#define DHCPV6_DUID_LLADDR 3
#define DHCPV6_REQ_DELAY 1
+#define DHCPV6_SOL_MAX_RT_MIN 60
+#define DHCPV6_SOL_MAX_RT_MAX 86400
+#define DHCPV6_INF_MAX_RT_MIN 60
+#define DHCPV6_INF_MAX_RT_MAX 86400
static bool dhcpv6_response_is_valid(const void *buf, ssize_t len,
const uint8_t transaction[3], enum dhcpv6_msg type,
const void *status_msg, const int len,
bool handled_status_codes[_DHCPV6_Status_Max],
int *ret);
+static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand);
+static void dhcpv6_clear_all_server_cand(void);
static reply_handler dhcpv6_handle_reply;
static reply_handler dhcpv6_handle_advert;
// RFC 3315 - 5.5 Timeout and Delay values
static struct dhcpv6_retx dhcpv6_retx[_DHCPV6_MSG_MAX] = {
[DHCPV6_MSG_UNKNOWN] = {false, 1, 120, 0, "<POLL>",
- dhcpv6_handle_reconfigure, NULL},
- [DHCPV6_MSG_SOLICIT] = {true, 1, 3600, 0, "SOLICIT",
- dhcpv6_handle_advert, dhcpv6_commit_advert},
- [DHCPV6_MSG_REQUEST] = {true, 1, 30, 10, "REQUEST",
- dhcpv6_handle_reply, NULL},
- [DHCPV6_MSG_RENEW] = {false, 10, 600, 0, "RENEW",
- dhcpv6_handle_reply, NULL},
- [DHCPV6_MSG_REBIND] = {false, 10, 600, 0, "REBIND",
- dhcpv6_handle_rebind_reply, NULL},
+ dhcpv6_handle_reconfigure, NULL},
+ [DHCPV6_MSG_SOLICIT] = {true, 1, DHCPV6_SOL_MAX_RT, 0, "SOLICIT",
+ dhcpv6_handle_advert, dhcpv6_commit_advert},
+ [DHCPV6_MSG_REQUEST] = {true, 1, DHCPV6_REQ_MAX_RT, 10, "REQUEST",
+ dhcpv6_handle_reply, NULL},
+ [DHCPV6_MSG_RENEW] = {false, 10, DHCPV6_REN_MAX_RT, 0, "RENEW",
+ dhcpv6_handle_reply, NULL},
+ [DHCPV6_MSG_REBIND] = {false, 10, DHCPV6_REB_MAX_RT, 0, "REBIND",
+ dhcpv6_handle_rebind_reply, NULL},
[DHCPV6_MSG_RELEASE] = {false, 1, 0, 5, "RELEASE", NULL, NULL},
[DHCPV6_MSG_DECLINE] = {false, 1, 0, 5, "DECLINE", NULL, NULL},
- [DHCPV6_MSG_INFO_REQ] = {true, 1, 120, 0, "INFOREQ",
- dhcpv6_handle_reply, NULL},
+ [DHCPV6_MSG_INFO_REQ] = {true, 1, DHCPV6_INF_MAX_RT, 0, "INFOREQ",
+ dhcpv6_handle_reply, NULL},
};
sizeof(ifr.ifr_name));
if (ioctl(sock, SIOCGIFHWADDR, &ifr) < 0)
continue;
+
memcpy(&duid[8], ifr.ifr_hwaddr.sa_data,
ETHER_ADDR_LEN);
}
htons(DHCPV6_OPT_NTP_SERVER),
htons(DHCPV6_OPT_AFTR_NAME),
htons(DHCPV6_OPT_PD_EXCLUDE),
+ htons(DHCPV6_OPT_SOL_MAX_RT),
+ htons(DHCPV6_OPT_INF_MAX_RT),
#ifdef EXT_PREFIX_CLASS
htons(DHCPV6_OPT_PREFIX_CLASS),
#endif
};
odhcp6c_add_state(STATE_ORO, oro, sizeof(oro));
- do {
- // Configure IPv6-options
- int val = 1;
- if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val)) < 0)
- break;
- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0)
- break;
- if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val)) < 0)
- break;
-
- val = 0;
- if (setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val)) < 0)
- break;
- if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)) < 0)
- break;
-
- struct sockaddr_in6 client_addr = { .sin6_family = AF_INET6,
- .sin6_port = htons(DHCPV6_CLIENT_PORT), .sin6_flowinfo = 0 };
- if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr)) < 0)
- break;
-
- return 0;
- } while (0);
+ // Configure IPv6-options
+ int val = 1;
+ setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val));
+ setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
+ setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val));
