#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <libgen.h>
#include <stdbool.h>
#include <arpa/inet.h>
#include <sys/timerfd.h>
(addrs)[(i)].prefix > 64)
static void dhcpv6_netevent_cb(unsigned long event, struct netevent_handler_info *info);
+static void apply_lease(struct dhcp_assignment *a, bool add);
static void set_border_assignment_size(struct interface *iface, struct dhcp_assignment *b);
static void handle_addrlist_change(struct netevent_handler_info *info);
static void start_reconf(struct dhcp_assignment *a);
static inline bool valid_addr(const struct odhcpd_ipaddr *addr, time_t now)
{
- return (addr->prefix <= 96 && addr->preferred > (uint32_t)now);
+ return (addr->prefix <= 96 && addr->preferred_lt > (uint32_t)now);
}
static size_t get_preferred_addr(const struct odhcpd_ipaddr *addrs, const size_t addrlen)
size_t i, m;
for (i = 0, m = 0; i < addrlen; ++i) {
- if (addrs[i].preferred > addrs[m].preferred ||
- (addrs[i].preferred == addrs[m].preferred &&
+ if (addrs[i].preferred_lt > addrs[m].preferred_lt ||
+ (addrs[i].preferred_lt == addrs[m].preferred_lt &&
memcmp(&addrs[i].addr, &addrs[m].addr, 16) > 0))
m = i;
}
close(a->managed_sock.fd.fd);
}
+ if ((a->flags & OAF_BOUND) && (a->flags & OAF_DHCPV6_PD))
+ apply_lease(a, false);
+
if (a->reconf_cnt)
stop_reconf(a);
for (size_t i = 0; i < addrlen; ++i) {
struct in6_addr addr;
- uint32_t pref, valid;
+ uint32_t preferred_lt, valid_lt;
int prefix = c->managed ? addrs[i].prefix : c->length;
if (!valid_addr(&addrs[i], now))
continue;
+ /* Filter Out Prefixes */
+ if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface)) {
+ char addrbuf[INET6_ADDRSTRLEN];
+ syslog(LOG_INFO, "Address %s filtered out on %s",
+ inet_ntop(AF_INET6, &addrs[i].addr.in6, addrbuf, sizeof(addrbuf)),
+ iface->name);
+ continue;
+ }
+
addr = addrs[i].addr.in6;
- pref = addrs[i].preferred;
- valid = addrs[i].valid;
- if (prefix == 128) {
+ preferred_lt = addrs[i].preferred_lt;
+ valid_lt = addrs[i].valid_lt;
+
+ if (c->flags & OAF_DHCPV6_NA) {
if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs))
continue;
- addr.s6_addr32[3] = htonl(c->assigned);
+ addr.s6_addr32[2] = htonl(c->assigned_host_id >> 32);
+ addr.s6_addr32[3] = htonl(c->assigned_host_id & UINT32_MAX);
} else {
if (!valid_prefix_length(c, addrs[i].prefix))
continue;
- addr.s6_addr32[1] |= htonl(c->assigned);
+ addr.s6_addr32[1] |= htonl(c->assigned_subnet_id);
addr.s6_addr32[2] = addr.s6_addr32[3] = 0;
}
- if (pref != UINT32_MAX)
- pref -= now;
+ if (preferred_lt > (uint32_t)c->preferred_until)
+ preferred_lt = c->preferred_until;
- if (valid != UINT32_MAX)
- valid -= now;
+ if (preferred_lt > (uint32_t)c->valid_until)
+ preferred_lt = c->valid_until;
- func(&addr, prefix, pref, valid, arg);
+ if (preferred_lt != UINT32_MAX)
+ preferred_lt -= now;
+
+ if (valid_lt > (uint32_t)c->valid_until)
+ valid_lt = c->valid_until;
+
+ if (valid_lt != UINT32_MAX)
+ valid_lt -= now;
+
+ func(&addr, prefix, preferred_lt, valid_lt, arg);
}
}
int buf_idx;
};
-static void dhcpv6_write_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref,
- _unused uint32_t valid, void *arg)
