projects / project / odhcp6c.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
odhcp6c: add -K option to set packet kernel priority
[project/odhcp6c.git] / src / dhcpv6.c
1 /**
2 * Copyright (C) 2012-2014 Steven Barth <steven@midlink.org>
3 * Copyright (C) 2017-2018 Hans Dedecker <dedeckeh@gmail.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License v2 as published by
7 * the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 */
15
16 #include <time.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #include <inttypes.h>
20 #include <stdlib.h>
21 #include <signal.h>
22 #include <limits.h>
23 #include <resolv.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <syslog.h>
27 #include <stdbool.h>
28 #include <ctype.h>
29 #include <sys/time.h>
30 #include <sys/ioctl.h>
31 #include <sys/socket.h>
32 #include <arpa/inet.h>
33 #include <netinet/in.h>
34
35 #include <net/if.h>
36 #include <net/ethernet.h>
37
38 #include "odhcp6c.h"
39 #ifdef USE_LIBUBOX
40 #include <libubox/md5.h>
41 #else
42 #include "md5.h"
43 #endif
44
45
46 #define ALL_DHCPV6_RELAYS {{{0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\
47 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02}}}
48 #define DHCPV6_CLIENT_PORT 546
49 #define DHCPV6_SERVER_PORT 547
50 #define DHCPV6_DUID_LLADDR 3
51 #define DHCPV6_REQ_DELAY 1
52
53 #define DHCPV6_SOL_MAX_RT_MIN 60
54 #define DHCPV6_SOL_MAX_RT_MAX 86400
55 #define DHCPV6_INF_MAX_RT_MIN 60
56 #define DHCPV6_INF_MAX_RT_MAX 86400
57
58 static bool dhcpv6_response_is_valid(const void *buf, ssize_t len,
59 const uint8_t transaction[3], enum dhcpv6_msg type,
60 const struct in6_addr *daddr);
61
62 static unsigned int dhcpv6_parse_ia(void *opt, void *end);
63
64 static unsigned int dhcpv6_calc_refresh_timers(void);
65 static void dhcpv6_handle_status_code(_unused const enum dhcpv6_msg orig,
66 const uint16_t code, const void *status_msg, const int len,
67 int *ret);
68 static void dhcpv6_handle_ia_status_code(const enum dhcpv6_msg orig,
69 const struct dhcpv6_ia_hdr *ia_hdr, const uint16_t code,
70 const void *status_msg, const int len,
71 bool handled_status_codes[_DHCPV6_Status_Max],
72 int *ret);
73 static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand);
74 static void dhcpv6_clear_all_server_cand(void);
75
76 static reply_handler dhcpv6_handle_reply;
77 static reply_handler dhcpv6_handle_advert;
78 static reply_handler dhcpv6_handle_rebind_reply;
79 static reply_handler dhcpv6_handle_reconfigure;
80 static int dhcpv6_commit_advert(void);
81
82 // RFC 3315 - 5.5 Timeout and Delay values
83 static struct dhcpv6_retx dhcpv6_retx[_DHCPV6_MSG_MAX] = {
84 [DHCPV6_MSG_UNKNOWN] = {false, 1, 120, 0, "<POLL>",
85 dhcpv6_handle_reconfigure, NULL},
86 [DHCPV6_MSG_SOLICIT] = {true, 1, DHCPV6_SOL_MAX_RT, 0, "SOLICIT",
87 dhcpv6_handle_advert, dhcpv6_commit_advert},
88 [DHCPV6_MSG_REQUEST] = {true, 1, DHCPV6_REQ_MAX_RT, 10, "REQUEST",
89 dhcpv6_handle_reply, NULL},
90 [DHCPV6_MSG_RENEW] = {false, 10, DHCPV6_REN_MAX_RT, 0, "RENEW",
91 dhcpv6_handle_reply, NULL},
92 [DHCPV6_MSG_REBIND] = {false, 10, DHCPV6_REB_MAX_RT, 0, "REBIND",
93 dhcpv6_handle_rebind_reply, NULL},
94 [DHCPV6_MSG_RELEASE] = {false, 1, 0, 5, "RELEASE", NULL, NULL},
95 [DHCPV6_MSG_DECLINE] = {false, 1, 0, 5, "DECLINE", NULL, NULL},
96 [DHCPV6_MSG_INFO_REQ] = {true, 1, DHCPV6_INF_MAX_RT, 0, "INFOREQ",
97 dhcpv6_handle_reply, NULL},
98 };
99
100 // Sockets
101 static int sock = -1;
102 static int ifindex = -1;
103 static int64_t t1 = 0, t2 = 0, t3 = 0;
104
105 // IA states
106 static enum odhcp6c_ia_mode na_mode = IA_MODE_NONE, pd_mode = IA_MODE_NONE;
107 static bool stateful_only_mode = false;
108 static bool accept_reconfig = false;
109 // Server unicast address
110 static struct in6_addr server_addr = IN6ADDR_ANY_INIT;
111
112 // Reconfigure key
113 static uint8_t reconf_key[16];
114
115 // client options
116 static unsigned int client_options = 0;
117
118 static uint32_t ntohl_unaligned(const uint8_t *data)
119 {
120 uint32_t buf;
121
122 memcpy(&buf, data, sizeof(buf));
123 return ntohl(buf);
124 }
125
126 static char *dhcpv6_msg_to_str(enum dhcpv6_msg msg)
127 {
128 switch (msg) {
129 case DHCPV6_MSG_SOLICIT:
130 return "SOLICIT";
131
132 case DHCPV6_MSG_ADVERT:
133 return "ADVERTISE";
134
135 case DHCPV6_MSG_REQUEST:
136 return "REQUEST";
137
138 case DHCPV6_MSG_RENEW:
139 return "RENEW";
140
141 case DHCPV6_MSG_REBIND:
142 return "REBIND";
143
144 case DHCPV6_MSG_REPLY:
145 return "REPLY";
146
147 case DHCPV6_MSG_RELEASE:
148 return "RELEASE";
149
150 case DHCPV6_MSG_DECLINE:
151 return "DECLINE";
152
153 case DHCPV6_MSG_RECONF:
154 return "RECONFIGURE";
155
156 case DHCPV6_MSG_INFO_REQ:
157 return "INFORMATION REQUEST";
158
159 default:
160 break;
161 }
162
163 return "UNKNOWN";
164 }
165
166 static char *dhcpv6_status_code_to_str(uint16_t code)
167 {
168 switch (code) {
169 case DHCPV6_Success:
170 return "Success";
171
172 case DHCPV6_UnspecFail:
173 return "Unspecified Failure";
174
175 case DHCPV6_NoAddrsAvail:
176 return "No Address Available";
177
178 case DHCPV6_NoBinding:
179 return "No Binding";
180
181 case DHCPV6_NotOnLink:
182 return "Not On Link";
183
184 case DHCPV6_UseMulticast:
185 return "Use Multicast";
186
187 case DHCPV6_NoPrefixAvail:
188 return "No Prefix Available";
189
190 default:
191 break;
192 }
193
194 return "Unknown";
195 }
196
197 int init_dhcpv6(const char *ifname, unsigned int options, int sk_prio, int sol_timeout)
198 {
199 client_options = options;
200 dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_timeout;
201
202 sock = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
203 if (sock < 0)
204 goto failure;
205
206 // Detect interface
207 struct ifreq ifr;
208 memset(&ifr, 0, sizeof(ifr));
209 strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
210 if (ioctl(sock, SIOCGIFINDEX, &ifr) < 0)
211 goto failure;
212
213 ifindex = ifr.ifr_ifindex;
214
215 // Create client DUID
216 size_t client_id_len;
217 odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len);
218 if (client_id_len == 0) {
219 uint8_t duid[14] = {0, DHCPV6_OPT_CLIENTID, 0, 10, 0,
220 DHCPV6_DUID_LLADDR, 0, 1};
221
222 if (ioctl(sock, SIOCGIFHWADDR, &ifr) >= 0)
223 memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
224
225 uint8_t zero[ETHER_ADDR_LEN] = {0, 0, 0, 0, 0, 0};
226 struct ifreq ifs[100], *ifp, *ifend;
227 struct ifconf ifc;
228 ifc.ifc_req = ifs;
229 ifc.ifc_len = sizeof(ifs);
230
231 if (!memcmp(&duid[8], zero, ETHER_ADDR_LEN) &&
232 ioctl(sock, SIOCGIFCONF, &ifc) >= 0) {
233 // If our interface doesn't have an address...
