ISC DHCP  4.4.1
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2017 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * This Source Code Form is subject to the terms of the Mozilla Public
5  * License, v. 2.0. If a copy of the MPL was not distributed with this
6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 
21 #ifdef DHCPv6
22 
23 #ifdef DHCP4o6
24 static void forw_dhcpv4_query(struct packet *packet);
25 static void send_dhcpv4_response(struct data_string *raw);
26 
27 static void recv_dhcpv4_query(struct data_string *raw);
28 static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29  struct packet *packet);
30 
31 struct udp_data4o6 {
32  u_int16_t src_port;
33  u_int8_t rsp_opt_exist;
34  u_int8_t reserved;
35 };
36 
37 static int offset_data4o6 = 36; /* 16+16+4 */
38 #endif
39 
40 /*
41  * We use print_hex_1() to output DUID values. We could actually output
42  * the DUID with more information... MAC address if using type 1 or 3,
43  * and so on. However, RFC 3315 contains Grave Warnings against actually
44  * attempting to understand a DUID.
45  */
46 
47 /*
48  * TODO: gettext() or other method of localization for the messages
49  * for status codes (and probably for log formats eventually)
50  * TODO: refactoring (simplify, simplify, simplify)
51  * TODO: support multiple shared_networks on each interface (this
52  * will allow the server to issue multiple IPv6 addresses to
53  * a single interface)
54  */
55 
56 /*
57  * DHCPv6 Reply workflow assist. A Reply packet is built by various
58  * different functions; this gives us one location where we keep state
59  * regarding a reply.
60  */
61 struct reply_state {
62  /* root level persistent state */
63  struct shared_network *shared;
64  struct host_decl *host;
65  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
66  struct option_state *opt_state;
67  struct packet *packet;
68  struct data_string client_id;
69 
70  /* IA level persistent state */
71  unsigned ia_count;
72  unsigned pd_count;
73  unsigned client_resources;
74  isc_boolean_t resources_included;
75  isc_boolean_t static_lease;
76  unsigned static_prefixes;
77  struct ia_xx *ia;
78  struct ia_xx *old_ia;
79  struct option_state *reply_ia;
80  struct data_string fixed;
81  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
82 
83  /* IAADDR/PREFIX level persistent state */
84  struct iasubopt *lease;
85 
86  /*
87  * "t1", "t2", preferred, and valid lifetimes records for calculating
88  * t1 and t2 (min/max).
89  */
90  u_int32_t renew, rebind, min_prefer, min_valid;
91 
92  /* Client-requested valid and preferred lifetimes. */
93  u_int32_t client_valid, client_prefer;
94 
95  /* Chosen values to transmit for valid and preferred lifetimes. */
96  u_int32_t send_valid, send_prefer;
97 
98  /* Preferred prefix length (-1 is any). */
99  int preflen;
100 
101  /* Index into the data field that has been consumed. */
102  unsigned cursor;
103 
104  /* Space for the on commit statements for a fixed host */
105  struct on_star on_star;
106 
107  union reply_buffer {
108  unsigned char data[65536];
109  struct dhcpv6_packet reply;
110  } buf;
111 };
112 
113 /*
114  * Prototypes local to this file.
115  */
116 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
117  struct data_string *enc_opt_data,
118  struct packet *packet,
119  struct option_cache *oc,
120  int offset);
121 static void build_dhcpv6_reply(struct data_string *, struct packet *);
122 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
123  struct packet *packet);
124 static void seek_shared_host(struct host_decl **hp,
125  struct shared_network *shared);
126 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
127  struct shared_network *shared);
128 static isc_result_t reply_process_ia_na(struct reply_state *reply,
129  struct option_cache *ia);
130 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
131  struct option_cache *ia);
132 static isc_result_t reply_process_addr(struct reply_state *reply,
133  struct option_cache *addr);
134 static isc_boolean_t address_is_owned(struct reply_state *reply,
135  struct iaddr *addr);
136 static isc_boolean_t temporary_is_available(struct reply_state *reply,
137  struct iaddr *addr);
138 static isc_result_t find_client_temporaries(struct reply_state *reply);
139 static isc_result_t reply_process_try_addr(struct reply_state *reply,
140  struct iaddr *addr);
141 static isc_result_t find_client_address(struct reply_state *reply);
142 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
143  struct binding_scope **scope,
144  struct group *group);
145 static isc_result_t reply_process_send_addr(struct reply_state *reply,
146  struct iaddr *addr);
147 static struct iasubopt *lease_compare(struct iasubopt *alpha,
148  struct iasubopt *beta);
149 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
150  struct option_cache *ia_pd);
151 static struct group *find_group_by_prefix(struct reply_state *reply);
152 static isc_result_t reply_process_prefix(struct reply_state *reply,
153  struct option_cache *pref);
154 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
155  struct iaddrcidrnet *pref);
156 static isc_result_t find_client_prefix(struct reply_state *reply);
157 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
158  struct iaddrcidrnet *pref);
159 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
160  struct binding_scope **scope,
161  struct group *group);
162 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
163  struct iaddrcidrnet *pref);
164 static struct iasubopt *prefix_compare(struct reply_state *reply,
165  struct iasubopt *alpha,
166  struct iasubopt *beta);
167 static void schedule_lease_timeout_reply(struct reply_state *reply);
168 
169 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
170 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
171  int prefix_mode);
172 
173 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
174  const struct data_string *client_id,
175  const struct data_string *server_id);
176 
177 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
178 static isc_result_t shared_network_from_requested_addr (struct shared_network
179  **shared,
180  struct packet* packet);
181 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
182  struct iaddr* iaddr);
183 
184 static void
185 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
186 
187 static const char *iasubopt_plen_str(struct iasubopt *lease);
188 static int release_on_roam(struct reply_state *reply);
189 
190 static int reuse_lease6(struct reply_state *reply, struct iasubopt *lease);
191 static void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
192  time_t age, int threshold);
193 static void write_to_packet(struct reply_state *reply, unsigned ia_cursor);
194 static const char *iasubopt_plen_str(struct iasubopt *lease);
195 
196 #ifdef NSUPDATE
197 static void ddns_update_static6(struct reply_state* reply);
198 #endif
199 
200 #ifdef DHCP4o6
201 /*
202  * \brief Omapi I/O handler
203  *
204  * The inter-process communication receive handler.
205  * Get the message, put it into the raw data_string
206  * and call \ref send_dhcpv4_response() (DHCPv6 side) or
207  * \ref recv_dhcpv4_query() (DHCPv4 side)
208  *
209  * \param h the OMAPI object
210  * \return a result for I/O success or error (used by the I/O subsystem)
211  */
212 isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
213  char buf[65536];
214  struct data_string raw;
215  int cc;
216 
217  if (h->type != dhcp4o6_type)
218  return DHCP_R_INVALIDARG;
219 
220  cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
221 
222  if (cc < DHCP_FIXED_NON_UDP + offset_data4o6)
223  return ISC_R_UNEXPECTED;
224  memset(&raw, 0, sizeof(raw));
225  if (!buffer_allocate(&raw.buffer, cc, MDL)) {
226  log_error("dhcpv4o6_handler: no memory buffer.");
227  return ISC_R_NOMEMORY;
228  }
229  raw.data = raw.buffer->data;
230  raw.len = cc;
231  memcpy(raw.buffer->data, buf, cc);
232 
233  if (local_family == AF_INET6) {
234  send_dhcpv4_response(&raw);
235  } else {
236  recv_dhcpv4_query(&raw);
237  }
238 
239  data_string_forget(&raw, MDL);
240 
241  return ISC_R_SUCCESS;
242 }
243 
244 /*
245  * \brief Send the DHCPv4-response back to the DHCPv6 side
246  * (DHCPv6 server function)
247  *
248  * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-response message
249  *
250  * \param raw the IPC message content
251  */
252 static void send_dhcpv4_response(struct data_string *raw) {
253  struct interface_info *ip;
254  char name[16 + 1];
255  struct sockaddr_in6 to_addr;
256  char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
257  struct udp_data4o6 udp_data;
258  int send_ret;
259 
260  memset(name, 0, sizeof(name));
261  memcpy(name, raw->data, 16);
262  for (ip = interfaces; ip != NULL; ip = ip->next) {
263  if (!strcmp(name, ip->name))
264  break;
265  }
266  if (ip == NULL) {
267  log_error("send_dhcpv4_response: can't find interface %s.",
268  name);
269  return;
270  }
271 
272  memset(&to_addr, 0, sizeof(to_addr));
273  to_addr.sin6_family = AF_INET6;
274  memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
275  memset(&udp_data, 0, sizeof(udp_data));
276  memcpy(&udp_data, raw->data + 32, 4);
277  if ((raw->data[36] == DHCPV6_RELAY_FORW) ||
278  (raw->data[36] == DHCPV6_RELAY_REPL)) {
279  if (udp_data.rsp_opt_exist) {
280  to_addr.sin6_port = udp_data.src_port;
281  } else {
282  to_addr.sin6_port = local_port;
283  }
284  } else {
285  to_addr.sin6_port = remote_port;
286  }
287 
288  log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
289  dhcpv6_type_names[raw->data[36]],
290  name,
291  inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
292  ntohs(to_addr.sin6_port));
293 
294  send_ret = send_packet6(ip, raw->data + 36, raw->len - 36, &to_addr);
295  if (send_ret < 0) {
296  log_error("send_dhcpv4_response: send_packet6(): %m");
297  } else if (send_ret != raw->len - 36) {
298  log_error("send_dhcpv4_response: send_packet6() "
299  "sent %d of %d bytes",
300  send_ret, raw->len - 36);
301  }
302 }
303 #endif /* DHCP4o6 */
304 
305 /*
306  * Schedule lease timeouts for all of the iasubopts in the reply.
307  * This is currently used to schedule timeouts for soft leases.
308  */
309 
310 static void
311 schedule_lease_timeout_reply(struct reply_state *reply) {
312  struct iasubopt *tmp;
313  int i;
314 
315  /* sanity check the reply */
316  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
317  return;
318 
319  /* walk through the list, scheduling as we go */
320  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
321  tmp = reply->ia->iasubopt[i];
323  }
324 }
325 
326 /*
327  * This function returns the time since DUID time start for the
328  * given time_t value.
329  */
330 static u_int32_t
331 duid_time(time_t when) {
332  /*
333  * This time is modulo 2^32.
334  */
335  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
336  /* use 2^31 to avoid spurious compiler warnings */
337  when -= 2147483648u;
338  when -= 2147483648u;
339  }
340 
341  return when - DUID_TIME_EPOCH;
342 }
343 
344 
345 /*
346  * Server DUID.
347  *
348  * This must remain the same for the lifetime of this server, because
349  * clients return the server DUID that we sent them in Request packets.
350  *
351  * We pick the server DUID like this:
352  *
353  * 1. Check dhcpd.conf - any value the administrator has configured
354  * overrides any possible values.
355  * 2. Check the leases.txt - we want to use the previous value if
356  * possible.
357  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
358  * and generate that type.
359  * 4. Generate a type 1 (time + hardware address) DUID.
360  */
361 static struct data_string server_duid;
362 
363 /*
364  * Check if the server_duid has been set.
365  */
366 isc_boolean_t
367 server_duid_isset(void) {
368  return (server_duid.data != NULL);
369 }
370 
371 /*
372  * Return the server_duid.
373  */
374 void
375 copy_server_duid(struct data_string *ds, const char *file, int line) {
376  data_string_copy(ds, &server_duid, file, line);
377 }
378 
379 /*
380  * Set the server DUID to a specified value. This is used when
381  * the server DUID is stored in persistent memory (basically the
382  * leases.txt file).
383  */
384 void
385 set_server_duid(struct data_string *new_duid) {
386  /* INSIST(new_duid != NULL); */
387  /* INSIST(new_duid->data != NULL); */
388 
389  if (server_duid_isset()) {
390  data_string_forget(&server_duid, MDL);
391  }
392  data_string_copy(&server_duid, new_duid, MDL);
393 }
394 
395 
396 /*
397  * Set the server DUID based on the D6O_SERVERID option. This handles
398  * the case where the administrator explicitly put it in the dhcpd.conf
399  * file.
400  */
401 isc_result_t
403  struct option_state *opt_state;
404  struct option_cache *oc;
405  struct data_string option_duid;
406  isc_result_t ret_val;
407 
408  opt_state = NULL;
409  if (!option_state_allocate(&opt_state, MDL)) {
410  log_fatal("No memory for server DUID.");
411  }
412 
413  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
414  opt_state, &global_scope, root_group,
415  NULL, NULL);
416 
417  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
418  if (oc == NULL) {
419  ret_val = ISC_R_NOTFOUND;
420  } else {
421  memset(&option_duid, 0, sizeof(option_duid));
422  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
423  opt_state, NULL, &global_scope,
424  oc, MDL)) {
425  ret_val = ISC_R_UNEXPECTED;
426  } else {
427  set_server_duid(&option_duid);
428  data_string_forget(&option_duid, MDL);
429  ret_val = ISC_R_SUCCESS;
430  }
431  }
432 
433  option_state_dereference(&opt_state, MDL);
434 
435  return ret_val;
436 }
437 
438 /*
439  * DUID layout, as defined in RFC 3315, section 9.
440  *
441  * We support type 1 (hardware address plus time) and type 3 (hardware
442  * address).
443  *
444  * We can support type 2 for specific vendors in the future, if they
445  * publish the specification. And of course there may be additional
446  * types later.
447  */
448 static int server_duid_type = DUID_LLT;
449 
450 /*
451  * Set the DUID type.
452  */
453 void
454 set_server_duid_type(int type) {
455  server_duid_type = type;
456 }
457 
458 /*
459  * Generate a new server DUID. This is done if there was no DUID in
460  * the leases.txt or in the dhcpd.conf file.
461  */
462 isc_result_t
464  struct interface_info *p;
465  u_int32_t time_val;
466  struct data_string generated_duid;
467 
468  /*
469  * Verify we have a type that we support.
470  */
471  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
472  log_error("Invalid DUID type %d specified, "
473  "only LL and LLT types supported", server_duid_type);
474  return DHCP_R_INVALIDARG;
475  }
476 
477  /*
478  * Find an interface with a hardware address.
479  * Any will do. :)
480  */
481  for (p = interfaces; p != NULL; p = p->next) {
482  if (p->hw_address.hlen > 0) {
483  break;
484  }
485  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
486  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
487  }
488  }
489  if (p == NULL) {
490  return ISC_R_UNEXPECTED;
491  }
492 
493  /*
494  * Build our DUID.
495  */
496  memset(&generated_duid, 0, sizeof(generated_duid));
497  if (server_duid_type == DUID_LLT) {
498  time_val = duid_time(time(NULL));
499  generated_duid.len = 8 + p->hw_address.hlen - 1;
500  if (!buffer_allocate(&generated_duid.buffer,
501  generated_duid.len, MDL)) {
502  log_fatal("No memory for server DUID.");
503  }
504  generated_duid.data = generated_duid.buffer->data;
505  putUShort(generated_duid.buffer->data, DUID_LLT);
506  putUShort(generated_duid.buffer->data + 2,
507  p->hw_address.hbuf[0]);
508  putULong(generated_duid.buffer->data + 4, time_val);
509  memcpy(generated_duid.buffer->data + 8,
510  p->hw_address.hbuf+1, p->hw_address.hlen-1);
511  } else if (server_duid_type == DUID_LL) {
512  generated_duid.len = 4 + p->hw_address.hlen - 1;
513  if (!buffer_allocate(&generated_duid.buffer,
514  generated_duid.len, MDL)) {
515  log_fatal("No memory for server DUID.");
516  }
517  generated_duid.data = generated_duid.buffer->data;
518  putUShort(generated_duid.buffer->data, DUID_LL);
519  putUShort(generated_duid.buffer->data + 2,
520  p->hw_address.hbuf[0]);
521  memcpy(generated_duid.buffer->data + 4,
522  p->hw_address.hbuf+1, p->hw_address.hlen-1);
523  } else {
524  log_fatal("Unsupported server DUID type %d.", server_duid_type);
525  }
526 
527  set_server_duid(&generated_duid);
528  data_string_forget(&generated_duid, MDL);
529 
530  return ISC_R_SUCCESS;
531 }
532 
533 /*
534  * Get the client identifier from the packet.
535  */
536 isc_result_t
537 get_client_id(struct packet *packet, struct data_string *client_id) {
538  struct option_cache *oc;
539 
540  /*
541  * Verify our client_id structure is empty.
542  */
543  if ((client_id->data != NULL) || (client_id->len != 0)) {
544  return DHCP_R_INVALIDARG;
545  }
546 
548  if (oc == NULL) {
549  return ISC_R_NOTFOUND;
550  }
551 
552  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
553  packet->options, NULL,
554  &global_scope, oc, MDL)) {
555  return ISC_R_FAILURE;
556  }
557 
558  return ISC_R_SUCCESS;
559 }
560 
561 /*
562  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
563  *
564  * Servers MUST discard any Solicit messages that do not include a
565  * Client Identifier option or that do include a Server Identifier
566  * option.
567  */
568 int
569 valid_client_msg(struct packet *packet, struct data_string *client_id) {
570  int ret_val;
571  struct option_cache *oc;
572  struct data_string data;
573 
574  ret_val = 0;
575  memset(client_id, 0, sizeof(*client_id));
576  memset(&data, 0, sizeof(data));
577 
578  switch (get_client_id(packet, client_id)) {
579  case ISC_R_SUCCESS:
580  break;
581  case ISC_R_NOTFOUND:
582  log_debug("Discarding %s from %s; "
583  "client identifier missing",
586  goto exit;
587  default:
588  log_error("Error processing %s from %s; "
589  "unable to evaluate Client Identifier",
592  goto exit;
593  }
594 
595  /*
596  * Required by RFC 3315, section 15.
597  */
598  if (packet->unicast) {
599  log_debug("Discarding %s from %s; packet sent unicast "
600  "(CLIENTID %s)",
603  print_hex_1(client_id->len, client_id->data, 60));
604  goto exit;
605  }
606 
607 
609  if (oc != NULL) {
610  if (evaluate_option_cache(&data, packet, NULL, NULL,
611  packet->options, NULL,
612  &global_scope, oc, MDL)) {
613  log_debug("Discarding %s from %s; "
614  "server identifier found "
615  "(CLIENTID %s, SERVERID %s)",
618  print_hex_1(client_id->len,
619  client_id->data, 60),
620  print_hex_2(data.len,
621  data.data, 60));
622  } else {
623  log_debug("Discarding %s from %s; "
624  "server identifier found "
625  "(CLIENTID %s)",
627  print_hex_1(client_id->len,
628  client_id->data, 60),
630  }
631  goto exit;
632  }
633 
634  /* looks good */
635  ret_val = 1;
636 
637 exit:
638  if (data.len > 0) {
640  }
641  if (!ret_val) {
642  if (client_id->len > 0) {
643  data_string_forget(client_id, MDL);
644  }
645  }
646  return ret_val;
647 }
648 
649 /*
650  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
651  * 15.9 (slightly different wording, but same meaning):
652  *
653  * Servers MUST discard any received Request message that meet any of
654  * the following conditions:
655  *
656  * - the message does not include a Server Identifier option.
657  * - the contents of the Server Identifier option do not match the
658  * server's DUID.
659  * - the message does not include a Client Identifier option.
660  */
661 int
662 valid_client_resp(struct packet *packet,
663  struct data_string *client_id,
664  struct data_string *server_id)
665 {
666  int ret_val;
667  struct option_cache *oc;
668 
669  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
670 
671  ret_val = 0;
672  memset(client_id, 0, sizeof(*client_id));
673  memset(server_id, 0, sizeof(*server_id));
674 
675  switch (get_client_id(packet, client_id)) {
676  case ISC_R_SUCCESS:
677  break;
678  case ISC_R_NOTFOUND:
679  log_debug("Discarding %s from %s; "
680  "client identifier missing",
683  goto exit;
684  default:
685  log_error("Error processing %s from %s; "
686  "unable to evaluate Client Identifier",
689  goto exit;
690  }
691 
693  if (oc == NULL) {
694  log_debug("Discarding %s from %s: "
695  "server identifier missing (CLIENTID %s)",
698  print_hex_1(client_id->len, client_id->data, 60));
699  goto exit;
700  }
701  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
702  packet->options, NULL,
703  &global_scope, oc, MDL)) {
704  log_error("Error processing %s from %s; "
705  "unable to evaluate Server Identifier (CLIENTID %s)",
708  print_hex_1(client_id->len, client_id->data, 60));
709  goto exit;
710  }
711  if ((server_duid.len != server_id->len) ||
712  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
713  log_debug("Discarding %s from %s; "
714  "not our server identifier "
715  "(CLIENTID %s, SERVERID %s, server DUID %s)",
718  print_hex_1(client_id->len, client_id->data, 60),
719  print_hex_2(server_id->len, server_id->data, 60),
720  print_hex_3(server_duid.len, server_duid.data, 60));
721  goto exit;
722  }
723 
724  /* looks good */
725  ret_val = 1;
726 
727 exit:
728  if (!ret_val) {
729  if (server_id->len > 0) {
730  data_string_forget(server_id, MDL);
731  }
732  if (client_id->len > 0) {
733  data_string_forget(client_id, MDL);
734  }
735  }
736  return ret_val;
737 }
738 
739 /*
740  * Information request validation, defined in RFC 3315, section 15.12:
741  *
742  * Servers MUST discard any received Information-request message that
743  * meets any of the following conditions:
744  *
745  * - The message includes a Server Identifier option and the DUID in
746  * the option does not match the server's DUID.
747  *
748  * - The message includes an IA option.
749  */
750 int
751 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
752  int ret_val;
753  struct option_cache *oc;
754  struct data_string client_id;
755  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
756  plus a few more for extra information */
757 
758  ret_val = 0;
759  memset(server_id, 0, sizeof(*server_id));
760  memset(&client_id, 0, sizeof(client_id));
761 
762  /*
763  * Make a string that we can print out to give more
764  * information about the client if we need to.
765  *
766  * By RFC 3315, Section 18.1.5 clients SHOULD have a
767  * client-id on an Information-request packet, but it
768  * is not strictly necessary.
769  */
770  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
771  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
772  print_hex_1(client_id.len, client_id.data, 60));
773  data_string_forget(&client_id, MDL);
774  } else {
775  client_id_str[0] = '\0';
776  }
777 
778  /*
779  * Required by RFC 3315, section 15.
