]> git.ipfire.org Git - thirdparty/dhcp.git/blob - server/mdb6.c
projects / thirdparty / dhcp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[master] Server now supports EUI-64 based address allocation scheme
[thirdparty/dhcp.git] / server / mdb6.c
1 /*
2 * Copyright (C) 2007-2017 by Internet Systems Consortium, Inc. ("ISC")
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 /*!
18 * \todo assert()
19 * \todo simplify functions, as pool is now in iaaddr
20 */
21
22 /*! \file server/mdb6.c
23 *
24 * \page ipv6structures IPv6 Structures Overview
25 *
26 * A brief description of the IPv6 structures as reverse engineered.
27 *
28 * There are four major data structures in the lease configuraion.
29 *
30 * - shared_network - The shared network is the outer enclosing scope for a
31 * network region that shares a broadcast domain. It is
32 * composed of one or more subnets all of which are valid
33 * in the given region. The share network may be
34 * explicitly defined or implicitly created if there is
35 * only a subnet statement. This structrure is shared
36 * with v4. Each shared network statment or naked subnet
37 * will map to one of these structures
38 *
39 * - subnet - The subnet structure mostly specifies the address range
40 * that could be valid in a given region. This structute
41 * doesn't include the addresses that the server can delegate
42 * those are in the ipv6_pool. This structure is also shared
43 * with v4. Each subnet statement will map to one of these
44 * structures.
45 *
46 * - ipv6_pond - The pond structure is a grouping of the address and prefix
47 * information via the pointers to the ipv6_pool and the
48 * allowability of this pool for given clinets via the permit
49 * lists and the valid TIMEs. This is equivilent to the v4
50 * pool structure and would have been named ip6_pool except
51 * that the name was already in use. Generally each pool6
52 * statement will map to one of these structures. In addition
53 * there may be one or for each group of naked range6 and
54 * prefix6 statements within a shared network that share
55 * the same group of statements.
56 *
57 * - ipv6_pool - this contains information about a pool of addresses or prefixes
58 * that the server is using. This includes a hash table that
59 * tracks the active items and a pair of heap tables one for
60 * active items and one for non-active items. The heap tables
61 * are used to determine the next items to be modified due to
62 * timing events (expire mostly).
63 *
64 * The linkages then look like this:
65 * \verbatim
66 *+--------------+ +-------------+
67 *|Shared Network| | ipv6_pond |
68 *| group | | group |
69 *| | | permit info |
70 *| | | next ---->
71 *| ponds ---->| |
72 *| |<---- shared |
73 *| Subnets | | pools |
74 *+-----|--------+ +------|------+
75 * | ^ | ^
76 * | | v |
77 * | | +-----------|-+
78 * | | | ipv6_pool | |
79 * | | | type | |
80 * | | | ipv6_pond |
81 * | | | |
82 * | | | next ---->
83 * | | | |
84 * | | | subnet |
85 * | | +-----|-------+
86 * | | |
87 * | | v
88 * | | +-------------+
89 * | | | subnet |
90 * | +---------- shared |
91 * +----------->| |
92 * | group |
93 * +-------------+
94 *
95 * The shared network contains a list of all the subnets that are on a broadcast
96 * doamin. These can be used to determine if an address makes sense in a given
97 * domain, but the subnets do not contain the addresses the server can delegate.
98 * Those are stored in the ponds and pools.
99 *
100 * In the simple case to find an acceptable address the server would first find
101 * the shared network the client is on based on either the interface used to
102 * receive the request or the relay agent's information. From the shared
103 * network the server will walk through it's list of ponds. For each pond it
104 * will evaluate the permit information against the (already done) classification.
105 * If it finds an acceptable pond it will then walk through the pools for that
106 * pond. The server first checks the type of the pool (NA, TA and PD) agaisnt the
107 * request and if they match it attemps to find an address within that pool. On
108 * success the address is used, on failure the server steps to the next pool and
109 * if necessary to the next pond.
110 *
111 * When the server is successful in finding an address it will execute any
112 * statements assocaited with the pond, then the subnet, then the shared
113 * network the group field is for in the above picture).
114 *
115 * In configurations that don't include either a shared network or a pool6
116 * statement (or both) the missing pieces are created.
117 *
118 *
119 * There are three major data structuress involved in the lease database:
120 *
121 * - ipv6_pool - see above
122 * - ia_xx - this contains information about a single IA from a request
123 * normally it will contain one pointer to a lease for the client
124 * but it may contain more in some circumstances. There are 3
125 * hash tables to aid in accessing these one each for NA, TA and PD.
126 * - iasubopt - the v6 lease structure. These are created dynamically when
127 * a client asks for something and will eventually be destroyed
128 * if the client doesn't re-ask for that item. A lease has space
129 * for backpointers to the IA and to the pool to which it belongs.
130 * The pool backpointer is always filled, the IA pointer may not be.
131 *
132 * In normal use we then have something like this:
133 *
134 * \verbatim
135 * ia hash tables
136 * ia_na_active +----------------+
137 * ia_ta_active +------------+ | pool |
138 * ia_pd_active | iasubopt |<--| active hash |
139 * +-----------------+ | aka lease |<--| active heap |
140 * | ia_xx | | pool ptr |-->| |
141 * | iasubopt array |<---| iaptr |<--| inactive heap |
142 * | lease ptr |--->| | | |
143 * +-----------------+ +------------+ +----------------+
144 * \endverbatim
145 *
146 * For the pool either the inactive heap will have a pointer
147 * or both the active heap and the active hash will have pointers.
148 *
149 * I think there are several major items to notice. The first is
150 * that as a lease moves around it will be added to and removed
151 * from the address hash table in the pool and between the active
152 * and inactive hash tables. The hash table and the active heap
153 * are used when the lease is either active or abandoned. The
154 * inactive heap is used for all other states. In particular a
155 * lease that has expired or been released will be cleaned
156 * (DDNS removal etc) and then moved to the inactive heap. After
157 * some time period (currently 1 hour) it will be freed.
158 *
159 * The second is that when a client requests specific addresses,
160 * either because it previously owned them or if the server supplied
161 * them as part of a solicit, the server will try to lookup the ia_xx
162 * associated with the client and find the addresses there. If it
163 * does find appropriate leases it moves them from the old IA to
164 * a new IA and eventually replaces the old IA with the new IA
165 * in the IA hash tables.
166 *
167 */
168 #include "config.h"
169
170 #include <sys/types.h>
171 #include <time.h>
172 #include <netinet/in.h>
173
174 #include <stdarg.h>
175 #include "dhcpd.h"
176 #include "omapip/omapip.h"
177 #include "omapip/hash.h"
178 #include <isc/md5.h>
179
180 HASH_FUNCTIONS(ia, unsigned char *, struct ia_xx, ia_hash_t,
181 ia_reference, ia_dereference, do_string_hash)
182
183 ia_hash_t *ia_na_active;
184 ia_hash_t *ia_ta_active;
185 ia_hash_t *ia_pd_active;
186
187 HASH_FUNCTIONS(iasubopt, struct in6_addr *, struct iasubopt, iasubopt_hash_t,
188 iasubopt_reference, iasubopt_dereference, do_string_hash)
189
190 struct ipv6_pool **pools;
191 int num_pools;
192
193 /*
194 * Create a new IAADDR/PREFIX structure.
195 *
196 * - iasubopt must be a pointer to a (struct iasubopt *) pointer previously
197 * initialized to NULL
198 */
199 isc_result_t
200 iasubopt_allocate(struct iasubopt **iasubopt, const char *file, int line) {
201 struct iasubopt *tmp;
202
203 if (iasubopt == NULL) {
204 log_error("%s(%d): NULL pointer reference", file, line);
205 return DHCP_R_INVALIDARG;
206 }
207 if (*iasubopt != NULL) {
208 log_error("%s(%d): non-NULL pointer", file, line);
209 return DHCP_R_INVALIDARG;
210 }
211
212 tmp = dmalloc(sizeof(*tmp), file, line);
213 if (tmp == NULL) {
214 return ISC_R_NOMEMORY;
215 }
216
217 tmp->refcnt = 1;
218 tmp->state = FTS_FREE;
219 tmp->heap_index = -1;
220 tmp->plen = 255;
221
222 *iasubopt = tmp;
223 return ISC_R_SUCCESS;
224 }
225
226 /*
227 * Reference an IAADDR/PREFIX structure.
228 *
229 * - iasubopt must be a pointer to a (struct iasubopt *) pointer previously
230 * initialized to NULL
231 */
232 isc_result_t
233 iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src,
234 const char *file, int line) {
235 if (iasubopt == NULL) {
236 log_error("%s(%d): NULL pointer reference", file, line);
237 return DHCP_R_INVALIDARG;
238 }
239 if (*iasubopt != NULL) {
240 log_error("%s(%d): non-NULL pointer", file, line);
241 return DHCP_R_INVALIDARG;
242 }
243 if (src == NULL) {
244 log_error("%s(%d): NULL pointer reference", file, line);
245 return DHCP_R_INVALIDARG;
246 }
247 *iasubopt = src;
248 src->refcnt++;
249 return ISC_R_SUCCESS;
250 }
251
252
253 /*
254 * Dereference an IAADDR/PREFIX structure.
255 *
256 * If it is the last reference, then the memory for the
257 * structure is freed.
258 */
259 isc_result_t
260 iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line) {
261 struct iasubopt *tmp;
262
263 if ((iasubopt == NULL) || (*iasubopt == NULL)) {
264 log_error("%s(%d): NULL pointer", file, line);
265 return DHCP_R_INVALIDARG;
266 }
267
268 tmp = *iasubopt;
269 *iasubopt = NULL;
270
271 tmp->refcnt--;
272 if (tmp->refcnt < 0) {
273 log_error("%s(%d): negative refcnt", file, line);
274 tmp->refcnt = 0;
275 }
276 if (tmp->refcnt == 0) {
277 if (tmp->ia != NULL) {
278 ia_dereference(&(tmp->ia), file, line);
279 }
280 if (tmp->ipv6_pool != NULL) {
281 ipv6_pool_dereference(&(tmp->ipv6_pool), file, line);
282 }
283 if (tmp->scope != NULL) {
284 binding_scope_dereference(&tmp->scope, file, line);
285 }
286
287 if (tmp->on_star.on_expiry != NULL) {
288 executable_statement_dereference
289 (&tmp->on_star.on_expiry, MDL);
290 }
291 if (tmp->on_star.on_commit != NULL) {
292 executable_statement_dereference
293 (&tmp->on_star.on_commit, MDL);
294 }
295 if (tmp->on_star.on_release != NULL) {
296 executable_statement_dereference
297 (&tmp->on_star.on_release, MDL);
298 }
299
300 dfree(tmp, file, line);
301 }
302
303 return ISC_R_SUCCESS;
304 }
305
306 /*
307 * Make the key that we use for IA.
308 */
309 isc_result_t
310 ia_make_key(struct data_string *key, u_int32_t iaid,
311 const char *duid, unsigned int duid_len,
312 const char *file, int line) {
313
314 memset(key, 0, sizeof(*key));
315 key->len = duid_len + sizeof(iaid);
316 if (!buffer_allocate(&(key->buffer), key->len, file, line)) {
317 return ISC_R_NOMEMORY;
318 }
319 key->data = key->buffer->data;
320 memcpy((char *)key->data, &iaid, sizeof(iaid));
321 memcpy((char *)key->data + sizeof(iaid), duid, duid_len);
322
323 return ISC_R_SUCCESS;
324 }
325
326 /*
327 * Create a new IA structure.
328 *
329 * - ia must be a pointer to a (struct ia_xx *) pointer previously
330 * initialized to NULL
331 * - iaid and duid are values from the client
332 *
333 * XXXsk: we don't concern ourself with the byte order of the IAID,
334 * which might be a problem if we transfer this structure
335 * between machines of different byte order
336 */
337 isc_result_t
338 ia_allocate(struct ia_xx **ia, u_int32_t iaid,
339 const char *duid, unsigned int duid_len,
340 const char *file, int line) {
341 struct ia_xx *tmp;
342
343 if (ia == NULL) {
344 log_error("%s(%d): NULL pointer reference", file, line);
345 return DHCP_R_INVALIDARG;
346 }
347 if (*ia != NULL) {
348 log_error("%s(%d): non-NULL pointer", file, line);
349 return DHCP_R_INVALIDARG;
350 }
351
352 tmp = dmalloc(sizeof(*tmp), file, line);
353 if (tmp == NULL) {
354 return ISC_R_NOMEMORY;
355 }
356
357 if (ia_make_key(&tmp->iaid_duid, iaid,
358 duid, duid_len, file, line) != ISC_R_SUCCESS) {
359 dfree(tmp, file, line);
360 return ISC_R_NOMEMORY;
361 }
362
363 tmp->refcnt = 1;
364
365 *ia = tmp;
366 return ISC_R_SUCCESS;
367 }
368
369 /*
370 * Reference an IA structure.
371 *
372 * - ia must be a pointer to a (struct ia_xx *) pointer previously
373 * initialized to NULL
374 */
375 isc_result_t
376 ia_reference(struct ia_xx **ia, struct ia_xx *src,
377 const char *file, int line) {
378 if (ia == NULL) {
379 log_error("%s(%d): NULL pointer reference", file, line);
380 return DHCP_R_INVALIDARG;
381 }
382 if (*ia != NULL) {
383 log_error("%s(%d): non-NULL pointer", file, line);
384 return DHCP_R_INVALIDARG;
385 }
386 if (src == NULL) {
387 log_error("%s(%d): NULL pointer reference", file, line);
388 return DHCP_R_INVALIDARG;
389 }
390 *ia = src;
391 src->refcnt++;
392 return ISC_R_SUCCESS;
393 }
394
395 /*
396 * Dereference an IA structure.