234 ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq));
235 for (ifp = ifc.ifc_req; ifp < ifend &&
236 !memcmp(&duid[8], zero, ETHER_ADDR_LEN); ifp++) {
237 memcpy(ifr.ifr_name, ifp->ifr_name,
238 sizeof(ifr.ifr_name));
239 if (ioctl(sock, SIOCGIFHWADDR, &ifr) < 0)
240 continue;
241
242 memcpy(&duid[8], ifr.ifr_hwaddr.sa_data,
243 ETHER_ADDR_LEN);
244 }
245 }
246
247 odhcp6c_add_state(STATE_CLIENT_ID, duid, sizeof(duid));
248 }
249
250 // Create ORO
251 if (!(client_options & DHCPV6_STRICT_OPTIONS)) {
252 uint16_t oro[] = {
253 htons(DHCPV6_OPT_SIP_SERVER_D),
254 htons(DHCPV6_OPT_SIP_SERVER_A),
255 htons(DHCPV6_OPT_DNS_SERVERS),
256 htons(DHCPV6_OPT_DNS_DOMAIN),
257 htons(DHCPV6_OPT_SNTP_SERVERS),
258 htons(DHCPV6_OPT_NTP_SERVER),
259 htons(DHCPV6_OPT_AFTR_NAME),
260 htons(DHCPV6_OPT_PD_EXCLUDE),
261 #ifdef EXT_CER_ID
262 htons(DHCPV6_OPT_CER_ID),
263 #endif
264 htons(DHCPV6_OPT_S46_CONT_MAPE),
265 htons(DHCPV6_OPT_S46_CONT_MAPT),
266 htons(DHCPV6_OPT_S46_CONT_LW),
267 };
268 odhcp6c_add_state(STATE_ORO, oro, sizeof(oro));
269 }
270 // Required oro
271 uint16_t req_oro[] = {
272 htons(DHCPV6_OPT_INF_MAX_RT),
273 htons(DHCPV6_OPT_SOL_MAX_RT),
274 htons(DHCPV6_OPT_INFO_REFRESH),
275 };
276 odhcp6c_add_state(STATE_ORO, req_oro, sizeof(req_oro));
277
278 // Configure IPv6-options
279 int val = 1;
280 if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val)) < 0)
281 goto failure;
282
283 if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0)
284 goto failure;
285
286 if (setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val)) < 0)
287 goto failure;
288
289 if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)) < 0)
290 goto failure;
291
292 if (setsockopt(sock, SOL_SOCKET, SO_PRIORITY, &sk_prio, sizeof(sk_prio)) < 0)
293 goto failure;
294
295 struct sockaddr_in6 client_addr = { .sin6_family = AF_INET6,
296 .sin6_port = htons(DHCPV6_CLIENT_PORT), .sin6_flowinfo = 0 };
297
298 if (bind(sock, (struct sockaddr*)&client_addr, sizeof(client_addr)) < 0)
299 goto failure;
300
301 return 0;
302
303 failure:
304 if (sock >= 0)
305 close(sock);
306
307 return -1;
308 }
309
310 enum {
311 IOV_HDR=0,
312 IOV_ORO,
313 IOV_CL_ID,
314 IOV_SRV_ID,
315 IOV_OPTS,
316 IOV_RECONF_ACCEPT,
317 IOV_FQDN,
318 IOV_HDR_IA_NA,
319 IOV_IA_NA,
320 IOV_IA_PD,
321 IOV_TOTAL
322 };
323
324 int dhcpv6_set_ia_mode(enum odhcp6c_ia_mode na, enum odhcp6c_ia_mode pd, bool stateful_only)
325 {
326 int mode = DHCPV6_UNKNOWN;
327
328 na_mode = na;
329 pd_mode = pd;
330 stateful_only_mode = stateful_only;
331
332 if (na_mode == IA_MODE_NONE && pd_mode == IA_MODE_NONE)
333 mode = DHCPV6_STATELESS;
334 else if (na_mode == IA_MODE_FORCE || pd_mode == IA_MODE_FORCE)
335 mode = DHCPV6_STATEFUL;
336
337 return mode;
338 }
339
340 static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs)
341 {
342 // Build FQDN
343 char fqdn_buf[256];
344 gethostname(fqdn_buf, sizeof(fqdn_buf));
345 struct {
346 uint16_t type;
347 uint16_t len;
348 uint8_t flags;
349 uint8_t data[256];
350 } fqdn;
351 size_t fqdn_len = 5 + dn_comp(fqdn_buf, fqdn.data,
352 sizeof(fqdn.data), NULL, NULL);
353 fqdn.type = htons(DHCPV6_OPT_FQDN);
354 fqdn.len = htons(fqdn_len - 4);
355 fqdn.flags = 0;
356
357 // Build Client ID
358 size_t cl_id_len;
359 void *cl_id = odhcp6c_get_state(STATE_CLIENT_ID, &cl_id_len);
360
361 // Get Server ID
362 size_t srv_id_len;
363 void *srv_id = odhcp6c_get_state(STATE_SERVER_ID, &srv_id_len);
364
365 // Build IA_PDs
366 size_t ia_pd_entries = 0, ia_pd_len = 0;
367 uint8_t *ia_pd;
368
369 if (type == DHCPV6_MSG_SOLICIT) {
370 odhcp6c_clear_state(STATE_IA_PD);
371 size_t n_prefixes;
372 struct odhcp6c_request_prefix *request_prefixes = odhcp6c_get_state(STATE_IA_PD_INIT, &n_prefixes);
373 n_prefixes /= sizeof(struct odhcp6c_request_prefix);
374
375 ia_pd = alloca(n_prefixes * (sizeof(struct dhcpv6_ia_hdr) + sizeof(struct dhcpv6_ia_prefix)));
376
377 for (size_t i = 0; i < n_prefixes; i++) {
378 struct dhcpv6_ia_hdr hdr_ia_pd = {
379 htons(DHCPV6_OPT_IA_PD),
380 htons(sizeof(hdr_ia_pd) - 4 +
381 sizeof(struct dhcpv6_ia_prefix) * !!request_prefixes[i].length),
382 request_prefixes[i].iaid, 0, 0
383 };
384 struct dhcpv6_ia_prefix pref = {
385 .type = htons(DHCPV6_OPT_IA_PREFIX),
386 .len = htons(sizeof(pref) - 4),
387 .prefix = request_prefixes[i].length
388 };
389 memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd));
390 ia_pd_len += sizeof(hdr_ia_pd);
391 if (request_prefixes[i].length) {
392 memcpy(ia_pd + ia_pd_len, &pref, sizeof(pref));
393 ia_pd_len += sizeof(pref);
394 }
395 }
396 } else {
397 struct odhcp6c_entry *e = odhcp6c_get_state(STATE_IA_PD, &ia_pd_entries);
398 ia_pd_entries /= sizeof(*e);
399
400 // we're too lazy to count our distinct IAIDs,
401 // so just allocate maximally needed space
402 ia_pd = alloca(ia_pd_entries * (sizeof(struct dhcpv6_ia_prefix) + 10 +
403 sizeof(struct dhcpv6_ia_hdr)));
404
405 for (size_t i = 0; i < ia_pd_entries; ++i) {
406 uint32_t iaid = e[i].iaid;
407
408 // check if this is an unprocessed IAID and skip if not.
