-id if present.
7169 */
7170 oc = lookup_option(&dhcpv6_universe, packet->options,
7171 D6O_INTERFACE_ID);
7172 if (oc != NULL) {
7173 if (!evaluate_option_cache(&a_opt, packet,
7174 NULL, NULL,
7175 packet->options, NULL,
7176 &global_scope, oc, MDL)) {
7177 log_error("dhcp4o6_relay_forw: error evaluating "
7178 "Interface ID.");
7179 goto exit;
7180 }
7181 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7182 (unsigned char *)a_opt.data,
7183 a_opt.len,
7184 D6O_INTERFACE_ID, 0)) {
7185 log_error("dhcp4o6_relay_forw: error saving "
7186 "Interface ID.");
7187 goto exit;
7188 }
7189 data_string_forget(&a_opt, MDL);
7190 }
7191
7192 #if defined(RELAY_PORT)
7193 /*
7194 * Append the relay_source_port option if present.
7195 */
7196 oc = lookup_option(&dhcpv6_universe, packet->options,
7197 D6O_RELAY_SOURCE_PORT);
7198 if (oc != NULL) {
7199 if (!evaluate_option_cache(&a_opt, packet,
7200 NULL, NULL,
7201 packet->options, NULL,
7202 &global_scope, oc, MDL)) {
7203 log_error("dhcpv4o6_relay_forw: error evaluating "
7204 "Relay Source Port.");
7205 goto exit;
7206 }
7207 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7208 (unsigned char *)a_opt.data,
7209 a_opt.len,
7210 D6O_RELAY_SOURCE_PORT, 0)) {
7211 log_error("dhcpv4o6_relay_forw: error saving "
7212 "Relay Source Port.");
7213 goto exit;
7214 }
7215 data_string_forget(&a_opt, MDL);
7216
7217 packet->relay_source_port = ISC_TRUE;
7218 }
7219 #endif
7220
7221 /*
7222 * Append our encapsulated stuff for caller.
7223 */
7224 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7225 (unsigned char *)enc_reply.data,
7226 enc_reply.len,
7227 D6O_RELAY_MSG, 0)) {
7228 log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
7229 goto exit;
7230 }
7231
7232 /*
7233 * Get the ERO if any.
7234 */
7235 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
7236 if (oc != NULL) {
7237 unsigned req;
7238 int i;
7239
7240 if (!evaluate_option_cache(&packet_ero, packet,
7241 NULL, NULL,
7242 packet->options, NULL,
7243 &global_scope, oc, MDL) ||
7244 (packet_ero.len & 1)) {
7245 log_error("dhcp4o6_relay_forw: error evaluating ERO.");
7246 goto exit;
7247 }
7248
7249 /* Decode and apply the ERO. */
7250 for (i = 0; i < packet_ero.len; i += 2) {
7251 req = getUShort(packet_ero.data + i);
7252 /* Already in the reply? */
7253 oc = lookup_option(&dhcpv6_universe, opt_state, req);
7254 if (oc != NULL)
7255 continue;
7256 /* Get it from the packet if present. */
7257 oc = lookup_option(&dhcpv6_universe,
7258 packet->options,
7259 req);
7260 if (oc == NULL)
7261 continue;
7262 if (!evaluate_option_cache(&a_opt, packet,
7263 NULL, NULL,
7264 packet->options, NULL,
7265 &global_scope, oc, MDL)) {
7266 log_error("dhcp4o6_relay_forw: error "
7267 "evaluating option %u.", req);
7268 goto exit;
7269 }
7270 if (!save_option_buffer(&dhcpv6_universe,
7271 opt_state,
7272 NULL,
7273 (unsigned char *)a_opt.data,
7274 a_opt.len,
7275 req,
7276 0)) {
7277 log_error("dhcp4o6_relay_forw: error saving "
7278 "option %u.", req);
7279 goto exit;
7280 }
7281 data_string_forget(&a_opt, MDL);
7282 }
7283 }
7284
7285 reply_ofs += store_options6(reply_data + reply_ofs,
7286 sizeof(reply_data) - reply_ofs,
7287 opt_state, packet,
7288 required_opts_agent, &packet_ero);
7289
7290 /*
7291 * Return our reply to the caller.
7292 */
7293 reply_ret->len = reply_ofs;
7294 reply_ret->buffer = NULL;
7295 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7296 log_fatal("No memory to store reply.");
7297 }
7298 reply_ret->data = reply_ret->buffer->data;
7299 memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
7300
7301 exit:
7302 if (opt_state != NULL)
7303 option_state_dereference(&opt_state, MDL);
7304 if (a_opt.data != NULL) {
7305 data_string_forget(&a_opt, MDL);
7306 }
7307 if (packet_ero.data != NULL) {
7308 data_string_forget(&packet_ero, MDL);
7309 }
7310 if (enc_reply.data != NULL) {
7311 data_string_forget(&enc_reply, MDL);
7312 }
7313 if (enc_opt_data.data != NULL) {
7314 data_string_forget(&enc_opt_data, MDL);
7315 }
7316 if (enc_packet != NULL) {
7317 packet_dereference(&enc_packet, MDL);
7318 }
7319 }
7320
7321 /*
7322 * \brief Internal processing of a DHCPv4-query
7323 * (DHCPv4 server function)
7324 *
7325 * Code copied from \ref do_packet().
7326 *
7327 * \param reply_ret pointer to the response
7328 * \param packet the query
7329 */
7330 static void
7331 dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
7332 struct option_cache *oc;
7333 struct data_string enc_opt_data;
7334 struct packet *enc_packet;
7335 struct data_string enc_response;
7336 struct option_state *opt_state;
7337 static char response_data[65536];
7338 struct dhcpv4_over_dhcpv6_packet *response;
7339 int response_ofs;
7340
7341 /*
7342 * Initialize variables for early exit.
7343 */
7344 opt_state = NULL;
7345 memset(&enc_response, 0, sizeof(enc_response));
7346 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7347 enc_packet = NULL;
7348
7349 /*
7350 * Get our encapsulated relay message.
7351 */
7352 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_DHCPV4_MSG);
7353 if (oc == NULL) {
7354 log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
7355 piaddr(packet->client_addr));
7356 goto exit;
7357 }
7358
7359 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7360 NULL, NULL, &global_scope, oc, MDL)) {
7361 log_error("dhcp4o6_dhcpv4_query: error evaluating "
7362 "DHCPv4 message.");
7363 goto exit;
7364 }
7365
7366 if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
7367 log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
7368 goto exit;
7369 }
7370
7371 /*
7372 * Build a packet structure from this encapsulated packet.