+ val = 0;
+ setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val));
+ setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
+
+ struct sockaddr_in6 client_addr = { .sin6_family = AF_INET6,
+ .sin6_port = htons(DHCPV6_CLIENT_PORT), .sin6_flowinfo = 0 };
+ if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr)) < 0)
+ return -1;
- return -1;
+ return 0;
}
}
// Receive rounds
- for (; len < 0 && round_start < round_end;
+ for (; len < 0 && (round_start < round_end);
round_start = odhcp6c_get_milli_time()) {
uint8_t buf[1536], cmsg_buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
struct iovec iov = {buf, sizeof(buf)};
return false;
}
- uint8_t *end = ((uint8_t*)buf) + len, *odata,
+ uint8_t *end = ((uint8_t*)buf) + len, *odata = NULL,
rcmsg = DHCPV6_MSG_UNKNOWN;
- uint16_t otype, olen;
+ uint16_t otype, olen = UINT16_MAX;
bool clientid_ok = false, serverid_ok = false, rcauth_ok = false,
ia_present = false, options_valid = true;
if (r->protocol != 3 || r->algorithm != 1 || r->reconf_type != 2)
continue;
- md5_state_t md5;
+ md5_ctx_t md5;
uint8_t serverhash[16], secretbytes[16], hash[16];
memcpy(serverhash, r->key, sizeof(serverhash));
memset(r->key, 0, sizeof(r->key));
for (size_t i = 0; i < sizeof(secretbytes); ++i)
secretbytes[i] ^= 0x36;
- md5_init(&md5);
- md5_append(&md5, secretbytes, sizeof(secretbytes));
- md5_append(&md5, buf, len);
- md5_finish(&md5, hash);
+ md5_begin(&md5);
+ md5_hash(secretbytes, sizeof(secretbytes), &md5);
+ md5_hash(buf, len, &md5);
+ md5_end(hash, &md5);
for (size_t i = 0; i < sizeof(secretbytes); ++i) {
secretbytes[i] ^= 0x36;
secretbytes[i] ^= 0x5c;
}
- md5_init(&md5);
- md5_append(&md5, secretbytes, sizeof(secretbytes));
- md5_append(&md5, hash, 16);
- md5_finish(&md5, hash);
+ md5_begin(&md5);
+ md5_hash(secretbytes, sizeof(secretbytes), &md5);
+ md5_hash(hash, 16, &md5);
+ md5_end(hash, &md5);
rcauth_ok = !memcmp(hash, serverhash, sizeof(hash));
} else if (otype == DHCPV6_OPT_RECONF_MESSAGE && olen == 1) {
}
}
- if (!options_valid)
+ if (!options_valid || ((odata + olen) > end))
return false;
if (type == DHCPV6_MSG_INFO_REQ && ia_present)
{
uint16_t olen, otype;
uint8_t *odata, pref = 0;
- struct dhcpv6_server_cand cand = {false, false, 0, 0, {0}, NULL, NULL, 0, 0};
+ struct dhcpv6_server_cand cand = {false, false, 0, 0, {0},
+ DHCPV6_SOL_MAX_RT,
+ DHCPV6_INF_MAX_RT, NULL, NULL, 0, 0};
bool have_na = false;
int have_pd = 0;
switch (error) {
case DHCPV6_NoPrefixAvail:
// Status code on global level
- if (pd_mode == IA_MODE_FORCE)
- return -1;
cand.preference -= 2000;
break;
- case DHCPV6_NoAddrsAvail:
- // Status code on global level
- if (na_mode == IA_MODE_FORCE)
- return -1;
- break;
-
default :
break;
}
cand.preference = pref = odata[0];
} else if (otype == DHCPV6_OPT_RECONF_ACCEPT) {
cand.wants_reconfigure = true;
+ } else if (otype == DHCPV6_OPT_SOL_MAX_RT && olen == 4) {
+ uint32_t sol_max_rt = ntohl(*((uint32_t *)odata));
+ if (sol_max_rt >= DHCPV6_SOL_MAX_RT_MIN &&
+ sol_max_rt <= DHCPV6_SOL_MAX_RT_MAX)
+ cand.sol_max_rt = sol_max_rt;
+ } else if (otype == DHCPV6_OPT_INF_MAX_RT && olen == 4) {
+ uint32_t inf_max_rt = ntohl(*((uint32_t *)odata));
+ if (inf_max_rt >= DHCPV6_INF_MAX_RT_MIN &&
+ inf_max_rt <= DHCPV6_INF_MAX_RT_MAX)