409 int new_iaid = 1;
410 for (int j = i-1; j >= 0; j--) {
411 if (e[j].iaid == iaid) {
412 new_iaid = 0;
413 break;
414 }
415 }
416
417 if (!new_iaid)
418 continue;
419
420 // construct header
421 struct dhcpv6_ia_hdr hdr_ia_pd = {
422 htons(DHCPV6_OPT_IA_PD),
423 htons(sizeof(hdr_ia_pd) - 4),
424 iaid, 0, 0
425 };
426
427 memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd));
428 struct dhcpv6_ia_hdr *hdr = (struct dhcpv6_ia_hdr *) (ia_pd + ia_pd_len);
429 ia_pd_len += sizeof(hdr_ia_pd);
430
431 for (size_t j = i; j < ia_pd_entries; j++) {
432 if (e[j].iaid != iaid)
433 continue;
434
435 uint8_t ex_len = 0;
436 if (e[j].priority > 0)
437 ex_len = ((e[j].priority - e[j].length - 1) / 8) + 6;
438
439 struct dhcpv6_ia_prefix p = {
440 .type = htons(DHCPV6_OPT_IA_PREFIX),
441 .len = htons(sizeof(p) - 4U + ex_len),
442 .prefix = e[j].length,
443 .addr = e[j].target
444 };
445
446 if (type == DHCPV6_MSG_REQUEST) {
447 p.preferred = htonl(e[j].preferred);
448 p.valid = htonl(e[j].valid);
449 }
450
451 memcpy(ia_pd + ia_pd_len, &p, sizeof(p));
452 ia_pd_len += sizeof(p);
453
454 if (ex_len) {
455 ia_pd[ia_pd_len++] = 0;
456 ia_pd[ia_pd_len++] = DHCPV6_OPT_PD_EXCLUDE;
457 ia_pd[ia_pd_len++] = 0;
458 ia_pd[ia_pd_len++] = ex_len - 4;
459 ia_pd[ia_pd_len++] = e[j].priority;
460
461 uint32_t excl = ntohl(e[j].router.s6_addr32[1]);
462 excl >>= (64 - e[j].priority);
463 excl <<= 8 - ((e[j].priority - e[j].length) % 8);
464
465 for (size_t i = ex_len - 5; i > 0; --i, excl >>= 8)
466 ia_pd[ia_pd_len + i] = excl & 0xff;
467 ia_pd_len += ex_len - 5;
468 }
469
470 hdr->len = htons(ntohs(hdr->len) + ntohs(p.len) + 4U);
471 }
472 }
473 }
474
475 // Build IA_NAs
476 size_t ia_na_entries, ia_na_len = 0;
477 void *ia_na = NULL;
478 struct odhcp6c_entry *e = odhcp6c_get_state(STATE_IA_NA, &ia_na_entries);
479 ia_na_entries /= sizeof(*e);
480
481 struct dhcpv6_ia_hdr hdr_ia_na = {
482 htons(DHCPV6_OPT_IA_NA),
483 htons(sizeof(hdr_ia_na) - 4),
484 htonl(1), 0, 0
485 };
486
487 struct dhcpv6_ia_addr pa[ia_na_entries];
488 for (size_t i = 0; i < ia_na_entries; ++i) {
489 pa[i].type = htons(DHCPV6_OPT_IA_ADDR);
490 pa[i].len = htons(sizeof(pa[i]) - 4U);
491 pa[i].addr = e[i].target;
492
493 if (type == DHCPV6_MSG_REQUEST) {
494 pa[i].preferred = htonl(e[i].preferred);
495 pa[i].valid = htonl(e[i].valid);
496 } else {
497 pa[i].preferred = 0;
498 pa[i].valid = 0;
499 }
500 }
501
502 ia_na = pa;
503 ia_na_len = sizeof(pa);
504 hdr_ia_na.len = htons(ntohs(hdr_ia_na.len) + ia_na_len);
505
506 // Reconfigure Accept
507 struct {
508 uint16_t type;
509 uint16_t length;
510 } reconf_accept = {htons(DHCPV6_OPT_RECONF_ACCEPT), 0};
511
512 // Option list
513 size_t opts_len;
514 void *opts = odhcp6c_get_state(STATE_OPTS, &opts_len);
515
516 // Option Request List
517 size_t oro_entries, oro_len = 0;
518 uint16_t *oro, *s_oro = odhcp6c_get_state(STATE_ORO, &oro_entries);
519
520 oro_entries /= sizeof(*s_oro);
521 oro = alloca(oro_entries * sizeof(*oro));
522
523 for (size_t i = 0; i < oro_entries; i++) {
524 struct odhcp6c_opt *opt = odhcp6c_find_opt(htons(s_oro[i]));
525
526 if (opt) {
527 if (!(opt->flags & OPT_ORO))
528 continue;
529
530 if ((opt->flags & OPT_ORO_SOLICIT) && type != DHCPV6_MSG_SOLICIT)
531 continue;
532
533 if ((opt->flags & OPT_ORO_STATELESS) && type != DHCPV6_MSG_INFO_REQ)
534 continue;
535
536 if ((opt->flags & OPT_ORO_STATEFUL) && type == DHCPV6_MSG_INFO_REQ)
537 continue;
538 }
539
540 oro[oro_len++] = s_oro[i];
541 }
542 oro_len *= sizeof(*oro);
543
544 // Prepare Header
545 struct {
546 uint8_t type;
547 uint8_t trid[3];
548 uint16_t elapsed_type;
549 uint16_t elapsed_len;
550 uint16_t elapsed_value;
551 uint16_t oro_type;
552 uint16_t oro_len;
553 } hdr = {
554 type, {trid[0], trid[1], trid[2]},
555 htons(DHCPV6_OPT_ELAPSED), htons(2),
556 htons((ecs > 0xffff) ? 0xffff : ecs),
557 htons(DHCPV6_OPT_ORO), htons(oro_len),
558 };
559
560 struct iovec iov[IOV_TOTAL] = {
561 [IOV_HDR] = {&hdr, sizeof(hdr)},
562 [IOV_ORO] = {oro, oro_len},
563 [IOV_CL_ID] = {cl_id, cl_id_len},
564 [IOV_SRV_ID] = {srv_id, srv_id_len},
565 [IOV_OPTS] = { opts, opts_len },
566 [IOV_RECONF_ACCEPT] = {&reconf_accept, sizeof(reconf_accept)},
567 [IOV_FQDN] = {&fqdn, fqdn_len},
568 [IOV_HDR_IA_NA] = {&hdr_ia_na, sizeof(hdr_ia_na)},
569 [IOV_IA_NA] = {ia_na, ia_na_len},
570 [IOV_IA_PD] = {ia_pd, ia_pd_len},
571 };
572
573 size_t cnt = IOV_TOTAL;
574 if (type == DHCPV6_MSG_INFO_REQ)
575 cnt = IOV_HDR_IA_NA;
576
577 // Disable IAs if not used
578 if (type != DHCPV6_MSG_SOLICIT && ia_na_len == 0)
579 iov[IOV_HDR_IA_NA].iov_len = 0;
580
581 if (na_mode == IA_MODE_NONE)
582 iov[IOV_HDR_IA_NA].iov_len = 0;
583
584 if ((type != DHCPV6_MSG_SOLICIT && type != DHCPV6_MSG_REQUEST) ||
585 !(client_options & DHCPV6_ACCEPT_RECONFIGURE))
586 iov[IOV_RECONF_ACCEPT].iov_len = 0;
587
588 if (!(client_options & DHCPV6_CLIENT_FQDN))
589 iov[IOV_FQDN].iov_len = 0;
590
591 struct sockaddr_in6 srv = {AF_INET6, htons(DHCPV6_SERVER_PORT),
592 0, ALL_DHCPV6_RELAYS, ifindex};
593 struct msghdr msg = {.msg_name = &srv, .msg_namelen = sizeof(srv),
594 .msg_iov = iov, .msg_iovlen = cnt};
595
596 switch (type) {
597 case DHCPV6_MSG_REQUEST:
598 case DHCPV6_MSG_RENEW:
599 case DHCPV6_MSG_RELEASE:
600 case DHCPV6_MSG_DECLINE:
601 if (!IN6_IS_ADDR_UNSPECIFIED(&server_addr) &&
602 odhcp6c_addr_in_scope(&server_addr)) {
603 srv.sin6_addr = server_addr;
604 if (!IN6_IS_ADDR_LINKLOCAL(&server_addr))
605 srv.sin6_scope_id = 0;
606 }
607 break;
608 default:
609 break;
610 }
611
612 if (sendmsg(sock, &msg, 0) < 0) {
613 char in6_str[INET6_ADDRSTRLEN];
614
615 syslog(LOG_ERR, "Failed to send %s message to %s (%s)",
616 dhcpv6_msg_to_str(type),
617 inet_ntop(AF_INET6, (const void *)&srv.sin6_addr,
618 in6_str, sizeof(in6_str)), strerror(errno));
619 }
620 }
621
622 static int64_t dhcpv6_rand_delay(int64_t time)
623 {
624 int random;
625 odhcp6c_random(&random, sizeof(random));
626
627 return (time * ((int64_t)random % 1000LL)) / 10000LL;
628 }
629
630 int dhcpv6_request(enum dhcpv6_msg type)
631 {
632 uint8_t rc = 0;
633 uint64_t timeout = UINT32_MAX;
634 struct dhcpv6_retx *retx = &dhcpv6_retx[type];
635
636 if (retx->delay) {
637 struct timespec ts = {0, 0};
638 ts.tv_nsec = (dhcpv6_rand_delay((10000 * DHCPV6_REQ_DELAY) / 2) + (1000 * DHCPV6_REQ_DELAY) / 2) * 1000000;
639
640 while (nanosleep(&ts, &ts) < 0 && errno == EINTR);
641 }
642
643 if (type == DHCPV6_MSG_UNKNOWN)
644 timeout = t1;
645 else if (type == DHCPV6_MSG_RENEW)
646 timeout = (t2 > t1) ? t2 - t1 : ((t1 == UINT32_MAX) ? UINT32_MAX : 0);
647 else if (type == DHCPV6_MSG_REBIND)