7373 */
7374 if (!packet_allocate(&enc_packet, MDL)) {
7375 log_error("dhcp4o6_dhcpv4_query: "
7376 "no memory for encapsulated packet.");
7377 goto exit;
7378 }
7379
7380 enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7381 enc_packet->packet_length = enc_opt_data.len;
7382 enc_packet->dhcp4o6_response = &enc_response;
7383 enc_packet->client_port = packet->client_port;
7384 enc_packet->client_addr = packet->client_addr;
7385 interface_reference(&enc_packet->interface, packet->interface, MDL);
7386 enc_packet->dhcpv6_container_packet = packet;
7387 if (packet->dhcp4o6_flags[0] & DHCP4O6_QUERY_UNICAST)
7388 enc_packet->unicast = 1;
7389
7390 if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7391 log_info("dhcp4o6_dhcpv4_query: "
7392 "discarding packet with bogus hlen.");
7393 goto exit;
7394 }
7395
7396 /* Allocate packet->options now so it is non-null for all packets */
7397 if (!option_state_allocate (&enc_packet->options, MDL)) {
7398 log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7399 goto exit;
7400 }
7401
7402 /* If there's an option buffer, try to parse it. */
7403 if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7404 struct option_cache *op;
7405 if (!parse_options(enc_packet)) {
7406 if (enc_packet->options)
7407 option_state_dereference
7408 (&enc_packet->options, MDL);
7409 packet_dereference (&enc_packet, MDL);
7410 goto exit;
7411 }
7412
7413 if (enc_packet->options_valid &&
7414 (op = lookup_option(&dhcp_universe,
7415 enc_packet->options,
7416 DHO_DHCP_MESSAGE_TYPE))) {
7417 struct data_string dp;
7418 memset(&dp, 0, sizeof dp);
7419 evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7420 enc_packet->options, NULL,
7421 NULL, op, MDL);
7422 if (dp.len > 0)
7423 enc_packet->packet_type = dp.data[0];
7424 else
7425 enc_packet->packet_type = 0;
7426 data_string_forget(&dp, MDL);
7427 }
7428 }
7429
7430 if (validate_packet(enc_packet) != 0) {
7431 if (enc_packet->packet_type)
7432 dhcp(enc_packet);
7433 else
7434 bootp(enc_packet);
7435 }
7436
7437 /* If the caller kept the packet, they'll have upped the refcnt. */
7438 packet_dereference(&enc_packet, MDL);
7439
7440 /*
7441 * If we got no response data, then it is discarded, and
7442 * our DHCPv4-response is also discarded.
7443 */
7444 if (enc_response.data == NULL) {
7445 goto exit;
7446 }
7447
7448 /*
7449 * Now we can use the response_data buffer.
7450 */
7451 response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7452 response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7453 response->flags[0] = response->flags[1] = response->flags[2] = 0;
7454 response_ofs =
7455 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7456
7457 /*
7458 * Get the response option state.
7459 */
7460 if (!option_state_allocate(&opt_state, MDL)) {
7461 log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7462 goto exit;
7463 }
7464
7465 /*
7466 * Append our encapsulated stuff for caller.
7467 */
7468 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7469 (unsigned char *)enc_response.data,
7470 enc_response.len,
7471 D6O_DHCPV4_MSG, 0)) {
7472 log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7473 goto exit;
7474 }
7475
7476 response_ofs += store_options6(response_data + response_ofs,
7477 sizeof(response_data) - response_ofs,
7478 opt_state, packet,
7479 required_opts_4o6, NULL);
7480
7481 /*
7482 * Return our response to the caller.
7483 */
7484 reply_ret->len = response_ofs;
7485 reply_ret->buffer = NULL;
7486 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7487 log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7488 }
7489 reply_ret->data = reply_ret->buffer->data;
7490 memcpy(reply_ret->buffer->data, response_data, response_ofs);
7491
7492 exit:
7493 if (opt_state != NULL)
7494 option_state_dereference(&opt_state, MDL);
7495 if (enc_response.data != NULL) {
7496 data_string_forget(&enc_response, MDL);
7497 }
7498 if (enc_opt_data.data != NULL) {
7499 data_string_forget(&enc_opt_data, MDL);
7500 }
7501 if (enc_packet != NULL) {
7502 packet_dereference(&enc_packet, MDL);
7503 }
7504 }
7505
7506 /*
7507 * \brief Forward a DHCPv4-query message to the DHCPv4 side
7508 * (DHCPv6 server function)
7509 *
7510 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7511 *
7512 * \brief packet the DHCPv6 DHCPv4-query message
7513 */
7514 static void forw_dhcpv4_query(struct packet *packet) {
7515 struct data_string ds;
7516 struct udp_data4o6 udp_data;
7517 unsigned len;
7518 int cc;
7519
7520 /* Get the initial message. */
7521 while (packet->dhcpv6_container_packet != NULL)
7522 packet = packet->dhcpv6_container_packet;
7523
7524 /* Check the initial message. */
7525 if ((packet->raw == NULL) ||
7526 (packet->client_addr.len != 16) ||
7527 (packet->interface == NULL)) {
7528 log_error("forw_dhcpv4_query: can't find initial message.");
7529 return;
7530 }
7531
7532 /* Get a buffer. */
7533 len = packet->packet_length + 36;
7534 memset(&ds, 0, sizeof(ds));
7535 if (!buffer_allocate(&ds.buffer, len, MDL)) {
7536 log_error("forw_dhcpv4_query: "
7537 "no memory for encapsulating packet.");
7538 return;
7539 }
7540 ds.data = ds.buffer->data;
7541 ds.len = len;
7542
7543 /* Fill the buffer. */
7544 strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7545 memcpy(ds.buffer->data + 16,
7546 packet->client_addr.iabuf, 16);
7547 memset(&udp_data, 0, sizeof(udp_data));
7548 udp_data.src_port = packet->client_port;
7549 memcpy(ds.buffer->data + 32, &udp_data, 4);
7550 memcpy(ds.buffer->data + 36,
7551 (unsigned char *)packet->raw,
7552 packet->packet_length);
7553
7554 /* Forward to the DHCPv4 server. */
7555 cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7556 if (cc < 0)
7557 log_error("forw_dhcpv4_query: send(): %m");
7558 data_string_forget(&ds, MDL);
7559 }
7560 #endif
7561
7562 static void
7563 dhcpv6_discard(struct packet *packet) {
7564 /* INSIST(packet->msg_type > 0); */
7565 /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7566
7567 log_debug("Discarding %s from %s; message type not handled by server",
7568 dhcpv6_type_names[packet->dhcpv6_msg_type],
7569 piaddr(packet->client_addr));
7570 }
7571
7572 static void
7573 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7574 memset(reply, 0, sizeof(*reply));
7575
7576 /* I would like to classify the client once here, but
7577 * as I don't want to classify all of the incoming packets
7578 * I need to do it before handling specific types.