+ cand.inf_max_rt = inf_max_rt;
} else if (otype == DHCPV6_OPT_IA_PD && request_prefix) {
struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
uint8_t *oend = odata + olen, *d;
}
if ((!have_na && na_mode == IA_MODE_FORCE) ||
- (!have_pd && pd_mode == IA_MODE_FORCE))
+ (!have_pd && pd_mode == IA_MODE_FORCE)) {
+ /*
+ * RFC7083 states to process the SOL_MAX_RT and
+ * INF_MAX_RT options even if the DHCPv6 server
+ * did not propose any IA_NA and/or IA_PD
+ */
+ dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand.sol_max_rt;
+ dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand.inf_max_rt;
return -1;
+ }
if (na_mode != IA_MODE_NONE && !have_na) {
cand.has_noaddravail = true;
if (cand.duid_len > 0) {
cand.ia_na = odhcp6c_move_state(STATE_IA_NA, &cand.ia_na_len);
cand.ia_pd = odhcp6c_move_state(STATE_IA_PD, &cand.ia_pd_len);
- odhcp6c_add_state(STATE_SERVER_CAND, &cand, sizeof(cand));
+ dhcpv6_add_server_cand(&cand);
}
return (rc > 1 || (pref == 255 && cand.preference > 0)) ? 1 : -1;
static int dhcpv6_commit_advert(void)
{
- size_t cand_len;
- struct dhcpv6_server_cand *c = NULL, *cand =
- odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
-
- bool retry = false;
- for (size_t i = 0; i < cand_len / sizeof(*c); ++i) {
- if (cand[i].has_noaddravail)
- retry = true; // We want to try again
-
- if (!c || c->preference < cand[i].preference)
- c = &cand[i];
- }
-
- if (retry && na_mode == IA_MODE_TRY) {
- // We give it a second try without the IA_NA
- na_mode = IA_MODE_NONE;
- return dhcpv6_request(DHCPV6_MSG_SOLICIT);
- }
-
- if (c) {
- uint16_t hdr[2] = {htons(DHCPV6_OPT_SERVERID),
- htons(c->duid_len)};
- odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr));
- odhcp6c_add_state(STATE_SERVER_ID, c->duid, c->duid_len);
- accept_reconfig = c->wants_reconfigure;
- if (c->ia_na_len)
- odhcp6c_add_state(STATE_IA_NA, c->ia_na, c->ia_na_len);
- if (c->ia_pd_len)
- odhcp6c_add_state(STATE_IA_PD, c->ia_pd, c->ia_pd_len);
- }
-
- for (size_t i = 0; i < cand_len / sizeof(*c); ++i) {
- free(cand[i].ia_na);
- free(cand[i].ia_pd);
- }
- odhcp6c_clear_state(STATE_SERVER_CAND);
-
- if (!c)
- return -1;
- else if ((request_prefix && c->ia_pd_len) || (na_mode != IA_MODE_NONE && c->ia_na_len))
- return DHCPV6_STATEFUL;
- else
- return DHCPV6_STATELESS;
+ return dhcpv6_promote_server_cand();
}
odhcp6c_get_state(STATE_AFTR_NAME, &cur_len);
if (cur_len == 0)
odhcp6c_add_state(STATE_AFTR_NAME, odata, olen);
- } else if (otype != DHCPV6_OPT_CLIENTID &&
+ } else if (otype == DHCPV6_OPT_SOL_MAX_RT && olen == 4) {
+ uint32_t sol_max_rt = ntohl(*((uint32_t *)odata));
+ if (sol_max_rt >= DHCPV6_SOL_MAX_RT_MIN &&
+ sol_max_rt <= DHCPV6_SOL_MAX_RT_MAX)
+ dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_max_rt;
+ } else if (otype == DHCPV6_OPT_INF_MAX_RT && olen == 4) {
+ uint32_t inf_max_rt = ntohl(*((uint32_t *)odata));
+ if (inf_max_rt >= DHCPV6_INF_MAX_RT_MIN &&
+ inf_max_rt <= DHCPV6_INF_MAX_RT_MAX)
+ dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = inf_max_rt;
+ }else if (otype != DHCPV6_OPT_CLIENTID &&
otype != DHCPV6_OPT_SERVERID) {
odhcp6c_add_state(STATE_CUSTOM_OPTS,
&odata[-4], olen + 4);
ret = -1;
break;
+ case DHCPV6_MSG_REQUEST:
+ // All server candidates can be cleared if not yet bound