780  */
781  if (packet->unicast) {
782  log_debug("Discarding %s from %s; packet sent unicast%s",
784  piaddr(packet->client_addr), client_id_str);
785  goto exit;
786  }
787 
789  if (oc != NULL) {
790  log_debug("Discarding %s from %s; "
791  "IA_NA option present%s",
793  piaddr(packet->client_addr), client_id_str);
794  goto exit;
795  }
797  if (oc != NULL) {
798  log_debug("Discarding %s from %s; "
799  "IA_TA option present%s",
801  piaddr(packet->client_addr), client_id_str);
802  goto exit;
803  }
805  if (oc != NULL) {
806  log_debug("Discarding %s from %s; "
807  "IA_PD option present%s",
809  piaddr(packet->client_addr), client_id_str);
810  goto exit;
811  }
812 
814  if (oc != NULL) {
815  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
816  packet->options, NULL,
817  &global_scope, oc, MDL)) {
818  log_error("Error processing %s from %s; "
819  "unable to evaluate Server Identifier%s",
821  piaddr(packet->client_addr), client_id_str);
822  goto exit;
823  }
824  if ((server_duid.len != server_id->len) ||
825  (memcmp(server_duid.data, server_id->data,
826  server_duid.len) != 0)) {
827  log_debug("Discarding %s from %s; "
828  "not our server identifier "
829  "(SERVERID %s, server DUID %s)%s",
832  print_hex_1(server_id->len,
833  server_id->data, 60),
834  print_hex_2(server_duid.len,
835  server_duid.data, 60),
836  client_id_str);
837  goto exit;
838  }
839  }
840 
841  /* looks good */
842  ret_val = 1;
843 
844 exit:
845  if (!ret_val) {
846  if (server_id->len > 0) {
847  data_string_forget(server_id, MDL);
848  }
849  }
850  return ret_val;
851 }
852 
853 /*
854  * Options that we want to send, in addition to what was requested
855  * via the ORO.
856  */
857 static const int required_opts[] = {
858  D6O_CLIENTID,
859  D6O_SERVERID,
862  0
863 };
864 static const int required_opts_solicit[] = {
865  D6O_CLIENTID,
866  D6O_SERVERID,
867  D6O_IA_NA,
868  D6O_IA_TA,
869  D6O_IA_PD,
874  0
875 };
876 static const int required_opts_agent[] = {
878 #if defined(RELAY_PORT)
880 #endif
882  0
883 };
884 static const int required_opts_IA[] = {
885  D6O_IAADDR,
887  0
888 };
889 static const int required_opts_IA_PD[] = {
890  D6O_IAPREFIX,
892  0
893 };
894 static const int required_opts_STATUS_CODE[] = {
896  0
897 };
898 #ifdef DHCP4o6
899 static const int required_opts_4o6[] = {
901  0
902 };
903 #endif
904 
905 static const int unicast_reject_opts[] = {
906  D6O_CLIENTID,
907  D6O_SERVERID,
909  0
910 };
911 
912 
913 /*
914  * Extracts from packet contents an IA_* option, storing the IA structure
915  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
916  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
917  * where in the IA_* the DHCPv6 options commence.
918  */
919 static int
920 get_encapsulated_IA_state(struct option_state **enc_opt_state,
921  struct data_string *enc_opt_data,
922  struct packet *packet,
923  struct option_cache *oc,
924  int offset)
925 {
926  /*
927  * Get the raw data for the encapsulated options.
928  */
929  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
930  if (!evaluate_option_cache(enc_opt_data, packet,
931  NULL, NULL, packet->options, NULL,
932  &global_scope, oc, MDL)) {
933  log_error("get_encapsulated_IA_state: "
934  "error evaluating raw option.");
935  return 0;
936  }
937  if (enc_opt_data->len < offset) {
938  log_error("get_encapsulated_IA_state: raw option too small.");
939  data_string_forget(enc_opt_data, MDL);
940  return 0;
941  }
942 
943  /*
944  * Now create the option state structure, and pass it to the
945  * function that parses options.
946  */
947  *enc_opt_state = NULL;
948  if (!option_state_allocate(enc_opt_state, MDL)) {
949  log_error("get_encapsulated_IA_state: no memory for options.");
950  data_string_forget(enc_opt_data, MDL);
951  return 0;
952  }
953  if (!parse_option_buffer(*enc_opt_state,
954  enc_opt_data->data + offset,
955  enc_opt_data->len - offset,
956  &dhcpv6_universe)) {
957  log_error("get_encapsulated_IA_state: error parsing options.");
958  option_state_dereference(enc_opt_state, MDL);
959  data_string_forget(enc_opt_data, MDL);
960  return 0;
961  }
962 
963  return 1;
964 }
965 
966 static int
967 set_status_code(u_int16_t status_code, const char *status_message,
968  struct option_state *opt_state)
969 {
970  struct data_string d;
971  int ret_val;
972 
973  memset(&d, 0, sizeof(d));
974  d.len = sizeof(status_code) + strlen(status_message);
975  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
976  log_fatal("set_status_code: no memory for status code.");
977  }
978  d.data = d.buffer->data;
979  putUShort(d.buffer->data, status_code);
980  memcpy(d.buffer->data + sizeof(status_code),
981  status_message, d.len - sizeof(status_code));
982  if (!save_option_buffer(&dhcpv6_universe, opt_state,
983  d.buffer, (unsigned char *)d.data, d.len,
984  D6O_STATUS_CODE, 0)) {
985  log_error("set_status_code: error saving status code.");
986  ret_val = 0;
987  } else {
988  ret_val = 1;
989  }
990  data_string_forget(&d, MDL);
991  return ret_val;
992 }
993 
994 void check_pool6_threshold(struct reply_state *reply,
995  struct iasubopt *lease)
996 {
997  struct ipv6_pond *pond;
998  isc_uint64_t used, count, high_threshold;
999  int poolhigh = 0, poollow = 0;
1000  char *shared_name = "no name";
1001  char tmp_addr[INET6_ADDRSTRLEN];
1002 
1003  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
1004  return;
1005  pond = lease->ipv6_pool->ipv6_pond;
1006 
1007  /* If the address range is too large to track, just skip all this. */
1008  if (pond->jumbo_range == 1) {
1009  return;
1010  }
1011 
1012  count = pond->num_total;
1013  used = pond->num_active;
1014 
1015  /* get network name for logging */
1016  if ((pond->shared_network != NULL) &&
1017  (pond->shared_network->name != NULL)) {
1018  shared_name = pond->shared_network->name;
1019  }
1020 
1021  /* The logged flag indicates if we have already crossed the high
1022  * threshold and emitted a log message. If it is set we check to
1023  * see if we have re-crossed the low threshold and need to reset
1024  * things. When we cross the high threshold we determine what
1025  * the low threshold is and save it into the low_threshold value.
1026  * When we cross that threshold we reset the logged flag and
1027  * the low_threshold to 0 which allows the high threshold message
1028  * to be emitted once again.
1029  * if we haven't recrossed the boundry we don't need to do anything.
1030  */
1031  if (pond->logged !=0) {
1032  if (used <= pond->low_threshold) {
1033  pond->low_threshold = 0;
1034  pond->logged = 0;
1035  log_error("Pool threshold reset - shared subnet: %s; "
1036  "address: %s; low threshold %llu/%llu.",
1037  shared_name,
1038  inet_ntop(AF_INET6, &lease->addr,
1039  tmp_addr, sizeof(tmp_addr)),
1040  used, count);
1041  }
1042  return;
1043  }
1044 
1045  /* find the high threshold */
1046  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1047  NULL, reply->packet->options, reply->opt_state,
1048  reply->opt_state, &lease->scope,
1049  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1050  /* no threshold bail out */
1051  return;
1052  }
1053 
1054  /* We do have a threshold for this pool, see if its valid */
1055  if ((poolhigh <= 0) || (poolhigh > 100)) {
1056  /* not valid */
1057  return;
1058  }
1059 
1060  /* we have a valid value, have we exceeded it */
1061  high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1062  if (used < high_threshold) {
1063  /* nope, no more to do */
1064  return;
1065  }
1066 
1067  /* we've exceeded it, output a message */
1068  log_error("Pool threshold exceeded - shared subnet: %s; "
1069  "address: %s; high threshold %d%% %llu/%llu.",
1070  shared_name,
1071  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1072  poolhigh, used, count);
1073 
1074  /* handle the low threshold now, if we don't
1075  * have one we default to 0. */
1076  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1077  NULL, reply->packet->options, reply->opt_state,
1078  reply->opt_state, &lease->scope,
1079  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1080  (poollow > 100)) {
1081  poollow = 0;
1082  }
1083 
1084  /*
1085  * If the low theshold is higher than the high threshold we continue to log
1086  * If it isn't then we set the flag saying we already logged and determine
1087  * what the reset threshold is.
1088  */
1089  if (poollow < poolhigh) {
1090  pond->logged = 1;
1091  pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1092  }
1093 }
1094 
1095 /*
1096  * We have a set of operations we do to set up the reply packet, which
1097  * is the same for many message types.
1098  */
1099 static int
1100 start_reply(struct packet *packet,
1101  const struct data_string *client_id,
1102  const struct data_string *server_id,
1103  struct option_state **opt_state,
1104  struct dhcpv6_packet *reply)
1105 {
1106  struct option_cache *oc;
1107  const unsigned char *server_id_data;
1108  int server_id_len;
1109 
1110  /*
1111  * Build our option state for reply.
1112  */
1113  *opt_state = NULL;
1114  if (!option_state_allocate(opt_state, MDL)) {
1115  log_error("start_reply: no memory for option_state.");
1116  return 0;
1117  }
1118  execute_statements_in_scope(NULL, packet, NULL, NULL,
1119  packet->options, *opt_state,
1120  &global_scope, root_group, NULL, NULL);
1121 
1122  /*
1123  * A small bit of special handling for Solicit messages.
1124  *
1125  * We could move the logic into a flag, but for now just check
1126  * explicitly.
1127  */
1129  reply->msg_type = DHCPV6_ADVERTISE;
1130 
1131  /*
1132  * If:
1133  * - this message type supports rapid commit (Solicit), and
1134  * - the server is configured to supply a rapid commit, and
1135  * - the client requests a rapid commit,
1136  * Then we add a rapid commit option, and send Reply (instead
1137  * of an Advertise).
1138  */
1140  *opt_state, D6O_RAPID_COMMIT);
1141  if (oc != NULL) {
1144  if (oc != NULL) {
1145  /* Rapid-commit in action. */
1146  reply->msg_type = DHCPV6_REPLY;
1147  } else {
1148  /* Don't want a rapid-commit in advertise. */
1150  *opt_state, D6O_RAPID_COMMIT);
1151  }
1152  }
1153  } else {
1154  reply->msg_type = DHCPV6_REPLY;
1155  /* Delete the rapid-commit from the sent options. */
1157  *opt_state, D6O_RAPID_COMMIT);
1158  if (oc != NULL) {
1160  *opt_state, D6O_RAPID_COMMIT);
1161  }
1162  }
1163 
1164  /*
1165  * Use the client's transaction identifier for the reply.
1166  */
1168  sizeof(reply->transaction_id));
1169 
1170  /*
1171  * RFC 3315, section 18.2 says we need server identifier and
1172  * client identifier.
1173  *
1174  * If the server ID is defined via the configuration file, then
1175  * it will already be present in the option state at this point,
1176  * so we don't need to set it.
1177  *
1178  * If we have a server ID passed in from the caller,
1179  * use that, otherwise use the global DUID.
1180  */
1181  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1182  if (oc == NULL) {
1183  if (server_id == NULL) {
1184  server_id_data = server_duid.data;
1185  server_id_len = server_duid.len;
1186  } else {
1187  server_id_data = server_id->data;
1188  server_id_len = server_id->len;
1189  }
1190  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1191  NULL, (unsigned char *)server_id_data,
1192  server_id_len, D6O_SERVERID, 0)) {
1193  log_error("start_reply: "
1194  "error saving server identifier.");
1195  return 0;
1196  }
1197  }
1198 
1199  if (client_id->buffer != NULL) {
1200  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1201  client_id->buffer,
1202  (unsigned char *)client_id->data,
1203  client_id->len,
1204  D6O_CLIENTID, 0)) {
1205  log_error("start_reply: error saving "
1206  "client identifier.");
1207  return 0;
1208  }
1209  }
1210 
1211  /*
1212  * If the client accepts reconfiguration, let it know that we
1213  * will send them.
1214  *
1215  * Note: we don't actually do this yet, but DOCSIS requires we
1216  * claim to.
1217  */
1220  if (oc != NULL) {
1221  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1222  NULL, (unsigned char *)"", 0,
1223  D6O_RECONF_ACCEPT, 0)) {
1224  log_error("start_reply: "
1225  "error saving RECONF_ACCEPT option.");
1226  option_state_dereference(opt_state, MDL);
1227  return 0;
1228  }
1229  }
1230 
1231  return 1;
1232 }
1233 
1234 /*
1235  * Try to get the IPv6 address the client asked for from the
1236  * pool.
1237  *
1238  * addr is the result (should be a pointer to NULL on entry)
1239  * pool is the pool to search in
1240  * requested_addr is the address the client wants
1241  */
1242 static isc_result_t
1243 try_client_v6_address(struct iasubopt **addr,
1244  struct ipv6_pool *pool,
1245  const struct data_string *requested_addr)
1246 {
1247  struct in6_addr tmp_addr;
1248  isc_result_t result;
1249 
1250  if (requested_addr->len < sizeof(tmp_addr)) {
1251  return DHCP_R_INVALIDARG;
1252  }
1253  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1254  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1255  return ISC_R_FAILURE;
1256  }
1257 
1258  /*
1259  * The address is not covered by this (or possibly any) dynamic
1260  * range.
1261  */
1262  if (!ipv6_in_pool(&tmp_addr, pool)) {
1263  return ISC_R_ADDRNOTAVAIL;
1264  }
1265 
1266  if (lease6_exists(pool, &tmp_addr)) {
1267  return ISC_R_ADDRINUSE;
1268  }
1269 
1270  result = iasubopt_allocate(addr, MDL);
1271  if (result != ISC_R_SUCCESS) {
1272  return result;
1273  }
1274  (*addr)->addr = tmp_addr;
1275  (*addr)->plen = 0;
1276 
1277  /* Default is soft binding for 2 minutes. */
1278  result = add_lease6(pool, *addr, cur_time + 120);
1279  if (result != ISC_R_SUCCESS) {
1280  iasubopt_dereference(addr, MDL);
1281  }
1282  return result;
1283 }
1284 
1306 static isc_result_t
1307 pick_v6_address(struct reply_state *reply)
1308 {
1309  struct ipv6_pool *p = NULL;
1310  struct ipv6_pond *pond;
1311  int i;
1312  int start_pool;
1313  unsigned int attempts;
1314  char tmp_buf[INET6_ADDRSTRLEN];
1315  struct iasubopt **addr = &reply->lease;
1316  isc_uint64_t total = 0;
1317  isc_uint64_t active = 0;
1318  isc_uint64_t abandoned = 0;
1319  int jumbo_range = 0;
1320  char *shared_name = (reply->shared->name ?
1321  reply->shared->name : "(no name)");
1322 
1323  /*
1324  * Do a quick walk through of the ponds and pools
1325  * to see if we have any NA address pools
1326  */
1327  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1328  if (pond->ipv6_pools == NULL)
1329  continue;
1330 
1331  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1332  if (p->pool_type == D6O_IA_NA)
1333  break;
1334  }
1335  if (p != NULL)
1336  break;
1337  }
1338 
1339  /* If we get here and p is NULL we have no useful pools */
1340  if (p == NULL) {
1341  log_debug("Unable to pick client address: "
1342  "no IPv6 pools on this shared network");
1343  return ISC_R_NORESOURCES;
1344  }
1345 
1346  /*
1347  * We have at least one pool that could provide an address
1348  * Now we walk through the ponds and pools again and check
1349  * to see if the client is permitted and if an address is
1350  * available
1351  *
1352  * Within a given pond we start looking at the last pool we
1353  * allocated from, unless it had a collision trying to allocate
1354  * an address. This will tend to move us into less-filled pools.
1355  */
1356 
1357  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1358  isc_result_t result = ISC_R_FAILURE;
1359 
1360  if (((pond->prohibit_list != NULL) &&
1361  (permitted(reply->packet, pond->prohibit_list))) ||
1362  ((pond->permit_list != NULL) &&
1363  (!permitted(reply->packet, pond->permit_list))))
1364  continue;
1365 
1366 #ifdef EUI_64
1367  /* If pond is EUI-64 but client duid isn't a valid EUI-64
1368  * id, then skip this pond */
1369  if (pond->use_eui_64 &&
1370  !valid_eui_64_duid(&reply->ia->iaid_duid, IAID_LEN)) {
1371  continue;
1372  }
1373 #endif
1374 
1375  start_pool = pond->last_ipv6_pool;
1376  i = start_pool;
1377  do {
1378  p = pond->ipv6_pools[i];
1379  if (p->pool_type == D6O_IA_NA) {
1380 #ifdef EUI_64
1381  if (pond->use_eui_64) {
1382  result =
1383  create_lease6_eui_64(p, addr,
1384  &reply->ia->iaid_duid,
1385  cur_time + 120);
1386  }
1387  else
1388 #endif
1389  {
1390  result =
1391  create_lease6(p, addr, &attempts,
1392  &reply->ia->iaid_duid,
1393  cur_time + 120);
1394 
1395  }
1396 
1397  if (result == ISC_R_SUCCESS) {
1398  /*
1399  * Record the pool used (or next one if
1400  * there was a collision).
1401  */
1402  if (attempts > 1) {
1403  i++;
1404  if (pond->ipv6_pools[i]
1405  == NULL) {
1406  i = 0;
1407  }
1408  }
1409 
1410  pond->last_ipv6_pool = i;
1411 
1412  log_debug("Picking pool address %s",
1413  inet_ntop(AF_INET6,
1414  &((*addr)->addr),
1415  tmp_buf, sizeof(tmp_buf)));
1416  return (ISC_R_SUCCESS);
1417  }
1418  }
1419 
1420  i++;
1421  if (pond->ipv6_pools[i] == NULL) {
1422  i = 0;
1423  }
1424  } while (i != start_pool);
1425 
1426  if (result == ISC_R_NORESOURCES) {
1427  jumbo_range += pond->jumbo_range;
1428  total += pond->num_total;
1429  active += pond->num_active;
1430  abandoned += pond->num_abandoned;
1431  }
1432  }
1433 
1434  /*
1435  * If we failed to pick an IPv6 address from any of the subnets.
1436  * Presumably that means we have no addresses for the client.
1437  */
1438  if (jumbo_range != 0) {
1439  log_debug("Unable to pick client address: "
1440  "no addresses available - shared network %s: "
1441  " 2^64-1 < total, %llu active, %llu abandoned",
1442  shared_name, active - abandoned, abandoned);
1443  } else {
1444  log_debug("Unable to pick client address: "
1445  "no addresses available - shared network %s: "
1446  "%llu total, %llu active, %llu abandoned",
1447  shared_name, total, active - abandoned, abandoned);
1448  }
1449 
1450  return ISC_R_NORESOURCES;
1451 }
1452 
1453 /*
1454  * Try to get the IPv6 prefix the client asked for from the
1455  * prefix pool.
1456  *
1457  * pref is the result (should be a pointer to NULL on entry)
1458  * pool is the prefix pool to search in
1459  * requested_pref is the address the client wants
1460  */
1461 static isc_result_t
1462 try_client_v6_prefix(struct iasubopt **pref,
1463  struct ipv6_pool *pool,
1464  const struct data_string *requested_pref)
1465 {
1466  u_int8_t tmp_plen;
1467  struct in6_addr tmp_pref;
1468  struct iaddr ia;
1469  isc_result_t result;
1470 
1471  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1472  return DHCP_R_INVALIDARG;
1473  }
1474 
1475  tmp_plen = (int) requested_pref->data[0];
1476  if ((tmp_plen < 3) || (tmp_plen > 128)) {
1477  return ISC_R_FAILURE;
1478  }
1479 
1480  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1481  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1482  return ISC_R_FAILURE;
1483  }
1484 
1485  ia.len = 16;
1486  memcpy(&ia.iabuf, &tmp_pref, 16);
1487  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1488  return ISC_R_FAILURE;
1489  }
1490 
1491  if (!ipv6_in_pool(&tmp_pref, pool) ||
1492  ((int)tmp_plen != pool->units)) {
1493  return ISC_R_ADDRNOTAVAIL;
1494  }
1495 
1496  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1497  return ISC_R_ADDRINUSE;
1498  }
1499 
1500  result = iasubopt_allocate(pref, MDL);
1501  if (result != ISC_R_SUCCESS) {
1502  return result;
1503  }
1504 
1505  (*pref)->addr = tmp_pref;
1506  (*pref)->plen = tmp_plen;
1507 
1508  /* Default is soft binding for 2 minutes. */
1509  result = add_lease6(pool, *pref, cur_time + 120);
1510  if (result != ISC_R_SUCCESS) {
1511  iasubopt_dereference(pref, MDL);
1512  }
1513 
1514  return result;
1515 }
1516 
1556 static isc_result_t
1557 pick_v6_prefix(struct reply_state *reply) {
1558  struct ipv6_pool *p = NULL;
1559  struct ipv6_pond *pond;
1560  int i;
1561  isc_result_t result;
1562 
1563  /*
1564  * Do a quick walk through of the ponds and pools
1565  * to see if we have any prefix pools
1566  */
1567  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1568  if (pond->ipv6_pools == NULL)
1569  continue;
1570 
1571  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1572  if (p->pool_type == D6O_IA_PD)
1573  break;
1574  }
1575  if (p != NULL)
1576  break;
1577  }
1578 
1579  /* If we get here and p is NULL we have no useful pools */
1580  if (p == NULL) {
1581  log_debug("Unable to pick client prefix: "
1582  "no IPv6 pools on this shared network");
1583  return ISC_R_NORESOURCES;
1584  }
1585 
1586  if (reply->preflen <= 0) {
1587  /* If we didn't get a plen (-1) or client plen is 0, then just
1588  * select first available (same as PLM_INGORE) */
1589  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1590  } else {
1591  switch (prefix_length_mode) {
1592  case PLM_PREFER:
1593  /* First we look for an exact match, if not found
1594  * then first available */
1595  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1596  if (result != ISC_R_SUCCESS) {
1597  result = pick_v6_prefix_helper(reply,
1598  PLM_IGNORE);
1599  }
1600  break;
1601 
1602  case PLM_EXACT:
1603  /* Match exactly or fail */
1604  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1605  break;
1606 
1607  case PLM_MINIMUM:
1608  case PLM_MAXIMUM:
1609  /* First we look for an exact match, if not found
1610  * then first available by mode */
1611  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1612  if (result != ISC_R_SUCCESS) {
1613  result = pick_v6_prefix_helper(reply,
1615  }
1616  break;
1617 
1618  default:
1619  /* First available */
1620  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1621  break;
1622  }
1623  }
1624 
1625  if (result == ISC_R_SUCCESS) {
1626  char tmp_buf[INET6_ADDRSTRLEN];
1627 
1628  log_debug("Picking pool prefix %s/%u",
1629  inet_ntop(AF_INET6, &(reply->lease->addr),
1630  tmp_buf, sizeof(tmp_buf)),
1631  (unsigned)(reply->lease->plen));
1632  return (ISC_R_SUCCESS);
1633  }
1634 
1635  /*
1636  * If we failed to pick an IPv6 prefix
1637  * Presumably that means we have no prefixes for the client.