397 *
398 * If it is the last reference, then the memory for the
399 * structure is freed.
400 */
401 isc_result_t
402 ia_dereference(struct ia_xx **ia, const char *file, int line) {
403 struct ia_xx *tmp;
404 int i;
405
406 if ((ia == NULL) || (*ia == NULL)) {
407 log_error("%s(%d): NULL pointer", file, line);
408 return DHCP_R_INVALIDARG;
409 }
410
411 tmp = *ia;
412 *ia = NULL;
413
414 tmp->refcnt--;
415 if (tmp->refcnt < 0) {
416 log_error("%s(%d): negative refcnt", file, line);
417 tmp->refcnt = 0;
418 }
419 if (tmp->refcnt == 0) {
420 if (tmp->iasubopt != NULL) {
421 for (i=0; i<tmp->num_iasubopt; i++) {
422 iasubopt_dereference(&(tmp->iasubopt[i]),
423 file, line);
424 }
425 dfree(tmp->iasubopt, file, line);
426 }
427 data_string_forget(&(tmp->iaid_duid), file, line);
428 dfree(tmp, file, line);
429 }
430 return ISC_R_SUCCESS;
431 }
432
433
434 /*
435 * Add an IAADDR/PREFIX entry to an IA structure.
436 */
437 isc_result_t
438 ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt,
439 const char *file, int line) {
440 int max;
441 struct iasubopt **new;
442
443 /*
444 * Grow our array if we need to.
445 *
446 * Note: we pick 4 as the increment, as that seems a reasonable
447 * guess as to how many addresses/prefixes we might expect
448 * on an interface.
449 */
450 if (ia->max_iasubopt <= ia->num_iasubopt) {
451 max = ia->max_iasubopt + 4;
452 new = dmalloc(max * sizeof(struct iasubopt *), file, line);
453 if (new == NULL) {
454 return ISC_R_NOMEMORY;
455 }
456 memcpy(new, ia->iasubopt,
457 ia->num_iasubopt * sizeof(struct iasubopt *));
458 ia->iasubopt = new;
459 ia->max_iasubopt = max;
460 }
461
462 iasubopt_reference(&(ia->iasubopt[ia->num_iasubopt]), iasubopt,
463 file, line);
464 ia->num_iasubopt++;
465
466 return ISC_R_SUCCESS;
467 }
468
469 /*
470 * Remove an IAADDR/PREFIX entry to an IA structure.
471 *
472 * Note: if a suboption appears more than once, then only ONE will be removed.
473 */
474 void
475 ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt,
476 const char *file, int line) {
477 int i, j;
478 if (ia == NULL || iasubopt == NULL)
479 return;
480
481 for (i=0; i<ia->num_iasubopt; i++) {
482 if (ia->iasubopt[i] == iasubopt) {
483 /* remove this sub option */
484 iasubopt_dereference(&(ia->iasubopt[i]), file, line);
485 /* move remaining suboption pointers down one */
486 for (j=i+1; j < ia->num_iasubopt; j++) {
487 ia->iasubopt[j-1] = ia->iasubopt[j];
488 }
489 /* decrease our total count */
490 /* remove the back-reference in the suboption itself */
491 ia_dereference(&iasubopt->ia, file, line);
492 ia->num_iasubopt--;
493 return;
494 }
495 }
496 log_error("%s(%d): IAADDR/PREFIX not in IA", file, line);
497 }
498
499 /*
500 * Remove all addresses/prefixes from an IA.
501 */
502 void
503 ia_remove_all_lease(struct ia_xx *ia, const char *file, int line) {
504 int i;
505
506 for (i=0; i<ia->num_iasubopt; i++) {
507 ia_dereference(&(ia->iasubopt[i]->ia), file, line);
508 iasubopt_dereference(&(ia->iasubopt[i]), file, line);
509 }
510 ia->num_iasubopt = 0;
511 }
512
513 /*
514 * Compare two IA.
515 */
516 isc_boolean_t
517 ia_equal(const struct ia_xx *a, const struct ia_xx *b)
518 {
519 isc_boolean_t found;
520 int i, j;
521
522 /*
523 * Handle cases where one or both of the inputs is NULL.
524 */
525 if (a == NULL) {
526 if (b == NULL) {
527 return ISC_TRUE;
528 } else {
529 return ISC_FALSE;
530 }
531 }
532
533 /*
534 * Check the type is the same.
535 */
536 if (a->ia_type != b->ia_type) {
537 return ISC_FALSE;
538 }
539
540 /*
541 * Check the DUID is the same.
542 */
543 if (a->iaid_duid.len != b->iaid_duid.len) {
544 return ISC_FALSE;
545 }
546 if (memcmp(a->iaid_duid.data,
547 b->iaid_duid.data, a->iaid_duid.len) != 0) {
548 return ISC_FALSE;
549 }
550
551 /*
552 * Make sure we have the same number of addresses/prefixes in each.
553 */
554 if (a->num_iasubopt != b->num_iasubopt) {
555 return ISC_FALSE;
556 }
557
558 /*
559 * Check that each address/prefix is present in both.
560 */
561 for (i=0; i<a->num_iasubopt; i++) {
562 found = ISC_FALSE;
563 for (j=0; j<a->num_iasubopt; j++) {
564 if (a->iasubopt[i]->plen != b->iasubopt[i]->plen)
565 continue;
566 if (memcmp(&(a->iasubopt[i]->addr),
567 &(b->iasubopt[j]->addr),
568 sizeof(struct in6_addr)) == 0) {
569 found = ISC_TRUE;
570 break;
571 }
572 }
573 if (!found) {
574 return ISC_FALSE;
575 }
576 }
577
578 /*
579 * These are the same in every way we care about.
580 */
581 return ISC_TRUE;
582 }
583
584 /*
585 * Helper function for lease heaps.
586 * Makes the top of the heap the oldest lease.
587 */
588 static isc_boolean_t
589 lease_older(void *a, void *b) {
590 struct iasubopt *la = (struct iasubopt *)a;
591 struct iasubopt *lb = (struct iasubopt *)b;
592
593 if (la->hard_lifetime_end_time == lb->hard_lifetime_end_time) {
594 return difftime(la->soft_lifetime_end_time,
595 lb->soft_lifetime_end_time) < 0;
596 } else {
597 return difftime(la->hard_lifetime_end_time,
598 lb->hard_lifetime_end_time) < 0;
599 }
600 }
601
602 /*
603 * Helper function for lease address/prefix heaps.
604 * Callback when an address's position in the heap changes.
605 */
606 static void
607 lease_index_changed(void *iasubopt, unsigned int new_heap_index) {
608 ((struct iasubopt *)iasubopt)-> heap_index = new_heap_index;
609 }
610
611
612 /*!
613 *
614 * \brief Create a new IPv6 lease pool structure
615 *
616 * Allocate space for a new ipv6_pool structure and return a reference
617 * to it, includes setting the reference count to 1.
618 *
619 * \param pool = space for returning a referenced pointer to the pool.
620 * This must point to a space that has been initialzied
621 * to NULL by the caller.
622 * \param[in] type = The type of the pool NA, TA or PD
623 * \param[in] start_addr = The first address in the range for the pool
624 * \param[in] bits = The contiguous bits of the pool
625
626 *
627 * \return
628 * ISC_R_SUCCESS = The pool was successfully created, pool points to it.
629 * DHCP_R_INVALIDARG = One of the arugments was invalid, pool has not been
630 * modified
631 * ISC_R_NOMEMORY = The system wasn't able to allocate memory, pool has
632 * not been modified.
633 */
634 isc_result_t
635 ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type,
636 const struct in6_addr *start_addr, int bits,
637 int units, const char *file, int line) {
638 struct ipv6_pool *tmp;
639
640 if (pool == NULL) {
641 log_error("%s(%d): NULL pointer reference", file, line);
642 return DHCP_R_INVALIDARG;
643 }
644 if (*pool != NULL) {
645 log_error("%s(%d): non-NULL pointer", file, line);
646 return DHCP_R_INVALIDARG;
647 }
648
649 tmp = dmalloc(sizeof(*tmp), file, line);
650 if (tmp == NULL) {
651 return ISC_R_NOMEMORY;
652 }
653
654 tmp->refcnt = 1;
655 tmp->pool_type = type;
656 tmp->start_addr = *start_addr;
657 tmp->bits = bits;
658 tmp->units = units;
659 if (!iasubopt_new_hash(&tmp->leases, DEFAULT_HASH_SIZE, file, line)) {
660 dfree(tmp, file, line);
661 return ISC_R_NOMEMORY;
662 }
663 if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
664 0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) {
665 iasubopt_free_hash_table(&(tmp->leases), file, line);
666 dfree(tmp, file, line);
667 return ISC_R_NOMEMORY;
668 }
669 if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
670 0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) {
671 isc_heap_destroy(&(tmp->active_timeouts));
672 iasubopt_free_hash_table(&(tmp->leases), file, line);
673 dfree(tmp, file, line);
674 return ISC_R_NOMEMORY;
675 }
676
677 *pool = tmp;
678 return ISC_R_SUCCESS;
679 }
680
681 /*!
682 *
683 * \brief reference an IPv6 pool structure.
684 *
685 * This function genreates a reference to an ipv6_pool structure
686 * and increments the reference count on the structure.
687 *
688 * \param[out] pool = space for returning a referenced pointer to the pool.
689 * This must point to a space that has been initialzied
690 * to NULL by the caller.
691 * \param[in] src = A pointer to the pool to reference. This must not be
692 * NULL.
693 *
694 * \return
695 * ISC_R_SUCCESS = The pool was successfully referenced, pool now points
696 * to src.
697 * DHCP_R_INVALIDARG = One of the arugments was invalid, pool has not been
698 * modified.
699 */
700 isc_result_t
701 ipv6_pool_reference(struct ipv6_pool **pool, struct ipv6_pool *src,
702 const char *file, int line) {
703 if (pool == NULL) {
704 log_error("%s(%d): NULL pointer reference", file, line);
705 return DHCP_R_INVALIDARG;
706 }
707 if (*pool != NULL) {
708 log_error("%s(%d): non-NULL pointer", file, line);
709 return DHCP_R_INVALIDARG;
710 }
711 if (src == NULL) {
712 log_error("%s(%d): NULL pointer reference", file, line);
713 return DHCP_R_INVALIDARG;
714 }
715 *pool = src;
716 src->refcnt++;
717 return ISC_R_SUCCESS;
718 }
719
720 /*
721 * Note: Each IAADDR/PREFIX in a pool is referenced by the pool. This is needed
722 * to prevent the lease from being garbage collected out from under the
723 * pool.
724 *
725 * The references are made from the hash and from the heap. The following
726 * helper functions dereference these when a pool is destroyed.
727 */
728
729 /*
730 * Helper function for pool cleanup.
731 * Dereference each of the hash entries in a pool.
732 */
733 static isc_result_t
734 dereference_hash_entry(const void *name, unsigned len, void *value) {
735 struct iasubopt *iasubopt = (struct iasubopt *)value;
736
737 iasubopt_dereference(&iasubopt, MDL);
738 return ISC_R_SUCCESS;
739 }
740
741 /*
742 * Helper function for pool cleanup.
743 * Dereference each of the heap entries in a pool.
744 */
745 static void
746 dereference_heap_entry(void *value, void *dummy) {
747 struct iasubopt *iasubopt = (struct iasubopt *)value;
748
749 iasubopt_dereference(&iasubopt, MDL);
750 }
751
752 /*!
753 *
754 * \brief de-reference an IPv6 pool structure.
755 *
756 * This function decrements the reference count in an ipv6_pool structure.
757 * If this was the last reference then the memory for the structure is
758 * freed.
759 *
760 * \param[in] pool = A pointer to the pointer to the pool that should be
761 * de-referenced. On success the pointer to the pool
762 * is cleared. It must not be NULL and must not point
763 * to NULL.
764 *
765 * \return
766 * ISC_R_SUCCESS = The pool was successfully de-referenced, pool now points
767 * to NULL
768 * DHCP_R_INVALIDARG = One of the arugments was invalid, pool has not been
769 * modified.
770 */
771 isc_result_t
772 ipv6_pool_dereference(struct ipv6_pool **pool, const char *file, int line) {
773 struct ipv6_pool *tmp;
774
775 if ((pool == NULL) || (*pool == NULL)) {
776 log_error("%s(%d): NULL pointer", file, line);
777 return DHCP_R_INVALIDARG;
778 }
779
780 tmp = *pool;
781 *pool = NULL;
782
783 tmp->refcnt--;
784 if (tmp->refcnt < 0) {
785 log_error("%s(%d): negative refcnt", file, line);
786 tmp->refcnt = 0;
787 }
788 if (tmp->refcnt == 0) {
789 iasubopt_hash_foreach(tmp->leases, dereference_hash_entry);
790 iasubopt_free_hash_table(&(tmp->leases), file, line);
791 isc_heap_foreach(tmp->active_timeouts,
792 dereference_heap_entry, NULL);
793 isc_heap_destroy(&(tmp->active_timeouts));
794 isc_heap_foreach(tmp->inactive_timeouts,
795 dereference_heap_entry, NULL);
796 isc_heap_destroy(&(tmp->inactive_timeouts));
797 dfree(tmp, file, line);
798 }
799
800 return ISC_R_SUCCESS;
801 }
802
803 /*
804 * Create an address by hashing the input, and using that for
805 * the non-network part.
