projects / project / odhcpd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
odhcpd: Replace strerror(errno) with %m format
[project/odhcpd.git] / src / dhcpv6.c
1 /**
2 * Copyright (C) 2012-2013 Steven Barth <steven@midlink.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License v2 as published by
6 * the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 *
14 */
15
16 #include <errno.h>
17 #include <unistd.h>
18 #include <stddef.h>
19 #include <resolv.h>
20 #include <sys/timerfd.h>
21 #include <arpa/inet.h>
22
23 #include "odhcpd.h"
24 #include "dhcpv6.h"
25
26
27 static void relay_client_request(struct sockaddr_in6 *source,
28 const void *data, size_t len, struct interface *iface);
29 static void relay_server_response(uint8_t *data, size_t len);
30
31 static void handle_dhcpv6(void *addr, void *data, size_t len,
32 struct interface *iface, void *dest);
33 static void handle_client_request(void *addr, void *data, size_t len,
34 struct interface *iface, void *dest_addr);
35
36
37 // Create socket and register events
38 int dhcpv6_init(void)
39 {
40 dhcpv6_ia_init();
41 return 0;
42 }
43
44 int dhcpv6_setup_interface(struct interface *iface, bool enable)
45 {
46 if (iface->dhcpv6_event.uloop.fd > 0) {
47 uloop_fd_delete(&iface->dhcpv6_event.uloop);
48 close(iface->dhcpv6_event.uloop.fd);
49 iface->dhcpv6_event.uloop.fd = -1;
50 }
51
52 // Configure multicast settings
53 if (enable && iface->dhcpv6) {
54 int sock = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
55 if (sock < 0) {
56 syslog(LOG_ERR, "Failed to create DHCPv6 server socket: %m");
57 return -1;
58 }
59
60 // Basic IPv6 configuration
61 setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, iface->ifname, strlen(iface->ifname));
62
63 int val = 1;
64 setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val));
65 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
66 setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val, sizeof(val));
67
68 val = DHCPV6_HOP_COUNT_LIMIT;
69 setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val));
70
71 val = 0;
72 setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val));
73
74 struct sockaddr_in6 bind_addr = {AF_INET6, htons(DHCPV6_SERVER_PORT),
75 0, IN6ADDR_ANY_INIT, 0};
76
77 if (bind(sock, (struct sockaddr*)&bind_addr, sizeof(bind_addr))) {
78 syslog(LOG_ERR, "Failed to open DHCPv6 server socket: %m");
79 return -1;
80 }
81
82 struct ipv6_mreq relay = {ALL_DHCPV6_RELAYS, iface->ifindex};
83 struct ipv6_mreq server = {ALL_DHCPV6_SERVERS, iface->ifindex};
84 setsockopt(sock, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &relay, sizeof(relay));
85
86 if (iface->dhcpv6 == MODE_SERVER)
87 setsockopt(sock, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &server, sizeof(server));
88
89 iface->dhcpv6_event.uloop.fd = sock;
90 iface->dhcpv6_event.handle_dgram = handle_dhcpv6;
91 odhcpd_register(&iface->dhcpv6_event);
92 }
93
94 return dhcpv6_setup_ia_interface(iface, enable);
95 }
96
97 enum {
