git.openwrt.org Git - project/odhcpd.git/log

config: make sure timer is not on the timeouts list before freeing

Signed-off-by: Colin Whittaker <colin.whittaker@adtran.com>
Signed-off-by: Chad Monroe <chad@monroe.io>

add hostsfile output in addition to statefile

a92c0a7 made the temporary state/leasefile hidden so that an atomic
change was made and dnsmasq only saw the new file on rename.  A
misguided optimisation was made to only rename the temporary file if
something had changed.  Unfortunately only address and hostnames were
considered in the change, lease durations were not.

As a result it was possible for LUCI which consumes the state/leasefile
to report DHCPv6 leases had expired when they had not.

Revert the optimisation so that the file rename occurs irrespective of
content change, this keeps LUCI reporting of state/lease expiry correct.

This leaves us back with hosts file/dnsmasq update problem. Solve this
by writing out a separate hosts file.  Update this file using the
original IP/Hostname change logic that prompts calling the 'lease'
script.

odhcpd config now supports a string 'hostsfile' which defines the path
and name of the hosts file in an identical manner to 'leasefile'.  A
state 'leasefile' must be defined IF a 'hostsfile' is also required.

eg.

leasefile '/tmp/odhcpdstate'
hostsfile '/tmp/hosts/odhcpdhosts'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dhcpv4: improve error when a prefix is too long

If a user tries to enable dhcpv4 on an interface with a /29, odhcp won't work.
The logs will only contain a message that doesn't help identify the problem.
It'd be idea to support any prefix with a valid pool, but at least this would
point a confused user in the right direction.

Signed-off-by: Ross Vandegrift <ross@kallisti.us>

odhcpd: add support for dhcpv6_pd_min_len parameter

The dhcpv6_pd_min_len configuration clamps the requested prefix
delegation to be at least as big as the option.  This allows a
router to manage the size of each downstream router's prefix
delegation length independently from the delegating interface's
prefix length.

This behavior is an implementation choice permitted by the RFCs.
The delegating router (us) is not required to honor the hint
(RFC3633, section 11.2, we MAY choose to use the information in the
option; RFC8168, section 3.2 has several SHOULDs about desired
choices for selecting a prefix to delegate).

This configuration allows us to conserve prefix space so that any
single router can't grab too much of it.  Consider if we have an
interface with a /56 prefix.  A requesting router could ask for a
/58 and take 1/4 of our total address space.  But if we set a
minimum of /60, we can limit each requesting router to get only 1/16
of our total address space.

sample config:

config dhcp 'pd'
    ...
    option dhcpv6_pd_min_len '60'

Signed-off-by: John Kohl <jtk.git@bostonpog.org>
[ use different comment style and fix commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

router: Add PREF64 (RFC 8781) support

This option of IPv6 Router Advertisements allows devices connected to
a IPv6-only network to discover IPv6 prefix of the NAT64 gateway.
Devices can use this information for instance to setup client translator
(CLAT) from IPv4 to IPv6 in 464XLAT (RFC 6877) scenario or to handle
IPv4 address literal on application level.

To enable PREF64 option, a new uci parameter ra_pref64 has to contain
the NAT64 prefix, including prefix length. Only lengths of 96, 64, 56,
48, 40 and 32 bits are supported. For example, to annonce the Well-Known
Prefix:

config dhcp 'lan'
…
option ra_pref64 '64:ff9b::/96'

Fixes: #182
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
[ remove extra space for Fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

config: use dedicated link local function to check interface

Use netlink_get_interface_addrs is wrong and doesn't actually work. The
function checks only for UNIVERSE address and is not suitable for
dumping linklocal address of an interface. Use the new and dedicated
function to get interface linklocal address to correctly check if the
interface can receive message.

Fixes: #197
Fixes: 7c0f603abc14 ("router: skip RA and wait for LINK-LOCAL to be assigned")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

netlink: add support for getting interface linklocal

Add support for getting interface linklocal address. This is needed to
make sure an interface have a valid link local address and such address
is not TENTATIVE. With these info we can check if an interface is ready
to accept packets.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

Revert "config: recheck have_link_local on interface reload if already init"

This reverts commit 29c934d7ab98ca0b5da0e3757b885a1d3c19a2f4.

