From: sbyx Date: Mon, 30 Dec 2013 17:15:54 +0000 (-0800) Subject: Merge pull request #9 from dedeckeh/master X-Git-Tag: debian/1.1+git20160131-1~107 X-Git-Url: https://git.decadent.org.uk/gitweb/?p=odhcp6c.git;a=commitdiff_plain;h=63358b8f56aa4eb9976c09bf34e9e04f37d6a2a8;hp=be05c0ded0257cbb82857f6d01226ef6de28befe Merge pull request #9 from dedeckeh/master --- diff --git a/src/dhcpv6.c b/src/dhcpv6.c index 1deb10e..7fdf4f6 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -42,9 +43,14 @@ #define DHCPV6_DUID_LLADDR 3 #define DHCPV6_REQ_DELAY 1 +#define DHCPV6_SOL_MAX_RT_MIN 60 +#define DHCPV6_SOL_MAX_RT_MAX 86400 +#define DHCPV6_INF_MAX_RT_MIN 60 +#define DHCPV6_INF_MAX_RT_MAX 86400 static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, - const uint8_t transaction[3], enum dhcpv6_msg type); + const uint8_t transaction[3], enum dhcpv6_msg type, + const struct in6_addr *daddr); static int dhcpv6_parse_ia(void *opt, void *end); @@ -57,6 +63,8 @@ static void dhcpv6_handle_ia_status_code(const enum dhcpv6_msg orig, const void *status_msg, const int len, bool handled_status_codes[_DHCPV6_Status_Max], int *ret); +static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand); +static void dhcpv6_clear_all_server_cand(void); static reply_handler dhcpv6_handle_reply; static reply_handler dhcpv6_handle_advert; @@ -70,17 +78,17 @@ static int dhcpv6_commit_advert(void); static struct dhcpv6_retx dhcpv6_retx[_DHCPV6_MSG_MAX] = { [DHCPV6_MSG_UNKNOWN] = {false, 1, 120, 0, "", dhcpv6_handle_reconfigure, NULL}, - [DHCPV6_MSG_SOLICIT] = {true, 1, 3600, 0, "SOLICIT", + [DHCPV6_MSG_SOLICIT] = {true, 1, DHCPV6_SOL_MAX_RT, 0, "SOLICIT", dhcpv6_handle_advert, dhcpv6_commit_advert}, - [DHCPV6_MSG_REQUEST] = {true, 1, 30, 10, "REQUEST", + [DHCPV6_MSG_REQUEST] = {true, 1, DHCPV6_REQ_MAX_RT, 10, "REQUEST", dhcpv6_handle_reply, NULL}, - [DHCPV6_MSG_RENEW] = {false, 10, 600, 0, "RENEW", + [DHCPV6_MSG_RENEW] = {false, 10, DHCPV6_REN_MAX_RT, 0, "RENEW", dhcpv6_handle_reply, NULL}, - [DHCPV6_MSG_REBIND] = {false, 10, 600, 0, "REBIND", + [DHCPV6_MSG_REBIND] = {false, 10, DHCPV6_REB_MAX_RT, 0, "REBIND", dhcpv6_handle_rebind_reply, NULL}, [DHCPV6_MSG_RELEASE] = {false, 1, 0, 5, "RELEASE", NULL, NULL}, [DHCPV6_MSG_DECLINE] = {false, 1, 0, 5, "DECLINE", NULL, NULL}, - [DHCPV6_MSG_INFO_REQ] = {true, 1, 120, 0, "INFOREQ", + [DHCPV6_MSG_INFO_REQ] = {true, 1, DHCPV6_INF_MAX_RT, 0, "INFOREQ", dhcpv6_handle_reply, NULL}, }; @@ -94,23 +102,26 @@ static int64_t t1 = 0, t2 = 0, t3 = 0; static int request_prefix = -1; static enum odhcp6c_ia_mode na_mode = IA_MODE_NONE, pd_mode = IA_MODE_NONE; static bool accept_reconfig = false; +// Server unicast address +static struct in6_addr server_addr = IN6ADDR_ANY_INIT; // Reconfigure key static uint8_t reconf_key[16]; - int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) { request_prefix = request_pd; dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_timeout; sock = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP); + if (sock < 0) + return -1; // Detect interface struct ifreq ifr; strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(sock, SIOCGIFINDEX, &ifr)) + if (ioctl(sock, SIOCGIFINDEX, &ifr) < 0) return -1; ifindex = ifr.ifr_ifindex; @@ -118,10 +129,11 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) size_t client_id_len; odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len); if (client_id_len == 0) { - ioctl(sock, SIOCGIFHWADDR, &ifr); uint8_t duid[14] = {0, DHCPV6_OPT_CLIENTID, 0, 10, 0, DHCPV6_DUID_LLADDR, 0, 1}; - memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); + + if (ioctl(sock, SIOCGIFHWADDR, &ifr) >= 0) + memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); uint8_t zero[ETHER_ADDR_LEN] = {0, 0, 0, 0, 0, 0}; struct ifreq ifs[100], *ifp, *ifend; @@ -134,10 +146,12 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) // If our interface doesn't have an address... ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq)); for (ifp = ifc.ifc_req; ifp < ifend && - !memcmp(&duid[8], zero, 6); ifp++) { + !memcmp(&duid[8], zero, ETHER_ADDR_LEN); ifp++) { memcpy(ifr.ifr_name, ifp->ifr_name, sizeof(ifr.ifr_name)); - ioctl(sock, SIOCGIFHWADDR, &ifr); + if (ioctl(sock, SIOCGIFHWADDR, &ifr) < 0) + continue; + memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); } @@ -152,28 +166,30 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout) htons(DHCPV6_OPT_SIP_SERVER_A), htons(DHCPV6_OPT_DNS_SERVERS), htons(DHCPV6_OPT_DNS_DOMAIN), + htons(DHCPV6_OPT_UNICAST), htons(DHCPV6_OPT_NTP_SERVER), - htons(DHCPV6_OPT_SIP_SERVER_A), htons(DHCPV6_OPT_AFTR_NAME), htons(DHCPV6_OPT_PD_EXCLUDE), + htons(DHCPV6_OPT_SOL_MAX_RT), + htons(DHCPV6_OPT_INF_MAX_RT), #ifdef EXT_PREFIX_CLASS htons(DHCPV6_OPT_PREFIX_CLASS), #endif }; odhcp6c_add_state(STATE_ORO, oro, sizeof(oro)); - // Configure IPv6-options int val = 1; setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val)); setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)); + setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val)); val = 0; setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val)); setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)); struct sockaddr_in6 client_addr = { .sin6_family = AF_INET6, .sin6_port = htons(DHCPV6_CLIENT_PORT), .sin6_flowinfo = 0 }; - if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr))) + if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr)) < 0) return -1; return 0; @@ -358,7 +374,29 @@ static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs) 0, ALL_DHCPV6_RELAYS, ifindex}; struct msghdr msg = {&srv, sizeof(srv), iov, cnt, NULL, 0, 0}; - sendmsg(sock, &msg, 0); + switch (type) { + case DHCPV6_MSG_REQUEST: + case DHCPV6_MSG_RENEW: + case DHCPV6_MSG_RELEASE: + case DHCPV6_MSG_DECLINE: + if (!IN6_IS_ADDR_UNSPECIFIED(&server_addr) && + odhcp6c_addr_in_scope(&server_addr)) { + srv.sin6_addr = server_addr; + if (!IN6_IS_ADDR_LINKLOCAL(&server_addr)) + srv.sin6_scope_id = 0; + } + break; + default: + break; + } + + if (sendmsg(sock, &msg, 0) < 0) { + char in6_str[INET6_ADDRSTRLEN]; + + syslog(LOG_ERR, "Failed to send DHCPV6 message to %s (%s)", + inet_ntop(AF_INET6, (const void *)&srv.sin6_addr, + in6_str, sizeof(in6_str)), strerror(errno)); + } } @@ -372,7 +410,7 @@ static int64_t dhcpv6_rand_delay(int64_t time) int dhcpv6_request(enum dhcpv6_msg type) { - uint8_t buf[1536], rc = 0; + uint8_t rc = 0; uint64_t timeout = UINT32_MAX; struct dhcpv6_retx *retx = &dhcpv6_retx[type]; @@ -439,8 +477,14 @@ int dhcpv6_request(enum dhcpv6_msg type) } // Receive rounds - for (; len < 0 && round_start < round_end; + for (; len < 0 && (round_start < round_end); round_start = odhcp6c_get_milli_time()) { + uint8_t buf[1536], cmsg_buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; + struct iovec iov = {buf, sizeof(buf)}; + struct msghdr msg = {NULL, 0, &iov, 1, + cmsg_buf, sizeof(cmsg_buf), 0}; + struct in6_pktinfo *pktinfo = NULL; + // Check for pending signal if (odhcp6c_signal_process()) return -1; @@ -452,27 +496,43 @@ int dhcpv6_request(enum dhcpv6_msg type) &timeout, sizeof(timeout)); // Receive cycle - len = recv(sock, buf, sizeof(buf), 0); + len = recvmsg(sock, &msg, 0); + if (len < 0) + continue; - if (!dhcpv6_response_is_valid(buf, len, trid, type)) + for (struct cmsghdr *ch = CMSG_FIRSTHDR(&msg); ch != NULL; + ch = CMSG_NXTHDR(&msg, ch)) { + if (ch->cmsg_level == SOL_IPV6 && + ch->cmsg_type == IPV6_PKTINFO) { + pktinfo = (struct in6_pktinfo *)CMSG_DATA(ch); + break; + } + } + + if (pktinfo == NULL) { len = -1; + continue; + } - if (len > 0) { - uint8_t *opt = &buf[4]; - uint8_t *opt_end = opt + len - 4; + if (!dhcpv6_response_is_valid(buf, len, trid, + type, &pktinfo->ipi6_addr)) { + len = -1; + continue; + } - round_start = odhcp6c_get_milli_time(); - elapsed = round_start - start; - syslog(LOG_NOTICE, "Got a valid reply after " - "%llums", (unsigned long long)elapsed); + uint8_t *opt = &buf[4]; + uint8_t *opt_end = opt + len - 4; - if (retx->handler_reply) - len = retx->handler_reply( - type, rc, opt, opt_end); + round_start = odhcp6c_get_milli_time(); + elapsed = round_start - start; + syslog(LOG_NOTICE, "Got a valid reply after " + "%llums", (unsigned long long)elapsed); - if (len > 0 && round_end - round_start > 1000) - round_end = 1000 + round_start; - } + if (retx->handler_reply) + len = retx->handler_reply(type, rc, opt, opt_end); + + if (len > 0 && round_end - round_start > 1000) + round_end = 1000 + round_start; } // Allow @@ -483,9 +543,10 @@ int dhcpv6_request(enum dhcpv6_msg type) return len; } - +// Message validation