1638  */
1639  log_debug("Unable to pick client prefix: no prefixes available");
1640  return ISC_R_NORESOURCES;
1641 }
1642 
1666 isc_result_t
1667 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1668  struct ipv6_pool *p = NULL;
1669  struct ipv6_pond *pond;
1670  int i;
1671  unsigned int attempts;
1672  struct iasubopt **pref = &reply->lease;
1673 
1674  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1675  if (((pond->prohibit_list != NULL) &&
1676  (permitted(reply->packet, pond->prohibit_list))) ||
1677  ((pond->permit_list != NULL) &&
1678  (!permitted(reply->packet, pond->permit_list))))
1679  continue;
1680 
1681  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1682  if ((p->pool_type == D6O_IA_PD) &&
1683  (eval_prefix_mode(p->units, reply->preflen,
1684  prefix_mode) == 1) &&
1685  (create_prefix6(p, pref, &attempts,
1686  &reply->ia->iaid_duid,
1687  cur_time + 120) == ISC_R_SUCCESS)) {
1688  return (ISC_R_SUCCESS);
1689  }
1690  }
1691  }
1692 
1693  return ISC_R_NORESOURCES;
1694 }
1695 
1710 int
1711 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1712  int use_it = 1;
1713  switch (prefix_mode) {
1714  case PLM_EXACT:
1715  use_it = (len == preflen);
1716  break;
1717  case PLM_MINIMUM:
1718  /* they asked for a prefix length no "shorter" than preflen */
1719  use_it = (len >= preflen);
1720  break;
1721  case PLM_MAXIMUM:
1722  /* they asked for a prefix length no "longer" than preflen */
1723  use_it = (len <= preflen);
1724  break;
1725  default:
1726  /* otherwise use it */
1727  break;
1728  }
1729 
1730  return (use_it);
1731 }
1732 
1733 /*
1734  *! \file server/dhcpv6.c
1735  *
1736  * \brief construct a reply containing information about a client's lease
1737  *
1738  * lease_to_client() is called from several messages to construct a
1739  * reply that contains all that we know about the client's correct lease
1740  * (or projected lease).
1741  *
1742  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1743  * send what we "may" give them on a request.
1744  *
1745  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1746  * the client should really use).
1747  *
1748  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1749  * Rebind out any "wrong" addresses the client sends. This means we send
1750  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1751  * possibly send the address with zeroed lifetimes.
1752  *
1753  * Information-Request - No binding.
1754  *
1755  * The basic structure is to traverse the client-supplied data first, and
1756  * validate and echo back any contents that can be. If the client-supplied
1757  * data does not error out (on renew/rebind as above), but we did not send
1758  * any addresses, attempt to allocate one.
1759  *
1760  * At the end of the this function we call commit_leases_timed() to
1761  * fsync and rotate the file as necessary. commit_leases_timed() will
1762  * check that we have written at least one lease to the file and that
1763  * some time has passed before doing any fsync or file rewrite so we
1764  * don't bother tracking if we did a write_ia during this function.
1765  */
1766 /* TODO: look at client hints for lease times */
1767 
1768 static void
1769 lease_to_client(struct data_string *reply_ret,
1770  struct packet *packet,
1771  const struct data_string *client_id,
1772  const struct data_string *server_id)
1773 {
1774  static struct reply_state reply;
1775  struct option_cache *oc;
1776  struct data_string packet_oro;
1777  int i;
1778 
1779  memset(&packet_oro, 0, sizeof(packet_oro));
1780 
1781  /* Locate the client. */
1782  if (shared_network_from_packet6(&reply.shared,
1783  packet) != ISC_R_SUCCESS)
1784  goto exit;
1785 
1786  /*
1787  * Initialize the reply.
1788  */
1789  packet_reference(&reply.packet, packet, MDL);
1790  data_string_copy(&reply.client_id, client_id, MDL);
1791 
1792  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1793  &reply.buf.reply))
1794  goto exit;
1795 
1796  /* Set the write cursor to just past the reply header. */
1797  reply.cursor = REPLY_OPTIONS_INDEX;
1798 
1799  /*
1800  * Get the ORO from the packet, if any.
1801  */
1803  if (oc != NULL) {
1804  if (!evaluate_option_cache(&packet_oro, packet,
1805  NULL, NULL,
1806  packet->options, NULL,
1807  &global_scope, oc, MDL)) {
1808  log_error("lease_to_client: error evaluating ORO.");
1809  goto exit;
1810  }
1811  }
1812 
1813  /*
1814  * Find a host record that matches the packet, if any, and is
1815  * valid for the shared network the client is on.
1816  */
1817  if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1818  packet->known = 1;
1819  seek_shared_host(&reply.host, reply.shared);
1820  }
1821 
1822  /* Process the client supplied IA's onto the reply buffer. */
1823  reply.ia_count = 0;
1825 
1826  for (; oc != NULL ; oc = oc->next) {
1827  isc_result_t status;
1828 
1829  /* Start counting resources (addresses) offered. */
1830  reply.client_resources = 0;
1831  reply.resources_included = ISC_FALSE;
1832 
1833  status = reply_process_ia_na(&reply, oc);
1834 
1835  /*
1836  * We continue to try other IA's whether we can address
1837  * this one or not. Any other result is an immediate fail.
1838  */
1839  if ((status != ISC_R_SUCCESS) &&
1840  (status != ISC_R_NORESOURCES))
1841  goto exit;
1842  }
1844  for (; oc != NULL ; oc = oc->next) {
1845  isc_result_t status;
1846 
1847  /* Start counting resources (addresses) offered. */
1848  reply.client_resources = 0;
1849  reply.resources_included = ISC_FALSE;
1850 
1851  status = reply_process_ia_ta(&reply, oc);
1852 
1853  /*
1854  * We continue to try other IA's whether we can address
1855  * this one or not. Any other result is an immediate fail.
1856  */
1857  if ((status != ISC_R_SUCCESS) &&
1858  (status != ISC_R_NORESOURCES))
1859  goto exit;
1860  }
1861 
1862  /* Same for IA_PD's. */
1863  reply.pd_count = 0;
1865  for (; oc != NULL ; oc = oc->next) {
1866  isc_result_t status;
1867 
1868  /* Start counting resources (prefixes) offered. */
1869  reply.client_resources = 0;
1870  reply.resources_included = ISC_FALSE;
1871 
1872  status = reply_process_ia_pd(&reply, oc);
1873 
1874  /*
1875  * We continue to try other IA_PD's whether we can address
1876  * this one or not. Any other result is an immediate fail.
1877  */
1878  if ((status != ISC_R_SUCCESS) &&
1879  (status != ISC_R_NORESOURCES))
1880  goto exit;
1881  }
1882 
1883  /*
1884  * Make no reply if we gave no resources and is not
1885  * for Information-Request.
1886  */
1887  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1888  if (reply.packet->dhcpv6_msg_type !=
1890  goto exit;
1891 
1892  /*
1893  * Because we only execute statements on a per-IA basis,
1894  * we need to execute statements in any non-IA reply to
1895  * source configuration.
1896  */
1897  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1898  reply.packet->options,
1899  reply.opt_state, &global_scope,
1900  reply.shared->group, root_group,
1901  NULL);
1902 
1903  /* Execute statements from class scopes. */
1904  for (i = reply.packet->class_count; i > 0; i--) {
1905  execute_statements_in_scope(NULL, reply.packet,
1906  NULL, NULL,
1907  reply.packet->options,
1908  reply.opt_state,
1909  &global_scope,
1910  reply.packet->classes[i - 1]->group,
1911  reply.shared->group, NULL);
1912  }
1913 
1914  /* Bring in any configuration from a host record. */
1915  if (reply.host != NULL)
1916  execute_statements_in_scope(NULL, reply.packet,
1917  NULL, NULL,
1918  reply.packet->options,
1919  reply.opt_state,
1920  &global_scope,
1921  reply.host->group,
1922  reply.shared->group, NULL);
1923  }
1924 
1925  /*
1926  * RFC3315 section 17.2.2 (Solicit):
1927  *
1928  * If the server will not assign any addresses to any IAs in a
1929  * subsequent Request from the client, the server MUST send an
1930  * Advertise message to the client that includes only a Status
1931  * Code option with code NoAddrsAvail and a status message for
1932  * the user, a Server Identifier option with the server's DUID,
1933  * and a Client Identifier option with the client's DUID.
1934  *
1935  * This has been updated by an errata such that the server
1936  * can always send an IA.
1937  *
1938  * Section 18.2.1 (Request):
1939  *
1940  * If the server cannot assign any addresses to an IA in the
1941  * message from the client, the server MUST include the IA in
1942  * the Reply message with no addresses in the IA and a Status
1943  * Code option in the IA containing status code NoAddrsAvail.
1944  *
1945  * Section 18.1.8 (Client Behavior):
1946  *
1947  * Leave unchanged any information about addresses the client has
1948  * recorded in the IA but that were not included in the IA from
1949  * the server.
1950  * Sends a Renew/Rebind if the IA is not in the Reply message.
1951  */
1952 
1953  /*
1954  * Having stored the client's IA's, store any options that
1955  * will fit in the remaining space.
1956  */
1957  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1958  sizeof(reply.buf) - reply.cursor,
1959  reply.opt_state, reply.packet,
1960  required_opts_solicit,
1961  &packet_oro);
1962 
1963  /* Return our reply to the caller. */
1964  reply_ret->len = reply.cursor;
1965  reply_ret->buffer = NULL;
1966  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1967  log_fatal("No memory to store Reply.");
1968  }
1969  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1970  reply_ret->data = reply_ret->buffer->data;
1971 
1972  /* If appropriate commit and rotate the lease file */
1973  (void) commit_leases_timed();
1974 
1975  exit:
1976  /* Cleanup. */
1977  if (reply.shared != NULL)
1978  shared_network_dereference(&reply.shared, MDL);
1979  if (reply.host != NULL)
1980  host_dereference(&reply.host, MDL);
1981  if (reply.opt_state != NULL)
1982  option_state_dereference(&reply.opt_state, MDL);
1983  if (reply.packet != NULL)
1984  packet_dereference(&reply.packet, MDL);
1985  if (reply.client_id.data != NULL)
1986  data_string_forget(&reply.client_id, MDL);
1987  if (packet_oro.buffer != NULL)
1988  data_string_forget(&packet_oro, MDL);
1989  reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1990  reply.cursor = 0;
1991 }
1992 
1993 /* Process a client-supplied IA_NA. This may append options to the tail of
1994  * the reply packet being built in the reply_state structure.
1995  */
1996 static isc_result_t
1997 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1998  isc_result_t status = ISC_R_SUCCESS;
1999  u_int32_t iaid;
2000  unsigned ia_cursor;
2001  struct option_state *packet_ia;
2002  struct option_cache *oc;
2003  struct data_string ia_data, data;
2004 
2005  /* Initialize values that will get cleaned up on return. */
2006  packet_ia = NULL;
2007  memset(&ia_data, 0, sizeof(ia_data));
2008  memset(&data, 0, sizeof(data));
2009  /*
2010  * Note that find_client_address() may set reply->lease.
2011  */
2012 
2013  /* Make sure there is at least room for the header. */
2014  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
2015  log_error("reply_process_ia_na: Reply too long for IA.");
2016  return ISC_R_NOSPACE;
2017  }
2018 
2019 
2020  /* Fetch the IA_NA contents. */
2021  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2022  ia, IA_NA_OFFSET)) {
2023  log_error("reply_process_ia_na: error evaluating ia");
2024  status = ISC_R_FAILURE;
2025  goto cleanup;
2026  }
2027 
2028  /* Extract IA_NA header contents. */
2029  iaid = getULong(ia_data.data);
2030  reply->renew = getULong(ia_data.data + 4);
2031  reply->rebind = getULong(ia_data.data + 8);
2032 
2033  /* Create an IA_NA structure. */
2034  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2035  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2036  log_error("reply_process_ia_na: no memory for ia.");
2037  status = ISC_R_NOMEMORY;
2038  goto cleanup;
2039  }
2040  reply->ia->ia_type = D6O_IA_NA;
2041 
2042  /* Cache pre-existing IA, if any. */
2043  ia_hash_lookup(&reply->old_ia, ia_na_active,
2044  (unsigned char *)reply->ia->iaid_duid.data,
2045  reply->ia->iaid_duid.len, MDL);
2046 
2047  /*
2048  * Create an option cache to carry the IA_NA option contents, and
2049  * execute any user-supplied values into it.
2050  */
2051  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2052  status = ISC_R_NOMEMORY;
2053  goto cleanup;
2054  }
2055 
2056  /* Check & cache the fixed host record. */
2057  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2058  struct iaddr tmp_addr;
2059 
2060  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2061  NULL, NULL, &global_scope,
2062  reply->host->fixed_addr, MDL)) {
2063  log_error("reply_process_ia_na: unable to evaluate "
2064  "fixed address.");
2065  status = ISC_R_FAILURE;
2066  goto cleanup;
2067  }
2068 
2069  if (reply->fixed.len < 16) {
2070  log_error("reply_process_ia_na: invalid fixed address.");
2071  status = DHCP_R_INVALIDARG;
2072  goto cleanup;
2073  }
2074 
2075  /* Find the static lease's subnet. */
2076  tmp_addr.len = 16;
2077  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2078 
2079  if (find_grouped_subnet(&reply->subnet, reply->shared,
2080  tmp_addr, MDL) == 0)
2081  log_fatal("Impossible condition at %s:%d.", MDL);
2082 
2083  reply->static_lease = ISC_TRUE;
2084  } else
2085  reply->static_lease = ISC_FALSE;
2086 
2087  /*
2088  * Save the cursor position at the start of the IA, so we can
2089  * set length and adjust t1/t2 values later. We write a temporary
2090  * header out now just in case we decide to adjust the packet
2091  * within sub-process functions.
2092  */
2093  ia_cursor = reply->cursor;
2094 
2095  /* Initialize the IA_NA header. First the code. */
2096  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2097  reply->cursor += 2;
2098 
2099  /* Then option length. */
2100  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2101  reply->cursor += 2;
2102 
2103  /* Then IA_NA header contents; IAID. */
2104  putULong(reply->buf.data + reply->cursor, iaid);
2105  reply->cursor += 4;
2106 
2107  /* We store the client's t1 for now, and may over-ride it later. */
2108  putULong(reply->buf.data + reply->cursor, reply->renew);
2109  reply->cursor += 4;
2110 
2111  /* We store the client's t2 for now, and may over-ride it later. */
2112  putULong(reply->buf.data + reply->cursor, reply->rebind);
2113  reply->cursor += 4;
2114 
2115  /*
2116  * For each address in this IA_NA, decide what to do about it.
2117  *
2118  * Guidelines:
2119  *
2120  * The client leaves unchanged any information about addresses
2121  * it has recorded but are not included ("cancel/break" below).
2122  * A not included IA ("cleanup" below) could give a Renew/Rebind.
2123  */
2124  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2125  reply->min_valid = reply->min_prefer = INFINITE_TIME;
2126  reply->client_valid = reply->client_prefer = 0;
2127  for (; oc != NULL ; oc = oc->next) {
2128  status = reply_process_addr(reply, oc);
2129 
2130  /*
2131  * Canceled means we did not allocate addresses to the
2132  * client, but we're "done" with this IA - we set a status
2133  * code. So transmit this reply, e.g., move on to the next
2134  * IA.
2135  */
2136  if (status == ISC_R_CANCELED)
2137  break;
2138 
2139  if ((status != ISC_R_SUCCESS) &&
2140  (status != ISC_R_ADDRINUSE) &&
2141  (status != ISC_R_ADDRNOTAVAIL))
2142  goto cleanup;
2143  }
2144 
2145  reply->ia_count++;
2146 
2147  /*
2148  * If we fell through the above and never gave the client
2149  * an address, give it one now.
2150  */
2151  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2152  status = find_client_address(reply);
2153 
2154  if (status == ISC_R_NORESOURCES) {
2155  switch (reply->packet->dhcpv6_msg_type) {
2156  case DHCPV6_SOLICIT:
2157  /*
2158  * No address for any IA is handled
2159  * by the caller.
2160  */
2161  /* FALL THROUGH */
2162 
2163  case DHCPV6_REQUEST:
2164  /* Section 18.2.1 (Request):
2165  *
2166  * If the server cannot assign any addresses to
2167  * an IA in the message from the client, the
2168  * server MUST include the IA in the Reply
2169  * message with no addresses in the IA and a
2170  * Status Code option in the IA containing
2171  * status code NoAddrsAvail.
2172  */
2173  option_state_dereference(&reply->reply_ia, MDL);
2174  if (!option_state_allocate(&reply->reply_ia,
2175  MDL))
2176  {
2177  log_error("reply_process_ia_na: No "
2178  "memory for option state "
2179  "wipe.");
2180  status = ISC_R_NOMEMORY;
2181  goto cleanup;
2182  }
2183 
2184  if (!set_status_code(STATUS_NoAddrsAvail,
2185  "No addresses available "
2186  "for this interface.",
2187  reply->reply_ia)) {
2188  log_error("reply_process_ia_na: Unable "
2189  "to set NoAddrsAvail status "
2190  "code.");
2191  status = ISC_R_FAILURE;
2192  goto cleanup;
2193  }
2194 
2195  status = ISC_R_SUCCESS;
2196  break;
2197 
2198  default:
2199  /*
2200  * RFC 3315 does not tell us to emit a status
2201  * code in this condition, or anything else.
2202  *
2203  * If we included non-allocated addresses
2204  * (zeroed lifetimes) in an IA, then the client
2205  * will deconfigure them.
2206  *
2207  * So we want to include the IA even if we
2208  * can't give it a new address if it includes
2209  * zeroed lifetime addresses.
2210  *
2211  * We don't want to include the IA if we
2212  * provide zero addresses including zeroed
2213  * lifetimes.
2214  */
2215  if (reply->resources_included)
2216  status = ISC_R_SUCCESS;
2217  else
2218  goto cleanup;
2219  break;
2220  }
2221  }
2222 
2223  if (status != ISC_R_SUCCESS)
2224  goto cleanup;
2225  }
2226 
2227  /*
2228  * yes, goto's aren't the best but we also want to avoid extra
2229  * indents
2230  */
2231  if (status == ISC_R_CANCELED) {
2232  /* We're replying with a status code so we still need to
2233  * write it out in wire-format to the outbound buffer */
2234  write_to_packet(reply, ia_cursor);
2235  goto cleanup;
2236  }
2237 
2238  /*
2239  * Handle static leases, we always log stuff and if it's
2240  * a hard binding we run any commit statements that we have
2241  */
2242  if (reply->static_lease) {
2243  char tmp_addr[INET6_ADDRSTRLEN];
2244  log_info("%s NA: address %s to client with duid %s iaid = %d "
2245  "static",
2246  dhcpv6_type_names[reply->buf.reply.msg_type],
2247  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2248  sizeof(tmp_addr)),
2249  print_hex_1(reply->client_id.len,
2250  reply->client_id.data, 60),
2251  iaid);
2252 
2253  /* Write the lease out in wire-format to the outbound buffer */
2254  write_to_packet(reply, ia_cursor);
2255 #ifdef NSUPDATE
2256  /* Performs DDNS updates if we're configured to do them */
2257  ddns_update_static6(reply);
2258 #endif
2259  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2260  (reply->on_star.on_commit != NULL)) {
2261  execute_statements(NULL, reply->packet, NULL, NULL,
2262  reply->packet->options,
2263  reply->opt_state, NULL,
2264  reply->on_star.on_commit, NULL);
2266  (&reply->on_star.on_commit, MDL);
2267  }
2268  goto cleanup;
2269  }
2270 
2271  /*
2272  * If we have any addresses log what we are doing.
2273  */
2274  if (reply->ia->num_iasubopt != 0) {
2275  struct iasubopt *tmp;
2276  int i;
2277  char tmp_addr[INET6_ADDRSTRLEN];
2278 
2279  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2280  tmp = reply->ia->iasubopt[i];
2281 
2282  log_info("%s NA: address %s to client with duid %s "
2283  "iaid = %d valid for %u seconds",
2284  dhcpv6_type_names[reply->buf.reply.msg_type],
2285  inet_ntop(AF_INET6, &tmp->addr,
2286  tmp_addr, sizeof(tmp_addr)),
2287  print_hex_1(reply->client_id.len,
2288  reply->client_id.data, 60),
2289  iaid, tmp->valid);
2290  }
2291  }
2292 
2293  /*
2294  * If this is not a 'soft' binding, consume the new changes into
2295  * the database (if any have been attached to the ia_na).
2296  *
2297  * Loop through the assigned dynamic addresses, referencing the
2298  * leases onto this IA_NA rather than any old ones, and updating
2299  * pool timers for each (if any).
2300  *
2301  * Note that we must do ddns_updates() before we test for lease
2302  * reuse (so we'll know if DNS entries are different). To ensure
2303  * we don't break any configs, we run on_commit statements before
2304  * we do ddns_updates() just in case the former affects the later.
2305  * This is symetrical with v4 logic. We always run on_commit and
2306  * ddns_udpates() whether a lease is reused or renewed.
2307  */
2308  if ((reply->ia->num_iasubopt != 0) &&
2309  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2310  int must_commit = 0;
2311  struct iasubopt *tmp;
2312  struct data_string *ia_id;
2313  int i;
2314 
2315  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2316  tmp = reply->ia->iasubopt[i];
2317  if (tmp->ia != NULL) {
2318  ia_dereference(&tmp->ia, MDL);
2319  }
2320 
2321  ia_reference(&tmp->ia, reply->ia, MDL);
2322 
2323  /* If we have anything to do on commit do it now */
2324  if (tmp->on_star.on_commit != NULL) {
2325  execute_statements(NULL, reply->packet,
2326  NULL, NULL,
2327  reply->packet->options,
2328  reply->opt_state,
2329  &tmp->scope,
2330  tmp->on_star.on_commit,
2331  &tmp->on_star);
2333  (&tmp->on_star.on_commit, MDL);
2334  }
2335 
2336 #if defined (NSUPDATE)
2337 
2338  /* Perform ddns updates */
2339  oc = lookup_option(&server_universe, reply->opt_state,
2340  SV_DDNS_UPDATES);
2341  if ((oc == NULL) ||
2342  evaluate_boolean_option_cache(NULL, reply->packet,
2343  NULL, NULL,
2344  reply->packet->options,
2345  reply->opt_state,
2346  &tmp->scope,
2347  oc, MDL)) {
2348  ddns_updates(reply->packet, NULL, NULL,
2349  tmp, NULL, reply->opt_state);
2350  }
2351 #endif
2352  if (!reuse_lease6(reply, tmp)) {
2353  /* Commit 'hard' bindings. */
2354  must_commit = 1;
2355  renew_lease6(tmp->ipv6_pool, tmp);
2357 
2358  /* Do our threshold check. */
2359  check_pool6_threshold(reply, tmp);
2360  }
2361  }
2362 
2363  /* write the IA_NA in wire-format to the outbound buffer */
2364  write_to_packet(reply, ia_cursor);
2365 
2366  /* Remove any old ia from the hash. */
2367  if (reply->old_ia != NULL) {
2368  if (!release_on_roam(reply)) {
2369  ia_id = &reply->old_ia->iaid_duid;
2370  ia_hash_delete(ia_na_active,
2371  (unsigned char *)ia_id->data,
2372  ia_id->len, MDL);
2373  }
2374 
2375  ia_dereference(&reply->old_ia, MDL);
2376  }
2377 
2378  /* Put new ia into the hash. */
2379  reply->ia->cltt = cur_time;
2380  ia_id = &reply->ia->iaid_duid;
2381  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2382  ia_id->len, reply->ia, MDL);
2383 
2384  /* If we couldn't reuse all of the iasubopts, we
2385  * must update udpate the lease db */
2386  if (must_commit) {
2387  write_ia(reply->ia);
2388  }
2389  } else {
2390  /* write the IA_NA in wire-format to the outbound buffer */
2391  write_to_packet(reply, ia_cursor);
2392  schedule_lease_timeout_reply(reply);
2393  }
2394 
2395  cleanup:
2396  if (packet_ia != NULL)
2397  option_state_dereference(&packet_ia, MDL);
2398  if (reply->reply_ia != NULL)
2399  option_state_dereference(&reply->reply_ia, MDL);
2400  if (ia_data.data != NULL)
2401  data_string_forget(&ia_data, MDL);
2402  if (data.data != NULL)
2404  if (reply->ia != NULL)
2405  ia_dereference(&reply->ia, MDL);
2406  if (reply->old_ia != NULL)
2407  ia_dereference(&reply->old_ia, MDL);
2408  if (reply->lease != NULL)
2409  iasubopt_dereference(&reply->lease, MDL);
2410  if (reply->fixed.data != NULL)
2411  data_string_forget(&reply->fixed, MDL);
2412  if (reply->subnet != NULL)
2413  subnet_dereference(&reply->subnet, MDL);
2414  if (reply->on_star.on_expiry != NULL)
2416  (&reply->on_star.on_expiry, MDL);
2417  if (reply->on_star.on_release != NULL)
2419  (&reply->on_star.on_release, MDL);
2420 
2421  /*
2422  * ISC_R_CANCELED is a status code used by the addr processing to
2423  * indicate we're replying with a status code. This is still a
2424  * success at higher layers.