Replace with a better more safe implementation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

config: fix feature for enabling service only when interface RUNNING

With ba30afcfec0a26ce4bcd96ea4d687c498b0ba4df it was found that odhcpd
service are setup even if an interface had no connection and was not
running. The commit introduced the change but required more fixup for
the feature to work correctly.

The close_interface() remove the interface from the avl list and this
cause the interface to be missing later in the code flow.
The intention of the commit was to just disable the service and enable
them later when the interface is correctly set to running with the flag
IFF_RUNNING.

Change the logic and introduce a new function reload_servies() that will
check IFF_RUNNING and enable or disable odhcp services.

This function is called on odhcpd_reload() for each interface. In
odhcpd_reload() also restore the original pattern with calling
close_interface() only when the interface is not inuse for odhcp.

Also call reload_services() on the single interface when a RTM_NEWLINK
event is fired reacting to a link change of an odhcp interface and
enabling the services if IFF_RUNNING is set.

Fixes ba30afcfec0a ("config: skip interface setup if interface not IFF_RUNNING")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

config: recheck have_link_local on interface reload if already init

If an interface is already init in the odhcpd avl tables, have_link_local
is not set to true with a link local addr set as get ipv6 addr is skipped.

Move checking for have_link_local outside get_addr to better track when
an interface is ready and have a link local addr for interface already
init in odhcpd avl tables.

Fixes: #197
Fixes: 7c0f603abc14 ("router: skip RA and wait for LINK-LOCAL to be assigned")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

router: skip RA and wait for LINK-LOCAL to be assigned

This fix a specific and corner case when the following error and similar
is printed in the log:

Failed to send to ff02::1%br-lan (Address not available)

The cause for this was tracked down to the lack of the interface of a
configured LINK-LOCAL IPV6 address resulting in odhcpd_send() always
failing.

A LINK-LOCAL IPV6 address is assigned only after the interface has
carrier and is set to IFF_RUNNING and require some time for the address
to be assigned due to DAD logic.

In the case where an interface was just UP, odhcpd RA may fail since the
LINK-LOCAL IPV6 address still needs to be assigned as it still need to
be "trained". From the kernel view this is flagged in the IPV6 interface
address with the flag IFA_F_TENTATIVE, that means the address still
needs to be checked and follow DAD process.

This is only a transient problem and the DAD process is required only
once till the interface is not set DOWN.

To handle this, add some check to verify if the address has to be
checked and add an additional bool to flag if the interface have a
LINK-LOCAL assigned.

Skip sending RA if the interface still doesn't have finished the DAD
process and retry at the next RA.
A notice log is added to track this special case to track problematic
case and even more corner case.

Logic to check if interface have LINK-LOCAL are:
- When interface is setup, on scanning for the interface ipv6 address
  check if at least one address is NOT in IFA_F_TENTATIVE state.
- With interface already up but with still no LINK-LOCAL react on the
  RTM_NEWADDR event and set LINK-LOCAL if the addrs added by the event
  is a LINK-LOCAL reflecting that the interface finally ended the DAD
  process and have a correct address.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>

config: skip interface setup if interface not IFF_RUNNING

We currently setup odhcp service even if the interface is not running.
This is the case for bridge or specific interface that are flagged as UP
but have no carrier as nothing is connected to it.
This cause a similar error like:

Failed to send to ff02::1%br-lan (Address not available)

This is caused by the kernel assigning IPV6 address only when the
interface is set to IFF_RUNNING.
A LINK-LOCAL IPV6 address is required for odhcpd_send() to work or every
request will be rejected.

To fix this setup services only when interface is in IFF_RUNNING state.
When an interface change state, odhcpd is reloaded and the services are
correctly setup again.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>

Revert "odhcpd: Reduce error messages"

Silencing an error message without properly understanding why it occurs
is terrible practice. "I think this would be better served as debug."
doesn't inspire confidence the author actually understood what was going
on, so revert this commit.