806 */
807 static void
808 build_address6(struct in6_addr *addr,
809 const struct in6_addr *net_start_addr, int net_bits,
810 const struct data_string *input) {
811 isc_md5_t ctx;
812 int net_bytes;
813 int i;
814 char *str;
815 const char *net_str;
816
817 /*
818 * Use MD5 to get a nice 128 bit hash of the input.
819 * Yes, we know MD5 isn't cryptographically sound.
820 * No, we don't care.
821 */
822 isc_md5_init(&ctx);
823 isc_md5_update(&ctx, input->data, input->len);
824 isc_md5_final(&ctx, (unsigned char *)addr);
825
826 /*
827 * Copy the [0..128] network bits over.
828 */
829 str = (char *)addr;
830 net_str = (const char *)net_start_addr;
831 net_bytes = net_bits / 8;
832 for (i = 0; i < net_bytes; i++) {
833 str[i] = net_str[i];
834 }
835 switch (net_bits % 8) {
836 case 1: str[i] = (str[i] & 0x7F) | (net_str[i] & 0x80); break;
837 case 2: str[i] = (str[i] & 0x3F) | (net_str[i] & 0xC0); break;
838 case 3: str[i] = (str[i] & 0x1F) | (net_str[i] & 0xE0); break;
839 case 4: str[i] = (str[i] & 0x0F) | (net_str[i] & 0xF0); break;
840 case 5: str[i] = (str[i] & 0x07) | (net_str[i] & 0xF8); break;
841 case 6: str[i] = (str[i] & 0x03) | (net_str[i] & 0xFC); break;
842 case 7: str[i] = (str[i] & 0x01) | (net_str[i] & 0xFE); break;
843 }
844
845 /*
846 * Set the universal/local bit ("u bit") to zero for /64s. The
847 * individual/group bit ("g bit") is unchanged, because the g-bit
848 * has no meaning when the u-bit is cleared.
849 */
850 if (net_bits == 64)
851 str[8] &= ~0x02;
852 }
853
854 #ifdef EUI_64
855 int
856 valid_eui_64_duid(const struct data_string* uid, int offset) {
857 if (uid->len == (offset + EUI_64_ID_LEN)) {
858 const unsigned char* duid = uid->data + offset;
859 return (((duid[0] == 0x00 && duid[1] == 0x03) &&
860 (duid[2] == 0x00 && duid[3] == 0x1b)));
861 }
862
863 return(0);
864 }
865
866
867 /*
868 * Create an EUI-64 address
869 */
870 static isc_result_t
871 build_address6_eui_64(struct in6_addr *addr,
872 const struct in6_addr *net_start_addr, int net_bits,
873 const struct data_string *iaid_duid, int duid_beg) {
874
875 if (net_bits != 64) {
876 log_error("build_address_eui_64: network is not 64 bits");
877 return (ISC_R_FAILURE);
878 }
879
880 if (valid_eui_64_duid(iaid_duid, duid_beg)) {
881 const unsigned char *duid = iaid_duid->data + duid_beg;
882
883 /* copy network prefix to the high 64 bits */
884 memcpy(addr->s6_addr, net_start_addr->s6_addr, 8);
885
886 /* copy Link-layer address to low 64 bits */
887 memcpy(addr->s6_addr + 8, duid + 4, 8);
888
889 /* RFC-3315 Any address assigned by a server that is based
890 * on an EUI-64 identifier MUST include an interface identifier
891 * with the "u" (universal/local) and "g" (individual/group)
892 * bits of the interface identifier set appropriately, as
893 * indicated in section 2.5.1 of RFC 2373 [5]. */
894 addr->s6_addr[8] |= 0x02;
895 return (ISC_R_SUCCESS);
896 }
897
898 log_error("build_address_eui_64: iaid_duid not a valid EUI-64: %s",
899 print_hex_1(iaid_duid->len, iaid_duid->data, 60));
900 return (ISC_R_FAILURE);
901 }
902
903 int
904 valid_for_eui_64_pool(struct ipv6_pool* pool, struct data_string* uid,
905 int duid_beg, struct in6_addr* ia_addr) {
906 struct in6_addr test_addr;
907 /* If it's not an EUI-64 pool bail */
908 if (!pool->ipv6_pond->use_eui_64) {
909 return (0);
910 }
911
912 if (!valid_eui_64_duid(uid, duid_beg)) {
913 /* Dynamic lease in a now eui_64 pond, toss it*/
914 return (0);
915 }
916
917 /* Call build_address6_eui_64() and compare it's result to
918 * this lease and see if they match. */
919 memset (&test_addr, 0, sizeof(test_addr));
920 build_address6_eui_64(&test_addr, &pool->start_addr, pool->bits,
921 uid, duid_beg);
922
923 return (!memcmp(ia_addr, &test_addr, sizeof(test_addr)));
924 }
925 #endif
926
927
928 /*
929 * Create a temporary address by a variant of RFC 4941 algo.
930 * Note: this should not be used for prefixes shorter than 64 bits.
931 */
932 static void
933 build_temporary6(struct in6_addr *addr,
934 const struct in6_addr *net_start_addr, int net_bits,
935 const struct data_string *input) {
936 static u_int32_t history[2];
937 static u_int32_t counter = 0;
938 isc_md5_t ctx;
939 unsigned char md[16];
940
941 /*
942 * First time/time to reseed.
943 * Please use a good pseudo-random generator here!
944 */
945 if (counter == 0) {
946 isc_random_get(&history[0]);
947 isc_random_get(&history[1]);
948 }
949
950 /*
951 * Use MD5 as recommended by RFC 4941.
952 */
953 isc_md5_init(&ctx);
954 isc_md5_update(&ctx, (unsigned char *)&history[0], 8UL);
955 isc_md5_update(&ctx, input->data, input->len);
956 isc_md5_final(&ctx, md);
957
958 /*
959 * Build the address.
960 */
961 if (net_bits == 64) {
962 memcpy(&addr->s6_addr[0], &net_start_addr->s6_addr[0], 8);
963 memcpy(&addr->s6_addr[8], md, 8);
964 addr->s6_addr[8] &= ~0x02;
965 } else {
966 int net_bytes;
967 int i;
968 char *str;
969 const char *net_str;
970
971 /*
972 * Copy the [0..128] network bits over.
973 */
974 str = (char *)addr;
975 net_str = (const char *)net_start_addr;
976 net_bytes = net_bits / 8;
977 for (i = 0; i < net_bytes; i++) {
978 str[i] = net_str[i];
979 }
980 memcpy(str + net_bytes, md, 16 - net_bytes);
981 switch (net_bits % 8) {
982 case 1: str[i] = (str[i] & 0x7F) | (net_str[i] & 0x80); break;
983 case 2: str[i] = (str[i] & 0x3F) | (net_str[i] & 0xC0); break;
984 case 3: str[i] = (str[i] & 0x1F) | (net_str[i] & 0xE0); break;
985 case 4: str[i] = (str[i] & 0x0F) | (net_str[i] & 0xF0); break;
986 case 5: str[i] = (str[i] & 0x07) | (net_str[i] & 0xF8); break;
987 case 6: str[i] = (str[i] & 0x03) | (net_str[i] & 0xFC); break;
988 case 7: str[i] = (str[i] & 0x01) | (net_str[i] & 0xFE); break;
989 }
990 }
991
992
993 /*
994 * Save history for the next call.
995 */
996 memcpy((unsigned char *)&history[0], md + 8, 8);
997 counter++;
998 }
999
1000 /* Reserved Subnet Router Anycast ::0:0:0:0. */
1001 static struct in6_addr rtany;
1002 /* Reserved Subnet Anycasts ::fdff:ffff:ffff:ff80-::fdff:ffff:ffff:ffff. */
1003 static struct in6_addr resany;
1004
1005 /*
1006 * Create a lease for the given address and client duid.
1007 *
1008 * - pool must be a pointer to a (struct ipv6_pool *) pointer previously
1009 * initialized to NULL
1010 *
1011 * Right now we simply hash the DUID, and if we get a collision, we hash
1012 * again until we find a free address. We try this a fixed number of times,
1013 * to avoid getting stuck in a loop (this is important on small pools
1014 * where we can run out of space).
1015 *
1016 * We return the number of attempts that it took to find an available
1017 * lease. This tells callers when a pool is are filling up, as
1018 * well as an indication of how full the pool is; statistically the
1019 * more full a pool is the more attempts must be made before finding
1020 * a free lease. Realistically this will only happen in very full
1021 * pools.
1022 *
1023 * We probably want different algorithms depending on the network size, in
1024 * the long term.
1025 */
1026 isc_result_t
1027 create_lease6(struct ipv6_pool *pool, struct iasubopt **addr,
1028 unsigned int *attempts,
1029 const struct data_string *uid, time_t soft_lifetime_end_time) {
1030 struct data_string ds;
1031 struct in6_addr tmp;
1032 struct iasubopt *test_iaaddr;
1033 struct data_string new_ds;
1034 struct iasubopt *iaaddr;
1035 isc_result_t result;
1036 isc_boolean_t reserved_iid;
1037 static isc_boolean_t init_resiid = ISC_FALSE;
1038
1039 /*
1040 * Fill the reserved IIDs.
1041 */
1042 if (!init_resiid) {
1043 memset(&rtany, 0, 16);
1044 memset(&resany, 0, 8);
1045 resany.s6_addr[8] = 0xfd;
1046 memset(&resany.s6_addr[9], 0xff, 6);
1047 init_resiid = ISC_TRUE;
1048 }
1049
1050 /*
1051 * Use the UID as our initial seed for the hash
1052 */
1053 memset(&ds, 0, sizeof(ds));
1054 data_string_copy(&ds, (struct data_string *)uid, MDL);
1055
1056 *attempts = 0;
1057 for (;;) {
1058 /*
1059 * Give up at some point.
1060 */
1061 if (++(*attempts) > 100) {
1062 data_string_forget(&ds, MDL);
1063 return ISC_R_NORESOURCES;
1064 }
1065
1066 /*
1067 * Build a resource.
1068 */
1069 switch (pool->pool_type) {
1070 case D6O_IA_NA:
1071 /* address */
1072 build_address6(&tmp, &pool->start_addr,
1073 pool->bits, &ds);
1074 break;
1075 case D6O_IA_TA:
1076 /* temporary address */
1077 build_temporary6(&tmp, &pool->start_addr,
1078 pool->bits, &ds);
1079 break;
1080 case D6O_IA_PD:
1081 /* prefix */
1082 log_error("create_lease6: prefix pool.");
1083 return DHCP_R_INVALIDARG;
1084 default:
1085 log_error("create_lease6: untyped pool.");
1086 return DHCP_R_INVALIDARG;
1087 }
1088
1089 /*
1090 * Avoid reserved interface IDs. (cf. RFC 5453)
1091 */
1092 reserved_iid = ISC_FALSE;
1093 if (memcmp(&tmp.s6_addr[8], &rtany.s6_addr[8], 8) == 0) {
1094 reserved_iid = ISC_TRUE;
1095 }
1096 if (!reserved_iid &&
1097 (memcmp(&tmp.s6_addr[8], &resany.s6_addr[8], 7) == 0) &&
1098 ((tmp.s6_addr[15] & 0x80) == 0x80)) {
1099 reserved_iid = ISC_TRUE;
1100 }
1101
1102 /*
1103 * If this address is not in use, we're happy with it
1104 */
1105 test_iaaddr = NULL;
1106 if (!reserved_iid &&
1107 (iasubopt_hash_lookup(&test_iaaddr, pool->leases,
1108 &tmp, sizeof(tmp), MDL) == 0)) {
1109 break;
1110 }
1111 if (test_iaaddr != NULL)
1112 iasubopt_dereference(&test_iaaddr, MDL);
1113
1114 /*
1115 * Otherwise, we create a new input, adding the address
1116 */
1117 memset(&new_ds, 0, sizeof(new_ds));
1118 new_ds.len = ds.len + sizeof(tmp);
1119 if (!buffer_allocate(&new_ds.buffer, new_ds.len, MDL)) {
1120 data_string_forget(&ds, MDL);
1121 return ISC_R_NOMEMORY;
1122 }
1123 new_ds.data = new_ds.buffer->data;
1124 memcpy(new_ds.buffer->data, ds.data, ds.len);
1125 memcpy(new_ds.buffer->data + ds.len, &tmp, sizeof(tmp));
1126 data_string_forget(&ds, MDL);
1127 data_string_copy(&ds, &new_ds, MDL);
1128 data_string_forget(&new_ds, MDL);
1129 }
1130
1131 data_string_forget(&ds, MDL);
1132
1133 /*
1134 * We're happy with the address, create an IAADDR
1135 * to hold it.
1136 */
1137 iaaddr = NULL;
1138 result = iasubopt_allocate(&iaaddr, MDL);
1139 if (result != ISC_R_SUCCESS) {
1140 return result;
1141 }
1142 iaaddr->plen = 0;
1143 memcpy(&iaaddr->addr, &tmp, sizeof(iaaddr->addr));
1144
1145 /*
1146 * Add the lease to the pool (note state is free, not active?!).
1147 */
1148 result = add_lease6(pool, iaaddr, soft_lifetime_end_time);
1149 if (result == ISC_R_SUCCESS) {
1150 iasubopt_reference(addr, iaaddr, MDL);
1151 }
1152 iasubopt_dereference(&iaaddr, MDL);
1153 return result;
1154 }
1155
1156 #ifdef EUI_64
1157 /*!
1158 * \brief Assign an EUI-64 address from a pool for a given iaid-duid
1159 *
1160 * \param pool - pool from which the address is assigned
1161 * \param iaddr - pointer to the iasubopt to contain the assigned address is
1162 * \param uid - data_string containing the iaid-duid tuple
1163 * \param soft_lifetime_end_time - lifetime of the lease for a solicit?
