]> git.ipfire.org Git - thirdparty/dhcp.git/blob - server/dhcpv6.c
projects / thirdparty / dhcp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merged rt44535 (relay port)
[thirdparty/dhcp.git] / server / dhcpv6.c
1 /*
2 * Copyright (C) 2006-2017 by Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 /*! \file server/dhcpv6.c */
18
19 #include "dhcpd.h"
20
21 #ifdef DHCPv6
22
23 #ifdef DHCP4o6
24 static void forw_dhcpv4_query(struct packet *packet);
25 static void send_dhcpv4_response(struct data_string *raw);
26
27 static void recv_dhcpv4_query(struct data_string *raw);
28 static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29 struct packet *packet);
30
31 struct udp_data4o6 {
32 u_int16_t src_port;
33 u_int8_t rsp_opt_exist;
34 u_int8_t reserved;
35 };
36
37 static int offset_data4o6 = 36; /* 16+16+4 */
38 #endif
39
40 /*
41 * We use print_hex_1() to output DUID values. We could actually output
42 * the DUID with more information... MAC address if using type 1 or 3,
43 * and so on. However, RFC 3315 contains Grave Warnings against actually
44 * attempting to understand a DUID.
45 */
46
47 /*
48 * TODO: gettext() or other method of localization for the messages
49 * for status codes (and probably for log formats eventually)
50 * TODO: refactoring (simplify, simplify, simplify)
51 * TODO: support multiple shared_networks on each interface (this
52 * will allow the server to issue multiple IPv6 addresses to
53 * a single interface)
54 */
55
56 /*
57 * DHCPv6 Reply workflow assist. A Reply packet is built by various
58 * different functions; this gives us one location where we keep state
59 * regarding a reply.
60 */
61 struct reply_state {
62 /* root level persistent state */
63 struct shared_network *shared;
64 struct host_decl *host;
65 struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
66 struct option_state *opt_state;
67 struct packet *packet;
68 struct data_string client_id;
69
70 /* IA level persistent state */
71 unsigned ia_count;
72 unsigned pd_count;
73 unsigned client_resources;
74 isc_boolean_t resources_included;
75 isc_boolean_t static_lease;
76 unsigned static_prefixes;
77 struct ia_xx *ia;
78 struct ia_xx *old_ia;
79 struct option_state *reply_ia;
80 struct data_string fixed;
81 struct iaddrcidrnet fixed_pref; /* static prefix for logging */
82
83 /* IAADDR/PREFIX level persistent state */
84 struct iasubopt *lease;
85
86 /*
87 * "t1", "t2", preferred, and valid lifetimes records for calculating
88 * t1 and t2 (min/max).
89 */
90 u_int32_t renew, rebind, min_prefer, min_valid;
91
92 /* Client-requested valid and preferred lifetimes. */
93 u_int32_t client_valid, client_prefer;
94
95 /* Chosen values to transmit for valid and preferred lifetimes. */
96 u_int32_t send_valid, send_prefer;
97
98 /* Preferred prefix length (-1 is any). */
99 int preflen;
100
101 /* Index into the data field that has been consumed. */
102 unsigned cursor;
103
104 /* Space for the on commit statements for a fixed host */
105 struct on_star on_star;
106
107 union reply_buffer {
108 unsigned char data[65536];
109 struct dhcpv6_packet reply;
110 } buf;
111 };
112
113 /*
114 * Prototypes local to this file.
115 */
116 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
117 struct data_string *enc_opt_data,
118 struct packet *packet,
119 struct option_cache *oc,
120 int offset);
121 static void build_dhcpv6_reply(struct data_string *, struct packet *);
122 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
123 struct packet *packet);
124 static void seek_shared_host(struct host_decl **hp,
125 struct shared_network *shared);
126 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
127 struct shared_network *shared);
128 static isc_result_t reply_process_ia_na(struct reply_state *reply,
129 struct option_cache *ia);
130 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
131 struct option_cache *ia);
132 static isc_result_t reply_process_addr(struct reply_state *reply,
133 struct option_cache *addr);
134 static isc_boolean_t address_is_owned(struct reply_state *reply,
135 struct iaddr *addr);
136 static isc_boolean_t temporary_is_available(struct reply_state *reply,
137 struct iaddr *addr);
138 static isc_result_t find_client_temporaries(struct reply_state *reply);
139 static isc_result_t reply_process_try_addr(struct reply_state *reply,
140 struct iaddr *addr);
141 static isc_result_t find_client_address(struct reply_state *reply);
142 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
143 struct binding_scope **scope,
144 struct group *group);
145 static isc_result_t reply_process_send_addr(struct reply_state *reply,
146 struct iaddr *addr);
147 static struct iasubopt *lease_compare(struct iasubopt *alpha,
148 struct iasubopt *beta);
149 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
150 struct option_cache *ia_pd);
151 static struct group *find_group_by_prefix(struct reply_state *reply);
152 static isc_result_t reply_process_prefix(struct reply_state *reply,
153 struct option_cache *pref);
154 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
155 struct iaddrcidrnet *pref);
156 static isc_result_t find_client_prefix(struct reply_state *reply);
157 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
158 struct iaddrcidrnet *pref);
159 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
160 struct binding_scope **scope,
161 struct group *group);
162 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
163 struct iaddrcidrnet *pref);
164 static struct iasubopt *prefix_compare(struct reply_state *reply,
165 struct iasubopt *alpha,
166 struct iasubopt *beta);
167 static void schedule_lease_timeout_reply(struct reply_state *reply);
168
169 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
170 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
171 int prefix_mode);
172
173 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
174 const struct data_string *client_id,
175 const struct data_string *server_id);
176
177 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
178 static isc_result_t shared_network_from_requested_addr (struct shared_network
179 **shared,
180 struct packet* packet);
181 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
182 struct iaddr* iaddr);
183
184 static void
185 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
186
187 static const char *iasubopt_plen_str(struct iasubopt *lease);
188 static int release_on_roam(struct reply_state *reply);
189
190 static int reuse_lease6(struct reply_state *reply, struct iasubopt *lease);
191 static void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
192 time_t age, int threshold);
193 static void write_to_packet(struct reply_state *reply, unsigned ia_cursor);
194 static const char *iasubopt_plen_str(struct iasubopt *lease);
195
196 #ifdef NSUPDATE
197 static void ddns_update_static6(struct reply_state* reply);
198 #endif
199
200 #ifdef DHCP4o6
201 /*
202 * \brief Omapi I/O handler
203 *
204 * The inter-process communication receive handler.
205 * Get the message, put it into the raw data_string
206 * and call \ref send_dhcpv4_response() (DHCPv6 side) or
207 * \ref recv_dhcpv4_query() (DHCPv4 side)
208 *
209 * \param h the OMAPI object
210 * \return a result for I/O success or error (used by the I/O subsystem)
211 */
212 isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
213 char buf[65536];
214 struct data_string raw;
215 int cc;
216
217 if (h->type != dhcp4o6_type)
218 return DHCP_R_INVALIDARG;
219
220 cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
221
222 if (cc < DHCP_FIXED_NON_UDP + offset_data4o6)
223 return ISC_R_UNEXPECTED;
224 memset(&raw, 0, sizeof(raw));
225 if (!buffer_allocate(&raw.buffer, cc, MDL)) {
226 log_error("dhcpv4o6_handler: no memory buffer.");
227 return ISC_R_NOMEMORY;
228 }
229 raw.data = raw.buffer->data;
230 raw.len = cc;
231 memcpy(raw.buffer->data, buf, cc);
232
233 if (local_family == AF_INET6) {
234 send_dhcpv4_response(&raw);
235 } else {
236 recv_dhcpv4_query(&raw);
237 }
238
239 data_string_forget(&raw, MDL);
240
241 return ISC_R_SUCCESS;
242 }
243
244 /*
245 * \brief Send the DHCPv4-response back to the DHCPv6 side
246 * (DHCPv6 server function)
247 *
248 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-response message
249 *
250 * \param raw the IPC message content
251 */
252 static void send_dhcpv4_response(struct data_string *raw) {
253 struct interface_info *ip;
254 char name[16 + 1];
255 struct sockaddr_in6 to_addr;
256 char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
257 struct udp_data4o6 udp_data;
258 int send_ret;
259
260 memset(name, 0, sizeof(name));
261 memcpy(name, raw->data, 16);
262 for (ip = interfaces; ip != NULL; ip = ip->next) {
263 if (!strcmp(name, ip->name))
264 break;
265 }
266 if (ip == NULL) {
267 log_error("send_dhcpv4_response: can't find interface %s.",
268 name);
269 return;
270 }
271
272 memset(&to_addr, 0, sizeof(to_addr));
273 to_addr.sin6_family = AF_INET6;
274 memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
275 memset(&udp_data, 0, sizeof(udp_data));
276 memcpy(&udp_data, raw->data + 32, 4);
277 if ((raw->data[36] == DHCPV6_RELAY_FORW) ||
278 (raw->data[36] == DHCPV6_RELAY_REPL)) {
279 if (udp_data.rsp_opt_exist) {
280 to_addr.sin6_port = udp_data.src_port;
281 } else {
282 to_addr.sin6_port = local_port;
283 }
284 } else {
285 to_addr.sin6_port = remote_port;
286 }
287
288 log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
289 dhcpv6_type_names[raw->data[36]],
290 name,
291 inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
292 ntohs(to_addr.sin6_port));
293
294 send_ret = send_packet6(ip, raw->data + 36, raw->len - 36, &to_addr);
295 if (send_ret < 0) {
296 log_error("send_dhcpv4_response: send_packet6(): %m");
297 } else if (send_ret != raw->len - 36) {
298 log_error("send_dhcpv4_response: send_packet6() "
299 "sent %d of %d bytes",
300 send_ret, raw->len - 36);
301 }
302 }
303 #endif /* DHCP4o6 */
304
305 /*
306 * Schedule lease timeouts for all of the iasubopts in the reply.
307 * This is currently used to schedule timeouts for soft leases.
308 */
309
310 static void
311 schedule_lease_timeout_reply(struct reply_state *reply) {
312 struct iasubopt *tmp;
313 int i;
314
315 /* sanity check the reply */
316 if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
317 return;
318
319 /* walk through the list, scheduling as we go */
320 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
321 tmp = reply->ia->iasubopt[i];
322 schedule_lease_timeout(tmp->ipv6_pool);
323 }
324 }
325
326 /*
327 * This function returns the time since DUID time start for the
328 * given time_t value.
329 */
330 static u_int32_t
331 duid_time(time_t when) {
332 /*
333 * This time is modulo 2^32.
334 */
335 while ((when - DUID_TIME_EPOCH) > 4294967295u) {
336 /* use 2^31 to avoid spurious compiler warnings */
337 when -= 2147483648u;
338 when -= 2147483648u;
339 }
340
341 return when - DUID_TIME_EPOCH;
342 }
343
344
345 /*
346 * Server DUID.
347 *
348 * This must remain the same for the lifetime of this server, because
349 * clients return the server DUID that we sent them in Request packets.
350 *
351 * We pick the server DUID like this:
352 *
353 * 1. Check dhcpd.conf - any value the administrator has configured
354 * overrides any possible values.
355 * 2. Check the leases.txt - we want to use the previous value if
356 * possible.
357 * 3. Check if dhcpd.conf specifies a type of server DUID to use,
358 * and generate that type.
359 * 4. Generate a type 1 (time + hardware address) DUID.
360 */
361 static struct data_string server_duid;
362
363 /*
364 * Check if the server_duid has been set.
365 */
366 isc_boolean_t
367 server_duid_isset(void) {
368 return (server_duid.data != NULL);
369 }
370
371 /*
372 * Return the server_duid.
373 */
374 void
375 copy_server_duid(struct data_string *ds, const char *file, int line) {
376 data_string_copy(ds, &server_duid, file, line);
377 }
378
379 /*
380 * Set the server DUID to a specified value. This is used when
381 * the server DUID is stored in persistent memory (basically the
382 * leases.txt file).
383 */
384 void
385 set_server_duid(struct data_string *new_duid) {
386 /* INSIST(new_duid != NULL); */
387 /* INSIST(new_duid->data != NULL); */
388
389 if (server_duid_isset()) {
390 data_string_forget(&server_duid, MDL);
391 }
392 data_string_copy(&server_duid, new_duid, MDL);
393 }
394
395
396 /*
397 * Set the server DUID based on the D6O_SERVERID option. This handles
398 * the case where the administrator explicitly put it in the dhcpd.conf
399 * file.
400 */
401 isc_result_t
402 set_server_duid_from_option(void) {
403 struct option_state *opt_state;
404 struct option_cache *oc;
405 struct data_string option_duid;
406 isc_result_t ret_val;
407
408 opt_state = NULL;
409 if (!option_state_allocate(&opt_state, MDL)) {
410 log_fatal("No memory for server DUID.");
411 }
412
413 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
414 opt_state, &global_scope, root_group,
415 NULL, NULL);
416
417 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
418 if (oc == NULL) {
419 ret_val = ISC_R_NOTFOUND;
420 } else {
421 memset(&option_duid, 0, sizeof(option_duid));
422 if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
423 opt_state, NULL, &global_scope,
424 oc, MDL)) {
425 ret_val = ISC_R_UNEXPECTED;
426 } else {
427 set_server_duid(&option_duid);
428 data_string_forget(&option_duid, MDL);
429 ret_val = ISC_R_SUCCESS;
430 }
431 }
432
433 option_state_dereference(&opt_state, MDL);
434
435 return ret_val;
436 }
437
438 /*
439 * DUID layout, as defined in RFC 3315, section 9.
440 *
441 * We support type 1 (hardware address plus time) and type 3 (hardware
442 * address).
443 *
444 * We can support type 2 for specific vendors in the future, if they
445 * publish the specification. And of course there may be additional
446 * types later.
447 */
448 static int server_duid_type = DUID_LLT;
449
450 /*
451 * Set the DUID type.
452 */
453 void
454 set_server_duid_type(int type) {
455 server_duid_type = type;
456 }
457
458 /*
459 * Generate a new server DUID. This is done if there was no DUID in
460 * the leases.txt or in the dhcpd.conf file.
461 */
462 isc_result_t
463 generate_new_server_duid(void) {
464 struct interface_info *p;
465 u_int32_t time_val;
466 struct data_string generated_duid;
467
468 /*
469 * Verify we have a type that we support.
470 */
471 if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
472 log_error("Invalid DUID type %d specified, "
473 "only LL and LLT types supported", server_duid_type);
474 return DHCP_R_INVALIDARG;
475 }
476
477 /*
478 * Find an interface with a hardware address.
479 * Any will do. :)
480 */
481 for (p = interfaces; p != NULL; p = p->next) {
482 if (p->hw_address.hlen > 0) {
483 break;
484 }
485 }
486 if (p == NULL) {
487 return ISC_R_UNEXPECTED;
488 }
489
490 /*
491 * Build our DUID.
492 */
493 memset(&generated_duid, 0, sizeof(generated_duid));
494 if (server_duid_type == DUID_LLT) {
495 time_val = duid_time(time(NULL));
496 generated_duid.len = 8 + p->hw_address.hlen - 1;
497 if (!buffer_allocate(&generated_duid.buffer,
498 generated_duid.len, MDL)) {
499 log_fatal("No memory for server DUID.");
500 }
501 generated_duid.data = generated_duid.buffer->data;
502 putUShort(generated_duid.buffer->data, DUID_LLT);
503 putUShort(generated_duid.buffer->data + 2,
504 p->hw_address.hbuf[0]);
505 putULong(generated_duid.buffer->data + 4, time_val);
506 memcpy(generated_duid.buffer->data + 8,
507 p->hw_address.hbuf+1, p->hw_address.hlen-1);
508 } else if (server_duid_type == DUID_LL) {
509 generated_duid.len = 4 + p->hw_address.hlen - 1;
510 if (!buffer_allocate(&generated_duid.buffer,
511 generated_duid.len, MDL)) {
512 log_fatal("No memory for server DUID.");
513 }
514 generated_duid.data = generated_duid.buffer->data;
515 putUShort(generated_duid.buffer->data, DUID_LL);
516 putUShort(generated_duid.buffer->data + 2,
517 p->hw_address.hbuf[0]);
518 memcpy(generated_duid.buffer->data + 4,
519 p->hw_address.hbuf+1, p->hw_address.hlen-1);
520 } else {
521 log_fatal("Unsupported server DUID type %d.", server_duid_type);
522 }
523
524 set_server_duid(&generated_duid);
525 data_string_forget(&generated_duid, MDL);
526
527 return ISC_R_SUCCESS;
528 }
529
530 /*
531 * Get the client identifier from the packet.
532 */
533 isc_result_t
534 get_client_id(struct packet *packet, struct data_string *client_id) {
535 struct option_cache *oc;
536
537 /*
538 * Verify our client_id structure is empty.
539 */
540 if ((client_id->data != NULL) || (client_id->len != 0)) {
541 return DHCP_R_INVALIDARG;
542 }
543
544 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_CLIENTID);
545 if (oc == NULL) {
546 return ISC_R_NOTFOUND;
547 }
548
549 if (!evaluate_option_cache(client_id, packet, NULL, NULL,
550 packet->options, NULL,
551 &global_scope, oc, MDL)) {
552 return ISC_R_FAILURE;
553 }
554
555 return ISC_R_SUCCESS;
556 }
557
558 /*
559 * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
560 *
561 * Servers MUST discard any Solicit messages that do not include a
562 * Client Identifier option or that do include a Server Identifier
563 * option.
564 */
565 int
566 valid_client_msg(struct packet *packet, struct data_string *client_id) {
567 int ret_val;
568 struct option_cache *oc;
569 struct data_string data;
570
571 ret_val = 0;
572 memset(client_id, 0, sizeof(*client_id));
573 memset(&data, 0, sizeof(data));
574
575 switch (get_client_id(packet, client_id)) {
576 case ISC_R_SUCCESS:
577 break;
578 case ISC_R_NOTFOUND:
579 log_debug("Discarding %s from %s; "
580 "client identifier missing",
581 dhcpv6_type_names[packet->dhcpv6_msg_type],
582 piaddr(packet->client_addr));
583 goto exit;
584 default:
585 log_error("Error processing %s from %s; "
586 "unable to evaluate Client Identifier",
587 dhcpv6_type_names[packet->dhcpv6_msg_type],
588 piaddr(packet->client_addr));
589 goto exit;
590 }
591
592 /*
593 * Required by RFC 3315, section 15.
594 */
595 if (packet->unicast) {
596 log_debug("Discarding %s from %s; packet sent unicast "
597 "(CLIENTID %s)",
598 dhcpv6_type_names[packet->dhcpv6_msg_type],
599 piaddr(packet->client_addr),
600 print_hex_1(client_id->len, client_id->data, 60));
601 goto exit;
602 }
603
604
605 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID);
606 if (oc != NULL) {
607 if (evaluate_option_cache(&data, packet, NULL, NULL,
608 packet->options, NULL,
609 &global_scope, oc, MDL)) {
610 log_debug("Discarding %s from %s; "
611 "server identifier found "
612 "(CLIENTID %s, SERVERID %s)",
613 dhcpv6_type_names[packet->dhcpv6_msg_type],
614 piaddr(packet->client_addr),
615 print_hex_1(client_id->len,
616 client_id->data, 60),
617 print_hex_2(data.len,
618 data.data, 60));
619 } else {
620 log_debug("Discarding %s from %s; "
621 "server identifier found "
622 "(CLIENTID %s)",
623 dhcpv6_type_names[packet->dhcpv6_msg_type],
624 print_hex_1(client_id->len,
625 client_id->data, 60),
626 piaddr(packet->client_addr));
627 }
628 goto exit;
629 }
630
631 /* looks good */
632 ret_val = 1;
633
634 exit:
635 if (data.len > 0) {
636 data_string_forget(&data, MDL);
637 }
638 if (!ret_val) {
639 if (client_id->len > 0) {
640 data_string_forget(client_id, MDL);
641 }
642 }
643 return ret_val;
644 }
645
646 /*
647 * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
648 * 15.9 (slightly different wording, but same meaning):
649 *
650 * Servers MUST discard any received Request message that meet any of
651 * the following conditions:
652 *
653 * - the message does not include a Server Identifier option.
654 * - the contents of the Server Identifier option do not match the
655 * server's DUID.
656 * - the message does not include a Client Identifier option.
657 */
658 int
659 valid_client_resp(struct packet *packet,
660 struct data_string *client_id,
661 struct data_string *server_id)
662 {
663 int ret_val;
664 struct option_cache *oc;
665
666 /* INSIST((duid.data != NULL) && (duid.len > 0)); */
667
668 ret_val = 0;
669 memset(client_id, 0, sizeof(*client_id));
670 memset(server_id, 0, sizeof(*server_id));
671
672 switch (get_client_id(packet, client_id)) {
673 case ISC_R_SUCCESS:
674 break;
675 case ISC_R_NOTFOUND:
676 log_debug("Discarding %s from %s; "
677 "client identifier missing",
678 dhcpv6_type_names[packet->dhcpv6_msg_type],
679 piaddr(packet->client_addr));
680 goto exit;
681 default:
682 log_error("Error processing %s from %s; "
683 "unable to evaluate Client Identifier",
684 dhcpv6_type_names[packet->dhcpv6_msg_type],
685 piaddr(packet->client_addr));
686 goto exit;
687 }
688
689 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID);
690 if (oc == NULL) {
691 log_debug("Discarding %s from %s: "
692 "server identifier missing (CLIENTID %s)",
693 dhcpv6_type_names[packet->dhcpv6_msg_type],
694 piaddr(packet->client_addr),
695 print_hex_1(client_id->len, client_id->data, 60));
696 goto exit;
697 }
698 if (!evaluate_option_cache(server_id, packet, NULL, NULL,
699 packet->options, NULL,
700 &global_scope, oc, MDL)) {
701 log_error("Error processing %s from %s; "
702 "unable to evaluate Server Identifier (CLIENTID %s)",
703 dhcpv6_type_names[packet->dhcpv6_msg_type],
704 piaddr(packet->client_addr),
705 print_hex_1(client_id->len, client_id->data, 60));
706 goto exit;
707 }
708 if ((server_duid.len != server_id->len) ||
709 (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
710 log_debug("Discarding %s from %s; "
711 "not our server identifier "
712 "(CLIENTID %s, SERVERID %s, server DUID %s)",
713 dhcpv6_type_names[packet->dhcpv6_msg_type],
714 piaddr(packet->client_addr),
715 print_hex_1(client_id->len, client_id->data, 60),
716 print_hex_2(server_id->len, server_id->data, 60),
717 print_hex_3(server_duid.len, server_duid.data, 60));
718 goto exit;
719 }
720
721 /* looks good */
722 ret_val = 1;
723
724 exit:
725 if (!ret_val) {
726 if (server_id->len > 0) {
727 data_string_forget(server_id, MDL);
728 }
729 if (client_id->len > 0) {
730 data_string_forget(client_id, MDL);
731 }
732 }
733 return ret_val;
734 }
735
736 /*
737 * Information request validation, defined in RFC 3315, section 15.12:
738 *
739 * Servers MUST discard any received Information-request message that
740 * meets any of the following conditions:
741 *
742 * - The message includes a Server Identifier option and the DUID in
743 * the option does not match the server's DUID.
744 *
745 * - The message includes an IA option.
746 */
747 int
748 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
749 int ret_val;
750 struct option_cache *oc;
751 struct data_string client_id;
752 char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
753 plus a few more for extra information */
754
755 ret_val = 0;
756 memset(server_id, 0, sizeof(*server_id));
757 memset(&client_id, 0, sizeof(client_id));
758
759 /*
760 * Make a string that we can print out to give more
761 * information about the client if we need to.
762 *
763 * By RFC 3315, Section 18.1.5 clients SHOULD have a
764 * client-id on an Information-request packet, but it
765 * is not strictly necessary.
766 */
767 if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
768 snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
769 print_hex_1(client_id.len, client_id.data, 60));
770 data_string_forget(&client_id, MDL);
771 } else {
772 client_id_str[0] = '\0';
773 }
774
775 /*
776 * Required by RFC 3315, section 15.
777 */
778 if (packet->unicast) {
779 log_debug("Discarding %s from %s; packet sent unicast%s",
780 dhcpv6_type_names[packet->dhcpv6_msg_type],
781 piaddr(packet->client_addr), client_id_str);
782 goto exit;
783 }
784
785 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
786 if (oc != NULL) {
787 log_debug("Discarding %s from %s; "
788 "IA_NA option present%s",
789 dhcpv6_type_names[packet->dhcpv6_msg_type],
790 piaddr(packet->client_addr), client_id_str);
791 goto exit;
792 }
793 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_TA);
794 if (oc != NULL) {
795 log_debug("Discarding %s from %s; "
796 "IA_TA option present%s",
797 dhcpv6_type_names[packet->dhcpv6_msg_type],
798 piaddr(packet->client_addr), client_id_str);
799 goto exit;
800 }
801 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
802 if (oc != NULL) {
803 log_debug("Discarding %s from %s; "
804 "IA_PD option present%s",
805 dhcpv6_type_names[packet->dhcpv6_msg_type],
806 piaddr(packet->client_addr), client_id_str);
807 goto exit;
808 }
809
810 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID);
811 if (oc != NULL) {
812 if (!evaluate_option_cache(server_id, packet, NULL, NULL,
813 packet->options, NULL,
814 &global_scope, oc, MDL)) {
815 log_error("Error processing %s from %s; "
816 "unable to evaluate Server Identifier%s",
817 dhcpv6_type_names[packet->dhcpv6_msg_type],
818 piaddr(packet->client_addr), client_id_str);
819 goto exit;
820 }
821 if ((server_duid.len != server_id->len) ||
822 (memcmp(server_duid.data, server_id->data,
823 server_duid.len) != 0)) {
824 log_debug("Discarding %s from %s; "
825 "not our server identifier "
826 "(SERVERID %s, server DUID %s)%s",
827 dhcpv6_type_names[packet->dhcpv6_msg_type],
828 piaddr(packet->client_addr),
829 print_hex_1(server_id->len,
830 server_id->data, 60),
831 print_hex_2(server_duid.len,
832 server_duid.data, 60),
833 client_id_str);
834 goto exit;
835 }
836 }
837
838 /* looks good */
839 ret_val = 1;
840
841 exit:
842 if (!ret_val) {
843 if (server_id->len > 0) {
844 data_string_forget(server_id, MDL);
845 }
846 }
847 return ret_val;
848 }
849
850 /*
851 * Options that we want to send, in addition to what was requested
852 * via the ORO.
853 */
854 static const int required_opts[] = {
855 D6O_CLIENTID,
856 D6O_SERVERID,
857 D6O_STATUS_CODE,
858 D6O_PREFERENCE,
859 0
860 };
861 static const int required_opts_solicit[] = {
862 D6O_CLIENTID,
863 D6O_SERVERID,
864 D6O_IA_NA,
865 D6O_IA_TA,
866 D6O_IA_PD,
867 D6O_RAPID_COMMIT,
868 D6O_STATUS_CODE,
869 D6O_RECONF_ACCEPT,
870 D6O_PREFERENCE,
871 0
872 };
873 static const int required_opts_agent[] = {
874 D6O_INTERFACE_ID,
875 #if defined(RELAY_PORT)
876 D6O_RELAY_SOURCE_PORT,
877 #endif
878 D6O_RELAY_MSG,
879 0
880 };
881 static const int required_opts_IA[] = {
882 D6O_IAADDR,
883 D6O_STATUS_CODE,
884 0
885 };
886 static const int required_opts_IA_PD[] = {
887 D6O_IAPREFIX,
888 D6O_STATUS_CODE,
889 0
890 };
891 static const int required_opts_STATUS_CODE[] = {
892 D6O_STATUS_CODE,
893 0
894 };
895 #ifdef DHCP4o6
896 static const int required_opts_4o6[] = {
897 D6O_DHCPV4_MSG,
898 0
899 };
900 #endif
901
902 static const int unicast_reject_opts[] = {
903 D6O_CLIENTID,
904 D6O_SERVERID,
905 D6O_STATUS_CODE,
906 0
907 };
908
909
910 /*
911 * Extracts from packet contents an IA_* option, storing the IA structure
912 * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
913 * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
914 * where in the IA_* the DHCPv6 options commence.
915 */
916 static int
917 get_encapsulated_IA_state(struct option_state **enc_opt_state,
918 struct data_string *enc_opt_data,
919 struct packet *packet,
920 struct option_cache *oc,
921 int offset)
922 {
923 /*
924 * Get the raw data for the encapsulated options.
925 */
926 memset(enc_opt_data, 0, sizeof(*enc_opt_data));
927 if (!evaluate_option_cache(enc_opt_data, packet,
928 NULL, NULL, packet->options, NULL,
929 &global_scope, oc, MDL)) {
930 log_error("get_encapsulated_IA_state: "
931 "error evaluating raw option.");
932 return 0;
933 }
934 if (enc_opt_data->len < offset) {
935 log_error("get_encapsulated_IA_state: raw option too small.");
936 data_string_forget(enc_opt_data, MDL);
937 return 0;
938 }
939
940 /*
941 * Now create the option state structure, and pass it to the
942 * function that parses options.
943 */
944 *enc_opt_state = NULL;
945 if (!option_state_allocate(enc_opt_state, MDL)) {
946 log_error("get_encapsulated_IA_state: no memory for options.");
947 data_string_forget(enc_opt_data, MDL);
948 return 0;
949 }
950 if (!parse_option_buffer(*enc_opt_state,
951 enc_opt_data->data + offset,
952 enc_opt_data->len - offset,
953 &dhcpv6_universe)) {
954 log_error("get_encapsulated_IA_state: error parsing options.");
955 option_state_dereference(enc_opt_state, MDL);
956 data_string_forget(enc_opt_data, MDL);
957 return 0;
958 }
959
960 return 1;
961 }
962
963 static int
964 set_status_code(u_int16_t status_code, const char *status_message,
965 struct option_state *opt_state)
966 {
967 struct data_string d;
968 int ret_val;
969
970 memset(&d, 0, sizeof(d));
971 d.len = sizeof(status_code) + strlen(status_message);
972 if (!buffer_allocate(&d.buffer, d.len, MDL)) {
973 log_fatal("set_status_code: no memory for status code.");
974 }
975 d.data = d.buffer->data;
976 putUShort(d.buffer->data, status_code);
977 memcpy(d.buffer->data + sizeof(status_code),
978 status_message, d.len - sizeof(status_code));
979 if (!save_option_buffer(&dhcpv6_universe, opt_state,
980 d.buffer, (unsigned char *)d.data, d.len,
981 D6O_STATUS_CODE, 0)) {
982 log_error("set_status_code: error saving status code.");
983 ret_val = 0;
984 } else {
985 ret_val = 1;
986 }
987 data_string_forget(&d, MDL);
988 return ret_val;
989 }
990
991 void check_pool6_threshold(struct reply_state *reply,
992 struct iasubopt *lease)
993 {
994 struct ipv6_pond *pond;
995 isc_uint64_t used, count, high_threshold;
996 int poolhigh = 0, poollow = 0;
997 char *shared_name = "no name";
998 char tmp_addr[INET6_ADDRSTRLEN];
999
1000 if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
1001 return;
1002 pond = lease->ipv6_pool->ipv6_pond;
1003
1004 /* If the address range is too large to track, just skip all this. */
1005 if (pond->jumbo_range == 1) {
1006 return;
1007 }
1008
1009 count = pond->num_total;
1010 used = pond->num_active;
1011
1012 /* get network name for logging */
1013 if ((pond->shared_network != NULL) &&
1014 (pond->shared_network->name != NULL)) {
1015 shared_name = pond->shared_network->name;
1016 }
1017
1018 /* The logged flag indicates if we have already crossed the high
1019 * threshold and emitted a log message. If it is set we check to
1020 * see if we have re-crossed the low threshold and need to reset
1021 * things. When we cross the high threshold we determine what
1022 * the low threshold is and save it into the low_threshold value.
1023 * When we cross that threshold we reset the logged flag and
1024 * the low_threshold to 0 which allows the high threshold message
1025 * to be emitted once again.
1026 * if we haven't recrossed the boundry we don't need to do anything.
1027 */
1028 if (pond->logged !=0) {
1029 if (used <= pond->low_threshold) {
1030 pond->low_threshold = 0;
1031 pond->logged = 0;
1032 log_error("Pool threshold reset - shared subnet: %s; "
1033 "address: %s; low threshold %llu/%llu.",
1034 shared_name,
1035 inet_ntop(AF_INET6, &lease->addr,
1036 tmp_addr, sizeof(tmp_addr)),
1037 used, count);
1038 }
1039 return;
1040 }
1041
1042 /* find the high threshold */
1043 if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1044 NULL, reply->packet->options, reply->opt_state,
1045 reply->opt_state, &lease->scope,
1046 SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1047 /* no threshold bail out */
1048 return;
1049 }
1050
1051 /* We do have a threshold for this pool, see if its valid */
1052 if ((poolhigh <= 0) || (poolhigh > 100)) {
1053 /* not valid */
1054 return;
1055 }
1056
1057 /* we have a valid value, have we exceeded it */
1058 high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1059 if (used < high_threshold) {
1060 /* nope, no more to do */
1061 return;
1062 }
1063
1064 /* we've exceeded it, output a message */
1065 log_error("Pool threshold exceeded - shared subnet: %s; "
1066 "address: %s; high threshold %d%% %llu/%llu.",
1067 shared_name,
1068 inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1069 poolhigh, used, count);
1070
1071 /* handle the low threshold now, if we don't
1072 * have one we default to 0. */
1073 if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1074 NULL, reply->packet->options, reply->opt_state,
1075 reply->opt_state, &lease->scope,
1076 SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1077 (poollow > 100)) {
1078 poollow = 0;
1079 }
1080
1081 /*
1082 * If the low theshold is higher than the high threshold we continue to log
1083 * If it isn't then we set the flag saying we already logged and determine
1084 * what the reset threshold is.
1085 */
1086 if (poollow < poolhigh) {
1087 pond->logged = 1;
1088 pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1089 }
1090 }
1091
1092 /*
1093 * We have a set of operations we do to set up the reply packet, which
1094 * is the same for many message types.
1095 */
1096 static int
1097 start_reply(struct packet *packet,
1098 const struct data_string *client_id,
1099 const struct data_string *server_id,
1100 struct option_state **opt_state,
1101 struct dhcpv6_packet *reply)
1102 {
1103 struct option_cache *oc;
1104 const unsigned char *server_id_data;
1105 int server_id_len;
1106
1107 /*
1108 * Build our option state for reply.
1109 */
1110 *opt_state = NULL;
1111 if (!option_state_allocate(opt_state, MDL)) {
1112 log_error("start_reply: no memory for option_state.");
1113 return 0;
1114 }
1115 execute_statements_in_scope(NULL, packet, NULL, NULL,
1116 packet->options, *opt_state,
1117 &global_scope, root_group, NULL, NULL);
1118
1119 /*
1120 * A small bit of special handling for Solicit messages.
1121 *
1122 * We could move the logic into a flag, but for now just check
1123 * explicitly.
1124 */
1125 if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
1126 reply->msg_type = DHCPV6_ADVERTISE;
1127
1128 /*
1129 * If:
1130 * - this message type supports rapid commit (Solicit), and
1131 * - the server is configured to supply a rapid commit, and
1132 * - the client requests a rapid commit,
1133 * Then we add a rapid commit option, and send Reply (instead
1134 * of an Advertise).