648 timeout = (t3 > t2) ? t3 - t2 : ((t2 == UINT32_MAX) ? UINT32_MAX : 0);
649
650 if (timeout == 0)
651 return -1;
652
653 syslog(LOG_NOTICE, "Starting %s transaction (timeout %"PRIu64"s, max rc %d)",
654 retx->name, timeout, retx->max_rc);
655
656 uint64_t start = odhcp6c_get_milli_time(), round_start = start, elapsed;
657
658 // Generate transaction ID
659 uint8_t trid[3] = {0, 0, 0};
660 if (type != DHCPV6_MSG_UNKNOWN)
661 odhcp6c_random(trid, sizeof(trid));
662
663 ssize_t len = -1;
664 int64_t rto = 0;
665
666 do {
667 if (rto == 0) {
668 int64_t delay = dhcpv6_rand_delay(retx->init_timeo * 1000);
669
670 // First RT MUST be strictly greater than IRT for solicit messages (RFC3313 17.1.2)
671 while (type == DHCPV6_MSG_SOLICIT && delay <= 0)
672 delay = dhcpv6_rand_delay(retx->init_timeo * 1000);
673
674 rto = (retx->init_timeo * 1000 + delay);
675 } else
676 rto = (2 * rto + dhcpv6_rand_delay(rto));
677
678 if (retx->max_timeo && (rto >= retx->max_timeo * 1000))
679 rto = retx->max_timeo * 1000 +
680 dhcpv6_rand_delay(retx->max_timeo * 1000);
681
682 // Calculate end for this round and elapsed time
683 uint64_t round_end = round_start + rto;
684 elapsed = round_start - start;
685
686 // Don't wait too long if timeout differs from infinite
687 if ((timeout != UINT32_MAX) && (round_end - start > timeout * 1000))
688 round_end = timeout * 1000 + start;
689
690 // Built and send package
691 switch (type) {
692 case DHCPV6_MSG_UNKNOWN:
693 break;
694 default:
695 syslog(LOG_NOTICE, "Send %s message (elapsed %"PRIu64"ms, rc %d)",
696 retx->name, elapsed, rc);
697 // Fall through
698 case DHCPV6_MSG_SOLICIT:
699 case DHCPV6_MSG_INFO_REQ:
700 dhcpv6_send(type, trid, elapsed / 10);
701 rc++;
702 }
703
704 // Receive rounds
705 for (; len < 0 && (round_start < round_end);
706 round_start = odhcp6c_get_milli_time()) {
707 uint8_t buf[1536];
708 union {
709 struct cmsghdr hdr;
710 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
711 } cmsg_buf;
712 struct iovec iov = {buf, sizeof(buf)};
713 struct sockaddr_in6 addr;
714 struct msghdr msg = {.msg_name = &addr, .msg_namelen = sizeof(addr),
715 .msg_iov = &iov, .msg_iovlen = 1, .msg_control = cmsg_buf.buf,
716 .msg_controllen = sizeof(cmsg_buf)};
717 struct in6_pktinfo *pktinfo = NULL;
718 const struct dhcpv6_header *hdr = (const struct dhcpv6_header *)buf;
719
720 // Check for pending signal
721 if (odhcp6c_signal_process())
722 return -1;
723
724 // Set timeout for receiving
725 uint64_t t = round_end - round_start;
726 struct timeval tv = {t / 1000, (t % 1000) * 1000};
727 if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,
728 &tv, sizeof(tv)) < 0)
729 syslog(LOG_ERR, "setsockopt SO_RCVTIMEO failed (%s)",
730 strerror(errno));
731
732 // Receive cycle
733 len = recvmsg(sock, &msg, 0);
734 if (len < 0)
735 continue;
736
737 for (struct cmsghdr *ch = CMSG_FIRSTHDR(&msg); ch != NULL;
738 ch = CMSG_NXTHDR(&msg, ch)) {
739 if (ch->cmsg_level == SOL_IPV6 &&
740 ch->cmsg_type == IPV6_PKTINFO) {
741 pktinfo = (struct in6_pktinfo *)CMSG_DATA(ch);
742 break;
743 }
744 }
745
746 if (pktinfo == NULL) {
747 len = -1;
748 continue;
749 }
750
751 if (!dhcpv6_response_is_valid(buf, len, trid,
752 type, &pktinfo->ipi6_addr)) {
753 len = -1;
754 continue;
755 }
756
757 uint8_t *opt = &buf[4];
758 uint8_t *opt_end = opt + len - 4;
759
760 round_start = odhcp6c_get_milli_time();
761 elapsed = round_start - start;
762 syslog(LOG_NOTICE, "Got a valid %s after %"PRIu64"ms",
763 dhcpv6_msg_to_str(hdr->msg_type), elapsed);
764
765 if (retx->handler_reply)
766 len = retx->handler_reply(type, rc, opt, opt_end, &addr);
767
768 if (len > 0 && round_end - round_start > 1000)
769 round_end = 1000 + round_start;
770 }
771
772 // Allow
773 if (retx->handler_finish)
774 len = retx->handler_finish();
775 } while (len < 0 && ((timeout == UINT32_MAX) || (elapsed / 1000 < timeout)) &&
776 (!retx->max_rc || rc < retx->max_rc));
777 return len;
778 }
779
780 // Message validation checks according to RFC3315 chapter 15
781 static bool dhcpv6_response_is_valid(const void *buf, ssize_t len,
782 const uint8_t transaction[3], enum dhcpv6_msg type,
783 const struct in6_addr *daddr)
784 {
785 const struct dhcpv6_header *rep = buf;
786 if (len < (ssize_t)sizeof(*rep) || memcmp(rep->tr_id,
787 transaction, sizeof(rep->tr_id)))
788 return false; // Invalid reply
789
790 if (type == DHCPV6_MSG_SOLICIT) {
791 if (rep->msg_type != DHCPV6_MSG_ADVERT &&
792 rep->msg_type != DHCPV6_MSG_REPLY)
793 return false;
794
795 } else if (type == DHCPV6_MSG_UNKNOWN) {
796 if (!accept_reconfig || rep->msg_type != DHCPV6_MSG_RECONF)
797 return false;
798
799 } else if (rep->msg_type != DHCPV6_MSG_REPLY)
800 return false;
801
802 uint8_t *end = ((uint8_t*)buf) + len, *odata = NULL,
803 rcmsg = DHCPV6_MSG_UNKNOWN;
804 uint16_t otype, olen = UINT16_MAX;
805 bool clientid_ok = false, serverid_ok = false, rcauth_ok = false,
806 ia_present = false, options_valid = true;
807
808 size_t client_id_len, server_id_len;
809 void *client_id = odhcp6c_get_state(STATE_CLIENT_ID, &client_id_len);
810 void *server_id = odhcp6c_get_state(STATE_SERVER_ID, &server_id_len);
811
812 dhcpv6_for_each_option(&rep[1], end, otype, olen, odata) {
813 if (otype == DHCPV6_OPT_CLIENTID) {
814 clientid_ok = (olen + 4U == client_id_len) && !memcmp(
815 &odata[-4], client_id, client_id_len);
816 } else if (otype == DHCPV6_OPT_SERVERID) {
817 if (server_id_len)
818 serverid_ok = (olen + 4U == server_id_len) && !memcmp(
819 &odata[-4], server_id, server_id_len);
820 else
821 serverid_ok = true;
822 } else if (otype == DHCPV6_OPT_AUTH && olen == -4 +
823 sizeof(struct dhcpv6_auth_reconfigure)) {
824 struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4];
825 if (r->protocol != 3 || r->algorithm != 1 || r->reconf_type != 2)
826 continue;
827
828 md5_ctx_t md5;
829 uint8_t serverhash[16], secretbytes[64];
830 uint32_t hash[4];
831 memcpy(serverhash, r->key, sizeof(serverhash));
832 memset(r->key, 0, sizeof(r->key));
833
834 memset(secretbytes, 0, sizeof(secretbytes));
835 memcpy(secretbytes, reconf_key, sizeof(reconf_key));
836
837 for (size_t i = 0; i < sizeof(secretbytes); ++i)
838 secretbytes[i] ^= 0x36;
839
840 md5_begin(&md5);
841 md5_hash(secretbytes, sizeof(secretbytes), &md5);
842 md5_hash(buf, len, &md5);
843 md5_end(hash, &md5);
844
845 for (size_t i = 0; i < sizeof(secretbytes); ++i) {
846 secretbytes[i] ^= 0x36;
847 secretbytes[i] ^= 0x5c;
848 }
849
850 md5_begin(&md5);
851 md5_hash(secretbytes, sizeof(secretbytes), &md5);
852 md5_hash(hash, 16, &md5);
853 md5_end(hash, &md5);
854
