2 * Copyright (C) 2012-2013 Steven Barth <steven@midlink.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License v2 as published by
6 * the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
20 #include <sys/timerfd.h>
21 #include <arpa/inet.h>
27 static void relay_client_request(struct sockaddr_in6
*source
,
28 const void *data
, size_t len
, struct interface
*iface
);
29 static void relay_server_response(uint8_t *data
, size_t len
);
31 static void handle_dhcpv6(void *addr
, void *data
, size_t len
,
32 struct interface
*iface
, void *dest
);
33 static void handle_client_request(void *addr
, void *data
, size_t len
,
34 struct interface
*iface
, void *dest_addr
);
37 // Create socket and register events
44 int dhcpv6_setup_interface(struct interface
*iface
, bool enable
)
46 if (iface
->dhcpv6_event
.uloop
.fd
> 0) {
47 uloop_fd_delete(&iface
->dhcpv6_event
.uloop
);
48 close(iface
->dhcpv6_event
.uloop
.fd
);
49 iface
->dhcpv6_event
.uloop
.fd
= -1;
52 // Configure multicast settings
53 if (enable
&& iface
->dhcpv6
) {
54 int sock
= socket(AF_INET6
, SOCK_DGRAM
| SOCK_CLOEXEC
, IPPROTO_UDP
);
56 syslog(LOG_ERR
, "Failed to create DHCPv6 server socket: %m");
60 // Basic IPv6 configuration
61 setsockopt(sock
, SOL_SOCKET
, SO_BINDTODEVICE
, iface
->ifname
, strlen(iface
->ifname
));
64 setsockopt(sock
, IPPROTO_IPV6
, IPV6_V6ONLY
, &val
, sizeof(val
));
65 setsockopt(sock
, SOL_SOCKET
, SO_REUSEADDR
, &val
, sizeof(val
));
66 setsockopt(sock
, IPPROTO_IPV6
, IPV6_RECVPKTINFO
, &val
, sizeof(val
));
68 val
= DHCPV6_HOP_COUNT_LIMIT
;
69 setsockopt(sock
, IPPROTO_IPV6
, IPV6_MULTICAST_HOPS
, &val
, sizeof(val
));
72 setsockopt(sock
, IPPROTO_IPV6
, IPV6_MULTICAST_LOOP
, &val
, sizeof(val
));
74 struct sockaddr_in6 bind_addr
= {AF_INET6
, htons(DHCPV6_SERVER_PORT
),
75 0, IN6ADDR_ANY_INIT
, 0};
77 if (bind(sock
, (struct sockaddr
*)&bind_addr
, sizeof(bind_addr
))) {
78 syslog(LOG_ERR
, "Failed to open DHCPv6 server socket: %m");
82 struct ipv6_mreq relay
= {ALL_DHCPV6_RELAYS
, iface
->ifindex
};
83 struct ipv6_mreq server
= {ALL_DHCPV6_SERVERS
, iface
->ifindex
};
84 setsockopt(sock
, IPPROTO_IPV6
, IPV6_ADD_MEMBERSHIP
, &relay
, sizeof(relay
));
86 if (iface
->dhcpv6
== MODE_SERVER
)
87 setsockopt(sock
, IPPROTO_IPV6
, IPV6_ADD_MEMBERSHIP
, &server
, sizeof(server
));
89 iface
->dhcpv6_event
.uloop
.fd
= sock
;
90 iface
->dhcpv6_event
.handle_dgram
= handle_dhcpv6
;
91 odhcpd_register(&iface
->dhcpv6_event
);
94 return dhcpv6_setup_ia_interface(iface
, enable
);
101 #define IOV_STAT IOV_MAXRT
107 #define IOV_REFRESH IOV_PDBUF
114 static void handle_nested_message(uint8_t *data
, size_t len
,
115 uint8_t **opts
, uint8_t **end