1135 */
1136 oc = lookup_option(&dhcpv6_universe,
1137 *opt_state, D6O_RAPID_COMMIT);
1138 if (oc != NULL) {
1139 oc = lookup_option(&dhcpv6_universe,
1140 packet->options, D6O_RAPID_COMMIT);
1141 if (oc != NULL) {
1142 /* Rapid-commit in action. */
1143 reply->msg_type = DHCPV6_REPLY;
1144 } else {
1145 /* Don't want a rapid-commit in advertise. */
1146 delete_option(&dhcpv6_universe,
1147 *opt_state, D6O_RAPID_COMMIT);
1148 }
1149 }
1150 } else {
1151 reply->msg_type = DHCPV6_REPLY;
1152 /* Delete the rapid-commit from the sent options. */
1153 oc = lookup_option(&dhcpv6_universe,
1154 *opt_state, D6O_RAPID_COMMIT);
1155 if (oc != NULL) {
1156 delete_option(&dhcpv6_universe,
1157 *opt_state, D6O_RAPID_COMMIT);
1158 }
1159 }
1160
1161 /*
1162 * Use the client's transaction identifier for the reply.
1163 */
1164 memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
1165 sizeof(reply->transaction_id));
1166
1167 /*
1168 * RFC 3315, section 18.2 says we need server identifier and
1169 * client identifier.
1170 *
1171 * If the server ID is defined via the configuration file, then
1172 * it will already be present in the option state at this point,
1173 * so we don't need to set it.
1174 *
1175 * If we have a server ID passed in from the caller,
1176 * use that, otherwise use the global DUID.
1177 */
1178 oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1179 if (oc == NULL) {
1180 if (server_id == NULL) {
1181 server_id_data = server_duid.data;
1182 server_id_len = server_duid.len;
1183 } else {
1184 server_id_data = server_id->data;
1185 server_id_len = server_id->len;
1186 }
1187 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1188 NULL, (unsigned char *)server_id_data,
1189 server_id_len, D6O_SERVERID, 0)) {
1190 log_error("start_reply: "
1191 "error saving server identifier.");
1192 return 0;
1193 }
1194 }
1195
1196 if (client_id->buffer != NULL) {
1197 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1198 client_id->buffer,
1199 (unsigned char *)client_id->data,
1200 client_id->len,
1201 D6O_CLIENTID, 0)) {
1202 log_error("start_reply: error saving "
1203 "client identifier.");
1204 return 0;
1205 }
1206 }
1207
1208 /*
1209 * If the client accepts reconfiguration, let it know that we
1210 * will send them.
1211 *
1212 * Note: we don't actually do this yet, but DOCSIS requires we
1213 * claim to.
1214 */
1215 oc = lookup_option(&dhcpv6_universe, packet->options,
1216 D6O_RECONF_ACCEPT);
1217 if (oc != NULL) {
1218 if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1219 NULL, (unsigned char *)"", 0,
1220 D6O_RECONF_ACCEPT, 0)) {
1221 log_error("start_reply: "
1222 "error saving RECONF_ACCEPT option.");
1223 option_state_dereference(opt_state, MDL);
1224 return 0;
1225 }
1226 }
1227
1228 return 1;
1229 }
1230
1231 /*
1232 * Try to get the IPv6 address the client asked for from the
1233 * pool.
1234 *
1235 * addr is the result (should be a pointer to NULL on entry)
1236 * pool is the pool to search in
1237 * requested_addr is the address the client wants
1238 */
1239 static isc_result_t
1240 try_client_v6_address(struct iasubopt **addr,
1241 struct ipv6_pool *pool,
1242 const struct data_string *requested_addr)
1243 {
1244 struct in6_addr tmp_addr;
1245 isc_result_t result;
1246
1247 if (requested_addr->len < sizeof(tmp_addr)) {
1248 return DHCP_R_INVALIDARG;
1249 }
1250 memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1251 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1252 return ISC_R_FAILURE;
1253 }
1254
1255 /*
1256 * The address is not covered by this (or possibly any) dynamic
1257 * range.
1258 */
1259 if (!ipv6_in_pool(&tmp_addr, pool)) {
1260 return ISC_R_ADDRNOTAVAIL;
1261 }
1262
1263 if (lease6_exists(pool, &tmp_addr)) {
1264 return ISC_R_ADDRINUSE;
1265 }
1266
1267 result = iasubopt_allocate(addr, MDL);
1268 if (result != ISC_R_SUCCESS) {
1269 return result;
1270 }
1271 (*addr)->addr = tmp_addr;
1272 (*addr)->plen = 0;
1273
1274 /* Default is soft binding for 2 minutes. */
1275 result = add_lease6(pool, *addr, cur_time + 120);
1276 if (result != ISC_R_SUCCESS) {
1277 iasubopt_dereference(addr, MDL);
1278 }
1279 return result;
1280 }
1281
1282 /*!
1283 *
1284 * \brief Get an IPv6 address for the client.
1285 *
1286 * Attempt to find a usable address for the client. We walk through
1287 * the ponds checking for permit and deny then through the pools
1288 * seeing if they have an available address.
1289 *
1290 * \param reply = the state structure for the current work on this request
1291 * if we create a lease we return it using reply->lease
1292 *
1293 * \return
1294 * ISC_R_SUCCESS = we were able to find an address and are returning a
1295 * pointer to the lease
1296 * ISC_R_NORESOURCES = there don't appear to be any free addresses. This
1297 * is probabalistic. We don't exhaustively try the
1298 * address range, instead we hash the duid and if
1299 * the address derived from the hash is in use we
1300 * hash the address. After a number of failures we
1301 * conclude the pool is basically full.
1302 */
1303 static isc_result_t
1304 pick_v6_address(struct reply_state *reply)
1305 {
1306 struct ipv6_pool *p = NULL;
1307 struct ipv6_pond *pond;
1308 int i;
1309 int start_pool;
1310 unsigned int attempts;
1311 char tmp_buf[INET6_ADDRSTRLEN];
1312 struct iasubopt **addr = &reply->lease;
1313 isc_uint64_t total = 0;
1314 isc_uint64_t active = 0;
1315 isc_uint64_t abandoned = 0;
1316 int jumbo_range = 0;
1317 char *shared_name = (reply->shared->name ?
1318 reply->shared->name : "(no name)");
1319
1320 /*
1321 * Do a quick walk through of the ponds and pools
1322 * to see if we have any NA address pools
1323 */
1324 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1325 if (pond->ipv6_pools == NULL)
1326 continue;
1327
1328 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1329 if (p->pool_type == D6O_IA_NA)
1330 break;
1331 }
1332 if (p != NULL)
1333 break;
1334 }
1335
1336 /* If we get here and p is NULL we have no useful pools */
1337 if (p == NULL) {
1338 log_debug("Unable to pick client address: "
1339 "no IPv6 pools on this shared network");
1340 return ISC_R_NORESOURCES;
1341 }
1342
1343 /*
1344 * We have at least one pool that could provide an address
1345 * Now we walk through the ponds and pools again and check
1346 * to see if the client is permitted and if an address is
1347 * available
1348 *
1349 * Within a given pond we start looking at the last pool we
1350 * allocated from, unless it had a collision trying to allocate
1351 * an address. This will tend to move us into less-filled pools.
1352 */
1353
1354 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1355 isc_result_t result = ISC_R_FAILURE;
1356
1357 if (((pond->prohibit_list != NULL) &&
1358 (permitted(reply->packet, pond->prohibit_list))) ||
1359 ((pond->permit_list != NULL) &&
1360 (!permitted(reply->packet, pond->permit_list))))
1361 continue;
1362
1363 #ifdef EUI_64
1364 /* If pond is EUI-64 but client duid isn't a valid EUI-64
1365 * id, then skip this pond */
1366 if (pond->use_eui_64 &&
1367 !valid_eui_64_duid(&reply->ia->iaid_duid, IAID_LEN)) {
1368 continue;
1369 }
1370 #endif
1371
1372 start_pool = pond->last_ipv6_pool;
1373 i = start_pool;
1374 do {
1375 p = pond->ipv6_pools[i];
1376 if (p->pool_type == D6O_IA_NA) {
1377 #ifdef EUI_64
1378 if (pond->use_eui_64) {
1379 result =
1380 create_lease6_eui_64(p, addr,
1381 &reply->ia->iaid_duid,
1382 cur_time + 120);
1383 }
1384 else
1385 #endif
1386 {
1387 result =
1388 create_lease6(p, addr, &attempts,
1389 &reply->ia->iaid_duid,
1390 cur_time + 120);
1391
1392 }
1393
1394 if (result == ISC_R_SUCCESS) {
1395 /*
1396 * Record the pool used (or next one if
1397 * there was a collision).
1398 */
1399 if (attempts > 1) {
1400 i++;
1401 if (pond->ipv6_pools[i]
1402 == NULL) {
1403 i = 0;
1404 }
1405 }
1406
1407 pond->last_ipv6_pool = i;
1408
1409 log_debug("Picking pool address %s",
1410 inet_ntop(AF_INET6,
1411 &((*addr)->addr),
1412 tmp_buf, sizeof(tmp_buf)));
1413 return (ISC_R_SUCCESS);
1414 }
1415 }
1416
1417 i++;
1418 if (pond->ipv6_pools[i] == NULL) {
1419 i = 0;
1420 }
1421 } while (i != start_pool);
1422
1423 if (result == ISC_R_NORESOURCES) {
1424 jumbo_range += pond->jumbo_range;
1425 total += pond->num_total;
1426 active += pond->num_active;
1427 abandoned += pond->num_abandoned;
1428 }
1429 }
1430
1431 /*
1432 * If we failed to pick an IPv6 address from any of the subnets.
1433 * Presumably that means we have no addresses for the client.
1434 */
1435 if (jumbo_range != 0) {
1436 log_debug("Unable to pick client address: "
1437 "no addresses available - shared network %s: "
1438 " 2^64-1 < total, %llu active, %llu abandoned",
1439 shared_name, active - abandoned, abandoned);
1440 } else {
1441 log_debug("Unable to pick client address: "
1442 "no addresses available - shared network %s: "
1443 "%llu total, %llu active, %llu abandoned",
1444 shared_name, total, active - abandoned, abandoned);
1445 }
1446
1447 return ISC_R_NORESOURCES;
1448 }
1449
1450 /*
1451 * Try to get the IPv6 prefix the client asked for from the
1452 * prefix pool.
1453 *
1454 * pref is the result (should be a pointer to NULL on entry)
1455 * pool is the prefix pool to search in
1456 * requested_pref is the address the client wants
1457 */
1458 static isc_result_t
1459 try_client_v6_prefix(struct iasubopt **pref,
1460 struct ipv6_pool *pool,
1461 const struct data_string *requested_pref)
1462 {
1463 u_int8_t tmp_plen;
1464 struct in6_addr tmp_pref;
1465 struct iaddr ia;
1466 isc_result_t result;
1467
1468 if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1469 return DHCP_R_INVALIDARG;
1470 }
1471
1472 tmp_plen = (int) requested_pref->data[0];
1473 if ((tmp_plen < 3) || (tmp_plen > 128)) {
1474 return ISC_R_FAILURE;
1475 }
1476
1477 memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1478 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1479 return ISC_R_FAILURE;
1480 }
1481
1482 ia.len = 16;
1483 memcpy(&ia.iabuf, &tmp_pref, 16);
1484 if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1485 return ISC_R_FAILURE;
1486 }
1487
1488 if (!ipv6_in_pool(&tmp_pref, pool) ||
1489 ((int)tmp_plen != pool->units)) {
1490 return ISC_R_ADDRNOTAVAIL;
1491 }
1492
1493 if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1494 return ISC_R_ADDRINUSE;
1495 }
1496
1497 result = iasubopt_allocate(pref, MDL);
1498 if (result != ISC_R_SUCCESS) {
1499 return result;
1500 }
1501
1502 (*pref)->addr = tmp_pref;
1503 (*pref)->plen = tmp_plen;
1504
1505 /* Default is soft binding for 2 minutes. */
1506 result = add_lease6(pool, *pref, cur_time + 120);
1507 if (result != ISC_R_SUCCESS) {
1508 iasubopt_dereference(pref, MDL);
1509 }
1510
1511 return result;
1512 }
1513
1514 /*!
1515 *
1516 * \brief Get an IPv6 prefix for the client.
1517 *
1518 * Attempt to find a usable prefix for the client. Based upon the prefix
1519 * length mode and the plen supplied by the client (if one), we make one
1520 * or more calls to pick_v6_prefix_helper() to find a prefix as follows:
1521 *
1522 * PLM_IGNORE or client specifies a plen of zero, use the first available
1523 * prefix regardless of it's length.
1524 *
1525 * PLM_PREFER – look for an exact match to client's plen first, if none
1526 * found, use the first available prefix of any length
1527 *
1528 * PLM_EXACT – look for an exact match first, if none found then fail. This
1529 * is the default behavior.
1530 *
1531 * PLM_MAXIMUM - look for an exact match first, then the first available whose
1532 * prefix length is less than client's plen, otherwise fail.
1533 *
1534 * PLM_MINIMUM - look for an exact match first, then the first available whose
1535 * prefix length is greater than client's plen, otherwise fail.
1536 *
1537 * Note that the selection mode is configurable at the global scope only via
1538 * prefix-len-mode.
1539 *
1540 * \param reply = the state structure for the current work on this request
1541 * if we create a lease we return it using reply->lease
1542 *
1543 * \return
1544 * ISC_R_SUCCESS = we were able to find an prefix and are returning a
1545 * pointer to the lease
1546 * ISC_R_NORESOURCES = there don't appear to be any free addresses. This
1547 * is probabalistic. We don't exhaustively try the
1548 * address range, instead we hash the duid and if
1549 * the address derived from the hash is in use we
1550 * hash the address. After a number of failures we
1551 * conclude the pool is basically full.
1552 */
1553 static isc_result_t
1554 pick_v6_prefix(struct reply_state *reply) {
1555 struct ipv6_pool *p = NULL;
1556 struct ipv6_pond *pond;
1557 int i;
1558 isc_result_t result;
1559
1560 /*
1561 * Do a quick walk through of the ponds and pools
1562 * to see if we have any prefix pools
1563 */
1564 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1565 if (pond->ipv6_pools == NULL)
1566 continue;
1567
1568 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1569 if (p->pool_type == D6O_IA_PD)
1570 break;
1571 }
1572 if (p != NULL)
1573 break;
1574 }
1575
1576 /* If we get here and p is NULL we have no useful pools */
1577 if (p == NULL) {
1578 log_debug("Unable to pick client prefix: "
1579 "no IPv6 pools on this shared network");
1580 return ISC_R_NORESOURCES;
1581 }
1582
1583 if (reply->preflen <= 0) {
1584 /* If we didn't get a plen (-1) or client plen is 0, then just
1585 * select first available (same as PLM_INGORE) */
1586 result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1587 } else {
1588 switch (prefix_length_mode) {
1589 case PLM_PREFER:
1590 /* First we look for an exact match, if not found
1591 * then first available */
1592 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1593 if (result != ISC_R_SUCCESS) {
1594 result = pick_v6_prefix_helper(reply,
1595 PLM_IGNORE);
1596 }
1597 break;
1598
1599 case PLM_EXACT:
1600 /* Match exactly or fail */
1601 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1602 break;
1603
1604 case PLM_MINIMUM:
1605 case PLM_MAXIMUM:
1606 /* First we look for an exact match, if not found
1607 * then first available by mode */
1608 result = pick_v6_prefix_helper(reply, PLM_EXACT);
1609 if (result != ISC_R_SUCCESS) {
1610 result = pick_v6_prefix_helper(reply,
1611 prefix_length_mode);
1612 }
1613 break;
1614
1615 default:
1616 /* First available */
1617 result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1618 break;
1619 }
1620 }
1621
1622 if (result == ISC_R_SUCCESS) {
1623 char tmp_buf[INET6_ADDRSTRLEN];
1624
1625 log_debug("Picking pool prefix %s/%u",
1626 inet_ntop(AF_INET6, &(reply->lease->addr),
1627 tmp_buf, sizeof(tmp_buf)),
1628 (unsigned)(reply->lease->plen));
1629 return (ISC_R_SUCCESS);
1630 }
1631
1632 /*
1633 * If we failed to pick an IPv6 prefix
1634 * Presumably that means we have no prefixes for the client.
1635 */
1636 log_debug("Unable to pick client prefix: no prefixes available");
1637 return ISC_R_NORESOURCES;
1638 }
1639
1640 /*!
1641 *
1642 * \brief Get an IPv6 prefix for the client based upon selection mode.
1643 *
1644 * We walk through the ponds checking for permit and deny. If a pond is
1645 * permissable to use, loop through its PD pools checking prefix lengths
1646 * against the client plen based on the prefix length mode, looking for
1647 * available prefixes.
1648 *
1649 * \param reply = the state structure for the current work on this request
1650 * if we create a lease we return it using reply->lease
1651 * \prefix_mode = selection mode to use
1652 *
1653 * \return
1654 * ISC_R_SUCCESS = we were able to find a prefix and are returning a
1655 * pointer to the lease
1656 * ISC_R_NORESOURCES = there don't appear to be any free addresses. This
1657 * is probabalistic. We don't exhaustively try the
1658 * address range, instead we hash the duid and if
1659 * the address derived from the hash is in use we
1660 * hash the address. After a number of failures we
1661 * conclude the pool is basically full.
1662 */
1663 isc_result_t
1664 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1665 struct ipv6_pool *p = NULL;
1666 struct ipv6_pond *pond;
1667 int i;
1668 unsigned int attempts;
1669 struct iasubopt **pref = &reply->lease;
1670
1671 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1672 if (((pond->prohibit_list != NULL) &&
1673 (permitted(reply->packet, pond->prohibit_list))) ||
1674 ((pond->permit_list != NULL) &&
1675 (!permitted(reply->packet, pond->permit_list))))
1676 continue;
1677
1678 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1679 if ((p->pool_type == D6O_IA_PD) &&
1680 (eval_prefix_mode(p->units, reply->preflen,
1681 prefix_mode) == 1) &&
1682 (create_prefix6(p, pref, &attempts,
1683 &reply->ia->iaid_duid,
1684 cur_time + 120) == ISC_R_SUCCESS)) {
1685 return (ISC_R_SUCCESS);
1686 }
1687 }
1688 }
1689
1690 return ISC_R_NORESOURCES;
1691 }
1692
1693 /*!
1694 *
1695 * \brief Test a prefix length against another based on prefix length mode
1696 *
1697 * \param len - prefix length to test
1698 * \param preflen - preferred prefix length against which to test
1699 * \param prefix_mode - prefix selection mode with which to test
1700 *
1701 * Note that the case of preferred length of 0 is not short-cut here as it
1702 * is assumed to be done at a higher level.
1703 *
1704 * \return 1 if the given length is usable based upon mode and a preferred
1705 * length, 0 if not.
1706 */
1707 int
1708 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1709 int use_it = 1;
1710 switch (prefix_mode) {
1711 case PLM_EXACT:
1712 use_it = (len == preflen);
1713 break;
1714 case PLM_MINIMUM:
1715 /* they asked for a prefix length no "shorter" than preflen */
1716 use_it = (len >= preflen);
1717 break;
1718 case PLM_MAXIMUM:
1719 /* they asked for a prefix length no "longer" than preflen */
1720 use_it = (len <= preflen);
1721 break;
1722 default:
1723 /* otherwise use it */
1724 break;
1725 }
1726
1727 return (use_it);
1728 }
1729
1730 /*
1731 *! \file server/dhcpv6.c
1732 *
1733 * \brief construct a reply containing information about a client's lease
1734 *
1735 * lease_to_client() is called from several messages to construct a
1736 * reply that contains all that we know about the client's correct lease
1737 * (or projected lease).
1738 *
1739 * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1740 * send what we "may" give them on a request.
1741 *
1742 * Request - "Hard" binding, but ignore supplied addresses (just provide what
1743 * the client should really use).
1744 *
1745 * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1746 * Rebind out any "wrong" addresses the client sends. This means we send
1747 * an empty IA_NA with a status code of NoBinding or NotOnLink or
1748 * possibly send the address with zeroed lifetimes.
1749 *
1750 * Information-Request - No binding.
1751 *
1752 * The basic structure is to traverse the client-supplied data first, and
1753 * validate and echo back any contents that can be. If the client-supplied
1754 * data does not error out (on renew/rebind as above), but we did not send
1755 * any addresses, attempt to allocate one.
1756 *
1757 * At the end of the this function we call commit_leases_timed() to
1758 * fsync and rotate the file as necessary. commit_leases_timed() will
1759 * check that we have written at least one lease to the file and that
1760 * some time has passed before doing any fsync or file rewrite so we
1761 * don't bother tracking if we did a write_ia during this function.
1762 */
1763 /* TODO: look at client hints for lease times */
1764
1765 static void
1766 lease_to_client(struct data_string *reply_ret,
1767 struct packet *packet,
1768 const struct data_string *client_id,
1769 const struct data_string *server_id)
1770 {
1771 static struct reply_state reply;
1772 struct option_cache *oc;
1773 struct data_string packet_oro;
1774 int i;
1775
1776 memset(&packet_oro, 0, sizeof(packet_oro));
1777
1778 /* Locate the client. */
1779 if (shared_network_from_packet6(&reply.shared,
1780 packet) != ISC_R_SUCCESS)
1781 goto exit;
1782
1783 /*
1784 * Initialize the reply.
1785 */
1786 packet_reference(&reply.packet, packet, MDL);
1787 data_string_copy(&reply.client_id, client_id, MDL);
1788
1789 if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1790 &reply.buf.reply))
1791 goto exit;
1792
1793 /* Set the write cursor to just past the reply header. */
1794 reply.cursor = REPLY_OPTIONS_INDEX;
1795
1796 /*
1797 * Get the ORO from the packet, if any.
1798 */
1799 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1800 if (oc != NULL) {
1801 if (!evaluate_option_cache(&packet_oro, packet,
1802 NULL, NULL,
1803 packet->options, NULL,
1804 &global_scope, oc, MDL)) {
1805 log_error("lease_to_client: error evaluating ORO.");
1806 goto exit;
1807 }
1808 }
1809
1810 /*
1811 * Find a host record that matches the packet, if any, and is
1812 * valid for the shared network the client is on.
1813 */
1814 if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1815 packet->known = 1;
1816 seek_shared_host(&reply.host, reply.shared);
1817 }
1818
1819 /* Process the client supplied IA's onto the reply buffer. */
1820 reply.ia_count = 0;
1821 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
1822
1823 for (; oc != NULL ; oc = oc->next) {
1824 isc_result_t status;
1825
1826 /* Start counting resources (addresses) offered. */
1827 reply.client_resources = 0;
1828 reply.resources_included = ISC_FALSE;
1829
1830 status = reply_process_ia_na(&reply, oc);
1831
1832 /*
1833 * We continue to try other IA's whether we can address
1834 * this one or not. Any other result is an immediate fail.
1835 */
1836 if ((status != ISC_R_SUCCESS) &&
1837 (status != ISC_R_NORESOURCES))
1838 goto exit;
1839 }
1840 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_TA);
1841 for (; oc != NULL ; oc = oc->next) {
1842 isc_result_t status;
1843
1844 /* Start counting resources (addresses) offered. */
1845 reply.client_resources = 0;
1846 reply.resources_included = ISC_FALSE;
1847
1848 status = reply_process_ia_ta(&reply, oc);
1849
1850 /*
1851 * We continue to try other IA's whether we can address
1852 * this one or not. Any other result is an immediate fail.
1853 */
1854 if ((status != ISC_R_SUCCESS) &&
1855 (status != ISC_R_NORESOURCES))
1856 goto exit;
1857 }
1858
1859 /* Same for IA_PD's. */
1860 reply.pd_count = 0;
1861 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
1862 for (; oc != NULL ; oc = oc->next) {
1863 isc_result_t status;
1864
1865 /* Start counting resources (prefixes) offered. */
1866 reply.client_resources = 0;
1867 reply.resources_included = ISC_FALSE;
1868
1869 status = reply_process_ia_pd(&reply, oc);
1870
1871 /*
1872 * We continue to try other IA_PD's whether we can address
1873 * this one or not. Any other result is an immediate fail.
1874 */
1875 if ((status != ISC_R_SUCCESS) &&
1876 (status != ISC_R_NORESOURCES))
1877 goto exit;
1878 }
1879
1880 /*
1881 * Make no reply if we gave no resources and is not
1882 * for Information-Request.
1883 */
1884 if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1885 if (reply.packet->dhcpv6_msg_type !=
1886 DHCPV6_INFORMATION_REQUEST)
1887 goto exit;
1888
1889 /*
1890 * Because we only execute statements on a per-IA basis,
1891 * we need to execute statements in any non-IA reply to
1892 * source configuration.
1893 */
1894 execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1895 reply.packet->options,
1896 reply.opt_state, &global_scope,
1897 reply.shared->group, root_group,
1898 NULL);
1899
1900 /* Execute statements from class scopes. */
1901 for (i = reply.packet->class_count; i > 0; i--) {
1902 execute_statements_in_scope(NULL, reply.packet,
1903 NULL, NULL,
1904 reply.packet->options,
1905 reply.opt_state,
1906 &global_scope,
1907 reply.packet->classes[i - 1]->group,
1908 reply.shared->group, NULL);
1909 }
1910
1911 /* Bring in any configuration from a host record. */
1912 if (reply.host != NULL)
1913 execute_statements_in_scope(NULL, reply.packet,
1914 NULL, NULL,
1915 reply.packet->options,
1916 reply.opt_state,
1917 &global_scope,
1918 reply.host->group,
1919 reply.shared->group, NULL);
1920 }
1921
1922 /*
1923 * RFC3315 section 17.2.2 (Solicit):
1924 *
1925 * If the server will not assign any addresses to any IAs in a
1926 * subsequent Request from the client, the server MUST send an
1927 * Advertise message to the client that includes only a Status
1928 * Code option with code NoAddrsAvail and a status message for
1929 * the user, a Server Identifier option with the server's DUID,
1930 * and a Client Identifier option with the client's DUID.
1931 *
1932 * This has been updated by an errata such that the server
1933 * can always send an IA.
1934 *
1935 * Section 18.2.1 (Request):
1936 *
1937 * If the server cannot assign any addresses to an IA in the
1938 * message from the client, the server MUST include the IA in
1939 * the Reply message with no addresses in the IA and a Status
1940 * Code option in the IA containing status code NoAddrsAvail.
1941 *
1942 * Section 18.1.8 (Client Behavior):
1943 *
1944 * Leave unchanged any information about addresses the client has
1945 * recorded in the IA but that were not included in the IA from
1946 * the server.
1947 * Sends a Renew/Rebind if the IA is not in the Reply message.
1948 */
1949
1950 /*
1951 * Having stored the client's IA's, store any options that
1952 * will fit in the remaining space.
1953 */
1954 reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1955 sizeof(reply.buf) - reply.cursor,
1956 reply.opt_state, reply.packet,
1957 required_opts_solicit,
1958 &packet_oro);
1959
1960 /* Return our reply to the caller. */
1961 reply_ret->len = reply.cursor;
1962 reply_ret->buffer = NULL;
1963 if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1964 log_fatal("No memory to store Reply.");
1965 }
1966 memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1967 reply_ret->data = reply_ret->buffer->data;
1968
1969 /* If appropriate commit and rotate the lease file */
1970 (void) commit_leases_timed();
1971
1972 exit:
1973 /* Cleanup. */
1974 if (reply.shared != NULL)
1975 shared_network_dereference(&reply.shared, MDL);
1976 if (reply.host != NULL)
1977 host_dereference(&reply.host, MDL);
1978 if (reply.opt_state != NULL)
1979 option_state_dereference(&reply.opt_state, MDL);
1980 if (reply.packet != NULL)
1981 packet_dereference(&reply.packet, MDL);
1982 if (reply.client_id.data != NULL)
1983 data_string_forget(&reply.client_id, MDL);
1984 if (packet_oro.buffer != NULL)
1985 data_string_forget(&packet_oro, MDL);
1986 reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1987 reply.cursor = 0;
1988 }
1989
1990 /* Process a client-supplied IA_NA. This may append options to the tail of
1991 * the reply packet being built in the reply_state structure.
1992 */
1993 static isc_result_t
1994 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1995 isc_result_t status = ISC_R_SUCCESS;
1996 u_int32_t iaid;
1997 unsigned ia_cursor;
1998 struct option_state *packet_ia;
1999 struct option_cache *oc;
2000 struct data_string ia_data, data;
2001
2002 /* Initialize values that will get cleaned up on return. */
2003 packet_ia = NULL;
2004 memset(&ia_data, 0, sizeof(ia_data));
2005 memset(&data, 0, sizeof(data));
2006 /*
2007 * Note that find_client_address() may set reply->lease.
2008 */
2009
2010 /* Make sure there is at least room for the header. */
2011 if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
2012 log_error("reply_process_ia_na: Reply too long for IA.");
2013 return ISC_R_NOSPACE;
2014 }
2015
2016
2017 /* Fetch the IA_NA contents. */
2018 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2019 ia, IA_NA_OFFSET)) {
2020 log_error("reply_process_ia_na: error evaluating ia");
2021 status = ISC_R_FAILURE;
2022 goto cleanup;
2023 }
2024
2025 /* Extract IA_NA header contents. */
2026 iaid = getULong(ia_data.data);
2027 reply->renew = getULong(ia_data.data + 4);
2028 reply->rebind = getULong(ia_data.data + 8);
2029
2030 /* Create an IA_NA structure. */
2031 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2032 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2033 log_error("reply_process_ia_na: no memory for ia.");
2034 status = ISC_R_NOMEMORY;
2035 goto cleanup;
2036 }
2037 reply->ia->ia_type = D6O_IA_NA;
2038
2039 /* Cache pre-existing IA, if any. */
2040 ia_hash_lookup(&reply->old_ia, ia_na_active,
2041 (unsigned char *)reply->ia->iaid_duid.data,
2042 reply->ia->iaid_duid.len, MDL);
2043
2044 /*
2045 * Create an option cache to carry the IA_NA option contents, and
2046 * execute any user-supplied values into it.
2047 */
2048 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2049 status = ISC_R_NOMEMORY;
2050 goto cleanup;
2051 }
2052
2053 /* Check & cache the fixed host record. */
2054 if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2055 struct iaddr tmp_addr;
2056
2057 if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2058 NULL, NULL, &global_scope,
2059 reply->host->fixed_addr, MDL)) {
2060 log_error("reply_process_ia_na: unable to evaluate "
2061 "fixed address.");
2062 status = ISC_R_FAILURE;
2063 goto cleanup;
2064 }
2065
2066 if (reply->fixed.len < 16) {
2067 log_error("reply_process_ia_na: invalid fixed address.");
2068 status = DHCP_R_INVALIDARG;
2069 goto cleanup;
2070 }
2071
2072 /* Find the static lease's subnet. */
2073 tmp_addr.len = 16;
2074 memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2075
2076 if (find_grouped_subnet(&reply->subnet, reply->shared,
2077 tmp_addr, MDL) == 0)
2078 log_fatal("Impossible condition at %s:%d.", MDL);
2079
2080 reply->static_lease = ISC_TRUE;
2081 } else
2082 reply->static_lease = ISC_FALSE;
2083
2084 /*
2085 * Save the cursor position at the start of the IA, so we can
2086 * set length and adjust t1/t2 values later. We write a temporary
2087 * header out now just in case we decide to adjust the packet
2088 * within sub-process functions.
2089 */
2090 ia_cursor = reply->cursor;
2091
2092 /* Initialize the IA_NA header. First the code. */
2093 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2094 reply->cursor += 2;
2095
2096 /* Then option length. */
2097 putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2098 reply->cursor += 2;
2099
2100 /* Then IA_NA header contents; IAID. */
2101 putULong(reply->buf.data + reply->cursor, iaid);
2102 reply->cursor += 4;
2103
2104 /* We store the client's t1 for now, and may over-ride it later. */
2105 putULong(reply->buf.data + reply->cursor, reply->renew);
2106 reply->cursor += 4;
2107
2108 /* We store the client's t2 for now, and may over-ride it later. */
2109 putULong(reply->buf.data + reply->cursor, reply->rebind);
2110 reply->cursor += 4;
2111
2112 /*
2113 * For each address in this IA_NA, decide what to do about it.
2114 *
2115 * Guidelines:
2116 *
2117 * The client leaves unchanged any information about addresses
2118 * it has recorded but are not included ("cancel/break" below).
2119 * A not included IA ("cleanup" below) could give a Renew/Rebind.
2120 */
2121 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2122 reply->min_valid = reply->min_prefer = INFINITE_TIME;
2123 reply->client_valid = reply->client_prefer = 0;
2124 for (; oc != NULL ; oc = oc->next) {
2125 status = reply_process_addr(reply, oc);
2126
2127 /*
2128 * Canceled means we did not allocate addresses to the
2129 * client, but we're "done" with this IA - we set a status
2130 * code. So transmit this reply, e.g., move on to the next
2131 * IA.
2132 */
2133 if (status == ISC_R_CANCELED)
2134 break;
2135
2136 if ((status != ISC_R_SUCCESS) &&
2137 (status != ISC_R_ADDRINUSE) &&
2138 (status != ISC_R_ADDRNOTAVAIL))
2139 goto cleanup;
2140 }
2141
2142 reply->ia_count++;
2143
2144 /*
2145 * If we fell through the above and never gave the client
2146 * an address, give it one now.
2147 */
2148 if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2149 status = find_client_address(reply);
2150
2151 if (status == ISC_R_NORESOURCES) {
2152 switch (reply->packet->dhcpv6_msg_type) {
2153 case DHCPV6_SOLICIT:
2154 /*
2155 * No address for any IA is handled
2156 * by the caller.
2157 */
2158 /* FALL THROUGH */
2159
2160 case DHCPV6_REQUEST:
2161 /* Section 18.2.1 (Request):
2162 *
2163 * If the server cannot assign any addresses to
2164 * an IA in the message from the client, the
2165 * server MUST include the IA in the Reply
2166 * message with no addresses in the IA and a
2167 * Status Code option in the IA containing
2168 * status code NoAddrsAvail.
2169 */
2170 option_state_dereference(&reply->reply_ia, MDL);
2171 if (!option_state_allocate(&reply->reply_ia,
2172 MDL))
2173 {
2174 log_error("reply_process_ia_na: No "
2175 "memory for option state "
2176 "wipe.");
2177 status = ISC_R_NOMEMORY;
2178 goto cleanup;
2179 }
2180
2181 if (!set_status_code(STATUS_NoAddrsAvail,
2182 "No addresses available "
2183 "for this interface.",
2184 reply->reply_ia)) {
2185 log_error("reply_process_ia_na: Unable "
2186 "to set NoAddrsAvail status "
2187 "code.");
2188 status = ISC_R_FAILURE;
2189 goto cleanup;
2190 }
2191
2192 status = ISC_R_SUCCESS;
2193 break;
2194
2195 default:
2196 /*
2197 * RFC 3315 does not tell us to emit a status
2198 * code in this condition, or anything else.
2199 *
2200 * If we included non-allocated addresses
2201 * (zeroed lifetimes) in an IA, then the client
2202 * will deconfigure them.
2203 *
2204 * So we want to include the IA even if we
2205 * can't give it a new address if it includes
2206 * zeroed lifetime addresses.
2207 *
2208 * We don't want to include the IA if we
2209 * provide zero addresses including zeroed
2210 * lifetimes.