This reverts commit 90d6cc9cd48a333b95604ff90f7ffe67fe14efe3.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

odhcpd: Reduce error messages

When there's no network cable connected to LAN, then odhcpd does this:

Tue Jan 24 18:32:04 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Tue Jan 24 18:32:20 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Tue Jan 24 18:32:36 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)
Tue Jan 24 18:32:52 2023 daemon.err odhcpd[2017]: Failed to send to
ff02::1%lan@br-lan (Address not available)

Accurate, but not very interesting. I think this would be better served
as debug.

Signed-off-by: Peter Naulls <peter@chocky.org>

router: always check ra_default

We currently only check ra_default when an interface has valid
addresses. This results in ra_default being ignored in case we have an
interface with only link-local addresses. This effectively breaks the
use of value 2 for the ra_default parameter.

Fix this by always checking ra_lifetime, regardless of the interface
having public addresses or not.

Fixes: #11930
Fixes: 83e14f455817 ("router: advertise removed addresses as invalid in 3 consecutive RAs")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by:Hans Dedecker <dedeckeh@gmail.com>

router: improve RA logging

We only set the RA lifetime to what is configured in UCI when there is a
default route and valid prefix. In any other case, we set it to 0. This
leads to confusion where people believe ra_lifetime is completely
ignored. In case there is a default route, but no valid prefix, a debug
message explains this, but if there is no default route, we silently
override ra_lifetime.

Add a debug message for the latter case, and explicitly mention
overriding ra_lifetime in both cases.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv4: detect noarp interfaces

Don't add ARP entries to interfaces with IFF_NOARP, it causes
problems with for example WireGuard interfaces (which requires
this change to be usable with DHCPv4-over-DHCPv6).

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>

dhcpv6-ia: make tmp lease file hidden

Use a hidden . prefixed temporary lease file instead of appending
'.tmp'.  Dnsmasq is capable of scanning files/directories using inotify
to receive file change notifications and updating its view of hostname
ip address mapping without being SIGHUPped.  Until dnsmasq v2.88 this
mechanism allows additions to hostnames, no deletions.  dnsmasq v2.88
when released will understand how to remove mappings.

Unfortunately without this change dnsmasq sees odhcpd's temporary lease
file via inotify and it also sees the change when odhcpd atomically
renames the file from '.tmp' to the correct name.

dnsmasq excludes hidden '.' files from it's inotify scans, thus changing
odhcpd to use a hidden temporary lease file reduces load and makes
sense.

Also, while here, only rename the temporary file if it actually contains
different content.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

fix null pointer dereference for INFORM messages

odhcpd: Support for Option NTP and SNTP

Support for DHCPv6 Option NTP (Option-56) and SNTP (Option-31),
DHCP Option NTP(Option-42) is implemented.
ntp list is supported for IPv4, IPv6 and FQDN.

Signed-off-by: Avinash Tekumalla <avinash.tekumalla@technicolor.com>
Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
Signed-off-by: Ashutosh Shandilya <ashutosh.shandilya@technicolor.com>
Signed-off-by: Vidya Rajagopal <vidya.rajagopal@technicolor.com>

router: advertise removed addresses as invalid in 3 consecutive RAs

On prefix removal, router advertisement daemon is supposed to send
advertise with an invalid PI entry (see RFC 7084 L-13).

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv4: fix uninitialized hostname in some ubus events

The hostname buffer is uninitialized if the client doesn't provide
DHCPV4_OPT_HOSTNAME. Use hostname from the assignment which is present if
a static lease contains the hostname or if the client provides one, and
the hostname is valid. It's also used in the ubus ipv4leases method.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>

dhcpv6-ia: allow up to 64 bit wide hostid

Add dhcpv6_hostid_len config option which controls the number
of bits in the host identifier of dynamically assigned IPv6
addresses. The default is 12 bits which is also the minimum.
The maximum is the whole interface identifier, i.e. 64 bits.

Allow up to 64 bit wide hostid in static leases.