, struct iovec iov
[IOV_TOTAL
- 1])
117 struct dhcpv6_relay_header
*hdr
= (struct dhcpv6_relay_header
*)data
;
118 if (iov
[IOV_NESTED
].iov_base
== NULL
) {
119 iov
[IOV_NESTED
].iov_base
= data
;
120 iov
[IOV_NESTED
].iov_len
= len
;
123 if (len
< sizeof(struct dhcpv6_client_header
))
126 if (hdr
->msg_type
!= DHCPV6_MSG_RELAY_FORW
) {
127 iov
[IOV_NESTED
].iov_len
= data
- (uint8_t*)iov
[IOV_NESTED
].iov_base
;
128 struct dhcpv6_client_header
*hdr
= (void*)data
;
129 *opts
= (uint8_t*)&hdr
[1];
134 uint16_t otype
, olen
;
136 dhcpv6_for_each_option(hdr
->options
, data
+ len
, otype
, olen
, odata
) {
137 if (otype
== DHCPV6_OPT_RELAY_MSG
) {
138 iov
[IOV_RELAY_MSG
].iov_base
= odata
+ olen
;
139 iov
[IOV_RELAY_MSG
].iov_len
= (((uint8_t*)iov
[IOV_NESTED
].iov_base
) +
140 iov
[IOV_NESTED
].iov_len
) - (odata
+ olen
);
141 handle_nested_message(odata
, olen
, opts
, end
, iov
);
148 static void update_nested_message(uint8_t *data
, size_t len
, ssize_t pdiff
)
150 struct dhcpv6_relay_header
*hdr
= (struct dhcpv6_relay_header
*)data
;
151 if (hdr
->msg_type
!= DHCPV6_MSG_RELAY_FORW
)
154 hdr
->msg_type
= DHCPV6_MSG_RELAY_REPL
;
156 uint16_t otype
, olen
;
158 dhcpv6_for_each_option(hdr
->options
, data
+ len
, otype
, olen
, odata
) {
159 if (otype
== DHCPV6_OPT_RELAY_MSG
) {
161 odata
[-2] = (olen
>> 8) & 0xff;
162 odata
[-1] = olen
& 0xff;
163 update_nested_message(odata
, olen
- pdiff
, pdiff
);
169 // Simple DHCPv6-server for information requests
170 static void handle_client_request(void *addr
, void *data
, size_t len
,
171 struct interface
*iface
, void *dest_addr
)
173 struct dhcpv6_client_header
*hdr
= data
;
175 if (len
< sizeof(*hdr
))
178 syslog(LOG_NOTICE
, "Got DHCPv6 request");
180 // Construct reply message
181 struct __attribute__((packed
)) {
184 uint16_t serverid_type
;
185 uint16_t serverid_length
;
187 uint16_t hardware_type
;
189 uint16_t clientid_type
;
190 uint16_t clientid_length
;
191 uint8_t clientid_buf
[130];
193 .msg_type
= DHCPV6_MSG_REPLY
,
194 .serverid_type
= htons(DHCPV6_OPT_SERVERID
),
195 .serverid_length
= htons(10),
196 .duid_type
= htons(3),
197 .hardware_type
= htons(1),
198 .clientid_type
= htons(DHCPV6_OPT_CLIENTID
),
201 odhcpd_get_mac(iface
, dest
.mac
);
203 struct __attribute__((packed
)) {
207 } maxrt
= {htons(DHCPV6_OPT_SOL_MAX_RT
), htons(sizeof(maxrt
) - 4),
210 struct __attribute__((packed
)) {
214 } stat
= {htons(DHCPV6_OPT_STATUS
), htons(sizeof(stat
) - 4),
215 htons(DHCPV6_STATUS_USEMULTICAST
)};
217 struct __attribute__((packed
)) {
221 } refresh
= {htons(DHCPV6_OPT_INFO_REFRESH
), htons(sizeof(uint32_t)),
224 struct in6_addr dns_addr
, *dns_addr_ptr
= iface
->dns
;