855 rcauth_ok = !memcmp(hash, serverhash, sizeof(hash));
856 } else if (otype == DHCPV6_OPT_RECONF_MESSAGE && olen == 1) {
857 rcmsg = odata[0];
858 } else if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)) {
859 ia_present = true;
860 if (olen < -4 + sizeof(struct dhcpv6_ia_hdr))
861 options_valid = false;
862 } else if ((otype == DHCPV6_OPT_IA_ADDR) || (otype == DHCPV6_OPT_IA_PREFIX) ||
863 (otype == DHCPV6_OPT_PD_EXCLUDE))
864 // Options are not allowed on global level
865 options_valid = false;
866 }
867
868 if (!options_valid || ((odata + olen) > end))
869 return false;
870
871 if (type == DHCPV6_MSG_INFO_REQ && ia_present)
872 return false;
873
874 if (rep->msg_type == DHCPV6_MSG_RECONF) {
875 if ((rcmsg != DHCPV6_MSG_RENEW && rcmsg != DHCPV6_MSG_REBIND && rcmsg != DHCPV6_MSG_INFO_REQ) ||
876 (rcmsg == DHCPV6_MSG_INFO_REQ && ia_present) ||
877 !rcauth_ok || IN6_IS_ADDR_MULTICAST(daddr))
878 return false;
879 }
880
881 return clientid_ok && serverid_ok;
882 }
883
884 int dhcpv6_poll_reconfigure(void)
885 {
886 int ret = dhcpv6_request(DHCPV6_MSG_UNKNOWN);
887
888 switch (ret) {
889 /*
890 * Only RENEW/REBIND/INFORMATION REQUEST
891 * message transmission can be requested
892 * by a RECONFIGURE
893 */
894 case DHCPV6_MSG_RENEW:
895 case DHCPV6_MSG_REBIND:
896 case DHCPV6_MSG_INFO_REQ:
897 ret = dhcpv6_request(ret);
898 break;
899
900 default:
901 break;
902 }
903
904 return ret;
905 }
906
907 static int dhcpv6_handle_reconfigure(enum dhcpv6_msg orig, const int rc,
908 const void *opt, const void *end, _unused const struct sockaddr_in6 *from)
909 {
910 uint16_t otype, olen;
911 uint8_t *odata;
912 enum dhcpv6_msg msg = DHCPV6_MSG_UNKNOWN;
913
914 dhcpv6_for_each_option(opt, end, otype, olen, odata) {
915 if (otype == DHCPV6_OPT_RECONF_MESSAGE && olen == 1) {
916 switch (odata[0]) {
917 case DHCPV6_MSG_REBIND:
918 if (t2 != UINT32_MAX)
919 t2 = 0;
920 // Fall through
921 case DHCPV6_MSG_RENEW:
922 if (t1 != UINT32_MAX)
923 t1 = 0;
924 // Fall through
925 case DHCPV6_MSG_INFO_REQ:
926 msg = odata[0];
927 syslog(LOG_NOTICE, "Need to respond with %s in reply to %s",
928 dhcpv6_msg_to_str(msg), dhcpv6_msg_to_str(DHCPV6_MSG_RECONF));
929 break;
930
931 default:
932 break;
933 }
934 }
935 }
936
937 if (msg != DHCPV6_MSG_UNKNOWN)
938 dhcpv6_handle_reply(orig, rc, NULL, NULL, NULL);
939
940 return (msg == DHCPV6_MSG_UNKNOWN? -1: (int)msg);
941 }
942
943 // Collect all advertised servers
944 static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc,
945 const void *opt, const void *end, _unused const struct sockaddr_in6 *from)
946 {
947 uint16_t olen, otype;
948 uint8_t *odata, pref = 0;
949 struct dhcpv6_server_cand cand = {false, false, 0, 0, {0},
950 IN6ADDR_ANY_INIT, DHCPV6_SOL_MAX_RT,
951 DHCPV6_INF_MAX_RT, NULL, NULL, 0, 0};
952 bool have_na = false;
953 int have_pd = 0;
954
955 dhcpv6_for_each_option(opt, end, otype, olen, odata) {
956 if (orig == DHCPV6_MSG_SOLICIT &&
957 ((otype == DHCPV6_OPT_IA_PD && pd_mode != IA_MODE_NONE) ||
958 (otype == DHCPV6_OPT_IA_NA && na_mode != IA_MODE_NONE)) &&
959 olen > -4 + sizeof(struct dhcpv6_ia_hdr)) {
960 struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]);
961 dhcpv6_parse_ia(ia_hdr, odata + olen + sizeof(*ia_hdr));
962 }
963
964 if (otype == DHCPV6_OPT_SERVERID && olen <= 130) {
965 memcpy(cand.duid, odata, olen);
966 cand.duid_len = olen;
967 } else if (otype == DHCPV6_OPT_PREF && olen >= 1 &&
968 cand.preference >= 0) {
969 cand.preference = pref = odata[0];
970 } else if (otype == DHCPV6_OPT_UNICAST && olen == sizeof(cand.server_addr)) {
971 if (!(client_options & DHCPV6_IGNORE_OPT_UNICAST))
972 cand.server_addr = *(struct in6_addr *)odata;
973
974 } else if (otype == DHCPV6_OPT_RECONF_ACCEPT) {
975 cand.wants_reconfigure = true;
976 } else if (otype == DHCPV6_OPT_SOL_MAX_RT && olen == 4) {
977 uint32_t sol_max_rt = ntohl_unaligned(odata);
978 if (sol_max_rt >= DHCPV6_SOL_MAX_RT_MIN &&
979 sol_max_rt <= DHCPV6_SOL_MAX_RT_MAX)
980 cand.sol_max_rt = sol_max_rt;
981
982 } else if (otype == DHCPV6_OPT_INF_MAX_RT && olen == 4) {
983 uint32_t inf_max_rt = ntohl_unaligned(odata);
984 if (inf_max_rt >= DHCPV6_INF_MAX_RT_MIN &&
985 inf_max_rt <= DHCPV6_INF_MAX_RT_MAX)
986 cand.inf_max_rt = inf_max_rt;
987
988 } else if (otype == DHCPV6_OPT_IA_PD &&
989 olen >= -4 + sizeof(struct dhcpv6_ia_hdr)) {
990 struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
991 uint8_t *oend = odata + olen, *d;
992 dhcpv6_for_each_option(&h[1], oend, otype, olen, d) {
993 if (otype == DHCPV6_OPT_IA_PREFIX &&
994 olen >= -4 + sizeof(struct dhcpv6_ia_prefix)) {
995 struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix*)&d[-4];
996 have_pd = p->prefix;
997 }
998 }
999 } else if (otype == DHCPV6_OPT_IA_NA &&
1000 olen >= -4 + sizeof(struct dhcpv6_ia_hdr)) {
1001 struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
1002 uint8_t *oend = odata + olen, *d;
1003
1004 dhcpv6_for_each_option(&h[1], oend, otype, olen, d) {
1005 if (otype == DHCPV6_OPT_IA_ADDR &&
1006 olen >= -4 + sizeof(struct dhcpv6_ia_addr))
1007 have_na = true;
1008 }
1009 }
1010 }
1011
1012 if ((stateful_only_mode && !have_na && !have_pd) ||
1013 (!have_na && na_mode == IA_MODE_FORCE) ||
1014 (!have_pd && pd_mode == IA_MODE_FORCE)) {
1015 /*
1016 * RFC7083 states to process the SOL_MAX_RT and
1017 * INF_MAX_RT options even if the DHCPv6 server
1018 * did not propose any IA_NA and/or IA_PD
1019 */
1020 dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand.sol_max_rt;
1021 dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand.inf_max_rt;
1022 return -1;
1023 }
1024
1025 if (na_mode != IA_MODE_NONE && !have_na) {
1026 cand.has_noaddravail = true;
1027 cand.preference -= 1000;
1028 }
1029
1030 if (pd_mode != IA_MODE_NONE) {
1031 if (have_pd)
1032 cand.preference += 2000 + (128 - have_pd);
1033 else
1034 cand.preference -= 2000;
1035 }
1036
1037 if (cand.duid_len > 0) {
1038 cand.ia_na = odhcp6c_move_state(STATE_IA_NA, &cand.ia_na_len);
1039 cand.ia_pd = odhcp6c_move_state(STATE_IA_PD, &cand.ia_pd_len);
1040 dhcpv6_add_server_cand(&cand);
1041 }
1042
1043 return (rc > 1 || (pref == 255 && cand.preference > 0)) ? 1 : -1;
1044 }
1045
1046 static int dhcpv6_commit_advert(void)
1047 {
1048 return dhcpv6_promote_server_cand();
1049 }
1050
1051 static int dhcpv6_handle_rebind_reply(enum dhcpv6_msg orig, const int rc,
1052 const void *opt, const void *end, const struct sockaddr_in6 *from)
1053 {
1054 dhcpv6_handle_advert(orig, rc, opt, end, from);
1055 if (dhcpv6_commit_advert() < 0)
1056 return -1;
1057
1058 return dhcpv6_handle_reply(orig, rc, opt, end, from);
1059 }