checks according to RFC3315 chapter 15 static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, - const uint8_t transaction[3], enum dhcpv6_msg type) + const uint8_t transaction[3], enum dhcpv6_msg type, + const struct in6_addr *daddr) { const struct dhcpv6_header *rep = buf; if (len < (ssize_t)sizeof(*rep) || memcmp(rep->tr_id, @@ -503,9 +564,11 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, return false; } - uint8_t *end = ((uint8_t*)buf) + len, *odata; + uint8_t *end = ((uint8_t*)buf) + len, *odata, + rcmsg = DHCPV6_MSG_UNKNOWN; uint16_t otype, olen; - bool clientid_ok = false, serverid_ok = false, rcauth_ok = false; + bool clientid_ok = false, serverid_ok = false, rcauth_ok = false, + ia_present = false, options_valid = true; size_t client_id_len, server_id_len; void *client_id = odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len); @@ -516,8 +579,11 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, clientid_ok = (olen + 4U == client_id_len) && !memcmp( &odata[-4], client_id, client_id_len); } else if (otype == DHCPV6_OPT_SERVERID) { - serverid_ok = (olen + 4U == server_id_len) && !memcmp( - &odata[-4], server_id, server_id_len); + if (server_id_len) + serverid_ok = (olen + 4U == server_id_len) && !memcmp( + &odata[-4], server_id, server_id_len); + else + serverid_ok = true; } else if (otype == DHCPV6_OPT_AUTH && olen == -4 + sizeof(struct dhcpv6_auth_reconfigure)) { struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4]; @@ -549,13 +615,34 @@ static bool dhcpv6_response_is_valid(const void *buf, ssize_t len, md5_finish(&md5, hash); rcauth_ok = !memcmp(hash, serverhash, sizeof(hash)); + } else if (otype == DHCPV6_OPT_RECONF_MESSAGE && olen == 1) { + rcmsg = odata[0]; + } else if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)) { + ia_present = true; + if (olen < sizeof(struct dhcpv6_ia_hdr)) + options_valid = false; + } + else if ((otype == DHCPV6_OPT_IA_ADDR) || (otype == DHCPV6_OPT_IA_PREFIX) || + (otype == DHCPV6_OPT_PD_EXCLUDE)) { + // Options are not allowed on global level + options_valid = false; } } - if (rep->msg_type == DHCPV6_MSG_RECONF && !rcauth_ok) + if (!options_valid || ((odata + olen) > end)) return false; - return clientid_ok && (serverid_ok || server_id_len == 0); + if (type == DHCPV6_MSG_INFO_REQ && ia_present) + return false; + + if (rep->msg_type == DHCPV6_MSG_RECONF) { + if ((rcmsg != DHCPV6_MSG_RENEW && rcmsg != DHCPV6_MSG_INFO_REQ) || + (rcmsg == DHCPV6_MSG_INFO_REQ && ia_present) || + !rcauth_ok || IN6_IS_ADDR_MULTICAST(daddr)) + return false; + } + + return clientid_ok && serverid_ok; } @@ -572,7 +659,6 @@ int dhcpv6_poll_reconfigure(void) static int dhcpv6_handle_reconfigure(_unused enum dhcpv6_msg orig, const int rc, const void *opt, const void *end) { - // TODO: should verify the reconfigure message uint16_t otype, olen; uint8_t *odata, msg = DHCPV6_MSG_RENEW; dhcpv6_for_each_option(opt, end, otype, olen, odata) @@ -592,7 +678,9 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc, { uint16_t olen, otype; uint8_t *odata, pref = 0; - struct dhcpv6_server_cand cand = {false, false, 0, 0, {0}, NULL, NULL, 0, 0}; + struct dhcpv6_server_cand cand = {false, false, 0, 0, {0}, + IN6ADDR_ANY_INIT, DHCPV6_SOL_MAX_RT, + DHCPV6_INF_MAX_RT, NULL, NULL, 0, 0}; bool have_na = false; int have_pd = 0; @@ -613,25 +701,29 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc, switch (error) { case DHCPV6_NoPrefixAvail: // Status code on global level - if (pd_mode == IA_MODE_FORCE) - return -1; cand.preference -= 2000; break; - case DHCPV6_NoAddrsAvail: - // Status code on global level - if (na_mode == IA_MODE_FORCE) - return -1; - break; - default : break; } } else if (otype == DHCPV6_OPT_PREF && olen >= 1 && cand.preference >= 0) { cand.preference = pref = odata[0]; + } else if (otype == DHCPV6_OPT_UNICAST && olen == sizeof(cand.server_addr)) { + cand.server_addr = *(struct in6_addr *)odata; } else if (otype == DHCPV6_OPT_RECONF_ACCEPT) { cand.wants_reconfigure = true; + } else if (otype == DHCPV6_OPT_SOL_MAX_RT && olen == 4) { + uint32_t sol_max_rt = ntohl(*((uint32_t *)odata)); + if (sol_max_rt >= DHCPV6_SOL_MAX_RT_MIN && + sol_max_rt <= DHCPV6_SOL_MAX_RT_MAX) + cand.sol_max_rt = sol_max_rt; + } else if (otype == DHCPV6_OPT_INF_MAX_RT && olen == 