2425  */
2426  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2427 }
2428 
2429 /*
2430  * Writes the populated IA_xx in wire format to the reply buffer
2431  */
2432 void
2433 write_to_packet(struct reply_state *reply, unsigned ia_cursor) {
2434  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2435  sizeof(reply->buf) - reply->cursor,
2436  reply->reply_ia, reply->packet,
2437  (reply->ia->ia_type != D6O_IA_PD ?
2438  required_opts_IA : required_opts_IA_PD),
2439  NULL);
2440 
2441  /* Reset the length of this IA to match what was just written. */
2442  putUShort(reply->buf.data + ia_cursor + 2,
2443  reply->cursor - (ia_cursor + 4));
2444 
2445  if (reply->ia->ia_type != D6O_IA_TA) {
2446  /* Calculate T1/T2 and stuff them in the reply */
2447  set_reply_tee_times(reply, ia_cursor);
2448  }
2449 }
2450 
2451 /*
2452  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2453  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2454  * in the event we are replying with a status code and do not wish to process
2455  * more IAADDRs within this IA.
2456  */
2457 static isc_result_t
2458 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2459  u_int32_t pref_life, valid_life;
2460  struct binding_scope **scope;
2461  struct group *group;
2462  struct subnet *subnet;
2463  struct iaddr tmp_addr;
2464  struct option_cache *oc;
2465  struct data_string iaaddr, data;
2466  isc_result_t status = ISC_R_SUCCESS;
2467 #ifdef EUI_64
2468  int invalid_for_eui_64 = 0;
2469 #endif
2470 
2471  /* Initializes values that will be cleaned up. */
2472  memset(&iaaddr, 0, sizeof(iaaddr));
2473  memset(&data, 0, sizeof(data));
2474  /* Note that reply->lease may be set by address_is_owned() */
2475 
2476  /*
2477  * There is no point trying to process an incoming address if there
2478  * is no room for an outgoing address.
2479  */
2480  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2481  log_error("reply_process_addr: Out of room for address.");
2482  return ISC_R_NOSPACE;
2483  }
2484 
2485  /* Extract this IAADDR option. */
2486  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2487  reply->packet->options, NULL, &global_scope,
2488  addr, MDL) ||
2489  (iaaddr.len < IAADDR_OFFSET)) {
2490  log_error("reply_process_addr: error evaluating IAADDR.");
2491  status = ISC_R_FAILURE;
2492  goto cleanup;
2493  }
2494 
2495  /* The first 16 bytes are the IPv6 address. */
2496  pref_life = getULong(iaaddr.data + 16);
2497  valid_life = getULong(iaaddr.data + 20);
2498 
2499  if ((reply->client_valid == 0) ||
2500  (reply->client_valid > valid_life))
2501  reply->client_valid = valid_life;
2502 
2503  if ((reply->client_prefer == 0) ||
2504  (reply->client_prefer > pref_life))
2505  reply->client_prefer = pref_life;
2506 
2507  /*
2508  * Clients may choose to send :: as an address, with the idea to give
2509  * hints about preferred-lifetime or valid-lifetime.
2510  */
2511  tmp_addr.len = 16;
2512  memset(tmp_addr.iabuf, 0, 16);
2513  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2514  /* Status remains success; we just ignore this one. */
2515  goto cleanup;
2516  }
2517 
2518  /* tmp_addr len remains 16 */
2519  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2520 
2521  /*
2522  * Verify that this address is on the client's network.
2523  */
2524  for (subnet = reply->shared->subnets ; subnet != NULL ;
2525  subnet = subnet->next_sibling) {
2526  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2527  subnet->net))
2528  break;
2529  }
2530 
2531 #ifdef EUI_64
2532  if (subnet) {
2533  /* If the requested address falls into an EUI-64 pool, then
2534  * we need to verify if it has EUI-64 duid AND the requested
2535  * address is correct for that duid. If not we treat it just
2536  * like an not-on-link request. */
2537  struct ipv6_pool* pool = NULL;
2538  struct in6_addr* addr = (struct in6_addr*)(iaaddr.data);
2539  if ((find_ipv6_pool(&pool, D6O_IA_NA, addr) == ISC_R_SUCCESS)
2540  && (pool->ipv6_pond->use_eui_64) &&
2541  (!valid_for_eui_64_pool(pool, &reply->client_id, 0, addr))) {
2542  log_debug ("Requested address: %s,"
2543  " not valid for EUI-64 pool",
2544  pin6_addr(addr));
2545  invalid_for_eui_64 = 1;
2546  }
2547  }
2548 #endif
2549 
2550  /* Address not found on shared network. */
2551 #ifdef EUI_64
2552  if ((subnet == NULL) || invalid_for_eui_64) {
2553 #else
2554  if (subnet == NULL) {
2555 #endif
2556  /* Ignore this address on 'soft' bindings. */
2557  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2558  /* disable rapid commit */
2559  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2561  reply->opt_state,
2563  /* status remains success */
2564  goto cleanup;
2565  }
2566 
2567  /*
2568  * RFC3315 section 18.2.1:
2569  *
2570  * If the server finds that the prefix on one or more IP
2571  * addresses in any IA in the message from the client is not
2572  * appropriate for the link to which the client is connected,
2573  * the server MUST return the IA to the client with a Status
2574  * Code option with the value NotOnLink.
2575  */
2576  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2577  /* Rewind the IA_NA to empty. */
2578  option_state_dereference(&reply->reply_ia, MDL);
2579  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2580  log_error("reply_process_addr: No memory for "
2581  "option state wipe.");
2582  status = ISC_R_NOMEMORY;
2583  goto cleanup;
2584  }
2585 
2586  /* Append a NotOnLink status code. */
2587  if (!set_status_code(STATUS_NotOnLink,
2588  "Address not for use on this "
2589  "link.", reply->reply_ia)) {
2590  log_error("reply_process_addr: Failure "
2591  "setting status code.");
2592  status = ISC_R_FAILURE;
2593  goto cleanup;
2594  }
2595 
2596  /* Fin (no more IAADDRs). */
2597  status = ISC_R_CANCELED;
2598  goto cleanup;
2599  }
2600 
2601  /*
2602  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2603  *
2604  * If the server finds that any of the addresses are not
2605  * appropriate for the link to which the client is attached,
2606  * the server returns the address to the client with lifetimes
2607  * of 0.
2608  */
2609  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2610  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2611  log_error("It is impossible to lease a client that is "
2612  "not sending a solicit, request, renew, or "
2613  "rebind.");
2614  status = ISC_R_FAILURE;
2615  goto cleanup;
2616  }
2617 
2618  reply->send_prefer = reply->send_valid = 0;
2619  goto send_addr;
2620  }
2621 
2622 
2623  /* Verify the address belongs to the client. */
2624  if (!address_is_owned(reply, &tmp_addr)) {
2625  /*
2626  * For solicit and request, any addresses included are
2627  * 'requested' addresses. For rebind, we actually have
2628  * no direction on what to do from 3315 section 18.2.4!
2629  * So I think the best bet is to try and give it out, and if
2630  * we can't, zero lifetimes.
2631  */
2632  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2633  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2634  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2635  status = reply_process_try_addr(reply, &tmp_addr);
2636 
2637  /*
2638  * If the address is in use, or isn't in any dynamic
2639  * range, continue as normal. If any other error was
2640  * found, error out.
2641  */
2642  if ((status != ISC_R_SUCCESS) &&
2643  (status != ISC_R_ADDRINUSE) &&
2644  (status != ISC_R_ADDRNOTAVAIL))
2645  goto cleanup;
2646 
2647  /*
2648  * If we didn't honor this lease, for solicit and
2649  * request we simply omit it from our answer. For
2650  * rebind, we send it with zeroed lifetimes.
2651  */
2652  if (reply->lease == NULL) {
2653  if (reply->packet->dhcpv6_msg_type ==
2654  DHCPV6_REBIND) {
2655  reply->send_prefer = 0;
2656  reply->send_valid = 0;
2657  goto send_addr;
2658  }
2659 
2660  /* status remains success - ignore */
2661  goto cleanup;
2662  }
2663  /*
2664  * RFC3315 section 18.2.3:
2665  *
2666  * If the server cannot find a client entry for the IA the
2667  * server returns the IA containing no addresses with a Status
2668  * Code option set to NoBinding in the Reply message.
2669  *
2670  * On mismatch we (ab)use this pretending we have not the IA
2671  * as soon as we have not an address.
2672  */
2673  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2674  /* Rewind the IA_NA to empty. */
2675  option_state_dereference(&reply->reply_ia, MDL);
2676  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2677  log_error("reply_process_addr: No memory for "
2678  "option state wipe.");
2679  status = ISC_R_NOMEMORY;
2680  goto cleanup;
2681  }
2682 
2683  /* Append a NoBinding status code. */
2684  if (!set_status_code(STATUS_NoBinding,
2685  "Address not bound to this "
2686  "interface.", reply->reply_ia)) {
2687  log_error("reply_process_addr: Unable to "
2688  "attach status code.");
2689  status = ISC_R_FAILURE;
2690  goto cleanup;
2691  }
2692 
2693  /* Fin (no more IAADDRs). */
2694  status = ISC_R_CANCELED;
2695  goto cleanup;
2696  } else {
2697  log_error("It is impossible to lease a client that is "
2698  "not sending a solicit, request, renew, or "
2699  "rebind message.");
2700  status = ISC_R_FAILURE;
2701  goto cleanup;
2702  }
2703  }
2704 
2705  if (reply->static_lease) {
2706  if (reply->host == NULL)
2707  log_fatal("Impossible condition at %s:%d.", MDL);
2708 
2709  scope = &global_scope;
2710  group = reply->subnet->group;
2711  } else {
2712  if (reply->lease == NULL)
2713  log_fatal("Impossible condition at %s:%d.", MDL);
2714 
2715  scope = &reply->lease->scope;
2716  group = reply->lease->ipv6_pool->ipv6_pond->group;
2717  }
2718 
2719  /*
2720  * If client_resources is nonzero, then the reply_process_is_addressed
2721  * function has executed configuration state into the reply option
2722  * cache. We will use that valid cache to derive configuration for
2723  * whether or not to engage in additional addresses, and similar.
2724  */
2725  if (reply->client_resources != 0) {
2726  unsigned limit = 1;
2727 
2728  /*
2729  * Does this client have "enough" addresses already? Default
2730  * to one. Everybody gets one, and one should be enough for
2731  * anybody.
2732  */
2733  oc = lookup_option(&server_universe, reply->opt_state,
2735  if (oc != NULL) {
2736  if (!evaluate_option_cache(&data, reply->packet,
2737  NULL, NULL,
2738  reply->packet->options,
2739  reply->opt_state,
2740  scope, oc, MDL) ||
2741  (data.len != 4)) {
2742  log_error("reply_process_addr: unable to "
2743  "evaluate addrs-per-ia value.");
2744  status = ISC_R_FAILURE;
2745  goto cleanup;
2746  }
2747 
2748  limit = getULong(data.data);
2749  data_string_forget(&data, MDL);
2750  }
2751 
2752  /*
2753  * If we wish to limit the client to a certain number of
2754  * addresses, then omit the address from the reply.
2755  */
2756  if (reply->client_resources >= limit)
2757  goto cleanup;
2758  }
2759 
2760  status = reply_process_is_addressed(reply, scope, group);
2761  if (status != ISC_R_SUCCESS)
2762  goto cleanup;
2763 
2764  send_addr:
2765  status = reply_process_send_addr(reply, &tmp_addr);
2766 
2767  cleanup:
2768  if (iaaddr.data != NULL)
2769  data_string_forget(&iaaddr, MDL);
2770  if (data.data != NULL)
2771  data_string_forget(&data, MDL);
2772  if (reply->lease != NULL)
2773  iasubopt_dereference(&reply->lease, MDL);
2774 
2775  return status;
2776 }
2777 
2778 /*
2779  * Verify the address belongs to the client. If we've got a host
2780  * record with a fixed address, it has to be the assigned address
2781  * (fault out all else). Otherwise it's a dynamic address, so lookup
2782  * that address and make sure it belongs to this DUID:IAID pair.
2783  */
2784 static isc_boolean_t
2785 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2786  int i;
2787  struct ipv6_pond *pond;
2788 
2789  /*
2790  * This faults out addresses that don't match fixed addresses.
2791  */
2792  if (reply->static_lease) {
2793  if (reply->fixed.data == NULL)
2794  log_fatal("Impossible condition at %s:%d.", MDL);
2795 
2796  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2797  return (ISC_TRUE);
2798 
2799  return (ISC_FALSE);
2800  }
2801 
2802  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2803  return (ISC_FALSE);
2804 
2805  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2806  struct iasubopt *tmp;
2807 
2808  tmp = reply->old_ia->iasubopt[i];
2809 
2810  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2811  if (lease6_usable(tmp) == ISC_FALSE) {
2812  return (ISC_FALSE);
2813  }
2814 
2815  pond = tmp->ipv6_pool->ipv6_pond;
2816  if (((pond->prohibit_list != NULL) &&
2817  (permitted(reply->packet, pond->prohibit_list))) ||
2818  ((pond->permit_list != NULL) &&
2819  (!permitted(reply->packet, pond->permit_list))))
2820  return (ISC_FALSE);
2821 
2822  iasubopt_reference(&reply->lease, tmp, MDL);
2823 
2824  return (ISC_TRUE);
2825  }
2826  }
2827 
2828  return (ISC_FALSE);
2829 }
2830 
2831 /* Process a client-supplied IA_TA. This may append options to the tail of
2832  * the reply packet being built in the reply_state structure.
2833  */
2834 static isc_result_t
2835 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2836  isc_result_t status = ISC_R_SUCCESS;
2837  u_int32_t iaid;
2838  unsigned ia_cursor;
2839  struct option_state *packet_ia;
2840  struct option_cache *oc;
2841  struct data_string ia_data, data;
2842  struct data_string iaaddr;
2843  u_int32_t pref_life, valid_life;
2844  struct iaddr tmp_addr;
2845 
2846  /* Initialize values that will get cleaned up on return. */
2847  packet_ia = NULL;
2848  memset(&ia_data, 0, sizeof(ia_data));
2849  memset(&data, 0, sizeof(data));
2850  memset(&iaaddr, 0, sizeof(iaaddr));
2851 
2852  /* Make sure there is at least room for the header. */
2853  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2854  log_error("reply_process_ia_ta: Reply too long for IA.");
2855  return ISC_R_NOSPACE;
2856  }
2857 
2858 
2859  /* Fetch the IA_TA contents. */
2860  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2861  ia, IA_TA_OFFSET)) {
2862  log_error("reply_process_ia_ta: error evaluating ia");
2863  status = ISC_R_FAILURE;
2864  goto cleanup;
2865  }
2866 
2867  /* Extract IA_TA header contents. */
2868  iaid = getULong(ia_data.data);
2869 
2870  /* Create an IA_TA structure. */
2871  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2872  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2873  log_error("reply_process_ia_ta: no memory for ia.");
2874  status = ISC_R_NOMEMORY;
2875  goto cleanup;
2876  }
2877  reply->ia->ia_type = D6O_IA_TA;
2878 
2879  /* Cache pre-existing IA, if any. */
2880  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2881  (unsigned char *)reply->ia->iaid_duid.data,
2882  reply->ia->iaid_duid.len, MDL);
2883 
2884  /*
2885  * Create an option cache to carry the IA_TA option contents, and
2886  * execute any user-supplied values into it.
2887  */
2888  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2889  status = ISC_R_NOMEMORY;
2890  goto cleanup;
2891  }
2892 
2893  /*
2894  * Temporary leases are dynamic by definition.
2895  */
2896  reply->static_lease = ISC_FALSE;
2897 
2898  /*
2899  * Save the cursor position at the start of the IA, so we can
2900  * set length later. We write a temporary
2901  * header out now just in case we decide to adjust the packet
2902  * within sub-process functions.
2903  */
2904  ia_cursor = reply->cursor;
2905 
2906  /* Initialize the IA_TA header. First the code. */
2907  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2908  reply->cursor += 2;
2909 
2910  /* Then option length. */
2911  putUShort(reply->buf.data + reply->cursor, 0x04u);
2912  reply->cursor += 2;
2913 
2914  /* Then IA_TA header contents; IAID. */
2915  putULong(reply->buf.data + reply->cursor, iaid);
2916  reply->cursor += 4;
2917 
2918  /*
2919  * Deal with an IAADDR for lifetimes.
2920  * For all or none, process IAADDRs as hints.
2921  */
2922  reply->min_valid = reply->min_prefer = INFINITE_TIME;
2923  reply->client_valid = reply->client_prefer = 0;
2924  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2925  for (; oc != NULL; oc = oc->next) {
2926  memset(&iaaddr, 0, sizeof(iaaddr));
2927  if (!evaluate_option_cache(&iaaddr, reply->packet,
2928  NULL, NULL,
2929  reply->packet->options, NULL,
2930  &global_scope, oc, MDL) ||
2931  (iaaddr.len < IAADDR_OFFSET)) {
2932  log_error("reply_process_ia_ta: error "
2933  "evaluating IAADDR.");
2934  status = ISC_R_FAILURE;
2935  goto cleanup;
2936  }
2937  /* The first 16 bytes are the IPv6 address. */
2938  pref_life = getULong(iaaddr.data + 16);
2939  valid_life = getULong(iaaddr.data + 20);
2940 
2941  if ((reply->client_valid == 0) ||
2942  (reply->client_valid > valid_life))
2943  reply->client_valid = valid_life;
2944 
2945  if ((reply->client_prefer == 0) ||
2946  (reply->client_prefer > pref_life))
2947  reply->client_prefer = pref_life;
2948 
2949  /* Nothing more if something has failed. */
2950  if (status == ISC_R_CANCELED)
2951  continue;
2952 
2953  tmp_addr.len = 16;
2954  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2955  if (!temporary_is_available(reply, &tmp_addr))
2956  goto bad_temp;
2957  status = reply_process_is_addressed(reply,
2958  &reply->lease->scope,
2959  reply->lease->ipv6_pool->ipv6_pond->group);
2960  if (status != ISC_R_SUCCESS)
2961  goto bad_temp;
2962  status = reply_process_send_addr(reply, &tmp_addr);
2963  if (status != ISC_R_SUCCESS)
2964  goto bad_temp;
2965  if (reply->lease != NULL)
2966  iasubopt_dereference(&reply->lease, MDL);
2967  continue;
2968 
2969  bad_temp:
2970  /* Rewind the IA_TA to empty. */
2971  option_state_dereference(&reply->reply_ia, MDL);
2972  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2973  status = ISC_R_NOMEMORY;
2974  goto cleanup;
2975  }
2976  status = ISC_R_CANCELED;
2977  reply->client_resources = 0;
2978  reply->resources_included = ISC_FALSE;
2979  if (reply->lease != NULL)
2980  iasubopt_dereference(&reply->lease, MDL);
2981  }
2982  reply->ia_count++;
2983 
2984  /*
2985  * Give the client temporary addresses.
2986  */
2987  if (reply->client_resources != 0)
2988  goto store;
2989  status = find_client_temporaries(reply);
2990  if (status == ISC_R_NORESOURCES) {
2991  switch (reply->packet->dhcpv6_msg_type) {
2992  case DHCPV6_SOLICIT:
2993  /*
2994  * No address for any IA is handled
2995  * by the caller.
2996  */
2997  /* FALL THROUGH */
2998 
2999  case DHCPV6_REQUEST:
3000  /* Section 18.2.1 (Request):
3001  *
3002  * If the server cannot assign any addresses to
3003  * an IA in the message from the client, the
3004  * server MUST include the IA in the Reply
3005  * message with no addresses in the IA and a
3006  * Status Code option in the IA containing
3007  * status code NoAddrsAvail.
3008  */
3009  option_state_dereference(&reply->reply_ia, MDL);
3010  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3011  log_error("reply_process_ia_ta: No "
3012  "memory for option state wipe.");
3013  status = ISC_R_NOMEMORY;
3014  goto cleanup;
3015  }
3016 
3017  if (!set_status_code(STATUS_NoAddrsAvail,
3018  "No addresses available "
3019  "for this interface.",
3020  reply->reply_ia)) {
3021  log_error("reply_process_ia_ta: Unable "
3022  "to set NoAddrsAvail status code.");
3023  status = ISC_R_FAILURE;
3024  goto cleanup;
3025  }
3026 
3027  status = ISC_R_SUCCESS;
3028  break;
3029 
3030  default:
3031  /*
3032  * We don't want to include the IA if we
3033  * provide zero addresses including zeroed
3034  * lifetimes.
3035  */
3036  if (reply->resources_included)
3037  status = ISC_R_SUCCESS;
3038  else
3039  goto cleanup;
3040  break;
3041  }
3042  } else if (status != ISC_R_SUCCESS)
3043  goto cleanup;
3044 
3045  store:
3046 
3047  /*
3048  * yes, goto's aren't the best but we also want to avoid extra
3049  * indents
3050  */
3051  if (status == ISC_R_CANCELED) {
3052  /* We're replying with a status code so we still need to
3053  * write it out in wire-format to the outbound buffer */
3054  write_to_packet(reply, ia_cursor);
3055  goto cleanup;
3056  }
3057 
3058  /*
3059  * If we have any addresses log what we are doing.
3060  */
3061  if (reply->ia->num_iasubopt != 0) {
3062  struct iasubopt *tmp;
3063  int i;
3064  char tmp_addr[INET6_ADDRSTRLEN];
3065 
3066  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3067  tmp = reply->ia->iasubopt[i];
3068 
3069  log_info("%s TA: address %s to client with duid %s "
3070  "iaid = %d valid for %u seconds",
3071  dhcpv6_type_names[reply->buf.reply.msg_type],
3072  inet_ntop(AF_INET6, &tmp->addr,
3073  tmp_addr, sizeof(tmp_addr)),
3074  print_hex_1(reply->client_id.len,
3075  reply->client_id.data, 60),
3076  iaid,
3077  tmp->valid);
3078  }
3079  }
3080 
3081  /*
3082  * For hard bindings we consume the new changes into
3083  * the database (if any have been attached to the ia_ta).