2211 */
2212 if (reply->resources_included)
2213 status = ISC_R_SUCCESS;
2214 else
2215 goto cleanup;
2216 break;
2217 }
2218 }
2219
2220 if (status != ISC_R_SUCCESS)
2221 goto cleanup;
2222 }
2223
2224 /*
2225 * yes, goto's aren't the best but we also want to avoid extra
2226 * indents
2227 */
2228 if (status == ISC_R_CANCELED) {
2229 /* We're replying with a status code so we still need to
2230 * write it out in wire-format to the outbound buffer */
2231 write_to_packet(reply, ia_cursor);
2232 goto cleanup;
2233 }
2234
2235 /*
2236 * Handle static leases, we always log stuff and if it's
2237 * a hard binding we run any commit statements that we have
2238 */
2239 if (reply->static_lease) {
2240 char tmp_addr[INET6_ADDRSTRLEN];
2241 log_info("%s NA: address %s to client with duid %s iaid = %d "
2242 "static",
2243 dhcpv6_type_names[reply->buf.reply.msg_type],
2244 inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2245 sizeof(tmp_addr)),
2246 print_hex_1(reply->client_id.len,
2247 reply->client_id.data, 60),
2248 iaid);
2249
2250 /* Write the lease out in wire-format to the outbound buffer */
2251 write_to_packet(reply, ia_cursor);
2252 #ifdef NSUPDATE
2253 /* Performs DDNS updates if we're configured to do them */
2254 ddns_update_static6(reply);
2255 #endif
2256 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2257 (reply->on_star.on_commit != NULL)) {
2258 execute_statements(NULL, reply->packet, NULL, NULL,
2259 reply->packet->options,
2260 reply->opt_state, NULL,
2261 reply->on_star.on_commit, NULL);
2262 executable_statement_dereference
2263 (&reply->on_star.on_commit, MDL);
2264 }
2265 goto cleanup;
2266 }
2267
2268 /*
2269 * If we have any addresses log what we are doing.
2270 */
2271 if (reply->ia->num_iasubopt != 0) {
2272 struct iasubopt *tmp;
2273 int i;
2274 char tmp_addr[INET6_ADDRSTRLEN];
2275
2276 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2277 tmp = reply->ia->iasubopt[i];
2278
2279 log_info("%s NA: address %s to client with duid %s "
2280 "iaid = %d valid for %u seconds",
2281 dhcpv6_type_names[reply->buf.reply.msg_type],
2282 inet_ntop(AF_INET6, &tmp->addr,
2283 tmp_addr, sizeof(tmp_addr)),
2284 print_hex_1(reply->client_id.len,
2285 reply->client_id.data, 60),
2286 iaid, tmp->valid);
2287 }
2288 }
2289
2290 /*
2291 * If this is not a 'soft' binding, consume the new changes into
2292 * the database (if any have been attached to the ia_na).
2293 *
2294 * Loop through the assigned dynamic addresses, referencing the
2295 * leases onto this IA_NA rather than any old ones, and updating
2296 * pool timers for each (if any).
2297 *
2298 * Note that we must do ddns_updates() before we test for lease
2299 * reuse (so we'll know if DNS entries are different). To ensure
2300 * we don't break any configs, we run on_commit statements before
2301 * we do ddns_updates() just in case the former affects the later.
2302 * This is symetrical with v4 logic. We always run on_commit and
2303 * ddns_udpates() whether a lease is reused or renewed.
2304 */
2305 if ((reply->ia->num_iasubopt != 0) &&
2306 (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2307 int must_commit = 0;
2308 struct iasubopt *tmp;
2309 struct data_string *ia_id;
2310 int i;
2311
2312 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2313 tmp = reply->ia->iasubopt[i];
2314 if (tmp->ia != NULL) {
2315 ia_dereference(&tmp->ia, MDL);
2316 }
2317
2318 ia_reference(&tmp->ia, reply->ia, MDL);
2319
2320 /* If we have anything to do on commit do it now */
2321 if (tmp->on_star.on_commit != NULL) {
2322 execute_statements(NULL, reply->packet,
2323 NULL, NULL,
2324 reply->packet->options,
2325 reply->opt_state,
2326 &tmp->scope,
2327 tmp->on_star.on_commit,
2328 &tmp->on_star);
2329 executable_statement_dereference
2330 (&tmp->on_star.on_commit, MDL);
2331 }
2332
2333 #if defined (NSUPDATE)
2334
2335 /* Perform ddns updates */
2336 oc = lookup_option(&server_universe, reply->opt_state,
2337 SV_DDNS_UPDATES);
2338 if ((oc == NULL) ||
2339 evaluate_boolean_option_cache(NULL, reply->packet,
2340 NULL, NULL,
2341 reply->packet->options,
2342 reply->opt_state,
2343 &tmp->scope,
2344 oc, MDL)) {
2345 ddns_updates(reply->packet, NULL, NULL,
2346 tmp, NULL, reply->opt_state);
2347 }
2348 #endif
2349 if (!reuse_lease6(reply, tmp)) {
2350 /* Commit 'hard' bindings. */
2351 must_commit = 1;
2352 renew_lease6(tmp->ipv6_pool, tmp);
2353 schedule_lease_timeout(tmp->ipv6_pool);
2354
2355 /* Do our threshold check. */
2356 check_pool6_threshold(reply, tmp);
2357 }
2358 }
2359
2360 /* write the IA_NA in wire-format to the outbound buffer */
2361 write_to_packet(reply, ia_cursor);
2362
2363 /* Remove any old ia from the hash. */
2364 if (reply->old_ia != NULL) {
2365 if (!release_on_roam(reply)) {
2366 ia_id = &reply->old_ia->iaid_duid;
2367 ia_hash_delete(ia_na_active,
2368 (unsigned char *)ia_id->data,
2369 ia_id->len, MDL);
2370 }
2371
2372 ia_dereference(&reply->old_ia, MDL);
2373 }
2374
2375 /* Put new ia into the hash. */
2376 reply->ia->cltt = cur_time;
2377 ia_id = &reply->ia->iaid_duid;
2378 ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2379 ia_id->len, reply->ia, MDL);
2380
2381 /* If we couldn't reuse all of the iasubopts, we
2382 * must update udpate the lease db */
2383 if (must_commit) {
2384 write_ia(reply->ia);
2385 }
2386 } else {
2387 /* write the IA_NA in wire-format to the outbound buffer */
2388 write_to_packet(reply, ia_cursor);
2389 schedule_lease_timeout_reply(reply);
2390 }
2391
2392 cleanup:
2393 if (packet_ia != NULL)
2394 option_state_dereference(&packet_ia, MDL);
2395 if (reply->reply_ia != NULL)
2396 option_state_dereference(&reply->reply_ia, MDL);
2397 if (ia_data.data != NULL)
2398 data_string_forget(&ia_data, MDL);
2399 if (data.data != NULL)
2400 data_string_forget(&data, MDL);
2401 if (reply->ia != NULL)
2402 ia_dereference(&reply->ia, MDL);
2403 if (reply->old_ia != NULL)
2404 ia_dereference(&reply->old_ia, MDL);
2405 if (reply->lease != NULL)
2406 iasubopt_dereference(&reply->lease, MDL);
2407 if (reply->fixed.data != NULL)
2408 data_string_forget(&reply->fixed, MDL);
2409 if (reply->subnet != NULL)
2410 subnet_dereference(&reply->subnet, MDL);
2411 if (reply->on_star.on_expiry != NULL)
2412 executable_statement_dereference
2413 (&reply->on_star.on_expiry, MDL);
2414 if (reply->on_star.on_release != NULL)
2415 executable_statement_dereference
2416 (&reply->on_star.on_release, MDL);
2417
2418 /*
2419 * ISC_R_CANCELED is a status code used by the addr processing to
2420 * indicate we're replying with a status code. This is still a
2421 * success at higher layers.
2422 */
2423 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2424 }
2425
2426 /*
2427 * Writes the populated IA_xx in wire format to the reply buffer
2428 */
2429 void
2430 write_to_packet(struct reply_state *reply, unsigned ia_cursor) {
2431 reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2432 sizeof(reply->buf) - reply->cursor,
2433 reply->reply_ia, reply->packet,
2434 (reply->ia->ia_type != D6O_IA_PD ?
2435 required_opts_IA : required_opts_IA_PD),
2436 NULL);
2437
2438 /* Reset the length of this IA to match what was just written. */
2439 putUShort(reply->buf.data + ia_cursor + 2,
2440 reply->cursor - (ia_cursor + 4));
2441
2442 if (reply->ia->ia_type != D6O_IA_TA) {
2443 /* Calculate T1/T2 and stuff them in the reply */
2444 set_reply_tee_times(reply, ia_cursor);
2445 }
2446 }
2447
2448 /*
2449 * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2450 * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2451 * in the event we are replying with a status code and do not wish to process
2452 * more IAADDRs within this IA.
2453 */
2454 static isc_result_t
2455 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2456 u_int32_t pref_life, valid_life;
2457 struct binding_scope **scope;
2458 struct group *group;
2459 struct subnet *subnet;
2460 struct iaddr tmp_addr;
2461 struct option_cache *oc;
2462 struct data_string iaaddr, data;
2463 isc_result_t status = ISC_R_SUCCESS;
2464 #ifdef EUI_64
2465 int invalid_for_eui_64 = 0;
2466 #endif
2467
2468 /* Initializes values that will be cleaned up. */
2469 memset(&iaaddr, 0, sizeof(iaaddr));
2470 memset(&data, 0, sizeof(data));
2471 /* Note that reply->lease may be set by address_is_owned() */
2472
2473 /*
2474 * There is no point trying to process an incoming address if there
2475 * is no room for an outgoing address.
2476 */
2477 if ((reply->cursor + 28) > sizeof(reply->buf)) {
2478 log_error("reply_process_addr: Out of room for address.");
2479 return ISC_R_NOSPACE;
2480 }
2481
2482 /* Extract this IAADDR option. */
2483 if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2484 reply->packet->options, NULL, &global_scope,
2485 addr, MDL) ||
2486 (iaaddr.len < IAADDR_OFFSET)) {
2487 log_error("reply_process_addr: error evaluating IAADDR.");
2488 status = ISC_R_FAILURE;
2489 goto cleanup;
2490 }
2491
2492 /* The first 16 bytes are the IPv6 address. */
2493 pref_life = getULong(iaaddr.data + 16);
2494 valid_life = getULong(iaaddr.data + 20);
2495
2496 if ((reply->client_valid == 0) ||
2497 (reply->client_valid > valid_life))
2498 reply->client_valid = valid_life;
2499
2500 if ((reply->client_prefer == 0) ||
2501 (reply->client_prefer > pref_life))
2502 reply->client_prefer = pref_life;
2503
2504 /*
2505 * Clients may choose to send :: as an address, with the idea to give
2506 * hints about preferred-lifetime or valid-lifetime.
2507 */
2508 tmp_addr.len = 16;
2509 memset(tmp_addr.iabuf, 0, 16);
2510 if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2511 /* Status remains success; we just ignore this one. */
2512 goto cleanup;
2513 }
2514
2515 /* tmp_addr len remains 16 */
2516 memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2517
2518 /*
2519 * Verify that this address is on the client's network.
2520 */
2521 for (subnet = reply->shared->subnets ; subnet != NULL ;
2522 subnet = subnet->next_sibling) {
2523 if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2524 subnet->net))
2525 break;
2526 }
2527
2528 #ifdef EUI_64
2529 if (subnet) {
2530 /* If the requested address falls into an EUI-64 pool, then
2531 * we need to verify if it has EUI-64 duid AND the requested
2532 * address is correct for that duid. If not we treat it just
2533 * like an not-on-link request. */
2534 struct ipv6_pool* pool = NULL;
2535 struct in6_addr* addr = (struct in6_addr*)(iaaddr.data);
2536 if ((find_ipv6_pool(&pool, D6O_IA_NA, addr) == ISC_R_SUCCESS)
2537 && (pool->ipv6_pond->use_eui_64) &&
2538 (!valid_for_eui_64_pool(pool, &reply->client_id, 0, addr))) {
2539 log_debug ("Requested address: %s,"
2540 " not valid for EUI-64 pool",
2541 pin6_addr(addr));
2542 invalid_for_eui_64 = 1;
2543 }
2544 }
2545 #endif
2546
2547 /* Address not found on shared network. */
2548 #ifdef EUI_64
2549 if ((subnet == NULL) || invalid_for_eui_64) {
2550 #else
2551 if (subnet == NULL) {
2552 #endif
2553 /* Ignore this address on 'soft' bindings. */
2554 if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2555 /* disable rapid commit */
2556 reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2557 delete_option(&dhcpv6_universe,
2558 reply->opt_state,
2559 D6O_RAPID_COMMIT);
2560 /* status remains success */
2561 goto cleanup;
2562 }
2563
2564 /*
2565 * RFC3315 section 18.2.1:
2566 *
2567 * If the server finds that the prefix on one or more IP
2568 * addresses in any IA in the message from the client is not
2569 * appropriate for the link to which the client is connected,
2570 * the server MUST return the IA to the client with a Status
2571 * Code option with the value NotOnLink.
2572 */
2573 if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2574 /* Rewind the IA_NA to empty. */
2575 option_state_dereference(&reply->reply_ia, MDL);
2576 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2577 log_error("reply_process_addr: No memory for "
2578 "option state wipe.");
2579 status = ISC_R_NOMEMORY;
2580 goto cleanup;
2581 }
2582
2583 /* Append a NotOnLink status code. */
2584 if (!set_status_code(STATUS_NotOnLink,
2585 "Address not for use on this "
2586 "link.", reply->reply_ia)) {
2587 log_error("reply_process_addr: Failure "
2588 "setting status code.");
2589 status = ISC_R_FAILURE;
2590 goto cleanup;
2591 }
2592
2593 /* Fin (no more IAADDRs). */
2594 status = ISC_R_CANCELED;
2595 goto cleanup;
2596 }
2597
2598 /*
2599 * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2600 *
2601 * If the server finds that any of the addresses are not
2602 * appropriate for the link to which the client is attached,
2603 * the server returns the address to the client with lifetimes
2604 * of 0.
2605 */
2606 if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2607 (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2608 log_error("It is impossible to lease a client that is "
2609 "not sending a solicit, request, renew, or "
2610 "rebind.");
2611 status = ISC_R_FAILURE;
2612 goto cleanup;
2613 }
2614
2615 reply->send_prefer = reply->send_valid = 0;
2616 goto send_addr;
2617 }
2618
2619
2620 /* Verify the address belongs to the client. */
2621 if (!address_is_owned(reply, &tmp_addr)) {
2622 /*
2623 * For solicit and request, any addresses included are
2624 * 'requested' addresses. For rebind, we actually have
2625 * no direction on what to do from 3315 section 18.2.4!
2626 * So I think the best bet is to try and give it out, and if
2627 * we can't, zero lifetimes.
2628 */
2629 if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2630 (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2631 (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2632 status = reply_process_try_addr(reply, &tmp_addr);
2633
2634 /*
2635 * If the address is in use, or isn't in any dynamic
2636 * range, continue as normal. If any other error was
2637 * found, error out.
2638 */
2639 if ((status != ISC_R_SUCCESS) &&
2640 (status != ISC_R_ADDRINUSE) &&
2641 (status != ISC_R_ADDRNOTAVAIL))
2642 goto cleanup;
2643
2644 /*
2645 * If we didn't honor this lease, for solicit and
2646 * request we simply omit it from our answer. For
2647 * rebind, we send it with zeroed lifetimes.
2648 */
2649 if (reply->lease == NULL) {
2650 if (reply->packet->dhcpv6_msg_type ==
2651 DHCPV6_REBIND) {
2652 reply->send_prefer = 0;
2653 reply->send_valid = 0;
2654 goto send_addr;
2655 }
2656
2657 /* status remains success - ignore */
2658 goto cleanup;
2659 }
2660 /*
2661 * RFC3315 section 18.2.3:
2662 *
2663 * If the server cannot find a client entry for the IA the
2664 * server returns the IA containing no addresses with a Status
2665 * Code option set to NoBinding in the Reply message.
2666 *
2667 * On mismatch we (ab)use this pretending we have not the IA
2668 * as soon as we have not an address.
2669 */
2670 } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2671 /* Rewind the IA_NA to empty. */
2672 option_state_dereference(&reply->reply_ia, MDL);
2673 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2674 log_error("reply_process_addr: No memory for "
2675 "option state wipe.");
2676 status = ISC_R_NOMEMORY;
2677 goto cleanup;
2678 }
2679
2680 /* Append a NoBinding status code. */
2681 if (!set_status_code(STATUS_NoBinding,
2682 "Address not bound to this "
2683 "interface.", reply->reply_ia)) {
2684 log_error("reply_process_addr: Unable to "
2685 "attach status code.");
2686 status = ISC_R_FAILURE;
2687 goto cleanup;
2688 }
2689
2690 /* Fin (no more IAADDRs). */
2691 status = ISC_R_CANCELED;
2692 goto cleanup;
2693 } else {
2694 log_error("It is impossible to lease a client that is "
2695 "not sending a solicit, request, renew, or "
2696 "rebind message.");
2697 status = ISC_R_FAILURE;
2698 goto cleanup;
2699 }
2700 }
2701
2702 if (reply->static_lease) {
2703 if (reply->host == NULL)
2704 log_fatal("Impossible condition at %s:%d.", MDL);
2705
2706 scope = &global_scope;
2707 group = reply->subnet->group;
2708 } else {
2709 if (reply->lease == NULL)
2710 log_fatal("Impossible condition at %s:%d.", MDL);
2711
2712 scope = &reply->lease->scope;
2713 group = reply->lease->ipv6_pool->ipv6_pond->group;
2714 }
2715
2716 /*
2717 * If client_resources is nonzero, then the reply_process_is_addressed
2718 * function has executed configuration state into the reply option
2719 * cache. We will use that valid cache to derive configuration for
2720 * whether or not to engage in additional addresses, and similar.
2721 */
2722 if (reply->client_resources != 0) {
2723 unsigned limit = 1;
2724
2725 /*
2726 * Does this client have "enough" addresses already? Default
2727 * to one. Everybody gets one, and one should be enough for
2728 * anybody.
2729 */
2730 oc = lookup_option(&server_universe, reply->opt_state,
2731 SV_LIMIT_ADDRS_PER_IA);
2732 if (oc != NULL) {
2733 if (!evaluate_option_cache(&data, reply->packet,
2734 NULL, NULL,
2735 reply->packet->options,
2736 reply->opt_state,
2737 scope, oc, MDL) ||
2738 (data.len != 4)) {
2739 log_error("reply_process_addr: unable to "
2740 "evaluate addrs-per-ia value.");
2741 status = ISC_R_FAILURE;
2742 goto cleanup;
2743 }
2744
2745 limit = getULong(data.data);
2746 data_string_forget(&data, MDL);
2747 }
2748
2749 /*
2750 * If we wish to limit the client to a certain number of
2751 * addresses, then omit the address from the reply.
2752 */
2753 if (reply->client_resources >= limit)
2754 goto cleanup;
2755 }
2756
2757 status = reply_process_is_addressed(reply, scope, group);
2758 if (status != ISC_R_SUCCESS)
2759 goto cleanup;
2760
2761 send_addr:
2762 status = reply_process_send_addr(reply, &tmp_addr);
2763
2764 cleanup:
2765 if (iaaddr.data != NULL)
2766 data_string_forget(&iaaddr, MDL);
2767 if (data.data != NULL)
2768 data_string_forget(&data, MDL);
2769 if (reply->lease != NULL)
2770 iasubopt_dereference(&reply->lease, MDL);
2771
2772 return status;
2773 }
2774
2775 /*
2776 * Verify the address belongs to the client. If we've got a host
2777 * record with a fixed address, it has to be the assigned address
2778 * (fault out all else). Otherwise it's a dynamic address, so lookup
2779 * that address and make sure it belongs to this DUID:IAID pair.
2780 */
2781 static isc_boolean_t
2782 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2783 int i;
2784 struct ipv6_pond *pond;
2785
2786 /*
2787 * This faults out addresses that don't match fixed addresses.
2788 */
2789 if (reply->static_lease) {
2790 if (reply->fixed.data == NULL)
2791 log_fatal("Impossible condition at %s:%d.", MDL);
2792
2793 if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2794 return (ISC_TRUE);
2795
2796 return (ISC_FALSE);
2797 }
2798
2799 if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2800 return (ISC_FALSE);
2801
2802 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2803 struct iasubopt *tmp;
2804
2805 tmp = reply->old_ia->iasubopt[i];
2806
2807 if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2808 if (lease6_usable(tmp) == ISC_FALSE) {
2809 return (ISC_FALSE);
2810 }
2811
2812 pond = tmp->ipv6_pool->ipv6_pond;
2813 if (((pond->prohibit_list != NULL) &&
2814 (permitted(reply->packet, pond->prohibit_list))) ||
2815 ((pond->permit_list != NULL) &&
2816 (!permitted(reply->packet, pond->permit_list))))
2817 return (ISC_FALSE);
2818
2819 iasubopt_reference(&reply->lease, tmp, MDL);
2820
2821 return (ISC_TRUE);
2822 }
2823 }
2824
2825 return (ISC_FALSE);
2826 }
2827
2828 /* Process a client-supplied IA_TA. This may append options to the tail of
2829 * the reply packet being built in the reply_state structure.
2830 */
2831 static isc_result_t
2832 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2833 isc_result_t status = ISC_R_SUCCESS;
2834 u_int32_t iaid;
2835 unsigned ia_cursor;
2836 struct option_state *packet_ia;
2837 struct option_cache *oc;
2838 struct data_string ia_data, data;
2839 struct data_string iaaddr;
2840 u_int32_t pref_life, valid_life;
2841 struct iaddr tmp_addr;
2842
2843 /* Initialize values that will get cleaned up on return. */
2844 packet_ia = NULL;
2845 memset(&ia_data, 0, sizeof(ia_data));
2846 memset(&data, 0, sizeof(data));
2847 memset(&iaaddr, 0, sizeof(iaaddr));
2848
2849 /* Make sure there is at least room for the header. */
2850 if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2851 log_error("reply_process_ia_ta: Reply too long for IA.");
2852 return ISC_R_NOSPACE;
2853 }
2854
2855
2856 /* Fetch the IA_TA contents. */
2857 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2858 ia, IA_TA_OFFSET)) {
2859 log_error("reply_process_ia_ta: error evaluating ia");
2860 status = ISC_R_FAILURE;
2861 goto cleanup;
2862 }
2863
2864 /* Extract IA_TA header contents. */
2865 iaid = getULong(ia_data.data);
2866
2867 /* Create an IA_TA structure. */
2868 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2869 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2870 log_error("reply_process_ia_ta: no memory for ia.");
2871 status = ISC_R_NOMEMORY;
2872 goto cleanup;
2873 }
2874 reply->ia->ia_type = D6O_IA_TA;
2875
2876 /* Cache pre-existing IA, if any. */
2877 ia_hash_lookup(&reply->old_ia, ia_ta_active,
2878 (unsigned char *)reply->ia->iaid_duid.data,
2879 reply->ia->iaid_duid.len, MDL);
2880
2881 /*
2882 * Create an option cache to carry the IA_TA option contents, and
2883 * execute any user-supplied values into it.
2884 */
2885 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2886 status = ISC_R_NOMEMORY;
2887 goto cleanup;
2888 }
2889
2890 /*
2891 * Temporary leases are dynamic by definition.
2892 */
2893 reply->static_lease = ISC_FALSE;
2894
2895 /*
2896 * Save the cursor position at the start of the IA, so we can
2897 * set length later. We write a temporary
2898 * header out now just in case we decide to adjust the packet
2899 * within sub-process functions.
2900 */
2901 ia_cursor = reply->cursor;
2902
2903 /* Initialize the IA_TA header. First the code. */
2904 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2905 reply->cursor += 2;
2906
2907 /* Then option length. */
2908 putUShort(reply->buf.data + reply->cursor, 0x04u);
2909 reply->cursor += 2;
2910
2911 /* Then IA_TA header contents; IAID. */
2912 putULong(reply->buf.data + reply->cursor, iaid);
2913 reply->cursor += 4;
2914
2915 /*
2916 * Deal with an IAADDR for lifetimes.
2917 * For all or none, process IAADDRs as hints.
2918 */
2919 reply->min_valid = reply->min_prefer = INFINITE_TIME;
2920 reply->client_valid = reply->client_prefer = 0;
2921 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2922 for (; oc != NULL; oc = oc->next) {
2923 memset(&iaaddr, 0, sizeof(iaaddr));
2924 if (!evaluate_option_cache(&iaaddr, reply->packet,
2925 NULL, NULL,
2926 reply->packet->options, NULL,
2927 &global_scope, oc, MDL) ||
2928 (iaaddr.len < IAADDR_OFFSET)) {
2929 log_error("reply_process_ia_ta: error "
2930 "evaluating IAADDR.");
2931 status = ISC_R_FAILURE;
2932 goto cleanup;
2933 }
2934 /* The first 16 bytes are the IPv6 address. */
2935 pref_life = getULong(iaaddr.data + 16);
2936 valid_life = getULong(iaaddr.data + 20);
2937
2938 if ((reply->client_valid == 0) ||
2939 (reply->client_valid > valid_life))
2940 reply->client_valid = valid_life;
2941
2942 if ((reply->client_prefer == 0) ||
2943 (reply->client_prefer > pref_life))
2944 reply->client_prefer = pref_life;
2945
2946 /* Nothing more if something has failed. */
2947 if (status == ISC_R_CANCELED)
2948 continue;
2949
2950 tmp_addr.len = 16;
2951 memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2952 if (!temporary_is_available(reply, &tmp_addr))
2953 goto bad_temp;
2954 status = reply_process_is_addressed(reply,
2955 &reply->lease->scope,
2956 reply->lease->ipv6_pool->ipv6_pond->group);
2957 if (status != ISC_R_SUCCESS)
2958 goto bad_temp;
2959 status = reply_process_send_addr(reply, &tmp_addr);
2960 if (status != ISC_R_SUCCESS)
2961 goto bad_temp;
2962 if (reply->lease != NULL)
2963 iasubopt_dereference(&reply->lease, MDL);
2964 continue;
2965
2966 bad_temp:
2967 /* Rewind the IA_TA to empty. */
2968 option_state_dereference(&reply->reply_ia, MDL);
2969 if (!option_state_allocate(&reply->reply_ia, MDL)) {
2970 status = ISC_R_NOMEMORY;
2971 goto cleanup;
2972 }
2973 status = ISC_R_CANCELED;
2974 reply->client_resources = 0;
2975 reply->resources_included = ISC_FALSE;
2976 if (reply->lease != NULL)
2977 iasubopt_dereference(&reply->lease, MDL);
2978 }
2979 reply->ia_count++;
2980
2981 /*
2982 * Give the client temporary addresses.
2983 */
2984 if (reply->client_resources != 0)
2985 goto store;
2986 status = find_client_temporaries(reply);
2987 if (status == ISC_R_NORESOURCES) {
2988 switch (reply->packet->dhcpv6_msg_type) {
2989 case DHCPV6_SOLICIT:
2990 /*
2991 * No address for any IA is handled
2992 * by the caller.
2993 */
2994 /* FALL THROUGH */
2995
2996 case DHCPV6_REQUEST:
2997 /* Section 18.2.1 (Request):
2998 *
2999 * If the server cannot assign any addresses to
3000 * an IA in the message from the client, the
3001 * server MUST include the IA in the Reply
3002 * message with no addresses in the IA and a
3003 * Status Code option in the IA containing
3004 * status code NoAddrsAvail.
3005 */
3006 option_state_dereference(&reply->reply_ia, MDL);
3007 if (!option_state_allocate(&reply->reply_ia, MDL)) {
3008 log_error("reply_process_ia_ta: No "
3009 "memory for option state wipe.");
3010 status = ISC_R_NOMEMORY;
3011 goto cleanup;
3012 }
3013
3014 if (!set_status_code(STATUS_NoAddrsAvail,
3015 "No addresses available "
3016 "for this interface.",
3017 reply->reply_ia)) {
3018 log_error("reply_process_ia_ta: Unable "
3019 "to set NoAddrsAvail status code.");
3020 status = ISC_R_FAILURE;
3021 goto cleanup;
3022 }
3023
3024 status = ISC_R_SUCCESS;
3025 break;
3026
3027 default:
3028 /*
3029 * We don't want to include the IA if we
3030 * provide zero addresses including zeroed
3031 * lifetimes.
3032 */
3033 if (reply->resources_included)
3034 status = ISC_R_SUCCESS;
3035 else
3036 goto cleanup;
3037 break;
3038 }
3039 } else if (status != ISC_R_SUCCESS)
3040 goto cleanup;
3041
3042 store:
3043
3044 /*
3045 * yes, goto's aren't the best but we also want to avoid extra
3046 * indents
3047 */
3048 if (status == ISC_R_CANCELED) {
3049 /* We're replying with a status code so we still need to
3050 * write it out in wire-format to the outbound buffer */
3051 write_to_packet(reply, ia_cursor);
3052 goto cleanup;
3053 }
3054
3055 /*
3056 * If we have any addresses log what we are doing.
3057 */
3058 if (reply->ia->num_iasubopt != 0) {
3059 struct iasubopt *tmp;
3060 int i;
3061 char tmp_addr[INET6_ADDRSTRLEN];
3062
3063 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3064 tmp = reply->ia->iasubopt[i];
3065
3066 log_info("%s TA: address %s to client with duid %s "
3067 "iaid = %d valid for %u seconds",
3068 dhcpv6_type_names[reply->buf.reply.msg_type],
3069 inet_ntop(AF_INET6, &tmp->addr,
3070 tmp_addr, sizeof(tmp_addr)),
3071 print_hex_1(reply->client_id.len,
3072 reply->client_id.data, 60),
3073 iaid,
3074 tmp->valid);
3075 }
3076 }
3077
3078 /*
3079 * For hard bindings we consume the new changes into
3080 * the database (if any have been attached to the ia_ta).
3081 *
3082 * Loop through the assigned dynamic addresses, referencing the
3083 * leases onto this IA_TA rather than any old ones, and updating
3084 * pool timers for each (if any).
3085 */
3086 if ((reply->ia->num_iasubopt != 0) &&
3087 (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
3088 int must_commit = 0;
3089 struct iasubopt *tmp;
3090 struct data_string *ia_id;
3091 int i;
3092
3093 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3094 tmp = reply->ia->iasubopt[i];
3095
3096 if (tmp->ia != NULL)
3097 ia_dereference(&tmp->ia, MDL);
3098 ia_reference(&tmp->ia, reply->ia, MDL);
3099
3100 /* If we have anything to do on commit do it now */
3101 if (tmp->on_star.on_commit != NULL) {
3102 execute_statements(NULL, reply->packet,
3103 NULL, NULL,
3104 reply->packet->options,
3105 reply->opt_state,
3106 &tmp->scope,
3107 tmp->on_star.on_commit,
3108 &tmp->on_star);
3109 executable_statement_dereference
3110 (&tmp->on_star.on_commit, MDL);
3111 }
3112
3113 #if defined (NSUPDATE)
3114 /*
3115 * Perform ddns updates.
3116 */
3117 oc = lookup_option(&server_universe, reply->opt_state,
3118 SV_DDNS_UPDATES);
3119 if ((oc == NULL) ||
3120 evaluate_boolean_option_cache(NULL, reply->packet,
3121 NULL, NULL,
3122 reply->packet->options,
3123 reply->opt_state,
3124 &tmp->scope,
3125 oc, MDL)) {
3126 ddns_updates(reply->packet, NULL, NULL,
3127 tmp, NULL, reply->opt_state);
3128 }
3129 #endif
3130
3131 if (!reuse_lease6(reply, tmp)) {
3132 /* Commit 'hard' bindings. */
3133 must_commit = 1;
3134 renew_lease6(tmp->ipv6_pool, tmp);
3135 schedule_lease_timeout(tmp->ipv6_pool);
3136
3137 /* Do our threshold check. */
3138 check_pool6_threshold(reply, tmp);
3139 }
3140 }
3141
3142 /* write the IA_TA in wire-format to the outbound buffer */
3143 write_to_packet(reply, ia_cursor);
3144
3145 /* Remove any old ia from the hash. */
3146 if (reply->old_ia != NULL) {
3147 if (!release_on_roam(reply)) {
3148 ia_id = &reply->old_ia->iaid_duid;
3149 ia_hash_delete(ia_ta_active,
3150 (unsigned char *)ia_id->data,
3151 ia_id->len, MDL);
3152 }
3153
3154 ia_dereference(&reply->old_ia, MDL);
3155 }
3156
3157 /* Put new ia into the hash. */
3158 reply->ia->cltt = cur_time;
3159 ia_id = &reply->ia->iaid_duid;
3160 ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3161 ia_id->len, reply->ia, MDL);
3162
3163 /* If we couldn't reuse all of the iasubopts, we
3164 * must update udpate the lease db */
3165 if (must_commit) {
3166 write_ia(reply->ia);
3167 }
3168 } else {
3169 /* write the IA_TA in wire-format to the outbound buffer */
3170 write_to_packet(reply, ia_cursor);
3171 schedule_lease_timeout_reply(reply);
3172 }
3173
3174 cleanup:
3175 if (packet_ia != NULL)
3176 option_state_dereference(&packet_ia, MDL);
3177 if (iaaddr.data != NULL)
3178 data_string_forget(&iaaddr, MDL);
3179 if (reply->reply_ia != NULL)
3180 option_state_dereference(&reply->reply_ia, MDL);
3181 if (ia_data.data != NULL)
3182 data_string_forget(&ia_data, MDL);
3183 if (data.data != NULL)
3184 data_string_forget(&data, MDL);
3185 if (reply->ia != NULL)
3186 ia_dereference(&reply->ia, MDL);
3187 if (reply->old_ia != NULL)
3188 ia_dereference(&reply->old_ia, MDL);
3189 if (reply->lease != NULL)
3190 iasubopt_dereference(&reply->lease, MDL);
3191
3192 /*
3193 * ISC_R_CANCELED is a status code used by the addr processing to
3194 * indicate we're replying with other addresses. This is still a
3195 * success at higher layers.
3196 */
3197 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3198 }
3199 /*
3200 * Determines if a lease (iasubopt) can be reused without extending it.
3201 * If dhcp-cache-threshold is greater than zero (i.e enabled) then
3202 * a lease may be reused without going through a full renewal if
3203 * it meets all the requirements. In short it must be active, younger
3204 * than the threshold, and not have DNS changes.
3205 *
3206 * If it is determined that it can be reused, that a call to
3207 * shorten_lifetimes() is made to reduce the valid and preferred lifetimes
3208 * sent to the client by the age of the lease.
3209 *
3210 * Returns 1 if lease can be reused, 0 otherwise
3211 */
3212 int
3213 reuse_lease6(struct reply_state *reply, struct iasubopt *lease) {
3214 int threshold = DEFAULT_CACHE_THRESHOLD;
3215 struct option_cache* oc = NULL;
3216 struct data_string d1;
3217 time_t age;
3218 time_t limit;
3219 int reuse_it = 0;
3220
3221 /* In order to even qualify for reuse consideration:
3222 * 1. Lease must be active
3223 * 2. It must have been accepted at least once
3224 * 3. DNS info must not have changed */
3225 if ((lease->state != FTS_ACTIVE) ||
3226 (lease->hard_lifetime_end_time == 0) ||
3227 (lease->ddns_cb != NULL)) {
3228 return (0);
3229 }
3230
3231 /* Look up threshold value */
3232 memset(&d1, 0, sizeof(struct data_string));
3233 oc = lookup_option(&server_universe, reply->opt_state,
3234 SV_CACHE_THRESHOLD);
3235 if (oc &&
3236 evaluate_option_cache(&d1, reply->packet, NULL, NULL,
3237 reply->packet->options, reply->opt_state,
3238 &lease->scope, oc, MDL)) {
3239 if (d1.len == 1 && (d1.data[0] < 100)) {
3240 threshold = d1.data[0];
3241 }
3242
3243 data_string_forget(&d1, MDL);
3244 }
3245
3246 if (threshold <= 0) {
3247 return (0);
3248 }
3249
3250 if (lease->valid >= MAX_TIME) {
3251 /* Infinite leases are always reused. We have to make
3252 * a choice because we cannot determine when they actually
3253 * began, so we either always reuse them or we never do. */
3254 log_debug ("reusing infinite lease for: %s%s",
3255 pin6_addr(&lease->addr), iasubopt_plen_str(lease));
3256 return (1);
3257 }
3258
3259 age = cur_tv.tv_sec - (lease->hard_lifetime_end_time - lease->valid);
3260 if (lease->valid <= (INT_MAX / threshold))
3261 limit = lease->valid * threshold / 100;
3262 else
3263 limit = lease->valid / 100 * threshold;
3264
3265 if (age < limit) {
3266 /* Reduce valid/preferred going to the client by age */
3267 shorten_lifetimes(reply, lease, age, threshold);
3268 reuse_it = 1;
3269 }
3270
3271 return (reuse_it);
3272 }
3273
3274 /*
3275 * Reduces the valid and preferred lifetimes for a given lease (iasubopt)
3276 *
3277 * We cannot determine until after a iasubopt has been added to
3278 * the reply if the lease can be reused. Therefore, when we do reuse a
3279 * lease we need a way to alter the lifetimes that will be sent to the client.