+static void dhcpv6_write_ia_addrhosts(struct in6_addr *addr, int prefix, _unused uint32_t pref_lt,
+ _unused uint32_t valid_lt, void *arg)
+{
+ struct write_ctxt *ctxt = (struct write_ctxt *)arg;
+ char ipbuf[INET6_ADDRSTRLEN];
+
+ if ((ctxt->c->flags & OAF_DHCPV6_NA) && ctxt->c->hostname &&
+ !(ctxt->c->flags & OAF_BROKEN_HOSTNAME)) {
+ inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf) - 1);
+ fputs(ipbuf, ctxt->fp);
+
+ char b[256];
+ if (dn_expand(ctxt->iface->search, ctxt->iface->search + ctxt->iface->search_len,
+ ctxt->iface->search, b, sizeof(b)) > 0)
+ fprintf(ctxt->fp, "\t%s.%s", ctxt->c->hostname, b);
+
+ fprintf(ctxt->fp, "\t%s\n", ctxt->c->hostname);
+ }
+}
+
+static void dhcpv6_write_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref_lt,
+ _unused uint32_t valid_lt, void *arg)
{
struct write_ctxt *ctxt = (struct write_ctxt *)arg;
char ipbuf[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf) - 1);
- if (ctxt->c->length == 128 && ctxt->c->hostname &&
+ if ((ctxt->c->flags & OAF_DHCPV6_NA) && ctxt->c->hostname &&
!(ctxt->c->flags & OAF_BROKEN_HOSTNAME)) {
fputs(ipbuf, ctxt->fp);
"%s/%d ", ipbuf, prefix);
}
+static void dhcpv6_ia_write_hostsfile(time_t now)
+{
+ struct write_ctxt ctxt;
+
+ unsigned hostsfile_strlen = strlen(config.dhcp_hostsfile) + 1;
+ unsigned tmp_hostsfile_strlen = hostsfile_strlen + 1; /* space for . */
+ char *tmp_hostsfile = alloca(tmp_hostsfile_strlen);
+
+ char *dir_hostsfile;
+ char *base_hostsfile;
+ char *pdir_hostsfile;
+ char *pbase_hostsfile;
+
+ int fd, ret;
+
+ dir_hostsfile = strndup(config.dhcp_hostsfile, hostsfile_strlen);
+ base_hostsfile = strndup(config.dhcp_hostsfile, hostsfile_strlen);
+
+ pdir_hostsfile = dirname(dir_hostsfile);
+ pbase_hostsfile = basename(base_hostsfile);
+
+ snprintf(tmp_hostsfile, tmp_hostsfile_strlen, "%s/.%s", pdir_hostsfile, pbase_hostsfile);
+
+ free(dir_hostsfile);
+ free(base_hostsfile);
+
+ fd = open(tmp_hostsfile, O_CREAT | O_WRONLY | O_CLOEXEC, 0644);
+ if (fd < 0)
+ return;
+
+ ret = lockf(fd, F_LOCK, 0);
+ if (ret < 0) {
+ close(fd);
+ return;
+ }
+
+ if (ftruncate(fd, 0) < 0) {}
+
+ ctxt.fp = fdopen(fd, "w");
+ if (!ctxt.fp) {
+ close(fd);
+ return;
+ }
+
+ avl_for_each_element(&interfaces, ctxt.iface, avl) {
+ if (ctxt.iface->dhcpv6 != MODE_SERVER &&
+ ctxt.iface->dhcpv4 != MODE_SERVER)
+ continue;
+
+ if (ctxt.iface->dhcpv6 == MODE_SERVER) {
+ list_for_each_entry(ctxt.c, &ctxt.iface->ia_assignments, head) {
+ if (!(ctxt.c->flags & OAF_BOUND) || ctxt.c->managed_size < 0)
+ continue;
+
+ if (INFINITE_VALID(ctxt.c->valid_until) || ctxt.c->valid_until > now)
+ dhcpv6_ia_enum_addrs(ctxt.iface, ctxt.c, now,
+ dhcpv6_write_ia_addrhosts, &ctxt);
+ }
+ }
+
+ if (ctxt.iface->dhcpv4 == MODE_SERVER) {
+ struct dhcp_assignment *c;
+
+ list_for_each_entry(c, &ctxt.iface->dhcpv4_assignments, head) {
+ if (!(c->flags & OAF_BOUND))
+ continue;
+
+ char ipbuf[INET6_ADDRSTRLEN];
+ struct in_addr addr = {.s_addr = c->addr};
+ inet_ntop(AF_INET, &addr, ipbuf, sizeof(ipbuf) - 1);
+
+ if (c->hostname && !(c->flags & OAF_BROKEN_HOSTNAME)) {
+ fputs(ipbuf, ctxt.fp);
+
+ char b[256];
+
+ if (dn_expand(ctxt.iface->search,