3084  *
3085  * Loop through the assigned dynamic addresses, referencing the
3086  * leases onto this IA_TA rather than any old ones, and updating
3087  * pool timers for each (if any).
3088  */
3089  if ((reply->ia->num_iasubopt != 0) &&
3090  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
3091  int must_commit = 0;
3092  struct iasubopt *tmp;
3093  struct data_string *ia_id;
3094  int i;
3095 
3096  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3097  tmp = reply->ia->iasubopt[i];
3098 
3099  if (tmp->ia != NULL)
3100  ia_dereference(&tmp->ia, MDL);
3101  ia_reference(&tmp->ia, reply->ia, MDL);
3102 
3103  /* If we have anything to do on commit do it now */
3104  if (tmp->on_star.on_commit != NULL) {
3105  execute_statements(NULL, reply->packet,
3106  NULL, NULL,
3107  reply->packet->options,
3108  reply->opt_state,
3109  &tmp->scope,
3110  tmp->on_star.on_commit,
3111  &tmp->on_star);
3113  (&tmp->on_star.on_commit, MDL);
3114  }
3115 
3116 #if defined (NSUPDATE)
3117  /*
3118  * Perform ddns updates.
3119  */
3120  oc = lookup_option(&server_universe, reply->opt_state,
3121  SV_DDNS_UPDATES);
3122  if ((oc == NULL) ||
3123  evaluate_boolean_option_cache(NULL, reply->packet,
3124  NULL, NULL,
3125  reply->packet->options,
3126  reply->opt_state,
3127  &tmp->scope,
3128  oc, MDL)) {
3129  ddns_updates(reply->packet, NULL, NULL,
3130  tmp, NULL, reply->opt_state);
3131  }
3132 #endif
3133 
3134  if (!reuse_lease6(reply, tmp)) {
3135  /* Commit 'hard' bindings. */
3136  must_commit = 1;
3137  renew_lease6(tmp->ipv6_pool, tmp);
3139 
3140  /* Do our threshold check. */
3141  check_pool6_threshold(reply, tmp);
3142  }
3143  }
3144 
3145  /* write the IA_TA in wire-format to the outbound buffer */
3146  write_to_packet(reply, ia_cursor);
3147 
3148  /* Remove any old ia from the hash. */
3149  if (reply->old_ia != NULL) {
3150  if (!release_on_roam(reply)) {
3151  ia_id = &reply->old_ia->iaid_duid;
3152  ia_hash_delete(ia_ta_active,
3153  (unsigned char *)ia_id->data,
3154  ia_id->len, MDL);
3155  }
3156 
3157  ia_dereference(&reply->old_ia, MDL);
3158  }
3159 
3160  /* Put new ia into the hash. */
3161  reply->ia->cltt = cur_time;
3162  ia_id = &reply->ia->iaid_duid;
3163  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3164  ia_id->len, reply->ia, MDL);
3165 
3166  /* If we couldn't reuse all of the iasubopts, we
3167  * must update udpate the lease db */
3168  if (must_commit) {
3169  write_ia(reply->ia);
3170  }
3171  } else {
3172  /* write the IA_TA in wire-format to the outbound buffer */
3173  write_to_packet(reply, ia_cursor);
3174  schedule_lease_timeout_reply(reply);
3175  }
3176 
3177  cleanup:
3178  if (packet_ia != NULL)
3179  option_state_dereference(&packet_ia, MDL);
3180  if (iaaddr.data != NULL)
3181  data_string_forget(&iaaddr, MDL);
3182  if (reply->reply_ia != NULL)
3183  option_state_dereference(&reply->reply_ia, MDL);
3184  if (ia_data.data != NULL)
3185  data_string_forget(&ia_data, MDL);
3186  if (data.data != NULL)
3188  if (reply->ia != NULL)
3189  ia_dereference(&reply->ia, MDL);
3190  if (reply->old_ia != NULL)
3191  ia_dereference(&reply->old_ia, MDL);
3192  if (reply->lease != NULL)
3193  iasubopt_dereference(&reply->lease, MDL);
3194 
3195  /*
3196  * ISC_R_CANCELED is a status code used by the addr processing to
3197  * indicate we're replying with other addresses. This is still a
3198  * success at higher layers.
3199  */
3200  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3201 }
3202 /*
3203  * Determines if a lease (iasubopt) can be reused without extending it.
3204  * If dhcp-cache-threshold is greater than zero (i.e enabled) then
3205  * a lease may be reused without going through a full renewal if
3206  * it meets all the requirements. In short it must be active, younger
3207  * than the threshold, and not have DNS changes.
3208  *
3209  * If it is determined that it can be reused, that a call to
3210  * shorten_lifetimes() is made to reduce the valid and preferred lifetimes
3211  * sent to the client by the age of the lease.
3212  *
3213  * Returns 1 if lease can be reused, 0 otherwise
3214  */
3215 int
3216 reuse_lease6(struct reply_state *reply, struct iasubopt *lease) {
3217  int threshold = DEFAULT_CACHE_THRESHOLD;
3218  struct option_cache* oc = NULL;
3219  struct data_string d1;
3220  time_t age;
3221  time_t limit;
3222  int reuse_it = 0;
3223 
3224  /* In order to even qualify for reuse consideration:
3225  * 1. Lease must be active
3226  * 2. It must have been accepted at least once
3227  * 3. DNS info must not have changed */
3228  if ((lease->state != FTS_ACTIVE) ||
3229  (lease->hard_lifetime_end_time == 0) ||
3230  (lease->ddns_cb != NULL)) {
3231  return (0);
3232  }
3233 
3234  /* Look up threshold value */
3235  memset(&d1, 0, sizeof(struct data_string));
3236  oc = lookup_option(&server_universe, reply->opt_state,
3238  if (oc &&
3239  evaluate_option_cache(&d1, reply->packet, NULL, NULL,
3240  reply->packet->options, reply->opt_state,
3241  &lease->scope, oc, MDL)) {
3242  if (d1.len == 1 && (d1.data[0] < 100)) {
3243  threshold = d1.data[0];
3244  }
3245 
3246  data_string_forget(&d1, MDL);
3247  }
3248 
3249  if (threshold <= 0) {
3250  return (0);
3251  }
3252 
3253  if (lease->valid >= MAX_TIME) {
3254  /* Infinite leases are always reused. We have to make
3255  * a choice because we cannot determine when they actually
3256  * began, so we either always reuse them or we never do. */
3257  log_debug ("reusing infinite lease for: %s%s",
3258  pin6_addr(&lease->addr), iasubopt_plen_str(lease));
3259  return (1);
3260  }
3261 
3262  age = cur_tv.tv_sec - (lease->hard_lifetime_end_time - lease->valid);
3263  if (lease->valid <= (INT_MAX / threshold))
3264  limit = lease->valid * threshold / 100;
3265  else
3266  limit = lease->valid / 100 * threshold;
3267 
3268  if (age < limit) {
3269  /* Reduce valid/preferred going to the client by age */
3270  shorten_lifetimes(reply, lease, age, threshold);
3271  reuse_it = 1;
3272  }
3273 
3274  return (reuse_it);
3275 }
3276 
3277 /*
3278  * Reduces the valid and preferred lifetimes for a given lease (iasubopt)
3279  *
3280  * We cannot determine until after a iasubopt has been added to
3281  * the reply if the lease can be reused. Therefore, when we do reuse a
3282  * lease we need a way to alter the lifetimes that will be sent to the client.
3283  * That's where this function comes in handy:
3284  *
3285  * Locate the iasubopt by it's address within the reply the reduce both
3286  * the preferred and valid lifetimes by the given number of seconds.
3287  *
3288  * Note that this function, by necessity, works directly with the
3289  * option_cache data. Sort of a no-no but I don't have any better ideas.
3290  */
3291 void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
3292  time_t age, int threshold) {
3293  struct option_cache* oc = NULL;
3294  int subopt_type;
3295  int addr_offset;
3296  int pref_offset;
3297  int val_offset;
3298  int exp_length;
3299 
3300  if (reply->ia->ia_type != D6O_IA_PD) {
3301  subopt_type = D6O_IAADDR;
3302  addr_offset = IASUBOPT_NA_ADDR_OFFSET;
3303  pref_offset = IASUBOPT_NA_PREF_OFFSET;
3304  val_offset = IASUBOPT_NA_VALID_OFFSET;
3305  exp_length = IASUBOPT_NA_LEN;
3306  }
3307  else {
3308  subopt_type = D6O_IAPREFIX;
3309  addr_offset = IASUBOPT_PD_PREFIX_OFFSET;
3310  pref_offset = IASUBOPT_PD_PREF_OFFSET;
3311  val_offset = IASUBOPT_PD_VALID_OFFSET;
3312  exp_length = IASUBOPT_PD_LEN;
3313  }
3314 
3315  // loop through the iasubopts for the one that matches this lease
3316  oc = lookup_option(&dhcpv6_universe, reply->reply_ia, subopt_type);
3317  for (; oc != NULL ; oc = oc->next) {
3318  if (oc->data.data == NULL || oc->data.len != exp_length) {
3319  /* shouldn't happen */
3320  continue;
3321  }
3322 
3323  /* If address matches (and for PDs the prefix len matches)
3324  * we assume this is our subopt, so update the lifetimes */
3325  if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) &&
3326  (subopt_type != D6O_IAPREFIX ||
3328  lease->plen))) {
3329  u_int32_t pref_life = getULong(oc->data.data +
3330  pref_offset);
3331  u_int32_t valid_life = getULong(oc->data.data +
3332  val_offset);
3333 
3334  if (pref_life < MAX_TIME && pref_life > age) {
3335  pref_life -= age;
3336  putULong((unsigned char*)(oc->data.data) +
3337  pref_offset, pref_life);
3338 
3339  if (reply->min_prefer > pref_life) {
3340  reply->min_prefer = pref_life;
3341  }
3342  }
3343 
3344  if (valid_life < MAX_TIME && valid_life > age) {
3345  valid_life -= age;
3346  putULong((unsigned char*)(oc->data.data) +
3347  val_offset, valid_life);
3348 
3349  if (reply->min_valid > reply->send_valid) {
3350  reply->min_valid = valid_life;
3351  }
3352  }
3353 
3354  log_debug ("Reusing lease for: %s%s, "
3355  "age %ld secs < %d%%,"
3356  " sending shortened lifetimes -"
3357  " preferred: %u, valid %u",
3358  pin6_addr(&lease->addr),
3359  iasubopt_plen_str(lease),
3360  (long)age, threshold,
3361  pref_life, valid_life);
3362  break;
3363  }
3364  }
3365 }
3366 
3367 /*
3368  * Verify the temporary address is available.
3369  */
3370 static isc_boolean_t
3371 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3372  struct in6_addr tmp_addr;
3373  struct subnet *subnet;
3374  struct ipv6_pool *pool = NULL;
3375  struct ipv6_pond *pond = NULL;
3376  int i;
3377 
3378  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3379  /*
3380  * Clients may choose to send :: as an address, with the idea to give
3381  * hints about preferred-lifetime or valid-lifetime.
3382  * So this is not a request for this address.
3383  */
3384  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3385  return ISC_FALSE;
3386 
3387  /*
3388  * Verify that this address is on the client's network.
3389  */
3390  for (subnet = reply->shared->subnets ; subnet != NULL ;
3391  subnet = subnet->next_sibling) {
3392  if (addr_eq(subnet_number(*addr, subnet->netmask),
3393  subnet->net))
3394  break;
3395  }
3396 
3397  /* Address not found on shared network. */
3398  if (subnet == NULL)
3399  return ISC_FALSE;
3400 
3401  /*
3402  * Check if this address is owned (must be before next step).
3403  */
3404  if (address_is_owned(reply, addr))
3405  return ISC_TRUE;
3406 
3407  /*
3408  * Verify that this address is in a temporary pool and try to get it.
3409  */
3410  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3411  if (((pond->prohibit_list != NULL) &&
3412  (permitted(reply->packet, pond->prohibit_list))) ||
3413  ((pond->permit_list != NULL) &&
3414  (!permitted(reply->packet, pond->permit_list))))
3415  continue;
3416 
3417  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3418  if (pool->pool_type != D6O_IA_TA)
3419  continue;
3420 
3421  if (ipv6_in_pool(&tmp_addr, pool))
3422  break;
3423  }
3424 
3425  if (pool != NULL)
3426  break;
3427  }
3428 
3429  if (pool == NULL)
3430  return ISC_FALSE;
3431  if (lease6_exists(pool, &tmp_addr))
3432  return ISC_FALSE;
3433  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3434  return ISC_FALSE;
3435  reply->lease->addr = tmp_addr;
3436  reply->lease->plen = 0;
3437  /* Default is soft binding for 2 minutes. */
3438  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3439  return ISC_FALSE;
3440 
3441  return ISC_TRUE;
3442 }
3443 
3444 /*
3445  * Get a temporary address per prefix.
3446  */
3447 static isc_result_t
3448 find_client_temporaries(struct reply_state *reply) {
3449  int i;
3450  struct ipv6_pool *p = NULL;
3451  struct ipv6_pond *pond;
3452  isc_result_t status = ISC_R_NORESOURCES;;
3453  unsigned int attempts;
3454  struct iaddr send_addr;
3455 
3456  /*
3457  * Do a quick walk through of the ponds and pools
3458  * to see if we have any prefix pools
3459  */
3460  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3461  if (pond->ipv6_pools == NULL)
3462  continue;
3463 
3464  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3465  if (p->pool_type == D6O_IA_TA)
3466  break;
3467  }
3468  if (p != NULL)
3469  break;
3470  }
3471 
3472  /* If we get here and p is NULL we have no useful pools */
3473  if (p == NULL) {
3474  log_debug("Unable to get client addresses: "
3475  "no IPv6 pools on this shared network");
3476  return ISC_R_NORESOURCES;
3477  }
3478 
3479  /*
3480  * We have at least one pool that could provide an address
3481  * Now we walk through the ponds and pools again and check
3482  * to see if the client is permitted and if an address is
3483  * available
3484  */
3485 
3486  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3487  if (((pond->prohibit_list != NULL) &&
3488  (permitted(reply->packet, pond->prohibit_list))) ||
3489  ((pond->permit_list != NULL) &&
3490  (!permitted(reply->packet, pond->permit_list))))
3491  continue;
3492 
3493  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3494  if (p->pool_type != D6O_IA_TA) {
3495  continue;
3496  }
3497 
3498  /*
3499  * Get an address in this temporary pool.
3500  */
3501  status = create_lease6(p, &reply->lease, &attempts,
3502  &reply->client_id,
3503  cur_time + 120);
3504 
3505  if (status != ISC_R_SUCCESS) {
3506  log_debug("Unable to get a temporary address.");
3507  goto cleanup;
3508  }
3509 
3510  status = reply_process_is_addressed(reply,
3511  &reply->lease->scope,
3512  pond->group);
3513  if (status != ISC_R_SUCCESS) {
3514  goto cleanup;
3515  }
3516  send_addr.len = 16;
3517  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3518  status = reply_process_send_addr(reply, &send_addr);
3519  if (status != ISC_R_SUCCESS) {
3520  goto cleanup;
3521  }
3522  /*
3523  * reply->lease can't be null as we use it above
3524  * add check if that changes
3525  */
3526  iasubopt_dereference(&reply->lease, MDL);
3527  }
3528  }
3529 
3530  cleanup:
3531  if (reply->lease != NULL) {
3532  iasubopt_dereference(&reply->lease, MDL);
3533  }
3534  return status;
3535 }
3536 
3537 /*
3538  * This function only returns failure on 'hard' failures. If it succeeds,
3539  * it will leave a lease structure behind.
3540  */
3541 static isc_result_t
3542 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3543  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3544  struct ipv6_pool *pool = NULL;
3545  struct ipv6_pond *pond = NULL;
3546  int i;
3547  struct data_string data_addr;
3548 
3549  if ((reply == NULL) || (reply->shared == NULL) ||
3550  (addr == NULL) || (reply->lease != NULL))
3551  return (DHCP_R_INVALIDARG);
3552 
3553  /*
3554  * Do a quick walk through of the ponds and pools
3555  * to see if we have any NA address pools
3556  */
3557  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3558  if (pond->ipv6_pools == NULL)
3559  continue;
3560 
3561  for (i = 0; ; i++) {
3562  pool = pond->ipv6_pools[i];
3563  if ((pool == NULL) ||
3564  (pool->pool_type == D6O_IA_NA))
3565  break;
3566  }
3567  if (pool != NULL)
3568  break;
3569  }
3570 
3571  /* If we get here and p is NULL we have no useful pools */
3572  if (pool == NULL) {
3573  return (ISC_R_ADDRNOTAVAIL);
3574  }
3575 
3576  memset(&data_addr, 0, sizeof(data_addr));
3577  data_addr.len = addr->len;
3578  data_addr.data = addr->iabuf;
3579 
3580  /*
3581  * We have at least one pool that could provide an address
3582  * Now we walk through the ponds and pools again and check
3583  * to see if the client is permitted and if an address is
3584  * available
3585  *
3586  * Within a given pond we start looking at the last pool we
3587  * allocated from, unless it had a collision trying to allocate
3588  * an address. This will tend to move us into less-filled pools.
3589  */
3590 
3591  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3592  if (((pond->prohibit_list != NULL) &&
3593  (permitted(reply->packet, pond->prohibit_list))) ||
3594  ((pond->permit_list != NULL) &&
3595  (!permitted(reply->packet, pond->permit_list))))
3596  continue;
3597 
3598  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3599  if (pool->pool_type != D6O_IA_NA)
3600  continue;
3601 
3602  status = try_client_v6_address(&reply->lease, pool,
3603  &data_addr);
3604  if (status == ISC_R_SUCCESS)
3605  break;
3606  }
3607 
3608  if (status == ISC_R_SUCCESS)
3609  break;
3610  }
3611 
3612  /* Note that this is just pedantry. There is no allocation to free. */
3613  data_string_forget(&data_addr, MDL);
3614  /* Return just the most recent status... */
3615  return (status);
3616 }
3617 
3618 /* Look around for an address to give the client. First, look through the
3619  * old IA for addresses we can extend. Second, try to allocate a new address.
3620  * Finally, actually add that address into the current reply IA.
3621  */
3622 static isc_result_t
3623 find_client_address(struct reply_state *reply) {
3624  struct iaddr send_addr;
3625  isc_result_t status = ISC_R_NORESOURCES;
3626  struct iasubopt *lease, *best_lease = NULL;
3627  struct binding_scope **scope;
3628  struct group *group;
3629  int i;
3630 
3631  if (reply->static_lease) {
3632  if (reply->host == NULL)
3633  return DHCP_R_INVALIDARG;
3634 
3635  send_addr.len = 16;
3636  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3637 
3638  scope = &global_scope;
3639  group = reply->subnet->group;
3640  goto send_addr;
3641  }
3642 
3643  if (reply->old_ia != NULL) {
3644  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3645  struct shared_network *candidate_shared;
3646  struct ipv6_pond *pond;
3647 
3648  lease = reply->old_ia->iasubopt[i];
3649  candidate_shared = lease->ipv6_pool->shared_network;
3650  pond = lease->ipv6_pool->ipv6_pond;
3651 
3652  /*
3653  * Look for the best lease on the client's shared
3654  * network, that is still permitted
3655  */
3656 
3657  if ((candidate_shared != reply->shared) ||
3658  (lease6_usable(lease) != ISC_TRUE))
3659  continue;
3660 
3661  if (((pond->prohibit_list != NULL) &&
3662  (permitted(reply->packet, pond->prohibit_list))) ||
3663  ((pond->permit_list != NULL) &&
3664  (!permitted(reply->packet, pond->permit_list))))
3665  continue;
3666 
3667  best_lease = lease_compare(lease, best_lease);
3668  }
3669  }
3670 
3671  /* Try to pick a new address if we didn't find one, or if we found an
3672  * abandoned lease.
3673  */
3674  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3675  status = pick_v6_address(reply);
3676  } else if (best_lease != NULL) {
3677  iasubopt_reference(&reply->lease, best_lease, MDL);
3678  status = ISC_R_SUCCESS;
3679  }
3680 
3681  /* Pick the abandoned lease as a last resort. */
3682  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3683  /* I don't see how this is supposed to be done right now. */
3684  log_error("Best match for DUID %s is an abandoned address,"
3685  " This may be a result of multiple clients attempting"
3686  " to use this DUID",
3687  print_hex_1(reply->client_id.len,
3688  reply->client_id.data, 60));
3689  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3690  }
3691 
3692  /* Give up now if we didn't find a lease. */
3693  if (status != ISC_R_SUCCESS)
3694  return status;
3695 
3696  if (reply->lease == NULL)
3697  log_fatal("Impossible condition at %s:%d.", MDL);
3698 
3699  /* Draw binding scopes from the lease's binding scope, and config
3700  * from the lease's containing subnet and higher. Note that it may
3701  * be desirable to place the group attachment directly in the pool.
3702  */
3703  scope = &reply->lease->scope;
3704  group = reply->lease->ipv6_pool->ipv6_pond->group;
3705 
3706  send_addr.len = 16;
3707  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3708 
3709  send_addr:
3710  status = reply_process_is_addressed(reply, scope, group);
3711  if (status != ISC_R_SUCCESS)
3712  return status;
3713 
3714  status = reply_process_send_addr(reply, &send_addr);
3715  return status;
3716 }
3717 
3718 /* Once an address is found for a client, perform several common functions;
3719  * Calculate and store valid and preferred lease times, draw client options
3720  * into the option state.
3721  */
3722 static isc_result_t
3723 reply_process_is_addressed(struct reply_state *reply,
3724  struct binding_scope **scope, struct group *group)
3725 {
3726  isc_result_t status = ISC_R_SUCCESS;
3727  struct data_string data;
3728  struct option_cache *oc;
3729  struct option_state *tmp_options = NULL;
3730  struct on_star *on_star;
3731  int i;
3732 
3733  /* Initialize values we will cleanup. */
3734  memset(&data, 0, sizeof(data));
3735 
3736  /*
3737  * Find the proper on_star block to use. We use the
3738  * one in the lease if we have a lease or the one in
3739  * the reply if we don't have a lease because this is
3740  * a static instance
3741  */
3742  if (reply->lease) {
3743  on_star = &reply->lease->on_star;
3744  } else {
3745  on_star = &reply->on_star;
3746  }
3747 
3748  /*
3749  * Bring in the root configuration. We only do this to bring
3750  * in the on * statements, as we didn't have the lease available
3751  * we did it the first time.
3752  */
3753  option_state_allocate(&tmp_options, MDL);
3754  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3755  reply->packet->options, tmp_options,
3756  &global_scope, root_group, NULL,
3757  on_star);
3758  if (tmp_options != NULL) {
3759  option_state_dereference(&tmp_options, MDL);
3760  }
3761 
3762  /*
3763  * Bring configured options into the root packet level cache - start
3764  * with the lease's closest enclosing group (passed in by the caller
3765  * as 'group').
3766  */
3767  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3768  reply->packet->options, reply->opt_state,
3769  scope, group, root_group, on_star);
3770 
3771  /* Execute statements from class scopes. */
3772  for (i = reply->packet->class_count; i > 0; i--) {
3773  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3774  reply->packet->options,
3775  reply->opt_state, scope,
3776  reply->packet->classes[i - 1]->group,
3777  group, on_star);
3778  }
3779 
3780  /*
3781  * If there is a host record, over-ride with values configured there,
3782  * without re-evaluating configuration from the previously executed
3783  * group or its common enclosers.
