X-Git-Url: https://git.decadent.org.uk/gitweb/?p=odhcp6c.git;a=blobdiff_plain;f=src%2Fdhcpv6.c;h=cd8e43800dca33315047cd000262a5697c985be5;hp=08e322554ee738c236ffcb00bfd715913c80f09b;hb=68ac18ed5d5b4c2d403396764f08c92a160b4a18;hpb=24c064ccbf819f85c8709ea60acb3b278377b408 diff --git a/src/dhcpv6.c b/src/dhcpv6.c index 08e3225..cd8e438 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -44,9 +45,22 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, - const uint8_t transaction[3], enum dhcpv6_msg type); - -static uint32_t dhcpv6_parse_ia(void *opt, void *end); + const uint8_t transaction[3], enum dhcpv6_msg type, + const struct in6_addr *daddr); + +static int dhcpv6_parse_ia(void *opt, void *end); + +static int dhcpv6_calc_refresh_timers(void); +static void dhcpv6_handle_status_code(_unused const enum dhcpv6_msg orig, + const uint16_t code, const void *status_msg, const int len, + int *ret); +static void dhcpv6_handle_ia_status_code(const enum dhcpv6_msg orig, + const struct dhcpv6_ia_hdr *ia_hdr, const uint16_t code, + const void *status_msg, const int len, + bool handled_status_codes[_DHCPV6_Status_Max], + int *ret); +static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand); +static void dhcpv6_clear_all_server_cand(void); static reply_handler dhcpv6_handle_reply; static reply_handler dhcpv6_handle_advert; @@ -84,23 +98,26 @@ static int64_t t1 = 0, t2 = 0, t3 = 0; static int request_prefix = -1; static enum odhcp6c_ia_mode na_mode = IA_MODE_NONE, pd_mode = IA_MODE_NONE; static bool accept_reconfig = false; +// Server unicast address +static struct in6_addr server_addr = IN6ADDR_ANY_INIT; // Reconfigure key static uint8_t reconf_key[16]; - int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) { request_prefix = request_pd; dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_timeout; sock = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP); + if (sock < 0) + return -1; // Detect interface struct ifreq ifr; strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(sock, SIOCGIFINDEX, &ifr)) + if (ioctl(sock, SIOCGIFINDEX, &ifr) < 0) return -1; ifindex = ifr.ifr_ifindex; @@ -108,10 +125,11 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) size_t client_id_len; odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len); if (client_id_len == 0) { - ioctl(sock, SIOCGIFHWADDR, &ifr); uint8_t duid[14] = {0, DHCPV6_OPT_CLIENTID, 0, 10, 0, DHCPV6_DUID_LLADDR, 0, 1}; - memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); + + if (ioctl(sock, SIOCGIFHWADDR, &ifr) >= 0) + memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); uint8_t zero[ETHER_ADDR_LEN] = {0, 0, 0, 0, 0, 0}; struct ifreq ifs[100], *ifp, *ifend; @@ -124,10 +142,12 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) // If our interface doesn't have an address... ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq)); for (ifp = ifc.ifc_req; ifp < ifend && - !memcmp(&duid[8], zero, 6); ifp++) { + !memcmp(&duid[8], zero, ETHER_ADDR_LEN); ifp++) { memcpy(ifr.ifr_name, ifp->ifr_name, sizeof(ifr.ifr_name)); - ioctl(sock, SIOCGIFHWADDR, &ifr); + if (ioctl(sock, SIOCGIFHWADDR, &ifr) < 0) + continue; + memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); } @@ -142,8 +162,8 