4) { + uint32_t inf_max_rt = ntohl(*((uint32_t *)odata)); + if (inf_max_rt >= DHCPV6_INF_MAX_RT_MIN && + inf_max_rt <= DHCPV6_INF_MAX_RT_MAX) + cand.inf_max_rt = inf_max_rt; } else if (otype == DHCPV6_OPT_IA_PD && request_prefix) { struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4]; uint8_t *oend = odata + olen, *d; @@ -652,8 +744,16 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc, } if ((!have_na && na_mode == IA_MODE_FORCE) || - (!have_pd && pd_mode == IA_MODE_FORCE)) + (!have_pd && pd_mode == IA_MODE_FORCE)) { + /* + * RFC7083 states to process the SOL_MAX_RT and + * INF_MAX_RT options even if the DHCPv6 server + * did not propose any IA_NA and/or IA_PD + */ + dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand.sol_max_rt; + dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand.inf_max_rt; return -1; + } if (na_mode != IA_MODE_NONE && !have_na) { cand.has_noaddravail = true; @@ -670,12 +770,7 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc, if (cand.duid_len > 0) { cand.ia_na = odhcp6c_move_state(STATE_IA_NA, &cand.ia_na_len); cand.ia_pd = odhcp6c_move_state(STATE_IA_PD, &cand.ia_pd_len); - odhcp6c_add_state(STATE_SERVER_CAND, &cand, sizeof(cand)); - } - - if (orig == DHCPV6_MSG_SOLICIT) { - odhcp6c_clear_state(STATE_IA_NA); - odhcp6c_clear_state(STATE_IA_PD); + dhcpv6_add_server_cand(&cand); } return (rc > 1 || (pref == 255 && cand.preference > 0)) ? 1 : -1; @@ -684,49 +779,7 @@ static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc, static int dhcpv6_commit_advert(void) { - size_t cand_len; - struct dhcpv6_server_cand *c = NULL, *cand = - odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); - - bool retry = false; - for (size_t i = 0; i < cand_len / sizeof(*c); ++i) { - if (cand[i].has_noaddravail) - retry = true; // We want to try again - - if (!c || c->preference < cand[i].preference) - c = &cand[i]; - } - - if (retry && na_mode == IA_MODE_TRY) { - // We give it a second try without the IA_NA - na_mode = IA_MODE_NONE; - return dhcpv6_request(DHCPV6_MSG_SOLICIT); - } - - if (c) { - uint16_t hdr[2] = {htons(DHCPV6_OPT_SERVERID), - htons(c->duid_len)}; - odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr)); - odhcp6c_add_state(STATE_SERVER_ID, c->duid, c->duid_len); - accept_reconfig = c->wants_reconfigure; - if (c->ia_na_len) - odhcp6c_add_state(STATE_IA_NA, c->ia_na, c->ia_na_len); - if (c->ia_pd_len) - odhcp6c_add_state(STATE_IA_PD, c->ia_pd, c->ia_pd_len); - } - - for (size_t i = 0; i < cand_len / sizeof(*c); ++i) { - free(cand[i].ia_na); - free(cand[i].ia_pd); - } - odhcp6c_clear_state(STATE_SERVER_CAND); - - if (!c) - return -1; - else if ((request_prefix && c->ia_pd_len) || (na_mode != IA_MODE_NONE && c->ia_na_len)) - return DHCPV6_STATEFUL; - else - return DHCPV6_STATELESS; + return dhcpv6_promote_server_cand(); } @@ -734,10 +787,8 @@ static int dhcpv6_handle_rebind_reply(enum dhcpv6_msg orig, const int rc, const void *opt, const void *end) { dhcpv6_handle_advert(orig, rc, opt, end); - if (dhcpv6_commit_advert() < 0) { - dhcpv6_handle_reply(DHCPV6_MSG_UNKNOWN, rc, NULL, NULL); + if (dhcpv6_commit_advert() < 0) return -1; - } return dhcpv6_handle_reply(orig, rc, opt, end); } @@ -830,6 +881,8 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, continue; dhcpv6_parse_ia(ia_hdr, odata + olen + sizeof(*ia_hdr)); + } else if (otype == DHCPV6_OPT_UNICAST && olen == sizeof(server_addr)) { + server_addr = *(struct in6_addr *)odata; } else if (otype == DHCPV6_OPT_STATUS && olen >= 2) { uint8_t *mdata = (olen > 2) ? &odata[2] : NULL; uint16_t mlen = (olen > 2) ? olen - 2 : 0; @@ -874,7 +927,17 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, odhcp6c_get_state(STATE_AFTR_NAME, &cur_len); if (cur_len == 0) odhcp6c_add_state(STATE_AFTR_NAME, odata, olen); - } else if (otype != DHCPV6_OPT_CLIENTID && + } else if (otype == DHCPV6_OPT_SOL_MAX_RT && olen == 4) { + uint32_t sol_max_rt = ntohl(*((uint32_t *)odata)); + if (sol_max_rt >= DHCPV6_SOL_MAX_RT_MIN && + sol_max_rt <= DHCPV6_SOL_MAX_RT_MAX) + dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_max_rt; + } else if (otype == DHCPV6_OPT_INF_MAX_RT && olen == 4) { + uint32_t inf_max_rt = ntohl(*((uint32_t *)odata)); + if (inf_max_rt >= DHCPV6_INF_MAX_RT_MIN && + inf_max_rt <= DHCPV6_INF_MAX_RT_MAX) + dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = inf_max_rt; + }else if (otype != DHCPV6_OPT_CLIENTID && otype != DHCPV6_OPT_SERVERID) { odhcp6c_add_state(STATE_CUSTOM_OPTS, &odata[-4], olen + 4); @@ -896,13 +959,23 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, ret = -1; break; + case DHCPV6_MSG_REQUEST: + // All server candidates can be cleared if not yet bound + if (!odhcp6c_is_bound()) + dhcpv6_clear_all_server_cand(); + default : break; } } } - else if (ret > 0) + else if (ret > 0) { + // All server candidates can be cleared if not yet bound + if (!odhcp6c_is_bound()) + dhcpv6_clear_all_server_cand(); + t1 = refresh; + } return ret; } @@ -1109,7 +1182,18 @@ static void dhcpv6_handle_status_code(const enum dhcpv6_msg orig, break; case DHCPV6_UseMulticast: - // TODO handle multicast status code + switch(orig) { + case DHCPV6_MSG_REQUEST: + case DHCPV6_MSG_RENEW: + case DHCPV6_MSG_RELEASE: + case DHCPV6_MSG_DECLINE: + // Message needs to be retransmitted according to RFC3315 chapter 18.1.8 + server_addr = in6addr_any; + *ret = 0; + break; + default: + break; + } break; case DHCPV6_NoAddrsAvail: @@ -1166,3 +1250,93 @@ static void dhcpv6_handle_ia_status_code(const enum dhcpv6_msg orig, break; } } + +static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand) +{ + size_t cand_len, i; + struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + + // Remove identical duid server candidate + for (i = 0; i < cand_len / sizeof(*c); ++i) { + if (cand->duid_len == c[i].duid_len && + !memcmp(cand->duid, c[i].duid, cand->duid_len)) { + free(c[i].ia_na); + free(c[i].ia_pd); + odhcp6c_remove_state(STATE_SERVER_CAND, i * sizeof(*c), sizeof(*c)); + break; + } + } + + for (i = 0, c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + i < cand_len / sizeof(*c); ++i) { + if (c[i].preference < cand->preference) + break; + } + + odhcp6c_insert_state(STATE_SERVER_CAND, i * sizeof(*c), cand, sizeof(*cand)); +} + +static void dhcpv6_clear_all_server_cand(void) +{ + size_t cand_len, i; + struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + + // Server candidates need deep delete for IA_NA/IA_PD + for (i = 0; i < cand_len / sizeof(*c); ++i) { + if (c[i].ia_na) + free(c[i].ia_na); + if (c[i].ia_pd) + free(c[i].ia_pd); + } + odhcp6c_clear_state(STATE_SERVER_CAND); +} + +int dhcpv6_promote_server_cand(void) +{ + size_t cand_len; + struct dhcpv6_server_cand *cand = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); + uint16_t hdr[2]; + int ret = DHCPV6_STATELESS; + + // Clear lingering candidate state info + odhcp6c_clear_state(STATE_SERVER_ID); + odhcp6c_clear_state(STATE_IA_NA); + odhcp6c_clear_state(STATE_IA_PD); + + if (!cand_len) + return -1; + + if (cand->has_noaddravail && na_mode == IA_MODE_TRY) { + na_mode = IA_MODE_NONE; + + dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand->sol_max_rt; + dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand->inf_max_rt; + + return dhcpv6_request(DHCPV6_MSG_SOLICIT); + } + + hdr[0] = htons(DHCPV6_OPT_SERVERID); + hdr[1] = htons(cand->duid_len); + odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr)); + odhcp6c_add_state(STATE_SERVER_ID, cand->duid, cand->duid_len); + accept_reconfig = cand->wants_reconfigure; + if (cand->ia_na_len) { + odhcp6c_add_state(STATE_IA_NA, cand->ia_na, cand->ia_na_len); + free(cand->ia_na); + if (na_mode != IA_MODE_NONE) + ret = DHCPV6_STATEFUL; + } + if (cand->ia_pd_len) { + odhcp6c_add_state(STATE_IA_PD, cand->ia_pd, cand->ia_pd_len); + free(cand->ia_pd); + if (request_prefix) + ret = DHCPV6_STATEFUL; + } + + dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand->sol_max_rt; + dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand->inf_max_rt; + + odhcp6c_remove_state(STATE_SERVER_CAND, 0, sizeof(*cand)); + + return ret; +} diff --git a/src/odhcp6c.c b/src/odhcp6c.c index de03b81..de452c0 100644 --- a/src/odhcp6c.c +++ b/src/odhcp6c.