+ ctxt.iface->search + ctxt.iface->search_len,
+ ctxt.iface->search, b, sizeof(b)) > 0)
+ fprintf(ctxt.fp, "\t%s.%s", c->hostname, b);
+
+ fprintf(ctxt.fp, "\t%s\n", c->hostname);
+ }
+ }
+ }
+ }
+
+ fclose(ctxt.fp);
+
+ rename(tmp_hostsfile, config.dhcp_hostsfile);
+}
+
void dhcpv6_ia_write_statefile(void)
{
struct write_ctxt ctxt;
md5_begin(&ctxt.md5);
if (config.dhcp_statefile) {
+ unsigned statefile_strlen = strlen(config.dhcp_statefile) + 1;
+ unsigned tmp_statefile_strlen = statefile_strlen + 1; /* space for . */
+ char *tmp_statefile = alloca(tmp_statefile_strlen);
+
+ char *dir_statefile;
+ char *base_statefile;
+ char *pdir_statefile;
+ char *pbase_statefile;
+
time_t now = odhcpd_time(), wall_time = time(NULL);
- int fd = open(config.dhcp_statefile, O_CREAT | O_WRONLY | O_CLOEXEC, 0644);
+ int fd, ret;
char leasebuf[512];
+ dir_statefile = strndup(config.dhcp_statefile, statefile_strlen);
+ base_statefile = strndup(config.dhcp_statefile, statefile_strlen);
+
+ pdir_statefile = dirname(dir_statefile);
+ pbase_statefile = basename(base_statefile);
+
+ snprintf(tmp_statefile, tmp_statefile_strlen, "%s/.%s", pdir_statefile, pbase_statefile);
+
+ free(dir_statefile);
+ free(base_statefile);
+
+ fd = open(tmp_statefile, O_CREAT | O_WRONLY | O_CLOEXEC, 0644);
if (fd < 0)
return;
- int ret;
+
ret = lockf(fd, F_LOCK, 0);
if (ret < 0) {
close(fd);
return;
}
+
if (ftruncate(fd, 0) < 0) {}
ctxt.fp = fdopen(fd, "w");
odhcpd_hexlify(duidbuf, ctxt.c->clid_data, ctxt.c->clid_len);
- /* iface DUID iaid hostname lifetime assigned length [addrs...] */
- ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s %x %s%s %ld %x %u ",
+ /* iface DUID iaid hostname lifetime assigned_host_id length [addrs...] */
+ ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s %x %s%s %"PRId64" ",
ctxt.iface->ifname, duidbuf, ntohl(ctxt.c->iaid),
(ctxt.c->flags & OAF_BROKEN_HOSTNAME) ? "broken\\x20" : "",
(ctxt.c->hostname ? ctxt.c->hostname : "-"),
(ctxt.c->valid_until > now ?
- (ctxt.c->valid_until - now + wall_time) :
- (INFINITE_VALID(ctxt.c->valid_until) ? -1 : 0)),
- ctxt.c->assigned, (unsigned)ctxt.c->length);
+ (int64_t)(ctxt.c->valid_until - now + wall_time) :
+ (INFINITE_VALID(ctxt.c->valid_until) ? -1 : 0)));
+
+ if (ctxt.c->flags & OAF_DHCPV6_NA)
+ ctxt.buf_idx += snprintf(ctxt.buf + ctxt.buf_idx, ctxt.buf_len - ctxt.buf_idx,
+ "%" PRIx64" %u ", ctxt.c->assigned_host_id, (unsigned)ctxt.c->length);
+ else
+ ctxt.buf_idx += snprintf(ctxt.buf + ctxt.buf_idx, ctxt.buf_len - ctxt.buf_idx,
+ "%" PRIx32" %u ", ctxt.c->assigned_subnet_id, (unsigned)ctxt.c->length);
if (INFINITE_VALID(ctxt.c->valid_until) || ctxt.c->valid_until > now)
dhcpv6_ia_enum_addrs(ctxt.iface, ctxt.c, now,
odhcpd_hexlify(duidbuf, c->hwaddr, sizeof(c->hwaddr));
/* iface DUID iaid hostname lifetime assigned length [addrs...] */
- ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s ipv4 %s%s %ld %x 32 ",
+ ctxt.buf_idx = snprintf(ctxt.buf, ctxt.buf_len, "# %s %s ipv4 %s%s %"PRId64" %x 32 ",
ctxt.iface->ifname, duidbuf,
(c->flags & OAF_BROKEN_HOSTNAME) ? "broken\\x20" : "",
(c->hostname ? c->hostname : "-"),
(c->valid_until > now ?