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) htons(DHCPV6_OPT_SIP_SERVER_A), htons(DHCPV6_OPT_DNS_SERVERS), htons(DHCPV6_OPT_DNS_DOMAIN), + htons(DHCPV6_OPT_UNICAST), htons(DHCPV6_OPT_NTP_SERVER), - htons(DHCPV6_OPT_SIP_SERVER_A), htons(DHCPV6_OPT_AFTR_NAME), htons(DHCPV6_OPT_PD_EXCLUDE), #ifdef EXT_PREFIX_CLASS @@ -152,18 +172,18 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) }; odhcp6c_add_state(STATE_ORO, oro, sizeof(oro)); - // Configure IPv6-options int val = 1; setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val)); setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)); + setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val)); val = 0; setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val)); setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)); struct sockaddr_in6 client_addr = { .sin6_family = AF_INET6, .sin6_port = htons(DHCPV6_CLIENT_PORT), .sin6_flowinfo = 0 }; - if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr))) + if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr)) < 0) return -1; return 0; @@ -348,7 +368,29 @@ static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs) 0, ALL_DHCPV6_RELAYS, ifindex}; struct msghdr msg = {&srv, sizeof(srv), iov, cnt, NULL, 0, 0}; - sendmsg(sock, &msg, 0); + switch (type) { + case DHCPV6_MSG_REQUEST: + case DHCPV6_MSG_RENEW: + case DHCPV6_MSG_RELEASE: + case DHCPV6_MSG_DECLINE: + if (!IN6_IS_ADDR_UNSPECIFIED(&server_addr) && + odhcp6c_addr_in_scope(&server_addr)) { + srv.sin6_addr = server_addr; + if (!IN6_IS_ADDR_LINKLOCAL(&server_addr)) + srv.sin6_scope_id = 0; + } + break; + default: + break; + } + + if (sendmsg(sock, &msg, 0) < 0) { + char in6_str[INET6_ADDRSTRLEN]; + + syslog(LOG_ERR, "Failed to send DHCPV6 message to %s (%s)", + inet_ntop(AF_INET6, (const void *)&srv.sin6_addr, + in6_str, sizeof(in6_str)), strerror(errno)); + } } @@ -362,7 +404,7 @@ static int64_t dhcpv6_rand_delay(int64_t time) int dhcpv6_request(enum dhcpv6_msg type) { - uint8_t buf[1536], rc = 0; + uint8_t rc = 0; uint64_t timeout = UINT32_MAX; struct dhcpv6_retx *retx = &dhcpv6_retx[type]; @@ -382,7 +424,8 @@ int dhcpv6_request(enum dhcpv6_msg type) if (timeout == 0) return -1; - syslog(LOG_NOTICE, "Starting %s transaction (timeout %llus, max rc %d)", retx->name, timeout, retx->max_rc); + syslog(LOG_NOTICE, "Starting %s transaction (timeout %llus, max rc %d)", + retx->name, (unsigned long long)timeout, retx->max_rc); uint64_t start = odhcp6c_get_milli_time(), round_start = start, elapsed; @@ -420,14 +463,22 @@ int dhcpv6_request(enum dhcpv6_msg type) // Built and send package if (type != DHCPV6_MSG_UNKNOWN) { - syslog(LOG_NOTICE, "Send %s message (elapsed %llums, rc %d)", retx->name, elapsed, rc); + if (type != DHCPV6_MSG_SOLICIT) + syslog(LOG_NOTICE, "Send %s message (elapsed %llums, rc %d)", + retx->name, (unsigned long long)elapsed, rc); dhcpv6_send(type, trid, elapsed / 10); rc++; } // Receive rounds - for (; len < 0 && round_start < round_end; + for (; len < 0 && (round_start < round_end); round_start = odhcp6c_get_milli_time()) { + uint8_t buf[1536], cmsg_buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; + struct iovec iov = {buf, sizeof(buf)}; + struct msghdr msg = {NULL, 0, &iov, 1, + cmsg_buf, sizeof(cmsg_buf), 0}; + struct in6_pktinfo *pktinfo = NULL; + // Check for pending signal if (odhcp6c_signal_process()) return -1; @@ -439,27 +490,43 @@ int dhcpv6_request(enum dhcpv6_msg