7579 * We don't need to classify if we are tossing the packet
7580 * or if it is a relay - the classification step will get
7581 * done when we process the inner client packet.
7582 */
7583
7584 switch (packet->dhcpv6_msg_type) {
7585 case DHCPV6_SOLICIT:
7586 classify_client(packet);
7587 dhcpv6_solicit(reply, packet);
7588 break;
7589 case DHCPV6_ADVERTISE:
7590 dhcpv6_discard(packet);
7591 break;
7592 case DHCPV6_REQUEST:
7593 classify_client(packet);
7594 dhcpv6_request(reply, packet);
7595 break;
7596 case DHCPV6_CONFIRM:
7597 classify_client(packet);
7598 dhcpv6_confirm(reply, packet);
7599 break;
7600 case DHCPV6_RENEW:
7601 classify_client(packet);
7602 dhcpv6_renew(reply, packet);
7603 break;
7604 case DHCPV6_REBIND:
7605 classify_client(packet);
7606 dhcpv6_rebind(reply, packet);
7607 break;
7608 case DHCPV6_REPLY:
7609 dhcpv6_discard(packet);
7610 break;
7611 case DHCPV6_RELEASE:
7612 classify_client(packet);
7613 dhcpv6_release(reply, packet);
7614 break;
7615 case DHCPV6_DECLINE:
7616 classify_client(packet);
7617 dhcpv6_decline(reply, packet);
7618 break;
7619 case DHCPV6_RECONFIGURE:
7620 dhcpv6_discard(packet);
7621 break;
7622 case DHCPV6_INFORMATION_REQUEST:
7623 classify_client(packet);
7624 dhcpv6_information_request(reply, packet);
7625 break;
7626 case DHCPV6_RELAY_FORW:
7627 #ifdef DHCP4o6
7628 if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7629 dhcp4o6_relay_forw(reply, packet);
7630 else
7631 #endif /* DHCP4o6 */
7632 dhcpv6_relay_forw(reply, packet);
7633 break;
7634 case DHCPV6_RELAY_REPL:
7635 dhcpv6_discard(packet);
7636 break;
7637 case DHCPV6_LEASEQUERY:
7638 classify_client(packet);
7639 dhcpv6_leasequery(reply, packet);
7640 break;
7641 case DHCPV6_LEASEQUERY_REPLY:
7642 dhcpv6_discard(packet);
7643 break;
7644 case DHCPV6_DHCPV4_QUERY:
7645 #ifdef DHCP4o6
7646 if (dhcpv4_over_dhcpv6) {
7647 if (local_family == AF_INET6) {
7648 forw_dhcpv4_query(packet);
7649 } else {
7650 dhcp4o6_dhcpv4_query(reply, packet);
7651 }
7652 } else
7653 #endif /* DHCP4o6 */
7654 dhcpv6_discard(packet);
7655 break;
7656 case DHCPV6_DHCPV4_RESPONSE:
7657 dhcpv6_discard(packet);
7658 break;
7659 default:
7660 /* XXX: would be nice if we had "notice" level,
7661 as syslog, for this */
7662 log_info("Discarding unknown DHCPv6 message type %d "
7663 "from %s", packet->dhcpv6_msg_type,
7664 piaddr(packet->client_addr));
7665 }
7666 }
7667
7668 static void
7669 log_packet_in(const struct packet *packet) {
7670 struct data_string s;
7671 u_int32_t tid;
7672 char tmp_addr[INET6_ADDRSTRLEN];
7673 const void *addr;
7674
7675 memset(&s, 0, sizeof(s));
7676
7677 if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
7678 data_string_sprintfa(&s, "%s message from %s port %d",
7679 dhcpv6_type_names[packet->dhcpv6_msg_type],
7680 piaddr(packet->client_addr),
7681 ntohs(packet->client_port));
7682 } else {
7683 data_string_sprintfa(&s,
7684 "Unknown message type %d from %s port %d",
7685 packet->dhcpv6_msg_type,
7686 piaddr(packet->client_addr),
7687 ntohs(packet->client_port));
7688 }
7689 if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7690 (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7691 addr = &packet->dhcpv6_link_address;
7692 data_string_sprintfa(&s, ", link address %s",
7693 inet_ntop(AF_INET6, addr,
7694 tmp_addr, sizeof(tmp_addr)));
7695 addr = &packet->dhcpv6_peer_address;
7696 data_string_sprintfa(&s, ", peer address %s",
7697 inet_ntop(AF_INET6, addr,
7698 tmp_addr, sizeof(tmp_addr)));
7699 } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7700 (packet->dhcpv6_msg_type != DHCPV6_DHCPV4_RESPONSE)) {
7701 tid = 0;
7702 memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7703 data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7704
7705 /*
7706 oc = lookup_option(&dhcpv6_universe, packet->options,
7707 D6O_CLIENTID);
7708 if (oc != NULL) {
7709 memset(&tmp_ds, 0, sizeof(tmp_ds_));
7710 if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7711 packet->options, NULL,
7712 &global_scope, oc, MDL)) {
7713 log_error("Error evaluating Client Identifier");
7714 } else {
7715 data_strint_sprintf(&s, ", client ID %s",
7716
7717 data_string_forget(&tmp_ds, MDL);
7718 }
7719 }
7720 */
7721
7722 }
7723 log_info("%s", s.data);
7724
7725 data_string_forget(&s, MDL);
7726 }
7727
7728 void
7729 dhcpv6(struct packet *packet) {
7730 struct data_string reply;
7731 struct sockaddr_in6 to_addr;
7732 int send_ret;
7733
7734 /*
7735 * Log a message that we received this packet.
7736 */
7737 log_packet_in(packet);
7738
7739 /*
7740 * Build our reply packet.