98 IOV_NESTED = 0,
99 IOV_DEST,
100 IOV_MAXRT,
101 #define IOV_STAT IOV_MAXRT
102 IOV_DNS,
103 IOV_DNS_ADDR,
104 IOV_SEARCH,
105 IOV_SEARCH_DOMAIN,
106 IOV_PDBUF,
107 #define IOV_REFRESH IOV_PDBUF
108 IOV_CERID,
109 IOV_DHCPV6_RAW,
110 IOV_RELAY_MSG,
111 IOV_TOTAL
112 };
113
114 static void handle_nested_message(uint8_t *data, size_t len,
115 uint8_t **opts, uint8_t **end, struct iovec iov[IOV_TOTAL - 1])
116 {
117 struct dhcpv6_relay_header *hdr = (struct dhcpv6_relay_header*)data;
118 if (iov[IOV_NESTED].iov_base == NULL) {
119 iov[IOV_NESTED].iov_base = data;
120 iov[IOV_NESTED].iov_len = len;
121 }
122
123 if (len < sizeof(struct dhcpv6_client_header))
124 return;
125
126 if (hdr->msg_type != DHCPV6_MSG_RELAY_FORW) {
127 iov[IOV_NESTED].iov_len = data - (uint8_t*)iov[IOV_NESTED].iov_base;
128 struct dhcpv6_client_header *hdr = (void*)data;
129 *opts = (uint8_t*)&hdr[1];
130 *end = data + len;
131 return;
132 }
133
134 uint16_t otype, olen;
135 uint8_t *odata;
136 dhcpv6_for_each_option(hdr->options, data + len, otype, olen, odata) {
137 if (otype == DHCPV6_OPT_RELAY_MSG) {
138 iov[IOV_RELAY_MSG].iov_base = odata + olen;
139 iov[IOV_RELAY_MSG].iov_len = (((uint8_t*)iov[IOV_NESTED].iov_base) +
140 iov[IOV_NESTED].iov_len) - (odata + olen);
141 handle_nested_message(odata, olen, opts, end, iov);
142 return;
143 }
144 }
145 }
146
147
148 static void update_nested_message(uint8_t *data, size_t len, ssize_t pdiff)
149 {
150 struct dhcpv6_relay_header *hdr = (struct dhcpv6_relay_header*)data;
151 if (hdr->msg_type != DHCPV6_MSG_RELAY_FORW)
152 return;
153
154 hdr->msg_type = DHCPV6_MSG_RELAY_REPL;
155
156 uint16_t otype, olen;
157 uint8_t *odata;
158 dhcpv6_for_each_option(hdr->options, data + len, otype, olen, odata) {
159 if (otype == DHCPV6_OPT_RELAY_MSG) {
160 olen += pdiff;
161 odata[-2] = (olen >> 8) & 0xff;
162 odata[-1] = olen & 0xff;
163 update_nested_message(odata, olen - pdiff, pdiff);
164 return;
165 }
166 }
167 }
168
169 // Simple DHCPv6-server for information requests
170 static void handle_client_request(void *addr, void *data, size_t len,
171 struct interface *iface, void *dest_addr)
172 {
173 struct dhcpv6_client_header *hdr = data;
174
175 if (len < sizeof(*hdr))
176 return;
177
178 syslog(LOG_NOTICE, "Got DHCPv6 request");
179
180 // Construct reply message
181 struct __attribute__((packed)) {
182 uint8_t msg_type;
183 uint8_t tr_id[3];
184 uint16_t serverid_type;
185 uint16_t serverid_length;
186 uint16_t duid_type;
187 uint16_t hardware_type;
188 uint8_t mac[6];
189 uint16_t clientid_type;
190 uint16_t clientid_length;
191 uint8_t clientid_buf[130];
192 } dest = {
193 .msg_type = DHCPV6_MSG_REPLY,
194 .serverid_type = htons(DHCPV6_OPT_SERVERID),
195 .serverid_length = htons(10),
196 .duid_type = htons(3),
197 .hardware_type = htons(1),
198 .clientid_type = htons(DHCPV6_OPT_CLIENTID),
199 .clientid_buf = {0}
200 };
201 odhcpd_get_mac(iface, dest.mac);
202
203 struct __attribute__((packed)) {
204 uint16_t type;
205 uint16_t len;