type) &timeout, sizeof(timeout)); // Receive cycle - len = recv(sock, buf, sizeof(buf), 0); + len = recvmsg(sock, &msg, 0); + if (len < 0) + continue; - if (!dhcpv6_response_is_valid(buf, len, trid, type)) + for (struct cmsghdr *ch = CMSG_FIRSTHDR(&msg); ch != NULL; + ch = CMSG_NXTHDR(&msg, ch)) { + if (ch->cmsg_level == SOL_IPV6 && + ch->cmsg_type == IPV6_PKTINFO) { + pktinfo = (struct in6_pktinfo *)CMSG_DATA(ch); + break; + } + } + + if (pktinfo == NULL) { len = -1; + continue; + } - if (len > 0) { - uint8_t *opt = &buf[4]; - uint8_t *opt_end = opt + len - 4; + if (!dhcpv6_response_is_valid(buf, len, trid, + type, &pktinfo->ipi6_addr)) { + len = -1; + continue; + } - round_start = odhcp6c_get_milli_time(); - elapsed = round_start - start; - syslog(LOG_NOTICE, "Got a valid reply after " - "%llums", elapsed); + uint8_t *opt = &buf[4]; + uint8_t *opt_end = opt + len - 4; - if (retx->handler_reply) - len = retx->handler_reply( - type, rc, opt, opt_end); + round_start = odhcp6c_get_milli_time(); + elapsed = round_start - start; + syslog(LOG_NOTICE, "Got a valid reply after " + "%llums", (unsigned long long)elapsed); - if (len > 0 && round_end - round_start > 1000) - round_end = 1000 + round_start; - } + if (retx->handler_reply) + len = retx->handler_reply(type, rc, opt, opt_end); + + if (len > 0 && round_end - round_start > 1000) + round_end = 1000 + round_start; } // Allow @@ -470,9 +537,10 @@ int dhcpv6_request(enum dhcpv6_msg type) return len; } - +// Message validation checks according to RFC3315 chapter 15 static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, - const uint8_t transaction[3], enum dhcpv6_msg type) + const uint8_t transaction[3], enum dhcpv6_msg type, + const struct in6_addr *daddr) { const struct dhcpv6_header *rep = buf; if (len < (ssize_t)sizeof(*rep) || memcmp(rep->tr_id, @@ -490,9 +558,11 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, return false; } - uint8_t *end = ((uint8_t*)buf) + len, *odata; + uint8_t *end = ((uint8_t*)buf) + len, *odata, + rcmsg = DHCPV6_MSG_UNKNOWN; uint16_t otype, olen; - bool clientid_ok = false, serverid_ok = false, rcauth_ok = false; + bool clientid_ok = false, serverid_ok = false, rcauth_ok = false, + ia_present = false, options_valid = true; size_t client_id_len, server_id_len; void *client_id = odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len); @@ -503,8 +573,11 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, clientid_ok = (olen + 4U == client_id_len) && !memcmp( &odata[-4], client_id, client_id_len); } else if (otype == DHCPV6_OPT_SERVERID) { - serverid_ok = (olen + 4U == server_id_len) && !memcmp( - &odata[-4], server_id, server_id_len); + if (server_id_len) + serverid_ok = (olen + 4U == server_id_len) && !memcmp( + &odata[-4], server_id, server_id_len); + else + serverid_ok = true; } else if (otype == DHCPV6_OPT_AUTH && olen == -4 + sizeof(struct dhcpv6_auth_reconfigure)) { struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4]; @@ -536,13 +609,34 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, md5_finish(&md5, hash); rcauth_ok = !memcmp(hash, serverhash, sizeof(hash)); + } else if (otype == DHCPV6_OPT_RECONF_MESSAGE && olen == 1) { + rcmsg = odata[0]; + } else if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)) { + ia_present = true; + if (olen < sizeof(struct