7741 */
7742 build_dhcpv6_reply(&reply, packet);
7743
7744 if (reply.data != NULL) {
7745 /*
7746 * Send our reply, if we have one.
7747 */
7748 memset(&to_addr, 0, sizeof(to_addr));
7749 to_addr.sin6_family = AF_INET6;
7750 if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7751 (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7752 to_addr.sin6_port = local_port;
7753 } else {
7754 to_addr.sin6_port = remote_port;
7755 }
7756
7757 #if defined (REPLY_TO_SOURCE_PORT)
7758 /*
7759 * This appears to have been included for testing so we would
7760 * not need a root client, but was accidently left in the
7761 * final code. We continue to include it in case
7762 * some users have come to rely upon it, but leave
7763 * it off by default as it's a bad idea.
7764 */
7765 to_addr.sin6_port = packet->client_port;
7766 #endif
7767
7768 #if defined(RELAY_PORT)
7769 /*
7770 * Check relay source port.
7771 */
7772 if (packet->relay_source_port) {
7773 to_addr.sin6_port = packet->client_port;
7774 }
7775 #endif
7776
7777 memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7778 sizeof(to_addr.sin6_addr));
7779
7780 log_info("Sending %s to %s port %d",
7781 dhcpv6_type_names[reply.data[0]],
7782 piaddr(packet->client_addr),
7783 ntohs(to_addr.sin6_port));
7784
7785 send_ret = send_packet6(packet->interface,
7786 reply.data, reply.len, &to_addr);
7787 if (send_ret != reply.len) {
7788 log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7789 send_ret, reply.len);
7790 }
7791 data_string_forget(&reply, MDL);
7792 }
7793 }
7794
7795 #ifdef DHCP4o6
7796 /*
7797 * \brief Receive a DHCPv4-query message from the DHCPv6 side
7798 * (DHCPv4 server function)
7799 *
7800 * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7801 * (code copied from \ref do_packet6() \ref and dhcpv6())
7802 *
7803 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7804 *
7805 * \param raw the DHCPv6 DHCPv4-query message raw content
7806 */
7807 static void recv_dhcpv4_query(struct data_string *raw) {
7808 struct interface_info *ip;
7809 char name[16 + 1];
7810 struct iaddr iaddr;
7811 struct packet *packet;
7812 unsigned char msg_type;
7813 const struct dhcpv6_relay_packet *relay;
7814 const struct dhcpv4_over_dhcpv6_packet *msg;
7815 struct data_string reply;
7816 struct data_string ds;
7817 struct udp_data4o6 udp_data;
7818 unsigned len;
7819 int cc;
7820
7821 memset(name, 0, sizeof(name));
7822 memcpy(name, raw->data, 16);
7823 for (ip = interfaces; ip != NULL; ip = ip->next) {
7824 if (!strcmp(name, ip->name))
7825 break;
7826 }
7827 if (ip == NULL) {
7828 log_error("recv_dhcpv4_query: can't find interface %s.",
7829 name);
7830 return;
7831 }
7832
7833 iaddr.len = 16;
7834 memcpy(iaddr.iabuf, raw->data + 16, 16);
7835
7836 memset(&udp_data, 0, sizeof(udp_data));
7837 memcpy(&udp_data, raw->data + 32, 4);
7838
7839 /*
7840 * From do_packet6().
7841 */
7842
7843 if (!packet6_len_okay((char *)raw->data + 36, raw->len - 36)) {
7844 log_error("recv_dhcpv4_query: "
7845 "short packet from %s, len %d, dropped",
7846 piaddr(iaddr), raw->len - 36);
7847 return;
7848 }
7849
7850 /*
7851 * Build a packet structure.
7852 */
7853 packet = NULL;
7854 if (!packet_allocate(&packet, MDL)) {
7855 log_error("recv_dhcpv4_query: no memory for packet.");
7856 return;
7857 }
7858
7859 if (!option_state_allocate(&packet->options, MDL)) {
7860 log_error("recv_dhcpv4_query: no memory for options.");
7861 packet_dereference(&packet, MDL);
7862 return;
7863 }
7864
7865 packet->raw = (struct dhcp_packet *)(raw->data + 36);
7866 packet->packet_length = raw->len - 36;
7867 packet->client_port = udp_data.src_port;
7868 packet->client_addr = iaddr;
7869 interface_reference(&packet->interface, ip, MDL);
7870
7871 msg_type = raw->data[36];
7872 if ((msg_type == DHCPV6_RELAY_FORW) ||
7873 (msg_type == DHCPV6_RELAY_REPL)) {
7874 int relaylen =
7875 (int)(offsetof(struct dhcpv6_relay_packet, options));
7876 relay = (const struct dhcpv6_relay_packet *)(raw->data + 36);
7877 packet->dhcpv6_msg_type = relay->msg_type;
7878
7879 /* relay-specific data */
7880 packet->dhcpv6_hop_count = relay->hop_count;
7881 memcpy(&packet->dhcpv6_link_address,
7882 relay->link_address, sizeof(relay->link_address));
7883 memcpy(&packet->dhcpv6_peer_address,
7884 relay->peer_address, sizeof(relay->peer_address));
7885
7886 if (!parse_option_buffer(packet->options,
7887 relay->options,
7888 raw->len - 36 - relaylen,
7889 &dhcpv6_universe)) {
7890 /* no logging here, as parse_option_buffer() logs all
7891 cases where it fails */
7892 packet_dereference(&packet, MDL);
7893 return;
7894 }
7895 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7896 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
7897 int msglen =
7898 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7899 msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 36);
7900 packet->dhcpv6_msg_type = msg->msg_type;
7901
7902 /* message-specific data */
7903 memcpy(packet->dhcp4o6_flags, msg->flags,
7904 sizeof(packet->dhcp4o6_flags));
7905
7906 if (!parse_option_buffer(packet->options,
7907 msg->options,
7908 raw->len - 36 - msglen,
7909 &dhcpv6_universe)) {
7910 /* no logging here, as parse_option_buffer() logs all
7911 cases where it fails */
7912 packet_dereference(&packet, MDL);
7913 return;
7914 }
7915 } else {
7916 log_error("recv_dhcpv4_query: unexpected message of type %d.",
7917 (int)msg_type);
7918 packet_dereference(&packet, MDL);
7919 return;
7920 }
7921
7922 /*
7923 * From dhcpv6().
7924 */
7925
7926 /*
7927 * Log a message that we received this packet.