206 uint32_t value;
207 } maxrt = {htons(DHCPV6_OPT_SOL_MAX_RT), htons(sizeof(maxrt) - 4),
208 htonl(60)};
209
210 struct __attribute__((packed)) {
211 uint16_t type;
212 uint16_t len;
213 uint16_t value;
214 } stat = {htons(DHCPV6_OPT_STATUS), htons(sizeof(stat) - 4),
215 htons(DHCPV6_STATUS_USEMULTICAST)};
216
217 struct __attribute__((packed)) {
218 uint16_t type;
219 uint16_t len;
220 uint32_t value;
221 } refresh = {htons(DHCPV6_OPT_INFO_REFRESH), htons(sizeof(uint32_t)),
222 htonl(600)};
223
224 struct in6_addr dns_addr, *dns_addr_ptr = iface->dns;
225 size_t dns_cnt = iface->dns_cnt;
226
227 if ((dns_cnt == 0) &&
228 !odhcpd_get_interface_dns_addr(iface, &dns_addr)) {
229 dns_addr_ptr = &dns_addr;
230 dns_cnt = 1;
231 }
232
233 struct {
234 uint16_t type;
235 uint16_t len;
236 } dns = {htons(DHCPV6_OPT_DNS_SERVERS), htons(dns_cnt * sizeof(*dns_addr_ptr))};
237
238
239
240 // DNS Search options
241 uint8_t search_buf[256], *search_domain = iface->search;
242 size_t search_len = iface->search_len;
243
244 if (!search_domain && !res_init() && _res.dnsrch[0] && _res.dnsrch[0][0]) {
245 int len = dn_comp(_res.dnsrch[0], search_buf,
246 sizeof(search_buf), NULL, NULL);
247 if (len > 0) {
248 search_domain = search_buf;
249 search_len = len;
250 }
251 }
252
253 struct {
254 uint16_t type;
255 uint16_t len;
256 } search = {htons(DHCPV6_OPT_DNS_DOMAIN), htons(search_len)};
257
258
259 struct dhcpv6_cer_id cerid = {
260 #ifdef EXT_CER_ID
261 .type = htons(EXT_CER_ID),
262 #endif
263 .len = htons(36),
264 .addr = iface->dhcpv6_pd_cer,
265 };
266
267
268 uint8_t pdbuf[512];
269 struct iovec iov[IOV_TOTAL] = {
270 [IOV_NESTED] = {NULL, 0},
271 [IOV_DEST] = {&dest, (uint8_t*)&dest.clientid_type - (uint8_t*)&dest},
272 [IOV_MAXRT] = {&maxrt, sizeof(maxrt)},
273 [IOV_DNS] = {&dns, (dns_cnt) ? sizeof(dns) : 0},
274 [IOV_DNS_ADDR] = {dns_addr_ptr, dns_cnt * sizeof(*dns_addr_ptr)},
275 [IOV_SEARCH] = {&search, (search_len) ? sizeof(search) : 0},
276 [IOV_SEARCH_DOMAIN] = {search_domain, search_len},
277 [IOV_PDBUF] = {pdbuf, 0},
278 [IOV_CERID] = {&cerid, 0},
279 [IOV_DHCPV6_RAW] = {iface->dhcpv6_raw, iface->dhcpv6_raw_len},
280 [IOV_RELAY_MSG] = {NULL, 0}
281 };
282
283 uint8_t *opts = (uint8_t*)&hdr[1], *opts_end = (uint8_t*)data + len;
284 if (hdr->msg_type == DHCPV6_MSG_RELAY_FORW)
285 handle_nested_message(data, len, &opts, &opts_end, iov);
286
287 memcpy(dest.tr_id, &opts[-3], sizeof(dest.tr_id));
288
289 if (opts[-4] == DHCPV6_MSG_ADVERTISE || opts[-4] == DHCPV6_MSG_REPLY || opts[-4] == DHCPV6_MSG_RELAY_REPL)
290 return;
291
292 if (!IN6_IS_ADDR_MULTICAST((struct in6_addr *)dest_addr) && iov[IOV_NESTED].iov_len == 0 &&
293 (opts[-4] == DHCPV6_MSG_SOLICIT || opts[-4] == DHCPV6_MSG_CONFIRM ||
294 opts[-4] == DHCPV6_MSG_REBIND || opts[-4] == DHCPV6_MSG_INFORMATION_REQUEST))
295 return;
296
297 if (opts[-4] == DHCPV6_MSG_SOLICIT) {
298 dest.msg_type = DHCPV6_MSG_ADVERTISE;
299 } else if (opts[-4] == DHCPV6_MSG_INFORMATION_REQUEST) {