+ if (!odhcp6c_is_bound())
+ dhcpv6_clear_all_server_cand();
+
default :
break;
}
}
}
- else if (ret > 0)
+ else if (ret > 0) {
+ // All server candidates can be cleared if not yet bound
+ if (!odhcp6c_is_bound())
+ dhcpv6_clear_all_server_cand();
+
t1 = refresh;
+ }
return ret;
}
uint8_t *sdata;
#ifdef EXT_PREFIX_CLASS
- // Find prefix class, if any
+ // Find prefix class, if any
dhcpv6_for_each_option(&prefix[1], odata + olen,
stype, slen, sdata)
if (stype == DHCPV6_OPT_PREFIX_CLASS && slen == 2)
t1 = l_t1;
t2 = l_t2;
t3 = l_t3;
+ } else {
+ t1 = 600;
}
return (int)(ia_pd_entries + ia_na_entries);
break;
}
}
+
+static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand)
+{
+ size_t cand_len, i;
+ struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
+
+ // Remove identical duid server candidate
+ for (i = 0; i < cand_len / sizeof(*c); ++i) {
+ if (cand->duid_len == c[i].duid_len &&
+ !memcmp(cand->duid, c[i].duid, cand->duid_len)) {
+ free(c[i].ia_na);
+ free(c[i].ia_pd);
+ odhcp6c_remove_state(STATE_SERVER_CAND, i * sizeof(*c), sizeof(*c));
+ break;
+ }
+ }
+
+ for (i = 0, c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
+ i < cand_len / sizeof(*c); ++i) {
+ if (c[i].preference < cand->preference)
+ break;
+ }
+
+ odhcp6c_insert_state(STATE_SERVER_CAND, i * sizeof(*c), cand, sizeof(*cand));
+}
+
+static void dhcpv6_clear_all_server_cand(void)
+{
+ size_t cand_len, i;
+ struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
+
+ // Server candidates need deep delete for IA_NA/IA_PD
+ for (i = 0; i < cand_len / sizeof(*c); ++i) {
+ free(c[i].ia_na);
+ free(c[i].ia_pd);
+ }
+ odhcp6c_clear_state(STATE_SERVER_CAND);
+}
+
+int dhcpv6_promote_server_cand(void)
+{
+ size_t cand_len;
+ struct dhcpv6_server_cand *cand = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
+ uint16_t hdr[2];
+ int ret = (na_mode == IA_MODE_NONE && pd_mode == IA_MODE_NONE) ?
+ DHCPV6_STATELESS : DHCPV6_STATEFUL;
+
+ // Clear lingering candidate state info
+ odhcp6c_clear_state(STATE_SERVER_ID);
+ odhcp6c_clear_state(STATE_IA_NA);
+ odhcp6c_clear_state(STATE_IA_PD);
+
+ if (!cand_len)
+ return -1;
+
+ if (cand->has_noaddravail && na_mode == IA_MODE_TRY) {
+ na_mode = IA_MODE_NONE;
+
+ dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand->sol_max_rt;
+ dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand->inf_max_rt;
+
+ return dhcpv6_request(DHCPV6_MSG_SOLICIT);
+ }
+
+ hdr[0] = htons(DHCPV6_OPT_SERVERID);
+ hdr[1] = htons(cand->duid_len);
+ odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr));
+ odhcp6c_add_state(STATE_SERVER_ID, cand->duid, cand->duid_len);
+ accept_reconfig = cand->wants_reconfigure;
+ if (cand->ia_na_len) {
+ odhcp6c_add_state(STATE_IA_NA, cand->ia_na, cand->ia_na_len);
+ free(cand->ia_na);
+ if (na_mode != IA_MODE_NONE)
+ ret = DHCPV6_STATEFUL;
+ }
+ if (cand->ia_pd_len) {
+ odhcp6c_add_state(STATE_IA_PD, cand->ia_pd, cand->ia_pd_len);
+ free(cand->ia_pd);
+ if (request_prefix)
+ ret = DHCPV6_STATEFUL;
+ }
+
+ dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand->sol_max_rt;
+ dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand->inf_max_rt;
+
+ odhcp6c_remove_state(STATE_SERVER_CAND, 0, sizeof(*cand));
+
+ return ret;
+}