Fixes #84 and #27.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: fix invalid preferred lifetime

Preferred lifetime cannot be greater than the valid lifetime of an IA;
fix this by checking if the preferred lifetime does not exceed the
valid lifetime of an IA

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: fix ra_flags none setting

Fixes commit a12fcb3cee2d489b8648a2398812d7bed2f25faa which wrongly
removed setting ra_flags to 0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: log config parse failures to syslog

An invalid config setting for an interface lead to a flush of all config
settings of the related interface and thus made the interface unusable.
Change the behavior by logging config parse failures to syslog and
not flushing all config settings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

cmake: enforce additonal compiler checks

Let's catch compile errors by enabling extra compiler checks

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

odhcpd: fix extra compiler warning

src/odhcpd.c:143:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
snprintf(buf, sizeof(buf), sysctl_pattern, ifname, what);
^~~~~~~~
cc1: all warnings being treated as errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: apply prefix_filter on dhcpv6

The prefix_filter allows to select which prefix should be assigned
to clients if you have multiple prefixes on an interface.
Currently, the filter only applies to RAs and does work with
a dhcpv6 server.

This commit enables the filter also on dhcpv6.

Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

odhcpd: add option for setting preferred lifetime

"valid_lft" and "preferred_lft" are different. If the "preferred_lft"
is expired the prefix should be avoided in source prefix selection.
However, the interface is allowed to still receive downstream traffic.

preferred_lfetime:
Limit for preferred lifetime of a prefix

If you want the old behavior, you have to set preferred_lifetime to
the same value as leasetime.

Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: remove assignment equal to 0 checks

Remove the checks as they're leftovers of the old static lease
implementation which created assigments with assigned equal to 0
whihc is not the case anymore in the reworked static lease
implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0

Make sure IA_PD prefixes for which no preferred and valid lifetimes
can be returned are included in the reply with a preferred and valid
lifetime to 0.
Therefore exclude IPv6 prefixes with an invalid prefix length as
well so IA_PD prefixes for which not a preferred/valid lifetime is
returned are included with a preferred and valid lifetime set to 0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: fix prefix delegation behavior

When an IPv6 address change is triggered each PD assignment is checked
if it is still consistent with the updated IPv6 prefix list.
If not consistent anymore a reconfigure is triggered for the assignment
and a best effort is made to assign a new IA_PD prefix.
If it not possible anymore to assign an IA_PD prefix delete the PD
assignment now so it will result into a NO BINDING status code for the
given IA_PD in the DHCPv6 reply when the client tries to renew the IA_PD prefix.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: remove local mkdir_p implementation

Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

ubus: add add_lease method

Allows sharing leases between odhcpd instances running
in multiple hosts.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: add option to indicate dns service presence

Adds the config option to set if ipv6 dns service is availiable on the
interface. In some cases the dns service may not be listening on the
ipv6 address of the interface, and thus should not be announced to clients.

Signed-off-by: Paizhuo Chen <cc@icpz.dev>

dhcpv6-ia : write statefile atomically

Applications (e.g. unbound) need a consistent view of the statefile;
therefore write all the lease info to a temporary file which is later
renamed to the configured statefile name

Suggested-by : John Fremlin <john@fremlin.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6: fix size_t fields in syslog format

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>

dhcpv6: add explicit dhcpv4o6 server address

Include the All_DHCP_Relay_Agents_and_Servers multicast address
in the option explicitly. It shouldn't be needed according
to RFC 7341 section 7.2 but ISC dhclient logs an error otherwise:

dhcp4-o-dhcp6-server: expecting at least 16 bytes; got 0

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>

dhcpv6: add DHCPv4-over-DHCPv6 support

Add support for DHCPv4-over-DHCPv6 (DHCP 4o6) Transport (RFC 7341).

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6: check message type

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>

router: fix advertisement interval option

The variable maxival contains the maximum time in seconds between
successive unsolicited Router Advertisement messages; RFC6275 defines
the Advertisement Interval option as the time in milliseconds.
Therefore convert maxival to milliseconds when populating the
Advertisement Interval option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

odhcpd: fix compilation with GCC10

GCC10 mandates the C++ one definition rule, which breaks on multiple
definitions of config. Add the appropriate extern declaration.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056)

odhcpd includes RIO RA options according to requirement L3 in RFC7084.
However if the delegated prefix length received on the wan is equal to the
downstream delegated prefix length on the Lan this may pollute the
routing table of type C hosts as the RIO routing entry can take
precedence of the PIO routing entry meaning all traffic for the on link
hosts will go via the router iso direct on link communication.
If the traffic is dropped in the router hosts are unreachable; therefore
don't include RIO options with prefixes and prefix length identical to
those in a PIO RA option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: fix preferred and valid lifetimes in ubus ipv6leases