7928 */
7929 /* log_packet_in(packet); */
7930 memset(&ds, 0, sizeof(ds));
7931 if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
7932 data_string_sprintfa(&ds, "%s message from %s",
7933 dhcpv6_type_names[packet->dhcpv6_msg_type],
7934 piaddr(packet->client_addr));
7935 } else {
7936 data_string_sprintfa(&ds,
7937 "Unknown message type %d from %s",
7938 packet->dhcpv6_msg_type,
7939 piaddr(packet->client_addr));
7940 }
7941 if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7942 (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7943 char tmp_addr[INET6_ADDRSTRLEN];
7944 const void *addr;
7945
7946 addr = &packet->dhcpv6_link_address;
7947 data_string_sprintfa(&ds, ", link address %s",
7948 inet_ntop(AF_INET6, addr,
7949 tmp_addr, sizeof(tmp_addr)));
7950 addr = &packet->dhcpv6_peer_address;
7951 data_string_sprintfa(&ds, ", peer address %s",
7952 inet_ntop(AF_INET6, addr,
7953 tmp_addr, sizeof(tmp_addr)));
7954 } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7955 (packet->dhcpv6_msg_type != DHCPV6_DHCPV4_RESPONSE)) {
7956 u_int32_t tid = 0;
7957
7958 memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7959 data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7960 }
7961 log_info("%s", ds.data);
7962 data_string_forget(&ds, MDL);
7963
7964 /*
7965 * Build our reply packet.
7966 */
7967 build_dhcpv6_reply(&reply, packet);
7968
7969 if (reply.data == NULL) {
7970 packet_dereference(&packet, MDL);
7971 return;
7972 }
7973
7974 /*
7975 * Forward the response.
7976 */
7977 len = reply.len + 36;
7978 memset(&ds, 0, sizeof(ds));
7979 if (!buffer_allocate(&ds.buffer, len, MDL)) {
7980 log_error("recv_dhcpv4_query: no memory.");
7981 packet_dereference(&packet, MDL);
7982 return;
7983 }
7984 ds.data = ds.buffer->data;
7985 ds.len = len;
7986
7987 memcpy(ds.buffer->data, name, 16);
7988 memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7989 udp_data.rsp_opt_exist = packet->relay_source_port ? 1 : 0;
7990 memcpy(ds.buffer->data + 32, &udp_data, 4);
7991 memcpy(ds.buffer->data + 36, reply.data, reply.len);
7992
7993 /*
7994 * Now we can release the packet.
7995 */
7996 packet_dereference(&packet, MDL);
7997
7998 cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7999 if (cc < 0)
8000 log_error("recv_dhcpv4_query: send(): %m");
8001 data_string_forget(&ds, MDL);
8002 }
8003 #endif /* DHCP4o6 */
8004
8005 static void
8006 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
8007 struct host_decl *nofixed = NULL;
8008 struct host_decl *seek, *hold = NULL;
8009
8010 /*
8011 * Seek forward through fixed addresses for the right link.
8012 *
8013 * Note: how to do this for fixed prefixes???
8014 */
8015 host_reference(&hold, *hp, MDL);
8016 host_dereference(hp, MDL);
8017 seek = hold;
8018 while (seek != NULL) {
8019 if (seek->fixed_addr == NULL)
8020 nofixed = seek;
8021 else if (fixed_matches_shared(seek, shared))
8022 break;
8023
8024 seek = seek->n_ipaddr;
8025 }
8026
8027 if ((seek == NULL) && (nofixed != NULL))
8028 seek = nofixed;
8029
8030 if (seek != NULL)
8031 host_reference(hp, seek, MDL);
8032 }
8033
8034 static isc_boolean_t
8035 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
8036 struct subnet *subnet;
8037 struct data_string addr;
8038 isc_boolean_t matched;
8039 struct iaddr fixed;
8040
8041 if (host->fixed_addr == NULL)
8042 return ISC_FALSE;
8043
8044 memset(&addr, 0, sizeof(addr));
8045 if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
8046 &global_scope, host->fixed_addr, MDL))
8047 return ISC_FALSE;
8048
8049 if (addr.len < 16) {
8050 data_string_forget(&addr, MDL);
8051 return ISC_FALSE;
8052 }
8053
8054 fixed.len = 16;
8055 memcpy(fixed.iabuf, addr.data, 16);
8056
8057 matched = ISC_FALSE;
8058 for (subnet = shared->subnets ; subnet != NULL ;
8059 subnet = subnet->next_sibling) {
8060 if (addr_eq(subnet_number(fixed, subnet->netmask),
8061 subnet->net)) {
8062 matched = ISC_TRUE;
8063 break;
8064 }
8065 }
8066
8067 data_string_forget(&addr, MDL);
8068 return matched;
8069 }
8070
8071 /*!
8072 *
8073 * \brief Constructs a REPLY with status of UseMulticast to a given packet
8074 *
8075 * Per RFC 3315 Secs 18.2.1,3,6 & 7, when a server rejects a client's
8076 * unicast-sent packet, the response must only contain the client id,
8077 * server id, and a status code option of 5 (UseMulticast). This function
8078 * constructs such a packet and returns it as a data_string.