1060
1061 static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc,
1062 const void *opt, const void *end, const struct sockaddr_in6 *from)
1063 {
1064 uint8_t *odata;
1065 uint16_t otype, olen;
1066 uint32_t refresh = 86400;
1067 int ret = 1;
1068 unsigned int state_IAs;
1069 unsigned int updated_IAs = 0;
1070 bool handled_status_codes[_DHCPV6_Status_Max] = { false, };
1071
1072 odhcp6c_expire(true);
1073
1074 if (orig == DHCPV6_MSG_UNKNOWN) {
1075 static time_t last_update = 0;
1076 time_t now = odhcp6c_get_milli_time() / 1000;
1077
1078 uint32_t elapsed = (last_update > 0) ? now - last_update : 0;
1079 last_update = now;
1080
1081 if (t1 != UINT32_MAX)
1082 t1 -= elapsed;
1083
1084 if (t2 != UINT32_MAX)
1085 t2 -= elapsed;
1086
1087 if (t3 != UINT32_MAX)
1088 t3 -= elapsed;
1089
1090 if (t1 < 0)
1091 t1 = 0;
1092
1093 if (t2 < 0)
1094 t2 = 0;
1095
1096 if (t3 < 0)
1097 t3 = 0;
1098 }
1099
1100 if (orig == DHCPV6_MSG_REQUEST && !odhcp6c_is_bound()) {
1101 // Delete NA and PD we have in the state from the Advert
1102 odhcp6c_clear_state(STATE_IA_NA);
1103 odhcp6c_clear_state(STATE_IA_PD);
1104 }
1105
1106 if (opt) {
1107 odhcp6c_clear_state(STATE_DNS);
1108 odhcp6c_clear_state(STATE_SEARCH);
1109 odhcp6c_clear_state(STATE_SNTP_IP);
1110 odhcp6c_clear_state(STATE_NTP_IP);
1111 odhcp6c_clear_state(STATE_NTP_FQDN);
1112 odhcp6c_clear_state(STATE_SIP_IP);
1113 odhcp6c_clear_state(STATE_SIP_FQDN);
1114 odhcp6c_clear_state(STATE_AFTR_NAME);
1115 odhcp6c_clear_state(STATE_CER);
1116 odhcp6c_clear_state(STATE_S46_MAPT);
1117 odhcp6c_clear_state(STATE_S46_MAPE);
1118 odhcp6c_clear_state(STATE_S46_LW);
1119 odhcp6c_clear_state(STATE_PASSTHRU);
1120 odhcp6c_clear_state(STATE_CUSTOM_OPTS);
1121
1122 // Parse and find all matching IAs
1123 dhcpv6_for_each_option(opt, end, otype, olen, odata) {
1124 struct odhcp6c_opt *dopt = odhcp6c_find_opt(otype);
1125
1126 if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)
1127 && olen > -4 + sizeof(struct dhcpv6_ia_hdr)) {
1128 struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]);
1129
1130 if ((na_mode == IA_MODE_NONE && otype == DHCPV6_OPT_IA_NA) ||
1131 (pd_mode == IA_MODE_NONE && otype == DHCPV6_OPT_IA_PD))
1132 continue;
1133
1134 // Test ID
1135 if (ia_hdr->iaid != htonl(1) && otype == DHCPV6_OPT_IA_NA)
1136 continue;
1137
1138 uint16_t code = DHCPV6_Success;
1139 uint16_t stype, slen;
1140 uint8_t *sdata;
1141 // Get and handle status code
1142 dhcpv6_for_each_option(&ia_hdr[1], odata + olen,
1143 stype, slen, sdata) {
1144 if (stype == DHCPV6_OPT_STATUS && slen >= 2) {
1145 uint8_t *mdata = (slen > 2) ? &sdata[2] : NULL;
1146 uint16_t mlen = (slen > 2) ? slen - 2 : 0;
1147
1148 code = ((int)sdata[0]) << 8 | ((int)sdata[1]);
1149
1150 if (code == DHCPV6_Success)
1151 continue;
1152
1153 dhcpv6_handle_ia_status_code(orig, ia_hdr,
1154 code, mdata, mlen, handled_status_codes, &ret);
1155
1156 if (ret > 0)
1157 return ret;
1158
1159 break;
1160 }
1161 }
1162
1163 if (code != DHCPV6_Success)
1164 continue;
1165
1166 updated_IAs += dhcpv6_parse_ia(ia_hdr, odata + olen);
1167 } else if (otype == DHCPV6_OPT_UNICAST && olen == sizeof(server_addr)) {
1168 if (!(client_options & DHCPV6_IGNORE_OPT_UNICAST))
1169 server_addr = *(struct in6_addr *)odata;
1170
1171 }
1172 else if (otype == DHCPV6_OPT_STATUS && olen >= 2) {
1173 uint8_t *mdata = (olen > 2) ? &odata[2] : NULL;
1174 uint16_t mlen = (olen > 2) ? olen - 2 : 0;
1175 uint16_t code = ((int)odata[0]) << 8 | ((int)odata[1]);
1176
1177 dhcpv6_handle_status_code(orig, code, mdata, mlen, &ret);
1178 } else if (otype == DHCPV6_OPT_DNS_SERVERS) {
1179 if (olen % 16 == 0)
1180 odhcp6c_add_state(STATE_DNS, odata, olen);
1181 } else if (otype == DHCPV6_OPT_DNS_DOMAIN)
1182 odhcp6c_add_state(STATE_SEARCH, odata, olen);
1183 else if (otype == DHCPV6_OPT_SNTP_SERVERS) {
1184 if (olen % 16 == 0)
1185 odhcp6c_add_state(STATE_SNTP_IP, odata, olen);
1186 } else if (otype == DHCPV6_OPT_NTP_SERVER) {
1187 uint16_t stype, slen;
1188 uint8_t *sdata;
1189 // Test status and bail if error
1190 dhcpv6_for_each_option(odata, odata + olen,
1191 stype, slen, sdata) {
1192 if (slen == 16 && (stype == NTP_MC_ADDR ||
1193 stype == NTP_SRV_ADDR))
1194 odhcp6c_add_state(STATE_NTP_IP,
1195 sdata, slen);
1196 else if (slen > 0 && stype == NTP_SRV_FQDN)
1197 odhcp6c_add_state(STATE_NTP_FQDN,
1198 sdata, slen);
1199 }
1200 } else if (otype == DHCPV6_OPT_SIP_SERVER_A) {
1201 if (olen == 16)
1202 odhcp6c_add_state(STATE_SIP_IP, odata, olen);
1203 } else if (otype == DHCPV6_OPT_SIP_SERVER_D)
1204 odhcp6c_add_state(STATE_SIP_FQDN, odata, olen);
1205 else if (otype == DHCPV6_OPT_INFO_REFRESH && olen >= 4) {
1206 refresh = ntohl_unaligned(odata);
1207 } else if (otype == DHCPV6_OPT_AUTH) {
1208 if (olen == -4 + sizeof(struct dhcpv6_auth_reconfigure)) {
1209 struct dhcpv6_auth_reconfigure *r = (void*)&odata[-4];
1210 if (r->protocol == 3 && r->algorithm == 1 &&
1211 r->reconf_type == 1)
1212 memcpy(reconf_key, r->key, sizeof(r->key));
1213 }
1214 } else if (otype == DHCPV6_OPT_AFTR_NAME && olen > 3) {
1215 size_t cur_len;
1216 odhcp6c_get_state(STATE_AFTR_NAME, &cur_len);
1217 if (cur_len == 0)
1218 odhcp6c_add_state(STATE_AFTR_NAME, odata, olen);
1219 } else if (otype == DHCPV6_OPT_SOL_MAX_RT && olen == 4) {
1220 uint32_t sol_max_rt = ntohl_unaligned(odata);
1221 if (sol_max_rt >= DHCPV6_SOL_MAX_RT_MIN &&
1222 sol_max_rt <= DHCPV6_SOL_MAX_RT_MAX)
1223 dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_max_rt;
1224 } else if (otype == DHCPV6_OPT_INF_MAX_RT && olen == 4) {
1225 uint32_t inf_max_rt = ntohl_unaligned(odata);
1226 if (inf_max_rt >= DHCPV6_INF_MAX_RT_MIN &&
1227 inf_max_rt <= DHCPV6_INF_MAX_RT_MAX)
1228 dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = inf_max_rt;
1229 #ifdef EXT_CER_ID
1230 } else if (otype == DHCPV6_OPT_CER_ID && olen == -4 +
1231 sizeof(struct dhcpv6_cer_id)) {
1232 struct dhcpv6_cer_id *cer_id = (void*)&odata[-4];
1233 struct in6_addr any = IN6ADDR_ANY_INIT;
1234 if (memcmp(&cer_id->addr, &any, sizeof(any)))
1235 odhcp6c_add_state(STATE_CER, &cer_id->addr, sizeof(any));
1236 #endif
1237 } else if (otype == DHCPV6_OPT_S46_CONT_MAPT) {
1238 odhcp6c_add_state(STATE_S46_MAPT, odata, olen);
1239 } else if (otype == DHCPV6_OPT_S46_CONT_MAPE) {
1240 size_t mape_len;
1241 odhcp6c_get_state(STATE_S46_MAPE, &mape_len);
1242 if (mape_len == 0)
1243 odhcp6c_add_state(STATE_S46_MAPE, odata, olen);
1244 } else if (otype == DHCPV6_OPT_S46_CONT_LW) {
1245 odhcp6c_add_state(STATE_S46_LW, odata, olen);
1246 } else
1247 odhcp6c_add_state(STATE_CUSTOM_OPTS, &odata[-4], olen + 4);
1248