225 size_t dns_cnt
= iface
->dns_cnt
;
227 if ((dns_cnt
== 0) &&
228 !odhcpd_get_interface_dns_addr(iface
, &dns_addr
)) {
229 dns_addr_ptr
= &dns_addr
;
236 } dns
= {htons(DHCPV6_OPT_DNS_SERVERS
), htons(dns_cnt
* sizeof(*dns_addr_ptr
))};
240 // DNS Search options
241 uint8_t search_buf
[256], *search_domain
= iface
->search
;
242 size_t search_len
= iface
->search_len
;
244 if (!search_domain
&& !res_init() && _res
.dnsrch
[0] && _res
.dnsrch
[0][0]) {
245 int len
= dn_comp(_res
.dnsrch
[0], search_buf
,
246 sizeof(search_buf
), NULL
, NULL
);
248 search_domain
= search_buf
;
256 } search
= {htons(DHCPV6_OPT_DNS_DOMAIN
), htons(search_len
)};
259 struct dhcpv6_cer_id cerid
= {
261 .type
= htons(EXT_CER_ID
),
264 .addr
= iface
->dhcpv6_pd_cer
,
269 struct iovec iov
[IOV_TOTAL
] = {
270 [IOV_NESTED
] = {NULL
, 0},
271 [IOV_DEST
] = {&dest
, (uint8_t*)&dest
.clientid_type
- (uint8_t*)&dest
},
272 [IOV_MAXRT
] = {&maxrt
, sizeof(maxrt
)},
273 [IOV_DNS
] = {&dns
, (dns_cnt
) ? sizeof(dns
) : 0},
274 [IOV_DNS_ADDR
] = {dns_addr_ptr
, dns_cnt
* sizeof(*dns_addr_ptr
)},
275 [IOV_SEARCH
] = {&search
, (search_len
) ? sizeof(search
) : 0},
276 [IOV_SEARCH_DOMAIN
] = {search_domain
, search_len
},
277 [IOV_PDBUF
] = {pdbuf
, 0},
278 [IOV_CERID
] = {&cerid
, 0},
279 [IOV_DHCPV6_RAW
] = {iface
->dhcpv6_raw
, iface
->dhcpv6_raw_len
},
280 [IOV_RELAY_MSG
] = {NULL
, 0}
283 uint8_t *opts
= (uint8_t*)&hdr
[1], *opts_end
= (uint8_t*)data
+ len
;
284 if (hdr
->msg_type
== DHCPV6_MSG_RELAY_FORW
)
285 handle_nested_message(data
, len
, &opts
, &opts_end
, iov
);
287 memcpy(dest
.tr_id
, &opts
[-3], sizeof(dest
.tr_id
));
289 if (opts
[-4] == DHCPV6_MSG_ADVERTISE
|| opts
[-4] == DHCPV6_MSG_REPLY
|| opts
[-4] == DHCPV6_MSG_RELAY_REPL
)
292 if (!IN6_IS_ADDR_MULTICAST((struct in6_addr
*)dest_addr
) && iov
[IOV_NESTED
].iov_len
== 0 &&
293 (opts
[-4] == DHCPV6_MSG_SOLICIT
|| opts
[-4] == DHCPV6_MSG_CONFIRM
||
294 opts
[-4] == DHCPV6_MSG_REBIND
|| opts
[-4] == DHCPV6_MSG_INFORMATION_REQUEST
))
297 if (opts
[-4] == DHCPV6_MSG_SOLICIT
) {
298 dest
.msg_type
= DHCPV6_MSG_ADVERTISE
;
299 } else if (opts
[-4] == DHCPV6_MSG_INFORMATION_REQUEST
) {
300 iov
[IOV_REFRESH
].iov_base
= &refresh
;
301 iov
[IOV_REFRESH
].iov_len
= sizeof(refresh
);
303 // Return inf max rt option in reply to information request
304 maxrt
.type
= htons(DHCPV6_OPT_INF_MAX_RT
);
307 // Go through options and find what we need
308 uint16_t otype
, olen
;
310 dhcpv6_for_each_option(opts
, opts_end
, otype
, olen
, odata
) {
311 if (otype
== DHCPV6_OPT_CLIENTID
&& olen
<= 130) {
312 dest
.clientid_length
= htons(olen
);
313 memcpy(dest
.clientid_buf
, odata
, olen
);
314 iov
[IOV_DEST
].iov_len