1164 *
1165 * \return status indicating success or nature of the failure
1166 */
1167 isc_result_t
1168 create_lease6_eui_64(struct ipv6_pool *pool, struct iasubopt **addr,
1169 const struct data_string *uid,
1170 time_t soft_lifetime_end_time) {
1171 struct in6_addr tmp;
1172 struct iasubopt *test_iaaddr;
1173 struct iasubopt *iaaddr;
1174 isc_result_t result;
1175 static isc_boolean_t init_resiid = ISC_FALSE;
1176
1177 /* Fill the reserved IIDs. */
1178 if (!init_resiid) {
1179 memset(&rtany, 0, 16);
1180 memset(&resany, 0, 8);
1181 resany.s6_addr[8] = 0xfd;
1182 memset(&resany.s6_addr[9], 0xff, 6);
1183 init_resiid = ISC_TRUE;
1184 }
1185
1186 /* Pool must be IA_NA */
1187 if (pool->pool_type != D6O_IA_NA) {
1188 log_error("create_lease6_eui_64: pool type is not IA_NA.");
1189 return (DHCP_R_INVALIDARG);
1190 }
1191
1192 /* Attempt to build the address */
1193 if (build_address6_eui_64 (&tmp, &pool->start_addr, pool->bits,
1194 uid, IAID_LEN) != ISC_R_SUCCESS) {
1195 log_error("create_lease6_eui_64: build_address6_eui_64 failed");
1196 return (ISC_R_FAILURE);
1197 }
1198
1199 /* Avoid reserved interface IDs. (cf. RFC 5453) */
1200 if ((memcmp(&tmp.s6_addr[8], &rtany.s6_addr[8], 8) == 0) ||
1201 ((memcmp(&tmp.s6_addr[8], &resany.s6_addr[8], 7) == 0) &&
1202 ((tmp.s6_addr[15] & 0x80) == 0x80))) {
1203 log_error("create_lease6_eui_64: "
1204 "address conflicts with reserved IID");
1205 return (ISC_R_FAILURE);
1206 }
1207
1208 /* If this address is not in use, we're happy with it */
1209 test_iaaddr = NULL;
1210 if (iasubopt_hash_lookup(&test_iaaddr, pool->leases,
1211 &tmp, sizeof(tmp), MDL) != 0) {
1212
1213 /* See if it's ours. Static leases won't have an ia */
1214 int ours = 0;
1215 if (!test_iaaddr->ia) {
1216 log_error("create_lease6_eui_64: "
1217 "address %s is assigned to static lease",
1218 pin6_addr(&test_iaaddr->addr));
1219 } else {
1220 /* Not sure if this can actually happen */
1221 struct data_string* found = &test_iaaddr->ia->iaid_duid;
1222 ours = ((found->len == uid->len) &&
1223 (!memcmp(found->data, uid->data, uid->len)));
1224 log_error("create_lease6_eui_64: "
1225 "address %s belongs to %s",
1226 pin6_addr(&test_iaaddr->addr),
1227 print_hex_1(found->len, found->data, 60));
1228 }
1229
1230 iasubopt_dereference(&test_iaaddr, MDL);
1231 if (!ours) {
1232 /* Cant' use it */
1233 return (ISC_R_FAILURE);
1234 }
1235 }
1236
1237 /* We're happy with the address, create an IAADDR to hold it. */
1238 iaaddr = NULL;
1239 result = iasubopt_allocate(&iaaddr, MDL);
1240 if (result != ISC_R_SUCCESS) {
1241 log_error("create_lease6_eui_64: could not allocate iasubop");
1242 return result;
1243 }
1244 iaaddr->plen = 0;
1245 memcpy(&iaaddr->addr, &tmp, sizeof(iaaddr->addr));
1246
1247 /* Add the lease to the pool and the reply */
1248 result = add_lease6(pool, iaaddr, soft_lifetime_end_time);
1249 if (result == ISC_R_SUCCESS) {
1250 iasubopt_reference(addr, iaaddr, MDL);
1251 }
1252
1253 iasubopt_dereference(&iaaddr, MDL);
1254 return result;
1255 }
1256 #endif
1257
1258 /*!
1259 *
1260 * \brief Cleans up leases when reading from a lease file
1261 *
1262 * This function is only expected to be run when reading leases in from a file.
1263 * It checks to see if a lease already exists for the new leases's address.
1264 * We don't add expired leases to the structures when reading a lease file
1265 * which limits what can happen. We have two variables the owners of the leases
1266 * being the same or different and the new lease being active or non-active:
1267 * Owners active
1268 * same no remove old lease and its connections
1269 * same yes nothing to do, other code will update the structures.
1270 * diff no nothing to do
1271 * diff yes this combination shouldn't happen, we should only have a
1272 * single active lease per address at a time and that lease
1273 * should move to non-active before any other lease can
1274 * become active for that address.
1275 * Currently we delete the previous lease and pass an error
1276 * to the caller who should log an error.
1277 *
1278 * When we remove a lease we remove it from the hash table and active heap
1279 * (remember only active leases are in the structures at this time) for the
1280 * pool, and from the IA's array. If, after we've removed the pointer from
1281 * IA's array to the lease, the IA has no more pointers we remove it from
1282 * the appropriate hash table as well.
1283 *
1284 * \param[in] ia_table = the hash table for the IA
1285 * \param[in] pool = the pool to update
1286 * \param[in] lease = the new lease we want to add
1287 * \param[in] ia = the new ia we are building
1288 *
1289 * \return
1290 * ISC_R_SUCCESS = the incoming lease and any previous lease were in
1291 * an expected state - one of the first 3 options above.
1292 * If necessary the old lease was removed.
1293 * ISC_R_FAILURE = there is already an active lease for the address in
1294 * the incoming lease. This shouldn't happen if it does
1295 * flag an error for the caller to log.
1296 */
1297
1298 isc_result_t
1299 cleanup_lease6(ia_hash_t *ia_table,
1300 struct ipv6_pool *pool,
1301 struct iasubopt *lease,
1302 struct ia_xx *ia) {
1303
1304 struct iasubopt *test_iasubopt, *tmp_iasubopt;
1305 struct ia_xx *old_ia;
1306 isc_result_t status = ISC_R_SUCCESS;
1307
1308 test_iasubopt = NULL;
1309 old_ia = NULL;
1310
1311 /*
1312 * Look up the address - if we don't find a lease
1313 * we don't need to do anything.
1314 */
1315 if (iasubopt_hash_lookup(&test_iasubopt, pool->leases,
1316 &lease->addr, sizeof(lease->addr),
1317 MDL) == 0) {
1318 return (ISC_R_SUCCESS);
1319 }
1320
1321 if (test_iasubopt->ia == NULL) {
1322 /* no old ia, no work to do */
1323 iasubopt_dereference(&test_iasubopt, MDL);
1324 return (status);
1325 }
1326
1327 ia_reference(&old_ia, test_iasubopt->ia, MDL);
1328
1329 if ((old_ia->iaid_duid.len == ia->iaid_duid.len) &&
1330 (memcmp((unsigned char *)ia->iaid_duid.data,
1331 (unsigned char *)old_ia->iaid_duid.data,
1332 ia->iaid_duid.len) == 0)) {
1333 /* same IA */
1334 if ((lease->state == FTS_ACTIVE) ||
1335 (lease->state == FTS_ABANDONED)) {
1336 /* still active, no need to delete */
1337 goto cleanup;
1338 }
1339 } else {
1340 /* different IA */
1341 if ((lease->state != FTS_ACTIVE) &&
1342 (lease->state != FTS_ABANDONED)) {
1343 /* new lease isn't active, no work */
1344 goto cleanup;
1345 }
1346
1347 /*
1348 * We appear to have two active leases, this shouldn't happen.
1349 * Before a second lease can be set to active the first lease
1350 * should be set to inactive (released, expired etc). For now
1351 * delete the previous lease and indicate a failure to the
1352 * caller so it can generate a warning.
1353 * In the future we may try and determine which is the better
1354 * lease to keep.
1355 */
1356
1357 status = ISC_R_FAILURE;
1358 }
1359
1360 /*
1361 * Remove the old lease from the active heap and from the hash table
1362 * then remove the lease from the IA and clean up the IA if necessary.
1363 */
1364 isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index);
1365 pool->num_active--;
1366 if (pool->ipv6_pond)
1367 pool->ipv6_pond->num_active--;
1368
1369 if (lease->state == FTS_ABANDONED) {
1370 pool->num_abandoned--;
1371 if (pool->ipv6_pond)
1372 pool->ipv6_pond->num_abandoned--;
1373 }
1374
1375 iasubopt_hash_delete(pool->leases, &test_iasubopt->addr,
1376 sizeof(test_iasubopt->addr), MDL);
1377 ia_remove_iasubopt(old_ia, test_iasubopt, MDL);
1378 if (old_ia->num_iasubopt <= 0) {
1379 ia_hash_delete(ia_table,
1380 (unsigned char *)old_ia->iaid_duid.data,
1381 old_ia->iaid_duid.len, MDL);
1382 }
1383
1384 /*
1385 * We derefenrece the subopt here as we've just removed it from
1386 * the hash table in the pool. We need to make a copy as we
1387 * need to derefernece it again later.
1388 */
1389 tmp_iasubopt = test_iasubopt;
1390 iasubopt_dereference(&tmp_iasubopt, MDL);
1391
1392 cleanup:
1393 ia_dereference(&old_ia, MDL);
1394
1395 /*
1396 * Clean up the reference, this is in addition to the deference
1397 * above after removing the entry from the hash table
1398 */
1399 iasubopt_dereference(&test_iasubopt, MDL);
1400
1401 return (status);
1402 }
1403
1404 /*
1405 * Put a lease in the pool directly. This is intended to be used when
1406 * loading leases from the file.
1407 */
1408 isc_result_t
1409 add_lease6(struct ipv6_pool *pool, struct iasubopt *lease,
1410 time_t valid_lifetime_end_time) {
1411 isc_result_t insert_result;
1412 struct iasubopt *test_iasubopt;
1413 struct iasubopt *tmp_iasubopt;
1414
1415 /* If a state was not assigned by the caller, assume active. */
1416 if (lease->state == 0)
1417 lease->state = FTS_ACTIVE;
1418
1419 ipv6_pool_reference(&lease->ipv6_pool, pool, MDL);
1420
1421 /*
1422 * If this IAADDR/PREFIX is already in our structures, remove the
1423 * old one.
1424 */
1425 test_iasubopt = NULL;
1426 if (iasubopt_hash_lookup(&test_iasubopt, pool->leases,
1427 &lease->addr, sizeof(lease->addr), MDL)) {
1428 /* XXX: we should probably ask the lease what heap it is on
1429 * (as a consistency check).
1430 * XXX: we should probably have one function to "put this lease
1431 * on its heap" rather than doing these if's everywhere. If
1432 * you add more states to this list, don't.
1433 */
1434 if ((test_iasubopt->state == FTS_ACTIVE) ||
1435 (test_iasubopt->state == FTS_ABANDONED)) {
1436 isc_heap_delete(pool->active_timeouts,
1437 test_iasubopt->heap_index);
1438 pool->num_active--;
1439 if (pool->ipv6_pond)
1440 pool->ipv6_pond->num_active--;
1441
1442 if (test_iasubopt->state == FTS_ABANDONED) {
1443 pool->num_abandoned--;
1444 if (pool->ipv6_pond)
1445 pool->ipv6_pond->num_abandoned--;
1446 }
1447 } else {
1448 isc_heap_delete(pool->inactive_timeouts,
1449 test_iasubopt->heap_index);
1450 pool->num_inactive--;
1451 }
1452
1453 iasubopt_hash_delete(pool->leases, &test_iasubopt->addr,
1454 sizeof(test_iasubopt->addr), MDL);
1455
1456 /*
1457 * We're going to do a bit of evil trickery here.
1458 *
1459 * We need to dereference the entry once to remove our
1460 * current reference (in test_iasubopt), and then one
1461 * more time to remove the reference left when the
1462 * address was added to the pool before.
1463 */
1464 tmp_iasubopt = test_iasubopt;
1465 iasubopt_dereference(&test_iasubopt, MDL);
1466 iasubopt_dereference(&tmp_iasubopt, MDL);
1467 }
1468
1469 /*
1470 * Add IAADDR/PREFIX to our structures.
1471 */
1472 tmp_iasubopt = NULL;
1473 iasubopt_reference(&tmp_iasubopt, lease, MDL);
1474 if ((tmp_iasubopt->state == FTS_ACTIVE) ||
1475 (tmp_iasubopt->state == FTS_ABANDONED)) {
1476 tmp_iasubopt->hard_lifetime_end_time = valid_lifetime_end_time;
1477 iasubopt_hash_add(pool->leases, &tmp_iasubopt->addr,
1478 sizeof(tmp_iasubopt->addr), lease, MDL);
1479 insert_result = isc_heap_insert(pool->active_timeouts,
1480 tmp_iasubopt);
1481 if (insert_result == ISC_R_SUCCESS) {
1482 pool->num_active++;
1483 if (pool->ipv6_pond)
1484 pool->ipv6_pond->num_active++;
1485
1486 if (tmp_iasubopt->state == FTS_ABANDONED) {
1487 pool->num_abandoned++;
1488 if (pool->ipv6_pond)
1489 pool->ipv6_pond->num_abandoned++;
1490 }
1491 }
1492
1493 } else {
1494 tmp_iasubopt->soft_lifetime_end_time = valid_lifetime_end_time;
1495 insert_result = isc_heap_insert(pool->inactive_timeouts,
1496 tmp_iasubopt);
1497 if (insert_result == ISC_R_SUCCESS)
1498 pool->num_inactive++;
1499 }
1500 if (insert_result != ISC_R_SUCCESS) {
1501 iasubopt_hash_delete(pool->leases, &lease->addr,
1502 sizeof(lease->addr), MDL);
1503 iasubopt_dereference(&tmp_iasubopt, MDL);
1504 return insert_result;
1505 }
1506
1507 /*
1508 * Note: we intentionally leave tmp_iasubopt referenced; there
1509 * is a reference in the heap/hash, after all.