3784  */
3785  if (reply->host != NULL)
3786  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3787  reply->packet->options,
3788  reply->opt_state, scope,
3789  reply->host->group, group,
3790  on_star);
3791 
3792  /* Determine valid lifetime. */
3793  if (reply->client_valid == 0)
3794  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3795  else
3796  reply->send_valid = reply->client_valid;
3797 
3798  oc = lookup_option(&server_universe, reply->opt_state,
3800  if (oc != NULL) {
3801  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3802  reply->packet->options,
3803  reply->opt_state,
3804  scope, oc, MDL) ||
3805  (data.len != 4)) {
3806  log_error("reply_process_is_addressed: unable to "
3807  "evaluate default lease time");
3808  status = ISC_R_FAILURE;
3809  goto cleanup;
3810  }
3811 
3812  reply->send_valid = getULong(data.data);
3813  data_string_forget(&data, MDL);
3814  }
3815 
3816  /* Check to see if the lease time would cause us to wrap
3817  * in which case we make it infinite.
3818  * The following doesn't work on at least some systems:
3819  * (cur_time + reply->send_valid < cur_time)
3820  */
3821  if (reply->send_valid != INFINITE_TIME) {
3822  time_t test_time = cur_time + reply->send_valid;
3823  if (test_time < cur_time)
3824  reply->send_valid = INFINITE_TIME;
3825  }
3826 
3827  if (reply->client_prefer == 0)
3828  reply->send_prefer = reply->send_valid;
3829  else
3830  reply->send_prefer = reply->client_prefer;
3831 
3832  if ((reply->send_prefer >= reply->send_valid) &&
3833  (reply->send_valid != INFINITE_TIME))
3834  reply->send_prefer = (reply->send_valid / 2) +
3835  (reply->send_valid / 8);
3836 
3837  oc = lookup_option(&server_universe, reply->opt_state,
3839  if (oc != NULL) {
3840  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3841  reply->packet->options,
3842  reply->opt_state,
3843  scope, oc, MDL) ||
3844  (data.len != 4)) {
3845  log_error("reply_process_is_addressed: unable to "
3846  "evaluate preferred lease time");
3847  status = ISC_R_FAILURE;
3848  goto cleanup;
3849  }
3850 
3851  reply->send_prefer = getULong(data.data);
3852  data_string_forget(&data, MDL);
3853  }
3854 
3855  /* Note lowest values for later calculation of renew/rebind times. */
3856  if (reply->min_prefer > reply->send_prefer)
3857  reply->min_prefer = reply->send_prefer;
3858 
3859  if (reply->min_valid > reply->send_valid)
3860  reply->min_valid = reply->send_valid;
3861 
3862 #if 0
3863  /*
3864  * XXX: Old 4.0.0 alpha code would change the host {} record
3865  * XXX: uid upon lease assignment. This was intended to cover the
3866  * XXX: case where a client first identifies itself using vendor
3867  * XXX: options in a solicit, or request, but later neglects to include
3868  * XXX: these options in a Renew or Rebind. It is not clear that this
3869  * XXX: is required, and has some startling ramifications (such as
3870  * XXX: how to recover this dynamic host {} state across restarts).
3871  */
3872  if (reply->host != NULL)
3873  change_host_uid(host, reply->client_id->data,
3874  reply->client_id->len);
3875 #endif /* 0 */
3876 
3877  /* Perform dynamic lease related update work. */
3878  if (reply->lease != NULL) {
3879  /* Cached lifetimes */
3880  reply->lease->prefer = reply->send_prefer;
3881  reply->lease->valid = reply->send_valid;
3882 
3883  /* Advance (or rewind) the valid lifetime.
3884  * In the protocol 0xFFFFFFFF is infinite
3885  * when connecting to the lease file MAX_TIME is
3886  */
3887  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3888  if (reply->send_valid == INFINITE_TIME) {
3889  reply->lease->soft_lifetime_end_time = MAX_TIME;
3890  } else {
3891  reply->lease->soft_lifetime_end_time =
3892  cur_time + reply->send_valid;
3893  }
3894  /* Wait before renew! */
3895  }
3896 
3897  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3898  if (status != ISC_R_SUCCESS) {
3899  log_fatal("reply_process_is_addressed: Unable to "
3900  "attach lease to new IA: %s",
3901  isc_result_totext(status));
3902  }
3903 
3904  /*
3905  * If this is a new lease, make sure it is attached somewhere.
3906  */
3907  if (reply->lease->ia == NULL) {
3908  ia_reference(&reply->lease->ia, reply->ia, MDL);
3909  }
3910  }
3911 
3912  /* Bring a copy of the relevant options into the IA scope. */
3913  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3914  reply->packet->options, reply->reply_ia,
3915  scope, group, root_group, NULL);
3916 
3917  /* Execute statements from class scopes. */
3918  for (i = reply->packet->class_count; i > 0; i--) {
3919  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3920  reply->packet->options,
3921  reply->reply_ia, scope,
3922  reply->packet->classes[i - 1]->group,
3923  group, NULL);
3924  }
3925 
3926  /*
3927  * And bring in host record configuration, if any, but not to overlap
3928  * the previous group or its common enclosers.
3929  */
3930  if (reply->host != NULL)
3931  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3932  reply->packet->options,
3933  reply->reply_ia, scope,
3934  reply->host->group, group, NULL);
3935 
3936  cleanup:
3937  if (data.data != NULL)
3938  data_string_forget(&data, MDL);
3939 
3940  if (status == ISC_R_SUCCESS)
3941  reply->client_resources++;
3942 
3943  return status;
3944 }
3945 
3946 /* Simply send an IAADDR within the IA scope as described. */
3947 static isc_result_t
3948 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3949  isc_result_t status = ISC_R_SUCCESS;
3950  struct data_string data;
3951 
3952  memset(&data, 0, sizeof(data));
3953 
3954  /* Now append the lease. */
3955  data.len = IAADDR_OFFSET;
3956  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3957  log_error("reply_process_send_addr: out of memory"
3958  "allocating new IAADDR buffer.");
3959  status = ISC_R_NOMEMORY;
3960  goto cleanup;
3961  }
3962  data.data = data.buffer->data;
3963 
3964  memcpy(data.buffer->data, addr->iabuf, 16);
3965  putULong(data.buffer->data + 16, reply->send_prefer);
3966  putULong(data.buffer->data + 20, reply->send_valid);
3967 
3968  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3969  data.buffer, data.buffer->data,
3970  data.len, D6O_IAADDR, 0)) {
3971  log_error("reply_process_send_addr: unable "
3972  "to save IAADDR option");
3973  status = ISC_R_FAILURE;
3974  goto cleanup;
3975  }
3976 
3977  reply->resources_included = ISC_TRUE;
3978 
3979  cleanup:
3980  if (data.data != NULL)
3982 
3983  return status;
3984 }
3985 
3986 /* Choose the better of two leases. */
3987 static struct iasubopt *
3988 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3989  if (alpha == NULL)
3990  return beta;
3991  if (beta == NULL)
3992  return alpha;
3993 
3994  switch(alpha->state) {
3995  case FTS_ACTIVE:
3996  switch(beta->state) {
3997  case FTS_ACTIVE:
3998  /* Choose the lease with the longest lifetime (most
3999  * likely the most recently allocated).
4000  */
4001  if (alpha->hard_lifetime_end_time <
4002  beta->hard_lifetime_end_time)
4003  return beta;
4004  else
4005  return alpha;
4006 
4007  case FTS_EXPIRED:
4008  case FTS_ABANDONED:
4009  return alpha;
4010 
4011  default:
4012  log_fatal("Impossible condition at %s:%d.", MDL);
4013  }
4014  break;
4015 
4016  case FTS_EXPIRED:
4017  switch (beta->state) {
4018  case FTS_ACTIVE:
4019  return beta;
4020 
4021  case FTS_EXPIRED:
4022  /* Choose the most recently expired lease. */
4023  if (alpha->hard_lifetime_end_time <
4024  beta->hard_lifetime_end_time)
4025  return beta;
4026  else if ((alpha->hard_lifetime_end_time ==
4027  beta->hard_lifetime_end_time) &&
4028  (alpha->soft_lifetime_end_time <
4029  beta->soft_lifetime_end_time))
4030  return beta;
4031  else
4032  return alpha;
4033 
4034  case FTS_ABANDONED:
4035  return alpha;
4036 
4037  default:
4038  log_fatal("Impossible condition at %s:%d.", MDL);
4039  }
4040  break;
4041 
4042  case FTS_ABANDONED:
4043  switch (beta->state) {
4044  case FTS_ACTIVE:
4045  case FTS_EXPIRED:
4046  return alpha;
4047 
4048  case FTS_ABANDONED:
4049  /* Choose the lease that was abandoned longest ago. */
4050  if (alpha->hard_lifetime_end_time <
4051  beta->hard_lifetime_end_time)
4052  return alpha;
4053  else
4054  return beta;
4055 
4056  default:
4057  log_fatal("Impossible condition at %s:%d.", MDL);
4058  }
4059  break;
4060 
4061  default:
4062  log_fatal("Impossible condition at %s:%d.", MDL);
4063  }
4064 
4065  log_fatal("Triple impossible condition at %s:%d.", MDL);
4066  return NULL;
4067 }
4068 
4069 /* Process a client-supplied IA_PD. This may append options to the tail of
4070  * the reply packet being built in the reply_state structure.
4071  */
4072 static isc_result_t
4073 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
4074  isc_result_t status = ISC_R_SUCCESS;
4075  u_int32_t iaid;
4076  unsigned ia_cursor;
4077  struct option_state *packet_ia;
4078  struct option_cache *oc;
4079  struct data_string ia_data, data;
4080 
4081  /* Initialize values that will get cleaned up on return. */
4082  packet_ia = NULL;
4083  memset(&ia_data, 0, sizeof(ia_data));
4084  memset(&data, 0, sizeof(data));
4085  /*
4086  * Note that find_client_prefix() may set reply->lease.
4087  */
4088 
4089  /* Make sure there is at least room for the header. */
4090  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
4091  log_error("reply_process_ia_pd: Reply too long for IA.");
4092  return ISC_R_NOSPACE;
4093  }
4094 
4095 
4096  /* Fetch the IA_PD contents. */
4097  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
4098  ia, IA_PD_OFFSET)) {
4099  log_error("reply_process_ia_pd: error evaluating ia");
4100  status = ISC_R_FAILURE;
4101  goto cleanup;
4102  }
4103 
4104  /* Extract IA_PD header contents. */
4105  iaid = getULong(ia_data.data);
4106  reply->renew = getULong(ia_data.data + 4);
4107  reply->rebind = getULong(ia_data.data + 8);
4108 
4109  /* Create an IA_PD structure. */
4110  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
4111  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
4112  log_error("reply_process_ia_pd: no memory for ia.");
4113  status = ISC_R_NOMEMORY;
4114  goto cleanup;
4115  }
4116  reply->ia->ia_type = D6O_IA_PD;
4117 
4118  /* Cache pre-existing IA_PD, if any. */
4119  ia_hash_lookup(&reply->old_ia, ia_pd_active,
4120  (unsigned char *)reply->ia->iaid_duid.data,
4121  reply->ia->iaid_duid.len, MDL);
4122 
4123  /*
4124  * Create an option cache to carry the IA_PD option contents, and
4125  * execute any user-supplied values into it.
4126  */
4127  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4128  status = ISC_R_NOMEMORY;
4129  goto cleanup;
4130  }
4131 
4132  /* Check & count the fixed prefix host records. */
4133  reply->static_prefixes = 0;
4134  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
4135  struct iaddrcidrnetlist *fp;
4136 
4137  for (fp = reply->host->fixed_prefix; fp != NULL;
4138  fp = fp->next) {
4139  reply->static_prefixes += 1;
4140  }
4141  }
4142 
4143  /*
4144  * Save the cursor position at the start of the IA_PD, so we can
4145  * set length and adjust t1/t2 values later. We write a temporary
4146  * header out now just in case we decide to adjust the packet
4147  * within sub-process functions.
4148  */
4149  ia_cursor = reply->cursor;
4150 
4151  /* Initialize the IA_PD header. First the code. */
4152  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
4153  reply->cursor += 2;
4154 
4155  /* Then option length. */
4156  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
4157  reply->cursor += 2;
4158 
4159  /* Then IA_PD header contents; IAID. */
4160  putULong(reply->buf.data + reply->cursor, iaid);
4161  reply->cursor += 4;
4162 
4163  /* We store the client's t1 for now, and may over-ride it later. */
4164  putULong(reply->buf.data + reply->cursor, reply->renew);
4165  reply->cursor += 4;
4166 
4167  /* We store the client's t2 for now, and may over-ride it later. */
4168  putULong(reply->buf.data + reply->cursor, reply->rebind);
4169  reply->cursor += 4;
4170 
4171  /*
4172  * For each prefix in this IA_PD, decide what to do about it.
4173  */
4174  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
4175  reply->min_valid = reply->min_prefer = INFINITE_TIME;
4176  reply->client_valid = reply->client_prefer = 0;
4177  reply->preflen = -1;
4178  for (; oc != NULL ; oc = oc->next) {
4179  status = reply_process_prefix(reply, oc);
4180 
4181  /*
4182  * Canceled means we did not allocate prefixes to the
4183  * client, but we're "done" with this IA - we set a status
4184  * code. So transmit this reply, e.g., move on to the next
4185  * IA.
4186  */
4187  if (status == ISC_R_CANCELED)
4188  break;
4189 
4190  if ((status != ISC_R_SUCCESS) &&
4191  (status != ISC_R_ADDRINUSE) &&
4192  (status != ISC_R_ADDRNOTAVAIL))
4193  goto cleanup;
4194  }
4195 
4196  reply->pd_count++;
4197 
4198  /*
4199  * If we fell through the above and never gave the client
4200  * a prefix, give it one now.
4201  */
4202  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
4203  status = find_client_prefix(reply);
4204 
4205  if (status == ISC_R_NORESOURCES) {
4206  switch (reply->packet->dhcpv6_msg_type) {
4207  case DHCPV6_SOLICIT:
4208  /*
4209  * No prefix for any IA is handled
4210  * by the caller.
4211  */
4212  /* FALL THROUGH */
4213 
4214  case DHCPV6_REQUEST:
4215  /* Same than for addresses. */
4216  option_state_dereference(&reply->reply_ia, MDL);
4217  if (!option_state_allocate(&reply->reply_ia,
4218  MDL))
4219  {
4220  log_error("reply_process_ia_pd: No "
4221  "memory for option state "
4222  "wipe.");
4223  status = ISC_R_NOMEMORY;
4224  goto cleanup;
4225  }
4226 
4227  if (!set_status_code(STATUS_NoPrefixAvail,
4228  "No prefixes available "
4229  "for this interface.",
4230  reply->reply_ia)) {
4231  log_error("reply_process_ia_pd: "
4232  "Unable to set "
4233  "NoPrefixAvail status "
4234  "code.");
4235  status = ISC_R_FAILURE;
4236  goto cleanup;
4237  }
4238 
4239  status = ISC_R_SUCCESS;
4240  break;
4241 
4242  default:
4243  if (reply->resources_included)
4244  status = ISC_R_SUCCESS;
4245  else
4246  goto cleanup;
4247  break;
4248  }
4249  }
4250 
4251  if (status != ISC_R_SUCCESS)
4252  goto cleanup;
4253  }
4254 
4255  /*
4256  * yes, goto's aren't the best but we also want to avoid extra
4257  * indents
4258  */
4259  if (status == ISC_R_CANCELED) {
4260  /* We're replying with a status code so we still need to
4261  * write it out in wire-format to the outbound buffer */
4262  write_to_packet(reply, ia_cursor);
4263  goto cleanup;
4264  }
4265 
4266  /*
4267  * Handle static prefixes, we always log stuff and if it's
4268  * a hard binding we run any commit statements that we have
4269  */
4270  if (reply->static_prefixes != 0) {
4271  char tmp_addr[INET6_ADDRSTRLEN];
4272  log_info("%s PD: address %s/%d to client with duid %s "
4273  "iaid = %d static",
4274  dhcpv6_type_names[reply->buf.reply.msg_type],
4275  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
4276  tmp_addr, sizeof(tmp_addr)),
4277  reply->fixed_pref.bits,
4278  print_hex_1(reply->client_id.len,
4279  reply->client_id.data, 60),
4280  iaid);
4281 
4282  /* Write the lease out in wire-format to the outbound buffer */
4283  write_to_packet(reply, ia_cursor);
4284 
4285  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4286  (reply->on_star.on_commit != NULL)) {
4287  execute_statements(NULL, reply->packet, NULL, NULL,
4288  reply->packet->options,
4289  reply->opt_state,
4290  NULL, reply->on_star.on_commit,
4291  NULL);
4293  (&reply->on_star.on_commit, MDL);
4294  }
4295  goto cleanup;
4296  }
4297 
4298  /*
4299  * If we have any addresses log what we are doing.
4300  */
4301  if (reply->ia->num_iasubopt != 0) {
4302  struct iasubopt *tmp;
4303  int i;
4304  char tmp_addr[INET6_ADDRSTRLEN];
4305 
4306  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4307  tmp = reply->ia->iasubopt[i];
4308 
4309  log_info("%s PD: address %s/%d to client with duid %s"
4310  " iaid = %d valid for %u seconds",
4311  dhcpv6_type_names[reply->buf.reply.msg_type],
4312  inet_ntop(AF_INET6, &tmp->addr,
4313  tmp_addr, sizeof(tmp_addr)),
4314  (int)tmp->plen,
4315  print_hex_1(reply->client_id.len,
4316  reply->client_id.data, 60),
4317  iaid, tmp->valid);
4318  }
4319  }
4320 
4321  /*
4322  * If this is not a 'soft' binding, consume the new changes into
4323  * the database (if any have been attached to the ia_pd).
4324  *
4325  * Loop through the assigned dynamic prefixes, referencing the
4326  * prefixes onto this IA_PD rather than any old ones, and updating
4327  * prefix pool timers for each (if any).
4328  *
4329  * If a lease can be reused we skip renewing it or checking the
4330  * pool threshold. If it can't we flag that the IA must be commited
4331  * to the db and do the renewal and pool check.
4332  */
4333  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4334  (reply->ia->num_iasubopt != 0)) {
4335  int must_commit = 0;
4336  struct iasubopt *tmp;
4337  struct data_string *ia_id;
4338  int i;
4339 
4340  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4341  tmp = reply->ia->iasubopt[i];
4342 
4343  if (tmp->ia != NULL)
4344  ia_dereference(&tmp->ia, MDL);
4345  ia_reference(&tmp->ia, reply->ia, MDL);
4346 
4347  /* If we have anything to do on commit do it now */
4348  if (tmp->on_star.on_commit != NULL) {
4349  execute_statements(NULL, reply->packet,
4350  NULL, NULL,
4351  reply->packet->options,
4352  reply->opt_state,
4353  &tmp->scope,
4354  tmp->on_star.on_commit,
4355  &tmp->on_star);
4357  (&tmp->on_star.on_commit, MDL);
4358  }
4359 
4360  if (!reuse_lease6(reply, tmp)) {
4361  /* Commit 'hard' bindings. */
4362  must_commit = 1;
4363  renew_lease6(tmp->ipv6_pool, tmp);
4365 
4366  /* Do our threshold check. */
4367  check_pool6_threshold(reply, tmp);
4368  }
4369  }
4370 
4371  /* write the IA_PD in wire-format to the outbound buffer */
4372  write_to_packet(reply, ia_cursor);
4373 
4374  /* Remove any old ia from the hash. */
4375  if (reply->old_ia != NULL) {
4376  if (!release_on_roam(reply)) {
4377  ia_id = &reply->old_ia->iaid_duid;
4378  ia_hash_delete(ia_pd_active,
4379  (unsigned char *)ia_id->data,
4380  ia_id->len, MDL);
4381  }
4382 
4383  ia_dereference(&reply->old_ia, MDL);
4384  }
4385 
4386  /* Put new ia into the hash. */
4387  reply->ia->cltt = cur_time;
4388  ia_id = &reply->ia->iaid_duid;
4389  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4390  ia_id->len, reply->ia, MDL);
4391 
4392  /* If we couldn't reuse all of the iasubopts, we
4393  * must udpate the lease db */
4394  if (must_commit) {
4395  write_ia(reply->ia);
4396  }
4397  } else {
4398  /* write the IA_PD in wire-format to the outbound buffer */
4399  write_to_packet(reply, ia_cursor);
4400  schedule_lease_timeout_reply(reply);
4401  }
4402 
4403  cleanup:
4404  if (packet_ia != NULL)
4405  option_state_dereference(&packet_ia, MDL);
4406  if (reply->reply_ia != NULL)
4407  option_state_dereference(&reply->reply_ia, MDL);
4408  if (ia_data.data != NULL)
4409  data_string_forget(&ia_data, MDL);
4410  if (data.data != NULL)
4412  if (reply->ia != NULL)
4413  ia_dereference(&reply->ia, MDL);
4414  if (reply->old_ia != NULL)
4415  ia_dereference(&reply->old_ia, MDL);
4416  if (reply->lease != NULL)
4417  iasubopt_dereference(&reply->lease, MDL);
4418  if (reply->on_star.on_expiry != NULL)
4420  (&reply->on_star.on_expiry, MDL);
4421  if (reply->on_star.on_release != NULL)
4423  (&reply->on_star.on_release, MDL);
4424 
4425  /*
4426  * ISC_R_CANCELED is a status code used by the prefix processing to
4427  * indicate we're replying with a status code. This is still a
4428  * success at higher layers.
4429  */
4430  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4431 }
4432 
4452 static struct group *
4453 find_group_by_prefix(struct reply_state *reply) {
4454  /* default group if we don't find anything better */
4455  struct group *group = reply->shared->group;
4456  struct subnet *subnet = NULL;
4457  struct iaddr tmp_addr;
4458  struct data_string fixed_addr;
4459 
4460  /* Try with the prefix first */
4461  if (find_grouped_subnet(&subnet, reply->shared,
4462  reply->fixed_pref.lo_addr, MDL) != 0) {
4463  group = subnet->group;
4464  subnet_dereference(&subnet, MDL);
4465  return (group);
4466  }
4467 
4468  /* Didn't find a subnet via prefix, what about fixed address */
4469  /* The caller has already tested reply->host != NULL */
4470 
4471  memset(&fixed_addr, 0, sizeof(fixed_addr));
4472 
4473  if ((reply->host->fixed_addr != NULL) &&
4474  (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4475  NULL, NULL, &global_scope,
4476  reply->host->fixed_addr, MDL))) {
4477  if (fixed_addr.len >= 16) {
4478  tmp_addr.len = 16;
4479  memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4480  if (find_grouped_subnet(&subnet, reply->shared,
4481  tmp_addr, MDL) != 0) {
4482  group = subnet->group;
4483  subnet_dereference(&subnet, MDL);
4484  }
4485  }
4486  data_string_forget(&fixed_addr, MDL);
4487  }
4488 
4489  /* return whatever we got */
4490  return (group);
4491 }
4492 
4493 /*
4494  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4495  * contents into the reply's current ia_pd-scoped option cache. Returns
4496  * ISC_R_CANCELED in the event we are replying with a status code and do
4497  * not wish to process more IAPREFIXes within this IA_PD.