300 iov[IOV_REFRESH].iov_base = &refresh;
301 iov[IOV_REFRESH].iov_len = sizeof(refresh);
302
303 // Return inf max rt option in reply to information request
304 maxrt.type = htons(DHCPV6_OPT_INF_MAX_RT);
305 }
306
307 // Go through options and find what we need
308 uint16_t otype, olen;
309 uint8_t *odata;
310 dhcpv6_for_each_option(opts, opts_end, otype, olen, odata) {
311 if (otype == DHCPV6_OPT_CLIENTID && olen <= 130) {
312 dest.clientid_length = htons(olen);
313 memcpy(dest.clientid_buf, odata, olen);
314 iov[IOV_DEST].iov_len += 4 + olen;
315 } else if (otype == DHCPV6_OPT_SERVERID) {
316 if (olen != ntohs(dest.serverid_length) ||
317 memcmp(odata, &dest.duid_type, olen))
318 return; // Not for us
319 } else if (iface->filter_class && otype == DHCPV6_OPT_USER_CLASS) {
320 uint8_t *c = odata, *cend = &odata[olen];
321 for (; &c[2] <= cend && &c[2 + (c[0] << 8) + c[1]] <= cend; c = &c[2 + (c[0] << 8) + c[1]]) {
322 size_t elen = strlen(iface->filter_class);
323 if (((((size_t)c[0]) << 8) | c[1]) == elen && !memcmp(&c[2], iface->filter_class, elen))
324 return; // Ignore from homenet
325 }
326 } else if (otype == DHCPV6_OPT_IA_PD) {
327 #ifdef EXT_CER_ID
328 iov[IOV_CERID].iov_len = sizeof(cerid);
329
330 if (IN6_IS_ADDR_UNSPECIFIED(&cerid.addr)) {
331 struct odhcpd_ipaddr *addrs;
332 ssize_t len = netlink_get_interface_addrs(0, true, &addrs);
333
334 for (ssize_t i = 0; i < len; ++i)
335 if (IN6_IS_ADDR_UNSPECIFIED(&cerid.addr)
336 || memcmp(&addrs[i].addr, &cerid.addr, sizeof(cerid.addr)) < 0)
337 cerid.addr = addrs[i].addr.in6;
338
339 free(addrs);
340 }
341 #endif
342 }
343 }
344
345 if (!IN6_IS_ADDR_MULTICAST((struct in6_addr *)dest_addr) && iov[IOV_NESTED].iov_len == 0 &&
346 (opts[-4] == DHCPV6_MSG_REQUEST || opts[-4] == DHCPV6_MSG_RENEW ||
347 opts[-4] == DHCPV6_MSG_RELEASE || opts[-4] == DHCPV6_MSG_DECLINE)) {
348 iov[IOV_STAT].iov_base = &stat;
349 iov[IOV_STAT].iov_len = sizeof(stat);
350
351 for (ssize_t i = IOV_STAT + 1; i < IOV_TOTAL; ++i)
352 iov[i].iov_len = 0;
353
354 odhcpd_send(iface->dhcpv6_event.uloop.fd, addr, iov, ARRAY_SIZE(iov), iface);
355 return;
356 }
357
358 if (opts[-4] != DHCPV6_MSG_INFORMATION_REQUEST) {
359 ssize_t ialen = dhcpv6_handle_ia(pdbuf, sizeof(pdbuf), iface, addr, &opts[-4], opts_end);
360 iov[IOV_PDBUF].iov_len = ialen;
361 if (ialen < 0 || (ialen == 0 && (opts[-4] == DHCPV6_MSG_REBIND || opts[-4] == DHCPV6_MSG_CONFIRM)))
362 return;
363 }
364
365 if (iov[IOV_NESTED].iov_len > 0) // Update length
366 update_nested_message(data, len, iov[IOV_DEST].iov_len + iov[IOV_MAXRT].iov_len +
367 iov[IOV_DNS].iov_len + iov[IOV_DNS_ADDR].iov_len +
368 iov[IOV_SEARCH].iov_len + iov[IOV_SEARCH_DOMAIN].iov_len +
369 iov[IOV_PDBUF].iov_len + iov[IOV_CERID].iov_len +
370 iov[IOV_DHCPV6_RAW].iov_len - (4 + opts_end - opts));
371
372 odhcpd_send(iface->dhcpv6_event.uloop.fd, addr, iov, ARRAY_SIZE(iov), iface);
373 }
374
375
376 // Central DHCPv6-relay handler
377 static void handle_dhcpv6(void *addr, void *data, size_t len,