dhcpv6_ia_hdr)) + options_valid = false; + } + else if ((otype == DHCPV6_OPT_IA_ADDR) || (otype == DHCPV6_OPT_IA_PREFIX) || + (otype == DHCPV6_OPT_PD_EXCLUDE)) { + // Options are not allowed on global level + options_valid = false; } } - if (rep->msg_type == DHCPV6_MSG_RECONF && !rcauth_ok) + if (!options_valid) return false; - return clientid_ok && (serverid_ok || server_id_len == 0); + if (type == DHCPV6_MSG_INFO_REQ && ia_present) + return false; + + if (rep->msg_type == DHCPV6_MSG_RECONF) { + if ((rcmsg != DHCPV6_MSG_RENEW && rcmsg != DHCPV6_MSG_INFO_REQ) || + (rcmsg == DHCPV6_MSG_INFO_REQ && ia_present) || + !rcauth_ok || IN6_IS_ADDR_MULTICAST(daddr)) + return false; + } + + return clientid_ok && serverid_ok; } @@ -559,7 +653,6 @@ int dhcpv6_poll_reconfigure(void) static int dhcpv6_handle_reconfigure(_unused enum dhcpv6_msg orig, const int rc, const void *opt, const void *end) { - // TODO: should verify the reconfigure message uint16_t otype, olen; uint8_t *odata, msg = DHCPV6_MSG_RENEW; dhcpv6_for_each_option(opt, end, otype, olen, odata) @@ -574,12 +667,13 @@ static int dhcpv6_handle_reconfigure(_unused enum dhcpv6_msg orig, const int rc, // Collect all advertised servers -static int dhcpv6_handle_advert(enum dhcpv6_msg orig, _unused const int rc, +static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc, const void *opt, const void *end) { uint16_t olen, otype; - uint8_t *odata; - struct dhcpv6_server_cand cand = {false, false, 0, 0, {0}, NULL, NULL, 0, 0}; + uint8_t *odata, pref = 0; + struct dhcpv6_server_cand cand = {false, false, 0, 0, {0}, + IN6ADDR_ANY_INIT, NULL, NULL, 0, 0}; bool have_na = false; int have_pd = 0; @@ -588,18 +682,37 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, _unused const int rc, (otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA) && olen > sizeof(struct dhcpv6_ia_hdr)) { struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]); - dhcpv6_parse_ia(&ia_hdr[1], odata + olen); + dhcpv6_parse_ia(ia_hdr, odata + olen + sizeof(*ia_hdr)); } if (otype == DHCPV6_OPT_SERVERID && olen <= 130) { memcpy(cand.duid, odata, olen); cand.duid_len = olen; - } else if (otype == DHCPV6_OPT_STATUS && olen >= 2 && !odata[0] - && odata[1] == DHCPV6_NoPrefixAvail) { - cand.preference -= 2000; + } else if (otype == DHCPV6_OPT_STATUS && olen >= 2) { + int error = ((int)odata[0] << 8 | (int)odata[1]); + + switch (error) { + case DHCPV6_NoPrefixAvail: + // Status code on global level + if (pd_mode == IA_MODE_FORCE) + return -1; + cand.preference -= 2000; + break; + + case DHCPV6_NoAddrsAvail: + // Status code on global level + if (na_mode == IA_MODE_FORCE) + return -1; + break; + + default : + break; + } } else if (otype == DHCPV6_OPT_PREF && olen >= 1 && cand.preference >= 0) { - cand.preference = odata[0]; + cand.preference = pref = odata[0]; + } else if (otype == DHCPV6_OPT_UNICAST && olen == sizeof(cand.server_addr)) { + cand.server_addr = *(struct in6_addr *)odata; } else if (otype == DHCPV6_OPT_RECONF_ACCEPT) { cand.wants_reconfigure = true; } else if (otype == DHCPV6_OPT_IA_PD && request_prefix) { @@ -640,61 +753,16 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, _unused const int rc, if (cand.duid_len > 0) { cand.ia_na = odhcp6c_move_state(STATE_IA_NA, &cand.ia_na_len); cand.ia_pd = odhcp6c_move_state(STATE_IA_PD, &cand.ia_pd_len); - odhcp6c_add_state(STATE_SERVER_CAND, &cand, sizeof(cand)); - } - - if (orig == DHCPV6_MSG_SOLICIT) { - odhcp6c_clear_state(STATE_IA_NA); - odhcp6c_clear_state(STATE_IA_PD); + dhcpv6_add_server_cand(&cand); } - return -1; + return (rc > 1 || (pref == 255 && cand.preference > 0)) ? 