+= 4 + olen
;
315 } else if (otype
== DHCPV6_OPT_SERVERID
) {
316 if (olen
!= ntohs(dest
.serverid_length
) ||
317 memcmp(odata
, &dest
.duid_type
, olen
))
318 return; // Not for us
319 } else if (iface
->filter_class
&& otype
== DHCPV6_OPT_USER_CLASS
) {
320 uint8_t *c
= odata
, *cend
= &odata
[olen
];
321 for (; &c
[2] <= cend
&& &c
[2 + (c
[0] << 8) + c
[1]] <= cend
; c
= &c
[2 + (c
[0] << 8) + c
[1]]) {
322 size_t elen
= strlen(iface
->filter_class
);
323 if (((((size_t)c
[0]) << 8) | c
[1]) == elen
&& !memcmp(&c
[2], iface
->filter_class
, elen
))
324 return; // Ignore from homenet
326 } else if (otype
== DHCPV6_OPT_IA_PD
) {
328 iov
[IOV_CERID
].iov_len
= sizeof(cerid
);
330 if (IN6_IS_ADDR_UNSPECIFIED(&cerid
.addr
)) {
331 struct odhcpd_ipaddr
*addrs
;
332 ssize_t len
= netlink_get_interface_addrs(0, true, &addrs
);
334 for (ssize_t i
= 0; i
< len
; ++i
)
335 if (IN6_IS_ADDR_UNSPECIFIED(&cerid
.addr
)
336 || memcmp(&addrs
[i
].addr
, &cerid
.addr
, sizeof(cerid
.addr
)) < 0)
337 cerid
.addr
= addrs
[i
].addr
.in6
;
345 if (!IN6_IS_ADDR_MULTICAST((struct in6_addr
*)dest_addr
) && iov
[IOV_NESTED
].iov_len
== 0 &&
346 (opts
[-4] == DHCPV6_MSG_REQUEST
|| opts
[-4] == DHCPV6_MSG_RENEW
||
347 opts
[-4] == DHCPV6_MSG_RELEASE
|| opts
[-4] == DHCPV6_MSG_DECLINE
)) {
348 iov
[IOV_STAT
].iov_base
= &stat
;
349 iov
[IOV_STAT
].iov_len
= sizeof(stat
);
351 for (ssize_t i
= IOV_STAT
+ 1; i
< IOV_TOTAL
; ++i
)
354 odhcpd_send(iface
->dhcpv6_event
.uloop
.fd
, addr
, iov
, ARRAY_SIZE(iov
), iface
);
358 if (opts
[-4] != DHCPV6_MSG_INFORMATION_REQUEST
) {
359 ssize_t ialen
= dhcpv6_handle_ia(pdbuf
, sizeof(pdbuf
), iface
, addr
, &opts
[-4], opts_end
);
360 iov
[IOV_PDBUF
].iov_len
= ialen
;
361 if (ialen
< 0 || (ialen
== 0 && (opts
[-4] == DHCPV6_MSG_REBIND
|| opts
[-4] == DHCPV6_MSG_CONFIRM
)))
365 if (iov
[IOV_NESTED
].iov_len
> 0) // Update length
366 update_nested_message(data
, len
, iov
[IOV_DEST
].iov_len
+ iov
[IOV_MAXRT
].iov_len
+
367 iov
[IOV_DNS
].iov_len
+ iov
[IOV_DNS_ADDR
].iov_len
+
368 iov
[IOV_SEARCH
].iov_len
+ iov
[IOV_SEARCH_DOMAIN
].iov_len
+
369 iov
[IOV_PDBUF
].iov_len
+ iov
[IOV_CERID
].iov_len
+
370 iov
[IOV_DHCPV6_RAW
].iov_len
- (4 + opts_end
- opts
));
372 odhcpd_send(iface
->dhcpv6_event
.uloop
.fd
, addr
, iov
, ARRAY_SIZE(iov
), iface
);
376 // Central DHCPv6-relay handler
377 static void handle_dhcpv6(void *addr
, void *data
, size_t len
,
378 struct interface
*iface
, void *dest_addr
)
380 if (iface
->dhcpv6
== MODE_SERVER
) {
381 handle_client_request(addr
, data
, len
, iface
, dest_addr
);
382 } else if (iface
->dhcpv6
== MODE_RELAY
) {
384 relay_server_response(data
, len
);
386 relay_client_request(addr