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -22,12 +23,14 @@ #include #include #include +#include #include #include #include #include #include +#include #include "odhcp6c.h" #include "ra.h" @@ -36,6 +39,11 @@ #include "bfd.h" #endif +#ifndef IN6_IS_ADDR_UNIQUELOCAL +#define IN6_IS_ADDR_UNIQUELOCAL(a) \ + ((((__const uint32_t *) (a))[0] & htonl (0xfe000000)) \ + == htonl (0xfc000000)) +#endif static void sighandler(int signal); static int usage(void); @@ -47,7 +55,7 @@ static volatile int do_signal = 0; static int urandom_fd = -1, allow_slaac_only = 0; static bool bound = false, release = true; static time_t last_update = 0; - +static char *ifname = NULL; int main(_unused int argc, char* const argv[]) { @@ -61,7 +69,7 @@ int main(_unused int argc, char* const argv[]) enum odhcp6c_ia_mode ia_na_mode = IA_MODE_TRY; enum odhcp6c_ia_mode ia_pd_mode = IA_MODE_TRY; static struct in6_addr ifid = IN6ADDR_ANY_INIT; - int sol_timeout = 120; + int sol_timeout = DHCPV6_SOL_MAX_RT; #ifdef EXT_BFD_PING int bfd_interval = 0, bfd_loss = 3; @@ -171,7 +179,7 @@ int main(_unused int argc, char* const argv[]) } openlog("odhcp6c", logopt, LOG_DAEMON); - const char *ifname = argv[optind]; + ifname = argv[optind]; if (help || !ifname) return usage(); @@ -228,26 +236,53 @@ int main(_unused int argc, char* const argv[]) dhcpv6_set_ia_mode(ia_na_mode, ia_pd_mode); bound = false; - // Server candidates need deep-delete - size_t cand_len; - struct dhcpv6_server_cand *cand = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len); - for (size_t i = 0; i < cand_len / sizeof(*cand); ++i) { - free(cand[i].ia_na); - free(cand[i].ia_pd); - } - odhcp6c_clear_state(STATE_SERVER_CAND); - syslog(LOG_NOTICE, "(re)starting transaction on %s", ifname); do_signal = 0; - int res = dhcpv6_request(DHCPV6_MSG_SOLICIT); + int mode = dhcpv6_request(DHCPV6_MSG_SOLICIT); odhcp6c_signal_process(); - if (res <= 0) { - continue; // Might happen if we got a signal - } else if (res == DHCPV6_STATELESS) { // Stateless mode + if (mode < 0) + continue; + + do { + int res = dhcpv6_request(mode == DHCPV6_STATELESS ? + DHCPV6_MSG_INFO_REQ : DHCPV6_MSG_REQUEST); + + odhcp6c_signal_process(); + if (res > 0) + break; + else if (do_signal > 0) { + mode = -1; + break; + } + + mode = dhcpv6_promote_server_cand(); + } while (mode > DHCPV6_UNKNOWN); + + if (mode < 0) + continue; + + switch (mode) { + case DHCPV6_STATELESS: + bound = true; + syslog(LOG_NOTICE, "entering stateless-mode on %s", ifname); + while (do_signal == 0 || do_signal == SIGUSR1) { do_signal = 0; + script_call("informed"); + + int res = dhcpv6_poll_reconfigure(); + odhcp6c_signal_process(); + + if (res > 0) + continue; + + if (do_signal == SIGUSR1) { + do_signal = 0; // Acknowledged + continue; + } else if (do_signal > 0) + break; res = dhcpv6_request(DHCPV6_MSG_INFO_REQ); odhcp6c_signal_process(); @@ -255,84 +290,63 @@ int main(_unused int argc, char* const argv[]) continue; else if (res < 0) break; - else if (res > 0) - script_call("informed"); - - bound = true; - syslog(LOG_NOTICE, "entering stateless-mode on %s", ifname); - - if (dhcpv6_poll_reconfigure() > 0) - script_call("informed"); } + break; - continue; - } - - // Stateful mode - if (dhcpv6_request(DHCPV6_MSG_REQUEST) <= 0) - continue; - - odhcp6c_signal_process(); - script_call("bound"); - bound = true; - syslog(LOG_NOTICE, "entering stateful-mode on %s", ifname); + case DHCPV6_STATEFUL: + script_call("bound"); + bound = true; + syslog(LOG_NOTICE, "entering stateful-mode on %s", ifname); #ifdef EXT_BFD_PING - if (bfd_interval > 0) - bfd_start(ifname, bfd_loss, bfd_interval); + if (bfd_interval > 0) + bfd_start(ifname, bfd_loss, bfd_interval); #endif - while (do_signal == 0 || do_signal == SIGUSR1) { - // Renew Cycle - // Wait for T1 to expire or until we get a reconfigure - int res = dhcpv6_poll_reconfigure(); - odhcp6c_signal_process(); - if (res > 0) { - script_call("updated"); - continue; - } - - // Handle signal, if necessary - if (do_signal == SIGUSR1) - do_signal = 0; // Acknowledged - else if (do_signal > 0) - break; // Other signal type - - size_t ia_pd_len, ia_na_len, ia_pd_new, ia_na_new; - odhcp6c_get_state(STATE_IA_PD, &ia_pd_len); - odhcp6c_get_state(STATE_IA_NA, &ia_na_len); - - // If we have any IAs, send renew, otherwise request - int r; - if (ia_pd_len == 0 && ia_na_len == 0) - r = dhcpv6_request(DHCPV6_MSG_REQUEST); - else - r = dhcpv6_request(DHCPV6_MSG_RENEW); - odhcp6c_signal_process(); - if (r > 0) { // Renew was succesfull - // Publish updates - script_call("updated"); - continue; // Renew was successful - } - - odhcp6c_clear_state(STATE_SERVER_ID); // Remove binding + while (do_signal == 0 || do_signal == SIGUSR1) { + // Renew Cycle + // Wait for T1 to expire or until we get a reconfigure + int res = dhcpv6_poll_reconfigure(); + odhcp6c_signal_process(); + if (res > 0) { + script_call("updated"); + continue; + } - // If we have IAs, try rebind otherwise restart - res = dhcpv6_request(DHCPV6_MSG_REBIND); - odhcp6c_signal_process(); + // Handle signal, if necessary + if (do_signal == SIGUSR1) + do_signal = 0; // Acknowledged + else if (do_signal > 0) + break; // Other signal type - odhcp6c_get_state(STATE_IA_PD, &ia_pd_new); - odhcp6c_get_state(STATE_IA_NA, &ia_na_new); - if (res <= 0 || (ia_pd_new == 0 && ia_pd_len) || - (ia_na_new == 0 && ia_na_len)) - break; // We lost all our IAs, restart - else if (res > 0) - script_call("rebound"); - } + // Send renew as T1 expired + res = dhcpv6_request(DHCPV6_MSG_RENEW); + odhcp6c_signal_process(); + if (res > 0) { // Renew was succesfull + // Publish updates + script_call("updated"); + continue; // Renew was successful + } + + odhcp6c_clear_state(STATE_SERVER_ID); // Remove binding + + // If we have IAs, try rebind otherwise restart + res = dhcpv6_request(DHCPV6_MSG_REBIND); + odhcp6c_signal_process(); + if (res > 0) + script_call("rebound"); + else { #ifdef EXT_BFD_PING - bfd_stop(); + bfd_stop(); #endif + break; + } + } + break; + default: + break; + } size_t ia_pd_len, ia_na_len, server_id_len; odhcp6c_get_state(STATE_IA_PD, &ia_pd_len); @@ -446,6 +460,20 @@ void odhcp6c_add_state(enum odhcp6c_state state, const void *data, size_t len) memcpy(n, data, len); } +void odhcp6c_insert_state(enum odhcp6c_state state, size_t offset, const void *data, size_t len) +{ + ssize_t len_after = state_len[state] - offset; + if (len_after < 0) + return; + + uint8_t *n = odhcp6c_resize_state(state, len); + if (n) { + uint8_t *sdata = state_data[state]; + + memmove(sdata + offset + len, sdata + offset, len_after); + memcpy(sdata + offset, data, len); + } +} size_t odhcp6c_remove_state(enum odhcp6c_state state, size_t offset, size_t len) { @@ -585,11 +613,64 @@ void odhcp6c_random(void *buf, size_t len) read(urandom_fd, buf, len); } + bool odhcp6c_is_bound(void) { return bound; } + +bool odhcp6c_addr_in_scope(const struct in6_addr *addr) +{ + FILE *fd = fopen("/proc/net/if_inet6", "r"); + int len; + char buf[256]; + + if (fd == NULL) + return false; + + while (fgets(buf, sizeof(buf), fd)) { + struct in6_addr inet6_addr; + uint32_t flags, dummy; + unsigned int i; + char name[8], addr_buf[32]; + + len = strlen(buf); + + if ((len <= 0) || buf[len - 1] != '\n') + return false; + + buf[--len] = '\0'; + + if (sscanf(buf, "%s %x %x %x %x %s", + addr_buf, &dummy, &dummy, &dummy, &flags, name) != 6) + return false; + + if (strcmp(name, ifname) || + (flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE | IFA_F_DEPRECATED))) + continue; + + for (i = 0; i < sizeof(addr_buf); i++) { + if (!isxdigit(addr_buf[i]) || isupper(addr_buf[i])) + return false; + } + + memset(&inet6_addr, 0, sizeof(inet6_addr)); + for (i = 0; i < (sizeof(addr_buf) / 2); i++) { + unsigned char byte; + static const char hex[] = "0123456789abcdef"; + byte = ((index(hex, addr_buf[i * 2]) - hex) << 4) | + (index(hex, addr_buf[i * 2 + 1]) - hex); + inet6_addr.s6_addr[i] = byte; + } + + if ((IN6_IS_ADDR_LINKLOCAL(&inet6_addr) == IN6_IS_ADDR_LINKLOCAL(addr)) && + (IN6_IS_ADDR_UNIQUELOCAL(&inet6_addr) == IN6_IS_ADDR_UNIQUELOCAL(addr))) + return true; + } + return false; +} + static void sighandler(int signal) { if (signal == SIGCHLD) diff --git a/src/odhcp6c.h b/src/odhcp6c.h index 183ed44..a33a92e 100644 --- a/src/odhcp6c.h +++ b/src/odhcp6c.h @@ -21,13 +21,16 @@ #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) -#ifndef SOL_NETLINK -#define SOL_NETLINK 270 -#endif - #define ND_OPT_RECURSIVE_DNS 25 #define ND_OPT_DNSSL 31 +#define DHCPV6_SOL_MAX_RT 3600 +#define DHCPV6_REQ_MAX_RT 30 +#define DHCPV6_CNF_MAX_RT 4 +#define DHCPV6_REN_MAX_RT 600 +#define DHCPV6_REB_MAX_RT 600 +#define DHCPV6_INF_MAX_RT 3600 + enum dhcvp6_opt { DHCPV6_OPT_CLIENTID = 1, DHCPV6_OPT_SERVERID = 2, @@ -38,6 +41,7 @@ enum dhcvp6_opt { DHCPV6_OPT_ELAPSED = 8, DHCPV6_OPT_RELAY_MSG = 9, DHCPV6_OPT_AUTH = 11, + DHCPV6_OPT_UNICAST = 12, DHCPV6_OPT_STATUS = 13, DHCPV6_OPT_RAPID_COMMIT = 14, DHCPV6_OPT_RECONF_MESSAGE = 