3280 * That's where this function comes in handy:
3281 *
3282 * Locate the iasubopt by it's address within the reply the reduce both
3283 * the preferred and valid lifetimes by the given number of seconds.
3284 *
3285 * Note that this function, by necessity, works directly with the
3286 * option_cache data. Sort of a no-no but I don't have any better ideas.
3287 */
3288 void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
3289 time_t age, int threshold) {
3290 struct option_cache* oc = NULL;
3291 int subopt_type;
3292 int addr_offset;
3293 int pref_offset;
3294 int val_offset;
3295 int exp_length;
3296
3297 if (reply->ia->ia_type != D6O_IA_PD) {
3298 subopt_type = D6O_IAADDR;
3299 addr_offset = IASUBOPT_NA_ADDR_OFFSET;
3300 pref_offset = IASUBOPT_NA_PREF_OFFSET;
3301 val_offset = IASUBOPT_NA_VALID_OFFSET;
3302 exp_length = IASUBOPT_NA_LEN;
3303 }
3304 else {
3305 subopt_type = D6O_IAPREFIX;
3306 addr_offset = IASUBOPT_PD_PREFIX_OFFSET;
3307 pref_offset = IASUBOPT_PD_PREF_OFFSET;
3308 val_offset = IASUBOPT_PD_VALID_OFFSET;
3309 exp_length = IASUBOPT_PD_LEN;
3310 }
3311
3312 // loop through the iasubopts for the one that matches this lease
3313 oc = lookup_option(&dhcpv6_universe, reply->reply_ia, subopt_type);
3314 for (; oc != NULL ; oc = oc->next) {
3315 if (oc->data.data == NULL || oc->data.len != exp_length) {
3316 /* shouldn't happen */
3317 continue;
3318 }
3319
3320 /* If address matches (and for PDs the prefix len matches)
3321 * we assume this is our subopt, so update the lifetimes */
3322 if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) &&
3323 (subopt_type != D6O_IAPREFIX ||
3324 (oc->data.data[IASUBOPT_PD_PREFLEN_OFFSET] ==
3325 lease->plen))) {
3326 u_int32_t pref_life = getULong(oc->data.data +
3327 pref_offset);
3328 u_int32_t valid_life = getULong(oc->data.data +
3329 val_offset);
3330
3331 if (pref_life < MAX_TIME && pref_life > age) {
3332 pref_life -= age;
3333 putULong((unsigned char*)(oc->data.data) +
3334 pref_offset, pref_life);
3335
3336 if (reply->min_prefer > pref_life) {
3337 reply->min_prefer = pref_life;
3338 }
3339 }
3340
3341 if (valid_life < MAX_TIME && valid_life > age) {
3342 valid_life -= age;
3343 putULong((unsigned char*)(oc->data.data) +
3344 val_offset, valid_life);
3345
3346 if (reply->min_valid > reply->send_valid) {
3347 reply->min_valid = valid_life;
3348 }
3349 }
3350
3351 log_debug ("Reusing lease for: %s%s, "
3352 "age %ld secs < %d%%,"
3353 " sending shortened lifetimes -"
3354 " preferred: %u, valid %u",
3355 pin6_addr(&lease->addr),
3356 iasubopt_plen_str(lease),
3357 (long)age, threshold,
3358 pref_life, valid_life);
3359 break;
3360 }
3361 }
3362 }
3363
3364 /*
3365 * Verify the temporary address is available.
3366 */
3367 static isc_boolean_t
3368 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3369 struct in6_addr tmp_addr;
3370 struct subnet *subnet;
3371 struct ipv6_pool *pool = NULL;
3372 struct ipv6_pond *pond = NULL;
3373 int i;
3374
3375 memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3376 /*
3377 * Clients may choose to send :: as an address, with the idea to give
3378 * hints about preferred-lifetime or valid-lifetime.
3379 * So this is not a request for this address.
3380 */
3381 if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3382 return ISC_FALSE;
3383
3384 /*
3385 * Verify that this address is on the client's network.
3386 */
3387 for (subnet = reply->shared->subnets ; subnet != NULL ;
3388 subnet = subnet->next_sibling) {
3389 if (addr_eq(subnet_number(*addr, subnet->netmask),
3390 subnet->net))
3391 break;
3392 }
3393
3394 /* Address not found on shared network. */
3395 if (subnet == NULL)
3396 return ISC_FALSE;
3397
3398 /*
3399 * Check if this address is owned (must be before next step).
3400 */
3401 if (address_is_owned(reply, addr))
3402 return ISC_TRUE;
3403
3404 /*
3405 * Verify that this address is in a temporary pool and try to get it.
3406 */
3407 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3408 if (((pond->prohibit_list != NULL) &&
3409 (permitted(reply->packet, pond->prohibit_list))) ||
3410 ((pond->permit_list != NULL) &&
3411 (!permitted(reply->packet, pond->permit_list))))
3412 continue;
3413
3414 for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3415 if (pool->pool_type != D6O_IA_TA)
3416 continue;
3417
3418 if (ipv6_in_pool(&tmp_addr, pool))
3419 break;
3420 }
3421
3422 if (pool != NULL)
3423 break;
3424 }
3425
3426 if (pool == NULL)
3427 return ISC_FALSE;
3428 if (lease6_exists(pool, &tmp_addr))
3429 return ISC_FALSE;
3430 if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3431 return ISC_FALSE;
3432 reply->lease->addr = tmp_addr;
3433 reply->lease->plen = 0;
3434 /* Default is soft binding for 2 minutes. */
3435 if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3436 return ISC_FALSE;
3437
3438 return ISC_TRUE;
3439 }
3440
3441 /*
3442 * Get a temporary address per prefix.
3443 */
3444 static isc_result_t
3445 find_client_temporaries(struct reply_state *reply) {
3446 int i;
3447 struct ipv6_pool *p = NULL;
3448 struct ipv6_pond *pond;
3449 isc_result_t status = ISC_R_NORESOURCES;;
3450 unsigned int attempts;
3451 struct iaddr send_addr;
3452
3453 /*
3454 * Do a quick walk through of the ponds and pools
3455 * to see if we have any prefix pools
3456 */
3457 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3458 if (pond->ipv6_pools == NULL)
3459 continue;
3460
3461 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3462 if (p->pool_type == D6O_IA_TA)
3463 break;
3464 }
3465 if (p != NULL)
3466 break;
3467 }
3468
3469 /* If we get here and p is NULL we have no useful pools */
3470 if (p == NULL) {
3471 log_debug("Unable to get client addresses: "
3472 "no IPv6 pools on this shared network");
3473 return ISC_R_NORESOURCES;
3474 }
3475
3476 /*
3477 * We have at least one pool that could provide an address
3478 * Now we walk through the ponds and pools again and check
3479 * to see if the client is permitted and if an address is
3480 * available
3481 */
3482
3483 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3484 if (((pond->prohibit_list != NULL) &&
3485 (permitted(reply->packet, pond->prohibit_list))) ||
3486 ((pond->permit_list != NULL) &&
3487 (!permitted(reply->packet, pond->permit_list))))
3488 continue;
3489
3490 for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3491 if (p->pool_type != D6O_IA_TA) {
3492 continue;
3493 }
3494
3495 /*
3496 * Get an address in this temporary pool.
3497 */
3498 status = create_lease6(p, &reply->lease, &attempts,
3499 &reply->client_id,
3500 cur_time + 120);
3501
3502 if (status != ISC_R_SUCCESS) {
3503 log_debug("Unable to get a temporary address.");
3504 goto cleanup;
3505 }
3506
3507 status = reply_process_is_addressed(reply,
3508 &reply->lease->scope,
3509 pond->group);
3510 if (status != ISC_R_SUCCESS) {
3511 goto cleanup;
3512 }
3513 send_addr.len = 16;
3514 memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3515 status = reply_process_send_addr(reply, &send_addr);
3516 if (status != ISC_R_SUCCESS) {
3517 goto cleanup;
3518 }
3519 /*
3520 * reply->lease can't be null as we use it above
3521 * add check if that changes
3522 */
3523 iasubopt_dereference(&reply->lease, MDL);
3524 }
3525 }
3526
3527 cleanup:
3528 if (reply->lease != NULL) {
3529 iasubopt_dereference(&reply->lease, MDL);
3530 }
3531 return status;
3532 }
3533
3534 /*
3535 * This function only returns failure on 'hard' failures. If it succeeds,
3536 * it will leave a lease structure behind.
3537 */
3538 static isc_result_t
3539 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3540 isc_result_t status = ISC_R_ADDRNOTAVAIL;
3541 struct ipv6_pool *pool = NULL;
3542 struct ipv6_pond *pond = NULL;
3543 int i;
3544 struct data_string data_addr;
3545
3546 if ((reply == NULL) || (reply->shared == NULL) ||
3547 (addr == NULL) || (reply->lease != NULL))
3548 return (DHCP_R_INVALIDARG);
3549
3550 /*
3551 * Do a quick walk through of the ponds and pools
3552 * to see if we have any NA address pools
3553 */
3554 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3555 if (pond->ipv6_pools == NULL)
3556 continue;
3557
3558 for (i = 0; ; i++) {
3559 pool = pond->ipv6_pools[i];
3560 if ((pool == NULL) ||
3561 (pool->pool_type == D6O_IA_NA))
3562 break;
3563 }
3564 if (pool != NULL)
3565 break;
3566 }
3567
3568 /* If we get here and p is NULL we have no useful pools */
3569 if (pool == NULL) {
3570 return (ISC_R_ADDRNOTAVAIL);
3571 }
3572
3573 memset(&data_addr, 0, sizeof(data_addr));
3574 data_addr.len = addr->len;
3575 data_addr.data = addr->iabuf;
3576
3577 /*
3578 * We have at least one pool that could provide an address
3579 * Now we walk through the ponds and pools again and check
3580 * to see if the client is permitted and if an address is
3581 * available
3582 *
3583 * Within a given pond we start looking at the last pool we
3584 * allocated from, unless it had a collision trying to allocate
3585 * an address. This will tend to move us into less-filled pools.
3586 */
3587
3588 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3589 if (((pond->prohibit_list != NULL) &&
3590 (permitted(reply->packet, pond->prohibit_list))) ||
3591 ((pond->permit_list != NULL) &&
3592 (!permitted(reply->packet, pond->permit_list))))
3593 continue;
3594
3595 for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3596 if (pool->pool_type != D6O_IA_NA)
3597 continue;
3598
3599 status = try_client_v6_address(&reply->lease, pool,
3600 &data_addr);
3601 if (status == ISC_R_SUCCESS)
3602 break;
3603 }
3604
3605 if (status == ISC_R_SUCCESS)
3606 break;
3607 }
3608
3609 /* Note that this is just pedantry. There is no allocation to free. */
3610 data_string_forget(&data_addr, MDL);
3611 /* Return just the most recent status... */
3612 return (status);
3613 }
3614
3615 /* Look around for an address to give the client. First, look through the
3616 * old IA for addresses we can extend. Second, try to allocate a new address.
3617 * Finally, actually add that address into the current reply IA.
3618 */
3619 static isc_result_t
3620 find_client_address(struct reply_state *reply) {
3621 struct iaddr send_addr;
3622 isc_result_t status = ISC_R_NORESOURCES;
3623 struct iasubopt *lease, *best_lease = NULL;
3624 struct binding_scope **scope;
3625 struct group *group;
3626 int i;
3627
3628 if (reply->static_lease) {
3629 if (reply->host == NULL)
3630 return DHCP_R_INVALIDARG;
3631
3632 send_addr.len = 16;
3633 memcpy(send_addr.iabuf, reply->fixed.data, 16);
3634
3635 scope = &global_scope;
3636 group = reply->subnet->group;
3637 goto send_addr;
3638 }
3639
3640 if (reply->old_ia != NULL) {
3641 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3642 struct shared_network *candidate_shared;
3643 struct ipv6_pond *pond;
3644
3645 lease = reply->old_ia->iasubopt[i];
3646 candidate_shared = lease->ipv6_pool->shared_network;
3647 pond = lease->ipv6_pool->ipv6_pond;
3648
3649 /*
3650 * Look for the best lease on the client's shared
3651 * network, that is still permitted
3652 */
3653
3654 if ((candidate_shared != reply->shared) ||
3655 (lease6_usable(lease) != ISC_TRUE))
3656 continue;
3657
3658 if (((pond->prohibit_list != NULL) &&
3659 (permitted(reply->packet, pond->prohibit_list))) ||
3660 ((pond->permit_list != NULL) &&
3661 (!permitted(reply->packet, pond->permit_list))))
3662 continue;
3663
3664 best_lease = lease_compare(lease, best_lease);
3665 }
3666 }
3667
3668 /* Try to pick a new address if we didn't find one, or if we found an
3669 * abandoned lease.
3670 */
3671 if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3672 status = pick_v6_address(reply);
3673 } else if (best_lease != NULL) {
3674 iasubopt_reference(&reply->lease, best_lease, MDL);
3675 status = ISC_R_SUCCESS;
3676 }
3677
3678 /* Pick the abandoned lease as a last resort. */
3679 if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3680 /* I don't see how this is supposed to be done right now. */
3681 log_error("Best match for DUID %s is an abandoned address,"
3682 " This may be a result of multiple clients attempting"
3683 " to use this DUID",
3684 print_hex_1(reply->client_id.len,
3685 reply->client_id.data, 60));
3686 /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3687 }
3688
3689 /* Give up now if we didn't find a lease. */
3690 if (status != ISC_R_SUCCESS)
3691 return status;
3692
3693 if (reply->lease == NULL)
3694 log_fatal("Impossible condition at %s:%d.", MDL);
3695
3696 /* Draw binding scopes from the lease's binding scope, and config
3697 * from the lease's containing subnet and higher. Note that it may
3698 * be desirable to place the group attachment directly in the pool.
3699 */
3700 scope = &reply->lease->scope;
3701 group = reply->lease->ipv6_pool->ipv6_pond->group;
3702
3703 send_addr.len = 16;
3704 memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3705
3706 send_addr:
3707 status = reply_process_is_addressed(reply, scope, group);
3708 if (status != ISC_R_SUCCESS)
3709 return status;
3710
3711 status = reply_process_send_addr(reply, &send_addr);
3712 return status;
3713 }
3714
3715 /* Once an address is found for a client, perform several common functions;
3716 * Calculate and store valid and preferred lease times, draw client options
3717 * into the option state.
3718 */
3719 static isc_result_t
3720 reply_process_is_addressed(struct reply_state *reply,
3721 struct binding_scope **scope, struct group *group)
3722 {
3723 isc_result_t status = ISC_R_SUCCESS;
3724 struct data_string data;
3725 struct option_cache *oc;
3726 struct option_state *tmp_options = NULL;
3727 struct on_star *on_star;
3728 int i;
3729
3730 /* Initialize values we will cleanup. */
3731 memset(&data, 0, sizeof(data));
3732
3733 /*
3734 * Find the proper on_star block to use. We use the
3735 * one in the lease if we have a lease or the one in
3736 * the reply if we don't have a lease because this is
3737 * a static instance
3738 */
3739 if (reply->lease) {
3740 on_star = &reply->lease->on_star;
3741 } else {
3742 on_star = &reply->on_star;
3743 }
3744
3745 /*
3746 * Bring in the root configuration. We only do this to bring
3747 * in the on * statements, as we didn't have the lease available
3748 * we did it the first time.
3749 */
3750 option_state_allocate(&tmp_options, MDL);
3751 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3752 reply->packet->options, tmp_options,
3753 &global_scope, root_group, NULL,
3754 on_star);
3755 if (tmp_options != NULL) {
3756 option_state_dereference(&tmp_options, MDL);
3757 }
3758
3759 /*
3760 * Bring configured options into the root packet level cache - start
3761 * with the lease's closest enclosing group (passed in by the caller
3762 * as 'group').
3763 */
3764 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3765 reply->packet->options, reply->opt_state,
3766 scope, group, root_group, on_star);
3767
3768 /* Execute statements from class scopes. */
3769 for (i = reply->packet->class_count; i > 0; i--) {
3770 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3771 reply->packet->options,
3772 reply->opt_state, scope,
3773 reply->packet->classes[i - 1]->group,
3774 group, on_star);
3775 }
3776
3777 /*
3778 * If there is a host record, over-ride with values configured there,
3779 * without re-evaluating configuration from the previously executed
3780 * group or its common enclosers.
3781 */
3782 if (reply->host != NULL)
3783 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3784 reply->packet->options,
3785 reply->opt_state, scope,
3786 reply->host->group, group,
3787 on_star);
3788
3789 /* Determine valid lifetime. */
3790 if (reply->client_valid == 0)
3791 reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3792 else
3793 reply->send_valid = reply->client_valid;
3794
3795 oc = lookup_option(&server_universe, reply->opt_state,
3796 SV_DEFAULT_LEASE_TIME);
3797 if (oc != NULL) {
3798 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3799 reply->packet->options,
3800 reply->opt_state,
3801 scope, oc, MDL) ||
3802 (data.len != 4)) {
3803 log_error("reply_process_is_addressed: unable to "
3804 "evaluate default lease time");
3805 status = ISC_R_FAILURE;
3806 goto cleanup;
3807 }
3808
3809 reply->send_valid = getULong(data.data);
3810 data_string_forget(&data, MDL);
3811 }
3812
3813 /* Check to see if the lease time would cause us to wrap
3814 * in which case we make it infinite.
3815 * The following doesn't work on at least some systems:
3816 * (cur_time + reply->send_valid < cur_time)
3817 */
3818 if (reply->send_valid != INFINITE_TIME) {
3819 time_t test_time = cur_time + reply->send_valid;
3820 if (test_time < cur_time)
3821 reply->send_valid = INFINITE_TIME;
3822 }
3823
3824 if (reply->client_prefer == 0)
3825 reply->send_prefer = reply->send_valid;
3826 else
3827 reply->send_prefer = reply->client_prefer;
3828
3829 if ((reply->send_prefer >= reply->send_valid) &&
3830 (reply->send_valid != INFINITE_TIME))
3831 reply->send_prefer = (reply->send_valid / 2) +
3832 (reply->send_valid / 8);
3833
3834 oc = lookup_option(&server_universe, reply->opt_state,
3835 SV_PREFER_LIFETIME);
3836 if (oc != NULL) {
3837 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3838 reply->packet->options,
3839 reply->opt_state,
3840 scope, oc, MDL) ||
3841 (data.len != 4)) {
3842 log_error("reply_process_is_addressed: unable to "
3843 "evaluate preferred lease time");
3844 status = ISC_R_FAILURE;
3845 goto cleanup;
3846 }
3847
3848 reply->send_prefer = getULong(data.data);
3849 data_string_forget(&data, MDL);
3850 }
3851
3852 /* Note lowest values for later calculation of renew/rebind times. */
3853 if (reply->min_prefer > reply->send_prefer)
3854 reply->min_prefer = reply->send_prefer;
3855
3856 if (reply->min_valid > reply->send_valid)
3857 reply->min_valid = reply->send_valid;
3858
3859 #if 0
3860 /*
3861 * XXX: Old 4.0.0 alpha code would change the host {} record
3862 * XXX: uid upon lease assignment. This was intended to cover the
3863 * XXX: case where a client first identifies itself using vendor
3864 * XXX: options in a solicit, or request, but later neglects to include
3865 * XXX: these options in a Renew or Rebind. It is not clear that this
3866 * XXX: is required, and has some startling ramifications (such as
3867 * XXX: how to recover this dynamic host {} state across restarts).
3868 */
3869 if (reply->host != NULL)
3870 change_host_uid(host, reply->client_id->data,
3871 reply->client_id->len);
3872 #endif /* 0 */
3873
3874 /* Perform dynamic lease related update work. */
3875 if (reply->lease != NULL) {
3876 /* Cached lifetimes */
3877 reply->lease->prefer = reply->send_prefer;
3878 reply->lease->valid = reply->send_valid;
3879
3880 /* Advance (or rewind) the valid lifetime.
3881 * In the protocol 0xFFFFFFFF is infinite
3882 * when connecting to the lease file MAX_TIME is
3883 */
3884 if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3885 if (reply->send_valid == INFINITE_TIME) {
3886 reply->lease->soft_lifetime_end_time = MAX_TIME;
3887 } else {
3888 reply->lease->soft_lifetime_end_time =
3889 cur_time + reply->send_valid;
3890 }
3891 /* Wait before renew! */
3892 }
3893
3894 status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3895 if (status != ISC_R_SUCCESS) {
3896 log_fatal("reply_process_is_addressed: Unable to "
3897 "attach lease to new IA: %s",
3898 isc_result_totext(status));
3899 }
3900
3901 /*
3902 * If this is a new lease, make sure it is attached somewhere.
3903 */
3904 if (reply->lease->ia == NULL) {
3905 ia_reference(&reply->lease->ia, reply->ia, MDL);
3906 }
3907 }
3908
3909 /* Bring a copy of the relevant options into the IA scope. */
3910 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3911 reply->packet->options, reply->reply_ia,
3912 scope, group, root_group, NULL);
3913
3914 /* Execute statements from class scopes. */
3915 for (i = reply->packet->class_count; i > 0; i--) {
3916 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3917 reply->packet->options,
3918 reply->reply_ia, scope,
3919 reply->packet->classes[i - 1]->group,
3920 group, NULL);
3921 }
3922
3923 /*
3924 * And bring in host record configuration, if any, but not to overlap
3925 * the previous group or its common enclosers.
3926 */
3927 if (reply->host != NULL)
3928 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3929 reply->packet->options,
3930 reply->reply_ia, scope,
3931 reply->host->group, group, NULL);
3932
3933 cleanup:
3934 if (data.data != NULL)
3935 data_string_forget(&data, MDL);
3936
3937 if (status == ISC_R_SUCCESS)
3938 reply->client_resources++;
3939
3940 return status;
3941 }
3942
3943 /* Simply send an IAADDR within the IA scope as described. */
3944 static isc_result_t
3945 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3946 isc_result_t status = ISC_R_SUCCESS;
3947 struct data_string data;
3948
3949 memset(&data, 0, sizeof(data));
3950
3951 /* Now append the lease. */
3952 data.len = IAADDR_OFFSET;
3953 if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3954 log_error("reply_process_send_addr: out of memory"
3955 "allocating new IAADDR buffer.");
3956 status = ISC_R_NOMEMORY;
3957 goto cleanup;
3958 }
3959 data.data = data.buffer->data;
3960
3961 memcpy(data.buffer->data, addr->iabuf, 16);
3962 putULong(data.buffer->data + 16, reply->send_prefer);
3963 putULong(data.buffer->data + 20, reply->send_valid);
3964
3965 if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3966 data.buffer, data.buffer->data,
3967 data.len, D6O_IAADDR, 0)) {
3968 log_error("reply_process_send_addr: unable "
3969 "to save IAADDR option");
3970 status = ISC_R_FAILURE;
3971 goto cleanup;
3972 }
3973
3974 reply->resources_included = ISC_TRUE;
3975
3976 cleanup:
3977 if (data.data != NULL)
3978 data_string_forget(&data, MDL);
3979
3980 return status;
3981 }
3982
3983 /* Choose the better of two leases. */
3984 static struct iasubopt *
3985 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3986 if (alpha == NULL)
3987 return beta;
3988 if (beta == NULL)
3989 return alpha;
3990
3991 switch(alpha->state) {
3992 case FTS_ACTIVE:
3993 switch(beta->state) {
3994 case FTS_ACTIVE:
3995 /* Choose the lease with the longest lifetime (most
3996 * likely the most recently allocated).
3997 */
3998 if (alpha->hard_lifetime_end_time <
3999 beta->hard_lifetime_end_time)
4000 return beta;
4001 else
4002 return alpha;
4003
4004 case FTS_EXPIRED:
4005 case FTS_ABANDONED:
4006 return alpha;
4007
4008 default:
4009 log_fatal("Impossible condition at %s:%d.", MDL);
4010 }
4011 break;
4012
4013 case FTS_EXPIRED:
4014 switch (beta->state) {
4015 case FTS_ACTIVE:
4016 return beta;
4017
4018 case FTS_EXPIRED:
4019 /* Choose the most recently expired lease. */
4020 if (alpha->hard_lifetime_end_time <
4021 beta->hard_lifetime_end_time)
4022 return beta;
4023 else if ((alpha->hard_lifetime_end_time ==
4024 beta->hard_lifetime_end_time) &&
4025 (alpha->soft_lifetime_end_time <
4026 beta->soft_lifetime_end_time))
4027 return beta;
4028 else
4029 return alpha;
4030
4031 case FTS_ABANDONED:
4032 return alpha;
4033
4034 default:
4035 log_fatal("Impossible condition at %s:%d.", MDL);
4036 }
4037 break;
4038
4039 case FTS_ABANDONED:
4040 switch (beta->state) {
4041 case FTS_ACTIVE:
4042 case FTS_EXPIRED:
4043 return alpha;
4044
4045 case FTS_ABANDONED:
4046 /* Choose the lease that was abandoned longest ago. */
4047 if (alpha->hard_lifetime_end_time <
4048 beta->hard_lifetime_end_time)
4049 return alpha;
4050 else
4051 return beta;
4052
4053 default:
4054 log_fatal("Impossible condition at %s:%d.", MDL);
4055 }
4056 break;
4057
4058 default:
4059 log_fatal("Impossible condition at %s:%d.", MDL);
4060 }
4061
4062 log_fatal("Triple impossible condition at %s:%d.", MDL);
4063 return NULL;
4064 }
4065
4066 /* Process a client-supplied IA_PD. This may append options to the tail of
4067 * the reply packet being built in the reply_state structure.
4068 */
4069 static isc_result_t
4070 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
4071 isc_result_t status = ISC_R_SUCCESS;
4072 u_int32_t iaid;
4073 unsigned ia_cursor;
4074 struct option_state *packet_ia;
4075 struct option_cache *oc;
4076 struct data_string ia_data, data;
4077
4078 /* Initialize values that will get cleaned up on return. */
4079 packet_ia = NULL;
4080 memset(&ia_data, 0, sizeof(ia_data));
4081 memset(&data, 0, sizeof(data));
4082 /*
4083 * Note that find_client_prefix() may set reply->lease.
4084 */
4085
4086 /* Make sure there is at least room for the header. */
4087 if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
4088 log_error("reply_process_ia_pd: Reply too long for IA.");
4089 return ISC_R_NOSPACE;
4090 }
4091
4092
4093 /* Fetch the IA_PD contents. */
4094 if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
4095 ia, IA_PD_OFFSET)) {
4096 log_error("reply_process_ia_pd: error evaluating ia");
4097 status = ISC_R_FAILURE;
4098 goto cleanup;
4099 }
4100
4101 /* Extract IA_PD header contents. */
4102 iaid = getULong(ia_data.data);
4103 reply->renew = getULong(ia_data.data + 4);
4104 reply->rebind = getULong(ia_data.data + 8);
4105
4106 /* Create an IA_PD structure. */
4107 if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
4108 reply->client_id.len, MDL) != ISC_R_SUCCESS) {
4109 log_error("reply_process_ia_pd: no memory for ia.");
4110 status = ISC_R_NOMEMORY;
4111 goto cleanup;
4112 }
4113 reply->ia->ia_type = D6O_IA_PD;
4114
4115 /* Cache pre-existing IA_PD, if any. */
4116 ia_hash_lookup(&reply->old_ia, ia_pd_active,
4117 (unsigned char *)reply->ia->iaid_duid.data,
4118 reply->ia->iaid_duid.len, MDL);
4119
4120 /*
4121 * Create an option cache to carry the IA_PD option contents, and
4122 * execute any user-supplied values into it.
4123 */
4124 if (!option_state_allocate(&reply->reply_ia, MDL)) {
4125 status = ISC_R_NOMEMORY;
4126 goto cleanup;
4127 }
4128
4129 /* Check & count the fixed prefix host records. */
4130 reply->static_prefixes = 0;
4131 if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
4132 struct iaddrcidrnetlist *fp;
4133
4134 for (fp = reply->host->fixed_prefix; fp != NULL;
4135 fp = fp->next) {
4136 reply->static_prefixes += 1;
4137 }
4138 }
4139
4140 /*
4141 * Save the cursor position at the start of the IA_PD, so we can
4142 * set length and adjust t1/t2 values later. We write a temporary
4143 * header out now just in case we decide to adjust the packet
4144 * within sub-process functions.
4145 */
4146 ia_cursor = reply->cursor;
4147
4148 /* Initialize the IA_PD header. First the code. */
4149 putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
4150 reply->cursor += 2;
4151
4152 /* Then option length. */
4153 putUShort(reply->buf.data + reply->cursor, 0x0Cu);
4154 reply->cursor += 2;
4155
4156 /* Then IA_PD header contents; IAID. */
4157 putULong(reply->buf.data + reply->cursor, iaid);
4158 reply->cursor += 4;
4159
4160 /* We store the client's t1 for now, and may over-ride it later. */
4161 putULong(reply->buf.data + reply->cursor, reply->renew);
4162 reply->cursor += 4;
4163
4164 /* We store the client's t2 for now, and may over-ride it later. */
4165 putULong(reply->buf.data + reply->cursor, reply->rebind);
4166 reply->cursor += 4;
4167
4168 /*
4169 * For each prefix in this IA_PD, decide what to do about it.
4170 */
4171 oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
4172 reply->min_valid = reply->min_prefer = INFINITE_TIME;
4173 reply->client_valid = reply->client_prefer = 0;
4174 reply->preflen = -1;
4175 for (; oc != NULL ; oc = oc->next) {
4176 status = reply_process_prefix(reply, oc);
4177
4178 /*
4179 * Canceled means we did not allocate prefixes to the
4180 * client, but we're "done" with this IA - we set a status
4181 * code. So transmit this reply, e.g., move on to the next
4182 * IA.
4183 */
4184 if (status == ISC_R_CANCELED)
4185 break;
4186
4187 if ((status != ISC_R_SUCCESS) &&
4188 (status != ISC_R_ADDRINUSE) &&
4189 (status != ISC_R_ADDRNOTAVAIL))
4190 goto cleanup;
4191 }
4192
4193 reply->pd_count++;
4194
4195 /*
4196 * If we fell through the above and never gave the client
4197 * a prefix, give it one now.
4198 */
4199 if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
4200 status = find_client_prefix(reply);
4201
4202 if (status == ISC_R_NORESOURCES) {
4203 switch (reply->packet->dhcpv6_msg_type) {
4204 case DHCPV6_SOLICIT:
4205 /*
4206 * No prefix for any IA is handled
4207 * by the caller.
4208 */
4209 /* FALL THROUGH */
4210
4211 case DHCPV6_REQUEST:
4212 /* Same than for addresses. */
4213 option_state_dereference(&reply->reply_ia, MDL);
4214 if (!option_state_allocate(&reply->reply_ia,
4215 MDL))
4216 {
4217 log_error("reply_process_ia_pd: No "
4218 "memory for option state "
4219 "wipe.");
4220 status = ISC_R_NOMEMORY;
4221 goto cleanup;
4222 }
4223
4224 if (!set_status_code(STATUS_NoPrefixAvail,
4225 "No prefixes available "
4226 "for this interface.",
4227 reply->reply_ia)) {
4228 log_error("reply_process_ia_pd: "
4229 "Unable to set "
4230 "NoPrefixAvail status "
4231 "code.");
4232 status = ISC_R_FAILURE;
4233 goto cleanup;
4234 }
4235
4236 status = ISC_R_SUCCESS;
4237 break;
4238
4239 default:
4240 if (reply->resources_included)
4241 status = ISC_R_SUCCESS;
4242 else
4243 goto cleanup;
4244 break;
4245 }
4246 }
4247
4248 if (status != ISC_R_SUCCESS)
4249 goto cleanup;
4250 }
4251
4252 /*
4253 * yes, goto's aren't the best but we also want to avoid extra
4254 * indents
4255 */
4256 if (status == ISC_R_CANCELED) {
4257 /* We're replying with a status code so we still need to
4258 * write it out in wire-format to the outbound buffer */
4259 write_to_packet(reply, ia_cursor);
4260 goto cleanup;
4261 }
4262
4263 /*
4264 * Handle static prefixes, we always log stuff and if it's
4265 * a hard binding we run any commit statements that we have
4266 */
4267 if (reply->static_prefixes != 0) {
4268 char tmp_addr[INET6_ADDRSTRLEN];
4269 log_info("%s PD: address %s/%d to client with duid %s "
4270 "iaid = %d static",
4271 dhcpv6_type_names[reply->buf.reply.msg_type],
4272 inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
4273 tmp_addr, sizeof(tmp_addr)),
4274 reply->fixed_pref.bits,
4275 print_hex_1(reply->client_id.len,
4276 reply->client_id.data, 60),
4277 iaid);
4278
4279 /* Write the lease out in wire-format to the outbound buffer */
4280 write_to_packet(reply, ia_cursor);
4281
4282 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4283 (reply->on_star.on_commit != NULL)) {
4284 execute_statements(NULL, reply->packet, NULL, NULL,
4285 reply->packet->options,
4286 reply->opt_state,
4287 NULL, reply->on_star.on_commit,
4288 NULL);
4289 executable_statement_dereference
4290 (&reply->on_star.on_commit, MDL);
4291 }
4292 goto cleanup;
4293 }
4294
4295 /*
4296 * If we have any addresses log what we are doing.
4297 */
4298 if (reply->ia->num_iasubopt != 0) {
4299 struct iasubopt *tmp;
4300 int i;
4301 char tmp_addr[INET6_ADDRSTRLEN];
4302
4303 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4304 tmp = reply->ia->iasubopt[i];
4305
4306 log_info("%s PD: address %s/%d to client with duid %s"
4307 " iaid = %d valid for %u seconds",
4308 dhcpv6_type_names[reply->buf.reply.msg_type],
4309 inet_ntop(AF_INET6, &tmp->addr,
4310 tmp_addr, sizeof(tmp_addr)),
4311 (int)tmp->plen,
4312 print_hex_1(reply->client_id.len,
4313 reply->client_id.data, 60),
4314 iaid, tmp->valid);
4315 }
4316 }
4317
4318 /*
4319 * If this is not a 'soft' binding, consume the new changes into
4320 * the database (if any have been attached to the ia_pd).
4321 *
4322 * Loop through the assigned dynamic prefixes, referencing the
4323 * prefixes onto this IA_PD rather than any old ones, and updating
4324 * prefix pool timers for each (if any).
4325 *
4326 * If a lease can be reused we skip renewing it or checking the
4327 * pool threshold. If it can't we flag that the IA must be commited
4328 * to the db and do the renewal and pool check.
