Reply authentication every time we send a message as have updated

the elapsed time.

diff --git a/auth.c b/auth.c
index e088bd3e2a96b2113c872703019e733a76e296d6..b3a583d71bbd871ccd9b163a032bc9be0564249a 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -328,7 +328,9 @@ get_next_rdm_monotonic(void)
 
        rdm++;
        fseek(fp, 0, SEEK_SET);
-       if (fprintf(fp, "0x%016" PRIu64 "\n", rdm) != 19) {
+       if (ftruncate(fileno(fp)) == -1 ||
+           fprintf(fp, "0x%016" PRIu64 "\n", rdm) != 19)
+       {
                if (!last_rdm_set) {
                        last_rdm = rdm;
                        last_rdm_set = 1;

diff --git a/dhcp6.c b/dhcp6.c
index 65039c84b6124a5ac3cf905f5e4b531d51ea88a4..132951b672ca961542e0c1a2b9b8e70bf15964ca 100644 (file)
--- a/dhcp6.c
+++ b/dhcp6.c
@@ -669,16 +669,7 @@ dhcp6_makemessage(struct interface *ifp)
                o = D6_NEXT_OPTION(o);
                o->code = htons(D6_OPTION_AUTH);
                o->len = htons(auth_len);
-               if (dhcp_auth_encode(&ifo->auth, state->auth.token,
-                   (uint8_t *)state->send, state->send_len,
-                   6, state->send->type,
-                   D6_OPTION_DATA(o), auth_len) == -1) 
-               {
-                       printf ("oh dear\n");
-                       free(state->send);
-                       state->send = NULL;
-                       return -1;
-               }
+               /* data will be filled at send message time */
        }
 
        return 0;
@@ -721,6 +712,27 @@ static void dhcp6_delete_delegates(struct interface *ifp)
        }
 }
 
+
+static int
+dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, ssize_t len)
+{
+       struct dhcp6_state *state;
+       const struct dhcp6_option *co;
+       struct dhcp6_option *o;
+
+       co = dhcp6_getmoption(D6_OPTION_AUTH, m, len);
+       if (co == NULL)
+               return -1;
+
+       o = __UNCONST(co);
+       state = D6_STATE(ifp);
+
+       return dhcp_auth_encode(&ifp->options->auth, state->auth.token,
+           (uint8_t *)state->send, state->send_len,
+           6, state->send->type,
+           D6_OPTION_DATA(o), ntohs(o->len));
+}
+
 static int
 dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *))
 {
@@ -840,6 +852,10 @@ logsend:
 
        /* Update the elapsed time */
        dhcp6_updateelapsed(ifp, state->send, state->send_len);
+       if (dhcp6_update_auth(ifp, state->send, state->send_len) == -1) {
+               syslog(LOG_ERR, "%s: dhcp6_updateauth: %m", ifp->name);
+               return -1;
+       }
 
        to.sin6_scope_id = ifp->index;
        sndhdr.msg_name = (caddr_t)&to;

diff --git a/dhcpcd.8.in b/dhcpcd.8.in
index 5a1c25034193c2474d5377620cd53ebddd55bd02..8c12c6ab4355f47e21450793ae43574d15fbfcb7 100644 (file)
--- a/dhcpcd.8.in
+++ b/dhcpcd.8.in
@@ -670,7 +670,3 @@ of the last replay value
 sent reset.
 We could change this to use a NTP time stamp instead, but it's
 more likely the RTC on this host is broken which would cause the same result.
-.Pp
-WIDE DHCPv6 server sometimes fails to authenticate a
-.Nm
-message.