- (c->valid_until - now + wall_time) :
+ (int64_t)(c->valid_until - now + wall_time) :
(INFINITE_VALID(c->valid_until) ? -1 : 0)),
ntohl(c->addr));
}
fclose(ctxt.fp);
- }
- uint8_t newmd5[16];
- md5_end(newmd5, &ctxt.md5);
+ uint8_t newmd5[16];
+ md5_end(newmd5, &ctxt.md5);
+
+ rename(tmp_statefile, config.dhcp_statefile);
+
+ if (memcmp(newmd5, statemd5, sizeof(newmd5))) {
+ memcpy(statemd5, newmd5, sizeof(statemd5));
+
+ if (config.dhcp_hostsfile)
+ dhcpv6_ia_write_hostsfile(now);
- if (config.dhcp_cb && memcmp(newmd5, statemd5, sizeof(newmd5))) {
- memcpy(statemd5, newmd5, sizeof(statemd5));
- char *argv[2] = {config.dhcp_cb, NULL};
- if (!vfork()) {
- execv(argv[0], argv);
- _exit(128);
+ if (config.dhcp_cb) {
+ char *argv[2] = {config.dhcp_cb, NULL};
+ if (!vfork()) {
+ execv(argv[0], argv);
+ _exit(128);
+ }
+ }
}
}
}
static void __apply_lease(struct dhcp_assignment *a,
struct odhcpd_ipaddr *addrs, ssize_t addr_len, bool add)
{
- if (a->length > 64)
+ if (a->flags & OAF_DHCPV6_NA)
return;
for (ssize_t i = 0; i < addr_len; ++i) {
- struct in6_addr prefix = addrs[i].addr.in6;
- prefix.s6_addr32[1] |= htonl(a->assigned);
+ struct in6_addr prefix;
+
+ if (ADDR_MATCH_PIO_FILTER(&addrs[i], a->iface))
+ continue;
+
+ prefix = addrs[i].addr.in6;
+ prefix.s6_addr32[1] |= htonl(a->assigned_subnet_id);
prefix.s6_addr32[2] = prefix.s6_addr32[3] = 0;
netlink_setup_route(&prefix, (a->managed_size) ? addrs[i].prefix : a->length,
a->iface->ifindex, &a->peer.sin6_addr, 1024, add);
int minprefix = -1;
for (size_t i = 0; i < iface->addr6_len; ++i) {
- if (iface->addr6[i].preferred > (uint32_t)now &&
- iface->addr6[i].prefix < 64 &&
- iface->addr6[i].prefix > minprefix)
- minprefix = iface->addr6[i].prefix;
+ struct odhcpd_ipaddr *addr = &iface->addr6[i];
+
+ if (ADDR_MATCH_PIO_FILTER(addr, iface))
+ continue;
+
+ if (addr->preferred_lt > (uint32_t)now &&
+ addr->prefix < 64 &&
+ addr->prefix > minprefix)
+ minprefix = addr->prefix;
}
if (minprefix > 32 && minprefix <= 64)
- b->assigned = 1U << (64 - minprefix);
+ b->assigned_subnet_id = 1U << (64 - minprefix);
else
- b->assigned = 0;
+ b->assigned_subnet_id = 0;
}
/* More data was received from TCP connection */
continue;
x = strtok_r(NULL, ",", &saveptr2);
- if (sscanf(x, "%u", &n->preferred) < 1)
+ if (sscanf(x, "%u", &n->preferred_lt) < 1)
continue;
x = strtok_r(NULL, ",", &saveptr2);
- if (sscanf(x, "%u", &n->valid) < 1)
+ if (sscanf(x, "%u", &n->valid_lt) < 1)
continue;
- if (n->preferred > n->valid)
+ if (n->preferred_lt > n->valid_lt)
continue;
- if (UINT32_MAX - now < n->preferred)
- n->preferred = UINT32_MAX;
+ if (UINT32_MAX - now < n->preferred_lt)
+ n->preferred_lt = UINT32_MAX;
else
- n->preferred += now;
+ n->preferred_lt += now;
- if (UINT32_MAX - now < n->valid)
- n->valid = UINT32_MAX;
+ if (UINT32_MAX - now < n->valid_lt)
+ n->valid_lt = UINT32_MAX;
else
- n->valid += now;
+ n->valid_lt += now;
n->dprefix = 0;
if (first && c->managed_size == 0)
free_assignment(c);
- else if (first && !(c->flags & OAF_STATIC))
+ else if (first)
c->valid_until = now + 150;
}
struct ustream_fd *fd = container_of(s, struct ustream_fd, stream);
struct dhcp_assignment *c = container_of(fd, struct dhcp_assignment, managed_sock);
- if (!(c->flags & OAF_STATIC))
- c->valid_until = odhcpd_time() + 15;
+ c->valid_until = odhcpd_time() + 15;
c->managed_size = 0;
ustream_write_pending(&assign->managed_sock.stream);
assign->managed_size = -1;
- if (!(assign->flags & OAF_STATIC))
- assign->valid_until = odhcpd_time() + 15;
+ assign->valid_until = odhcpd_time() + 15;
list_add(&assign->head, &iface->ia_assignments);
/* Try honoring the hint first */
uint32_t current = 1, asize = (1 << (64 - assign->length)) - 1;
- if (assign->assigned) {
+ if (assign->assigned_subnet_id) {
list_for_each_entry(c, &iface->ia_assignments, head) {
- if (c->length == 128 || c->length == 0)
+ if (c->flags & OAF_DHCPV6_NA)
continue;
- if (assign->assigned >= current && assign->assigned + asize < c->assigned) {
+ if (assign->assigned_subnet_id >= current && assign->assigned_subnet_id + asize < c->assigned_subnet_id) {
list_add_tail(&assign->head, &c->head);
if (assign->flags & OAF_BOUND)
return true;
}
- if (c->assigned != 0)
- current = (c->assigned + (1 << (64 - c->length)));
+ current = (c->assigned_subnet_id + (1 << (64 - c->length)));
}
}
/* Fallback to a variable assignment */
current = 1;
list_for_each_entry(c, &iface->ia_assignments, head) {
- if (c->length == 128 || c->length == 0)
+ if (c->flags & OAF_DHCPV6_NA)
continue;
current = (current + asize) & (~asize);
- if (current + asize < c->assigned) {
- assign->assigned = current;
+
+ if (current + asize < c->assigned_subnet_id) {
+ assign->assigned_subnet_id = current;
list_add_tail(&assign->head, &c->head);
if (assign->flags & OAF_BOUND)
return true;
}
- if (c->assigned != 0)
- current = (c->assigned + (1 << (64 - c->length)));
+ current = (c->assigned_subnet_id + (1 << (64 - c->length)));
}
return false;
}
+/* Check iid against reserved IPv6 interface identifiers.