1 : -1; } static int dhcpv6_commit_advert(void) { - size_t cand_len; - struct dhcpv6_server_cand *c = NULL, *cand = - odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); - - bool retry = false; - for (size_t i = 0; i < cand_len / sizeof(*c); ++i) { - if (cand[i].has_noaddravail) - retry = true; // We want to try again - - if (!c || c->preference < cand[i].preference) - c = &cand[i]; - } - - if (retry && na_mode == IA_MODE_TRY) { - // We give it a second try without the IA_NA - na_mode = IA_MODE_NONE; - return dhcpv6_request(DHCPV6_MSG_SOLICIT); - } - - if (c) { - uint16_t hdr[2] = {htons(DHCPV6_OPT_SERVERID), - htons(c->duid_len)}; - odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr)); - odhcp6c_add_state(STATE_SERVER_ID, c->duid, c->duid_len); - accept_reconfig = c->wants_reconfigure; - odhcp6c_add_state(STATE_IA_NA, c->ia_na, c->ia_na_len); - odhcp6c_add_state(STATE_IA_PD, c->ia_pd, c->ia_pd_len); - } - - for (size_t i = 0; i < cand_len / sizeof(*c); ++i) { - free(cand[i].ia_na); - free(cand[i].ia_pd); - } - odhcp6c_clear_state(STATE_SERVER_CAND); - - if (!c) - return -1; - else if (request_prefix || na_mode != IA_MODE_NONE) - return DHCPV6_STATEFUL; - else - return DHCPV6_STATELESS; + return dhcpv6_promote_server_cand(); } @@ -702,10 +770,8 @@ static int dhcpv6_handle_rebind_reply(enum dhcpv6_msg orig, const int rc, const void *opt, const void *end) { dhcpv6_handle_advert(orig, rc, opt, end); - if (dhcpv6_commit_advert() < 0) { - dhcpv6_handle_reply(DHCPV6_MSG_UNKNOWN, rc, NULL, NULL); + if (dhcpv6_commit_advert() < 0) return -1; - } return dhcpv6_handle_reply(orig, rc, opt, end); } @@ -716,6 +782,9 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, { uint8_t *odata; uint16_t otype, olen; + uint32_t refresh = UINT32_MAX; + int ret = 1; + bool handled_status_codes[_DHCPV6_Status_Max] = { false, }; odhcp6c_expire(); @@ -738,11 +807,9 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, if (t3 < 0) t3 = 0; - } else { - t1 = t2 = t3 = UINT32_MAX; } - if (orig == DHCPV6_MSG_REQUEST) { + if (orig == DHCPV6_MSG_REQUEST && !odhcp6c_is_bound()) { // Delete NA and PD we have in the state from the Advert odhcp6c_clear_state(STATE_IA_NA); odhcp6c_clear_state(STATE_IA_PD); @@ -763,48 +830,50 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA) && olen > sizeof(struct dhcpv6_ia_hdr)) { struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]); - uint32_t l_t1 = ntohl(ia_hdr->t1); - uint32_t l_t2 = ntohl(ia_hdr->t2); - // Test ID and T1-T2 validity - if (ia_hdr->iaid != 1 || l_t2 < l_t1) + // Test ID + if (ia_hdr->iaid != 1) continue; - int error = 0; + uint16_t code = DHCPV6_Success; uint16_t stype, slen; uint8_t *sdata; - // Test status and bail if error + // Get and handle status code dhcpv6_for_each_option(&ia_hdr[1], odata + olen, - stype, slen, sdata) - if (stype == DHCPV6_OPT_STATUS && slen >= 2) - error = ((int)sdata[0]) << 8 | ((int)sdata[1]); + stype, slen, sdata) { + if (stype == DHCPV6_OPT_STATUS && slen >= 2) { + uint8_t *mdata = (slen > 2) ? &sdata[2] : NULL; + uint16_t