8079 *
8080 * \param reply_ret = data_string which will receive the newly constructed
8081 * reply
8082 * \param packet = client request which is being rejected
8083 * \param client_id = data_string which contains the client id
8084 * \param server_id = data_string which which contains the server id
8085 *
8086 */
8087 void
8088 unicast_reject(struct data_string *reply_ret,
8089 struct packet *packet,
8090 const struct data_string *client_id,
8091 const struct data_string *server_id)
8092 {
8093 struct reply_state reply;
8094 memset(&reply, 0x0, sizeof(struct reply_state));
8095
8096 /* Locate the client. */
8097 if (shared_network_from_packet6(&reply.shared, packet)
8098 != ISC_R_SUCCESS) {
8099 log_error("unicast_reject: could not locate client.");
8100 return;
8101 }
8102
8103 /* Initialize the reply. */
8104 packet_reference(&reply.packet, packet, MDL);
8105 data_string_copy(&reply.client_id, client_id, MDL);
8106
8107 if (start_reply(packet, client_id, server_id, &reply.opt_state,
8108 &reply.buf.reply)) {
8109 /* Set the UseMulticast status code. */
8110 if (!set_status_code(STATUS_UseMulticast,
8111 "Unicast not allowed by server.",
8112 reply.opt_state)) {
8113 log_error("unicast_reject: Unable to set status code.");
8114 } else {
8115 /* Set write cursor to just past the reply header. */
8116 reply.cursor = REPLY_OPTIONS_INDEX;
8117 reply.cursor += store_options6(((char *)reply.buf.data
8118 + reply.cursor),
8119 (sizeof(reply.buf)
8120 - reply.cursor),
8121 reply.opt_state,
8122 reply.packet,
8123 unicast_reject_opts,
8124 NULL);
8125
8126 /* Return our reply to the caller. */
8127 reply_ret->len = reply.cursor;
8128 reply_ret->buffer = NULL;
8129 if (!buffer_allocate(&reply_ret->buffer,
8130 reply.cursor, MDL)) {
8131 log_fatal("unicast_reject:"
8132 "No memory to store Reply.");
8133 }
8134
8135 memcpy(reply_ret->buffer->data, reply.buf.data,
8136 reply.cursor);
8137 reply_ret->data = reply_ret->buffer->data;
8138 }
8139
8140 }
8141
8142 /* Cleanup. */
8143 if (reply.shared != NULL)
8144 shared_network_dereference(&reply.shared, MDL);
8145 if (reply.opt_state != NULL)
8146 option_state_dereference(&reply.opt_state, MDL);
8147 if (reply.packet != NULL)
8148 packet_dereference(&reply.packet, MDL);
8149 if (reply.client_id.data != NULL)
8150 data_string_forget(&reply.client_id, MDL);
8151 }
8152
8153 /*!
8154 *
8155 * \brief Checks if the dhcp6.unicast option has been defined
8156 *
8157 * Scans the option space for the presence of the dhcp6.unicast option. The
8158 * function attempts to map the inbound packet to a shared network first
8159 * by an ip address specified via an D6O_IA_XX option and if that fails then
8160 * by the packet's source information (e.g. relay link, link, or interace).
8161 * Once the packet is mapped to a shared network, the function executes all
8162 * statements from the network's group outward into a local option cache.
8163 * The option cache is then scanned for the presence of unicast option. If
8164 * the packet cannot be mapped to a shared network, the function returns
8165 * ISC_FALSE.
8166 * \param packet inbound packet from the client
8167 *
8168 * \return ISC_TRUE if the dhcp6.unicast option is defined, false otherwise.
8169 *
8170 */
8171 isc_boolean_t
8172 is_unicast_option_defined(struct packet *packet) {
8173 isc_boolean_t is_defined = ISC_FALSE;
8174 struct option_state *opt_state = NULL;
8175 struct option_cache *oc = NULL;
8176 struct shared_network *shared = NULL;
8177
8178 if (!option_state_allocate(&opt_state, MDL)) {
8179 log_fatal("is_unicast_option_defined:"
8180 "No memory for option state.");
8181 }
8182
8183 /* We try to map the packet to a network first by an IA_XX value.
8184 * If that fails, we try by packet source. */
8185 if (((shared_network_from_requested_addr(&shared, packet)
8186 != ISC_R_SUCCESS) &&
8187 (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
8188 || (shared == NULL)) {
8189 /* @todo what would this really mean? I think wrong network
8190 * logic will catch it */
8191 log_error("is_unicast_option_defined:"
8192 "cannot attribute packet to a network.");
8193 return (ISC_FALSE);
8194 }
8195
8196 /* Now that we've mapped it to a network, execute statments to that
8197 * scope, looking for the unicast option. We don't care about the
8198 * value of the option, only whether or not it is defined. */
8199 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
8200 &global_scope, shared->group, NULL, NULL);
8201
8202 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
8203 is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
8204 log_debug("is_unicast_option_defined: option found : %d", is_defined);
8205
8206 if (shared != NULL) {
8207 shared_network_dereference(&shared, MDL);
8208 }
8209
8210 if (opt_state != NULL) {
8211 option_state_dereference(&opt_state, MDL);
8212 }
8213
8214 return (is_defined);
8215 }
8216
8217 /*!
8218 *
8219 * \brief Maps a packet to a shared network based on the requested IP address
8220 *
8221 * The function attempts to find a subnet that matches the first requested IP
8222 * address contained within the given packet. Note that it looks first for
8223 * D6O_IA_NAs, then D6O_IA_PDs and lastly D6O_IA_TAs. If a matching network is
8224 * found, a reference to it is returned in the parameter, shared.
8225 *
8226 * \param shared shared_network pointer which will receive the matching network
8227 * \param packet inbound packet from the client
8228 *
8229 * \return ISC_R_SUCCESS if the packet can be mapped to a shared_network.
8230 *
8231 */
8232 static isc_result_t
8233 shared_network_from_requested_addr (struct shared_network **shared,
8234 struct packet* packet) {
8235 struct iaddr iaddr;
8236 struct subnet* subnet = NULL;
8237 isc_result_t status = ISC_R_FAILURE;
8238
8239 /* Try to match first IA_ address or prefix we find to a subnet. In
8240 * theory all IA_ values in a given request are supposed to be in the
8241 * same subnet so we only need to try one right? */
8242 if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
8243 && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
8244 != ISC_R_SUCCESS)
8245 && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
8246 != ISC_R_SUCCESS)) {
8247 /* we found nothing to match against */
8248 log_debug("share_network_from_request_addr: nothing to match");
8249 return (ISC_R_FAILURE);
8250 }
8251
8252 if (!find_subnet(&subnet, iaddr, MDL)) {
8253 log_debug("shared_network_from_requested_addr:"
8254 "No subnet found for addr %s.", piaddr(iaddr));
8255 } else {
8256 status = shared_network_reference(shared,
8257 subnet->shared_network, MDL);
8258 subnet_dereference(&subnet, MDL);
8259 log_debug("shared_network_from_requested_addr:"
8260 " found shared network %s for address %s.",
8261 ((*shared)->name ? (*shared)->name : "unnamed"),
8262 piaddr(iaddr));
8263 return (status);
8264 }
8265
8266 return (ISC_R_FAILURE);
8267 }
8268
8269 /*!
8270 *
8271 * \brief Retrieves the first IP address from a given packet of a given type
8272 *
8273 * Search a packet for options of a given type (D6O_IA_AN, D6O_IA_PD, or
8274 * D6O_IA_TA) for the first non-blank IA_XX value and return its IP address
8275 * component.
8276 *
8277 * \param packet packet received from the client
8278 * \param addr_type the address option type (D6O_IA_NA , D6O_IA_PD, or
8279 * D6O_IP_TA) to look for within the packet.