+ Refer to:
+ http://www.iana.org/assignments/ipv6-interface-ids */
+static bool is_reserved_ipv6_iid(uint64_t iid)
+{
+ if (iid == 0x0000000000000000)
+ /* Subnet-Router Anycast [RFC4291] */
+ return true;
+
+ if ((iid & 0xFFFFFFFFFF000000) == 0x02005EFFFE000000)
+ /* Reserved IPv6 Interface Identifiers corresponding
+ to the IANA Ethernet Block [RFC4291] */
+ return true;
+
+ if ((iid & 0xFFFFFFFFFFFFFF80) == 0xFDFFFFFFFFFFFF80)
+ /* Reserved Subnet Anycast Addresses [RFC2526] */
+ return true;
+
+ return false;
+}
+
static bool assign_na(struct interface *iface, struct dhcp_assignment *a)
{
struct dhcp_assignment *c;
uint32_t seed = 0;
/* Preconfigured assignment by static lease */
- if (a->assigned) {
+ if (a->assigned_host_id) {
list_for_each_entry(c, &iface->ia_assignments, head) {
- if (c->length == 0)
- continue;
-
- if (c->assigned > a->assigned || c->length != 128) {
+ if (!(c->flags & OAF_DHCPV6_NA) || c->assigned_host_id > a->assigned_host_id ) {
list_add_tail(&a->head, &c->head);
return true;
- } else if (c->assigned == a->assigned)
+ } else if (c->assigned_host_id == a->assigned_host_id)
return false;
}
}
/* Seed RNG with checksum of DUID */
for (size_t i = 0; i < a->clid_len; ++i)
seed += a->clid_data[i];
- srand(seed);
+ srandom(seed);
/* Try to assign up to 100x */
for (size_t i = 0; i < 100; ++i) {
- uint32_t try;
- do try = ((uint32_t)rand()) % 0x0fff; while (try < 0x100);
+ uint64_t try;
+
+ if (iface->dhcpv6_hostid_len > 32) {
+ uint32_t mask_high;
+
+ if (iface->dhcpv6_hostid_len >= 64)
+ mask_high = UINT32_MAX;
+ else
+ mask_high = (1 << (iface->dhcpv6_hostid_len - 32)) - 1;
+
+ do {
+ try = (uint32_t)random();
+ try |= (uint64_t)((uint32_t)random() & mask_high) << 32;
+ } while (try < 0x100);
+ } else {
+ uint32_t mask_low;
+
+ if (iface->dhcpv6_hostid_len == 32)
+ mask_low = UINT32_MAX;
+ else
+ mask_low = (1 << iface->dhcpv6_hostid_len) - 1;
+ do try = ((uint32_t)random()) & mask_low; while (try < 0x100);
+ }
+
+ if (is_reserved_ipv6_iid(try))
+ continue;
if (config_find_lease_by_hostid(try))
continue;
list_for_each_entry(c, &iface->ia_assignments, head) {
- if (c->length == 0)
- continue;
-
- if (c->assigned > try || c->length != 128) {
- a->assigned = try;
+ if (!(c->flags & OAF_DHCPV6_NA) || c->assigned_host_id > try) {
+ a->assigned_host_id = try;
list_add_tail(&a->head, &c->head);
return true;
- } else if (c->assigned == try)
+ } else if (c->assigned_host_id == try)
break;
}
}
time_t now = odhcpd_time();
list_for_each_entry(c, &iface->ia_assignments, head) {
- if (c != border && !(iface->ra_flags & ND_RA_FLAG_MANAGED)
+ if ((c->flags & OAF_DHCPV6_PD) && !(iface->ra_flags & ND_RA_FLAG_MANAGED)
&& (c->flags & OAF_BOUND))
__apply_lease(c, info->addrs_old.addrs,
info->addrs_old.len, false);
set_border_assignment_size(iface, border);
list_for_each_entry_safe(c, d, &iface->ia_assignments, head) {
- if (c->clid_len == 0 || (!INFINITE_VALID(c->valid_until) && c->valid_until < now) ||
- c->managed_size)
+ if (c->clid_len == 0 ||
+ !(c->flags & OAF_DHCPV6_PD) ||
+ (!INFINITE_VALID(c->valid_until) && c->valid_until < now) ||
+ c->managed_size)
continue;
- if (c->length < 128 && (c->assigned == 0 || c->assigned >= border->assigned) && c != border)
+ if (c->assigned_subnet_id >= border->assigned_subnet_id)
list_move(&c->head, &reassign);
- else if (c != border && (c->flags & OAF_BOUND))
+ else if (c->flags & OAF_BOUND)
apply_lease(c, true);
if (c->accept_reconf && c->reconf_cnt == 0) {
while (!list_empty(&reassign)) {