, data
, len
, iface
);
391 // Relay server response (regular relay server handling)
392 static void relay_server_response(uint8_t *data
, size_t len
)
394 // Information we need to gather
395 uint8_t *payload_data
= NULL
;
396 size_t payload_len
= 0;
397 int32_t ifaceidx
= 0;
398 struct sockaddr_in6 target
= {AF_INET6
, htons(DHCPV6_CLIENT_PORT
),
399 0, IN6ADDR_ANY_INIT
, 0};
401 syslog(LOG_NOTICE
, "Got a DHCPv6-reply");
404 uint8_t *odata
, *end
= data
+ len
;
406 // Relay DHCPv6 reply from server to client
407 struct dhcpv6_relay_header
*h
= (void*)data
;
408 if (len
< sizeof(*h
) || h
->msg_type
!= DHCPV6_MSG_RELAY_REPL
)
411 memcpy(&target
.sin6_addr
, &h
->peer_address
,
412 sizeof(struct in6_addr
));
414 // Go through options and find what we need
415 dhcpv6_for_each_option(h
->options
, end
, otype
, olen
, odata
) {
416 if (otype
== DHCPV6_OPT_INTERFACE_ID
417 && olen
== sizeof(ifaceidx
)) {
418 memcpy(&ifaceidx
, odata
, sizeof(ifaceidx
));
419 } else if (otype
== DHCPV6_OPT_RELAY_MSG
) {
420 payload_data
= odata
;
425 // Invalid interface-id or basic payload
426 struct interface
*iface
= odhcpd_get_interface_by_index(ifaceidx
);
427 if (!iface
|| iface
->master
|| !payload_data
|| payload_len
< 4)
430 bool is_authenticated
= false;
431 struct in6_addr
*dns_ptr
= NULL
;
432 size_t dns_count
= 0;
434 // If the payload is relay-reply we have to send to the server port
435 if (payload_data
[0] == DHCPV6_MSG_RELAY_REPL
) {
436 target
.sin6_port
= htons(DHCPV6_SERVER_PORT
);
437 } else { // Go through the payload data
438 struct dhcpv6_client_header
*h
= (void*)payload_data
;
439 end
= payload_data
+ payload_len
;
441 dhcpv6_for_each_option(&h
[1], end
, otype
, olen
, odata
) {
442 if (otype
== DHCPV6_OPT_DNS_SERVERS
&& olen
>= 16) {
443 dns_ptr
= (struct in6_addr
*)odata
;
444 dns_count
= olen
/ 16;
445 } else if (otype
== DHCPV6_OPT_AUTH
) {
446 is_authenticated
= true;
451 // Rewrite DNS servers if requested
452 if (iface
->always_rewrite_dns
&& dns_ptr
&& dns_count
> 0) {
453 if (is_authenticated
)
454 return; // Impossible to rewrite
456 const struct in6_addr
*rewrite
= iface
->dns
;
457 struct in6_addr addr
;
458 size_t rewrite_cnt
= iface
->dns_cnt
;
460 if (rewrite_cnt
== 0) {
461 if (odhcpd_get_interface_dns_addr(iface
, &addr
))
462 return; // Unable to get interface address
468 // Copy over any other addresses
469 for (size_t i
= 0; i
< dns_count
; ++i
) {
470 size_t j
= (i
< rewrite_cnt
) ? i
: rewrite_cnt
- 1;
471 memcpy(&dns_ptr
[i
], &rewrite
[j
], sizeof(*rewrite
));
475 struct iovec iov
= {payload_data
, payload_len
};
476 odhcpd_send(iface
->dhcpv6_event
.uloop
.fd
, &target
, &iov
, 1, iface
);