4329 */
4330 if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4331 (reply->ia->num_iasubopt != 0)) {
4332 int must_commit = 0;
4333 struct iasubopt *tmp;
4334 struct data_string *ia_id;
4335 int i;
4336
4337 for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4338 tmp = reply->ia->iasubopt[i];
4339
4340 if (tmp->ia != NULL)
4341 ia_dereference(&tmp->ia, MDL);
4342 ia_reference(&tmp->ia, reply->ia, MDL);
4343
4344 /* If we have anything to do on commit do it now */
4345 if (tmp->on_star.on_commit != NULL) {
4346 execute_statements(NULL, reply->packet,
4347 NULL, NULL,
4348 reply->packet->options,
4349 reply->opt_state,
4350 &tmp->scope,
4351 tmp->on_star.on_commit,
4352 &tmp->on_star);
4353 executable_statement_dereference
4354 (&tmp->on_star.on_commit, MDL);
4355 }
4356
4357 if (!reuse_lease6(reply, tmp)) {
4358 /* Commit 'hard' bindings. */
4359 must_commit = 1;
4360 renew_lease6(tmp->ipv6_pool, tmp);
4361 schedule_lease_timeout(tmp->ipv6_pool);
4362
4363 /* Do our threshold check. */
4364 check_pool6_threshold(reply, tmp);
4365 }
4366 }
4367
4368 /* write the IA_PD in wire-format to the outbound buffer */
4369 write_to_packet(reply, ia_cursor);
4370
4371 /* Remove any old ia from the hash. */
4372 if (reply->old_ia != NULL) {
4373 if (!release_on_roam(reply)) {
4374 ia_id = &reply->old_ia->iaid_duid;
4375 ia_hash_delete(ia_pd_active,
4376 (unsigned char *)ia_id->data,
4377 ia_id->len, MDL);
4378 }
4379
4380 ia_dereference(&reply->old_ia, MDL);
4381 }
4382
4383 /* Put new ia into the hash. */
4384 reply->ia->cltt = cur_time;
4385 ia_id = &reply->ia->iaid_duid;
4386 ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4387 ia_id->len, reply->ia, MDL);
4388
4389 /* If we couldn't reuse all of the iasubopts, we
4390 * must udpate the lease db */
4391 if (must_commit) {
4392 write_ia(reply->ia);
4393 }
4394 } else {
4395 /* write the IA_PD in wire-format to the outbound buffer */
4396 write_to_packet(reply, ia_cursor);
4397 schedule_lease_timeout_reply(reply);
4398 }
4399
4400 cleanup:
4401 if (packet_ia != NULL)
4402 option_state_dereference(&packet_ia, MDL);
4403 if (reply->reply_ia != NULL)
4404 option_state_dereference(&reply->reply_ia, MDL);
4405 if (ia_data.data != NULL)
4406 data_string_forget(&ia_data, MDL);
4407 if (data.data != NULL)
4408 data_string_forget(&data, MDL);
4409 if (reply->ia != NULL)
4410 ia_dereference(&reply->ia, MDL);
4411 if (reply->old_ia != NULL)
4412 ia_dereference(&reply->old_ia, MDL);
4413 if (reply->lease != NULL)
4414 iasubopt_dereference(&reply->lease, MDL);
4415 if (reply->on_star.on_expiry != NULL)
4416 executable_statement_dereference
4417 (&reply->on_star.on_expiry, MDL);
4418 if (reply->on_star.on_release != NULL)
4419 executable_statement_dereference
4420 (&reply->on_star.on_release, MDL);
4421
4422 /*
4423 * ISC_R_CANCELED is a status code used by the prefix processing to
4424 * indicate we're replying with a status code. This is still a
4425 * success at higher layers.
4426 */
4427 return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4428 }
4429
4430 /*!
4431 *
4432 * \brief Find the proper scoping group for use with a v6 static prefix.
4433 *
4434 * We start by trying to find a subnet based on the given prefix and
4435 * the shared network. If we don't find one then the prefix has been
4436 * declared outside of any subnets. If there is a static address
4437 * associated with the host we use it to try and find a subnet (this
4438 * should succeed). If there isn't a static address we fall back
4439 * to the shared subnet itself.
4440 * Once we have a subnet we extract the group from it and return it.
4441 *
4442 * \param reply - the reply structure we use to collect information
4443 * we will use the fields shared, fixed_pref and host
4444 * from the structure
4445 *
4446 * \return a pointer to the group structure to use for scoping
4447 */
4448
4449 static struct group *
4450 find_group_by_prefix(struct reply_state *reply) {
4451 /* default group if we don't find anything better */
4452 struct group *group = reply->shared->group;
4453 struct subnet *subnet = NULL;
4454 struct iaddr tmp_addr;
4455 struct data_string fixed_addr;
4456
4457 /* Try with the prefix first */
4458 if (find_grouped_subnet(&subnet, reply->shared,
4459 reply->fixed_pref.lo_addr, MDL) != 0) {
4460 group = subnet->group;
4461 subnet_dereference(&subnet, MDL);
4462 return (group);
4463 }
4464
4465 /* Didn't find a subnet via prefix, what about fixed address */
4466 /* The caller has already tested reply->host != NULL */
4467
4468 memset(&fixed_addr, 0, sizeof(fixed_addr));
4469
4470 if ((reply->host->fixed_addr != NULL) &&
4471 (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4472 NULL, NULL, &global_scope,
4473 reply->host->fixed_addr, MDL))) {
4474 if (fixed_addr.len >= 16) {
4475 tmp_addr.len = 16;
4476 memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4477 if (find_grouped_subnet(&subnet, reply->shared,
4478 tmp_addr, MDL) != 0) {
4479 group = subnet->group;
4480 subnet_dereference(&subnet, MDL);
4481 }
4482 }
4483 data_string_forget(&fixed_addr, MDL);
4484 }
4485
4486 /* return whatever we got */
4487 return (group);
4488 }
4489
4490 /*
4491 * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4492 * contents into the reply's current ia_pd-scoped option cache. Returns
4493 * ISC_R_CANCELED in the event we are replying with a status code and do
4494 * not wish to process more IAPREFIXes within this IA_PD.
4495 */
4496 static isc_result_t
4497 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4498 u_int32_t pref_life, valid_life;
4499 struct binding_scope **scope;
4500 struct iaddrcidrnet tmp_pref;
4501 struct option_cache *oc;
4502 struct data_string iapref, data;
4503 isc_result_t status = ISC_R_SUCCESS;
4504 struct group *group;
4505
4506 /* Initializes values that will be cleaned up. */
4507 memset(&iapref, 0, sizeof(iapref));
4508 memset(&data, 0, sizeof(data));
4509 /* Note that reply->lease may be set by prefix_is_owned() */
4510
4511 /*
4512 * There is no point trying to process an incoming prefix if there
4513 * is no room for an outgoing prefix.
4514 */
4515 if ((reply->cursor + 29) > sizeof(reply->buf)) {
4516 log_error("reply_process_prefix: Out of room for prefix.");
4517 return ISC_R_NOSPACE;
4518 }
4519
4520 /* Extract this IAPREFIX option. */
4521 if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4522 reply->packet->options, NULL, &global_scope,
4523 pref, MDL) ||
4524 (iapref.len < IAPREFIX_OFFSET)) {
4525 log_error("reply_process_prefix: error evaluating IAPREFIX.");
4526 status = ISC_R_FAILURE;
4527 goto cleanup;
4528 }
4529
4530 /*
4531 * Layout: preferred and valid lifetimes followed by the prefix
4532 * length and the IPv6 address.
4533 */
4534 pref_life = getULong(iapref.data);
4535 valid_life = getULong(iapref.data + 4);
4536
4537 if ((reply->client_valid == 0) ||
4538 (reply->client_valid > valid_life))
4539 reply->client_valid = valid_life;
4540
4541 if ((reply->client_prefer == 0) ||
4542 (reply->client_prefer > pref_life))
4543 reply->client_prefer = pref_life;
4544
4545 /*
4546 * Clients may choose to send ::/0 as a prefix, with the idea to give
4547 * hints about preferred-lifetime or valid-lifetime.
4548 */
4549 tmp_pref.lo_addr.len = 16;
4550 memset(tmp_pref.lo_addr.iabuf, 0, 16);
4551 if ((iapref.data[8] == 0) &&
4552 (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4553 /* Status remains success; we just ignore this one. */
4554 goto cleanup;
4555 }
4556
4557 /*
4558 * Clients may choose to send ::/X as a prefix to specify a
4559 * preferred/requested prefix length. Note X is never zero here.
4560 */
4561 tmp_pref.bits = (int) iapref.data[8];
4562 if (reply->preflen < 0) {
4563 /* Cache the first preferred prefix length. */
4564 reply->preflen = tmp_pref.bits;
4565 }
4566 if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4567 goto cleanup;
4568 }
4569
4570 memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4571
4572 /* Verify the prefix belongs to the client. */
4573 if (!prefix_is_owned(reply, &tmp_pref)) {
4574 /* Same than for addresses. */
4575 if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4576 (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4577 (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4578 status = reply_process_try_prefix(reply, &tmp_pref);
4579
4580 /* Either error out or skip this prefix. */
4581 if ((status != ISC_R_SUCCESS) &&
4582 (status != ISC_R_ADDRINUSE) &&
4583 (status != ISC_R_ADDRNOTAVAIL))
4584 goto cleanup;
4585
4586 if (reply->lease == NULL) {
4587 if (reply->packet->dhcpv6_msg_type ==
4588 DHCPV6_REBIND) {
4589 reply->send_prefer = 0;
4590 reply->send_valid = 0;
4591 goto send_pref;
4592 }
4593
4594 /* status remains success - ignore */
4595 goto cleanup;
4596 }
4597 /*
4598 * RFC3633 section 18.2.3:
4599 *
4600 * If the delegating router cannot find a binding
4601 * for the requesting router's IA_PD the delegating
4602 * router returns the IA_PD containing no prefixes
4603 * with a Status Code option set to NoBinding in the
4604 * Reply message.
4605 *
4606 * On mismatch we (ab)use this pretending we have not the IA
4607 * as soon as we have not a prefix.
4608 */
4609 } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4610 /* Rewind the IA_PD to empty. */
4611 option_state_dereference(&reply->reply_ia, MDL);
4612 if (!option_state_allocate(&reply->reply_ia, MDL)) {
4613 log_error("reply_process_prefix: No memory "
4614 "for option state wipe.");
4615 status = ISC_R_NOMEMORY;
4616 goto cleanup;
4617 }
4618
4619 /* Append a NoBinding status code. */
4620 if (!set_status_code(STATUS_NoBinding,
4621 "Prefix not bound to this "
4622 "interface.", reply->reply_ia)) {
4623 log_error("reply_process_prefix: Unable to "
4624 "attach status code.");
4625 status = ISC_R_FAILURE;
4626 goto cleanup;
4627 }
4628
4629 /* Fin (no more IAPREFIXes). */
4630 status = ISC_R_CANCELED;
4631 goto cleanup;
4632 } else {
4633 log_error("It is impossible to lease a client that is "
4634 "not sending a solicit, request, renew, or "
4635 "rebind message.");
4636 status = ISC_R_FAILURE;
4637 goto cleanup;
4638 }
4639 }
4640
4641 if (reply->static_prefixes > 0) {
4642 if (reply->host == NULL)
4643 log_fatal("Impossible condition at %s:%d.", MDL);
4644
4645 scope = &global_scope;
4646
4647 /* Copy the static prefix for logging and finding the group */
4648 memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4649
4650 /* Try to find a group for the static prefix */
4651 group = find_group_by_prefix(reply);
4652 } else {
4653 if (reply->lease == NULL)
4654 log_fatal("Impossible condition at %s:%d.", MDL);
4655
4656 scope = &reply->lease->scope;
4657 group = reply->lease->ipv6_pool->ipv6_pond->group;
4658 }
4659
4660 /*
4661 * If client_resources is nonzero, then the reply_process_is_prefixed
4662 * function has executed configuration state into the reply option
4663 * cache. We will use that valid cache to derive configuration for
4664 * whether or not to engage in additional prefixes, and similar.
4665 */
4666 if (reply->client_resources != 0) {
4667 unsigned limit = 1;
4668
4669 /*
4670 * Does this client have "enough" prefixes already? Default
4671 * to one. Everybody gets one, and one should be enough for
4672 * anybody.
4673 */
4674 oc = lookup_option(&server_universe, reply->opt_state,
4675 SV_LIMIT_PREFS_PER_IA);
4676 if (oc != NULL) {
4677 if (!evaluate_option_cache(&data, reply->packet,
4678 NULL, NULL,
4679 reply->packet->options,
4680 reply->opt_state,
4681 scope, oc, MDL) ||
4682 (data.len != 4)) {
4683 log_error("reply_process_prefix: unable to "
4684 "evaluate prefs-per-ia value.");
4685 status = ISC_R_FAILURE;
4686 goto cleanup;
4687 }
4688
4689 limit = getULong(data.data);
4690 data_string_forget(&data, MDL);
4691 }
4692
4693 /*
4694 * If we wish to limit the client to a certain number of
4695 * prefixes, then omit the prefix from the reply.
4696 */
4697 if (reply->client_resources >= limit)
4698 goto cleanup;
4699 }
4700
4701 status = reply_process_is_prefixed(reply, scope, group);
4702 if (status != ISC_R_SUCCESS)
4703 goto cleanup;
4704
4705 send_pref:
4706 status = reply_process_send_prefix(reply, &tmp_pref);
4707
4708 cleanup:
4709 if (iapref.data != NULL)
4710 data_string_forget(&iapref, MDL);
4711 if (data.data != NULL)
4712 data_string_forget(&data, MDL);
4713 if (reply->lease != NULL)
4714 iasubopt_dereference(&reply->lease, MDL);
4715
4716 return status;
4717 }
4718
4719 /*
4720 * Verify the prefix belongs to the client. If we've got a host
4721 * record with fixed prefixes, it has to be an assigned prefix
4722 * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4723 * that prefix and make sure it belongs to this DUID:IAID pair.
4724 */
4725 static isc_boolean_t
4726 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4727 struct iaddrcidrnetlist *l;
4728 int i;
4729 struct ipv6_pond *pond;
4730
4731 /*
4732 * This faults out prefixes that don't match fixed prefixes.
4733 */
4734 if (reply->static_prefixes > 0) {
4735 for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4736 if ((pref->bits == l->cidrnet.bits) &&
4737 (memcmp(pref->lo_addr.iabuf,
4738 l->cidrnet.lo_addr.iabuf, 16) == 0))
4739 return (ISC_TRUE);
4740 }
4741 return (ISC_FALSE);
4742 }
4743
4744 if ((reply->old_ia == NULL) ||
4745 (reply->old_ia->num_iasubopt == 0))
4746 return (ISC_FALSE);
4747
4748 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4749 struct iasubopt *tmp;
4750
4751 tmp = reply->old_ia->iasubopt[i];
4752
4753 if ((pref->bits == (int) tmp->plen) &&
4754 (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4755 if (lease6_usable(tmp) == ISC_FALSE) {
4756 return (ISC_FALSE);
4757 }
4758
4759 pond = tmp->ipv6_pool->ipv6_pond;
4760 if (((pond->prohibit_list != NULL) &&
4761 (permitted(reply->packet, pond->prohibit_list))) ||
4762 ((pond->permit_list != NULL) &&
4763 (!permitted(reply->packet, pond->permit_list))))
4764 return (ISC_FALSE);
4765
4766 iasubopt_reference(&reply->lease, tmp, MDL);
4767 return (ISC_TRUE);
4768 }
4769 }
4770
4771 return (ISC_FALSE);
4772 }
4773
4774 /*
4775 * This function only returns failure on 'hard' failures. If it succeeds,
4776 * it will leave a prefix structure behind.
4777 */
4778 static isc_result_t
4779 reply_process_try_prefix(struct reply_state *reply,
4780 struct iaddrcidrnet *pref) {
4781 isc_result_t status = ISC_R_ADDRNOTAVAIL;
4782 struct ipv6_pool *pool = NULL;
4783 struct ipv6_pond *pond = NULL;
4784 int i;
4785 struct data_string data_pref;
4786
4787 if ((reply == NULL) || (reply->shared == NULL) ||
4788 (pref == NULL) || (reply->lease != NULL))
4789 return (DHCP_R_INVALIDARG);
4790
4791 /*
4792 * Do a quick walk through of the ponds and pools
4793 * to see if we have any prefix pools
4794 */
4795 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4796 if (pond->ipv6_pools == NULL)
4797 continue;
4798
4799 for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4800 if (pool->pool_type == D6O_IA_PD)
4801 break;
4802 }
4803 if (pool != NULL)
4804 break;
4805 }
4806
4807 /* If we get here and p is NULL we have no useful pools */
4808 if (pool == NULL) {
4809 return (ISC_R_ADDRNOTAVAIL);
4810 }
4811
4812 memset(&data_pref, 0, sizeof(data_pref));
4813 data_pref.len = 17;
4814 if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4815 log_error("reply_process_try_prefix: out of memory.");
4816 return (ISC_R_NOMEMORY);
4817 }
4818 data_pref.data = data_pref.buffer->data;
4819 data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4820 memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4821
4822 /*
4823 * We have at least one pool that could provide a prefix
4824 * Now we walk through the ponds and pools again and check
4825 * to see if the client is permitted and if an prefix is
4826 * available
4827 *
4828 */
4829
4830 for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4831 if (((pond->prohibit_list != NULL) &&
4832 (permitted(reply->packet, pond->prohibit_list))) ||
4833 ((pond->permit_list != NULL) &&
4834 (!permitted(reply->packet, pond->permit_list))))
4835 continue;
4836
4837 for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4838 if (pool->pool_type != D6O_IA_PD) {
4839 continue;
4840 }
4841
4842 status = try_client_v6_prefix(&reply->lease, pool,
4843 &data_pref);
4844 /* If we found it in this pool (either in use or available),
4845 there is no need to look further. */
4846 if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4847 break;
4848 }
4849 if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4850 break;
4851 }
4852
4853 data_string_forget(&data_pref, MDL);
4854 /* Return just the most recent status... */
4855 return (status);
4856 }
4857
4858 /* Look around for a prefix to give the client. First, look through the old
4859 * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4860 * Finally, actually add that prefix into the current reply IA_PD.
4861 */
4862 static isc_result_t
4863 find_client_prefix(struct reply_state *reply) {
4864 struct iaddrcidrnet send_pref;
4865 isc_result_t status = ISC_R_NORESOURCES;
4866 struct iasubopt *prefix, *best_prefix = NULL;
4867 struct binding_scope **scope;
4868 int i;
4869 struct group *group;
4870
4871 if (reply->static_prefixes > 0) {
4872 struct iaddrcidrnetlist *l;
4873
4874 if (reply->host == NULL)
4875 return DHCP_R_INVALIDARG;
4876
4877 for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4878 if (l->cidrnet.bits == reply->preflen)
4879 break;
4880 }
4881 if (l == NULL) {
4882 /*
4883 * If no fixed prefix has the preferred length,
4884 * get the first one.
4885 */
4886 l = reply->host->fixed_prefix;
4887 }
4888 memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4889
4890 scope = &global_scope;
4891
4892 /* Copy the prefix for logging purposes */
4893 memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4894
4895 /* Try to find a group for the static prefix */
4896 group = find_group_by_prefix(reply);
4897
4898 goto send_pref;
4899 }
4900
4901 if (reply->old_ia != NULL) {
4902 for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4903 struct shared_network *candidate_shared;
4904 struct ipv6_pond *pond;
4905
4906 prefix = reply->old_ia->iasubopt[i];
4907 candidate_shared = prefix->ipv6_pool->shared_network;
4908 pond = prefix->ipv6_pool->ipv6_pond;
4909
4910 /*
4911 * Consider this prefix if it is in a global pool or
4912 * if it is scoped in a pool under the client's shared
4913 * network.
4914 */
4915 if (((candidate_shared != NULL) &&
4916 (candidate_shared != reply->shared)) ||
4917 (lease6_usable(prefix) != ISC_TRUE))
4918 continue;
4919
4920 /*
4921 * And check if the prefix is still permitted
4922 */
4923
4924 if (((pond->prohibit_list != NULL) &&
4925 (permitted(reply->packet, pond->prohibit_list))) ||
4926 ((pond->permit_list != NULL) &&
4927 (!permitted(reply->packet, pond->permit_list))))
4928 continue;
4929
4930 best_prefix = prefix_compare(reply, prefix,
4931 best_prefix);
4932 }
4933
4934 /*
4935 * If we have prefix length hint and we're not igoring them,
4936 * then toss the best match if it doesn't match the hint,
4937 * unless this is in response to a rebind. In the latter
4938 * case we're supposed to return it with zero lifetimes.
4939 * (See rt45780) */
4940 if (best_prefix && (reply->preflen > 0)
4941 && (prefix_length_mode != PLM_IGNORE)
4942 && (reply->preflen != best_prefix->plen)
4943 && (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
4944 best_prefix = NULL;
4945 }
4946 }
4947
4948 /* Try to pick a new prefix if we didn't find one, or if we found an
4949 * abandoned prefix.
4950 */
4951 if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4952 status = pick_v6_prefix(reply);
4953 } else if (best_prefix != NULL) {
4954 iasubopt_reference(&reply->lease, best_prefix, MDL);
4955 status = ISC_R_SUCCESS;
4956 }
4957
4958 /* Pick the abandoned prefix as a last resort. */
4959 if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4960 /* I don't see how this is supposed to be done right now. */
4961 log_error("Reclaiming abandoned prefixes is not yet "
4962 "supported. Treating this as an out of space "
4963 "condition.");
4964 /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4965 }
4966
4967 /* Give up now if we didn't find a prefix. */
4968 if (status != ISC_R_SUCCESS)
4969 return status;
4970
4971 if (reply->lease == NULL)
4972 log_fatal("Impossible condition at %s:%d.", MDL);
4973
4974 scope = &reply->lease->scope;
4975 group = reply->lease->ipv6_pool->ipv6_pond->group;
4976
4977 send_pref.lo_addr.len = 16;
4978 memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4979 send_pref.bits = (int) reply->lease->plen;
4980
4981 send_pref:
4982 status = reply_process_is_prefixed(reply, scope, group);
4983 if (status != ISC_R_SUCCESS)
4984 return status;
4985
4986 status = reply_process_send_prefix(reply, &send_pref);
4987 return status;
4988 }
4989
4990 /* Once a prefix is found for a client, perform several common functions;
4991 * Calculate and store valid and preferred prefix times, draw client options
4992 * into the option state.
4993 */
4994 static isc_result_t
4995 reply_process_is_prefixed(struct reply_state *reply,
4996 struct binding_scope **scope, struct group *group)
4997 {
4998 isc_result_t status = ISC_R_SUCCESS;
4999 struct data_string data;
5000 struct option_cache *oc;
5001 struct option_state *tmp_options = NULL;
5002 struct on_star *on_star;
5003 int i;
5004
5005 /* Initialize values we will cleanup. */
5006 memset(&data, 0, sizeof(data));
5007
5008 /*
5009 * Find the proper on_star block to use. We use the
5010 * one in the lease if we have a lease or the one in
5011 * the reply if we don't have a lease because this is
5012 * a static instance
5013 */
5014 if (reply->lease) {
5015 on_star = &reply->lease->on_star;
5016 } else {
5017 on_star = &reply->on_star;
5018 }
5019
5020 /*
5021 * Bring in the root configuration. We only do this to bring
5022 * in the on * statements, as we didn't have the lease available
5023 * we we did it the first time.
5024 */
5025 option_state_allocate(&tmp_options, MDL);
5026 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5027 reply->packet->options, tmp_options,
5028 &global_scope, root_group, NULL,
5029 on_star);
5030 if (tmp_options != NULL) {
5031 option_state_dereference(&tmp_options, MDL);
5032 }
5033
5034 /*
5035 * Bring configured options into the root packet level cache - start
5036 * with the lease's closest enclosing group (passed in by the caller
5037 * as 'group').
5038 */
5039 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5040 reply->packet->options, reply->opt_state,
5041 scope, group, root_group, on_star);
5042
5043 /* Execute statements from class scopes. */
5044 for (i = reply->packet->class_count; i > 0; i--) {
5045 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5046 reply->packet->options,
5047 reply->opt_state, scope,
5048 reply->packet->classes[i - 1]->group,
5049 group, on_star);
5050 }
5051
5052 /*
5053 * If there is a host record, over-ride with values configured there,
5054 * without re-evaluating configuration from the previously executed
5055 * group or its common enclosers.
5056 */
5057 if (reply->host != NULL)
5058 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5059 reply->packet->options,
5060 reply->opt_state, scope,
5061 reply->host->group, group,
5062 on_star);
5063
5064 /* Determine valid lifetime. */
5065 if (reply->client_valid == 0)
5066 reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
5067 else
5068 reply->send_valid = reply->client_valid;
5069
5070 oc = lookup_option(&server_universe, reply->opt_state,
5071 SV_DEFAULT_LEASE_TIME);
5072 if (oc != NULL) {
5073 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5074 reply->packet->options,
5075 reply->opt_state,
5076 scope, oc, MDL) ||
5077 (data.len != 4)) {
5078 log_error("reply_process_is_prefixed: unable to "
5079 "evaluate default prefix time");
5080 status = ISC_R_FAILURE;
5081 goto cleanup;
5082 }
5083
5084 reply->send_valid = getULong(data.data);
5085 data_string_forget(&data, MDL);
5086 }
5087
5088 /* Check to see if the lease time would cause us to wrap
5089 * in which case we make it infinite.
5090 * The following doesn't work on at least some systems:
5091 * (cur_time + reply->send_valid < cur_time)
5092 */
5093 if (reply->send_valid != INFINITE_TIME) {
5094 time_t test_time = cur_time + reply->send_valid;
5095 if (test_time < cur_time)
5096 reply->send_valid = INFINITE_TIME;
5097 }
5098
5099 if (reply->client_prefer == 0)
5100 reply->send_prefer = reply->send_valid;
5101 else
5102 reply->send_prefer = reply->client_prefer;
5103
5104 if ((reply->send_prefer >= reply->send_valid) &&
5105 (reply->send_valid != INFINITE_TIME))
5106 reply->send_prefer = (reply->send_valid / 2) +
5107 (reply->send_valid / 8);
5108
5109 oc = lookup_option(&server_universe, reply->opt_state,
5110 SV_PREFER_LIFETIME);
5111 if (oc != NULL) {
5112 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5113 reply->packet->options,
5114 reply->opt_state,
5115 scope, oc, MDL) ||
5116 (data.len != 4)) {
5117 log_error("reply_process_is_prefixed: unable to "
5118 "evaluate preferred prefix time");
5119 status = ISC_R_FAILURE;
5120 goto cleanup;
5121 }
5122
5123 reply->send_prefer = getULong(data.data);
5124 data_string_forget(&data, MDL);
5125 }
5126
5127 /* Note lowest values for later calculation of renew/rebind times. */
5128 if (reply->min_prefer > reply->send_prefer)
5129 reply->min_prefer = reply->send_prefer;
5130
5131 if (reply->min_valid > reply->send_valid)
5132 reply->min_valid = reply->send_valid;
5133
5134 /* Perform dynamic prefix related update work. */
5135 if (reply->lease != NULL) {
5136 /* Cached lifetimes */
5137 reply->lease->prefer = reply->send_prefer;
5138 reply->lease->valid = reply->send_valid;
5139
5140 /* Advance (or rewind) the valid lifetime.
5141 * In the protocol 0xFFFFFFFF is infinite
5142 * when connecting to the lease file MAX_TIME is
5143 */
5144 if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
5145 if (reply->send_valid == INFINITE_TIME) {
5146 reply->lease->soft_lifetime_end_time = MAX_TIME;
5147 } else {
5148 reply->lease->soft_lifetime_end_time =
5149 cur_time + reply->send_valid;
5150 }
5151 /* Wait before renew! */
5152 }
5153
5154 status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
5155 if (status != ISC_R_SUCCESS) {
5156 log_fatal("reply_process_is_prefixed: Unable to "
5157 "attach prefix to new IA_PD: %s",
5158 isc_result_totext(status));
5159 }
5160
5161 /*
5162 * If this is a new prefix, make sure it is attached somewhere.
5163 */
5164 if (reply->lease->ia == NULL) {
5165 ia_reference(&reply->lease->ia, reply->ia, MDL);
5166 }
5167 }
5168
5169 /* Bring a copy of the relevant options into the IA_PD scope. */
5170 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5171 reply->packet->options, reply->reply_ia,
5172 scope, group, root_group, NULL);
5173
5174 /* Execute statements from class scopes. */
5175 for (i = reply->packet->class_count; i > 0; i--) {
5176 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5177 reply->packet->options,
5178 reply->reply_ia, scope,
5179 reply->packet->classes[i - 1]->group,
5180 group, NULL);
5181 }
5182
5183 /*
5184 * And bring in host record configuration, if any, but not to overlap
5185 * the previous group or its common enclosers.
5186 */
5187 if (reply->host != NULL)
5188 execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5189 reply->packet->options,
5190 reply->reply_ia, scope,
5191 reply->host->group, group, NULL);
5192
5193 cleanup:
5194 if (data.data != NULL)
5195 data_string_forget(&data, MDL);
5196
5197 if (status == ISC_R_SUCCESS)
5198 reply->client_resources++;
5199
5200 return status;
5201 }
5202
5203 /* Simply send an IAPREFIX within the IA_PD scope as described. */
5204 static isc_result_t
5205 reply_process_send_prefix(struct reply_state *reply,
5206 struct iaddrcidrnet *pref) {
5207 isc_result_t status = ISC_R_SUCCESS;
5208 struct data_string data;
5209
5210 memset(&data, 0, sizeof(data));
5211
5212 /* Now append the prefix. */
5213 data.len = IAPREFIX_OFFSET;
5214 if (!buffer_allocate(&data.buffer, data.len, MDL)) {
5215 log_error("reply_process_send_prefix: out of memory"
5216 "allocating new IAPREFIX buffer.");
5217 status = ISC_R_NOMEMORY;
5218 goto cleanup;
5219 }
5220 data.data = data.buffer->data;
5221
5222 putULong(data.buffer->data, reply->send_prefer);
5223 putULong(data.buffer->data + 4, reply->send_valid);
5224 data.buffer->data[8] = pref->bits;
5225 memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
5226
5227 if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
5228 data.buffer, data.buffer->data,
5229 data.len, D6O_IAPREFIX, 0)) {
5230 log_error("reply_process_send_prefix: unable "
5231 "to save IAPREFIX option");
5232 status = ISC_R_FAILURE;
5233 goto cleanup;
5234 }
5235
5236 reply->resources_included = ISC_TRUE;
5237
5238 cleanup:
5239 if (data.data != NULL)
5240 data_string_forget(&data, MDL);
5241
5242 return status;
5243 }
5244
5245 /* Choose the better of two prefixes. */
5246 static struct iasubopt *
5247 prefix_compare(struct reply_state *reply,
5248 struct iasubopt *alpha, struct iasubopt *beta) {
5249 if (alpha == NULL)
5250 return beta;
5251 if (beta == NULL)
5252 return alpha;
5253
5254 if (reply->preflen >= 0) {
5255 if ((alpha->plen == reply->preflen) &&
5256 (beta->plen != reply->preflen))
5257 return alpha;
5258 if ((beta->plen == reply->preflen) &&
5259 (alpha->plen != reply->preflen))
5260 return beta;
5261 }
5262
5263 switch(alpha->state) {
5264 case FTS_ACTIVE:
5265 switch(beta->state) {
5266 case FTS_ACTIVE:
5267 /* Choose the prefix with the longest lifetime (most
5268 * likely the most recently allocated).
5269 */
5270 if (alpha->hard_lifetime_end_time <
5271 beta->hard_lifetime_end_time)
5272 return beta;
5273 else
5274 return alpha;
5275
5276 case FTS_EXPIRED:
5277 case FTS_ABANDONED:
5278 return alpha;
5279
5280 default:
5281 log_fatal("Impossible condition at %s:%d.", MDL);
5282 }
5283 break;
5284
5285 case FTS_EXPIRED:
5286 switch (beta->state) {
5287 case FTS_ACTIVE:
5288 return beta;
5289
5290 case FTS_EXPIRED:
5291 /* Choose the most recently expired prefix. */
5292 if (alpha->hard_lifetime_end_time <
5293 beta->hard_lifetime_end_time)
5294 return beta;
5295 else if ((alpha->hard_lifetime_end_time ==
5296 beta->hard_lifetime_end_time) &&
5297 (alpha->soft_lifetime_end_time <
5298 beta->soft_lifetime_end_time))
5299 return beta;
5300 else
5301 return alpha;
5302
5303 case FTS_ABANDONED:
5304 return alpha;
5305
5306 default:
5307 log_fatal("Impossible condition at %s:%d.", MDL);
5308 }
5309 break;
5310
5311 case FTS_ABANDONED:
5312 switch (beta->state) {
5313 case FTS_ACTIVE:
5314 case FTS_EXPIRED:
5315 return alpha;
5316
5317 case FTS_ABANDONED:
5318 /* Choose the prefix that was abandoned longest ago. */
5319 if (alpha->hard_lifetime_end_time <
5320 beta->hard_lifetime_end_time)
5321 return alpha;
5322 else
5323 return beta;
5324
5325 default:
5326 log_fatal("Impossible condition at %s:%d.", MDL);
5327 }
5328 break;
5329
5330 default:
5331 log_fatal("Impossible condition at %s:%d.", MDL);
5332 }
5333
5334 log_fatal("Triple impossible condition at %s:%d.", MDL);
5335 return NULL;
5336 }
5337
5338 /*
5339 * Solicit is how a client starts requesting addresses.
5340 *
5341 * If the client asks for rapid commit, and we support it, we will
5342 * allocate the addresses and reply.
5343 *
5344 * Otherwise we will send an advertise message.
5345 */
5346
5347 static void
5348 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5349 struct data_string client_id;
5350
5351 /*
5352 * Validate our input.
5353 */
5354 if (!valid_client_msg(packet, &client_id)) {
5355 return;
5356 }
5357
5358 lease_to_client(reply_ret, packet, &client_id, NULL);
5359
5360 /*
5361 * Clean up.
5362 */
5363 data_string_forget(&client_id, MDL);
5364 }
5365
5366 /*
5367 * Request is how a client actually requests addresses.
5368 *
5369 * Very similar to Solicit handling, except the server DUID is required.
5370 */
5371
5372 static void
5373 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5374 struct data_string client_id;
5375 struct data_string server_id;
5376
5377 /*
5378 * Validate our input.
5379 */
5380 if (!valid_client_resp(packet, &client_id, &server_id)) {
5381 return;
5382 }
5383
5384 /* If the REQUEST arrived via unicast and unicast option isn't set,
5385 * reject it per RFC 3315, Sec 18.2.1 */
5386 if (packet->unicast == ISC_TRUE &&
5387 is_unicast_option_defined(packet) == ISC_FALSE) {
5388 unicast_reject(reply_ret, packet, &client_id, &server_id);
5389 } else {
5390 /*
5391 * Issue our lease.
5392 */
5393 lease_to_client(reply_ret, packet, &client_id, &server_id);
5394 }
5395
5396 /*
5397 * Cleanup.
5398 */
5399 data_string_forget(&client_id, MDL);
5400 data_string_forget(&server_id, MDL);
5401 }
5402
5403 /* Find a DHCPv6 packet's shared network from hints in the packet.
5404 */
5405 static isc_result_t
5406 shared_network_from_packet6(struct shared_network **shared,
5407 struct packet *packet)
5408 {
5409 const struct packet *chk_packet;
5410 const struct in6_addr *link_addr, *first_link_addr;
5411 struct iaddr tmp_addr;
5412 struct subnet *subnet;
5413 isc_result_t status;
5414
5415 if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5416 return DHCP_R_INVALIDARG;
5417
5418 /*
5419 * First, find the link address where the packet from the client
5420 * first appeared (if this packet was relayed).