1510 */
1511
1512 return ISC_R_SUCCESS;
1513 }
1514
1515 /*
1516 * Determine if an address is present in a pool or not.
1517 */
1518 isc_boolean_t
1519 lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr) {
1520 struct iasubopt *test_iaaddr;
1521
1522 test_iaaddr = NULL;
1523 if (iasubopt_hash_lookup(&test_iaaddr, pool->leases,
1524 (void *)addr, sizeof(*addr), MDL)) {
1525 iasubopt_dereference(&test_iaaddr, MDL);
1526 return ISC_TRUE;
1527 } else {
1528 return ISC_FALSE;
1529 }
1530 }
1531
1532 /*!
1533 *
1534 * \brief Check if address is available to a lease
1535 *
1536 * Determine if the address in the lease is available to that
1537 * lease. Either the address isn't in use or it is in use
1538 * but by that lease.
1539 *
1540 * \param[in] lease = lease to check
1541 *
1542 * \return
1543 * ISC_TRUE = The lease is allowed to use that address
1544 * ISC_FALSE = The lease isn't allowed to use that address
1545 */
1546 isc_boolean_t
1547 lease6_usable(struct iasubopt *lease) {
1548 struct iasubopt *test_iaaddr;
1549 isc_boolean_t status = ISC_TRUE;
1550
1551 test_iaaddr = NULL;
1552 if (iasubopt_hash_lookup(&test_iaaddr, lease->ipv6_pool->leases,
1553 (void *)&lease->addr,
1554 sizeof(lease->addr), MDL)) {
1555 if (test_iaaddr != lease) {
1556 status = ISC_FALSE;
1557 }
1558 iasubopt_dereference(&test_iaaddr, MDL);
1559 }
1560
1561 return (status);
1562 }
1563
1564 /*
1565 * Put the lease on our active pool.
1566 */
1567 static isc_result_t
1568 move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
1569 isc_result_t insert_result;
1570 int old_heap_index;
1571
1572 old_heap_index = lease->heap_index;
1573 insert_result = isc_heap_insert(pool->active_timeouts, lease);
1574 if (insert_result == ISC_R_SUCCESS) {
1575 iasubopt_hash_add(pool->leases, &lease->addr,
1576 sizeof(lease->addr), lease, MDL);
1577 isc_heap_delete(pool->inactive_timeouts, old_heap_index);
1578 pool->num_active++;
1579 pool->num_inactive--;
1580 lease->state = FTS_ACTIVE;
1581 if (pool->ipv6_pond)
1582 pool->ipv6_pond->num_active++;
1583
1584 }
1585 return insert_result;
1586 }
1587
1588 /*!
1589 *
1590 * \brief Renew a lease in the pool.
1591 *
1592 * The hard_lifetime_end_time of the lease should be set to
1593 * the current expiration time.
1594 * The soft_lifetime_end_time of the lease should be set to
1595 * the desired expiration time.
1596 *
1597 * This routine will compare the two and call the correct
1598 * heap routine to move the lease. If the lease is active
1599 * and the new expiration time is greater (the normal case)
1600 * then we call isc_heap_decreased() as a larger time is a
1601 * lower priority. If the new expiration time is less then
1602 * we call isc_heap_increased().
1603 *
1604 * If the lease is abandoned then it will be on the active list
1605 * and we will always call isc_heap_increased() as the previous
1606 * expiration would have been all 1s (as close as we can get
1607 * to infinite).
1608 *
1609 * If the lease is moving to active we call that routine
1610 * which will move it from the inactive list to the active list.
1611 *
1612 * \param pool = a pool the lease belongs to
1613 * \param lease = the lease to be renewed
1614 *
1615 * \return result of the renew operation (ISC_R_SUCCESS if successful,
1616 ISC_R_NOMEMORY when run out of memory)
1617 */
1618 isc_result_t
1619 renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
1620 time_t old_end_time = lease->hard_lifetime_end_time;
1621 lease->hard_lifetime_end_time = lease->soft_lifetime_end_time;
1622 lease->soft_lifetime_end_time = 0;
1623
1624 if (lease->state == FTS_ACTIVE) {
1625 if (old_end_time <= lease->hard_lifetime_end_time) {
1626 isc_heap_decreased(pool->active_timeouts,
1627 lease->heap_index);
1628 } else {
1629 isc_heap_increased(pool->active_timeouts,
1630 lease->heap_index);
1631 }
1632 return ISC_R_SUCCESS;
1633 } else if (lease->state == FTS_ABANDONED) {
1634 char tmp_addr[INET6_ADDRSTRLEN];
1635 lease->state = FTS_ACTIVE;
1636 isc_heap_increased(pool->active_timeouts, lease->heap_index);
1637 log_info("Reclaiming previously abandoned address %s",
1638 inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
1639 sizeof(tmp_addr)));
1640
1641 pool->num_abandoned--;
1642 if (pool->ipv6_pond)
1643 pool->ipv6_pond->num_abandoned--;
1644
1645 return ISC_R_SUCCESS;
1646 } else {
1647 return move_lease_to_active(pool, lease);
1648 }
1649 }
1650
1651 /*
1652 * Put the lease on our inactive pool, with the specified state.
1653 */
1654 static isc_result_t
1655 move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease,
1656 binding_state_t state) {
1657 isc_result_t insert_result;
1658 int old_heap_index;
1659
1660 old_heap_index = lease->heap_index;
1661 insert_result = isc_heap_insert(pool->inactive_timeouts, lease);
1662 if (insert_result == ISC_R_SUCCESS) {
1663 /*
1664 * Handle expire and release statements
1665 * To get here we must be active and have done a commit so
1666 * we should run the proper statements if they exist, though
1667 * that will change when we remove the inactive heap.
1668 * In addition we get rid of the references for both as we
1669 * can only do one (expire or release) on a lease
1670 */
1671 if (lease->on_star.on_expiry != NULL) {
1672 if (state == FTS_EXPIRED) {
1673 execute_statements(NULL, NULL, NULL,
1674 NULL, NULL, NULL,
1675 &lease->scope,
1676 lease->on_star.on_expiry,
1677 &lease->on_star);
1678 }
1679 executable_statement_dereference
1680 (&lease->on_star.on_expiry, MDL);
1681 }
1682
1683 if (lease->on_star.on_release != NULL) {
1684 if (state == FTS_RELEASED) {
1685 execute_statements(NULL, NULL, NULL,
1686 NULL, NULL, NULL,
1687 &lease->scope,
1688 lease->on_star.on_release,
1689 &lease->on_star);
1690 }
1691 executable_statement_dereference
1692 (&lease->on_star.on_release, MDL);
1693 }
1694
1695 #if defined (NSUPDATE)
1696 /* Process events upon expiration. */
1697 if (pool->pool_type != D6O_IA_PD) {
1698 (void) ddns_removals(NULL, lease, NULL, ISC_FALSE);
1699 }
1700 #endif
1701
1702 /* Binding scopes are no longer valid after expiry or
1703 * release.
1704 */
1705 if (lease->scope != NULL) {
1706 binding_scope_dereference(&lease->scope, MDL);
1707 }
1708
1709 iasubopt_hash_delete(pool->leases,
1710 &lease->addr, sizeof(lease->addr), MDL);
1711 isc_heap_delete(pool->active_timeouts, old_heap_index);
1712 lease->state = state;
1713 pool->num_active--;
1714 pool->num_inactive++;
1715 if (pool->ipv6_pond)
1716 pool->ipv6_pond->num_active--;
1717
1718 if (lease->state == FTS_ABANDONED) {
1719 pool->num_abandoned--;
1720 if (pool->ipv6_pond)
1721 pool->ipv6_pond->num_abandoned--;
1722 }
1723 }
1724 return insert_result;
1725 }
1726
1727 /*
1728 * Expire the oldest lease if it's lifetime_end_time is
1729 * older than the given time.
1730 *
1731 * - leasep must be a pointer to a (struct iasubopt *) pointer previously
1732 * initialized to NULL
1733 *
1734 * On return leasep has a reference to the removed entry. It is left
1735 * pointing to NULL if the oldest lease has not expired.
1736 */
1737 isc_result_t
1738 expire_lease6(struct iasubopt **leasep, struct ipv6_pool *pool, time_t now) {
1739 struct iasubopt *tmp;
1740 isc_result_t result;
1741
1742 if (leasep == NULL) {
1743 log_error("%s(%d): NULL pointer reference", MDL);
1744 return DHCP_R_INVALIDARG;
1745 }
1746 if (*leasep != NULL) {
1747 log_error("%s(%d): non-NULL pointer", MDL);
1748 return DHCP_R_INVALIDARG;
1749 }
1750
1751 if (pool->num_active > 0) {
1752 tmp = (struct iasubopt *)
1753 isc_heap_element(pool->active_timeouts, 1);
1754 if (now > tmp->hard_lifetime_end_time) {
1755 result = move_lease_to_inactive(pool, tmp,
1756 FTS_EXPIRED);
1757 if (result == ISC_R_SUCCESS) {
1758 iasubopt_reference(leasep, tmp, MDL);
1759 }
1760 return result;
1761 }
1762 }
1763 return ISC_R_SUCCESS;
1764 }
1765
1766
1767 /*
1768 * For a declined lease, leave it on the "active" pool, but mark
1769 * it as declined. Give it an infinite (well, really long) life.
1770 */
1771 isc_result_t
1772 decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
1773 isc_result_t result;
1774
1775 if ((lease->state != FTS_ACTIVE) &&
1776 (lease->state != FTS_ABANDONED)) {
1777 result = move_lease_to_active(pool, lease);
1778 if (result != ISC_R_SUCCESS) {
1779 return result;
1780 }
1781 }
1782 lease->state = FTS_ABANDONED;
1783
1784 pool->num_abandoned++;
1785 if (pool->ipv6_pond)
1786 pool->ipv6_pond->num_abandoned++;
1787
1788 lease->hard_lifetime_end_time = MAX_TIME;
1789 isc_heap_decreased(pool->active_timeouts, lease->heap_index);
1790 return ISC_R_SUCCESS;
1791 }
1792
1793 /*
1794 * Put the returned lease on our inactive pool.
1795 */
1796 isc_result_t
1797 release_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
1798 if (lease->state == FTS_ACTIVE) {
1799 return move_lease_to_inactive(pool, lease, FTS_RELEASED);
1800 } else {
1801 return ISC_R_SUCCESS;
1802 }
1803 }
1804
1805 /*
1806 * Create a prefix by hashing the input, and using that for
1807 * the part subject to allocation.
1808 */
1809 void
1810 build_prefix6(struct in6_addr *pref,
1811 const struct in6_addr *net_start_pref,
1812 int pool_bits, int pref_bits,
1813 const struct data_string *input) {
1814 isc_md5_t ctx;
1815 int net_bytes;
1816 int i;
1817 char *str;
1818 const char *net_str;
1819
1820 /*
1821 * Use MD5 to get a nice 128 bit hash of the input.
1822 * Yes, we know MD5 isn't cryptographically sound.
1823 * No, we don't care.
1824 */
1825 isc_md5_init(&ctx);
1826 isc_md5_update(&ctx, input->data, input->len);
1827 isc_md5_final(&ctx, (unsigned char *)pref);
1828
1829 /*
1830 * Copy the network bits over.
1831 */
1832 str = (char *)pref;
1833 net_str = (const char *)net_start_pref;
1834 net_bytes = pool_bits / 8;
1835 for (i = 0; i < net_bytes; i++) {
1836 str[i] = net_str[i];
1837 }
1838 i = net_bytes;
1839 switch (pool_bits % 8) {
1840 case 1: str[i] = (str[i] & 0x7F) | (net_str[i] & 0x80); break;
1841 case 2: str[i] = (str[i] & 0x3F) | (net_str[i] & 0xC0); break;
1842 case 3: str[i] = (str[i] & 0x1F) | (net_str[i] & 0xE0); break;
1843 case 4: str[i] = (str[i] & 0x0F) | (net_str[i] & 0xF0); break;
1844 case 5: str[i] = (str[i] & 0x07) | (net_str[i] & 0xF8); break;
1845 case 6: str[i] = (str[i] & 0x03) | (net_str[i] & 0xFC); break;
1846 case 7: str[i] = (str[i] & 0x01) | (net_str[i] & 0xFE); break;
1847 }
1848 /*
1849 * Zero the remaining bits.
1850 */
1851 net_bytes = pref_bits / 8;
1852 for (i=net_bytes+1; i<16; i++) {
1853 str[i] = 0;
1854 }
1855 i = net_bytes;
1856 switch (pref_bits % 8) {
1857 case 0: str[i] &= 0; break;
1858 case 1: str[i] &= 0x80; break;
1859 case 2: str[i] &= 0xC0; break;
1860 case 3: str[i] &= 0xE0; break;
1861 case 4: str[i] &= 0xF0; break;
1862 case 5: str[i] &= 0xF8; break;
1863 case 6: str[i] &= 0xFC; break;
1864 case 7: str[i] &= 0xFE; break;
1865 }
1866 }
1867
1868 /*
1869 * Create a lease for the given prefix and client duid.