mlen = (slen > 2) ? slen - 2 : 0; - if (error) { - syslog(LOG_WARNING, "Server returned IAID status %i!", error); - if (error != 2) - raise(SIGUSR2); - break; - } + code = ((int)sdata[0]) << 8 | ((int)sdata[1]); - uint32_t n = dhcpv6_parse_ia(&ia_hdr[1], odata + olen); + if (code == DHCPV6_Success) + continue; - if (!l_t1) - l_t1 = 300; + dhcpv6_handle_ia_status_code(orig, ia_hdr, + code, mdata, mlen, handled_status_codes, &ret); - if (!l_t2) - l_t2 = 600; - if (n < t3) - t3 = n; + if (ret > 0) + return ret; + break; + } + } - // Update times - if (l_t1 > 0 && t1 > l_t1) - t1 = l_t1; + if (code != DHCPV6_Success) + continue; - if (l_t2 > 0 && t2 > l_t2) - t2 = l_t2; + dhcpv6_parse_ia(ia_hdr, odata + olen + sizeof(*ia_hdr)); + } else if (otype == DHCPV6_OPT_UNICAST && olen == sizeof(server_addr)) { + server_addr = *(struct in6_addr *)odata; + } else if (otype == DHCPV6_OPT_STATUS && olen >= 2) { + uint8_t *mdata = (olen > 2) ? &odata[2] : NULL; + uint16_t mlen = (olen > 2) ? olen - 2 : 0; + uint16_t code = ((int)odata[0]) << 8 | ((int)odata[1]); - } else if (otype == DHCPV6_OPT_DNS_SERVERS) { + dhcpv6_handle_status_code(orig, code, mdata, mlen, &ret); + } + else if (otype == DHCPV6_OPT_DNS_SERVERS) { if (olen % 16 == 0) odhcp6c_add_state(STATE_DNS, odata, olen); } else if (otype == DHCPV6_OPT_DNS_DOMAIN) { @@ -829,9 +898,7 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, } else if (otype == DHCPV6_OPT_SIP_SERVER_D) { odhcp6c_add_state(STATE_SIP_FQDN, odata, olen); } else if (otype == DHCPV6_OPT_INFO_REFRESH && olen >= 4) { - uint32_t refresh = ntohl(*((uint32_t*)odata)); - if (refresh < (uint32_t)t1) - t1 = refresh; + refresh = ntohl(*((uint32_t*)odata)); } else if (otype == DHCPV6_OPT_AUTH && olen == -4 + sizeof(struct dhcpv6_auth_reconfigure)) { struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4]; @@ -850,29 +917,61 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, } } - if (t1 == UINT32_MAX) - t1 = 300; + if (orig != DHCPV6_MSG_INFO_REQ) { + // Update refresh timers if no fatal status code was received + if ((ret > 0) && dhcpv6_calc_refresh_timers()) { + switch (orig) { + case DHCPV6_MSG_RENEW: + // Send further renews if T1 is not set + if (!t1) + ret = -1; + break; + case DHCPV6_MSG_REBIND: + // Send further rebinds if T1 and T2 is not set + if (!t1 && !t2) + ret = -1; + break; - if (t2 == UINT32_MAX) - t2 = 600; + case DHCPV6_MSG_REQUEST: + // All server candidates can be cleared if not yet bound + if (!odhcp6c_is_bound()) + dhcpv6_clear_all_server_cand(); - if (t3 == UINT32_MAX) - t3 = 3600; + default : + break; + } + } + } + else if (ret > 0) { + // All server candidates can be cleared if not yet bound + if (!odhcp6c_is_bound()) + dhcpv6_clear_all_server_cand(); + + t1 = refresh; + } - return true; + return ret; } -static uint32_t dhcpv6_parse_ia(void *opt, void *end) +static int dhcpv6_parse_ia(void *opt, void *end) { - uint32_t timeout = UINT32_MAX; // Minimum timeout + struct dhcpv6_ia_hdr *ia_hdr = (struct dhcpv6_ia_hdr *)opt; + int parsed_ia = 0; + uint32_t t1, t2; uint16_t otype, olen; uint8_t *odata; + t1 = ntohl(ia_hdr->t1); + t2 = ntohl(ia_hdr->t2); + + if (t1 > t2) + return 0; + // Update address IA - dhcpv6_for_each_option(opt, end, otype, olen, odata) { + dhcpv6_for_each_option(&ia_hdr[1], end, otype, olen, odata) { struct odhcp6c_entry entry = {IN6ADDR_ANY_INIT, 0, 0, - IN6ADDR_ANY_INIT, 0, 0, 0}; + IN6ADDR_ANY_INIT, 0, 0, 0, 0, 0}; if (otype == DHCPV6_OPT_IA_PREFIX) { struct dhcpv6_ia_prefix *prefix = (void*)&odata[-4]; @@ -885,6 +984,11 @@ static uint32_t dhcpv6_parse_ia(void *opt, void *end) if (entry.preferred > entry.valid) continue; + entry.t1 = (t1 ? t1 : (entry.preferred != UINT32_MAX ? 