8280 * \param iaddr pointer to the iaddr structure which will receive the extracted
8281 * address.
8282 *
8283 * \return ISC_R_SUCCESS if an address was succesfully extracted, ISC_R_FALURE
8284 * otherwise.
8285 *
8286 */
8287 static isc_result_t
8288 get_first_ia_addr_val (struct packet* packet, int addr_type,
8289 struct iaddr* iaddr) {
8290 struct option_cache *ia;
8291 struct option_cache *oc = NULL;
8292 struct data_string cli_enc_opt_data;
8293 struct option_state *cli_enc_opt_state;
8294 int addr_opt_offset;
8295 int addr_opt;
8296 int addr_opt_data_len;
8297 int ip_addr_offset;
8298
8299 isc_result_t status = ISC_R_FAILURE;
8300 memset(iaddr, 0, sizeof(struct iaddr));
8301
8302 /* Set up address type specifics */
8303 switch (addr_type) {
8304 case D6O_IA_NA:
8305 addr_opt_offset = IA_NA_OFFSET;
8306 addr_opt = D6O_IAADDR;
8307 addr_opt_data_len = 24;
8308 ip_addr_offset = 0;
8309 break;
8310 case D6O_IA_TA:
8311 addr_opt_offset = IA_TA_OFFSET;
8312 addr_opt = D6O_IAADDR;
8313 addr_opt_data_len = 24;
8314 ip_addr_offset = 0;
8315 break;
8316 case D6O_IA_PD:
8317 addr_opt_offset = IA_PD_OFFSET;
8318 addr_opt = D6O_IAPREFIX;
8319 addr_opt_data_len = 25;
8320 ip_addr_offset = 9;
8321 break;
8322 default:
8323 /* shouldn't be here */
8324 log_error ("get_first_ia_addr_val: invalid opt type %d",
8325 addr_type);
8326 return (ISC_R_FAILURE);
8327 }
8328
8329 /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
8330 for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
8331 ia != NULL && oc == NULL; ia = ia->next) {
8332 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
8333 &cli_enc_opt_data,
8334 packet, ia, addr_opt_offset)) {
8335 log_debug ("get_first_ia_addr_val:"
8336 " couldn't unroll enclosing option");
8337 return (ISC_R_FAILURE);
8338 }
8339
8340 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
8341 addr_opt);
8342 if (oc == NULL) {
8343 /* no address given for this IA, ignore */
8344 option_state_dereference(&cli_enc_opt_state, MDL);
8345 data_string_forget(&cli_enc_opt_data, MDL);
8346 }
8347 }
8348
8349 /* If we found a non-blank IA_XX then extract its ip address. */
8350 if (oc != NULL) {
8351 struct data_string iaddr_str;
8352
8353 memset(&iaddr_str, 0, sizeof(iaddr_str));
8354 if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
8355 packet->options, NULL, &global_scope,
8356 oc, MDL)) {
8357 log_error("get_first_ia_addr_val: "
8358 "error evaluating IA_XX option.");
8359 } else {
8360 if (iaddr_str.len != addr_opt_data_len) {
8361 log_error("shared_network_from_requested_addr:"
8362 " invalid length %d, expected %d",
8363 iaddr_str.len, addr_opt_data_len);
8364 } else {
8365 iaddr->len = 16;
8366 memcpy (iaddr->iabuf,
8367 iaddr_str.data + ip_addr_offset, 16);
8368 status = ISC_R_SUCCESS;
8369 }
8370 data_string_forget(&iaddr_str, MDL);
8371 }
8372
8373 option_state_dereference(&cli_enc_opt_state, MDL);
8374 data_string_forget(&cli_enc_opt_data, MDL);
8375 }
8376
8377 return (status);
8378 }
8379
8380 /*
8381 * \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
8382 *
8383 * T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
8384 * options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
8385 * where these can be configured by an administrator. A value of zero tells the
8386 * client it may choose its own value.
8387 *
8388 * When those options are not defined, the values will be set to zero unless
8389 * the global option, dhcpv6-set-tee-times is enabled. When this option is
8390 * enabled the values are calculated as recommended by RFC 3315, Section 22.4:
8391 *
8392 * T1 will be set to 0.5 times the shortest preferred lifetime
8393 * in the IA_XX option. If the "shortest" preferred lifetime is
8394 * 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
8395 *
8396 * T2 will be set to 0.8 times the shortest preferred lifetime
8397 * in the IA_XX option. If the "shortest" preferred lifetime is
8398 * 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
8399 *
8400 * Note that dhcpv6-set-tee-times is intended to be transitional and will
8401 * likely be removed in 4.4.0, leaving the behavior as getting the values
8402 * either from the configured parameters (if you want zeros, define them as
8403 * zeros) or by calculating them per the RFC.