5421 */
5422 first_link_addr = NULL;
5423 chk_packet = packet->dhcpv6_container_packet;
5424 while (chk_packet != NULL) {
5425 link_addr = &chk_packet->dhcpv6_link_address;
5426 if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5427 !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5428 first_link_addr = link_addr;
5429 break;
5430 }
5431 chk_packet = chk_packet->dhcpv6_container_packet;
5432 }
5433
5434 /*
5435 * If there is a relayed link address, find the subnet associated
5436 * with that, and use that to get the appropriate
5437 * shared_network.
5438 */
5439 if (first_link_addr != NULL) {
5440 tmp_addr.len = sizeof(*first_link_addr);
5441 memcpy(tmp_addr.iabuf,
5442 first_link_addr, sizeof(*first_link_addr));
5443 subnet = NULL;
5444 if (!find_subnet(&subnet, tmp_addr, MDL)) {
5445 log_debug("No subnet found for link-address %s.",
5446 piaddr(tmp_addr));
5447 return ISC_R_NOTFOUND;
5448 }
5449 status = shared_network_reference(shared,
5450 subnet->shared_network, MDL);
5451 subnet_dereference(&subnet, MDL);
5452
5453 /*
5454 * If there is no link address, we will use the interface
5455 * that this packet came in on to pick the shared_network.
5456 */
5457 } else if (packet->interface != NULL) {
5458 status = shared_network_reference(shared,
5459 packet->interface->shared_network,
5460 MDL);
5461 if (packet->dhcpv6_container_packet != NULL) {
5462 log_info("[L2 Relay] No link address in relay packet "
5463 "assuming L2 relay and using receiving "
5464 "interface");
5465 }
5466
5467 } else {
5468 /*
5469 * We shouldn't be able to get here but if there is no link
5470 * address and no interface we don't know where to get the
5471 * pool from log an error and return an error.
5472 */
5473 log_error("No interface and no link address "
5474 "can't determine pool");
5475 status = DHCP_R_INVALIDARG;
5476 }
5477
5478 return status;
5479 }
5480
5481 /*
5482 * When a client thinks it might be on a new link, it sends a
5483 * Confirm message.
5484 *
5485 * From RFC3315 section 18.2.2:
5486 *
5487 * When the server receives a Confirm message, the server determines
5488 * whether the addresses in the Confirm message are appropriate for the
5489 * link to which the client is attached. If all of the addresses in the
5490 * Confirm message pass this test, the server returns a status of
5491 * Success. If any of the addresses do not pass this test, the server
5492 * returns a status of NotOnLink. If the server is unable to perform
5493 * this test (for example, the server does not have information about
5494 * prefixes on the link to which the client is connected), or there were
5495 * no addresses in any of the IAs sent by the client, the server MUST
5496 * NOT send a reply to the client.
5497 */
5498
5499 static void
5500 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5501 struct shared_network *shared;
5502 struct subnet *subnet;
5503 struct option_cache *ia, *ta, *oc;
5504 struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5505 struct option_state *cli_enc_opt_state, *opt_state;
5506 struct iaddr cli_addr;
5507 int pass;
5508 isc_boolean_t inappropriate, has_addrs;
5509 char reply_data[65536];
5510 struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5511 int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5512
5513 /*
5514 * Basic client message validation.
5515 */
5516 memset(&client_id, 0, sizeof(client_id));
5517 if (!valid_client_msg(packet, &client_id)) {
5518 return;
5519 }
5520
5521 /*
5522 * Do not process Confirms that do not have IA's we do not recognize.
5523 */
5524 ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5525 ta = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_TA);
5526 if ((ia == NULL) && (ta == NULL))
5527 return;
5528
5529 /*
5530 * IA_PD's are simply ignored.
5531 */
5532 delete_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
5533
5534 /*
5535 * Bit of variable initialization.
5536 */
5537 opt_state = cli_enc_opt_state = NULL;
5538 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5539 memset(&iaaddr, 0, sizeof(iaaddr));
5540 memset(&packet_oro, 0, sizeof(packet_oro));
5541
5542 /* Determine what shared network the client is connected to. We
5543 * must not respond if we don't have any information about the
5544 * network the client is on.
5545 */
5546 shared = NULL;
5547 if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5548 (shared == NULL))
5549 goto exit;
5550
5551 /* If there are no recorded subnets, then we have no
5552 * information about this subnet - ignore Confirms.
5553 */
5554 subnet = shared->subnets;
5555 if (subnet == NULL)
5556 goto exit;
5557
5558 /* Are the addresses in all the IA's appropriate for that link? */
5559 has_addrs = inappropriate = ISC_FALSE;
5560 pass = D6O_IA_NA;
5561 while(!inappropriate) {
5562 /* If we've reached the end of the IA_NA pass, move to the
5563 * IA_TA pass.
5564 */
5565 if ((pass == D6O_IA_NA) && (ia == NULL)) {
5566 pass = D6O_IA_TA;
5567 ia = ta;
5568 }
5569
5570 /* If we've reached the end of all passes, we're done. */
5571 if (ia == NULL)
5572 break;
5573
5574 if (((pass == D6O_IA_NA) &&
5575 !get_encapsulated_IA_state(&cli_enc_opt_state,
5576 &cli_enc_opt_data,
5577 packet, ia, IA_NA_OFFSET)) ||
5578 ((pass == D6O_IA_TA) &&
5579 !get_encapsulated_IA_state(&cli_enc_opt_state,
5580 &cli_enc_opt_data,
5581 packet, ia, IA_TA_OFFSET))) {
5582 goto exit;
5583 }
5584
5585 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5586 D6O_IAADDR);
5587
5588 for ( ; oc != NULL ; oc = oc->next) {
5589 if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5590 packet->options, NULL,
5591 &global_scope, oc, MDL) ||
5592 (iaaddr.len < IAADDR_OFFSET)) {
5593 log_error("dhcpv6_confirm: "
5594 "error evaluating IAADDR.");
5595 goto exit;
5596 }
5597
5598 /* Copy out the IPv6 address for processing. */
5599 cli_addr.len = 16;
5600 memcpy(cli_addr.iabuf, iaaddr.data, 16);
5601
5602 data_string_forget(&iaaddr, MDL);
5603
5604 /* Record that we've processed at least one address. */
5605 has_addrs = ISC_TRUE;
5606
5607 /* Find out if any subnets cover this address. */
5608 for (subnet = shared->subnets ; subnet != NULL ;
5609 subnet = subnet->next_sibling) {
5610 if (addr_eq(subnet_number(cli_addr,
5611 subnet->netmask),
5612 subnet->net))
5613 break;
5614 }
5615
5616 /* If we reach the end of the subnet list, and no
5617 * subnet matches the client address, then it must
5618 * be inappropriate to the link (so far as our
5619 * configuration says). Once we've found one
5620 * inappropriate address, there is no reason to
5621 * continue searching.
5622 */
5623 if (subnet == NULL) {
5624 inappropriate = ISC_TRUE;
5625 break;
5626 }
5627 }
5628
5629 option_state_dereference(&cli_enc_opt_state, MDL);
5630 data_string_forget(&cli_enc_opt_data, MDL);
5631
5632 /* Advance to the next IA_*. */
5633 ia = ia->next;
5634 }
5635
5636 /* If the client supplied no addresses, do not reply. */
5637 if (!has_addrs)
5638 goto exit;
5639
5640 /*
5641 * Set up reply.
5642 */
5643 if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5644 goto exit;
5645 }
5646
5647 /*
5648 * Set our status.
5649 */
5650 if (inappropriate) {
5651 if (!set_status_code(STATUS_NotOnLink,
5652 "Some of the addresses are not on link.",
5653 opt_state)) {
5654 goto exit;
5655 }
5656 } else {
5657 if (!set_status_code(STATUS_Success,
5658 "All addresses still on link.",
5659 opt_state)) {
5660 goto exit;
5661 }
5662 }
5663
5664 /*
5665 * Only one option: add it.
5666 */
5667 reply_ofs += store_options6(reply_data+reply_ofs,
5668 sizeof(reply_data)-reply_ofs,
5669 opt_state, packet,
5670 required_opts, &packet_oro);
5671
5672 /*
5673 * Return our reply to the caller.
5674 */
5675 reply_ret->len = reply_ofs;
5676 reply_ret->buffer = NULL;
5677 if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5678 log_fatal("No memory to store reply.");
5679 }
5680 reply_ret->data = reply_ret->buffer->data;
5681 memcpy(reply_ret->buffer->data, reply, reply_ofs);
5682
5683 exit:
5684 /* Cleanup any stale data strings. */
5685 if (cli_enc_opt_data.buffer != NULL)
5686 data_string_forget(&cli_enc_opt_data, MDL);
5687 if (iaaddr.buffer != NULL)
5688 data_string_forget(&iaaddr, MDL);
5689 if (client_id.buffer != NULL)
5690 data_string_forget(&client_id, MDL);
5691 if (packet_oro.buffer != NULL)
5692 data_string_forget(&packet_oro, MDL);
5693
5694 /* Release any stale option states. */
5695 if (cli_enc_opt_state != NULL)
5696 option_state_dereference(&cli_enc_opt_state, MDL);
5697 if (opt_state != NULL)
5698 option_state_dereference(&opt_state, MDL);
5699 }
5700
5701 /*
5702 * Renew is when a client wants to extend its lease/prefix, at time T1.
5703 *
5704 * We handle this the same as if the client wants a new lease/prefix,
5705 * except for the error code of when addresses don't match.
5706 */
5707
5708 static void
5709 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5710 struct data_string client_id;
5711 struct data_string server_id;
5712
5713 /*
5714 * Validate the request.
5715 */
5716 if (!valid_client_resp(packet, &client_id, &server_id)) {
5717 return;
5718 }
5719
5720 /* If the RENEW arrived via unicast and unicast option isn't set,
5721 * reject it per RFC 3315, Sec 18.2.3 */
5722 if (packet->unicast == ISC_TRUE &&
5723 is_unicast_option_defined(packet) == ISC_FALSE) {
5724 unicast_reject(reply, packet, &client_id, &server_id);
5725 } else {
5726 /*
5727 * Renew our lease.
5728 */
5729 lease_to_client(reply, packet, &client_id, &server_id);
5730 }
5731
5732 /*
5733 * Cleanup.
5734 */
5735 data_string_forget(&server_id, MDL);
5736 data_string_forget(&client_id, MDL);
5737 }
5738
5739 /*
5740 * Rebind is when a client wants to extend its lease, at time T2.
5741 *
5742 * We handle this the same as if the client wants a new lease, except
5743 * for the error code of when addresses don't match.
5744 */
5745
5746 static void
5747 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5748 struct data_string client_id;
5749
5750 if (!valid_client_msg(packet, &client_id)) {
5751 return;
5752 }
5753
5754 lease_to_client(reply, packet, &client_id, NULL);
5755
5756 data_string_forget(&client_id, MDL);
5757 }
5758
5759 static void
5760 ia_na_match_decline(const struct data_string *client_id,
5761 const struct data_string *iaaddr,
5762 struct iasubopt *lease)
5763 {
5764 char tmp_addr[INET6_ADDRSTRLEN];
5765
5766 log_error("Client %s reports address %s is "
5767 "already in use by another host!",
5768 print_hex_1(client_id->len, client_id->data, 60),
5769 inet_ntop(AF_INET6, iaaddr->data,
5770 tmp_addr, sizeof(tmp_addr)));
5771 if (lease != NULL) {
5772 decline_lease6(lease->ipv6_pool, lease);
5773 lease->ia->cltt = cur_time;
5774 write_ia(lease->ia);
5775 }
5776 }
5777
5778 static void
5779 ia_na_nomatch_decline(const struct data_string *client_id,
5780 const struct data_string *iaaddr,
5781 u_int32_t *ia_na_id,
5782 struct packet *packet,
5783 char *reply_data,
5784 int *reply_ofs,
5785 int reply_len)
5786 {
5787 char tmp_addr[INET6_ADDRSTRLEN];
5788 struct option_state *host_opt_state;
5789 int len;
5790
5791 log_info("Client %s declines address %s, which is not offered to it.",
5792 print_hex_1(client_id->len, client_id->data, 60),
5793 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5794
5795 /*
5796 * Create state for this IA_NA.
5797 */
5798 host_opt_state = NULL;
5799 if (!option_state_allocate(&host_opt_state, MDL)) {
5800 log_error("ia_na_nomatch_decline: out of memory "
5801 "allocating option_state.");
5802 goto exit;
5803 }
5804
5805 if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5806 host_opt_state)) {
5807 goto exit;
5808 }
5809
5810 /*
5811 * Insure we have enough space
5812 */
5813 if (reply_len < (*reply_ofs + 16)) {
5814 log_error("ia_na_nomatch_decline: "
5815 "out of space for reply packet.");
5816 goto exit;
5817 }
5818
5819 /*
5820 * Put our status code into the reply packet.
5821 */
5822 len = store_options6(reply_data+(*reply_ofs)+16,
5823 reply_len-(*reply_ofs)-16,
5824 host_opt_state, packet,
5825 required_opts_STATUS_CODE, NULL);
5826
5827 /*
5828 * Store the non-encapsulated option data for this
5829 * IA_NA into our reply packet. Defined in RFC 3315,
5830 * section 22.4.
5831 */
5832 /* option number */
5833 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5834 /* option length */
5835 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5836 /* IA_NA, copied from the client */
5837 memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5838 /* t1 and t2, odd that we need them, but here it is */
5839 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5840 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5841
5842 /*
5843 * Get ready for next IA_NA.
5844 */
5845 *reply_ofs += (len + 16);
5846
5847 exit:
5848 option_state_dereference(&host_opt_state, MDL);
5849 }
5850
5851 static void
5852 iterate_over_ia_na(struct data_string *reply_ret,
5853 struct packet *packet,
5854 const struct data_string *client_id,
5855 const struct data_string *server_id,
5856 const char *packet_type,
5857 void (*ia_na_match)(),
5858 void (*ia_na_nomatch)())
5859 {
5860 struct option_state *opt_state;
5861 struct host_decl *packet_host;
5862 struct option_cache *ia;
5863 struct option_cache *oc;
5864 /* cli_enc_... variables come from the IA_NA/IA_TA options */
5865 struct data_string cli_enc_opt_data;
5866 struct option_state *cli_enc_opt_state;
5867 struct host_decl *host;
5868 struct data_string iaaddr;
5869 struct data_string fixed_addr;
5870 char reply_data[65536];
5871 struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5872 int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5873 char status_msg[32];
5874 struct iasubopt *lease;
5875 struct ia_xx *existing_ia_na;
5876 int i;
5877 struct data_string key;
5878 u_int32_t iaid;
5879
5880 /*
5881 * Initialize to empty values, in case we have to exit early.
5882 */
5883 opt_state = NULL;
5884 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5885 cli_enc_opt_state = NULL;
5886 memset(&iaaddr, 0, sizeof(iaaddr));
5887 memset(&fixed_addr, 0, sizeof(fixed_addr));
5888 lease = NULL;
5889
5890 /*
5891 * Find the host record that matches from the packet, if any.
5892 */
5893 packet_host = NULL;
5894 find_hosts6(&packet_host, packet, client_id, MDL);
5895
5896 /*
5897 * Set our reply information.
5898 */
5899 reply->msg_type = DHCPV6_REPLY;
5900 memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5901 sizeof(reply->transaction_id));
5902
5903 /*
5904 * Build our option state for reply.
5905 */
5906 opt_state = NULL;
5907 if (!option_state_allocate(&opt_state, MDL)) {
5908 log_error("iterate_over_ia_na: no memory for option_state.");
5909 goto exit;
5910 }
5911 execute_statements_in_scope(NULL, packet, NULL, NULL,
5912 packet->options, opt_state,
5913 &global_scope, root_group, NULL, NULL);
5914
5915 /*
5916 * RFC 3315, section 18.2.7 tells us which options to include.
5917 */
5918 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5919 if (oc == NULL) {
5920 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5921 (unsigned char *)server_duid.data,
5922 server_duid.len, D6O_SERVERID, 0)) {
5923 log_error("iterate_over_ia_na: "
5924 "error saving server identifier.");
5925 goto exit;
5926 }
5927 }
5928
5929 if (!save_option_buffer(&dhcpv6_universe, opt_state,
5930 client_id->buffer,
5931 (unsigned char *)client_id->data,
5932 client_id->len,
5933 D6O_CLIENTID, 0)) {
5934 log_error("iterate_over_ia_na: "
5935 "error saving client identifier.");
5936 goto exit;
5937 }
5938
5939 snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5940 if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5941 goto exit;
5942 }
5943
5944 /*
5945 * Add our options that are not associated with any IA_NA or IA_TA.
5946 */
5947 reply_ofs += store_options6(reply_data+reply_ofs,
5948 sizeof(reply_data)-reply_ofs,
5949 opt_state, packet,
5950 required_opts, NULL);
5951
5952 /*
5953 * Loop through the IA_NA reported by the client, and deal with
5954 * addresses reported as already in use.
5955 */
5956 for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5957 ia != NULL; ia = ia->next) {
5958
5959 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5960 &cli_enc_opt_data,
5961 packet, ia, IA_NA_OFFSET)) {
5962 goto exit;
5963 }
5964
5965 iaid = getULong(cli_enc_opt_data.data);
5966
5967 /*
5968 * XXX: It is possible that we can get multiple addresses
5969 * sent by the client. We don't send multiple
5970 * addresses, so this indicates a client error.
5971 * We should check for multiple IAADDR options, log
5972 * if found, and set as an error.
5973 */
5974 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5975 D6O_IAADDR);
5976 if (oc == NULL) {
5977 /* no address given for this IA, ignore */
5978 option_state_dereference(&cli_enc_opt_state, MDL);
5979 data_string_forget(&cli_enc_opt_data, MDL);
5980 continue;
5981 }
5982
5983 memset(&iaaddr, 0, sizeof(iaaddr));
5984 if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5985 packet->options, NULL,
5986 &global_scope, oc, MDL)) {
5987 log_error("iterate_over_ia_na: "
5988 "error evaluating IAADDR.");
5989 goto exit;
5990 }
5991
5992 /*
5993 * Now we need to figure out which host record matches
5994 * this IA_NA and IAADDR (encapsulated option contents
5995 * matching a host record by option).
5996 *
5997 * XXX: We don't currently track IA_NA separately, but
5998 * we will need to do this!
5999 */
6000 host = NULL;
6001 if (!find_hosts_by_option(&host, packet,
6002 cli_enc_opt_state, MDL)) {
6003 if (packet_host != NULL) {
6004 host = packet_host;
6005 } else {
6006 host = NULL;
6007 }
6008 }
6009 while (host != NULL) {
6010 if (host->fixed_addr != NULL) {
6011 if (!evaluate_option_cache(&fixed_addr, NULL,
6012 NULL, NULL, NULL,
6013 NULL, &global_scope,
6014 host->fixed_addr,
6015 MDL)) {
6016 log_error("iterate_over_ia_na: error "
6017 "evaluating host address.");
6018 goto exit;
6019 }
6020 if ((iaaddr.len >= 16) &&
6021 !memcmp(fixed_addr.data, iaaddr.data, 16)) {
6022 data_string_forget(&fixed_addr, MDL);
6023 break;
6024 }
6025 data_string_forget(&fixed_addr, MDL);
6026 }
6027 host = host->n_ipaddr;
6028 }
6029
6030 if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
6031 /*
6032 * Find existing IA_NA.
6033 */
6034 if (ia_make_key(&key, iaid,
6035 (char *)client_id->data,
6036 client_id->len,
6037 MDL) != ISC_R_SUCCESS) {
6038 log_fatal("iterate_over_ia_na: no memory for "
6039 "key.");
6040 }
6041
6042 existing_ia_na = NULL;
6043 if (ia_hash_lookup(&existing_ia_na, ia_na_active,
6044 (unsigned char *)key.data,
6045 key.len, MDL)) {
6046 /*
6047 * Make sure this address is in the IA_NA.
6048 */
6049 for (i=0; i<existing_ia_na->num_iasubopt; i++) {
6050 struct iasubopt *tmp;
6051 struct in6_addr *in6_addr;
6052
6053 tmp = existing_ia_na->iasubopt[i];
6054 in6_addr = &tmp->addr;
6055 if (memcmp(in6_addr,
6056 iaaddr.data, 16) == 0) {
6057 iasubopt_reference(&lease,
6058 tmp, MDL);
6059 break;
6060 }
6061 }
6062 }
6063
6064 data_string_forget(&key, MDL);
6065 }
6066
6067 if ((host != NULL) || (lease != NULL)) {
6068 ia_na_match(client_id, &iaaddr, lease);
6069 } else {
6070 ia_na_nomatch(client_id, &iaaddr,
6071 (u_int32_t *)cli_enc_opt_data.data,
6072 packet, reply_data, &reply_ofs,
6073 sizeof(reply_data));
6074 }
6075
6076 if (lease != NULL) {
6077 iasubopt_dereference(&lease, MDL);
6078 }
6079
6080 data_string_forget(&iaaddr, MDL);
6081 option_state_dereference(&cli_enc_opt_state, MDL);
6082 data_string_forget(&cli_enc_opt_data, MDL);
6083 }
6084
6085 /*
6086 * Return our reply to the caller.
6087 */
6088 reply_ret->len = reply_ofs;
6089 reply_ret->buffer = NULL;
6090 if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
6091 log_fatal("No memory to store reply.");
6092 }
6093 reply_ret->data = reply_ret->buffer->data;
6094 memcpy(reply_ret->buffer->data, reply, reply_ofs);
6095
6096 exit:
6097 if (lease != NULL) {
6098 iasubopt_dereference(&lease, MDL);
6099 }
6100 if (fixed_addr.buffer != NULL) {
6101 data_string_forget(&fixed_addr, MDL);
6102 }
6103 if (iaaddr.buffer != NULL) {
6104 data_string_forget(&iaaddr, MDL);
6105 }
6106 if (cli_enc_opt_state != NULL) {
6107 option_state_dereference(&cli_enc_opt_state, MDL);
6108 }
6109 if (cli_enc_opt_data.buffer != NULL) {
6110 data_string_forget(&cli_enc_opt_data, MDL);
6111 }
6112 if (opt_state != NULL) {
6113 option_state_dereference(&opt_state, MDL);
6114 }
6115 }
6116
6117 /*
6118 * Decline means a client has detected that something else is using an
6119 * address we gave it.
6120 *
6121 * Since we're only dealing with fixed leases for now, there's not
6122 * much we can do, other that log the occurrence.
6123 *
6124 * When we start issuing addresses from pools, then we will have to
6125 * record our declined addresses and issue another. In general with
6126 * IPv6 there is no worry about DoS by clients exhausting space, but
6127 * we still need to be aware of this possibility.
6128 */
6129
6130 /* TODO: IA_TA */
6131 static void
6132 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
6133 struct data_string client_id;
6134 struct data_string server_id;
6135
6136 /*
6137 * Validate our input.
6138 */
6139 if (!valid_client_resp(packet, &client_id, &server_id)) {
6140 return;
6141 }
6142
6143 /* If the DECLINE arrived via unicast and unicast option isn't set,
6144 * reject it per RFC 3315, Sec 18.2.7 */
6145 if (packet->unicast == ISC_TRUE &&
6146 is_unicast_option_defined(packet) == ISC_FALSE) {
6147 unicast_reject(reply, packet, &client_id, &server_id);
6148 } else {
6149 /*
6150 * Undefined for IA_PD.
6151 */
6152 delete_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6153
6154 /*
6155 * And operate on each IA_NA in this packet.
6156 */
6157 iterate_over_ia_na(reply, packet, &client_id, &server_id,
6158 "Decline", ia_na_match_decline,
6159 ia_na_nomatch_decline);
6160
6161 }
6162
6163 data_string_forget(&server_id, MDL);
6164 data_string_forget(&client_id, MDL);
6165 }
6166
6167 static void
6168 ia_na_match_release(const struct data_string *client_id,
6169 const struct data_string *iaaddr,
6170 struct iasubopt *lease)
6171 {
6172 char tmp_addr[INET6_ADDRSTRLEN];
6173
6174 log_info("Client %s releases address %s",
6175 print_hex_1(client_id->len, client_id->data, 60),
6176 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6177 if (lease != NULL) {
6178 release_lease6(lease->ipv6_pool, lease);
6179 lease->ia->cltt = cur_time;
6180 write_ia(lease->ia);
6181 }
6182 }
6183
6184 static void
6185 ia_na_nomatch_release(const struct data_string *client_id,
6186 const struct data_string *iaaddr,
6187 u_int32_t *ia_na_id,
6188 struct packet *packet,
6189 char *reply_data,
6190 int *reply_ofs,
6191 int reply_len)
6192 {
6193 char tmp_addr[INET6_ADDRSTRLEN];
6194 struct option_state *host_opt_state;
6195 int len;
6196
6197 log_info("Client %s releases address %s, which is not leased to it.",
6198 print_hex_1(client_id->len, client_id->data, 60),
6199 inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6200
6201 /*
6202 * Create state for this IA_NA.
6203 */
6204 host_opt_state = NULL;
6205 if (!option_state_allocate(&host_opt_state, MDL)) {
6206 log_error("ia_na_nomatch_release: out of memory "
6207 "allocating option_state.");
6208 goto exit;
6209 }
6210
6211 if (!set_status_code(STATUS_NoBinding,
6212 "Release for non-leased address.",
6213 host_opt_state)) {
6214 goto exit;
6215 }
6216
6217 /*
6218 * Insure we have enough space
6219 */
6220 if (reply_len < (*reply_ofs + 16)) {
6221 log_error("ia_na_nomatch_release: "
6222 "out of space for reply packet.");
6223 goto exit;
6224 }
6225
6226 /*
6227 * Put our status code into the reply packet.
6228 */
6229 len = store_options6(reply_data+(*reply_ofs)+16,
6230 reply_len-(*reply_ofs)-16,
6231 host_opt_state, packet,
6232 required_opts_STATUS_CODE, NULL);
6233
6234 /*
6235 * Store the non-encapsulated option data for this
6236 * IA_NA into our reply packet. Defined in RFC 3315,
6237 * section 22.4.
6238 */
6239 /* option number */
6240 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
6241 /* option length */
6242 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6243 /* IA_NA, copied from the client */
6244 memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
6245 /* t1 and t2, odd that we need them, but here it is */
6246 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6247 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6248
6249 /*
6250 * Get ready for next IA_NA.
6251 */
6252 *reply_ofs += (len + 16);
6253
6254 exit:
6255 option_state_dereference(&host_opt_state, MDL);
6256 }
6257
6258 static void
6259 ia_pd_match_release(const struct data_string *client_id,
6260 const struct data_string *iapref,
6261 struct iasubopt *prefix)
6262 {
6263 char tmp_addr[INET6_ADDRSTRLEN];
6264
6265 log_info("Client %s releases prefix %s/%u",
6266 print_hex_1(client_id->len, client_id->data, 60),
6267 inet_ntop(AF_INET6, iapref->data + 9,
6268 tmp_addr, sizeof(tmp_addr)),
6269 (unsigned) getUChar(iapref->data + 8));
6270 if (prefix != NULL) {
6271 release_lease6(prefix->ipv6_pool, prefix);
6272 prefix->ia->cltt = cur_time;
6273 write_ia(prefix->ia);
6274 }
6275 }
6276
6277 static void
6278 ia_pd_nomatch_release(const struct data_string *client_id,
6279 const struct data_string *iapref,
6280 u_int32_t *ia_pd_id,
6281 struct packet *packet,
6282 char *reply_data,
6283 int *reply_ofs,
6284 int reply_len)
6285 {
6286 char tmp_addr[INET6_ADDRSTRLEN];
6287 struct option_state *host_opt_state;
6288 int len;
6289
6290 log_info("Client %s releases prefix %s/%u, which is not leased to it.",
6291 print_hex_1(client_id->len, client_id->data, 60),
6292 inet_ntop(AF_INET6, iapref->data + 9,
6293 tmp_addr, sizeof(tmp_addr)),
6294 (unsigned) getUChar(iapref->data + 8));
6295
6296 /*
6297 * Create state for this IA_PD.
6298 */
6299 host_opt_state = NULL;
6300 if (!option_state_allocate(&host_opt_state, MDL)) {
6301 log_error("ia_pd_nomatch_release: out of memory "
6302 "allocating option_state.");
6303 goto exit;
6304 }
6305
6306 if (!set_status_code(STATUS_NoBinding,
6307 "Release for non-leased prefix.",
6308 host_opt_state)) {
6309 goto exit;
6310 }
6311
6312 /*
6313 * Insure we have enough space
6314 */
6315 if (reply_len < (*reply_ofs + 16)) {
6316 log_error("ia_pd_nomatch_release: "
6317 "out of space for reply packet.");
6318 goto exit;
6319 }
6320
6321 /*
6322 * Put our status code into the reply packet.
6323 */
6324 len = store_options6(reply_data+(*reply_ofs)+16,
6325 reply_len-(*reply_ofs)-16,
6326 host_opt_state, packet,
6327 required_opts_STATUS_CODE, NULL);
6328
6329 /*
6330 * Store the non-encapsulated option data for this
6331 * IA_PD into our reply packet. Defined in RFC 3315,
6332 * section 22.4.
6333 */
6334 /* option number */
6335 putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6336 /* option length */
6337 putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6338 /* IA_PD, copied from the client */
6339 memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6340 /* t1 and t2, odd that we need them, but here it is */
6341 putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6342 putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6343
6344 /*
6345 * Get ready for next IA_PD.
6346 */
6347 *reply_ofs += (len + 16);
6348
6349 exit:
6350 option_state_dereference(&host_opt_state, MDL);
6351 }
6352
6353 static void
6354 iterate_over_ia_pd(struct data_string *reply_ret,
6355 struct packet *packet,
6356 const struct data_string *client_id,
6357 const struct data_string *server_id,
6358 const char *packet_type,
6359 void (*ia_pd_match)(),
6360 void (*ia_pd_nomatch)())
6361 {
6362 struct data_string reply_new;
6363 int reply_len;
6364 struct option_state *opt_state;
6365 struct host_decl *packet_host;
6366 struct option_cache *ia;
6367 struct option_cache *oc;
6368 /* cli_enc_... variables come from the IA_PD options */
6369 struct data_string cli_enc_opt_data;
6370 struct option_state *cli_enc_opt_state;
6371 struct host_decl *host;
6372 struct data_string iaprefix;
6373 char reply_data[65536];
6374 int reply_ofs;
6375 struct iasubopt *prefix;
6376 struct ia_xx *existing_ia_pd;
6377 int i;
6378 struct data_string key;
6379 u_int32_t iaid;
6380
6381 /*
6382 * Initialize to empty values, in case we have to exit early.
6383 */
6384 memset(&reply_new, 0, sizeof(reply_new));
6385 opt_state = NULL;
6386 memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6387 cli_enc_opt_state = NULL;
6388 memset(&iaprefix, 0, sizeof(iaprefix));
6389 prefix = NULL;
6390
6391 /*
6392 * Compute the available length for the reply.
6393 */
6394 reply_len = sizeof(reply_data) - reply_ret->len;
6395 reply_ofs = 0;
6396
6397 /*
6398 * Find the host record that matches from the packet, if any.
6399 */
6400 packet_host = NULL;
6401 find_hosts6(&packet_host, packet, client_id, MDL);
6402
6403 /*
6404 * Build our option state for reply.
6405 */
6406 opt_state = NULL;
6407 if (!option_state_allocate(&opt_state, MDL)) {
6408 log_error("iterate_over_ia_pd: no memory for option_state.");
6409 goto exit;
6410 }
6411 execute_statements_in_scope(NULL, packet, NULL, NULL,
6412 packet->options, opt_state,
6413 &global_scope, root_group, NULL, NULL);
6414
6415 /*
6416 * Loop through the IA_PD reported by the client, and deal with
6417 * prefixes reported as already in use.
6418 */
6419 for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6420 ia != NULL; ia = ia->next) {
6421
6422 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6423 &cli_enc_opt_data,
6424 packet, ia, IA_PD_OFFSET)) {
6425 goto exit;
6426 }
6427
6428 iaid = getULong(cli_enc_opt_data.data);
6429
6430 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6431 D6O_IAPREFIX);
6432 if (oc == NULL) {
6433 /* no prefix given for this IA_PD, ignore */
6434 option_state_dereference(&cli_enc_opt_state, MDL);
6435 data_string_forget(&cli_enc_opt_data, MDL);
6436 continue;
6437 }
6438
6439 for (; oc != NULL; oc = oc->next) {
6440 memset(&iaprefix, 0, sizeof(iaprefix));
6441 if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6442 packet->options, NULL,
6443 &global_scope, oc, MDL)) {
6444 log_error("iterate_over_ia_pd: "
6445 "error evaluating IAPREFIX.");
6446 goto exit;
6447 }
6448
6449 /*
6450 * Now we need to figure out which host record matches
6451 * this IA_PD and IAPREFIX (encapsulated option contents
6452 * matching a host record by option).
6453 *
6454 * XXX: We don't currently track IA_PD separately, but
6455 * we will need to do this!
6456 */
6457 host = NULL;
6458 if (!find_hosts_by_option(&host, packet,
6459 cli_enc_opt_state, MDL)) {
6460 if (packet_host != NULL) {
6461 host = packet_host;
6462 } else {
6463 host = NULL;
6464 }
6465 }
6466 while (host != NULL) {
6467 if (host->fixed_prefix != NULL) {
6468 struct iaddrcidrnetlist *l;
6469 int plen = (int) getUChar(iaprefix.data + 8);
6470
6471 for (l = host->fixed_prefix; l != NULL;
6472 l = l->next) {
6473 if (plen != l->cidrnet.bits)
6474 continue;
6475 if (memcmp(iaprefix.data + 9,
6476 l->cidrnet.lo_addr.iabuf,
6477 16) == 0)
6478 break;
6479 }
6480 if ((l != NULL) && (iaprefix.len >= 17))
6481 break;
6482 }
6483 host = host->n_ipaddr;
6484 }
6485
6486 if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6487 /*
6488 * Find existing IA_PD.
6489 */
6490 if (ia_make_key(&key, iaid,
6491 (char *)client_id->data,
6492 client_id->len,
6493 MDL) != ISC_R_SUCCESS) {
6494 log_fatal("iterate_over_ia_pd: no memory for "
6495 "key.");
6496 }
6497
6498 existing_ia_pd = NULL;
6499 if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6500 (unsigned char *)key.data,
6501 key.len, MDL)) {
6502 /*
6503 * Make sure this prefix is in the IA_PD.
6504 */
6505 for (i = 0;
6506 i < existing_ia_pd->num_iasubopt;
6507 i++) {
6508 struct iasubopt *tmp;
6509 u_int8_t plen;
6510
6511 plen = getUChar(iaprefix.data + 8);
6512 tmp = existing_ia_pd->iasubopt[i];
6513 if ((tmp->plen == plen) &&
6514 (memcmp(&tmp->addr,
6515 iaprefix.data + 9,
6516 16) == 0)) {
6517 iasubopt_reference(&prefix,
6518 tmp, MDL);
6519 break;
6520 }
6521 }
6522 }
6523
6524 data_string_forget(&key, MDL);
6525 }
6526
6527 if ((host != NULL) || (prefix != NULL)) {
6528 ia_pd_match(client_id, &iaprefix, prefix);
6529 } else {
6530 ia_pd_nomatch(client_id, &iaprefix,
6531 (u_int32_t *)cli_enc_opt_data.data,
6532 packet, reply_data, &reply_ofs,
6533 reply_len - reply_ofs);
6534 }
6535
6536 if (prefix != NULL) {
6537 iasubopt_dereference(&prefix, MDL);
6538 }
6539
6540 data_string_forget(&iaprefix, MDL);
6541 }
6542
6543 option_state_dereference(&cli_enc_opt_state, MDL);
6544 data_string_forget(&cli_enc_opt_data, MDL);
6545 }
6546
6547 /*
6548 * Return our reply to the caller.