c = list_first_entry(&reassign, struct dhcp_assignment, head);
list_del_init(&c->head);
- if (!assign_pd(iface, c)) {
- c->assigned = 0;
- list_add(&c->head, &iface->ia_assignments);
- }
+ if (!assign_pd(iface, c))
+ free_assignment(c);
}
dhcpv6_ia_write_statefile();
}
if (a) {
- uint32_t leasetime;
+ uint32_t leasetime, preferred_lt;
- if (a->leasetime)
+ if (a->leasetime) {
leasetime = a->leasetime;
- else
- leasetime = iface->dhcpv4_leasetime;
+ preferred_lt = a->leasetime;
+ } else {
+ leasetime = iface->dhcp_leasetime;
+ preferred_lt = iface->preferred_lifetime;
+ }
- uint32_t pref = leasetime;
- uint32_t valid = leasetime;
+ uint32_t valid_lt = leasetime;
struct odhcpd_ipaddr *addrs = (a->managed) ? a->managed : iface->addr6;
size_t addrlen = (a->managed) ? (size_t)a->managed_size : iface->addr6_len;
size_t m = get_preferred_addr(addrs, addrlen);
for (size_t i = 0; i < addrlen; ++i) {
- uint32_t prefix_pref = addrs[i].preferred;
- uint32_t prefix_valid = addrs[i].valid;
+ uint32_t prefix_preferred_lt, prefix_valid_lt;
if (!valid_addr(&addrs[i], now))
continue;
- if (prefix_pref != UINT32_MAX)
- prefix_pref -= now;
+ /* Filter Out Prefixes */
+ if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface)) {
+ char addrbuf[INET6_ADDRSTRLEN];
+ syslog(LOG_INFO, "Address %s filtered out on %s",
+ inet_ntop(AF_INET6, &addrs[i].addr.in6, addrbuf, sizeof(addrbuf)),
+ iface->name);
+ continue;
+ }
+
+ prefix_preferred_lt = addrs[i].preferred_lt;
+ prefix_valid_lt = addrs[i].valid_lt;
+
+ if (prefix_preferred_lt != UINT32_MAX)
+ prefix_preferred_lt -= now;
+
+ if (prefix_preferred_lt > preferred_lt)
+ prefix_preferred_lt = preferred_lt;
- if (prefix_valid != UINT32_MAX)
- prefix_valid -= now;
+ if (prefix_valid_lt != UINT32_MAX)
+ prefix_valid_lt -= now;
- if (a->length < 128) {
+ if (prefix_valid_lt > leasetime)
+ prefix_valid_lt = leasetime;
+
+ if (prefix_preferred_lt > prefix_valid_lt)
+ prefix_preferred_lt = prefix_valid_lt;
+
+ if (a->flags & OAF_DHCPV6_PD) {
struct dhcpv6_ia_prefix o_ia_p = {
.type = htons(DHCPV6_OPT_IA_PREFIX),
.len = htons(sizeof(o_ia_p) - 4),
- .preferred = htonl(prefix_pref),
- .valid = htonl(prefix_valid),
+ .preferred_lt = htonl(prefix_preferred_lt),
+ .valid_lt = htonl(prefix_valid_lt),
.prefix = (a->managed_size) ? addrs[i].prefix : a->length,
.addr = addrs[i].addr.in6,
};
- o_ia_p.addr.s6_addr32[1] |= htonl(a->assigned);
+ o_ia_p.addr.s6_addr32[1] |= htonl(a->assigned_subnet_id);
o_ia_p.addr.s6_addr32[2] = o_ia_p.addr.s6_addr32[3] = 0;
- if ((a->assigned == 0 && a->managed_size == 0) ||
- !valid_prefix_length(a, addrs[i].prefix))
+ if (!valid_prefix_length(a, addrs[i].prefix))
continue;
if (buflen < ia_len + sizeof(o_ia_p))
memcpy(buf + ia_len, &o_ia_p, sizeof(o_ia_p));
ia_len += sizeof(o_ia_p);
- } else {
+ }
+
+ if (a->flags & OAF_DHCPV6_NA) {
struct dhcpv6_ia_addr o_ia_a = {
.type = htons(DHCPV6_OPT_IA_ADDR),
.len = htons(sizeof(o_ia_a) - 4),
.addr = addrs[i].addr.in6,
- .preferred = htonl(prefix_pref),
- .valid = htonl(prefix_valid)
+ .preferred_lt = htonl(prefix_preferred_lt),
+ .valid_lt = htonl(prefix_valid_lt)
};
- o_ia_a.addr.s6_addr32[3] = htonl(a->assigned);
+ o_ia_a.addr.s6_addr32[2] = htonl(a->assigned_host_id >> 32);
+ o_ia_a.addr.s6_addr32[3] = htonl(a->assigned_host_id & UINT32_MAX);
- if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs) ||
- a->assigned == 0)
+ if (!ADDR_ENTRY_VALID_IA_ADDR(iface, i, m, addrs))
continue;
if (buflen < ia_len + sizeof(o_ia_a))