8404 *
8405 * \param reply - pointer to the reply_state structure
8406 * \param ia_cursor - offset of the beginning of the IA_XX option within the
8407 * reply's outbound data buffer
8408 */
8409 static void
8410 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8411 {
8412 struct option_cache *oc;
8413 int set_tee_times;
8414
8415 /* Found out if calculated values are enabled. */
8416 oc = lookup_option(&server_universe, reply->opt_state,
8417 SV_DHCPV6_SET_TEE_TIMES);
8418 set_tee_times = (oc &&
8419 evaluate_boolean_option_cache(NULL, reply->packet,
8420 NULL, NULL,
8421 reply->packet->options,
8422 reply->opt_state,
8423 &global_scope, oc, MDL));
8424
8425 oc = lookup_option(&dhcp_universe, reply->opt_state,
8426 DHO_DHCP_RENEWAL_TIME);
8427 if (oc != NULL) {
8428 /* dhcp-renewal-time is defined, use it */
8429 struct data_string data;
8430 memset(&data, 0x00, sizeof(data));
8431
8432 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8433 reply->packet->options,
8434 reply->opt_state, &global_scope,
8435 oc, MDL) ||
8436 (data.len != 4)) {
8437 log_error("Invalid renewal time.");
8438 reply->renew = 0;
8439 } else {
8440 reply->renew = getULong(data.data);
8441 }
8442
8443 if (data.data != NULL)
8444 data_string_forget(&data, MDL);
8445 } else if (set_tee_times) {
8446 /* Setting them is enabled so T1 is either infinite or
8447 * 0.5 * the shortest preferred lifetime in the IA_XX */
8448 if (reply->min_prefer == INFINITE_TIME)
8449 reply->renew = INFINITE_TIME;
8450 else
8451 reply->renew = reply->min_prefer / 2;
8452 } else {
8453 /* Default is to let the client choose */
8454 reply->renew = 0;
8455 }
8456
8457 putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8458
8459 /* Now T2. */
8460 oc = lookup_option(&dhcp_universe, reply->opt_state,
8461 DHO_DHCP_REBINDING_TIME);
8462 if (oc != NULL) {
8463 /* dhcp-rebinding-time is defined, use it */
8464 struct data_string data;
8465 memset(&data, 0x00, sizeof(data));
8466
8467 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8468 reply->packet->options,
8469 reply->opt_state, &global_scope,
8470 oc, MDL) ||
8471 (data.len != 4)) {
8472 log_error("Invalid rebinding time.");
8473 reply->rebind = 0;
8474 } else {
8475 reply->rebind = getULong(data.data);
8476 }
8477
8478 if (data.data != NULL)
8479 data_string_forget(&data, MDL);
8480 } else if (set_tee_times) {
8481 /* Setting them is enabled so T2 is either infinite or
8482 * 0.8 * the shortest preferred lifetime in the reply */
8483 if (reply->min_prefer == INFINITE_TIME)
8484 reply->rebind = INFINITE_TIME;
8485 else
8486 reply->rebind = (reply->min_prefer / 5) * 4;
8487 } else {
8488 /* Default is to let the client choose */
8489 reply->rebind = 0;
8490 }
8491
8492 putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8493 }
8494
8495 /*
8496 * Releases the iasubopts in the pre-existing IA, if they are not in
8497 * the same shared-network as the new IA.
8498 *
8499 * returns 1 if the release was done, 0 otherwise
8500 */
8501 int
8502 release_on_roam(struct reply_state* reply) {
8503 struct ia_xx* old_ia = reply->old_ia;
8504 struct iasubopt *lease = NULL;
8505 int i;
8506
8507 if ((!do_release_on_roam) || old_ia == NULL
8508 || old_ia->num_iasubopt <= 0) {
8509 return(0);
8510 }
8511
8512 /* If the old shared-network and new are the same, client hasn't
8513 * roamed, nothing to do. We only check the first one because you
8514 * cannot have iasubopts on different shared-networks within a
8515 * single ia. */
8516 lease = old_ia->iasubopt[0];
8517 if (lease->ipv6_pool->shared_network == reply->shared) {
8518 return (0);
8519 }
8520
8521 /* Old and new are on different shared networks so the client must
8522 * roamed. Release the old leases. */
8523 for (i = 0; i < old_ia->num_iasubopt; i++) {
8524 lease = old_ia->iasubopt[i];
8525
8526 log_info("Client: %s roamed to new network,"
8527 " releasing lease: %s%s",
8528 print_hex_1(reply->client_id.len,
8529 reply->client_id.data, 60),
8530 pin6_addr(&lease->addr), iasubopt_plen_str(lease));
8531
8532 release_lease6(lease->ipv6_pool, lease);
8533 lease->ia->cltt = cur_time;
8534 write_ia(lease->ia);
8535 }
8536
8537 return (1);
8538 }
8539
8540 /*
8541 * Convenience function which returns a string (static buffer)
8542 * containing either a "/" followed by the prefix length or an
8543 * empty string depending on the lease type
8544 */
8545 const char *iasubopt_plen_str(struct iasubopt *lease) {
8546 static char prefix_buf[16];
8547 *prefix_buf = 0;
8548 if ((lease->ia) && (lease->ia->ia_type == D6O_IA_PD)) {
8549 sprintf(prefix_buf, "/%-d", lease->plen);
8550 }
8551
8552 return (prefix_buf);
8553 }
8554
8555 #ifdef NSUPDATE
8556 /*
8557 * Initiates DDNS updates for static v6 leases if configured to do so.
8558 *
8559 * The function, which must be called after the IA has been written to the
8560 * packet, adds an iasubopt to the IA for static lease. This is done so we
8561 * have an iasubopt to pass into ddns_updates(). A reference to the IA is
8562 * added to the DDNS control block to ensure it and it's iasubopt remain in
8563 * scope until the update is complete.
8564 *
8565 */
8566 void ddns_update_static6(struct reply_state* reply) {
8567 struct iasubopt *iasub = NULL;
8568 struct binding_scope *scope = NULL;
8569 struct option_cache *oc = NULL;
8570
8571 oc = lookup_option(&server_universe, reply->opt_state, SV_DDNS_UPDATES);
8572 if ((oc != NULL) &&
8573 (evaluate_boolean_option_cache(NULL, reply->packet, NULL, NULL,
8574 reply->packet->options,
8575 reply->opt_state, NULL,
8576 oc, MDL) == 0)) {
8577 return;
8578 }
8579
8580 oc = lookup_option(&server_universe, reply->opt_state,
8581 SV_UPDATE_STATIC_LEASES);
8582 if ((oc == NULL) ||
8583 (evaluate_boolean_option_cache(NULL, reply->packet,
8584 NULL, NULL,
8585 reply->packet->options,
8586 reply->opt_state, NULL,
8587 oc, MDL) == 0)) {
8588 return;
8589 }
8590
8591 if (iasubopt_allocate(&iasub, MDL) != ISC_R_SUCCESS) {
8592 log_fatal("No memory for iasubopt.");
8593 }
8594
8595 if (ia_add_iasubopt(reply->ia, iasub, MDL) != ISC_R_SUCCESS) {
8596 log_fatal("Could not add iasubopt.");
8597 }
8598
8599 ia_reference(&iasub->ia, reply->ia, MDL);
8600
8601 memcpy(iasub->addr.s6_addr, reply->fixed.data, 16);
8602 iasub->plen = 0;
8603 iasub->prefer = MAX_TIME;
8604 iasub->valid = MAX_TIME;
8605 iasub->static_lease = 1;
8606
8607 if (!binding_scope_allocate(&scope, MDL)) {
8608 log_fatal("Out of memory for binding scope.");
8609 }
8610
8611 binding_scope_reference(&iasub->scope, scope, MDL);
8612
8613 ddns_updates(reply->packet, NULL, NULL, iasub, NULL, reply->opt_state);
8614 }
8615 #endif /* NSUPDATE */
8616
8617 #endif /* DHCPv6 */
Mirror of https://github.com/isc-projects/dhcp.git