Since commit 6db312a698e920ff61505ef1f42469880829774d the preferred and
valid lifetimes of the addresses/prefixes is based on the configured leasetime;
as a result the displayed preferred and valid lifetimes need to be
calculated based on the assignment lifetime as this is set to the lowest
valid lifetime of the addresses/prefixes.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

odhcpd: fix compilation with musl 1.2.0

SYS_clock_gettime is gone with musl 1.2.0. Switched to the function.

Also fixed two format strings that fail as time_t is 64-bit with 1.2.0.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

ubus: use dhcpv6 ia assignment flag

Further align the code to use DHCPv6 assignment flags to distinguish
between prefix delegation and non temporary address assignments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: avoid setting lifetime to infinite for static assignments

Don't set the valid lifetime to infinite for static assignments
but rather set it to the IA lifetime given to the client.
This makes it possible to display the leasetime for static assigments
and simplifies the code in several places

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv4: avoid setting lifetime to infinite for static assignments

Don't set the valid lifetime to infinite for static assignments
but rather set it to the leasetime given to the client.
This makes it possible to display the leasetime for static assigments
and simplifies the code in several places

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes

Allow to set the preferred/valid lifetimes of IA_NA/IA_PD options based
on the configured dhcp leasetime.
DHCP leqasetime will be used to set the preferred/valid lifetimes in the
IA_NA/IA_PD options unless the preferred/valid lifetimes of the IPv6
address are smaller then the DHCP leasetime.
This will avoid IA_NA/IA_PD options being sent with infinite lifetimes
due to the IPv6 address having infinite preferred/valid lifetimes
like IPv6 ULA addresses.
While at it rename dhcpv4_leasetime into dhcp_leasetime as the leasetime
is used both for DHCPv4 and DHCPv6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags

Simplify the code by using specific flags which identify the assignment
either as a DHCPv6 PD or NA assignment. This allows to remove implicit
checks for PD and NA assignments based on the value of the assignment
length parameter.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: cleanup prefix delegation routes

Remove prefix delegation routes as well in free_dhcpv6_assignment when
cleaning up the assignment resources

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6-ia: remove passing interface as parameter to apply_lease

As the assignment struct holds a pointer to the interface struct
use this one in apply_lease iso passing interface as a parameter

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

treewide: optimize syslog priority values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

ndp: fix endian issue

Fix endian issue introduced in commit 91a28e4 by using
ND_NA_FLAG_SOLICITED defined in netinet/icmp6.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

netlink: fix potential infinite loops

Fix potential infinite loops by checking the return code of
nl_send_auto_complete; if nl_send_auto_complete fails pending
will always have the value 1 as the finish callback will not
be called resulting into an infinite loop

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

netlink: rename netlink callback handlers

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

ndp: answer global-addressed NS manually

An upstream router may address solicits to the global address of the target,
these will not be answered by the kernel and not routed either due to link-local
source. The NS will eventually be retried as multicast, but we want to avoid this.

see also https://forum.archive.openwrt.org/viewtopic.php?id=40871

Signed-off-by: Stefan Alfers <sfan5@live.de>

dhcpv6: retry failed PD assignments on addrlist change

Currently only assignments with prefixes larger than the largest
available one will be re-assigned on addrlist change events.
Previously failed PD assignments are not taken into account, and these
assignments will never have a chance to recover even if the address just
added to the interface could satisfy them.

Failed PD assignments could be very common when upstream prefix is obtained
from a PPPoE WAN, as ISPs tend to terminate the PPPoE session after a fixed
time period. Addresses on LAN could disappear and re-appear during WAN redial,
and all existing PD assignments to clients in LAN will become failed when the
addresses disappear. These assignments will not be recovered after WAN has been
brought back up, and clients in LAN could no longer receive any PD prefix.

This commit fixes the issue by including failed PD assignments in the
re-assign list on addrlist change event, so that newly added prefixes can be
put into use right after they are added to the interface.