1870 *
1871 * - pool must be a pointer to a (struct ipv6_pool *) pointer previously
1872 * initialized to NULL
1873 *
1874 * Right now we simply hash the DUID, and if we get a collision, we hash
1875 * again until we find a free prefix. We try this a fixed number of times,
1876 * to avoid getting stuck in a loop (this is important on small pools
1877 * where we can run out of space).
1878 *
1879 * We return the number of attempts that it took to find an available
1880 * prefix. This tells callers when a pool is are filling up, as
1881 * well as an indication of how full the pool is; statistically the
1882 * more full a pool is the more attempts must be made before finding
1883 * a free prefix. Realistically this will only happen in very full
1884 * pools.
1885 *
1886 * We probably want different algorithms depending on the network size, in
1887 * the long term.
1888 */
1889 isc_result_t
1890 create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref,
1891 unsigned int *attempts,
1892 const struct data_string *uid,
1893 time_t soft_lifetime_end_time) {
1894 struct data_string ds;
1895 struct in6_addr tmp;
1896 struct iasubopt *test_iapref;
1897 struct data_string new_ds;
1898 struct iasubopt *iapref;
1899 isc_result_t result;
1900
1901 /*
1902 * Use the UID as our initial seed for the hash
1903 */
1904 memset(&ds, 0, sizeof(ds));
1905 data_string_copy(&ds, (struct data_string *)uid, MDL);
1906
1907 *attempts = 0;
1908 for (;;) {
1909 /*
1910 * Give up at some point.
1911 */
1912 if (++(*attempts) > 10) {
1913 data_string_forget(&ds, MDL);
1914 return ISC_R_NORESOURCES;
1915 }
1916
1917 /*
1918 * Build a prefix
1919 */
1920 build_prefix6(&tmp, &pool->start_addr,
1921 pool->bits, pool->units, &ds);
1922
1923 /*
1924 * If this prefix is not in use, we're happy with it
1925 */
1926 test_iapref = NULL;
1927 if (iasubopt_hash_lookup(&test_iapref, pool->leases,
1928 &tmp, sizeof(tmp), MDL) == 0) {
1929 break;
1930 }
1931 iasubopt_dereference(&test_iapref, MDL);
1932
1933 /*
1934 * Otherwise, we create a new input, adding the prefix
1935 */
1936 memset(&new_ds, 0, sizeof(new_ds));
1937 new_ds.len = ds.len + sizeof(tmp);
1938 if (!buffer_allocate(&new_ds.buffer, new_ds.len, MDL)) {
1939 data_string_forget(&ds, MDL);
1940 return ISC_R_NOMEMORY;
1941 }
1942 new_ds.data = new_ds.buffer->data;
1943 memcpy(new_ds.buffer->data, ds.data, ds.len);
1944 memcpy(new_ds.buffer->data + ds.len, &tmp, sizeof(tmp));
1945 data_string_forget(&ds, MDL);
1946 data_string_copy(&ds, &new_ds, MDL);
1947 data_string_forget(&new_ds, MDL);
1948 }
1949
1950 data_string_forget(&ds, MDL);
1951
1952 /*
1953 * We're happy with the prefix, create an IAPREFIX
1954 * to hold it.
1955 */
1956 iapref = NULL;
1957 result = iasubopt_allocate(&iapref, MDL);
1958 if (result != ISC_R_SUCCESS) {
1959 return result;
1960 }
1961 iapref->plen = (u_int8_t)pool->units;
1962 memcpy(&iapref->addr, &tmp, sizeof(iapref->addr));
1963
1964 /*
1965 * Add the prefix to the pool (note state is free, not active?!).
1966 */
1967 result = add_lease6(pool, iapref, soft_lifetime_end_time);
1968 if (result == ISC_R_SUCCESS) {
1969 iasubopt_reference(pref, iapref, MDL);
1970 }
1971 iasubopt_dereference(&iapref, MDL);
1972 return result;
1973 }
1974
1975 /*
1976 * Determine if a prefix is present in a pool or not.
1977 */
1978 isc_boolean_t
1979 prefix6_exists(const struct ipv6_pool *pool,
1980 const struct in6_addr *pref, u_int8_t plen) {
1981 struct iasubopt *test_iapref;
1982
1983 if ((int)plen != pool->units)
1984 return ISC_FALSE;
1985
1986 test_iapref = NULL;
1987 if (iasubopt_hash_lookup(&test_iapref, pool->leases,
1988 (void *)pref, sizeof(*pref), MDL)) {
1989 iasubopt_dereference(&test_iapref, MDL);
1990 return ISC_TRUE;
1991 } else {
1992 return ISC_FALSE;
1993 }
1994 }
1995
1996 /*
1997 * Mark an IPv6 address/prefix as unavailable from a pool.
1998 *
1999 * This is used for host entries and the addresses of the server itself.
2000 */
2001 isc_result_t
2002 mark_lease_unavailable(struct ipv6_pool *pool, const struct in6_addr *addr) {
2003 struct iasubopt *dummy_iasubopt;
2004 isc_result_t result;
2005
2006 dummy_iasubopt = NULL;
2007 result = iasubopt_allocate(&dummy_iasubopt, MDL);
2008 if (result == ISC_R_SUCCESS) {
2009 dummy_iasubopt->addr = *addr;
2010 iasubopt_hash_add(pool->leases, &dummy_iasubopt->addr,
2011 sizeof(*addr), dummy_iasubopt, MDL);
2012 }
2013 return result;
2014 }
2015
2016 /*
2017 * Add a pool.
2018 */
2019 isc_result_t
2020 add_ipv6_pool(struct ipv6_pool *pool) {
2021 struct ipv6_pool **new_pools;
2022
2023 new_pools = dmalloc(sizeof(struct ipv6_pool *) * (num_pools+1), MDL);
2024 if (new_pools == NULL) {
2025 return ISC_R_NOMEMORY;
2026 }
2027
2028 if (num_pools > 0) {
2029 memcpy(new_pools, pools,
2030 sizeof(struct ipv6_pool *) * num_pools);
2031 dfree(pools, MDL);
2032 }
2033 pools = new_pools;
2034
2035 pools[num_pools] = NULL;
2036 ipv6_pool_reference(&pools[num_pools], pool, MDL);
2037 num_pools++;
2038 return ISC_R_SUCCESS;
2039 }
2040
2041 static void
2042 cleanup_old_expired(struct ipv6_pool *pool) {
2043 struct iasubopt *tmp;
2044 struct ia_xx *ia;
2045 struct ia_xx *ia_active;
2046 unsigned char *tmpd;
2047 time_t timeout;
2048
2049 while (pool->num_inactive > 0) {
2050 tmp = (struct iasubopt *)
2051 isc_heap_element(pool->inactive_timeouts, 1);
2052 if (tmp->hard_lifetime_end_time != 0) {
2053 timeout = tmp->hard_lifetime_end_time;
2054 timeout += EXPIRED_IPV6_CLEANUP_TIME;
2055 } else {
2056 timeout = tmp->soft_lifetime_end_time;
2057 }
2058 if (cur_time < timeout) {
2059 break;
2060 }
2061
2062 isc_heap_delete(pool->inactive_timeouts, tmp->heap_index);
2063 pool->num_inactive--;
2064
2065 if (tmp->ia != NULL) {
2066 /*
2067 * Check to see if this IA is in an active list,
2068 * but has no remaining resources. If so, remove it
2069 * from the active list.
2070 */
2071 ia = NULL;
2072 ia_reference(&ia, tmp->ia, MDL);
2073 ia_remove_iasubopt(ia, tmp, MDL);
2074 ia_active = NULL;
2075 tmpd = (unsigned char *)ia->iaid_duid.data;
2076 if ((ia->ia_type == D6O_IA_NA) &&
2077 (ia->num_iasubopt <= 0) &&
2078 (ia_hash_lookup(&ia_active, ia_na_active, tmpd,
2079 ia->iaid_duid.len, MDL) == 0) &&
2080 (ia_active == ia)) {
2081 ia_hash_delete(ia_na_active, tmpd,
2082 ia->iaid_duid.len, MDL);
2083 }
2084 if ((ia->ia_type == D6O_IA_TA) &&
2085 (ia->num_iasubopt <= 0) &&
2086 (ia_hash_lookup(&ia_active, ia_ta_active, tmpd,
2087 ia->iaid_duid.len, MDL) == 0) &&
2088 (ia_active == ia)) {
2089 ia_hash_delete(ia_ta_active, tmpd,
2090 ia->iaid_duid.len, MDL);
2091 }
2092 if ((ia->ia_type == D6O_IA_PD) &&
2093 (ia->num_iasubopt <= 0) &&
2094 (ia_hash_lookup(&ia_active, ia_pd_active, tmpd,
2095 ia->iaid_duid.len, MDL) == 0) &&
2096 (ia_active == ia)) {
2097 ia_hash_delete(ia_pd_active, tmpd,
2098 ia->iaid_duid.len, MDL);
2099 }
2100 ia_dereference(&ia, MDL);
2101 }
2102 iasubopt_dereference(&tmp, MDL);
2103 }
2104 }
2105
2106 static void
2107 lease_timeout_support(void *vpool) {
2108 struct ipv6_pool *pool;
2109 struct iasubopt *lease;
2110
2111 pool = (struct ipv6_pool *)vpool;
2112 for (;;) {
2113 /*
2114 * Get the next lease scheduled to expire.
2115 *
2116 * Note that if there are no leases in the pool,
2117 * expire_lease6() will return ISC_R_SUCCESS with
2118 * a NULL lease.
2119 *
2120 * expire_lease6() will call move_lease_to_inactive() which
2121 * calls ddns_removals() do we want that on the standard
2122 * expiration timer or a special 'depref' timer? Original
2123 * query from DH, moved here by SAR.
2124 */
2125 lease = NULL;
2126 if (expire_lease6(&lease, pool, cur_time) != ISC_R_SUCCESS) {
2127 break;
2128 }
2129 if (lease == NULL) {
2130 break;
2131 }
2132
2133 write_ia(lease->ia);
2134
2135 iasubopt_dereference(&lease, MDL);
2136 }
2137
2138 /*
2139 * If appropriate commit and rotate the lease file
2140 * As commit_leases_timed() checks to see if we've done any writes
2141 * we don't bother tracking if this function called write _ia
2142 */
2143 (void) commit_leases_timed();
2144
2145 /*
2146 * Do some cleanup of our expired leases.
2147 */
2148 cleanup_old_expired(pool);
2149
2150 /*
2151 * Schedule next round of expirations.
2152 */
2153 schedule_lease_timeout(pool);
2154 }
2155
2156 /*
2157 * For a given pool, add a timer that will remove the next
2158 * lease to expire.
2159 */
2160 void
2161 schedule_lease_timeout(struct ipv6_pool *pool) {
2162 struct iasubopt *tmp;
2163 time_t timeout;
2164 time_t next_timeout;
2165 struct timeval tv;
2166
2167 next_timeout = MAX_TIME;
2168
2169 if (pool->num_active > 0) {
2170 tmp = (struct iasubopt *)
2171 isc_heap_element(pool->active_timeouts, 1);
2172 if (tmp->hard_lifetime_end_time < next_timeout) {
2173 next_timeout = tmp->hard_lifetime_end_time + 1;
2174 }
2175 }
2176
2177 if (pool->num_inactive > 0) {
2178 tmp = (struct iasubopt *)
2179 isc_heap_element(pool->inactive_timeouts, 1);
2180 if (tmp->hard_lifetime_end_time != 0) {
2181 timeout = tmp->hard_lifetime_end_time;
2182 timeout += EXPIRED_IPV6_CLEANUP_TIME;
2183 } else {
2184 timeout = tmp->soft_lifetime_end_time + 1;
2185 }
2186 if (timeout < next_timeout) {
2187 next_timeout = timeout;
2188 }
2189 }
2190
2191 if (next_timeout < MAX_TIME) {
2192 tv.tv_sec = next_timeout;
2193 tv.tv_usec = 0;
2194 add_timeout(&tv, lease_timeout_support, pool,
2195 (tvref_t)ipv6_pool_reference,
2196 (tvunref_t)ipv6_pool_dereference);
2197 }
2198 }
2199
2200 /*
2201 * Schedule timeouts across all pools.
2202 */
2203 void
2204 schedule_all_ipv6_lease_timeouts(void) {
2205 int i;
2206
2207 for (i=0; i<num_pools; i++) {
2208 schedule_lease_timeout(pools[i]);
2209 }
2210 }
2211
2212 /*
2213 * Given an address and the length of the network mask, return
2214 * only the network portion.
2215 *
2216 * Examples:
2217 *
2218 * "fe80::216:6fff:fe49:7d9b", length 64 = "fe80::"
2219 * "2001:888:1936:2:216:6fff:fe49:7d9b", length 48 = "2001:888:1936::"
2220 */
2221 static void
2222 ipv6_network_portion(struct in6_addr *result,
2223 const struct in6_addr *addr, int bits) {
2224 unsigned char *addrp;
2225 int mask_bits;
2226 int bytes;
2227 int extra_bits;
2228 int i;
2229
2230 static const unsigned char bitmasks[] = {
2231 0x00, 0xFE, 0xFC, 0xF8,
2232 0xF0, 0xE0, 0xC0, 0x80,
2233 };
2234
2235 /*
2236 * Sanity check our bits. ;)
2237 */
2238 if ((bits < 0) || (bits > 128)) {
2239 log_fatal("ipv6_network_portion: bits %d not between 0 and 128",
2240 bits);
2241 }
2242
2243 /*
2244 * Copy our address portion.
2245 */
2246 *result = *addr;
2247 addrp = ((unsigned char *)result) + 15;
2248
2249 /*
2250 * Zero out masked portion.