6549 * The IA_NA routine has already filled at least the header.
6550 */
6551 reply_new.len = reply_ret->len + reply_ofs;
6552 if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6553 log_fatal("No memory to store reply.");
6554 }
6555 reply_new.data = reply_new.buffer->data;
6556 memcpy(reply_new.buffer->data,
6557 reply_ret->buffer->data, reply_ret->len);
6558 memcpy(reply_new.buffer->data + reply_ret->len,
6559 reply_data, reply_ofs);
6560 data_string_forget(reply_ret, MDL);
6561 data_string_copy(reply_ret, &reply_new, MDL);
6562 data_string_forget(&reply_new, MDL);
6563
6564 exit:
6565 if (prefix != NULL) {
6566 iasubopt_dereference(&prefix, MDL);
6567 }
6568 if (iaprefix.buffer != NULL) {
6569 data_string_forget(&iaprefix, MDL);
6570 }
6571 if (cli_enc_opt_state != NULL) {
6572 option_state_dereference(&cli_enc_opt_state, MDL);
6573 }
6574 if (cli_enc_opt_data.buffer != NULL) {
6575 data_string_forget(&cli_enc_opt_data, MDL);
6576 }
6577 if (opt_state != NULL) {
6578 option_state_dereference(&opt_state, MDL);
6579 }
6580 }
6581
6582 /*
6583 * Release means a client is done with the leases.
6584 */
6585
6586 static void
6587 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6588 struct data_string client_id;
6589 struct data_string server_id;
6590
6591 /*
6592 * Validate our input.
6593 */
6594 if (!valid_client_resp(packet, &client_id, &server_id)) {
6595 return;
6596 }
6597
6598 /* If the RELEASE arrived via unicast and unicast option isn't set,
6599 * reject it per RFC 3315, Sec 18.2.6 */
6600 if (packet->unicast == ISC_TRUE &&
6601 is_unicast_option_defined(packet) == ISC_FALSE) {
6602 unicast_reject(reply, packet, &client_id, &server_id);
6603 } else {
6604 /*
6605 * And operate on each IA_NA in this packet.
6606 */
6607 iterate_over_ia_na(reply, packet, &client_id, &server_id,
6608 "Release", ia_na_match_release,
6609 ia_na_nomatch_release);
6610
6611 /*
6612 * And operate on each IA_PD in this packet.
6613 */
6614 iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6615 "Release", ia_pd_match_release,
6616 ia_pd_nomatch_release);
6617 }
6618
6619 data_string_forget(&server_id, MDL);
6620 data_string_forget(&client_id, MDL);
6621 }
6622
6623 /*
6624 * Information-Request is used by clients who have obtained an address
6625 * from other means, but want configuration information from the server.
6626 */
6627
6628 static void
6629 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6630 struct data_string client_id;
6631 struct data_string server_id;
6632
6633 /*
6634 * Validate our input.
6635 */
6636 if (!valid_client_info_req(packet, &server_id)) {
6637 return;
6638 }
6639
6640 /*
6641 * Get our client ID, if there is one.
6642 */
6643 memset(&client_id, 0, sizeof(client_id));
6644 if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6645 data_string_forget(&client_id, MDL);
6646 }
6647
6648 /*
6649 * Use the lease_to_client() function. This will work fine,
6650 * because the valid_client_info_req() insures that we
6651 * don't have any IA that would cause us to allocate
6652 * resources to the client.
6653 */
6654 lease_to_client(reply, packet, &client_id,
6655 server_id.data != NULL ? &server_id : NULL);
6656
6657 /*
6658 * Cleanup.
6659 */
6660 if (client_id.data != NULL) {
6661 data_string_forget(&client_id, MDL);
6662 }
6663 data_string_forget(&server_id, MDL);
6664 }
6665
6666 /*
6667 * The Relay-forw message is sent by relays. It typically contains a
6668 * single option, which encapsulates an entire packet.
6669 *
6670 * We need to build an encapsulated reply.
6671 */
6672
6673 /* XXX: this is very, very similar to do_packet6(), and should probably
6674 be combined in a clever way */
6675 /* DHCPv6 server side */
6676 static void
6677 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6678 struct option_cache *oc;
6679 struct data_string enc_opt_data;
6680 struct packet *enc_packet;
6681 unsigned char msg_type;
6682 const struct dhcpv6_packet *msg;
6683 const struct dhcpv6_relay_packet *relay;
6684 struct data_string enc_reply;
6685 char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6686 char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6687 struct data_string a_opt, packet_ero;
6688 struct option_state *opt_state;
6689 static char reply_data[65536];
6690 struct dhcpv6_relay_packet *reply;
6691 int reply_ofs;
6692
6693 /*
6694 * Initialize variables for early exit.
6695 */
6696 opt_state = NULL;
6697 memset(&a_opt, 0, sizeof(a_opt));
6698 memset(&packet_ero, 0, sizeof(packet_ero));
6699 memset(&enc_reply, 0, sizeof(enc_reply));
6700 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6701 enc_packet = NULL;
6702
6703 /*
6704 * Get our encapsulated relay message.
6705 */
6706 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_RELAY_MSG);
6707 if (oc == NULL) {
6708 inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6709 link_addr, sizeof(link_addr));
6710 inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6711 peer_addr, sizeof(peer_addr));
6712 log_info("Relay-forward from %s with link address=%s and "
6713 "peer address=%s missing Relay Message option.",
6714 piaddr(packet->client_addr), link_addr, peer_addr);
6715 goto exit;
6716 }
6717
6718 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6719 NULL, NULL, &global_scope, oc, MDL)) {
6720 /* should be dhcpv6_relay_forw */
6721 log_error("dhcpv6_forw_relay: error evaluating "
6722 "relayed message.");
6723 goto exit;
6724 }
6725
6726 if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6727 /* should be dhcpv6_relay_forw */
6728 log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6729 goto exit;
6730 }
6731
6732 /*
6733 * Build a packet structure from this encapsulated packet.
6734 */
6735 enc_packet = NULL;
6736 if (!packet_allocate(&enc_packet, MDL)) {
6737 /* should be dhcpv6_relay_forw */
6738 log_error("dhcpv6_forw_relay: "
6739 "no memory for encapsulated packet.");
6740 goto exit;
6741 }
6742
6743 if (!option_state_allocate(&enc_packet->options, MDL)) {
6744 /* should be dhcpv6_relay_forw */
6745 log_error("dhcpv6_forw_relay: "
6746 "no memory for encapsulated packet's options.");
6747 goto exit;
6748 }
6749
6750 enc_packet->client_port = packet->client_port;
6751 enc_packet->client_addr = packet->client_addr;
6752 interface_reference(&enc_packet->interface, packet->interface, MDL);
6753 enc_packet->dhcpv6_container_packet = packet;
6754
6755 msg_type = enc_opt_data.data[0];
6756 if ((msg_type == DHCPV6_RELAY_FORW) ||
6757 (msg_type == DHCPV6_RELAY_REPL)) {
6758 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6759 relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6760 enc_packet->dhcpv6_msg_type = relay->msg_type;
6761
6762 /* relay-specific data */
6763 enc_packet->dhcpv6_hop_count = relay->hop_count;
6764 memcpy(&enc_packet->dhcpv6_link_address,
6765 relay->link_address, sizeof(relay->link_address));
6766 memcpy(&enc_packet->dhcpv6_peer_address,
6767 relay->peer_address, sizeof(relay->peer_address));
6768
6769 if (!parse_option_buffer(enc_packet->options,
6770 relay->options,
6771 enc_opt_data.len - relaylen,
6772 &dhcpv6_universe)) {
6773 /* no logging here, as parse_option_buffer() logs all
6774 cases where it fails */
6775 goto exit;
6776 }
6777 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6778 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6779 #ifdef DHCP4o6
6780 if (!dhcpv4_over_dhcpv6 ||
6781 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6782 log_error("dhcpv6_relay_forw: "
6783 "unsupported %s message type.",
6784 dhcpv6_type_names[msg_type]);
6785 goto exit;
6786 }
6787 forw_dhcpv4_query(packet);
6788 goto exit;
6789 #else /* DHCP4o6 */
6790 log_error("dhcpv6_relay_forw: unsupported %s message type.",
6791 dhcpv6_type_names[msg_type]);
6792 goto exit;
6793 #endif /* DHCP4o6 */
6794 } else {
6795 int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6796 msg = (struct dhcpv6_packet *)enc_opt_data.data;
6797 enc_packet->dhcpv6_msg_type = msg->msg_type;
6798
6799 /* message-specific data */
6800 memcpy(enc_packet->dhcpv6_transaction_id,
6801 msg->transaction_id,
6802 sizeof(enc_packet->dhcpv6_transaction_id));
6803
6804 if (!parse_option_buffer(enc_packet->options,
6805 msg->options,
6806 enc_opt_data.len - msglen,
6807 &dhcpv6_universe)) {
6808 /* no logging here, as parse_option_buffer() logs all
6809 cases where it fails */
6810 goto exit;
6811 }
6812 }
6813
6814 /*
6815 * This is recursive. It is possible to exceed maximum packet size.
6816 * XXX: This will cause the packet send to fail.
6817 */
6818 build_dhcpv6_reply(&enc_reply, enc_packet);
6819
6820 /*
6821 * If we got no encapsulated data, then it is discarded, and
6822 * our reply-forw is also discarded.
6823 */
6824 if (enc_reply.data == NULL) {
6825 goto exit;
6826 }
6827
6828 /*
6829 * Now we can use the reply_data buffer.
6830 * Packet header stuff all comes from the forward message.
6831 */
6832 reply = (struct dhcpv6_relay_packet *)reply_data;
6833 reply->msg_type = DHCPV6_RELAY_REPL;
6834 reply->hop_count = packet->dhcpv6_hop_count;
6835 memcpy(reply->link_address, &packet->dhcpv6_link_address,
6836 sizeof(reply->link_address));
6837 memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6838 sizeof(reply->peer_address));
6839 reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6840
6841 /*
6842 * Get the reply option state.
6843 */
6844 opt_state = NULL;
6845 if (!option_state_allocate(&opt_state, MDL)) {
6846 log_error("dhcpv6_relay_forw: no memory for option state.");
6847 goto exit;
6848 }
6849
6850 /*
6851 * Append the interface-id if present.
6852 */
6853 oc = lookup_option(&dhcpv6_universe, packet->options,
6854 D6O_INTERFACE_ID);
6855 if (oc != NULL) {
6856 if (!evaluate_option_cache(&a_opt, packet,
6857 NULL, NULL,
6858 packet->options, NULL,
6859 &global_scope, oc, MDL)) {
6860 log_error("dhcpv6_relay_forw: error evaluating "
6861 "Interface ID.");
6862 goto exit;
6863 }
6864 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6865 (unsigned char *)a_opt.data,
6866 a_opt.len,
6867 D6O_INTERFACE_ID, 0)) {
6868 log_error("dhcpv6_relay_forw: error saving "
6869 "Interface ID.");
6870 goto exit;
6871 }
6872 data_string_forget(&a_opt, MDL);
6873 }
6874
6875 #if defined(RELAY_PORT)
6876 /*
6877 * Append the relay_source_port option if present.
6878 */
6879 oc = lookup_option(&dhcpv6_universe, packet->options,
6880 D6O_RELAY_SOURCE_PORT);
6881 if (oc != NULL) {
6882 if (!evaluate_option_cache(&a_opt, packet,
6883 NULL, NULL,
6884 packet->options, NULL,
6885 &global_scope, oc, MDL)) {
6886 log_error("dhcpv6_relay_forw: error evaluating "
6887 "Relay Source Port.");
6888 goto exit;
6889 }
6890 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6891 (unsigned char *)a_opt.data,
6892 a_opt.len,
6893 D6O_RELAY_SOURCE_PORT, 0)) {
6894 log_error("dhcpv6_relay_forw: error saving "
6895 "Relay Source Port.");
6896 goto exit;
6897 }
6898 data_string_forget(&a_opt, MDL);
6899
6900 packet->relay_source_port = ISC_TRUE;
6901 }
6902 #endif
6903
6904 /*
6905 * Append our encapsulated stuff for caller.
6906 */
6907 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6908 (unsigned char *)enc_reply.data,
6909 enc_reply.len,
6910 D6O_RELAY_MSG, 0)) {
6911 log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6912 goto exit;
6913 }
6914
6915 /*
6916 * Get the ERO if any.
6917 */
6918 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6919 if (oc != NULL) {
6920 unsigned req;
6921 int i;
6922
6923 if (!evaluate_option_cache(&packet_ero, packet,
6924 NULL, NULL,
6925 packet->options, NULL,
6926 &global_scope, oc, MDL) ||
6927 (packet_ero.len & 1)) {
6928 log_error("dhcpv6_relay_forw: error evaluating ERO.");
6929 goto exit;
6930 }
6931
6932 /* Decode and apply the ERO. */
6933 for (i = 0; i < packet_ero.len; i += 2) {
6934 req = getUShort(packet_ero.data + i);
6935 /* Already in the reply? */
6936 oc = lookup_option(&dhcpv6_universe, opt_state, req);
6937 if (oc != NULL)
6938 continue;
6939 /* Get it from the packet if present. */
6940 oc = lookup_option(&dhcpv6_universe,
6941 packet->options,
6942 req);
6943 if (oc == NULL)
6944 continue;
6945 if (!evaluate_option_cache(&a_opt, packet,
6946 NULL, NULL,
6947 packet->options, NULL,
6948 &global_scope, oc, MDL)) {
6949 log_error("dhcpv6_relay_forw: error "
6950 "evaluating option %u.", req);
6951 goto exit;
6952 }
6953 if (!save_option_buffer(&dhcpv6_universe,
6954 opt_state,
6955 NULL,
6956 (unsigned char *)a_opt.data,
6957 a_opt.len,
6958 req,
6959 0)) {
6960 log_error("dhcpv6_relay_forw: error saving "
6961 "option %u.", req);
6962 goto exit;
6963 }
6964 data_string_forget(&a_opt, MDL);
6965 }
6966 }
6967
6968 reply_ofs += store_options6(reply_data + reply_ofs,
6969 sizeof(reply_data) - reply_ofs,
6970 opt_state, packet,
6971 required_opts_agent, &packet_ero);
6972
6973 /*
6974 * Return our reply to the caller.
6975 */
6976 reply_ret->len = reply_ofs;
6977 reply_ret->buffer = NULL;
6978 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6979 log_fatal("No memory to store reply.");
6980 }
6981 reply_ret->data = reply_ret->buffer->data;
6982 memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6983
6984 exit:
6985 if (opt_state != NULL)
6986 option_state_dereference(&opt_state, MDL);
6987 if (a_opt.data != NULL) {
6988 data_string_forget(&a_opt, MDL);
6989 }
6990 if (packet_ero.data != NULL) {
6991 data_string_forget(&packet_ero, MDL);
6992 }
6993 if (enc_reply.data != NULL) {
6994 data_string_forget(&enc_reply, MDL);
6995 }
6996 if (enc_opt_data.data != NULL) {
6997 data_string_forget(&enc_opt_data, MDL);
6998 }
6999 if (enc_packet != NULL) {
7000 packet_dereference(&enc_packet, MDL);
7001 }
7002 }
7003
7004 #ifdef DHCP4o6
7005 /* \brief Internal processing of a relayed DHCPv4-query
7006 * (DHCPv4 server side)
7007 *
7008 * Code copied from \ref dhcpv6_relay_forw() which itself is
7009 * from \ref do_packet6().
7010 *
7011 * \param reply_ret pointer to the response
7012 * \param packet the query
7013 */
7014 static void
7015 dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
7016 struct option_cache *oc;
7017 struct data_string enc_opt_data;
7018 struct packet *enc_packet;
7019 unsigned char msg_type;
7020 const struct dhcpv6_relay_packet *relay;
7021 const struct dhcpv4_over_dhcpv6_packet *msg;
7022 struct data_string enc_reply;
7023 char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7024 char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7025 struct data_string a_opt, packet_ero;
7026 struct option_state *opt_state;
7027 static char reply_data[65536];
7028 struct dhcpv6_relay_packet *reply;
7029 int reply_ofs;
7030
7031 /*
7032 * Initialize variables for early exit.
7033 */
7034 opt_state = NULL;
7035 memset(&a_opt, 0, sizeof(a_opt));
7036 memset(&packet_ero, 0, sizeof(packet_ero));
7037 memset(&enc_reply, 0, sizeof(enc_reply));
7038 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7039 enc_packet = NULL;
7040
7041 /*
7042 * Get our encapsulated relay message.
7043 */
7044 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_RELAY_MSG);
7045 if (oc == NULL) {
7046 inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
7047 link_addr, sizeof(link_addr));
7048 inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
7049 peer_addr, sizeof(peer_addr));
7050 log_info("Relay-forward from %s with link address=%s and "
7051 "peer address=%s missing Relay Message option.",
7052 piaddr(packet->client_addr), link_addr, peer_addr);
7053 goto exit;
7054 }
7055
7056 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7057 NULL, NULL, &global_scope, oc, MDL)) {
7058 log_error("dhcp4o6_relay_forw: error evaluating "
7059 "relayed message.");
7060 goto exit;
7061 }
7062
7063 if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
7064 log_error("dhcp4o6_relay_forw: "
7065 "encapsulated packet too short.");
7066 goto exit;
7067 }
7068
7069 /*
7070 * Build a packet structure from this encapsulated packet.
7071 */
7072 if (!packet_allocate(&enc_packet, MDL)) {
7073 log_error("dhcp4o6_relay_forw: "
7074 "no memory for encapsulated packet.");
7075 goto exit;
7076 }
7077
7078 if (!option_state_allocate(&enc_packet->options, MDL)) {
7079 log_error("dhcp4o6_relay_forw: "
7080 "no memory for encapsulated packet's options.");
7081 goto exit;
7082 }
7083
7084 enc_packet->client_port = packet->client_port;
7085 enc_packet->client_addr = packet->client_addr;
7086 interface_reference(&enc_packet->interface, packet->interface, MDL);
7087 enc_packet->dhcpv6_container_packet = packet;
7088
7089 msg_type = enc_opt_data.data[0];
7090 if ((msg_type == DHCPV6_RELAY_FORW) ||
7091 (msg_type == DHCPV6_RELAY_REPL)) {
7092 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
7093 relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
7094 enc_packet->dhcpv6_msg_type = relay->msg_type;
7095
7096 /* relay-specific data */
7097 enc_packet->dhcpv6_hop_count = relay->hop_count;
7098 memcpy(&enc_packet->dhcpv6_link_address,
7099 relay->link_address, sizeof(relay->link_address));
7100 memcpy(&enc_packet->dhcpv6_peer_address,
7101 relay->peer_address, sizeof(relay->peer_address));
7102
7103 if (!parse_option_buffer(enc_packet->options,
7104 relay->options,
7105 enc_opt_data.len - relaylen,
7106 &dhcpv6_universe)) {
7107 /* no logging here, as parse_option_buffer() logs all
7108 cases where it fails */
7109 goto exit;
7110 }
7111 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7112 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
7113 int msglen =
7114 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7115 msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
7116 enc_packet->dhcpv6_msg_type = msg->msg_type;
7117
7118 /* message-specific data */
7119 memcpy(enc_packet->dhcp4o6_flags,
7120 msg->flags,
7121 sizeof(enc_packet->dhcp4o6_flags));
7122
7123 if (!parse_option_buffer(enc_packet->options,
7124 msg->options,
7125 enc_opt_data.len - msglen,
7126 &dhcpv6_universe)) {
7127 /* no logging here, as parse_option_buffer() logs all
7128 cases where it fails */
7129 goto exit;
7130 }
7131 } else {
7132 log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
7133 (int)msg_type);
7134 goto exit;
7135 }
7136
7137 /*
7138 * This is recursive. It is possible to exceed maximum packet size.
7139 * XXX: This will cause the packet send to fail.
7140 */
7141 build_dhcpv6_reply(&enc_reply, enc_packet);
7142
7143 /*
7144 * If we got no encapsulated data, then it is discarded, and
7145 * our reply-forw is also discarded.
7146 */
7147 if (enc_reply.data == NULL) {
7148 goto exit;
7149 }
7150
7151 /*
7152 * Now we can use the reply_data buffer.
7153 * Packet header stuff all comes from the forward message.
7154 */
7155 reply = (struct dhcpv6_relay_packet *)reply_data;
7156 reply->msg_type = DHCPV6_RELAY_REPL;
7157 reply->hop_count = packet->dhcpv6_hop_count;
7158 memcpy(reply->link_address, &packet->dhcpv6_link_address,
7159 sizeof(reply->link_address));
7160 memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
7161 sizeof(reply->peer_address));
7162 reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
7163
7164 /*
7165 * Get the reply option state.
7166 */
7167 if (!option_state_allocate(&opt_state, MDL)) {
7168 log_error("dhcp4o6_relay_forw: no memory for option state.");
7169 goto exit;
7170 }
7171
7172 /*
7173 * Append the interface-id if present.
7174 */
7175 oc = lookup_option(&dhcpv6_universe, packet->options,
7176 D6O_INTERFACE_ID);
7177 if (oc != NULL) {
7178 if (!evaluate_option_cache(&a_opt, packet,
7179 NULL, NULL,
7180 packet->options, NULL,
7181 &global_scope, oc, MDL)) {
7182 log_error("dhcp4o6_relay_forw: error evaluating "
7183 "Interface ID.");
7184 goto exit;
7185 }
7186 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7187 (unsigned char *)a_opt.data,
7188 a_opt.len,
7189 D6O_INTERFACE_ID, 0)) {
7190 log_error("dhcp4o6_relay_forw: error saving "
7191 "Interface ID.");
7192 goto exit;
7193 }
7194 data_string_forget(&a_opt, MDL);
7195 }
7196
7197 #if defined(RELAY_PORT)
7198 /*
7199 * Append the relay_source_port option if present.
7200 */
7201 oc = lookup_option(&dhcpv6_universe, packet->options,
7202 D6O_RELAY_SOURCE_PORT);
7203 if (oc != NULL) {
7204 if (!evaluate_option_cache(&a_opt, packet,
7205 NULL, NULL,
7206 packet->options, NULL,
7207 &global_scope, oc, MDL)) {
7208 log_error("dhcpv4o6_relay_forw: error evaluating "
7209 "Relay Source Port.");
7210 goto exit;
7211 }
7212 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7213 (unsigned char *)a_opt.data,
7214 a_opt.len,
7215 D6O_RELAY_SOURCE_PORT, 0)) {
7216 log_error("dhcpv4o6_relay_forw: error saving "
7217 "Relay Source Port.");
7218 goto exit;
7219 }
7220 data_string_forget(&a_opt, MDL);
7221
7222 packet->relay_source_port = ISC_TRUE;
7223 }
7224 #endif
7225
7226 /*
7227 * Append our encapsulated stuff for caller.
7228 */
7229 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7230 (unsigned char *)enc_reply.data,
7231 enc_reply.len,
7232 D6O_RELAY_MSG, 0)) {
7233 log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
7234 goto exit;
7235 }
7236
7237 /*
7238 * Get the ERO if any.
7239 */
7240 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
7241 if (oc != NULL) {
7242 unsigned req;
7243 int i;
7244
7245 if (!evaluate_option_cache(&packet_ero, packet,
7246 NULL, NULL,
7247 packet->options, NULL,
7248 &global_scope, oc, MDL) ||
7249 (packet_ero.len & 1)) {
7250 log_error("dhcp4o6_relay_forw: error evaluating ERO.");
7251 goto exit;
7252 }
7253
7254 /* Decode and apply the ERO. */
7255 for (i = 0; i < packet_ero.len; i += 2) {
7256 req = getUShort(packet_ero.data + i);
7257 /* Already in the reply? */
7258 oc = lookup_option(&dhcpv6_universe, opt_state, req);
7259 if (oc != NULL)
7260 continue;
7261 /* Get it from the packet if present. */
7262 oc = lookup_option(&dhcpv6_universe,
7263 packet->options,
7264 req);
7265 if (oc == NULL)
7266 continue;
7267 if (!evaluate_option_cache(&a_opt, packet,
7268 NULL, NULL,
7269 packet->options, NULL,
7270 &global_scope, oc, MDL)) {
7271 log_error("dhcp4o6_relay_forw: error "
7272 "evaluating option %u.", req);
7273 goto exit;
7274 }
7275 if (!save_option_buffer(&dhcpv6_universe,
7276 opt_state,
7277 NULL,
7278 (unsigned char *)a_opt.data,
7279 a_opt.len,
7280 req,
7281 0)) {
7282 log_error("dhcp4o6_relay_forw: error saving "
7283 "option %u.", req);
7284 goto exit;
7285 }
7286 data_string_forget(&a_opt, MDL);
7287 }
7288 }
7289
7290 reply_ofs += store_options6(reply_data + reply_ofs,
7291 sizeof(reply_data) - reply_ofs,
7292 opt_state, packet,
7293 required_opts_agent, &packet_ero);
7294
7295 /*
7296 * Return our reply to the caller.
7297 */
7298 reply_ret->len = reply_ofs;
7299 reply_ret->buffer = NULL;
7300 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7301 log_fatal("No memory to store reply.");
7302 }
7303 reply_ret->data = reply_ret->buffer->data;
7304 memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
7305
7306 exit:
7307 if (opt_state != NULL)
7308 option_state_dereference(&opt_state, MDL);
7309 if (a_opt.data != NULL) {
7310 data_string_forget(&a_opt, MDL);
7311 }
7312 if (packet_ero.data != NULL) {
7313 data_string_forget(&packet_ero, MDL);
7314 }
7315 if (enc_reply.data != NULL) {
7316 data_string_forget(&enc_reply, MDL);
7317 }
7318 if (enc_opt_data.data != NULL) {
7319 data_string_forget(&enc_opt_data, MDL);
7320 }
7321 if (enc_packet != NULL) {
7322 packet_dereference(&enc_packet, MDL);
7323 }
7324 }
7325
7326 /*
7327 * \brief Internal processing of a DHCPv4-query
7328 * (DHCPv4 server function)
7329 *
7330 * Code copied from \ref do_packet().
7331 *
7332 * \param reply_ret pointer to the response
7333 * \param packet the query
7334 */
7335 static void
7336 dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
7337 struct option_cache *oc;
7338 struct data_string enc_opt_data;
7339 struct packet *enc_packet;
7340 struct data_string enc_response;
7341 struct option_state *opt_state;
7342 static char response_data[65536];
7343 struct dhcpv4_over_dhcpv6_packet *response;
7344 int response_ofs;
7345
7346 /*
7347 * Initialize variables for early exit.
7348 */
7349 opt_state = NULL;
7350 memset(&enc_response, 0, sizeof(enc_response));
7351 memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7352 enc_packet = NULL;
7353
7354 /*
7355 * Get our encapsulated relay message.
7356 */
7357 oc = lookup_option(&dhcpv6_universe, packet->options, D6O_DHCPV4_MSG);
7358 if (oc == NULL) {
7359 log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
7360 piaddr(packet->client_addr));
7361 goto exit;
7362 }
7363
7364 if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7365 NULL, NULL, &global_scope, oc, MDL)) {
7366 log_error("dhcp4o6_dhcpv4_query: error evaluating "
7367 "DHCPv4 message.");
7368 goto exit;
7369 }
7370
7371 if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
7372 log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
7373 goto exit;
7374 }
7375
7376 /*
7377 * Build a packet structure from this encapsulated packet.
7378 */
7379 if (!packet_allocate(&enc_packet, MDL)) {
7380 log_error("dhcp4o6_dhcpv4_query: "
7381 "no memory for encapsulated packet.");
7382 goto exit;
7383 }
7384
7385 enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7386 enc_packet->packet_length = enc_opt_data.len;
7387 enc_packet->dhcp4o6_response = &enc_response;
7388 enc_packet->client_port = packet->client_port;
7389 enc_packet->client_addr = packet->client_addr;
7390 interface_reference(&enc_packet->interface, packet->interface, MDL);
7391 enc_packet->dhcpv6_container_packet = packet;
7392 if (packet->dhcp4o6_flags[0] & DHCP4O6_QUERY_UNICAST)
7393 enc_packet->unicast = 1;
7394
7395 if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7396 log_info("dhcp4o6_dhcpv4_query: "
7397 "discarding packet with bogus hlen.");
7398 goto exit;
7399 }
7400
7401 /* Allocate packet->options now so it is non-null for all packets */
7402 if (!option_state_allocate (&enc_packet->options, MDL)) {
7403 log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7404 goto exit;
7405 }
7406
7407 /* If there's an option buffer, try to parse it. */
7408 if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7409 struct option_cache *op;
7410 if (!parse_options(enc_packet)) {
7411 if (enc_packet->options)
7412 option_state_dereference
7413 (&enc_packet->options, MDL);
7414 packet_dereference (&enc_packet, MDL);
7415 goto exit;
7416 }
7417
7418 if (enc_packet->options_valid &&
7419 (op = lookup_option(&dhcp_universe,
7420 enc_packet->options,
7421 DHO_DHCP_MESSAGE_TYPE))) {
7422 struct data_string dp;
7423 memset(&dp, 0, sizeof dp);
7424 evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7425 enc_packet->options, NULL,
7426 NULL, op, MDL);
7427 if (dp.len > 0)
7428 enc_packet->packet_type = dp.data[0];
7429 else
7430 enc_packet->packet_type = 0;
7431 data_string_forget(&dp, MDL);
7432 }
7433 }
7434
7435 if (validate_packet(enc_packet) != 0) {
7436 if (enc_packet->packet_type)
7437 dhcp(enc_packet);
7438 else
7439 bootp(enc_packet);
7440 }
7441
7442 /* If the caller kept the packet, they'll have upped the refcnt. */
7443 packet_dereference(&enc_packet, MDL);
7444
7445 /*
7446 * If we got no response data, then it is discarded, and
7447 * our DHCPv4-response is also discarded.
7448 */
7449 if (enc_response.data == NULL) {
7450 goto exit;
7451 }
7452
7453 /*
7454 * Now we can use the response_data buffer.
7455 */
7456 response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7457 response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7458 response->flags[0] = response->flags[1] = response->flags[2] = 0;
7459 response_ofs =
7460 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7461
7462 /*
7463 * Get the response option state.
7464 */
7465 if (!option_state_allocate(&opt_state, MDL)) {
7466 log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7467 goto exit;
7468 }
7469
7470 /*
7471 * Append our encapsulated stuff for caller.
7472 */
7473 if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7474 (unsigned char *)enc_response.data,
7475 enc_response.len,
7476 D6O_DHCPV4_MSG, 0)) {
7477 log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7478 goto exit;
7479 }
7480
7481 response_ofs += store_options6(response_data + response_ofs,
7482 sizeof(response_data) - response_ofs,
7483 opt_state, packet,
7484 required_opts_4o6, NULL);
7485
7486 /*
7487 * Return our response to the caller.
7488 */
7489 reply_ret->len = response_ofs;
7490 reply_ret->buffer = NULL;
7491 if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7492 log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7493 }
7494 reply_ret->data = reply_ret->buffer->data;
7495 memcpy(reply_ret->buffer->data, response_data, response_ofs);
7496
7497 exit:
7498 if (opt_state != NULL)
7499 option_state_dereference(&opt_state, MDL);
7500 if (enc_response.data != NULL) {
7501 data_string_forget(&enc_response, MDL);
7502 }
7503 if (enc_opt_data.data != NULL) {
7504 data_string_forget(&enc_opt_data, MDL);
7505 }
7506 if (enc_packet != NULL) {
7507 packet_dereference(&enc_packet, MDL);
7508 }
7509 }
7510
7511 /*
7512 * \brief Forward a DHCPv4-query message to the DHCPv4 side
7513 * (DHCPv6 server function)
7514 *
7515 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7516 *
7517 * \brief packet the DHCPv6 DHCPv4-query message
7518 */
7519 static void forw_dhcpv4_query(struct packet *packet) {
7520 struct data_string ds;
7521 struct udp_data4o6 udp_data;
7522 unsigned len;
7523 int cc;
7524
7525 /* Get the initial message. */
7526 while (packet->dhcpv6_container_packet != NULL)
7527 packet = packet->dhcpv6_container_packet;
7528
7529 /* Check the initial message. */
7530 if ((packet->raw == NULL) ||
7531 (packet->client_addr.len != 16) ||
7532 (packet->interface == NULL)) {
7533 log_error("forw_dhcpv4_query: can't find initial message.");
7534 return;
7535 }
7536
7537 /* Get a buffer. */
7538 len = packet->packet_length + 36;
7539 memset(&ds, 0, sizeof(ds));
7540 if (!buffer_allocate(&ds.buffer, len, MDL)) {
7541 log_error("forw_dhcpv4_query: "
7542 "no memory for encapsulating packet.");
7543 return;
7544 }
7545 ds.data = ds.buffer->data;
7546 ds.len = len;
7547
7548 /* Fill the buffer. */
7549 strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7550 memcpy(ds.buffer->data + 16,
7551 packet->client_addr.iabuf, 16);
7552 memset(&udp_data, 0, sizeof(udp_data));
7553 udp_data.src_port = packet->client_port;
7554 memcpy(ds.buffer->data + 32, &udp_data, 4);
7555 memcpy(ds.buffer->data + 36,
7556 (unsigned char *)packet->raw,
7557 packet->packet_length);
7558
7559 /* Forward to the DHCPv4 server. */
7560 cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7561 if (cc < 0)
7562 log_error("forw_dhcpv4_query: send(): %m");
7563 data_string_forget(&ds, MDL);
7564 }
7565 #endif
7566
7567 static void
7568 dhcpv6_discard(struct packet *packet) {
7569 /* INSIST(packet->msg_type > 0); */
7570 /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7571
7572 log_debug("Discarding %s from %s; message type not handled by server",
7573 dhcpv6_type_names[packet->dhcpv6_msg_type],
7574 piaddr(packet->client_addr));
7575 }
7576
7577 static void
7578 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7579 memset(reply, 0, sizeof(*reply));
7580
7581 /* I would like to classify the client once here, but
7582 * as I don't want to classify all of the incoming packets
7583 * I need to do it before handling specific types.
7584 * We don't need to classify if we are tossing the packet
7585 * or if it is a relay - the classification step will get
7586 * done when we process the inner client packet.