4498  */
4499 static isc_result_t
4500 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4501  u_int32_t pref_life, valid_life;
4502  struct binding_scope **scope;
4503  struct iaddrcidrnet tmp_pref;
4504  struct option_cache *oc;
4505  struct data_string iapref, data;
4506  isc_result_t status = ISC_R_SUCCESS;
4507  struct group *group;
4508 
4509  /* Initializes values that will be cleaned up. */
4510  memset(&iapref, 0, sizeof(iapref));
4511  memset(&data, 0, sizeof(data));
4512  /* Note that reply->lease may be set by prefix_is_owned() */
4513 
4514  /*
4515  * There is no point trying to process an incoming prefix if there
4516  * is no room for an outgoing prefix.
4517  */
4518  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4519  log_error("reply_process_prefix: Out of room for prefix.");
4520  return ISC_R_NOSPACE;
4521  }
4522 
4523  /* Extract this IAPREFIX option. */
4524  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4525  reply->packet->options, NULL, &global_scope,
4526  pref, MDL) ||
4527  (iapref.len < IAPREFIX_OFFSET)) {
4528  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4529  status = ISC_R_FAILURE;
4530  goto cleanup;
4531  }
4532 
4533  /*
4534  * Layout: preferred and valid lifetimes followed by the prefix
4535  * length and the IPv6 address.
4536  */
4537  pref_life = getULong(iapref.data);
4538  valid_life = getULong(iapref.data + 4);
4539 
4540  if ((reply->client_valid == 0) ||
4541  (reply->client_valid > valid_life))
4542  reply->client_valid = valid_life;
4543 
4544  if ((reply->client_prefer == 0) ||
4545  (reply->client_prefer > pref_life))
4546  reply->client_prefer = pref_life;
4547 
4548  /*
4549  * Clients may choose to send ::/0 as a prefix, with the idea to give
4550  * hints about preferred-lifetime or valid-lifetime.
4551  */
4552  tmp_pref.lo_addr.len = 16;
4553  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4554  if ((iapref.data[8] == 0) &&
4555  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4556  /* Status remains success; we just ignore this one. */
4557  goto cleanup;
4558  }
4559 
4560  /*
4561  * Clients may choose to send ::/X as a prefix to specify a
4562  * preferred/requested prefix length. Note X is never zero here.
4563  */
4564  tmp_pref.bits = (int) iapref.data[8];
4565  if (reply->preflen < 0) {
4566  /* Cache the first preferred prefix length. */
4567  reply->preflen = tmp_pref.bits;
4568  }
4569  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4570  goto cleanup;
4571  }
4572 
4573  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4574 
4575  /* Verify the prefix belongs to the client. */
4576  if (!prefix_is_owned(reply, &tmp_pref)) {
4577  /* Same than for addresses. */
4578  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4579  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4580  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4581  status = reply_process_try_prefix(reply, &tmp_pref);
4582 
4583  /* Either error out or skip this prefix. */
4584  if ((status != ISC_R_SUCCESS) &&
4585  (status != ISC_R_ADDRINUSE) &&
4586  (status != ISC_R_ADDRNOTAVAIL))
4587  goto cleanup;
4588 
4589  if (reply->lease == NULL) {
4590  if (reply->packet->dhcpv6_msg_type ==
4591  DHCPV6_REBIND) {
4592  reply->send_prefer = 0;
4593  reply->send_valid = 0;
4594  goto send_pref;
4595  }
4596 
4597  /* status remains success - ignore */
4598  goto cleanup;
4599  }
4600  /*
4601  * RFC3633 section 18.2.3:
4602  *
4603  * If the delegating router cannot find a binding
4604  * for the requesting router's IA_PD the delegating
4605  * router returns the IA_PD containing no prefixes
4606  * with a Status Code option set to NoBinding in the
4607  * Reply message.
4608  *
4609  * On mismatch we (ab)use this pretending we have not the IA
4610  * as soon as we have not a prefix.
4611  */
4612  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4613  /* Rewind the IA_PD to empty. */
4614  option_state_dereference(&reply->reply_ia, MDL);
4615  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4616  log_error("reply_process_prefix: No memory "
4617  "for option state wipe.");
4618  status = ISC_R_NOMEMORY;
4619  goto cleanup;
4620  }
4621 
4622  /* Append a NoBinding status code. */
4623  if (!set_status_code(STATUS_NoBinding,
4624  "Prefix not bound to this "
4625  "interface.", reply->reply_ia)) {
4626  log_error("reply_process_prefix: Unable to "
4627  "attach status code.");
4628  status = ISC_R_FAILURE;
4629  goto cleanup;
4630  }
4631 
4632  /* Fin (no more IAPREFIXes). */
4633  status = ISC_R_CANCELED;
4634  goto cleanup;
4635  } else {
4636  log_error("It is impossible to lease a client that is "
4637  "not sending a solicit, request, renew, or "
4638  "rebind message.");
4639  status = ISC_R_FAILURE;
4640  goto cleanup;
4641  }
4642  }
4643 
4644  if (reply->static_prefixes > 0) {
4645  if (reply->host == NULL)
4646  log_fatal("Impossible condition at %s:%d.", MDL);
4647 
4648  scope = &global_scope;
4649 
4650  /* Copy the static prefix for logging and finding the group */
4651  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4652 
4653  /* Try to find a group for the static prefix */
4654  group = find_group_by_prefix(reply);
4655  } else {
4656  if (reply->lease == NULL)
4657  log_fatal("Impossible condition at %s:%d.", MDL);
4658 
4659  scope = &reply->lease->scope;
4660  group = reply->lease->ipv6_pool->ipv6_pond->group;
4661  }
4662 
4663  /*
4664  * If client_resources is nonzero, then the reply_process_is_prefixed
4665  * function has executed configuration state into the reply option
4666  * cache. We will use that valid cache to derive configuration for
4667  * whether or not to engage in additional prefixes, and similar.
4668  */
4669  if (reply->client_resources != 0) {
4670  unsigned limit = 1;
4671 
4672  /*
4673  * Does this client have "enough" prefixes already? Default
4674  * to one. Everybody gets one, and one should be enough for
4675  * anybody.
4676  */
4677  oc = lookup_option(&server_universe, reply->opt_state,
4679  if (oc != NULL) {
4680  if (!evaluate_option_cache(&data, reply->packet,
4681  NULL, NULL,
4682  reply->packet->options,
4683  reply->opt_state,
4684  scope, oc, MDL) ||
4685  (data.len != 4)) {
4686  log_error("reply_process_prefix: unable to "
4687  "evaluate prefs-per-ia value.");
4688  status = ISC_R_FAILURE;
4689  goto cleanup;
4690  }
4691 
4692  limit = getULong(data.data);
4693  data_string_forget(&data, MDL);
4694  }
4695 
4696  /*
4697  * If we wish to limit the client to a certain number of
4698  * prefixes, then omit the prefix from the reply.
4699  */
4700  if (reply->client_resources >= limit)
4701  goto cleanup;
4702  }
4703 
4704  status = reply_process_is_prefixed(reply, scope, group);
4705  if (status != ISC_R_SUCCESS)
4706  goto cleanup;
4707 
4708  send_pref:
4709  status = reply_process_send_prefix(reply, &tmp_pref);
4710 
4711  cleanup:
4712  if (iapref.data != NULL)
4713  data_string_forget(&iapref, MDL);
4714  if (data.data != NULL)
4715  data_string_forget(&data, MDL);
4716  if (reply->lease != NULL)
4717  iasubopt_dereference(&reply->lease, MDL);
4718 
4719  return status;
4720 }
4721 
4722 /*
4723  * Verify the prefix belongs to the client. If we've got a host
4724  * record with fixed prefixes, it has to be an assigned prefix
4725  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4726  * that prefix and make sure it belongs to this DUID:IAID pair.
4727  */
4728 static isc_boolean_t
4729 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4730  struct iaddrcidrnetlist *l;
4731  int i;
4732  struct ipv6_pond *pond;
4733 
4734  /*
4735  * This faults out prefixes that don't match fixed prefixes.
4736  */
4737  if (reply->static_prefixes > 0) {
4738  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4739  if ((pref->bits == l->cidrnet.bits) &&
4740  (memcmp(pref->lo_addr.iabuf,
4741  l->cidrnet.lo_addr.iabuf, 16) == 0))
4742  return (ISC_TRUE);
4743  }
4744  return (ISC_FALSE);
4745  }
4746 
4747  if ((reply->old_ia == NULL) ||
4748  (reply->old_ia->num_iasubopt == 0))
4749  return (ISC_FALSE);
4750 
4751  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4752  struct iasubopt *tmp;
4753 
4754  tmp = reply->old_ia->iasubopt[i];
4755 
4756  if ((pref->bits == (int) tmp->plen) &&
4757  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4758  if (lease6_usable(tmp) == ISC_FALSE) {
4759  return (ISC_FALSE);
4760  }
4761 
4762  pond = tmp->ipv6_pool->ipv6_pond;
4763  if (((pond->prohibit_list != NULL) &&
4764  (permitted(reply->packet, pond->prohibit_list))) ||
4765  ((pond->permit_list != NULL) &&
4766  (!permitted(reply->packet, pond->permit_list))))
4767  return (ISC_FALSE);
4768 
4769  iasubopt_reference(&reply->lease, tmp, MDL);
4770  return (ISC_TRUE);
4771  }
4772  }
4773 
4774  return (ISC_FALSE);
4775 }
4776 
4777 /*
4778  * This function only returns failure on 'hard' failures. If it succeeds,
4779  * it will leave a prefix structure behind.
4780  */
4781 static isc_result_t
4782 reply_process_try_prefix(struct reply_state *reply,
4783  struct iaddrcidrnet *pref) {
4784  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4785  struct ipv6_pool *pool = NULL;
4786  struct ipv6_pond *pond = NULL;
4787  int i;
4788  struct data_string data_pref;
4789 
4790  if ((reply == NULL) || (reply->shared == NULL) ||
4791  (pref == NULL) || (reply->lease != NULL))
4792  return (DHCP_R_INVALIDARG);
4793 
4794  /*
4795  * Do a quick walk through of the ponds and pools
4796  * to see if we have any prefix pools
4797  */
4798  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4799  if (pond->ipv6_pools == NULL)
4800  continue;
4801 
4802  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4803  if (pool->pool_type == D6O_IA_PD)
4804  break;
4805  }
4806  if (pool != NULL)
4807  break;
4808  }
4809 
4810  /* If we get here and p is NULL we have no useful pools */
4811  if (pool == NULL) {
4812  return (ISC_R_ADDRNOTAVAIL);
4813  }
4814 
4815  memset(&data_pref, 0, sizeof(data_pref));
4816  data_pref.len = 17;
4817  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4818  log_error("reply_process_try_prefix: out of memory.");
4819  return (ISC_R_NOMEMORY);
4820  }
4821  data_pref.data = data_pref.buffer->data;
4822  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4823  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4824 
4825  /*
4826  * We have at least one pool that could provide a prefix
4827  * Now we walk through the ponds and pools again and check
4828  * to see if the client is permitted and if an prefix is
4829  * available
4830  *
4831  */
4832 
4833  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4834  if (((pond->prohibit_list != NULL) &&
4835  (permitted(reply->packet, pond->prohibit_list))) ||
4836  ((pond->permit_list != NULL) &&
4837  (!permitted(reply->packet, pond->permit_list))))
4838  continue;
4839 
4840  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4841  if (pool->pool_type != D6O_IA_PD) {
4842  continue;
4843  }
4844 
4845  status = try_client_v6_prefix(&reply->lease, pool,
4846  &data_pref);
4847  /* If we found it in this pool (either in use or available),
4848  there is no need to look further. */
4849  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4850  break;
4851  }
4852  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4853  break;
4854  }
4855 
4856  data_string_forget(&data_pref, MDL);
4857  /* Return just the most recent status... */
4858  return (status);
4859 }
4860 
4861 /* Look around for a prefix to give the client. First, look through the old
4862  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4863  * Finally, actually add that prefix into the current reply IA_PD.
4864  */
4865 static isc_result_t
4866 find_client_prefix(struct reply_state *reply) {
4867  struct iaddrcidrnet send_pref;
4868  isc_result_t status = ISC_R_NORESOURCES;
4869  struct iasubopt *prefix, *best_prefix = NULL;
4870  struct binding_scope **scope;
4871  int i;
4872  struct group *group;
4873 
4874  if (reply->static_prefixes > 0) {
4875  struct iaddrcidrnetlist *l;
4876 
4877  if (reply->host == NULL)
4878  return DHCP_R_INVALIDARG;
4879 
4880  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4881  if (l->cidrnet.bits == reply->preflen)
4882  break;
4883  }
4884  if (l == NULL) {
4885  /*
4886  * If no fixed prefix has the preferred length,
4887  * get the first one.
4888  */
4889  l = reply->host->fixed_prefix;
4890  }
4891  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4892 
4893  scope = &global_scope;
4894 
4895  /* Copy the prefix for logging purposes */
4896  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4897 
4898  /* Try to find a group for the static prefix */
4899  group = find_group_by_prefix(reply);
4900 
4901  goto send_pref;
4902  }
4903 
4904  if (reply->old_ia != NULL) {
4905  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4906  struct shared_network *candidate_shared;
4907  struct ipv6_pond *pond;
4908 
4909  prefix = reply->old_ia->iasubopt[i];
4910  candidate_shared = prefix->ipv6_pool->shared_network;
4911  pond = prefix->ipv6_pool->ipv6_pond;
4912 
4913  /*
4914  * Consider this prefix if it is in a global pool or
4915  * if it is scoped in a pool under the client's shared
4916  * network.
4917  */
4918  if (((candidate_shared != NULL) &&
4919  (candidate_shared != reply->shared)) ||
4920  (lease6_usable(prefix) != ISC_TRUE))
4921  continue;
4922 
4923  /*
4924  * And check if the prefix is still permitted
4925  */
4926 
4927  if (((pond->prohibit_list != NULL) &&
4928  (permitted(reply->packet, pond->prohibit_list))) ||
4929  ((pond->permit_list != NULL) &&
4930  (!permitted(reply->packet, pond->permit_list))))
4931  continue;
4932 
4933  best_prefix = prefix_compare(reply, prefix,
4934  best_prefix);
4935  }
4936 
4937  /*
4938  * If we have prefix length hint and we're not igoring them,
4939  * then toss the best match if it doesn't match the hint,
4940  * unless this is in response to a rebind. In the latter
4941  * case we're supposed to return it with zero lifetimes.
4942  * (See rt45780) */
4943  if (best_prefix && (reply->preflen > 0)
4945  && (reply->preflen != best_prefix->plen)
4946  && (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
4947  best_prefix = NULL;
4948  }
4949  }
4950 
4951  /* Try to pick a new prefix if we didn't find one, or if we found an
4952  * abandoned prefix.
4953  */
4954  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4955  status = pick_v6_prefix(reply);
4956  } else if (best_prefix != NULL) {
4957  iasubopt_reference(&reply->lease, best_prefix, MDL);
4958  status = ISC_R_SUCCESS;
4959  }
4960 
4961  /* Pick the abandoned prefix as a last resort. */
4962  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4963  /* I don't see how this is supposed to be done right now. */
4964  log_error("Reclaiming abandoned prefixes is not yet "
4965  "supported. Treating this as an out of space "
4966  "condition.");
4967  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4968  }
4969 
4970  /* Give up now if we didn't find a prefix. */
4971  if (status != ISC_R_SUCCESS)
4972  return status;
4973 
4974  if (reply->lease == NULL)
4975  log_fatal("Impossible condition at %s:%d.", MDL);
4976 
4977  scope = &reply->lease->scope;
4978  group = reply->lease->ipv6_pool->ipv6_pond->group;
4979 
4980  send_pref.lo_addr.len = 16;
4981  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4982  send_pref.bits = (int) reply->lease->plen;
4983 
4984  send_pref:
4985  status = reply_process_is_prefixed(reply, scope, group);
4986  if (status != ISC_R_SUCCESS)
4987  return status;
4988 
4989  status = reply_process_send_prefix(reply, &send_pref);
4990  return status;
4991 }
4992 
4993 /* Once a prefix is found for a client, perform several common functions;
4994  * Calculate and store valid and preferred prefix times, draw client options
4995  * into the option state.
4996  */
4997 static isc_result_t
4998 reply_process_is_prefixed(struct reply_state *reply,
4999  struct binding_scope **scope, struct group *group)
5000 {
5001  isc_result_t status = ISC_R_SUCCESS;
5002  struct data_string data;
5003  struct option_cache *oc;
5004  struct option_state *tmp_options = NULL;
5005  struct on_star *on_star;
5006  int i;
5007 
5008  /* Initialize values we will cleanup. */
5009  memset(&data, 0, sizeof(data));
5010 
5011  /*
5012  * Find the proper on_star block to use. We use the
5013  * one in the lease if we have a lease or the one in
5014  * the reply if we don't have a lease because this is
5015  * a static instance
5016  */
5017  if (reply->lease) {
5018  on_star = &reply->lease->on_star;
5019  } else {
5020  on_star = &reply->on_star;
5021  }
5022 
5023  /*
5024  * Bring in the root configuration. We only do this to bring
5025  * in the on * statements, as we didn't have the lease available
5026  * we we did it the first time.
5027  */
5028  option_state_allocate(&tmp_options, MDL);
5029  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5030  reply->packet->options, tmp_options,
5031  &global_scope, root_group, NULL,
5032  on_star);
5033  if (tmp_options != NULL) {
5034  option_state_dereference(&tmp_options, MDL);
5035  }
5036 
5037  /*
5038  * Bring configured options into the root packet level cache - start
5039  * with the lease's closest enclosing group (passed in by the caller
5040  * as 'group').
5041  */
5042  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5043  reply->packet->options, reply->opt_state,
5044  scope, group, root_group, on_star);
5045 
5046  /* Execute statements from class scopes. */
5047  for (i = reply->packet->class_count; i > 0; i--) {
5048  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5049  reply->packet->options,
5050  reply->opt_state, scope,
5051  reply->packet->classes[i - 1]->group,
5052  group, on_star);
5053  }
5054 
5055  /*
5056  * If there is a host record, over-ride with values configured there,
5057  * without re-evaluating configuration from the previously executed
5058  * group or its common enclosers.
5059  */
5060  if (reply->host != NULL)
5061  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5062  reply->packet->options,
5063  reply->opt_state, scope,
5064  reply->host->group, group,
5065  on_star);
5066 
5067  /* Determine valid lifetime. */
5068  if (reply->client_valid == 0)
5069  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
5070  else
5071  reply->send_valid = reply->client_valid;
5072 
5073  oc = lookup_option(&server_universe, reply->opt_state,
5075  if (oc != NULL) {
5076  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5077  reply->packet->options,
5078  reply->opt_state,
5079  scope, oc, MDL) ||
5080  (data.len != 4)) {
5081  log_error("reply_process_is_prefixed: unable to "
5082  "evaluate default prefix time");
5083  status = ISC_R_FAILURE;
5084  goto cleanup;
5085  }
5086 
5087  reply->send_valid = getULong(data.data);
5088  data_string_forget(&data, MDL);
5089  }
5090 
5091  /* Check to see if the lease time would cause us to wrap
5092  * in which case we make it infinite.
5093  * The following doesn't work on at least some systems:
5094  * (cur_time + reply->send_valid < cur_time)
5095  */
5096  if (reply->send_valid != INFINITE_TIME) {
5097  time_t test_time = cur_time + reply->send_valid;
5098  if (test_time < cur_time)
5099  reply->send_valid = INFINITE_TIME;
5100  }
5101 
5102  if (reply->client_prefer == 0)
5103  reply->send_prefer = reply->send_valid;
5104  else
5105  reply->send_prefer = reply->client_prefer;
5106 
5107  if ((reply->send_prefer >= reply->send_valid) &&
5108  (reply->send_valid != INFINITE_TIME))
5109  reply->send_prefer = (reply->send_valid / 2) +
5110  (reply->send_valid / 8);
5111 
5112  oc = lookup_option(&server_universe, reply->opt_state,
5114  if (oc != NULL) {
5115  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5116  reply->packet->options,
5117  reply->opt_state,
5118  scope, oc, MDL) ||
5119  (data.len != 4)) {
5120  log_error("reply_process_is_prefixed: unable to "
5121  "evaluate preferred prefix time");
5122  status = ISC_R_FAILURE;
5123  goto cleanup;
5124  }
5125 
5126  reply->send_prefer = getULong(data.data);
5127  data_string_forget(&data, MDL);
5128  }
5129 
5130  /* Note lowest values for later calculation of renew/rebind times. */
5131  if (reply->min_prefer > reply->send_prefer)
5132  reply->min_prefer = reply->send_prefer;
5133 
5134  if (reply->min_valid > reply->send_valid)
5135  reply->min_valid = reply->send_valid;
5136 
5137  /* Perform dynamic prefix related update work. */
5138  if (reply->lease != NULL) {
5139  /* Cached lifetimes */
5140  reply->lease->prefer = reply->send_prefer;
5141  reply->lease->valid = reply->send_valid;
5142 
5143  /* Advance (or rewind) the valid lifetime.
5144  * In the protocol 0xFFFFFFFF is infinite
5145  * when connecting to the lease file MAX_TIME is
5146  */
5147  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
5148  if (reply->send_valid == INFINITE_TIME) {
5149  reply->lease->soft_lifetime_end_time = MAX_TIME;
5150  } else {
5151  reply->lease->soft_lifetime_end_time =
5152  cur_time + reply->send_valid;
5153  }
5154  /* Wait before renew! */
5155  }
5156 
5157  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
5158  if (status != ISC_R_SUCCESS) {
5159  log_fatal("reply_process_is_prefixed: Unable to "
5160  "attach prefix to new IA_PD: %s",
5161  isc_result_totext(status));
5162  }
5163 
5164  /*
5165  * If this is a new prefix, make sure it is attached somewhere.
5166  */
5167  if (reply->lease->ia == NULL) {
5168  ia_reference(&reply->lease->ia, reply->ia, MDL);
5169  }
5170  }
5171 
5172  /* Bring a copy of the relevant options into the IA_PD scope. */
5173  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5174  reply->packet->options, reply->reply_ia,
5175  scope, group, root_group, NULL);
5176 
5177  /* Execute statements from class scopes. */
5178  for (i = reply->packet->class_count; i > 0; i--) {
5179  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5180  reply->packet->options,
5181  reply->reply_ia, scope,
5182  reply->packet->classes[i - 1]->group,
5183  group, NULL);
5184  }
5185 
5186  /*
5187  * And bring in host record configuration, if any, but not to overlap
5188  * the previous group or its common enclosers.