0.5 * entry.preferred : UINT32_MAX)); + entry.t2 = (t2 ? t2 : (entry.preferred != UINT32_MAX ? 0.8 * entry.preferred : UINT32_MAX)); + if (entry.t1 > entry.t2) + entry.t1 = entry.t2; + entry.length = prefix->prefix; entry.target = prefix->addr; uint16_t stype, slen; @@ -935,8 +1039,10 @@ static uint32_t dhcpv6_parse_ia(void *opt, void *end) entry.priority = elen; } - if (ok) + if (ok) { odhcp6c_update_entry(STATE_IA_PD, &entry); + parsed_ia++; + } entry.priority = 0; memset(&entry.router, 0, sizeof(entry.router)); @@ -951,6 +1057,11 @@ static uint32_t dhcpv6_parse_ia(void *opt, void *end) if (entry.preferred > entry.valid) continue; + entry.t1 = (t1 ? t1 : (entry.preferred != UINT32_MAX ? 0.5 * entry.preferred : UINT32_MAX)); + entry.t2 = (t2 ? t2 : (entry.preferred != UINT32_MAX ? 0.8 * entry.preferred : UINT32_MAX)); + if (entry.t1 > entry.t2) + entry.t1 = entry.t2; + entry.length = 128; entry.target = addr->addr; @@ -965,10 +1076,233 @@ static uint32_t dhcpv6_parse_ia(void *opt, void *end) #endif odhcp6c_update_entry(STATE_IA_NA, &entry); + parsed_ia++; } - if (entry.valid > 0 && timeout > entry.valid) - timeout = entry.valid; } + return parsed_ia; +} + + +static int dhcpv6_calc_refresh_timers(void) +{ + struct odhcp6c_entry *e; + size_t ia_na_entries, ia_pd_entries, i; + int64_t l_t1 = UINT32_MAX, l_t2 = UINT32_MAX, l_t3 = 0; + + e = odhcp6c_get_state(STATE_IA_NA, &ia_na_entries); + ia_na_entries /= sizeof(*e); + for (i = 0; i < ia_na_entries; i++) { + if (e[i].t1 < l_t1) + l_t1 = e[i].t1; + + if (e[i].t2 < l_t2) + l_t2 = e[i].t2; + + if (e[i].valid > l_t3) + l_t3 = e[i].valid; + } + + e = odhcp6c_get_state(STATE_IA_PD, &ia_pd_entries); + ia_pd_entries /= sizeof(*e); + for (i = 0; i < ia_pd_entries; i++) { + if (e[i].t1 < l_t1) + l_t1 = e[i].t1; - return timeout; + if (e[i].t2 < l_t2) + l_t2 = e[i].t2; + + if (e[i].valid > l_t3) + l_t3 = e[i].valid; + } + + if (ia_pd_entries || ia_na_entries) { + t1 = l_t1; + t2 = l_t2; + t3 = l_t3; + } + + return (int)(ia_pd_entries + ia_na_entries); +} + + +static void dhcpv6_log_status_code(const uint16_t code, const char *scope, + const void *status_msg, const int len) +{ + uint8_t buf[len + 3]; + + memset(buf, 0, sizeof(buf)); + if (len) { + buf[0] = '('; + memcpy(&buf[1], status_msg, len); + buf[len + 1] = ')'; + } + + syslog(LOG_WARNING, "Server returned %s status %i %s", + scope, code, buf); +} + + +static void dhcpv6_handle_status_code(const enum dhcpv6_msg orig, + const uint16_t code, const void *status_msg, const int len, + int *ret) +{ + dhcpv6_log_status_code(code, "message", status_msg, len); + + switch (code) { + case DHCPV6_UnspecFail: + // Generic failure + *ret = 0; + break; + + case DHCPV6_UseMulticast: + switch(orig) { + case DHCPV6_MSG_REQUEST: + case DHCPV6_MSG_RENEW: + case DHCPV6_MSG_RELEASE: + case DHCPV6_MSG_DECLINE: + // Message needs to be retransmitted according to RFC3315 chapter 18.1.8 + server_addr = in6addr_any; + *ret = 