Signed-off-by: Tian Hao <haotia@gmail.com>

config: ra_management compatibility support

Keep supporting ra_management for backwards compatibility support;
ra_management will only be processed if neither ra_slaac and ra_flags
are set.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

odhcpd: router: Fix out of scope memory access

A pointer to search_buf is accessed by search_domain outside of the
if branch which defines search_buf. The compiler could already reuse
this memory.

Coverity: #1445747
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

dhcpv6-ia: free assignment when validity timer expires

In case clid_len is set free assignment when validity timer expires

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: speed up initial router advertisements

Speed up sending initial router advertisement messages as documented in
RFC2461 point 6.2.4

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: close socket upon NETEV_IFINDEX_CHANGE fixed

Make sure the raw socket is removed from the uloop file descriptor
list before the socket is closed as introduced in
https://github.com/openwrt/odhcpd/commit/000182fe4f94a5a6ec139456a2b74f0cdea13b9c

Related to https://github.com/openwrt/odhcpd/issues/135

Signed-off-by: Koen Aerts <aertskoen5@gmail.com>

router: fix previous commit

After closing the router socket the value needs to be set to -1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: close socket upon NETEV_IFINDEX_CHANGE

Make sure the socket is closed in a case where the bridge goes down
as a result of NO-CARRIER on the bridge.
If not present Router Discovery and Router Advertisement will break
permanently after the bridge went down.

Related to https://github.com/openwrt/odhcpd/issues/135

Signed-off-by: Koen Aerts <aertskoen5@gmail.com>

router: fix lingering uloop socket descriptor

In case setting one of the socket options fails; make sure the raw
socket is removed from the uloop file descriptor list before the
socket is closed.
In case this is not done and a new raw socket is created with the
same fd value odhcpd will not be triggered by uloop in case RS messages
are received on the socket as reported in https://github.com/openwrt/odhcpd/issues/135

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: support ra_lifetime being 0

The value 0 has the special meaning of not being a default router. This
is useful to only advertise prefixes or DNS settings without being a
real router.

Signed-off-by: Jan-Philipp Litza <janphilipp@litza.de>

router: make RA flags configurable (FS#2019)

Replace the config option ra_management by the config options ra_flags
and ra_slaac. The latter allows to configure the autonomous-address
config flag used for stateless address configuration while the former
allows to configure the RA flags in the form of a list.
The list can hold the following values :
managed-config
other-config
home-agent
none

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: remove 'ignore' config option

1. Remove 'ignore' config option for interface. Interface is still used if
   any of 'ra', 'ndp', 'dhcpv4' or 'dhcpv6' options are different from
   default 'disabled' mode. In config_parse_interface() update runtime
   ignore value according to all mode values.
2. Reset ignore, ra, ndp, dhcpv4 and dhcpv6 values in set_interface_defaults().
   Otherwise if option is deleted from config file and config is reloaded,
   it will use the value from old config, potentiallly not turning services off.
3. Do not use implicit checks that 0 server mode means MODE_DISABLED.
4. Simplify code of all service setup functions if passed enabled = true
   argument, but service mode is disabled.

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

treewide: init assignment lists head

When allocating an assignment in alloc_assignment; init the circular head
and lease_list circular lists. Avoids checking NULL pointer when freeing
the assignment in free_assignment.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: use list safe iterator in lease_delete

As the current assignment is freed in lease_delete use list_for_each_entry_safe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv4: fix lease ordering by ip address

1. Maintaining of sorted list was wrong for static lease case.
Add dhcpv4_insert_assignment() helper function and use it from all places.
2. Add ip4toa() helper function to print ipv4 address that is stored as
network byte-order uint32_t.

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: use multi-stage parsing of uci sections

When loading uci sections from config file, in one pass do not
mix sections from different types. First load odhcpd global
settings, then all interface sections and finally static leases.
It ensures that section order in file can't affect what information
is already parsed. For example static lease section may need
information about all interfaces, to decide whether ip address
belongs to any of currently defined interfaces/address pools.

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>

treewide: always init interface list heads during initialization

When allocating interface, init dhcpv4_assignments, dhcpv4_fr_ips
and ia_assignments circular list heads to point to self. Avoids
checking whether next pointer is not null all over the place.