}
/* Calculate T1 / T2 based on non-deprecated addresses */
- if (prefix_pref > 0) {
- if (prefix_pref < pref)
- pref = prefix_pref;
+ if (prefix_preferred_lt > 0) {
+ if (prefix_preferred_lt < preferred_lt)
+ preferred_lt = prefix_preferred_lt;
- if (prefix_valid < valid)
- valid = prefix_valid;
+ if (prefix_valid_lt < valid_lt)
+ valid_lt = prefix_valid_lt;
}
}
if (!INFINITE_VALID(a->valid_until))
- /* UINT32_MAX is considered as infinite leasetime */
- a->valid_until = (valid == UINT32_MAX) ? 0 : valid + now;
+ /* UINT32_MAX is RFC defined as infinite lease-time */
+ a->valid_until = (valid_lt == UINT32_MAX) ? 0 : valid_lt + now;
- o_ia.t1 = htonl((pref == UINT32_MAX) ? pref : pref * 5 / 10);
- o_ia.t2 = htonl((pref == UINT32_MAX) ? pref : pref * 8 / 10);
+ if (!INFINITE_VALID(a->preferred_until))
+ /* UINT32_MAX is RFC defined as infinite lease-time */
+ a->preferred_until = (preferred_lt == UINT32_MAX) ? 0 : preferred_lt + now;
+
+ o_ia.t1 = htonl((preferred_lt == UINT32_MAX) ? preferred_lt : preferred_lt * 5 / 10);
+ o_ia.t2 = htonl((preferred_lt == UINT32_MAX) ? preferred_lt : preferred_lt * 8 / 10);
if (!o_ia.t1)
o_ia.t1 = htonl(1);
size_t addrlen = (a->managed) ? (size_t)a->managed_size : iface->addr6_len;
for (size_t i = 0; i < addrlen; ++i) {
+ struct in6_addr addr;
+
if (!valid_addr(&addrs[i], now))
continue;
- struct in6_addr addr = addrs[i].addr.in6;
+ if (!valid_prefix_length(a, addrs[i].prefix))
+ continue;
+
+ if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface))
+ continue;
+
+ addr = addrs[i].addr.in6;
if (ia->type == htons(DHCPV6_OPT_IA_PD)) {
- addr.s6_addr32[1] |= htonl(a->assigned);
+ addr.s6_addr32[1] |= htonl(a->assigned_subnet_id);
addr.s6_addr32[2] = addr.s6_addr32[3] = 0;
if (!memcmp(&ia_p->addr, &addr, sizeof(addr)) &&
ia_p->prefix == ((a->managed) ? addrs[i].prefix : a->length))
found = true;
} else {
- addr.s6_addr32[3] = htonl(a->assigned);
+ addr.s6_addr32[2] = htonl(a->assigned_host_id >> 32);
+ addr.s6_addr32[3] = htonl(a->assigned_host_id & UINT32_MAX);
if (!memcmp(&ia_a->addr, &addr, sizeof(addr)))
found = true;
struct dhcpv6_ia_prefix o_ia_p = {
.type = htons(DHCPV6_OPT_IA_PREFIX),
.len = htons(sizeof(o_ia_p) - 4),
- .preferred = 0,
- .valid = 0,
+ .preferred_lt = 0,
+ .valid_lt = 0,
.prefix = ia_p->prefix,
.addr = ia_p->addr,
};
.type = htons(DHCPV6_OPT_IA_ADDR),
.len = htons(sizeof(o_ia_a) - 4),
.addr = ia_a->addr,
- .preferred = 0,
- .valid = 0,
+ .preferred_lt = 0,
+ .valid_lt = 0,
};
if (buflen < ia_len + sizeof(o_ia_a))
int buf_idx;
};
-static void dhcpv6_log_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref,
- _unused uint32_t valid, void *arg)
+static void dhcpv6_log_ia_addr(struct in6_addr *addr, int prefix, _unused uint32_t pref_lt,
+ _unused uint32_t valid_lt, void *arg)
{
struct log_ctxt *ctxt = (struct log_ctxt *)arg;
char addrbuf[INET6_ADDRSTRLEN];
if (!valid_addr(&addrs[i], now))
continue;
+ if (ADDR_MATCH_PIO_FILTER(&addrs[i], iface))
+ continue;
+
if (ia->type == htons(DHCPV6_OPT_IA_PD)) {
if (p->prefix < addrs[i].prefix ||
odhcpd_bmemcmp(&p->addr, &addrs[i].addr.in6, addrs[i].prefix))
if (reqlen > 64)
reqlen = 64;
+
+ /*
+ * A requesting router can include a desired prefix length for its
+ * delegation. The delegating router (us) is not required to honor
+ * the hint (RFC3633, section 11.2, we MAY choose to use the
+ * information in the option; RFC8168, section 3.2 has several SHOULDs
+ * about desired choices for selecting a prefix to delegate).