2251 */
2252 mask_bits = 128 - bits;
2253 bytes = mask_bits / 8;
2254 extra_bits = mask_bits % 8;
2255
2256 for (i=0; i<bytes; i++) {
2257 *addrp = 0;
2258 addrp--;
2259 }
2260 if (extra_bits) {
2261 *addrp &= bitmasks[extra_bits];
2262 }
2263 }
2264
2265 /*
2266 * Determine if the given address/prefix is in the pool.
2267 */
2268 isc_boolean_t
2269 ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool) {
2270 struct in6_addr tmp;
2271
2272 ipv6_network_portion(&tmp, addr, pool->bits);
2273 if (memcmp(&tmp, &pool->start_addr, sizeof(tmp)) == 0) {
2274 return ISC_TRUE;
2275 } else {
2276 return ISC_FALSE;
2277 }
2278 }
2279
2280 /*
2281 * Find the pool that contains the given address.
2282 *
2283 * - pool must be a pointer to a (struct ipv6_pool *) pointer previously
2284 * initialized to NULL
2285 */
2286 isc_result_t
2287 find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type,
2288 const struct in6_addr *addr) {
2289 int i;
2290
2291 if (pool == NULL) {
2292 log_error("%s(%d): NULL pointer reference", MDL);
2293 return DHCP_R_INVALIDARG;
2294 }
2295 if (*pool != NULL) {
2296 log_error("%s(%d): non-NULL pointer", MDL);
2297 return DHCP_R_INVALIDARG;
2298 }
2299
2300 for (i=0; i<num_pools; i++) {
2301 if (pools[i]->pool_type != type)
2302 continue;
2303 if (ipv6_in_pool(addr, pools[i])) {
2304 ipv6_pool_reference(pool, pools[i], MDL);
2305 return ISC_R_SUCCESS;
2306 }
2307 }
2308 return ISC_R_NOTFOUND;
2309 }
2310
2311 /*
2312 * Helper function for the various functions that act across all
2313 * pools.
2314 */
2315 static isc_result_t
2316 change_leases(struct ia_xx *ia,
2317 isc_result_t (*change_func)(struct ipv6_pool *,
2318 struct iasubopt *)) {
2319 isc_result_t retval;
2320 isc_result_t renew_retval;
2321 struct ipv6_pool *pool;
2322 struct in6_addr *addr;
2323 int i;
2324
2325 retval = ISC_R_SUCCESS;
2326 for (i=0; i<ia->num_iasubopt; i++) {
2327 pool = NULL;
2328 addr = &ia->iasubopt[i]->addr;
2329 if (find_ipv6_pool(&pool, ia->ia_type,
2330 addr) == ISC_R_SUCCESS) {
2331 renew_retval = change_func(pool, ia->iasubopt[i]);
2332 if (renew_retval != ISC_R_SUCCESS) {
2333 retval = renew_retval;
2334 }
2335 }
2336 /* XXXsk: should we warn if we don't find a pool? */
2337 }
2338 return retval;
2339 }
2340
2341 /*
2342 * Renew all leases in an IA from all pools.
2343 *
2344 * The new lifetime should be in the soft_lifetime_end_time
2345 * and will be moved to hard_lifetime_end_time by renew_lease6.
2346 */
2347 isc_result_t
2348 renew_leases(struct ia_xx *ia) {
2349 return change_leases(ia, renew_lease6);
2350 }
2351
2352 /*
2353 * Release all leases in an IA from all pools.
2354 */
2355 isc_result_t
2356 release_leases(struct ia_xx *ia) {
2357 return change_leases(ia, release_lease6);
2358 }
2359
2360 /*
2361 * Decline all leases in an IA from all pools.
2362 */
2363 isc_result_t
2364 decline_leases(struct ia_xx *ia) {
2365 return change_leases(ia, decline_lease6);
2366 }
2367
2368 #ifdef DHCPv6
2369 /*
2370 * Helper function to output leases.
2371 */
2372 static int write_error;
2373
2374 static isc_result_t
2375 write_ia_leases(const void *name, unsigned len, void *value) {
2376 struct ia_xx *ia = (struct ia_xx *)value;
2377
2378 if (!write_error) {
2379 if (!write_ia(ia)) {
2380 write_error = 1;
2381 }
2382 }
2383 return ISC_R_SUCCESS;
2384 }
2385
2386 /*
2387 * Write all DHCPv6 information.
2388 */
2389 int
2390 write_leases6(void) {
2391 int nas, tas, pds;
2392
2393 write_error = 0;
2394 write_server_duid();
2395 nas = ia_hash_foreach(ia_na_active, write_ia_leases);
2396 if (write_error) {
2397 return 0;
2398 }
2399 tas = ia_hash_foreach(ia_ta_active, write_ia_leases);
2400 if (write_error) {
2401 return 0;
2402 }
2403 pds = ia_hash_foreach(ia_pd_active, write_ia_leases);
2404 if (write_error) {
2405 return 0;
2406 }
2407
2408 log_info("Wrote %d NA, %d TA, %d PD leases to lease file.",
2409 nas, tas, pds);
2410 return 1;
2411 }
2412 #endif /* DHCPv6 */
2413
2414 static isc_result_t
2415 mark_hosts_unavailable_support(const void *name, unsigned len, void *value) {
2416 struct host_decl *h;
2417 struct data_string fixed_addr;
2418 struct in6_addr addr;
2419 struct ipv6_pool *p;
2420
2421 h = (struct host_decl *)value;
2422
2423 /*
2424 * If the host has no address, we don't need to mark anything.
2425 */
2426 if (h->fixed_addr == NULL) {
2427 return ISC_R_SUCCESS;
2428 }
2429
2430 /*
2431 * Evaluate the fixed address.
2432 */
2433 memset(&fixed_addr, 0, sizeof(fixed_addr));
2434 if (!evaluate_option_cache(&fixed_addr, NULL, NULL, NULL, NULL, NULL,
2435 &global_scope, h->fixed_addr, MDL)) {
2436 log_error("mark_hosts_unavailable: "
2437 "error evaluating host address.");
2438 return ISC_R_SUCCESS;
2439 }
2440 if (fixed_addr.len != 16) {
2441 log_error("mark_hosts_unavailable: "
2442 "host address is not 128 bits.");
2443 return ISC_R_SUCCESS;
2444 }
2445 memcpy(&addr, fixed_addr.data, 16);
2446 data_string_forget(&fixed_addr, MDL);
2447
2448 /*
2449 * Find the pool holding this host, and mark the address.
2450 * (I suppose it is arguably valid to have a host that does not
2451 * sit in any pool.)
2452 */
2453 p = NULL;
2454 if (find_ipv6_pool(&p, D6O_IA_NA, &addr) == ISC_R_SUCCESS) {
2455 mark_lease_unavailable(p, &addr);
2456 ipv6_pool_dereference(&p, MDL);
2457 }
2458 if (find_ipv6_pool(&p, D6O_IA_TA, &addr) == ISC_R_SUCCESS) {
2459 mark_lease_unavailable(p, &addr);
2460 ipv6_pool_dereference(&p, MDL);
2461 }
2462
2463 return ISC_R_SUCCESS;
2464 }
2465
2466 void
2467 mark_hosts_unavailable(void) {
2468 hash_foreach(host_name_hash, mark_hosts_unavailable_support);
2469 }
2470
2471 static isc_result_t
2472 mark_phosts_unavailable_support(const void *name, unsigned len, void *value) {
2473 struct host_decl *h;
2474 struct iaddrcidrnetlist *l;
2475 struct in6_addr pref;
2476 struct ipv6_pool *p;
2477
2478 h = (struct host_decl *)value;
2479
2480 /*
2481 * If the host has no prefix, we don't need to mark anything.
2482 */
2483 if (h->fixed_prefix == NULL) {
2484 return ISC_R_SUCCESS;
2485 }
2486
2487 /*
2488 * Get the fixed prefixes.
2489 */
2490 for (l = h->fixed_prefix; l != NULL; l = l->next) {
2491 if (l->cidrnet.lo_addr.len != 16) {
2492 continue;
2493 }
2494 memcpy(&pref, l->cidrnet.lo_addr.iabuf, 16);
2495
2496 /*
2497 * Find the pool holding this host, and mark the prefix.
2498 * (I suppose it is arguably valid to have a host that does not
2499 * sit in any pool.)
2500 */
2501 p = NULL;
2502 if (find_ipv6_pool(&p, D6O_IA_PD, &pref) != ISC_R_SUCCESS) {
2503 continue;
2504 }
2505 if (l->cidrnet.bits != p->units) {
2506 ipv6_pool_dereference(&p, MDL);
2507 continue;
2508 }
2509 mark_lease_unavailable(p, &pref);
2510 ipv6_pool_dereference(&p, MDL);
2511 }
2512
2513 return ISC_R_SUCCESS;
2514 }
2515
2516 void
2517 mark_phosts_unavailable(void) {
2518 hash_foreach(host_name_hash, mark_phosts_unavailable_support);
2519 }
2520
2521 void
2522 mark_interfaces_unavailable(void) {
2523 struct interface_info *ip;
2524 int i;
2525 struct ipv6_pool *p;
2526
2527 ip = interfaces;
2528 while (ip != NULL) {
2529 for (i=0; i<ip->v6address_count; i++) {
2530 p = NULL;
2531 if (find_ipv6_pool(&p, D6O_IA_NA, &ip->v6addresses[i])
2532 == ISC_R_SUCCESS) {
2533 mark_lease_unavailable(p,
2534 &ip->v6addresses[i]);
2535 ipv6_pool_dereference(&p, MDL);
2536 }
2537 if (find_ipv6_pool(&p, D6O_IA_TA, &ip->v6addresses[i])
2538 == ISC_R_SUCCESS) {
2539 mark_lease_unavailable(p,
2540 &ip->v6addresses[i]);
2541 ipv6_pool_dereference(&p, MDL);
2542 }
2543 }
2544 ip = ip->next;
2545 }
2546 }
2547
2548 /*!
2549 * \brief Create a new IPv6 pond structure.
2550 *
2551 * Allocate space for a new ipv6_pond structure and return a reference
2552 * to it, includes setting the reference count to 1.
2553 *
2554 * \param pond = space for returning a referenced pointer to the pond.
2555 * This must point to a space that has been initialzied
2556 * to NULL by the caller.
2557 *
2558 * \return
2559 * ISC_R_SUCCESS = The pond was successfully created, pond points to it.
2560 * DHCP_R_INVALIDARG = One of the arugments was invalid, pond has not been
2561 * modified
2562 * ISC_R_NOMEMORY = The system wasn't able to allocate memory, pond has
2563 * not been modified.
2564 */
2565 isc_result_t
2566 ipv6_pond_allocate(struct ipv6_pond **pond, const char *file, int line) {
2567 struct ipv6_pond *tmp;
2568
2569 if (pond == NULL) {
2570 log_error("%s(%d): NULL pointer reference", file, line);
2571 return DHCP_R_INVALIDARG;
2572 }
2573 if (*pond != NULL) {
2574 log_error("%s(%d): non-NULL pointer", file, line);
2575 return DHCP_R_INVALIDARG;
2576 }
2577
2578 tmp = dmalloc(sizeof(*tmp), file, line);
2579 if (tmp == NULL) {
2580 return ISC_R_NOMEMORY;
2581 }
2582
2583 tmp->refcnt = 1;
2584
2585 *pond = tmp;
2586 return ISC_R_SUCCESS;
2587 }
2588
2589 /*!
2590 *
2591 * \brief reference an IPv6 pond structure.
2592 *
2593 * This function genreates a reference to an ipv6_pond structure
2594 * and increments the reference count on the structure.
2595 *
2596 * \param[out] pond = space for returning a referenced pointer to the pond.
2597 * This must point to a space that has been initialzied
2598 * to NULL by the caller.
2599 * \param[in] src = A pointer to the pond to reference. This must not be
2600 * NULL.
2601 *
2602 * \return
2603 * ISC_R_SUCCESS = The pond was successfully referenced, pond now points
2604 * to src.
2605 * DHCP_R_INVALIDARG = One of the arugments was invalid, pond has not been
2606 * modified.
2607 */
2608 isc_result_t
2609 ipv6_pond_reference(struct ipv6_pond **pond, struct ipv6_pond *src,
2610 const char *file, int line) {
2611 if (pond == NULL) {
2612 log_error("%s(%d): NULL pointer reference", file, line);
2613 return DHCP_R_INVALIDARG;
2614 }
2615 if (*pond != NULL) {
2616 log_error("%s(%d): non-NULL pointer", file, line);
2617 return DHCP_R_INVALIDARG;
2618 }
2619 if (src == NULL) {
2620 log_error("%s(%d): NULL pointer reference", file, line);
2621 return DHCP_R_INVALIDARG;
2622 }
2623 *pond = src;
2624 src->refcnt++;
2625 return ISC_R_SUCCESS;
2626 }
2627
2628 /*!
2629 *
2630 * \brief de-reference an IPv6 pond structure.
2631 *
2632 * This function decrements the reference count in an ipv6_pond structure.
2633 * If this was the last reference then the memory for the structure is
2634 * freed.
2635 *
2636 * \param[in] pond = A pointer to the pointer to the pond that should be
2637 * de-referenced. On success the pointer to the pond
2638 * is cleared. It must not be NULL and must not point
2639 * to NULL.
2640 *
2641 * \return
2642 * ISC_R_SUCCESS = The pond was successfully de-referenced, pond now points
2643 * to NULL
2644 * DHCP_R_INVALIDARG = One of the arugments was invalid, pond has not been
2645 * modified.