378 struct interface *iface, void *dest_addr)
379 {
380 if (iface->dhcpv6 == MODE_SERVER) {
381 handle_client_request(addr, data, len, iface, dest_addr);
382 } else if (iface->dhcpv6 == MODE_RELAY) {
383 if (iface->master)
384 relay_server_response(data, len);
385 else
386 relay_client_request(addr, data, len, iface);
387 }
388 }
389
390
391 // Relay server response (regular relay server handling)
392 static void relay_server_response(uint8_t *data, size_t len)
393 {
394 // Information we need to gather
395 uint8_t *payload_data = NULL;
396 size_t payload_len = 0;
397 int32_t ifaceidx = 0;
398 struct sockaddr_in6 target = {AF_INET6, htons(DHCPV6_CLIENT_PORT),
399 0, IN6ADDR_ANY_INIT, 0};
400
401 syslog(LOG_NOTICE, "Got a DHCPv6-reply");
402
403 int otype, olen;
404 uint8_t *odata, *end = data + len;
405
406 // Relay DHCPv6 reply from server to client
407 struct dhcpv6_relay_header *h = (void*)data;
408 if (len < sizeof(*h) || h->msg_type != DHCPV6_MSG_RELAY_REPL)
409 return;
410
411 memcpy(&target.sin6_addr, &h->peer_address,
412 sizeof(struct in6_addr));
413
414 // Go through options and find what we need
415 dhcpv6_for_each_option(h->options, end, otype, olen, odata) {
416 if (otype == DHCPV6_OPT_INTERFACE_ID
417 && olen == sizeof(ifaceidx)) {
418 memcpy(&ifaceidx, odata, sizeof(ifaceidx));
419 } else if (otype == DHCPV6_OPT_RELAY_MSG) {
420 payload_data = odata;
421 payload_len = olen;
422 }
423 }
424
425 // Invalid interface-id or basic payload
426 struct interface *iface = odhcpd_get_interface_by_index(ifaceidx);
427 if (!iface || iface->master || !payload_data || payload_len < 4)
428 return;
429
430 bool is_authenticated = false;
431 struct in6_addr *dns_ptr = NULL;
432 size_t dns_count = 0;
433
434 // If the payload is relay-reply we have to send to the server port
435 if (payload_data[0] == DHCPV6_MSG_RELAY_REPL) {
436 target.sin6_port = htons(DHCPV6_SERVER_PORT);
437 } else { // Go through the payload data
438 struct dhcpv6_client_header *h = (void*)payload_data;
439 end = payload_data + payload_len;
440
441 dhcpv6_for_each_option(&h[1], end, otype, olen, odata) {
442 if (otype == DHCPV6_OPT_DNS_SERVERS && olen >= 16) {
443 dns_ptr = (struct in6_addr*)odata;
444 dns_count = olen / 16;
445 } else if (otype == DHCPV6_OPT_AUTH) {
446 is_authenticated = true;
447 }
448 }
449 }
450
451 // Rewrite DNS servers if requested
452 if (iface->always_rewrite_dns && dns_ptr && dns_count > 0) {
453 if (is_authenticated)
454 return; // Impossible to rewrite
455
456 const struct in6_addr *rewrite = iface->dns;
457 struct in6_addr addr;
458 size_t rewrite_cnt = iface->dns_cnt;
459
460 if (rewrite_cnt == 0) {
461 if (odhcpd_get_interface_dns_addr(iface, &addr))
462 return; // Unable to get interface address
463
464 rewrite = &addr;
465 rewrite_cnt = 1;
466 }
467
468 // Copy over any other addresses
469 for (size_t i = 0; i < dns_count; ++i) {
470 size_t j = (i < rewrite_cnt) ? i : rewrite_cnt - 1;
471 memcpy(&dns_ptr[i], &rewrite[j], sizeof(*rewrite));