0; + break; + default: + break; + } + break; + + case DHCPV6_NoAddrsAvail: + case DHCPV6_NoPrefixAvail: + if (orig == DHCPV6_MSG_REQUEST) + *ret = 0; // Failure + break; + + default: + break; + } +} + + +static void dhcpv6_handle_ia_status_code(const enum dhcpv6_msg orig, + const struct dhcpv6_ia_hdr *ia_hdr, const uint16_t code, + const void *status_msg, const int len, + bool handled_status_codes[_DHCPV6_Status_Max], int *ret) +{ + dhcpv6_log_status_code(code, ia_hdr->type == DHCPV6_OPT_IA_NA ? + "IA_NA" : "IA_PD", status_msg, len); + + switch (code) { + case DHCPV6_NoBinding: + switch (orig) { + case DHCPV6_MSG_RENEW: + case DHCPV6_MSG_REBIND: + if ((*ret > 0) && !handled_status_codes[code]) + *ret = dhcpv6_request(DHCPV6_MSG_REQUEST); + break; + + default: + break; + } + break; + + case DHCPV6_NoAddrsAvail: + case DHCPV6_NoPrefixAvail: + switch (orig) { + case DHCPV6_MSG_REQUEST: + if (*ret != 0) + *ret = 0; + break; + default: + break; + } + break; + + case DHCPV6_NotOnLink: + // TODO handle not onlink in case of confirm + break; + + default: + break; + } +} + +static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand) +{ + size_t cand_len, i; + struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + + // Remove identical duid server candidate + for (i = 0; i < cand_len / sizeof(*c); ++i) { + if (cand->duid_len == c[i].duid_len && + !memcmp(cand->duid, c[i].duid, cand->duid_len)) { + free(c[i].ia_na); + free(c[i].ia_pd); + odhcp6c_remove_state(STATE_SERVER_CAND, i * sizeof(*c), sizeof(*c)); + break; + } + } + + for (i = 0, c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + i < cand_len / sizeof(*c); ++i) { + if (c[i].preference < cand->preference) + break; + } + + odhcp6c_insert_state(STATE_SERVER_CAND, i * sizeof(*c), cand, sizeof(*cand)); +} + +static void dhcpv6_clear_all_server_cand(void) +{ + size_t cand_len, i; + struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + + // Server candidates need deep delete for IA_NA/IA_PD + for (i = 0; i < cand_len / sizeof(*c); ++i) { + if (c[i].ia_na) + free(c[i].ia_na); + if (c[i].ia_pd) + free(c[i].ia_pd); + } + odhcp6c_clear_state(STATE_SERVER_CAND); +} + +int dhcpv6_promote_server_cand(void) +{ + size_t cand_len; + struct dhcpv6_server_cand *cand = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + uint16_t hdr[2]; + int ret = DHCPV6_STATELESS; + + // Clear lingering candidate state info + odhcp6c_clear_state(STATE_SERVER_ID); + odhcp6c_clear_state(STATE_IA_NA); + odhcp6c_clear_state(STATE_IA_PD); + + if (!cand_len) + return -1; + + if (cand->has_noaddravail && na_mode == IA_MODE_TRY) { + na_mode = IA_MODE_NONE; + return dhcpv6_request(DHCPV6_MSG_SOLICIT); + } + + hdr[0] = htons(DHCPV6_OPT_SERVERID); + hdr[1] = htons(cand->duid_len); + odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr)); + odhcp6c_add_state(STATE_SERVER_ID, cand->duid, cand->duid_len); + accept_reconfig = cand->wants_reconfigure; + if (cand->ia_na_len) { + odhcp6c_add_state(STATE_IA_NA, cand->ia_na, cand->ia_na_len); + free(cand->ia_na); + if (na_mode != IA_MODE_NONE) + ret = DHCPV6_STATEFUL; + } + if (cand->ia_pd_len) { + odhcp6c_add_state(STATE_IA_PD, cand->ia_pd, cand->ia_pd_len); + free(cand->ia_pd); + if (request_prefix) + ret = DHCPV6_STATEFUL; + } + + odhcp6c_remove_state(STATE_SERVER_CAND, 0, sizeof(*cand)); + + return ret; }