+ *
+ * We support a policy setting to conserve prefix space, which purposely
+ * assigns prefixes that might not match the requesting router's hint.
+ *
+ * If the minimum prefix length is set in this interface's
+ * configuration, we use it as a floor for the requested (hinted)
+ * prefix length. This allows us to conserve prefix space so that
+ * any single router can't grab too much of it. Consider if we have
+ * an interface with a /56 prefix. A requesting router could ask for
+ * a /58 and take 1/4 of our total address space. But if we set a
+ * minimum of /60, we can limit each requesting router to get only
+ * 1/16 of our total address space.
+ */
+ if (iface->dhcpv6_pd_min_len && reqlen < iface->dhcpv6_pd_min_len) {
+ syslog(LOG_INFO, "clamping requested PD from %d to %d",
+ reqlen, iface->dhcpv6_pd_min_len);
+ reqlen = iface->dhcpv6_pd_min_len;
+ }
} else if (is_na) {
uint8_t *sdata;
uint16_t stype, slen;
list_for_each_entry(c, &iface->ia_assignments, head) {
if ((c->clid_len == clid_len && !memcmp(c->clid_data, clid_data, clid_len)) &&
c->iaid == ia->iaid && (INFINITE_VALID(c->valid_until) || now < c->valid_until) &&
- ((is_pd && c->length <= 64) || (is_na && c->length == 128))) {
+ ((is_pd && (c->flags & OAF_DHCPV6_PD)) || (is_na && (c->flags & OAF_DHCPV6_NA)))) {
a = c;
/* Reset state */
a->iaid = ia->iaid;
a->length = reqlen;
a->peer = *addr;
- a->assigned = is_na && l ? l->hostid : reqhint;
- /* Set valid time to 0 for static lease indicating */
- /* infinite lifetime otherwise current time */
- a->valid_until = l ? 0 : now;
+ if (is_na)
+ a->assigned_host_id = l ? l->hostid : 0;
+ else
+ a->assigned_subnet_id = reqhint;
+ a->valid_until = now;
+ a->preferred_until = now;
a->dhcp_free_cb = dhcpv6_ia_free_assignment;
a->iface = iface;
- a->flags = OAF_DHCPV6;
+ a->flags = (is_pd ? OAF_DHCPV6_PD : OAF_DHCPV6_NA);
if (first)
memcpy(a->key, first->key, sizeof(a->key));
/* Set error status */
status = (is_pd) ? DHCPV6_STATUS_NOPREFIXAVAIL : DHCPV6_STATUS_NOADDRSAVAIL;
else if (hdr->msg_type == DHCPV6_MSG_REQUEST && !dhcpv6_ia_on_link(ia, a, iface)) {
- /* Send NOTONLINK staus for the IA */
+ /* Send NOTONLINK status for the IA */
status = DHCPV6_STATUS_NOTONLINK;
assigned = false;
} else if (accept_reconf && assigned && !first &&
a->flags &= ~OAF_BOUND;
a->flags |= OAF_TENTATIVE;
- if (!(a->flags & OAF_STATIC))
- /* Keep tentative assignment around for 60 seconds */
- a->valid_until = now + 60;
+ /* Keep tentative assignment around for 60 seconds */
+ a->valid_until = now + 60;
} else if (assigned &&
((hdr->msg_type == DHCPV6_MSG_SOLICIT && rapid_commit) ||
apply_lease(a, true);
}
} else if (hdr->msg_type == DHCPV6_MSG_RELEASE) {
- if (!(a->flags & OAF_STATIC))
- a->valid_until = now - 1;
-
- if (a->flags & OAF_BOUND) {
- apply_lease(a, false);
- a->flags &= ~OAF_BOUND;
- }
- } else if (hdr->msg_type == DHCPV6_MSG_DECLINE && a->length == 128) {
+ a->valid_until = now - 1;
+ } else if ((a->flags & OAF_DHCPV6_NA) && hdr->msg_type == DHCPV6_MSG_DECLINE) {
a->flags &= ~OAF_BOUND;
- if (!(a->flags & OAF_STATIC)) {
+ if (!(a->flags & OAF_STATIC) || a->lease->hostid != a->assigned_host_id) {
memset(a->clid_data, 0, a->clid_len);
a->valid_until = now + 3600; /* Block address for 1h */
- }
+ } else
+ a->valid_until = now - 1;
}
} else if (hdr->msg_type == DHCPV6_MSG_CONFIRM) {
if (ia_addr_present && !dhcpv6_ia_on_link(ia, a, iface)) {