7587 */
7588
7589 switch (packet->dhcpv6_msg_type) {
7590 case DHCPV6_SOLICIT:
7591 classify_client(packet);
7592 dhcpv6_solicit(reply, packet);
7593 break;
7594 case DHCPV6_ADVERTISE:
7595 dhcpv6_discard(packet);
7596 break;
7597 case DHCPV6_REQUEST:
7598 classify_client(packet);
7599 dhcpv6_request(reply, packet);
7600 break;
7601 case DHCPV6_CONFIRM:
7602 classify_client(packet);
7603 dhcpv6_confirm(reply, packet);
7604 break;
7605 case DHCPV6_RENEW:
7606 classify_client(packet);
7607 dhcpv6_renew(reply, packet);
7608 break;
7609 case DHCPV6_REBIND:
7610 classify_client(packet);
7611 dhcpv6_rebind(reply, packet);
7612 break;
7613 case DHCPV6_REPLY:
7614 dhcpv6_discard(packet);
7615 break;
7616 case DHCPV6_RELEASE:
7617 classify_client(packet);
7618 dhcpv6_release(reply, packet);
7619 break;
7620 case DHCPV6_DECLINE:
7621 classify_client(packet);
7622 dhcpv6_decline(reply, packet);
7623 break;
7624 case DHCPV6_RECONFIGURE:
7625 dhcpv6_discard(packet);
7626 break;
7627 case DHCPV6_INFORMATION_REQUEST:
7628 classify_client(packet);
7629 dhcpv6_information_request(reply, packet);
7630 break;
7631 case DHCPV6_RELAY_FORW:
7632 #ifdef DHCP4o6
7633 if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7634 dhcp4o6_relay_forw(reply, packet);
7635 else
7636 #endif /* DHCP4o6 */
7637 dhcpv6_relay_forw(reply, packet);
7638 break;
7639 case DHCPV6_RELAY_REPL:
7640 dhcpv6_discard(packet);
7641 break;
7642 case DHCPV6_LEASEQUERY:
7643 classify_client(packet);
7644 dhcpv6_leasequery(reply, packet);
7645 break;
7646 case DHCPV6_LEASEQUERY_REPLY:
7647 dhcpv6_discard(packet);
7648 break;
7649 case DHCPV6_DHCPV4_QUERY:
7650 #ifdef DHCP4o6
7651 if (dhcpv4_over_dhcpv6) {
7652 if (local_family == AF_INET6) {
7653 forw_dhcpv4_query(packet);
7654 } else {
7655 dhcp4o6_dhcpv4_query(reply, packet);
7656 }
7657 } else
7658 #endif /* DHCP4o6 */
7659 dhcpv6_discard(packet);
7660 break;
7661 case DHCPV6_DHCPV4_RESPONSE:
7662 dhcpv6_discard(packet);
7663 break;
7664 default:
7665 /* XXX: would be nice if we had "notice" level,
7666 as syslog, for this */
7667 log_info("Discarding unknown DHCPv6 message type %d "
7668 "from %s", packet->dhcpv6_msg_type,
7669 piaddr(packet->client_addr));
7670 }
7671 }
7672
7673 static void
7674 log_packet_in(const struct packet *packet) {
7675 struct data_string s;
7676 u_int32_t tid;
7677 char tmp_addr[INET6_ADDRSTRLEN];
7678 const void *addr;
7679
7680 memset(&s, 0, sizeof(s));
7681
7682 if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
7683 data_string_sprintfa(&s, "%s message from %s port %d",
7684 dhcpv6_type_names[packet->dhcpv6_msg_type],
7685 piaddr(packet->client_addr),
7686 ntohs(packet->client_port));
7687 } else {
7688 data_string_sprintfa(&s,
7689 "Unknown message type %d from %s port %d",
7690 packet->dhcpv6_msg_type,
7691 piaddr(packet->client_addr),
7692 ntohs(packet->client_port));
7693 }
7694 if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7695 (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7696 addr = &packet->dhcpv6_link_address;
7697 data_string_sprintfa(&s, ", link address %s",
7698 inet_ntop(AF_INET6, addr,
7699 tmp_addr, sizeof(tmp_addr)));
7700 addr = &packet->dhcpv6_peer_address;
7701 data_string_sprintfa(&s, ", peer address %s",
7702 inet_ntop(AF_INET6, addr,
7703 tmp_addr, sizeof(tmp_addr)));
7704 } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7705 (packet->dhcpv6_msg_type != DHCPV6_DHCPV4_RESPONSE)) {
7706 tid = 0;
7707 memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7708 data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7709
7710 /*
7711 oc = lookup_option(&dhcpv6_universe, packet->options,
7712 D6O_CLIENTID);
7713 if (oc != NULL) {
7714 memset(&tmp_ds, 0, sizeof(tmp_ds_));
7715 if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7716 packet->options, NULL,
7717 &global_scope, oc, MDL)) {
7718 log_error("Error evaluating Client Identifier");
7719 } else {
7720 data_strint_sprintf(&s, ", client ID %s",
7721
7722 data_string_forget(&tmp_ds, MDL);
7723 }
7724 }
7725 */
7726
7727 }
7728 log_info("%s", s.data);
7729
7730 data_string_forget(&s, MDL);
7731 }
7732
7733 void
7734 dhcpv6(struct packet *packet) {
7735 struct data_string reply;
7736 struct sockaddr_in6 to_addr;
7737 int send_ret;
7738
7739 /*
7740 * Log a message that we received this packet.
7741 */
7742 log_packet_in(packet);
7743
7744 /*
7745 * Build our reply packet.
7746 */
7747 build_dhcpv6_reply(&reply, packet);
7748
7749 if (reply.data != NULL) {
7750 /*
7751 * Send our reply, if we have one.
7752 */
7753 memset(&to_addr, 0, sizeof(to_addr));
7754 to_addr.sin6_family = AF_INET6;
7755 if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7756 (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7757 to_addr.sin6_port = local_port;
7758 } else {
7759 to_addr.sin6_port = remote_port;
7760 }
7761
7762 #if defined (REPLY_TO_SOURCE_PORT)
7763 /*
7764 * This appears to have been included for testing so we would
7765 * not need a root client, but was accidently left in the
7766 * final code. We continue to include it in case
7767 * some users have come to rely upon it, but leave
7768 * it off by default as it's a bad idea.
7769 */
7770 to_addr.sin6_port = packet->client_port;
7771 #endif
7772
7773 #if defined(RELAY_PORT)
7774 /*
7775 * Check relay source port.
7776 */
7777 if (packet->relay_source_port) {
7778 to_addr.sin6_port = packet->client_port;
7779 }
7780 #endif
7781
7782 memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7783 sizeof(to_addr.sin6_addr));
7784
7785 log_info("Sending %s to %s port %d",
7786 dhcpv6_type_names[reply.data[0]],
7787 piaddr(packet->client_addr),
7788 ntohs(to_addr.sin6_port));
7789
7790 send_ret = send_packet6(packet->interface,
7791 reply.data, reply.len, &to_addr);
7792 if (send_ret != reply.len) {
7793 log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7794 send_ret, reply.len);
7795 }
7796 data_string_forget(&reply, MDL);
7797 }
7798 }
7799
7800 #ifdef DHCP4o6
7801 /*
7802 * \brief Receive a DHCPv4-query message from the DHCPv6 side
7803 * (DHCPv4 server function)
7804 *
7805 * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7806 * (code copied from \ref do_packet6() \ref and dhcpv6())
7807 *
7808 * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7809 *
7810 * \param raw the DHCPv6 DHCPv4-query message raw content
7811 */
7812 static void recv_dhcpv4_query(struct data_string *raw) {
7813 struct interface_info *ip;
7814 char name[16 + 1];
7815 struct iaddr iaddr;
7816 struct packet *packet;
7817 unsigned char msg_type;
7818 const struct dhcpv6_relay_packet *relay;
7819 const struct dhcpv4_over_dhcpv6_packet *msg;
7820 struct data_string reply;
7821 struct data_string ds;
7822 struct udp_data4o6 udp_data;
7823 unsigned len;
7824 int cc;
7825
7826 memset(name, 0, sizeof(name));
7827 memcpy(name, raw->data, 16);
7828 for (ip = interfaces; ip != NULL; ip = ip->next) {
7829 if (!strcmp(name, ip->name))
7830 break;
7831 }
7832 if (ip == NULL) {
7833 log_error("recv_dhcpv4_query: can't find interface %s.",
7834 name);
7835 return;
7836 }
7837
7838 iaddr.len = 16;
7839 memcpy(iaddr.iabuf, raw->data + 16, 16);
7840
7841 memset(&udp_data, 0, sizeof(udp_data));
7842 memcpy(&udp_data, raw->data + 32, 4);
7843
7844 /*
7845 * From do_packet6().
7846 */
7847
7848 if (!packet6_len_okay((char *)raw->data + 36, raw->len - 36)) {
7849 log_error("recv_dhcpv4_query: "
7850 "short packet from %s, len %d, dropped",
7851 piaddr(iaddr), raw->len - 36);
7852 return;
7853 }
7854
7855 /*
7856 * Build a packet structure.
7857 */
7858 packet = NULL;
7859 if (!packet_allocate(&packet, MDL)) {
7860 log_error("recv_dhcpv4_query: no memory for packet.");
7861 return;
7862 }
7863
7864 if (!option_state_allocate(&packet->options, MDL)) {
7865 log_error("recv_dhcpv4_query: no memory for options.");
7866 packet_dereference(&packet, MDL);
7867 return;
7868 }
7869
7870 packet->raw = (struct dhcp_packet *)(raw->data + 36);
7871 packet->packet_length = raw->len - 36;
7872 packet->client_port = udp_data.src_port;
7873 packet->client_addr = iaddr;
7874 interface_reference(&packet->interface, ip, MDL);
7875
7876 msg_type = raw->data[36];
7877 if ((msg_type == DHCPV6_RELAY_FORW) ||
7878 (msg_type == DHCPV6_RELAY_REPL)) {
7879 int relaylen =
7880 (int)(offsetof(struct dhcpv6_relay_packet, options));
7881 relay = (const struct dhcpv6_relay_packet *)(raw->data + 36);
7882 packet->dhcpv6_msg_type = relay->msg_type;
7883
7884 /* relay-specific data */
7885 packet->dhcpv6_hop_count = relay->hop_count;
7886 memcpy(&packet->dhcpv6_link_address,
7887 relay->link_address, sizeof(relay->link_address));
7888 memcpy(&packet->dhcpv6_peer_address,
7889 relay->peer_address, sizeof(relay->peer_address));
7890
7891 if (!parse_option_buffer(packet->options,
7892 relay->options,
7893 raw->len - 36 - relaylen,
7894 &dhcpv6_universe)) {
7895 /* no logging here, as parse_option_buffer() logs all
7896 cases where it fails */
7897 packet_dereference(&packet, MDL);
7898 return;
7899 }
7900 } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7901 (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
7902 int msglen =
7903 (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7904 msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 36);
7905 packet->dhcpv6_msg_type = msg->msg_type;
7906
7907 /* message-specific data */
7908 memcpy(packet->dhcp4o6_flags, msg->flags,
7909 sizeof(packet->dhcp4o6_flags));
7910
7911 if (!parse_option_buffer(packet->options,
7912 msg->options,
7913 raw->len - 36 - msglen,
7914 &dhcpv6_universe)) {
7915 /* no logging here, as parse_option_buffer() logs all
7916 cases where it fails */
7917 packet_dereference(&packet, MDL);
7918 return;
7919 }
7920 } else {
7921 log_error("recv_dhcpv4_query: unexpected message of type %d.",
7922 (int)msg_type);
7923 packet_dereference(&packet, MDL);
7924 return;
7925 }
7926
7927 /*
7928 * From dhcpv6().
7929 */
7930
7931 /*
7932 * Log a message that we received this packet.
7933 */
7934 /* log_packet_in(packet); */
7935 memset(&ds, 0, sizeof(ds));
7936 if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
7937 data_string_sprintfa(&ds, "%s message from %s",
7938 dhcpv6_type_names[packet->dhcpv6_msg_type],
7939 piaddr(packet->client_addr));
7940 } else {
7941 data_string_sprintfa(&ds,
7942 "Unknown message type %d from %s",
7943 packet->dhcpv6_msg_type,
7944 piaddr(packet->client_addr));
7945 }
7946 if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7947 (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7948 char tmp_addr[INET6_ADDRSTRLEN];
7949 const void *addr;
7950
7951 addr = &packet->dhcpv6_link_address;
7952 data_string_sprintfa(&ds, ", link address %s",
7953 inet_ntop(AF_INET6, addr,
7954 tmp_addr, sizeof(tmp_addr)));
7955 addr = &packet->dhcpv6_peer_address;
7956 data_string_sprintfa(&ds, ", peer address %s",
7957 inet_ntop(AF_INET6, addr,
7958 tmp_addr, sizeof(tmp_addr)));
7959 } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7960 (packet->dhcpv6_msg_type != DHCPV6_DHCPV4_RESPONSE)) {
7961 u_int32_t tid = 0;
7962
7963 memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7964 data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7965 }
7966 log_info("%s", ds.data);
7967 data_string_forget(&ds, MDL);
7968
7969 /*
7970 * Build our reply packet.
7971 */
7972 build_dhcpv6_reply(&reply, packet);
7973
7974 if (reply.data == NULL) {
7975 packet_dereference(&packet, MDL);
7976 return;
7977 }
7978
7979 /*
7980 * Forward the response.
7981 */
7982 len = reply.len + 36;
7983 memset(&ds, 0, sizeof(ds));
7984 if (!buffer_allocate(&ds.buffer, len, MDL)) {
7985 log_error("recv_dhcpv4_query: no memory.");
7986 packet_dereference(&packet, MDL);
7987 return;
7988 }
7989 ds.data = ds.buffer->data;
7990 ds.len = len;
7991
7992 memcpy(ds.buffer->data, name, 16);
7993 memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7994 udp_data.rsp_opt_exist = packet->relay_source_port ? 1 : 0;
7995 memcpy(ds.buffer->data + 32, &udp_data, 4);
7996 memcpy(ds.buffer->data + 36, reply.data, reply.len);
7997
7998 /*
7999 * Now we can release the packet.
8000 */
8001 packet_dereference(&packet, MDL);
8002
8003 cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
8004 if (cc < 0)
8005 log_error("recv_dhcpv4_query: send(): %m");
8006 data_string_forget(&ds, MDL);
8007 }
8008 #endif /* DHCP4o6 */
8009
8010 static void
8011 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
8012 struct host_decl *nofixed = NULL;
8013 struct host_decl *seek, *hold = NULL;
8014
8015 /*
8016 * Seek forward through fixed addresses for the right link.
8017 *
8018 * Note: how to do this for fixed prefixes???
8019 */
8020 host_reference(&hold, *hp, MDL);
8021 host_dereference(hp, MDL);
8022 seek = hold;
8023 while (seek != NULL) {
8024 if (seek->fixed_addr == NULL)
8025 nofixed = seek;
8026 else if (fixed_matches_shared(seek, shared))
8027 break;
8028
8029 seek = seek->n_ipaddr;
8030 }
8031
8032 if ((seek == NULL) && (nofixed != NULL))
8033 seek = nofixed;
8034
8035 if (seek != NULL)
8036 host_reference(hp, seek, MDL);
8037 }
8038
8039 static isc_boolean_t
8040 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
8041 struct subnet *subnet;
8042 struct data_string addr;
8043 isc_boolean_t matched;
8044 struct iaddr fixed;
8045
8046 if (host->fixed_addr == NULL)
8047 return ISC_FALSE;
8048
8049 memset(&addr, 0, sizeof(addr));
8050 if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
8051 &global_scope, host->fixed_addr, MDL))
8052 return ISC_FALSE;
8053
8054 if (addr.len < 16) {
8055 data_string_forget(&addr, MDL);
8056 return ISC_FALSE;
8057 }
8058
8059 fixed.len = 16;
8060 memcpy(fixed.iabuf, addr.data, 16);
8061
8062 matched = ISC_FALSE;
8063 for (subnet = shared->subnets ; subnet != NULL ;
8064 subnet = subnet->next_sibling) {
8065 if (addr_eq(subnet_number(fixed, subnet->netmask),
8066 subnet->net)) {
8067 matched = ISC_TRUE;
8068 break;
8069 }
8070 }
8071
8072 data_string_forget(&addr, MDL);
8073 return matched;
8074 }
8075
8076 /*!
8077 *
8078 * \brief Constructs a REPLY with status of UseMulticast to a given packet
8079 *
8080 * Per RFC 3315 Secs 18.2.1,3,6 & 7, when a server rejects a client's
8081 * unicast-sent packet, the response must only contain the client id,
8082 * server id, and a status code option of 5 (UseMulticast). This function
8083 * constructs such a packet and returns it as a data_string.
8084 *
8085 * \param reply_ret = data_string which will receive the newly constructed
8086 * reply
8087 * \param packet = client request which is being rejected
8088 * \param client_id = data_string which contains the client id
8089 * \param server_id = data_string which which contains the server id
8090 *
8091 */
8092 void
8093 unicast_reject(struct data_string *reply_ret,
8094 struct packet *packet,
8095 const struct data_string *client_id,
8096 const struct data_string *server_id)
8097 {
8098 struct reply_state reply;
8099 memset(&reply, 0x0, sizeof(struct reply_state));
8100
8101 /* Locate the client. */
8102 if (shared_network_from_packet6(&reply.shared, packet)
8103 != ISC_R_SUCCESS) {
8104 log_error("unicast_reject: could not locate client.");
8105 return;
8106 }
8107
8108 /* Initialize the reply. */
8109 packet_reference(&reply.packet, packet, MDL);
8110 data_string_copy(&reply.client_id, client_id, MDL);
8111
8112 if (start_reply(packet, client_id, server_id, &reply.opt_state,
8113 &reply.buf.reply)) {
8114 /* Set the UseMulticast status code. */
8115 if (!set_status_code(STATUS_UseMulticast,
8116 "Unicast not allowed by server.",
8117 reply.opt_state)) {
8118 log_error("unicast_reject: Unable to set status code.");
8119 } else {
8120 /* Set write cursor to just past the reply header. */
8121 reply.cursor = REPLY_OPTIONS_INDEX;
8122 reply.cursor += store_options6(((char *)reply.buf.data
8123 + reply.cursor),
8124 (sizeof(reply.buf)
8125 - reply.cursor),
8126 reply.opt_state,
8127 reply.packet,
8128 unicast_reject_opts,
8129 NULL);
8130
8131 /* Return our reply to the caller. */
8132 reply_ret->len = reply.cursor;
8133 reply_ret->buffer = NULL;
8134 if (!buffer_allocate(&reply_ret->buffer,
8135 reply.cursor, MDL)) {
8136 log_fatal("unicast_reject:"
8137 "No memory to store Reply.");
8138 }
8139
8140 memcpy(reply_ret->buffer->data, reply.buf.data,
8141 reply.cursor);
8142 reply_ret->data = reply_ret->buffer->data;
8143 }
8144
8145 }
8146
8147 /* Cleanup. */
8148 if (reply.shared != NULL)
8149 shared_network_dereference(&reply.shared, MDL);
8150 if (reply.opt_state != NULL)
8151 option_state_dereference(&reply.opt_state, MDL);
8152 if (reply.packet != NULL)
8153 packet_dereference(&reply.packet, MDL);
8154 if (reply.client_id.data != NULL)
8155 data_string_forget(&reply.client_id, MDL);
8156 }
8157
8158 /*!
8159 *
8160 * \brief Checks if the dhcp6.unicast option has been defined
8161 *
8162 * Scans the option space for the presence of the dhcp6.unicast option. The
8163 * function attempts to map the inbound packet to a shared network first
8164 * by an ip address specified via an D6O_IA_XX option and if that fails then
8165 * by the packet's source information (e.g. relay link, link, or interace).
8166 * Once the packet is mapped to a shared network, the function executes all
8167 * statements from the network's group outward into a local option cache.
8168 * The option cache is then scanned for the presence of unicast option. If
8169 * the packet cannot be mapped to a shared network, the function returns
8170 * ISC_FALSE.
8171 * \param packet inbound packet from the client
8172 *
8173 * \return ISC_TRUE if the dhcp6.unicast option is defined, false otherwise.
8174 *
8175 */
8176 isc_boolean_t
8177 is_unicast_option_defined(struct packet *packet) {
8178 isc_boolean_t is_defined = ISC_FALSE;
8179 struct option_state *opt_state = NULL;
8180 struct option_cache *oc = NULL;
8181 struct shared_network *shared = NULL;
8182
8183 if (!option_state_allocate(&opt_state, MDL)) {
8184 log_fatal("is_unicast_option_defined:"
8185 "No memory for option state.");
8186 }
8187
8188 /* We try to map the packet to a network first by an IA_XX value.
8189 * If that fails, we try by packet source. */
8190 if (((shared_network_from_requested_addr(&shared, packet)
8191 != ISC_R_SUCCESS) &&
8192 (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
8193 || (shared == NULL)) {
8194 /* @todo what would this really mean? I think wrong network
8195 * logic will catch it */
8196 log_error("is_unicast_option_defined:"
8197 "cannot attribute packet to a network.");
8198 return (ISC_FALSE);
8199 }
8200
8201 /* Now that we've mapped it to a network, execute statments to that
8202 * scope, looking for the unicast option. We don't care about the
8203 * value of the option, only whether or not it is defined. */
8204 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
8205 &global_scope, shared->group, NULL, NULL);
8206
8207 oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
8208 is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
8209 log_debug("is_unicast_option_defined: option found : %d", is_defined);
8210
8211 if (shared != NULL) {
8212 shared_network_dereference(&shared, MDL);
8213 }
8214
8215 if (opt_state != NULL) {
8216 option_state_dereference(&opt_state, MDL);
8217 }
8218
8219 return (is_defined);
8220 }
8221
8222 /*!
8223 *
8224 * \brief Maps a packet to a shared network based on the requested IP address
8225 *
8226 * The function attempts to find a subnet that matches the first requested IP
8227 * address contained within the given packet. Note that it looks first for
8228 * D6O_IA_NAs, then D6O_IA_PDs and lastly D6O_IA_TAs. If a matching network is
8229 * found, a reference to it is returned in the parameter, shared.
8230 *
8231 * \param shared shared_network pointer which will receive the matching network
8232 * \param packet inbound packet from the client
8233 *
8234 * \return ISC_R_SUCCESS if the packet can be mapped to a shared_network.
8235 *
8236 */
8237 static isc_result_t
8238 shared_network_from_requested_addr (struct shared_network **shared,
8239 struct packet* packet) {
8240 struct iaddr iaddr;
8241 struct subnet* subnet = NULL;
8242 isc_result_t status = ISC_R_FAILURE;
8243
8244 /* Try to match first IA_ address or prefix we find to a subnet. In
8245 * theory all IA_ values in a given request are supposed to be in the
8246 * same subnet so we only need to try one right? */
8247 if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
8248 && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
8249 != ISC_R_SUCCESS)
8250 && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
8251 != ISC_R_SUCCESS)) {
8252 /* we found nothing to match against */
8253 log_debug("share_network_from_request_addr: nothing to match");
8254 return (ISC_R_FAILURE);
8255 }
8256
8257 if (!find_subnet(&subnet, iaddr, MDL)) {
8258 log_debug("shared_network_from_requested_addr:"
8259 "No subnet found for addr %s.", piaddr(iaddr));
8260 } else {
8261 status = shared_network_reference(shared,
8262 subnet->shared_network, MDL);
8263 subnet_dereference(&subnet, MDL);
8264 log_debug("shared_network_from_requested_addr:"
8265 " found shared network %s for address %s.",
8266 ((*shared)->name ? (*shared)->name : "unnamed"),
8267 piaddr(iaddr));
8268 return (status);
8269 }
8270
8271 return (ISC_R_FAILURE);
8272 }
8273
8274 /*!
8275 *
8276 * \brief Retrieves the first IP address from a given packet of a given type
8277 *
8278 * Search a packet for options of a given type (D6O_IA_AN, D6O_IA_PD, or
8279 * D6O_IA_TA) for the first non-blank IA_XX value and return its IP address
8280 * component.
8281 *
8282 * \param packet packet received from the client
8283 * \param addr_type the address option type (D6O_IA_NA , D6O_IA_PD, or
8284 * D6O_IP_TA) to look for within the packet.
8285 * \param iaddr pointer to the iaddr structure which will receive the extracted
8286 * address.
8287 *
8288 * \return ISC_R_SUCCESS if an address was succesfully extracted, ISC_R_FALURE
8289 * otherwise.
8290 *
8291 */
8292 static isc_result_t
8293 get_first_ia_addr_val (struct packet* packet, int addr_type,
8294 struct iaddr* iaddr) {
8295 struct option_cache *ia;
8296 struct option_cache *oc = NULL;
8297 struct data_string cli_enc_opt_data;
8298 struct option_state *cli_enc_opt_state;
8299 int addr_opt_offset;
8300 int addr_opt;
8301 int addr_opt_data_len;
8302 int ip_addr_offset;
8303
8304 isc_result_t status = ISC_R_FAILURE;
8305 memset(iaddr, 0, sizeof(struct iaddr));
8306
8307 /* Set up address type specifics */
8308 switch (addr_type) {
8309 case D6O_IA_NA:
8310 addr_opt_offset = IA_NA_OFFSET;
8311 addr_opt = D6O_IAADDR;
8312 addr_opt_data_len = 24;
8313 ip_addr_offset = 0;
8314 break;
8315 case D6O_IA_TA:
8316 addr_opt_offset = IA_TA_OFFSET;
8317 addr_opt = D6O_IAADDR;
8318 addr_opt_data_len = 24;
8319 ip_addr_offset = 0;
8320 break;
8321 case D6O_IA_PD:
8322 addr_opt_offset = IA_PD_OFFSET;
8323 addr_opt = D6O_IAPREFIX;
8324 addr_opt_data_len = 25;
8325 ip_addr_offset = 9;
8326 break;
8327 default:
8328 /* shouldn't be here */
8329 log_error ("get_first_ia_addr_val: invalid opt type %d",
8330 addr_type);
8331 return (ISC_R_FAILURE);
8332 }
8333
8334 /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
8335 for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
8336 ia != NULL && oc == NULL; ia = ia->next) {
8337 if (!get_encapsulated_IA_state(&cli_enc_opt_state,
8338 &cli_enc_opt_data,
8339 packet, ia, addr_opt_offset)) {
8340 log_debug ("get_first_ia_addr_val:"
8341 " couldn't unroll enclosing option");
8342 return (ISC_R_FAILURE);
8343 }
8344
8345 oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
8346 addr_opt);
8347 if (oc == NULL) {
8348 /* no address given for this IA, ignore */
8349 option_state_dereference(&cli_enc_opt_state, MDL);
8350 data_string_forget(&cli_enc_opt_data, MDL);
8351 }
8352 }
8353
8354 /* If we found a non-blank IA_XX then extract its ip address. */
8355 if (oc != NULL) {
8356 struct data_string iaddr_str;
8357
8358 memset(&iaddr_str, 0, sizeof(iaddr_str));
8359 if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
8360 packet->options, NULL, &global_scope,
8361 oc, MDL)) {
8362 log_error("get_first_ia_addr_val: "
8363 "error evaluating IA_XX option.");
8364 } else {
8365 if (iaddr_str.len != addr_opt_data_len) {
8366 log_error("shared_network_from_requested_addr:"
8367 " invalid length %d, expected %d",
8368 iaddr_str.len, addr_opt_data_len);
8369 } else {
8370 iaddr->len = 16;
8371 memcpy (iaddr->iabuf,
8372 iaddr_str.data + ip_addr_offset, 16);
8373 status = ISC_R_SUCCESS;
8374 }
8375 data_string_forget(&iaddr_str, MDL);
8376 }
8377
8378 option_state_dereference(&cli_enc_opt_state, MDL);
8379 data_string_forget(&cli_enc_opt_data, MDL);
8380 }
8381
8382 return (status);
8383 }
8384
8385 /*
8386 * \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
8387 *
8388 * T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
8389 * options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
8390 * where these can be configured by an administrator. A value of zero tells the
8391 * client it may choose its own value.
8392 *
8393 * When those options are not defined, the values will be set to zero unless
8394 * the global option, dhcpv6-set-tee-times is enabled. When this option is
8395 * enabled the values are calculated as recommended by RFC 3315, Section 22.4:
8396 *
8397 * T1 will be set to 0.5 times the shortest preferred lifetime
8398 * in the IA_XX option. If the "shortest" preferred lifetime is
8399 * 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
8400 *
8401 * T2 will be set to 0.8 times the shortest preferred lifetime
8402 * in the IA_XX option. If the "shortest" preferred lifetime is
8403 * 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
8404 *
8405 * Note that dhcpv6-set-tee-times is intended to be transitional and will
8406 * likely be removed in 4.4.0, leaving the behavior as getting the values
8407 * either from the configured parameters (if you want zeros, define them as
8408 * zeros) or by calculating them per the RFC.
8409 *
8410 * \param reply - pointer to the reply_state structure
8411 * \param ia_cursor - offset of the beginning of the IA_XX option within the
8412 * reply's outbound data buffer
8413 */
8414 static void
8415 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8416 {
8417 struct option_cache *oc;
8418 int set_tee_times;
8419
8420 /* Found out if calculated values are enabled. */
8421 oc = lookup_option(&server_universe, reply->opt_state,
8422 SV_DHCPV6_SET_TEE_TIMES);
8423 set_tee_times = (oc &&
8424 evaluate_boolean_option_cache(NULL, reply->packet,
8425 NULL, NULL,
8426 reply->packet->options,
8427 reply->opt_state,
8428 &global_scope, oc, MDL));
8429
8430 oc = lookup_option(&dhcp_universe, reply->opt_state,
8431 DHO_DHCP_RENEWAL_TIME);
8432 if (oc != NULL) {
8433 /* dhcp-renewal-time is defined, use it */
8434 struct data_string data;
8435 memset(&data, 0x00, sizeof(data));
8436
8437 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8438 reply->packet->options,
8439 reply->opt_state, &global_scope,
8440 oc, MDL) ||
8441 (data.len != 4)) {
8442 log_error("Invalid renewal time.");
8443 reply->renew = 0;
8444 } else {
8445 reply->renew = getULong(data.data);
8446 }
8447
8448 if (data.data != NULL)
8449 data_string_forget(&data, MDL);
8450 } else if (set_tee_times) {
8451 /* Setting them is enabled so T1 is either infinite or
8452 * 0.5 * the shortest preferred lifetime in the IA_XX */
8453 if (reply->min_prefer == INFINITE_TIME)
8454 reply->renew = INFINITE_TIME;
8455 else
8456 reply->renew = reply->min_prefer / 2;
8457 } else {
8458 /* Default is to let the client choose */
8459 reply->renew = 0;
8460 }
8461
8462 putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8463
8464 /* Now T2. */
8465 oc = lookup_option(&dhcp_universe, reply->opt_state,
8466 DHO_DHCP_REBINDING_TIME);
8467 if (oc != NULL) {
8468 /* dhcp-rebinding-time is defined, use it */
8469 struct data_string data;
8470 memset(&data, 0x00, sizeof(data));
8471
8472 if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8473 reply->packet->options,
8474 reply->opt_state, &global_scope,
8475 oc, MDL) ||
8476 (data.len != 4)) {
8477 log_error("Invalid rebinding time.");
8478 reply->rebind = 0;
8479 } else {
8480 reply->rebind = getULong(data.data);
8481 }
8482
8483 if (data.data != NULL)
8484 data_string_forget(&data, MDL);
8485 } else if (set_tee_times) {
8486 /* Setting them is enabled so T2 is either infinite or
8487 * 0.8 * the shortest preferred lifetime in the reply */
8488 if (reply->min_prefer == INFINITE_TIME)
8489 reply->rebind = INFINITE_TIME;
8490 else
8491 reply->rebind = (reply->min_prefer / 5) * 4;
8492 } else {
8493 /* Default is to let the client choose */
8494 reply->rebind = 0;
8495 }
8496
8497 putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8498 }
8499
8500 /*
8501 * Releases the iasubopts in the pre-existing IA, if they are not in
8502 * the same shared-network as the new IA.
8503 *
8504 * returns 1 if the release was done, 0 otherwise
8505 */
8506 int
8507 release_on_roam(struct reply_state* reply) {
8508 struct ia_xx* old_ia = reply->old_ia;
8509 struct iasubopt *lease = NULL;
8510 int i;
8511
8512 if ((!do_release_on_roam) || old_ia == NULL
8513 || old_ia->num_iasubopt <= 0) {
8514 return(0);
8515 }
8516
8517 /* If the old shared-network and new are the same, client hasn't
8518 * roamed, nothing to do. We only check the first one because you
8519 * cannot have iasubopts on different shared-networks within a
8520 * single ia. */
8521 lease = old_ia->iasubopt[0];
8522 if (lease->ipv6_pool->shared_network == reply->shared) {
8523 return (0);
8524 }
8525
8526 /* Old and new are on different shared networks so the client must
8527 * roamed. Release the old leases. */
8528 for (i = 0; i < old_ia->num_iasubopt; i++) {
8529 lease = old_ia->iasubopt[i];
8530
8531 log_info("Client: %s roamed to new network,"
8532 " releasing lease: %s%s",
8533 print_hex_1(reply->client_id.len,
8534 reply->client_id.data, 60),
8535 pin6_addr(&lease->addr), iasubopt_plen_str(lease));
8536
8537 release_lease6(lease->ipv6_pool, lease);
8538 lease->ia->cltt = cur_time;
8539 write_ia(lease->ia);
8540 }
8541
8542 return (1);
8543 }
8544
8545 /*
8546 * Convenience function which returns a string (static buffer)
8547 * containing either a "/" followed by the prefix length or an
8548 * empty string depending on the lease type
8549 */
8550 const char *iasubopt_plen_str(struct iasubopt *lease) {
8551 static char prefix_buf[16];
8552 *prefix_buf = 0;
8553 if ((lease->ia) && (lease->ia->ia_type == D6O_IA_PD)) {
8554 sprintf(prefix_buf, "/%-d", lease->plen);
8555 }
8556
8557 return (prefix_buf);
8558 }
8559
8560 #ifdef NSUPDATE
8561 /*
8562 * Initiates DDNS updates for static v6 leases if configured to do so.
8563 *
8564 * The function, which must be called after the IA has been written to the
8565 * packet, adds an iasubopt to the IA for static lease. This is done so we
8566 * have an iasubopt to pass into ddns_updates(). A reference to the IA is
8567 * added to the DDNS control block to ensure it and it's iasubopt remain in
8568 * scope until the update is complete.
8569 *
8570 */
8571 void ddns_update_static6(struct reply_state* reply) {
8572 struct iasubopt *iasub = NULL;
8573 struct binding_scope *scope = NULL;
8574 struct option_cache *oc = NULL;
8575
8576 oc = lookup_option(&server_universe, reply->opt_state, SV_DDNS_UPDATES);
8577 if ((oc != NULL) &&
8578 (evaluate_boolean_option_cache(NULL, reply->packet, NULL, NULL,
8579 reply->packet->options,
8580 reply->opt_state, NULL,
8581 oc, MDL) == 0)) {
8582 return;
8583 }
8584
8585 oc = lookup_option(&server_universe, reply->opt_state,
8586 SV_UPDATE_STATIC_LEASES);
8587 if ((oc == NULL) ||
8588 (evaluate_boolean_option_cache(NULL, reply->packet,
8589 NULL, NULL,
8590 reply->packet->options,
8591 reply->opt_state, NULL,
8592 oc, MDL) == 0)) {
8593 return;
8594 }
8595
8596 if (iasubopt_allocate(&iasub, MDL) != ISC_R_SUCCESS) {
8597 log_fatal("No memory for iasubopt.");
8598 }
8599
8600 if (ia_add_iasubopt(reply->ia, iasub, MDL) != ISC_R_SUCCESS) {
8601 log_fatal("Could not add iasubopt.");
8602 }
8603
8604 ia_reference(&iasub->ia, reply->ia, MDL);
8605
8606 memcpy(iasub->addr.s6_addr, reply->fixed.data, 16);
8607 iasub->plen = 0;
8608 iasub->prefer = MAX_TIME;
8609 iasub->valid = MAX_TIME;
8610 iasub->static_lease = 1;
8611
8612 if (!binding_scope_allocate(&scope, MDL)) {
8613 log_fatal("Out of memory for binding scope.");
8614 }
8615
8616 binding_scope_reference(&iasub->scope, scope, MDL);
8617
8618 ddns_updates(reply->packet, NULL, NULL, iasub, NULL, reply->opt_state);
8619 }
8620 #endif /* NSUPDATE */
8621
8622 #endif /* DHCPv6 */
Mirror of https://github.com/isc-projects/dhcp.git