472 }
473 }
474
475 struct iovec iov = {payload_data, payload_len};
476 odhcpd_send(iface->dhcpv6_event.uloop.fd, &target, &iov, 1, iface);
477 }
478
479 static struct odhcpd_ipaddr *relay_link_address(struct interface *iface)
480 {
481 struct odhcpd_ipaddr *addr = NULL;
482 time_t now = odhcpd_time();
483
484 for (size_t i = 0; i < iface->addr6_len; i++) {
485 if (iface->addr6[i].valid <= (uint32_t)now)
486 continue;
487
488 if (iface->addr6[i].preferred > (uint32_t)now) {
489 addr = &iface->addr6[i];
490 break;
491 }
492
493 if (!addr || (iface->addr6[i].valid > addr->valid))
494 addr = &iface->addr6[i];
495 }
496
497 return addr;
498 }
499
500 // Relay client request (regular DHCPv6-relay)
501 static void relay_client_request(struct sockaddr_in6 *source,
502 const void *data, size_t len, struct interface *iface)
503 {
504 struct interface *master = odhcpd_get_master_interface();
505 const struct dhcpv6_relay_header *h = data;
506 if (!master || master->dhcpv6 != MODE_RELAY ||
507 h->msg_type == DHCPV6_MSG_RELAY_REPL ||
508 h->msg_type == DHCPV6_MSG_RECONFIGURE ||
509 h->msg_type == DHCPV6_MSG_REPLY ||
510 h->msg_type == DHCPV6_MSG_ADVERTISE)
511 return; // Invalid message types for client
512
513 syslog(LOG_NOTICE, "Got a DHCPv6-request");
514
515 // Construct our forwarding envelope
516 struct dhcpv6_relay_forward_envelope hdr = {
517 .msg_type = DHCPV6_MSG_RELAY_FORW,
518 .hop_count = 0,
519 .interface_id_type = htons(DHCPV6_OPT_INTERFACE_ID),
520 .interface_id_len = htons(sizeof(uint32_t)),
521 .relay_message_type = htons(DHCPV6_OPT_RELAY_MSG),
522 .relay_message_len = htons(len),
523 };
524
525 if (h->msg_type == DHCPV6_MSG_RELAY_FORW) { // handle relay-forward
526 if (h->hop_count >= DHCPV6_HOP_COUNT_LIMIT)
527 return; // Invalid hop count
528 else
529 hdr.hop_count = h->hop_count + 1;
530 }
531
532 // use memcpy here as the destination fields are unaligned
533 uint32_t ifindex = iface->ifindex;
534 memcpy(&hdr.peer_address, &source->sin6_addr, sizeof(struct in6_addr));
535 memcpy(&hdr.interface_id_data, &ifindex, sizeof(ifindex));
536
537 // Detect public IP of slave interface to use as link-address
538 struct odhcpd_ipaddr *ip = relay_link_address(iface);
539 if (!ip) {
540 // No suitable address! Is the slave not configured yet?
541 // Detect public IP of master interface and use it instead
542 // This is WRONG and probably violates the RFC. However
543 // otherwise we have a hen and egg problem because the
544 // slave-interface cannot be auto-configured.
545 ip = relay_link_address(master);
546 if (!ip)
547 return; // Could not obtain a suitable address
548 }
549
550 memcpy(&hdr.link_address, &ip->addr.in6, sizeof(hdr.link_address));
551
552 struct sockaddr_in6 dhcpv6_servers = {AF_INET6,
553 htons(DHCPV6_SERVER_PORT), 0, ALL_DHCPV6_SERVERS, 0};
554 struct iovec iov[2] = {{&hdr, sizeof(hdr)}, {(void*)data, len}};
555 odhcpd_send(master->dhcpv6_event.uloop.fd, &dhcpv6_servers, iov, 2, master);
556 }
OpenWrt DHCP Server