1249 if (!dopt || !(dopt->flags & OPT_NO_PASSTHRU))
1250 odhcp6c_add_state(STATE_PASSTHRU, &odata[-4], olen + 4);
1251 }
1252 }
1253
1254 // Bail out if fatal status code was received
1255 if (ret <= 0)
1256 return ret;
1257
1258 switch (orig) {
1259 case DHCPV6_MSG_REQUEST:
1260 case DHCPV6_MSG_REBIND:
1261 case DHCPV6_MSG_RENEW:
1262 state_IAs = dhcpv6_calc_refresh_timers();
1263 // In case there're no state IA entries
1264 // keep sending request/renew/rebind messages
1265 if (state_IAs == 0) {
1266 ret = 0;
1267 break;
1268 }
1269
1270 if (orig == DHCPV6_MSG_REQUEST) {
1271 // All server candidates can be cleared if not yet bound
1272 if (!odhcp6c_is_bound())
1273 dhcpv6_clear_all_server_cand();
1274
1275 odhcp6c_clear_state(STATE_SERVER_ADDR);
1276 odhcp6c_add_state(STATE_SERVER_ADDR, &from->sin6_addr, 16);
1277 } else if (orig == DHCPV6_MSG_RENEW) {
1278 // Send further renews if T1 is not set and if
1279 // there're IAs which were not in the Reply message
1280 if (!t1 && state_IAs != updated_IAs) {
1281 if (updated_IAs)
1282 // Publish updates
1283 script_call("updated", 0, false);
1284
1285 /*
1286 * RFC8415 states following in §18.2.10.1 :
1287 * Sends a Renew/Rebind if any of the IAs are not in the Reply
1288 * message, but as this likely indicates that the server that
1289 * responded does not support that IA type, sending immediately is
1290 * unlikely to produce a different result. Therefore, the client
1291 * MUST rate-limit its transmissions (see Section 14.1) and MAY just
1292 * wait for the normal retransmission time (as if the Reply message
1293 * had not been received). The client continues to use other
1294 * bindings for which the server did return information
1295 */
1296 ret = -1;
1297 }
1298 } else if (orig == DHCPV6_MSG_REBIND) {
1299 odhcp6c_clear_state(STATE_SERVER_ADDR);
1300 odhcp6c_add_state(STATE_SERVER_ADDR, &from->sin6_addr, 16);
1301
1302 // Send further rebinds if T1 and T2 is not set and if
1303 // there're IAs which were not in the Reply message
1304 if (!t1 && !t2 && state_IAs != updated_IAs) {
1305 if (updated_IAs)
1306 // Publish updates
1307 script_call("updated", 0, false);
1308
1309 /*
1310 * RFC8415 states following in §18.2.10.1 :
1311 * Sends a Renew/Rebind if any of the IAs are not in the Reply
1312 * message, but as this likely indicates that the server that
1313 * responded does not support that IA type, sending immediately is
1314 * unlikely to produce a different result. Therefore, the client
1315 * MUST rate-limit its transmissions (see Section 14.1) and MAY just
1316 * wait for the normal retransmission time (as if the Reply message
1317 * had not been received). The client continues to use other
1318 * bindings for which the server did return information
1319 */
1320 ret = -1;
1321 }
1322 }
1323 break;
1324
1325 case DHCPV6_MSG_INFO_REQ:
1326 // All server candidates can be cleared if not yet bound
1327 if (!odhcp6c_is_bound())
1328 dhcpv6_clear_all_server_cand();
1329
1330 t1 = refresh;
1331 break;
1332
1333 default:
1334 break;
1335 }
1336
1337 return ret;
1338 }
1339
1340 static unsigned int dhcpv6_parse_ia(void *opt, void *end)
1341 {
1342 struct dhcpv6_ia_hdr *ia_hdr = (struct dhcpv6_ia_hdr *)opt;
1343 unsigned int updated_IAs = 0;
1344 uint32_t t1, t2;
1345 uint16_t otype, olen;
1346 uint8_t *odata;
1347 char buf[INET6_ADDRSTRLEN];
1348
1349 t1 = ntohl(ia_hdr->t1);
1350 t2 = ntohl(ia_hdr->t2);
1351
1352 if (t1 > t2 && t1 > 0 && t2 > 0)
1353 return 0;
1354
1355 syslog(LOG_INFO, "%s %04x T1 %d T2 %d", ntohs(ia_hdr->type) == DHCPV6_OPT_IA_PD ? "IA_PD" : "IA_NA", ntohl(ia_hdr->iaid), t1, t2);
1356
1357 // Update address IA
1358 dhcpv6_for_each_option(&ia_hdr[1], end, otype, olen, odata) {
1359 struct odhcp6c_entry entry = {IN6ADDR_ANY_INIT, 0, 0,
1360 IN6ADDR_ANY_INIT, 0, 0, 0, 0, 0, 0};
1361
1362 entry.iaid = ia_hdr->iaid;
1363
1364 if (otype == DHCPV6_OPT_IA_PREFIX) {
1365 struct dhcpv6_ia_prefix *prefix = (void*)&odata[-4];
1366 if (olen + 4U < sizeof(*prefix))
1367 continue;
1368
1369 entry.valid = ntohl(prefix->valid);
1370 entry.preferred = ntohl(prefix->preferred);
1371
1372 if (entry.preferred > entry.valid)
1373 continue;
1374
1375 entry.t1 = (t1 ? t1 : (entry.preferred != UINT32_MAX ? 0.5 * entry.preferred : UINT32_MAX));
1376 entry.t2 = (t2 ? t2 : (entry.preferred != UINT32_MAX ? 0.8 * entry.preferred : UINT32_MAX));
1377 if (entry.t1 > entry.t2)
1378 entry.t1 = entry.t2;
1379
1380 entry.length = prefix->prefix;
1381 entry.target = prefix->addr;
1382 uint16_t stype, slen;
1383 uint8_t *sdata;
1384
1385 // Parse PD-exclude
1386 bool ok = true;
1387 dhcpv6_for_each_option(odata + sizeof(*prefix) - 4U,
1388 odata + olen, stype, slen, sdata) {
1389 if (stype != DHCPV6_OPT_PD_EXCLUDE || slen < 2)
1390 continue;
1391
1392 uint8_t elen = sdata[0];
1393 if (elen > 64)
1394 elen = 64;
1395
1396 if (entry.length < 32 || elen <= entry.length) {
1397 ok = false;
1398 continue;
1399 }
1400
1401 uint8_t bytes = ((elen - entry.length - 1) / 8) + 1;
1402 if (slen <= bytes) {
1403 ok = false;
1404 continue;
1405 }
1406
1407 uint32_t exclude = 0;
1408 do {
1409 exclude = exclude << 8 | sdata[bytes];
1410 } while (--bytes);
1411
1412 exclude >>= 8 - ((elen - entry.length) % 8);
1413 exclude <<= 64 - elen;
1414
1415 // Abusing router & priority fields for exclusion
1416 entry.router = entry.target;
1417 entry.router.s6_addr32[1] |= htonl(exclude);
1418 entry.priority = elen;
1419 }
1420
1421 if (ok) {
1422 if (odhcp6c_update_entry(STATE_IA_PD, &entry, 0, 0))
1423 updated_IAs++;
1424
1425 syslog(LOG_INFO, "%s/%d preferred %d valid %d",
1426 inet_ntop(AF_INET6, &entry.target, buf, sizeof(buf)),
1427 entry.length, entry.preferred , entry.valid);
1428 }
1429
1430 entry.priority = 0;
1431 memset(&entry.router, 0, sizeof(entry.router));
1432 } else if (otype == DHCPV6_OPT_IA_ADDR) {
1433 struct dhcpv6_ia_addr *addr = (void*)&odata[-4];
1434 if (olen + 4U < sizeof(*addr))
1435 continue;
1436
1437 entry.preferred = ntohl(addr->preferred);
1438 entry.valid = ntohl(addr->valid);
1439
1440 if (entry.preferred > entry.valid)
1441 continue;
1442
1443 entry.t1 = (t1 ? t1 : (entry.preferred != UINT32_MAX ? 0.5 * entry.preferred : UINT32_MAX));
1444 entry.t2 = (t2 ? t2 : (entry.preferred != UINT32_MAX ? 0.8 * entry.preferred : UINT32_MAX));
1445 if (entry.t1 > entry.t2)
1446 entry.t1 = entry.t2;
1447
1448 entry.length = 128;
1449 entry.target = addr->addr;
1450
1451 if (odhcp6c_update_entry(STATE_IA_NA, &entry, 0, 0))
1452 updated_IAs++;
1453
1454 syslog(LOG_INFO, "%s preferred %d valid %d",
1455 inet_ntop(AF_INET6, &entry.target, buf, sizeof(buf)),