19, @@ -53,6 +57,8 @@ enum dhcvp6_opt { DHCPV6_OPT_SIP_SERVER_A = 22, DHCPV6_OPT_AFTR_NAME = 64, DHCPV6_OPT_PD_EXCLUDE = 67, + DHCPV6_OPT_SOL_MAX_RT = 82, + DHCPV6_OPT_INF_MAX_RT = 83, #ifdef EXT_PREFIX_CLASS /* draft-bhandari-dhc-class-based-prefix, not yet standardized */ DHCPV6_OPT_PREFIX_CLASS = EXT_PREFIX_CLASS, @@ -168,6 +174,9 @@ struct dhcpv6_server_cand { int16_t preference; uint8_t duid_len; uint8_t duid[130]; + struct in6_addr server_addr; + uint32_t sol_max_rt; + uint32_t inf_max_rt; void *ia_na; void *ia_pd; size_t ia_na_len; @@ -205,12 +214,11 @@ struct icmp6_opt { enum dhcpv6_mode { - DHCPV6_UNKNOWN, + DHCPV6_UNKNOWN = -1, DHCPV6_STATELESS, DHCPV6_STATEFUL }; - enum odhcp6c_ia_mode { IA_MODE_NONE, IA_MODE_TRY, @@ -235,6 +243,7 @@ int init_dhcpv6(const char *ifname, int request_pd, int sol_timeout); void dhcpv6_set_ia_mode(enum odhcp6c_ia_mode na, enum odhcp6c_ia_mode pd); int dhcpv6_request(enum dhcpv6_msg type); int dhcpv6_poll_reconfigure(void); +int dhcpv6_promote_server_cand(void); int init_rtnetlink(void); int set_rtnetlink_addr(int ifindex, const struct in6_addr *addr, @@ -249,10 +258,12 @@ bool odhcp6c_signal_process(void); uint64_t odhcp6c_get_milli_time(void); void odhcp6c_random(void *buf, size_t len); bool odhcp6c_is_bound(void); +bool odhcp6c_addr_in_scope(const struct in6_addr *addr); // State manipulation void odhcp6c_clear_state(enum odhcp6c_state state); void odhcp6c_add_state(enum odhcp6c_state state, const void *data, size_t len); +void odhcp6c_insert_state(enum odhcp6c_state state, size_t offset, const void *data, size_t len); size_t odhcp6c_remove_state(enum odhcp6c_state state, size_t offset, size_t len); void* odhcp6c_move_state(enum odhcp6c_state state, size_t *len); void* odhcp6c_get_state(enum odhcp6c_state state, size_t *len); diff --git a/src/ra.c b/src/ra.c index c8ccb88..58c8741 100644 --- a/src/ra.c +++ b/src/ra.c @@ -59,13 +59,23 @@ int ra_init(const char *ifname, const struct in6_addr *ifid) { const pid_t ourpid = getpid(); sock = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_ICMPV6); + if (sock < 0) + return -1; + if_index = if_nametoindex(ifname); + if (!if_index) + return -1; + strncpy(if_name, ifname, sizeof(if_name) - 1); lladdr = *ifid; rtnl = socket(AF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_ROUTE); + if (rtnl < 0) + return -1; + struct sockaddr_nl rtnl_kernel = { .nl_family = AF_NETLINK }; - connect(rtnl, (const struct sockaddr*)&rtnl_kernel, sizeof(rtnl_kernel)); + if (connect(rtnl, (const struct sockaddr*)&rtnl_kernel, sizeof(rtnl_kernel)) < 0) + return -1; int val = RTNLGRP_LINK; setsockopt(rtnl, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &val, sizeof(val)); @@ -185,6 +195,32 @@ bool ra_link_up(void) return ret; } +static bool ra_icmpv6_valid(struct sockaddr_in6 *source, int hlim, uint8_t *data, size_t len) +{ + struct icmp6_hdr *hdr = (struct icmp6_hdr*)data; + struct icmpv6_opt *opt, *end = (struct icmpv6_opt*)&data[len]; + + if (hlim != 255 || len < sizeof(*hdr) || hdr->icmp6_code) + return false; + + switch (hdr->icmp6_type) { + case ND_ROUTER_ADVERT: + if (!IN6_IS_ADDR_LINKLOCAL(&source->sin6_addr)) + return false; + + opt = (struct icmpv6_opt*)((struct nd_router_advert*)data + 1); + break; + + default: + return false; + } + + icmpv6_for_each_option(opt, opt, end) + ; + + return opt == end; +} + bool ra_process(void) { bool found = false; @@ -216,10 +252,8 @@ bool ra_process(void) cmsg_buf, sizeof(cmsg_buf), 0}; ssize_t len = recvmsg(sock, &msg, MSG_DONTWAIT); - if (len < 0) + if (len <= 0) break; - else if (len < (ssize_t)sizeof(*adv)) - continue; int hlim = 0; for (struct cmsghdr *ch = CMSG_FIRSTHDR(&msg); ch != NULL; @@ -228,7 +262,7 @@ bool ra_process(void) ch->cmsg_type == IPV6_HOPLIMIT) memcpy(&hlim, CMSG_DATA(ch), sizeof(hlim)); - if (hlim != 255) + if (!ra_icmpv6_valid(&from, hlim, buf, len)) continue; // Stop sending solicits @@ -254,6 +288,10 @@ bool ra_process(void) entry.preferred = entry.valid; changed |= odhcp6c_update_entry(STATE_RA_ROUTE, &entry); + // Parse hoplimit + if (adv->nd_ra_curhoplimit) + update_proc("conf", "hop_limit", adv->nd_ra_curhoplimit); + // Parse ND parameters if (ntohl(adv->nd_ra_reachable) <= 3600000) update_proc("neigh", "base_reachable_time_ms", ntohl(adv->nd_ra_reachable));