#include <net/ethernet.h>
#include "odhcp6c.h"
+#include "md5.h"
#define ALL_DHCPV6_RELAYS {{{0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\
static struct dhcpv6_retx dhcpv6_retx[_DHCPV6_MSG_MAX] = {
[DHCPV6_MSG_UNKNOWN] = {false, 1, 120, "<POLL>",
dhcpv6_handle_reconfigure, NULL},
- [DHCPV6_MSG_SOLICIT] = {true, 1, 120, "SOLICIT",
+ [DHCPV6_MSG_SOLICIT] = {true, 1, 3600, "SOLICIT",
dhcpv6_handle_advert, dhcpv6_commit_advert},
[DHCPV6_MSG_REQUEST] = {true, 30, 10, "REQUEST",
dhcpv6_handle_reply, NULL},
static enum odhcp6c_ia_mode na_mode = IA_MODE_NONE;
static bool accept_reconfig = false;
+// Reconfigure key
+static uint8_t reconf_key[16];
+
int init_dhcpv6(const char *ifname, int request_pd)
}
// Create ORO
- uint16_t oro[] = {htons(DHCPV6_OPT_DNS_SERVERS),
+ uint16_t oro[] = {
+ htons(DHCPV6_OPT_SIP_SERVER_D),
+ htons(DHCPV6_OPT_SIP_SERVER_A),
+ htons(DHCPV6_OPT_DNS_SERVERS),
htons(DHCPV6_OPT_DNS_DOMAIN),
htons(DHCPV6_OPT_NTP_SERVER),
- htons(DHCPV6_OPT_SIP_SERVER_A),
- htons(DHCPV6_OPT_SIP_SERVER_D),
- htons(DHCPV6_OPT_PD_EXCLUDE)};
+ htons(DHCPV6_OPT_AFTR_NAME),
+ htons(DHCPV6_OPT_PD_EXCLUDE),
+ };
odhcp6c_add_state(STATE_ORO, oro, sizeof(oro));
{&oro_refresh, 0},
{cl_id, cl_id_len},
{srv_id, srv_id_len},
- {&reconf_accept, 0},
+ {&reconf_accept, sizeof(reconf_accept)},
{&fqdn, fqdn_len},
{&hdr_ia_na, sizeof(hdr_ia_na)},
{ia_na, ia_na_len},
}
// Disable IAs if not used
- if (type == DHCPV6_MSG_SOLICIT) {
- iov[5].iov_len = sizeof(reconf_accept);
- } else if (type != DHCPV6_MSG_REQUEST) {
+ if (type != DHCPV6_MSG_REQUEST && type != DHCPV6_MSG_SOLICIT) {
+ iov[5].iov_len = 0;
if (ia_na_len == 0)
iov[7].iov_len = 0;
if (ia_pd_len == 0)
uint64_t start = odhcp6c_get_milli_time(), round_start = start, elapsed;
// Generate transaction ID
- uint8_t trid[3];
- odhcp6c_random(trid, sizeof(trid));
+ uint8_t trid[3] = {0, 0, 0};
+ if (type != DHCPV6_MSG_UNKNOWN)
+ odhcp6c_random(trid, sizeof(trid));
ssize_t len = -1;
int64_t rto = 0;
uint8_t *end = ((uint8_t*)buf) + len, *odata;
uint16_t otype, olen;
- bool clientid_ok = false, serverid_ok = false;
+ bool clientid_ok = false, serverid_ok = false, rcauth_ok = false;
size_t client_id_len, server_id_len;
void *client_id = odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len);
void *server_id = odhcp6c_get_state(STATE_SERVER_ID, &server_id_len);
- dhcpv6_for_each_option(&rep[1], end, otype, olen, odata)
- if (otype == DHCPV6_OPT_CLIENTID)
+ dhcpv6_for_each_option(&rep[1], end, otype, olen, odata) {
+ if (otype == DHCPV6_OPT_CLIENTID) {
clientid_ok = (olen + 4U == client_id_len) && !memcmp(
&odata[-4], client_id, client_id_len);
- else if (otype == DHCPV6_OPT_SERVERID)
+ } else if (otype == DHCPV6_OPT_SERVERID) {
serverid_ok = (olen + 4U == server_id_len) && !memcmp(