479 static struct odhcpd_ipaddr
*relay_link_address(struct interface
*iface
)
481 struct odhcpd_ipaddr
*addr
= NULL
;
482 time_t now
= odhcpd_time();
484 for (size_t i
= 0; i
< iface
->addr6_len
; i
++) {
485 if (iface
->addr6
[i
].valid
<= (uint32_t)now
)
488 if (iface
->addr6
[i
].preferred
> (uint32_t)now
) {
489 addr
= &iface
->addr6
[i
];
493 if (!addr
|| (iface
->addr6
[i
].valid
> addr
->valid
))
494 addr
= &iface
->addr6
[i
];
500 // Relay client request (regular DHCPv6-relay)
501 static void relay_client_request(struct sockaddr_in6
*source
,
502 const void *data
, size_t len
, struct interface
*iface
)
504 struct interface
*master
= odhcpd_get_master_interface();
505 const struct dhcpv6_relay_header
*h
= data
;
506 if (!master
|| master
->dhcpv6
!= MODE_RELAY
||
507 h
->msg_type
== DHCPV6_MSG_RELAY_REPL
||
508 h
->msg_type
== DHCPV6_MSG_RECONFIGURE
||
509 h
->msg_type
== DHCPV6_MSG_REPLY
||
510 h
->msg_type
== DHCPV6_MSG_ADVERTISE
)
511 return; // Invalid message types for client
513 syslog(LOG_NOTICE
, "Got a DHCPv6-request");
515 // Construct our forwarding envelope
516 struct dhcpv6_relay_forward_envelope hdr
= {
517 .msg_type
= DHCPV6_MSG_RELAY_FORW
,
519 .interface_id_type
= htons(DHCPV6_OPT_INTERFACE_ID
),
520 .interface_id_len
= htons(sizeof(uint32_t)),
521 .relay_message_type
= htons(DHCPV6_OPT_RELAY_MSG
),
522 .relay_message_len
= htons(len
),
525 if (h
->msg_type
== DHCPV6_MSG_RELAY_FORW
) { // handle relay-forward
526 if (h
->hop_count
>= DHCPV6_HOP_COUNT_LIMIT
)
527 return; // Invalid hop count
529 hdr
.hop_count
= h
->hop_count
+ 1;
532 // use memcpy here as the destination fields are unaligned
533 uint32_t ifindex
= iface
->ifindex
;
534 memcpy(&hdr
.peer_address
, &source
->sin6_addr
, sizeof(struct in6_addr
));
535 memcpy(&hdr
.interface_id_data
, &ifindex
, sizeof(ifindex
));
537 // Detect public IP of slave interface to use as link-address
538 struct odhcpd_ipaddr
*ip
= relay_link_address(iface
);
540 // No suitable address! Is the slave not configured yet?
541 // Detect public IP of master interface and use it instead
542 // This is WRONG and probably violates the RFC. However
543 // otherwise we have a hen and egg problem because the
544 // slave-interface cannot be auto-configured.
545 ip
= relay_link_address(master
);
547 return; // Could not obtain a suitable address
550 memcpy(&hdr
.link_address
, &ip
->addr
.in6
, sizeof(hdr
.link_address
));
552 struct sockaddr_in6 dhcpv6_servers
= {AF_INET6
,
553 htons(DHCPV6_SERVER_PORT
), 0, ALL_DHCPV6_SERVERS
, 0};
554 struct iovec iov
[2] = {{&hdr
, sizeof(hdr
)}, {(void*)data
, len
}};
555 odhcpd_send(master
->dhcpv6_event
.uloop
.fd
, &dhcpv6_servers
, iov
, 2, master
);