2646 */
2647
2648 isc_result_t
2649 ipv6_pond_dereference(struct ipv6_pond **pond, const char *file, int line) {
2650 struct ipv6_pond *tmp;
2651
2652 if ((pond == NULL) || (*pond == NULL)) {
2653 log_error("%s(%d): NULL pointer", file, line);
2654 return DHCP_R_INVALIDARG;
2655 }
2656
2657 tmp = *pond;
2658 *pond = NULL;
2659
2660 tmp->refcnt--;
2661 if (tmp->refcnt < 0) {
2662 log_error("%s(%d): negative refcnt", file, line);
2663 tmp->refcnt = 0;
2664 }
2665 if (tmp->refcnt == 0) {
2666 dfree(tmp, file, line);
2667 }
2668
2669 return ISC_R_SUCCESS;
2670 }
2671
2672 #ifdef EUI_64
2673 /*
2674 * Enables/disables EUI-64 address assignment for a pond
2675 *
2676 * Excecutes statements down to the pond's scope and sets the pond's
2677 * use_eui_64 flag accordingly. In addition it iterates over the
2678 * pond's pools ensuring they are all /64. Anything else is deemed
2679 * invalid for EUI-64. It returns the number of invalid pools
2680 * detected. This is done post-parsing as use-eui-64 can be set
2681 * down to the pool scope and we can't reliably do it until the
2682 * entire configuration has been parsed.
2683 */
2684 int
2685 set_eui_64(struct ipv6_pond *pond) {
2686 int invalid_cnt = 0;
2687 struct option_state* options = NULL;
2688 struct option_cache *oc = NULL;
2689 option_state_allocate(&options, MDL);
2690 execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, options,
2691 &global_scope, pond->group, NULL, NULL);
2692
2693 pond->use_eui_64 =
2694 ((oc = lookup_option(&server_universe, options, SV_USE_EUI_64))
2695 &&
2696 (evaluate_boolean_option_cache (NULL, NULL, NULL, NULL,
2697 options, NULL, &global_scope,
2698 oc, MDL)));
2699 if (pond->use_eui_64) {
2700 // Check all pools are valid
2701 int i = 0;
2702 struct ipv6_pool* p;
2703 while((p = pond->ipv6_pools[i++]) != NULL) {
2704 if (p->bits != 64) {
2705 log_error("Pool %s/%d cannot use EUI-64,"
2706 " prefix must 64",
2707 pin6_addr(&p->start_addr), p->bits);
2708 invalid_cnt++;
2709 } else {
2710 log_debug("Pool: %s/%d - will use EUI-64",
2711 pin6_addr(&p->start_addr), p->bits);
2712 }
2713 }
2714 }
2715
2716 /* Don't need the options anymore. */
2717 option_state_dereference(&options, MDL);
2718 return (invalid_cnt);
2719 }
2720 #endif
2721
2722 /*
2723 * Emits a log for each pond that has been flagged as being a "jumbo range"
2724 * A pond is considered a "jumbo range" when the total number of elements
2725 * exceeds the maximum value of POND_TRACK_MAX (currently maximum value
2726 * that can be stored by ipv6_pond.num_total). Since we disable threshold
2727 * logging for jumbo ranges, we need to report this to the user. This
2728 * function allows us to report jumbo ponds after config parsing, so the
2729 * logs can be seen both on the console (-T) and the log facility (i.e syslog).
2730 *
2731 * Note, threshold logging is done at the pond level, so we need emit a list
2732 * of the addresses ranges of the pools in the pond affected.
2733 */
2734 void
2735 report_jumbo_ranges() {
2736 struct shared_network* s;
2737 char log_buf[1084];
2738 #ifdef EUI_64
2739 int invalid_cnt = 0;
2740 #endif
2741
2742 /* Loop thru all the networks looking for jumbo range ponds */
2743 for (s = shared_networks; s; s = s -> next) {
2744 struct ipv6_pond* pond = s->ipv6_pond;
2745 while (pond) {
2746 #ifdef EUI_64
2747 /* while we're here, set the pond's use_eui_64 flag */
2748 invalid_cnt += set_eui_64(pond);
2749 #endif
2750 /* if its a jumbo and has pools(sanity check) */
2751 if (pond->jumbo_range == 1 && (pond->ipv6_pools)) {
2752 struct ipv6_pool* pool;
2753 char *bufptr = log_buf;
2754 size_t space_left = sizeof(log_buf) - 1;
2755 int i = 0;
2756 int used = 0;
2757
2758 /* Build list containing the start-address/CIDR
2759 * of each pool */
2760 *bufptr = '\0';
2761 while ((pool = pond->ipv6_pools[i++]) &&
2762 (space_left > (INET6_ADDRSTRLEN + 6))) {
2763 /* more than one so add a comma */
2764 if (i > 1) {
2765 *bufptr++ = ',';
2766 *bufptr++ = ' ';
2767 *bufptr = '\0';
2768 space_left -= 2;
2769 }
2770
2771 /* add the address */
2772 inet_ntop(AF_INET6, &pool->start_addr,
2773 bufptr, INET6_ADDRSTRLEN);
2774
2775 used = strlen(bufptr);
2776 bufptr += used;
2777 space_left -= used;
2778
2779 /* add the CIDR */
2780 sprintf (bufptr, "/%d",pool->bits);
2781 used = strlen(bufptr);
2782 bufptr += used;
2783 space_left -= used;
2784 *bufptr = '\0';
2785 }
2786
2787 log_info("Threshold logging disabled for shared"
2788 " subnet of ranges: %s", log_buf);
2789 }
2790 pond = pond->next;
2791 }
2792
2793 }
2794
2795 #ifdef EUI_64
2796 if (invalid_cnt) {
2797 log_fatal ("%d pool(s) are invalid for EUI-64 use",
2798 invalid_cnt);
2799 }
2800 #endif
2801 }
2802
2803
2804 /*
2805 * \brief Tests that 16-bit hardware type is less than 256
2806 *
2807 * XXX: DHCPv6 gives a 16-bit field for the htype. DHCPv4 gives an
2808 * 8-bit field. To change the semantics of the generic 'hardware'
2809 * structure, we would have to adjust many DHCPv4 sources (from
2810 * interface to DHCPv4 lease code), and we would have to update the
2811 * 'hardware' config directive (probably being reverse compatible and
2812 * providing a new upgrade/replacement primitive). This is a little
2813 * too much to change for now. Hopefully we will revisit this before
2814 * hardware types exceeding 8 bits are assigned.
2815 *
2816 * Uses a static variable to limit log occurence to once per startup
2817 *
2818 * \param htype hardware type value to test
2819 *
2820 * \return returns 0 if the value is too large
2821 *
2822 */
2823 int htype_bounds_check(uint16_t htype) {
2824 static int log_once = 0;
2825
2826 if (htype & 0xFF00) {
2827 if (!log_once) {
2828 log_error("Attention: At least one client advertises a "
2829 "hardware type of %d, which exceeds the software "
2830 "limitation of 255.", htype);
2831 log_once = 1;
2832 }
2833
2834 return(0);
2835 }
2836
2837 return(1);
2838 }
2839
2840 /*!
2841 * \brief Look for hosts by MAC address if it's available
2842 *
2843 * Checks the inbound packet against host declarations which specified:
2844 *
2845 * "hardware ethernet <MAC>;"
2846 *
2847 * For directly connected clients, the function will use the MAC address
2848 * contained in packet:haddr if it's populated. \TODO - While the logic is in
2849 * place for this search, the socket layer does not yet populate packet:haddr,
2850 * this is to be done under rt41523.
2851 *
2852 * For relayed clients, the function will use the MAC address from the
2853 * client-linklayer-address option if it has been supplied by the relay
2854 * directly connected to the client.
2855 *
2856 * \param hp[out] - pointer to storage for the host delcaration if found
2857 * \param packet - received packet
2858 * \param opt_state - option state to search
2859 * \param file - source file
2860 * \param line - line number
2861 *
2862 * \return non-zero if a matching host was found, zero otherwise
2863 */
2864 int find_hosts_by_haddr6(struct host_decl **hp,
2865 struct packet *packet,
2866 struct option_state *opt_state,
2867 const char *file, int line) {
2868 int found = 0;
2869 int htype;
2870 int hlen;
2871
2872 /* For directly connected clients, use packet:haddr if populated */
2873 if (packet->dhcpv6_container_packet == NULL) {
2874 if (packet->haddr) {
2875 htype = packet->haddr->hbuf[0];
2876 hlen = packet->haddr->hlen - 1,
2877 log_debug("find_hosts_by_haddr6: using packet->haddr,"
2878 " type: %d, len: %d", htype, hlen);
2879 found = find_hosts_by_haddr (hp, htype,
2880 &packet->haddr->hbuf[1],
2881 hlen, MDL);
2882 }
2883 } else {
2884 /* The first container packet is the from the relay directly
2885 * connected to the client. Per RFC 6939, that is only relay
2886 * that may supply the client linklayer address option. */
2887 struct packet *relay_packet = packet->dhcpv6_container_packet;
2888 struct option_state *relay_state = relay_packet->options;
2889 struct data_string rel_addr;
2890 struct option_cache *oc;
2891
2892 /* Look for the option in the first relay packet */
2893 oc = lookup_option(&dhcpv6_universe, relay_state,
2894 D6O_CLIENT_LINKLAYER_ADDR);
2895 if (!oc) {
2896 /* Not there, so bail */
2897 return (0);
2898 }
2899
2900 /* The option is present, fetch the address data */
2901 memset(&rel_addr, 0, sizeof(rel_addr));
2902 if (!evaluate_option_cache(&rel_addr, relay_packet, NULL, NULL,
2903 relay_state, NULL, &global_scope,
2904 oc, MDL)) {
2905 log_error("find_hosts_by_add6:"
2906 "Error evaluating option cache");
2907 return (0);
2908 }
2909
2910 /* The relay address data should be:
2911 * byte 0 - 1 = hardware type
2912 * bytes 2 - hlen = hardware address
2913 * where hlen ( hardware address len) is option data len - 2 */
2914 hlen = rel_addr.len - 2;
2915 if (hlen > 0 && hlen <= HARDWARE_ADDR_LEN) {
2916 htype = getUShort(rel_addr.data);
2917 if (htype_bounds_check(htype)) {
2918 /* Looks valid, let's search with it */
2919 log_debug("find_hosts_by_haddr6:"
2920 "using relayed haddr"
2921 " type: %d, len: %d", htype, hlen);
2922 found = find_hosts_by_haddr (hp, htype,
2923 &rel_addr.data[2],
2924 hlen, MDL);
2925 }
2926 }
2927
2928 data_string_forget(&rel_addr, MDL);
2929 }
2930
2931 return (found);
2932 }
2933
2934 /*
2935 * find_host_by_duid_chaddr() synthesizes a DHCPv4-like 'hardware'
2936 * parameter from a DHCPv6 supplied DUID (client-identifier option),
2937 * and may seek to use client or relay supplied hardware addresses.
2938 */
2939 int
2940 find_hosts_by_duid_chaddr(struct host_decl **host,
2941 const struct data_string *client_id) {
2942 int htype, hlen;
2943 const unsigned char *chaddr;
2944
2945 /*
2946 * The DUID-LL and DUID-LLT must have a 2-byte DUID type and 2-byte
2947 * htype.
2948 */
2949 if (client_id->len < 4)
2950 return 0;
2951
2952 /*
2953 * The third and fourth octets of the DUID-LL and DUID-LLT
2954 * is the hardware type, but in 16 bits.
2955 */
2956 htype = getUShort(client_id->data + 2);
2957 hlen = 0;
2958 chaddr = NULL;
2959
2960 /* The first two octets of the DUID identify the type. */
2961 switch(getUShort(client_id->data)) {
2962 case DUID_LLT:
2963 if (client_id->len > 8) {
2964 hlen = client_id->len - 8;
2965 chaddr = client_id->data + 8;
2966 }
2967 break;
2968
2969 case DUID_LL:
2970 /*
2971 * Note that client_id->len must be greater than or equal
2972 * to four to get to this point in the function.
2973 */
2974 hlen = client_id->len - 4;
2975 chaddr = client_id->data + 4;
2976 break;
2977
2978 default:
2979 break;
2980 }
2981
2982 if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN) ||
2983 !htype_bounds_check(htype)) {
2984 return (0);
2985 }
2986
2987 return find_hosts_by_haddr(host, htype, chaddr, hlen, MDL);
2988 }
2989
2990 /*
2991 * \brief Finds a host record that matches the packet, if any
2992 *
2993 * This function centralizes the logic for matching v6 client
2994 * packets to host declarations. We check in the following order
2995 * for matches with:
2996 *
2997 * 1. client_id if specified
2998 * 2. MAC address when explicitly available
2999 * 3. packet option
3000 * 4. synthesized hardware address - this is done last as some
3001 * synthesis methods are not consided to be reliable
3002 *
3003 * \param[out] host - pointer to storage for the located host
3004 * \param packet - inbound client packet
3005 * \param client_id - client identifier (if one)
3006 * \param file - source file
3007 * \param line - source file line number
3008 * \return non-zero if a host is found, zero otherwise
3009 */
3010 int
3011 find_hosts6(struct host_decl** host, struct packet* packet,
3012 const struct data_string* client_id, char* file, int line) {
3013 return (find_hosts_by_uid(host, client_id->data, client_id->len, MDL)
3014 || find_hosts_by_haddr6(host, packet, packet->options, MDL)
3015 || find_hosts_by_option(host, packet, packet->options, MDL)
3016 || find_hosts_by_duid_chaddr(host, client_id));
3017 }
3018
3019 /* unittest moved to server/tests/mdb6_unittest.c */
Mirror of https://github.com/isc-projects/dhcp.git