1456 entry.preferred , entry.valid);
1457 }
1458 }
1459
1460 return updated_IAs;
1461 }
1462
1463 static unsigned int dhcpv6_calc_refresh_timers(void)
1464 {
1465 struct odhcp6c_entry *e;
1466 size_t ia_na_entries, ia_pd_entries, i;
1467 size_t invalid_entries = 0;
1468 int64_t l_t1 = UINT32_MAX, l_t2 = UINT32_MAX, l_t3 = 0;
1469
1470 e = odhcp6c_get_state(STATE_IA_NA, &ia_na_entries);
1471 ia_na_entries /= sizeof(*e);
1472
1473 for (i = 0; i < ia_na_entries; i++) {
1474 /* Exclude invalid IA_NA entries */
1475 if (!e[i].valid) {
1476 invalid_entries++;
1477 continue;
1478 }
1479
1480 if (e[i].t1 < l_t1)
1481 l_t1 = e[i].t1;
1482
1483 if (e[i].t2 < l_t2)
1484 l_t2 = e[i].t2;
1485
1486 if (e[i].valid > l_t3)
1487 l_t3 = e[i].valid;
1488 }
1489
1490 e = odhcp6c_get_state(STATE_IA_PD, &ia_pd_entries);
1491 ia_pd_entries /= sizeof(*e);
1492
1493 for (i = 0; i < ia_pd_entries; i++) {
1494 /* Exclude invalid IA_PD entries */
1495 if (!e[i].valid) {
1496 invalid_entries++;
1497 continue;
1498 }
1499
1500 if (e[i].t1 < l_t1)
1501 l_t1 = e[i].t1;
1502
1503 if (e[i].t2 < l_t2)
1504 l_t2 = e[i].t2;
1505
1506 if (e[i].valid > l_t3)
1507 l_t3 = e[i].valid;
1508 }
1509
1510 if (ia_pd_entries + ia_na_entries - invalid_entries) {
1511 t1 = l_t1;
1512 t2 = l_t2;
1513 t3 = l_t3;
1514
1515 syslog(LOG_INFO, "T1 %"PRId64"s, T2 %"PRId64"s, T3 %"PRId64"s", t1, t2, t3);
1516 }
1517
1518 return (unsigned int)(ia_pd_entries + ia_na_entries);
1519 }
1520
1521 static void dhcpv6_log_status_code(const uint16_t code, const char *scope,
1522 const void *status_msg, int len)
1523 {
1524 const char *src = status_msg;
1525 char buf[len + 3];
1526 char *dst = buf;
1527
1528 if (len) {
1529 *dst++ = '(';
1530 while (len--) {
1531 *dst = isprint((unsigned char)*src) ? *src : '?';
1532 src++;
1533 dst++;
1534 }
1535 *dst++ = ')';
1536 }
1537
1538 *dst = 0;
1539
1540 syslog(LOG_WARNING, "Server returned %s status '%s %s'",
1541 scope, dhcpv6_status_code_to_str(code), buf);
1542 }
1543
1544 static void dhcpv6_handle_status_code(const enum dhcpv6_msg orig,
1545 const uint16_t code, const void *status_msg, const int len,
1546 int *ret)
1547 {
1548 dhcpv6_log_status_code(code, "message", status_msg, len);
1549
1550 switch (code) {
1551 case DHCPV6_UnspecFail:
1552 // Generic failure
1553 *ret = 0;
1554 break;
1555
1556 case DHCPV6_UseMulticast:
1557 switch(orig) {
1558 case DHCPV6_MSG_REQUEST:
1559 case DHCPV6_MSG_RENEW:
1560 case DHCPV6_MSG_RELEASE:
1561 case DHCPV6_MSG_DECLINE:
1562 // Message needs to be retransmitted according to RFC3315 chapter 18.1.8
1563 server_addr = in6addr_any;
1564 *ret = 0;
1565 break;
1566 default:
1567 break;
1568 }
1569 break;
1570
1571 case DHCPV6_NoAddrsAvail:
1572 case DHCPV6_NoPrefixAvail:
1573 if (orig == DHCPV6_MSG_REQUEST)
1574 *ret = 0; // Failure
1575 break;
1576
1577 default:
1578 break;
1579 }
1580 }
1581
1582 static void dhcpv6_handle_ia_status_code(const enum dhcpv6_msg orig,
1583 const struct dhcpv6_ia_hdr *ia_hdr, const uint16_t code,
1584 const void *status_msg, const int len,
1585 bool handled_status_codes[_DHCPV6_Status_Max], int *ret)
1586 {
1587 dhcpv6_log_status_code(code, ia_hdr->type == DHCPV6_OPT_IA_NA ?
1588 "IA_NA" : "IA_PD", status_msg, len);
1589
1590 switch (code) {
1591 case DHCPV6_NoBinding:
1592 switch (orig) {
1593 case DHCPV6_MSG_RENEW:
1594 case DHCPV6_MSG_REBIND:
1595 if ((*ret > 0) && !handled_status_codes[code])
1596 *ret = dhcpv6_request(DHCPV6_MSG_REQUEST);
1597 break;
1598
1599 default:
1600 break;
1601 }
1602 break;
1603
1604 default:
1605 *ret = 0;
1606 break;
1607 }
1608 }
1609
1610 // Note this always takes ownership of cand->ia_na and cand->ia_pd
1611 static void dhcpv6_add_server_cand(const struct dhcpv6_server_cand *cand)
1612 {
1613 size_t cand_len, i;
1614 struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
1615
1616 // Remove identical duid server candidate
1617 for (i = 0; i < cand_len / sizeof(*c); ++i) {
1618 if (cand->duid_len == c[i].duid_len &&
1619 !memcmp(cand->duid, c[i].duid, cand->duid_len)) {
1620 free(c[i].ia_na);
1621 free(c[i].ia_pd);
1622 odhcp6c_remove_state(STATE_SERVER_CAND, i * sizeof(*c), sizeof(*c));
1623 break;
1624 }
1625 }
1626
1627 for (i = 0, c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
1628 i < cand_len / sizeof(*c); ++i) {
1629 if (c[i].preference < cand->preference)
1630 break;
1631 }
1632
1633 if (odhcp6c_insert_state(STATE_SERVER_CAND, i * sizeof(*c), cand, sizeof(*cand))) {
1634 free(cand->ia_na);
1635 free(cand->ia_pd);
1636 }
1637 }
1638
1639 static void dhcpv6_clear_all_server_cand(void)
1640 {
1641 size_t cand_len, i;
1642 struct dhcpv6_server_cand *c = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
1643
1644 // Server candidates need deep delete for IA_NA/IA_PD
1645 for (i = 0; i < cand_len / sizeof(*c); ++i) {
1646 free(c[i].ia_na);
1647 free(c[i].ia_pd);
1648 }
1649 odhcp6c_clear_state(STATE_SERVER_CAND);
1650 }
1651
1652 int dhcpv6_promote_server_cand(void)
1653 {
1654 size_t cand_len;
1655 struct dhcpv6_server_cand *cand = odhcp6c_get_state(STATE_SERVER_CAND, &cand_len);
1656 uint16_t hdr[2];
1657 int ret = DHCPV6_STATELESS;
1658
1659 // Clear lingering candidate state info
1660 odhcp6c_clear_state(STATE_SERVER_ID);
1661 odhcp6c_clear_state(STATE_IA_NA);
1662 odhcp6c_clear_state(STATE_IA_PD);
1663
1664 if (!cand_len)
1665 return -1;
1666
1667 if (cand->has_noaddravail && na_mode == IA_MODE_TRY) {
1668 na_mode = IA_MODE_NONE;
1669
1670 dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand->sol_max_rt;
1671 dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand->inf_max_rt;
1672
1673 return dhcpv6_request(DHCPV6_MSG_SOLICIT);
1674 }
1675
1676 hdr[0] = htons(DHCPV6_OPT_SERVERID);
1677 hdr[1] = htons(cand->duid_len);
1678 odhcp6c_add_state(STATE_SERVER_ID, hdr, sizeof(hdr));
1679 odhcp6c_add_state(STATE_SERVER_ID, cand->duid, cand->duid_len);
1680 accept_reconfig = cand->wants_reconfigure;
1681
1682 if (cand->ia_na_len) {
1683 odhcp6c_add_state(STATE_IA_NA, cand->ia_na, cand->ia_na_len);
1684 free(cand->ia_na);
1685 if (na_mode != IA_MODE_NONE)
1686 ret = DHCPV6_STATEFUL;
1687 }
1688
1689 if (cand->ia_pd_len) {
1690 odhcp6c_add_state(STATE_IA_PD, cand->ia_pd, cand->ia_pd_len);
1691 free(cand->ia_pd);
1692 if (pd_mode != IA_MODE_NONE)
1693 ret = DHCPV6_STATEFUL;
1694 }
1695
1696 dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = cand->sol_max_rt;
1697 dhcpv6_retx[DHCPV6_MSG_INFO_REQ].max_timeo = cand->inf_max_rt;
1698
1699 odhcp6c_remove_state(STATE_SERVER_CAND, 0, sizeof(*cand));
1700
1701 return ret;
1702 }
Openwrt DHCPv6 Client