&odata[-4], server_id, server_id_len);
+ } else if (otype == DHCPV6_OPT_AUTH && olen == -4 +
+ sizeof(struct dhcpv6_auth_reconfigure)) {
+ struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4];
+ if (r->protocol != 3 || r->algorithm != 1 || r->reconf_type != 2)
+ continue;
+
+ md5_state_t md5;
+ uint8_t serverhash[16], secretbytes[16], hash[16];
+ memcpy(serverhash, r->key, sizeof(serverhash));
+ memset(r->key, 0, sizeof(r->key));
+ memcpy(secretbytes, reconf_key, sizeof(secretbytes));
+
+ for (size_t i = 0; i < sizeof(secretbytes); ++i)
+ secretbytes[i] ^= 0x36;
+
+ md5_init(&md5);
+ md5_append(&md5, secretbytes, sizeof(secretbytes));
+ md5_append(&md5, buf, len);
+ md5_finish(&md5, hash);
+
+ for (size_t i = 0; i < sizeof(secretbytes); ++i) {
+ secretbytes[i] ^= 0x36;
+ secretbytes[i] ^= 0x5c;
+ }
+
+ md5_init(&md5);
+ md5_append(&md5, secretbytes, sizeof(secretbytes));
+ md5_append(&md5, hash, 16);
+ md5_finish(&md5, hash);
+
+ rcauth_ok = !memcmp(hash, serverhash, sizeof(hash));
+ }
+ }
+
+ if (rep->msg_type == DHCPV6_MSG_RECONF && !rcauth_ok)
+ return false;
return clientid_ok && (serverid_ok || server_id_len == 0);
}
} else if (otype == DHCPV6_OPT_RECONF_ACCEPT) {
cand.wants_reconfigure = true;
} else if (otype == DHCPV6_OPT_IA_PD && request_prefix) {
- struct dhcpv6_ia_hdr *h = (void*)odata;
+ struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
uint8_t *oend = odata + olen, *d;
dhcpv6_for_each_option(&h[1], oend, otype, olen, d) {
if (otype == DHCPV6_OPT_IA_PREFIX)
uint8_t *odata;
uint16_t otype, olen;
- static time_t last_update = 0;
- time_t now = odhcp6c_get_milli_time() / 1000;
-
- uint32_t elapsed = now - last_update;
odhcp6c_expire();
if (orig == DHCPV6_MSG_UNKNOWN) {
+ static time_t last_update = 0;
+ time_t now = odhcp6c_get_milli_time() / 1000;
+
+ uint32_t elapsed = (last_update > 0) ? now - last_update : 0;
+ last_update = now;
+
t1 -= elapsed;
t2 -= elapsed;
t3 -= elapsed;
odhcp6c_clear_state(STATE_SNTP_FQDN);
odhcp6c_clear_state(STATE_SIP_IP);
odhcp6c_clear_state(STATE_SIP_FQDN);
+ odhcp6c_clear_state(STATE_AFTR_NAME);
}
// Parse and find all matching IAs
uint32_t refresh = ntohl(*((uint32_t*)odata));
if (refresh < (uint32_t)t1)
t1 = refresh;
+ } else if (otype == DHCPV6_OPT_AUTH && olen == -4 +
+ sizeof(struct dhcpv6_auth_reconfigure)) {
+ struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4];
+ if (r->protocol == 3 && r->algorithm == 1 &&
+ r->reconf_type == 1)
+ memcpy(reconf_key, r->key, sizeof(r->key));
+ } else if (otype == DHCPV6_OPT_AFTR_NAME && olen > 3) {
+ size_t cur_len;
+ odhcp6c_get_state(STATE_AFTR_NAME, &cur_len);
+ if (cur_len == 0)
+ odhcp6c_add_state(STATE_AFTR_NAME, odata, olen);
} else if (otype != DHCPV6_OPT_CLIENTID &&
otype != DHCPV6_OPT_SERVERID) {
odhcp6c_add_state(STATE_CUSTOM_OPTS,