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>

dhcpv4: do not allow pool end address to overlap with broadcast address

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>

treewide: give file descriptors safe initial value

Since main problem of assuming that fd==0 is invalid value
was fixed in upstream odhcpd by e7b1d4bf3a2297192638b9c84208b3dcb306ecd8
then what is left are minor problems of static initialization
of some global fd variables.

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>

dhcpv4: DHCP pool size is off-by-one

1. "limit" option should specify the size of dynamic pool. The dhcpv4_end
includes the last valid pool address.
2. Also handle 7 bit host addresses when not directly specified in config file.
3. Make sure code does what documentation says and default 'start'/'limit'
pool options to 100 and 150 respectively.

Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv4: add support for Parameter Request List option 55

Add client "reqopts" in ubus "ipv4leases" output.

Signed-off-by: Roman Yeryomin <roman.yeryomin@ubnt.com>
Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com>

dhcpv4: fix DHCP packet size

Calculate the DHCP packet size based on the number of DHCP options in the
message. Make sure the DHCP packet size does not go lower than 300 bytes
as some clients ignore DHCP messages smaller than 300 bytes.

Based on a patch by Dainis Jonitis <dainis.jonitis@ubnt.com>

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

ndp: fix syslog flooding (FS#2242)

Only log a syslog error in case adding of a proxy neighbor fails as a delete
failure cannot be considered as a syslog error for all cases.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

config: set default loglevel to LOG_WARNING

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: fix dns search list option

Fix regression issue introduced in commit 0523bdd as empty DNS search
list option was sent making the RA message invalid

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: use ra_lifetime as lifetime for RA options (FS#2206)

Use the RA lifetime as lifetime for the recursive DNS and DNS search options
For the route options use as lifetime the smallest value of either the valid
lifetime of the address associated with the route or the RA lifetime.
This avoids routes having infinite lifetime being installed in downstream
clients which can results into routes pointing to a removed router.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: improve code readibility

No functional changes; just improve code readibilty in send_router_advert()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Revert "router:"

This reverts commit f1d7da9801adc0a77c1a35363e4242544c4915e7.

treewide: align syslog loglevels

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router:

treewide: fix compiler warnings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

CMakeList.txt: enable extra compiler checks

Enforce additional compiler checks in order to catch
possible errors during compilation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

ndp: create ICMPv6 socket per interface

Get rid of the global raw ICMPv6 socket by creating a raw ICMPv6 ping socket
per interface. This fixes an open raw ICMPv6 socket in case all ndp interfaces
are configured as disabled.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: create ICMPv6 socket per interface

Get rid of the global raw ICMPv6 socket by creating a raw ICMPv6 socket per
interface. This fixes an open raw ICMPv6 socket in case all ra interfaces
are configured as disabled.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

treewide: initialize properly file descriptors

Initialzie properly the dhcpv6, dhcpv4 and ndp ffile descriptors
when creating an interface.
As such the check for a valid descriptor can be done correct now
in the different modules

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

netlink: rework IPv4 address refresh logic

Rework logic to refresh IPv4 addresses so we can get rid of the
second for loop

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

netlink: rework IPv6 address refresh logic

Rework logic to refresh IPv6 addresses so we can get rid of the
second for loop

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

netlink: fix IPv6 address updates (FS#2204)

Keep the valid and preferred lifetimes in sync with the kernel by always
updating the cached IPv6 addresses in refesh_iface_addr6().
This fixes invalid preferred and valid IA lifetimes in DHCPv6 reply
messages due to the cached preferred and valid lifetimes not being in
sync with the preferred and valid kernel lifetimes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6: extra syslog tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

dhcpv6/router: add support for mutiple master interfaces

Support multiple master interfaces for dhcpv6 and ra; it allows
to forward dhcpv6 mesaages and RS on multiple upstream links

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

ndp: fix adding proxy neighbor entries

In case multiple logical OpenWrt interfaces are stacked on the same device
and one of the interfaces is configured in relay and the other not; adding
a proxy neighbor entry will result into it immediately being deleted if
the interface in non relay mode comes last.
Fix this by not doing a delete on the interface which is not configured in
relay mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

router: add extra syslog tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>