5189  */
5190  if (reply->host != NULL)
5191  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5192  reply->packet->options,
5193  reply->reply_ia, scope,
5194  reply->host->group, group, NULL);
5195 
5196  cleanup:
5197  if (data.data != NULL)
5198  data_string_forget(&data, MDL);
5199 
5200  if (status == ISC_R_SUCCESS)
5201  reply->client_resources++;
5202 
5203  return status;
5204 }
5205 
5206 /* Simply send an IAPREFIX within the IA_PD scope as described. */
5207 static isc_result_t
5208 reply_process_send_prefix(struct reply_state *reply,
5209  struct iaddrcidrnet *pref) {
5210  isc_result_t status = ISC_R_SUCCESS;
5211  struct data_string data;
5212 
5213  memset(&data, 0, sizeof(data));
5214 
5215  /* Now append the prefix. */
5216  data.len = IAPREFIX_OFFSET;
5217  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
5218  log_error("reply_process_send_prefix: out of memory"
5219  "allocating new IAPREFIX buffer.");
5220  status = ISC_R_NOMEMORY;
5221  goto cleanup;
5222  }
5223  data.data = data.buffer->data;
5224 
5225  putULong(data.buffer->data, reply->send_prefer);
5226  putULong(data.buffer->data + 4, reply->send_valid);
5227  data.buffer->data[8] = pref->bits;
5228  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
5229 
5230  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
5231  data.buffer, data.buffer->data,
5232  data.len, D6O_IAPREFIX, 0)) {
5233  log_error("reply_process_send_prefix: unable "
5234  "to save IAPREFIX option");
5235  status = ISC_R_FAILURE;
5236  goto cleanup;
5237  }
5238 
5239  reply->resources_included = ISC_TRUE;
5240 
5241  cleanup:
5242  if (data.data != NULL)
5244 
5245  return status;
5246 }
5247 
5248 /* Choose the better of two prefixes. */
5249 static struct iasubopt *
5250 prefix_compare(struct reply_state *reply,
5251  struct iasubopt *alpha, struct iasubopt *beta) {
5252  if (alpha == NULL)
5253  return beta;
5254  if (beta == NULL)
5255  return alpha;
5256 
5257  if (reply->preflen >= 0) {
5258  if ((alpha->plen == reply->preflen) &&
5259  (beta->plen != reply->preflen))
5260  return alpha;
5261  if ((beta->plen == reply->preflen) &&
5262  (alpha->plen != reply->preflen))
5263  return beta;
5264  }
5265 
5266  switch(alpha->state) {
5267  case FTS_ACTIVE:
5268  switch(beta->state) {
5269  case FTS_ACTIVE:
5270  /* Choose the prefix with the longest lifetime (most
5271  * likely the most recently allocated).
5272  */
5273  if (alpha->hard_lifetime_end_time <
5274  beta->hard_lifetime_end_time)
5275  return beta;
5276  else
5277  return alpha;
5278 
5279  case FTS_EXPIRED:
5280  case FTS_ABANDONED:
5281  return alpha;
5282 
5283  default:
5284  log_fatal("Impossible condition at %s:%d.", MDL);
5285  }
5286  break;
5287 
5288  case FTS_EXPIRED:
5289  switch (beta->state) {
5290  case FTS_ACTIVE:
5291  return beta;
5292 
5293  case FTS_EXPIRED:
5294  /* Choose the most recently expired prefix. */
5295  if (alpha->hard_lifetime_end_time <
5296  beta->hard_lifetime_end_time)
5297  return beta;
5298  else if ((alpha->hard_lifetime_end_time ==
5299  beta->hard_lifetime_end_time) &&
5300  (alpha->soft_lifetime_end_time <
5301  beta->soft_lifetime_end_time))
5302  return beta;
5303  else
5304  return alpha;
5305 
5306  case FTS_ABANDONED:
5307  return alpha;
5308 
5309  default:
5310  log_fatal("Impossible condition at %s:%d.", MDL);
5311  }
5312  break;
5313 
5314  case FTS_ABANDONED:
5315  switch (beta->state) {
5316  case FTS_ACTIVE:
5317  case FTS_EXPIRED:
5318  return alpha;
5319 
5320  case FTS_ABANDONED:
5321  /* Choose the prefix that was abandoned longest ago. */
5322  if (alpha->hard_lifetime_end_time <
5323  beta->hard_lifetime_end_time)
5324  return alpha;
5325  else
5326  return beta;
5327 
5328  default:
5329  log_fatal("Impossible condition at %s:%d.", MDL);
5330  }
5331  break;
5332 
5333  default:
5334  log_fatal("Impossible condition at %s:%d.", MDL);
5335  }
5336 
5337  log_fatal("Triple impossible condition at %s:%d.", MDL);
5338  return NULL;
5339 }
5340 
5341 /*
5342  * Solicit is how a client starts requesting addresses.
5343  *
5344  * If the client asks for rapid commit, and we support it, we will
5345  * allocate the addresses and reply.
5346  *
5347  * Otherwise we will send an advertise message.
5348  */
5349 
5350 static void
5351 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5352  struct data_string client_id;
5353 
5354  /*
5355  * Validate our input.
5356  */
5357  if (!valid_client_msg(packet, &client_id)) {
5358  return;
5359  }
5360 
5361  lease_to_client(reply_ret, packet, &client_id, NULL);
5362 
5363  /*
5364  * Clean up.
5365  */
5366  data_string_forget(&client_id, MDL);
5367 }
5368 
5369 /*
5370  * Request is how a client actually requests addresses.
5371  *
5372  * Very similar to Solicit handling, except the server DUID is required.
5373  */
5374 
5375 static void
5376 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5377  struct data_string client_id;
5378  struct data_string server_id;
5379 
5380  /*
5381  * Validate our input.
5382  */
5383  if (!valid_client_resp(packet, &client_id, &server_id)) {
5384  return;
5385  }
5386 
5387  /* If the REQUEST arrived via unicast and unicast option isn't set,
5388  * reject it per RFC 3315, Sec 18.2.1 */
5389  if (packet->unicast == ISC_TRUE &&
5390  is_unicast_option_defined(packet) == ISC_FALSE) {
5391  unicast_reject(reply_ret, packet, &client_id, &server_id);
5392  } else {
5393  /*
5394  * Issue our lease.
5395  */
5396  lease_to_client(reply_ret, packet, &client_id, &server_id);
5397  }
5398 
5399  /*
5400  * Cleanup.
5401  */
5402  data_string_forget(&client_id, MDL);
5403  data_string_forget(&server_id, MDL);
5404 }
5405 
5406 /* Find a DHCPv6 packet's shared network from hints in the packet.
5407  */
5408 static isc_result_t
5409 shared_network_from_packet6(struct shared_network **shared,
5410  struct packet *packet)
5411 {
5412  const struct packet *chk_packet;
5413  const struct in6_addr *link_addr, *first_link_addr;
5414  struct iaddr tmp_addr;
5415  struct subnet *subnet;
5416  isc_result_t status;
5417 
5418  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5419  return DHCP_R_INVALIDARG;
5420 
5421  /*
5422  * First, find the link address where the packet from the client
5423  * first appeared (if this packet was relayed).
5424  */
5425  first_link_addr = NULL;
5426  chk_packet = packet->dhcpv6_container_packet;
5427  while (chk_packet != NULL) {
5428  link_addr = &chk_packet->dhcpv6_link_address;
5429  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5430  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5431  first_link_addr = link_addr;
5432  break;
5433  }
5434  chk_packet = chk_packet->dhcpv6_container_packet;
5435  }
5436 
5437  /*
5438  * If there is a relayed link address, find the subnet associated
5439  * with that, and use that to get the appropriate
5440  * shared_network.
5441  */
5442  if (first_link_addr != NULL) {
5443  tmp_addr.len = sizeof(*first_link_addr);
5444  memcpy(tmp_addr.iabuf,
5445  first_link_addr, sizeof(*first_link_addr));
5446  subnet = NULL;
5447  if (!find_subnet(&subnet, tmp_addr, MDL)) {
5448  log_debug("No subnet found for link-address %s.",
5449  piaddr(tmp_addr));
5450  return ISC_R_NOTFOUND;
5451  }
5452  status = shared_network_reference(shared,
5454  subnet_dereference(&subnet, MDL);
5455 
5456  /*
5457  * If there is no link address, we will use the interface
5458  * that this packet came in on to pick the shared_network.
5459  */
5460  } else if (packet->interface != NULL) {
5461  status = shared_network_reference(shared,
5463  MDL);
5464  if (packet->dhcpv6_container_packet != NULL) {
5465  log_info("[L2 Relay] No link address in relay packet "
5466  "assuming L2 relay and using receiving "
5467  "interface");
5468  }
5469 
5470  } else {
5471  /*
5472  * We shouldn't be able to get here but if there is no link
5473  * address and no interface we don't know where to get the
5474  * pool from log an error and return an error.
5475  */
5476  log_error("No interface and no link address "
5477  "can't determine pool");
5478  status = DHCP_R_INVALIDARG;
5479  }
5480 
5481  return status;
5482 }
5483 
5484 /*
5485  * When a client thinks it might be on a new link, it sends a
5486  * Confirm message.
5487  *
5488  * From RFC3315 section 18.2.2:
5489  *
5490  * When the server receives a Confirm message, the server determines
5491  * whether the addresses in the Confirm message are appropriate for the
5492  * link to which the client is attached. If all of the addresses in the
5493  * Confirm message pass this test, the server returns a status of
5494  * Success. If any of the addresses do not pass this test, the server
5495  * returns a status of NotOnLink. If the server is unable to perform
5496  * this test (for example, the server does not have information about
5497  * prefixes on the link to which the client is connected), or there were
5498  * no addresses in any of the IAs sent by the client, the server MUST
5499  * NOT send a reply to the client.
5500  */
5501 
5502 static void
5503 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5504  struct shared_network *shared;
5505  struct subnet *subnet;
5506  struct option_cache *ia, *ta, *oc;
5507  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5508  struct option_state *cli_enc_opt_state, *opt_state;
5509  struct iaddr cli_addr;
5510  int pass;
5511  isc_boolean_t inappropriate, has_addrs;
5512  char reply_data[65536];
5513  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5514  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5515 
5516  /*
5517  * Basic client message validation.
5518  */
5519  memset(&client_id, 0, sizeof(client_id));
5520  if (!valid_client_msg(packet, &client_id)) {
5521  return;
5522  }
5523 
5524  /*
5525  * Do not process Confirms that do not have IA's we do not recognize.
5526  */
5529  if ((ia == NULL) && (ta == NULL))
5530  return;
5531 
5532  /*
5533  * IA_PD's are simply ignored.
5534  */
5536 
5537  /*
5538  * Bit of variable initialization.
5539  */
5540  opt_state = cli_enc_opt_state = NULL;
5541  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5542  memset(&iaaddr, 0, sizeof(iaaddr));
5543  memset(&packet_oro, 0, sizeof(packet_oro));
5544 
5545  /* Determine what shared network the client is connected to. We
5546  * must not respond if we don't have any information about the
5547  * network the client is on.
5548  */
5549  shared = NULL;
5550  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5551  (shared == NULL))
5552  goto exit;
5553 
5554  /* If there are no recorded subnets, then we have no
5555  * information about this subnet - ignore Confirms.
5556  */
5557  subnet = shared->subnets;
5558  if (subnet == NULL)
5559  goto exit;
5560 
5561  /* Are the addresses in all the IA's appropriate for that link? */
5562  has_addrs = inappropriate = ISC_FALSE;
5563  pass = D6O_IA_NA;
5564  while(!inappropriate) {
5565  /* If we've reached the end of the IA_NA pass, move to the
5566  * IA_TA pass.
5567  */
5568  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5569  pass = D6O_IA_TA;
5570  ia = ta;
5571  }
5572 
5573  /* If we've reached the end of all passes, we're done. */
5574  if (ia == NULL)
5575  break;
5576 
5577  if (((pass == D6O_IA_NA) &&
5578  !get_encapsulated_IA_state(&cli_enc_opt_state,
5579  &cli_enc_opt_data,
5580  packet, ia, IA_NA_OFFSET)) ||
5581  ((pass == D6O_IA_TA) &&
5582  !get_encapsulated_IA_state(&cli_enc_opt_state,
5583  &cli_enc_opt_data,
5584  packet, ia, IA_TA_OFFSET))) {
5585  goto exit;
5586  }
5587 
5588  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5589  D6O_IAADDR);
5590 
5591  for ( ; oc != NULL ; oc = oc->next) {
5592  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5593  packet->options, NULL,
5594  &global_scope, oc, MDL) ||
5595  (iaaddr.len < IAADDR_OFFSET)) {
5596  log_error("dhcpv6_confirm: "
5597  "error evaluating IAADDR.");
5598  goto exit;
5599  }
5600 
5601  /* Copy out the IPv6 address for processing. */
5602  cli_addr.len = 16;
5603  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5604 
5605  data_string_forget(&iaaddr, MDL);
5606 
5607  /* Record that we've processed at least one address. */
5608  has_addrs = ISC_TRUE;
5609 
5610  /* Find out if any subnets cover this address. */
5611  for (subnet = shared->subnets ; subnet != NULL ;
5612  subnet = subnet->next_sibling) {
5613  if (addr_eq(subnet_number(cli_addr,
5614  subnet->netmask),
5615  subnet->net))
5616  break;
5617  }
5618 
5619  /* If we reach the end of the subnet list, and no
5620  * subnet matches the client address, then it must
5621  * be inappropriate to the link (so far as our
5622  * configuration says). Once we've found one
5623  * inappropriate address, there is no reason to
5624  * continue searching.
5625  */
5626  if (subnet == NULL) {
5627  inappropriate = ISC_TRUE;
5628  break;
5629  }
5630  }
5631 
5632  option_state_dereference(&cli_enc_opt_state, MDL);
5633  data_string_forget(&cli_enc_opt_data, MDL);
5634 
5635  /* Advance to the next IA_*. */
5636  ia = ia->next;
5637  }
5638 
5639  /* If the client supplied no addresses, do not reply. */
5640  if (!has_addrs)
5641  goto exit;
5642 
5643  /*
5644  * Set up reply.
5645  */
5646  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5647  goto exit;
5648  }
5649 
5650  /*
5651  * Set our status.
5652  */
5653  if (inappropriate) {
5654  if (!set_status_code(STATUS_NotOnLink,
5655  "Some of the addresses are not on link.",
5656  opt_state)) {
5657  goto exit;
5658  }
5659  } else {
5660  if (!set_status_code(STATUS_Success,
5661  "All addresses still on link.",
5662  opt_state)) {
5663  goto exit;
5664  }
5665  }
5666 
5667  /*
5668  * Only one option: add it.
5669  */
5670  reply_ofs += store_options6(reply_data+reply_ofs,
5671  sizeof(reply_data)-reply_ofs,
5672  opt_state, packet,
5673  required_opts, &packet_oro);
5674 
5675  /*
5676  * Return our reply to the caller.
5677  */
5678  reply_ret->len = reply_ofs;
5679  reply_ret->buffer = NULL;
5680  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5681  log_fatal("No memory to store reply.");
5682  }
5683  reply_ret->data = reply_ret->buffer->data;
5684  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5685 
5686 exit:
5687  /* Cleanup any stale data strings. */
5688  if (cli_enc_opt_data.buffer != NULL)
5689  data_string_forget(&cli_enc_opt_data, MDL);
5690  if (iaaddr.buffer != NULL)
5691  data_string_forget(&iaaddr, MDL);
5692  if (client_id.buffer != NULL)
5693  data_string_forget(&client_id, MDL);
5694  if (packet_oro.buffer != NULL)
5695  data_string_forget(&packet_oro, MDL);
5696 
5697  /* Release any stale option states. */
5698  if (cli_enc_opt_state != NULL)
5699  option_state_dereference(&cli_enc_opt_state, MDL);
5700  if (opt_state != NULL)
5701  option_state_dereference(&opt_state, MDL);
5702 }
5703 
5704 /*
5705  * Renew is when a client wants to extend its lease/prefix, at time T1.
5706  *
5707  * We handle this the same as if the client wants a new lease/prefix,
5708  * except for the error code of when addresses don't match.
5709  */
5710 
5711 static void
5712 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5713  struct data_string client_id;
5714  struct data_string server_id;
5715 
5716  /*
5717  * Validate the request.
5718  */
5719  if (!valid_client_resp(packet, &client_id, &server_id)) {
5720  return;
5721  }
5722 
5723  /* If the RENEW arrived via unicast and unicast option isn't set,
5724  * reject it per RFC 3315, Sec 18.2.3 */
5725  if (packet->unicast == ISC_TRUE &&
5726  is_unicast_option_defined(packet) == ISC_FALSE) {
5727  unicast_reject(reply, packet, &client_id, &server_id);
5728  } else {
5729  /*
5730  * Renew our lease.
5731  */
5732  lease_to_client(reply, packet, &client_id, &server_id);
5733  }
5734 
5735  /*
5736  * Cleanup.
5737  */
5738  data_string_forget(&server_id, MDL);
5739  data_string_forget(&client_id, MDL);
5740 }
5741 
5742 /*
5743  * Rebind is when a client wants to extend its lease, at time T2.
5744  *
5745  * We handle this the same as if the client wants a new lease, except
5746  * for the error code of when addresses don't match.
5747  */
5748 
5749 static void
5750 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5751  struct data_string client_id;
5752 
5753  if (!valid_client_msg(packet, &client_id)) {
5754  return;
5755  }
5756 
5757  lease_to_client(reply, packet, &client_id, NULL);
5758 
5759  data_string_forget(&client_id, MDL);
5760 }
5761 
5762 static void
5763 ia_na_match_decline(const struct data_string *client_id,
5764  const struct data_string *iaaddr,
5765  struct iasubopt *lease)
5766 {
5767  char tmp_addr[INET6_ADDRSTRLEN];
5768 
5769  log_error("Client %s reports address %s is "
5770  "already in use by another host!",
5771  print_hex_1(client_id->len, client_id->data, 60),
5772  inet_ntop(AF_INET6, iaaddr->data,
5773  tmp_addr, sizeof(tmp_addr)));
5774  if (lease != NULL) {
5775  decline_lease6(lease->ipv6_pool, lease);
5776  lease->ia->cltt = cur_time;
5777  write_ia(lease->ia);
5778  }
5779 }
5780 
5781 static void
5782 ia_na_nomatch_decline(const struct data_string *client_id,
5783  const struct data_string *iaaddr,
5784  u_int32_t *ia_na_id,
5785  struct packet *packet,
5786  char *reply_data,
5787  int *reply_ofs,
5788  int reply_len)
5789 {
5790  char tmp_addr[INET6_ADDRSTRLEN];
5791  struct option_state *host_opt_state;
5792  int len;
5793 
5794  log_info("Client %s declines address %s, which is not offered to it.",
5795  print_hex_1(client_id->len, client_id->data, 60),
5796  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5797 
5798  /*
5799  * Create state for this IA_NA.
5800  */
5801  host_opt_state = NULL;
5802  if (!option_state_allocate(&host_opt_state, MDL)) {
5803  log_error("ia_na_nomatch_decline: out of memory "
5804  "allocating option_state.");
5805  goto exit;
5806  }
5807 
5808  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5809  host_opt_state)) {
5810  goto exit;
5811  }
5812 
5813  /*
5814  * Insure we have enough space
5815  */
5816  if (reply_len < (*reply_ofs + 16)) {
5817  log_error("ia_na_nomatch_decline: "
5818  "out of space for reply packet.");
5819  goto exit;
5820  }
5821 
5822  /*
5823  * Put our status code into the reply packet.
5824  */
5825  len = store_options6(reply_data+(*reply_ofs)+16,
5826  reply_len-(*reply_ofs)-16,
5827  host_opt_state, packet,
5828  required_opts_STATUS_CODE, NULL);
5829 
5830  /*
5831  * Store the non-encapsulated option data for this
5832  * IA_NA into our reply packet. Defined in RFC 3315,
5833  * section 22.4.
5834  */
5835  /* option number */
5836  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5837  /* option length */
5838  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5839  /* IA_NA, copied from the client */
5840  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5841  /* t1 and t2, odd that we need them, but here it is */
5842  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5843  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5844 
5845  /*
5846  * Get ready for next IA_NA.
5847  */
5848  *reply_ofs += (len + 16);
5849 
5850 exit:
5851  option_state_dereference(&host_opt_state, MDL);
5852 }
5853 
5854 static void
5855 iterate_over_ia_na(struct data_string *reply_ret,
5856  struct packet *packet,
5857  const struct data_string *client_id,
5858  const struct data_string *server_id,
5859  const char *packet_type,
5860  void (*ia_na_match)(),
5861  void (*ia_na_nomatch)())
5862 {
5863  struct option_state *opt_state;
5864  struct host_decl *packet_host;
5865  struct option_cache *ia;
5866  struct option_cache *oc;
5867  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5868  struct data_string cli_enc_opt_data;
5869  struct option_state *cli_enc_opt_state;
5870  struct host_decl *host;
5871  struct data_string iaaddr;
5872  struct data_string fixed_addr;
5873  char reply_data[65536];
5874  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5875  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5876  char status_msg[32];
5877  struct iasubopt *lease;
5878  struct ia_xx *existing_ia_na;
5879  int i;
5880  struct data_string key;
5881  u_int32_t iaid;
5882 
5883  /*
5884  * Initialize to empty values, in case we have to exit early.
5885  */
5886  opt_state = NULL;
5887  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5888  cli_enc_opt_state = NULL;
5889  memset(&iaaddr, 0, sizeof(iaaddr));
5890  memset(&fixed_addr, 0, sizeof(fixed_addr));
5891  lease = NULL;
5892 
5893  /*
5894  * Find the host record that matches from the packet, if any.
5895  */
5896  packet_host = NULL;
5897  find_hosts6(&packet_host, packet, client_id, MDL);
5898 
5899  /*
5900  * Set our reply information.
5901  */
5902  reply->msg_type = DHCPV6_REPLY;
5904  sizeof(reply->transaction_id));
5905 
5906  /*
5907  * Build our option state for reply.
5908  */
5909  opt_state = NULL;
5910  if (!option_state_allocate(&opt_state, MDL)) {
5911  log_error("iterate_over_ia_na: no memory for option_state.");
5912  goto exit;
5913  }
5914  execute_statements_in_scope(NULL, packet, NULL, NULL,
5915  packet->options, opt_state,
5916  &global_scope, root_group, NULL, NULL);
5917 
5918  /*
5919  * RFC 3315, section 18.2.7 tells us which options to include.
5920  */
5921  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5922  if (oc == NULL) {
5923  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5924  (unsigned char *)server_duid.data,
5925  server_duid.len, D6O_SERVERID, 0)) {
5926  log_error("iterate_over_ia_na: "
5927  "error saving server identifier.");
5928  goto exit;
5929  }
5930  }
5931 
5932  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5933  client_id->buffer,
5934  (unsigned char *)client_id->data,
5935  client_id->len,
5936  D6O_CLIENTID, 0)) {
5937  log_error("iterate_over_ia_na: "
5938  "error saving client identifier.");
5939  goto exit;
5940  }
5941 
5942  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5943  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5944  goto exit;
5945  }
5946 
5947  /*
5948  * Add our options that are not associated with any IA_NA or IA_TA.
5949  */
5950  reply_ofs += store_options6(reply_data+reply_ofs,
5951  sizeof(reply_data)-reply_ofs,
5952  opt_state, packet,
5953  required_opts, NULL);
5954 
5955  /*
5956  * Loop through the IA_NA reported by the client, and deal with
5957  * addresses reported as already in use.
5958  */
5960  ia != NULL; ia = ia->next) {
5961 
5962  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5963  &cli_enc_opt_data,
5964  packet, ia, IA_NA_OFFSET)) {
5965  goto exit;
5966  }
5967 
5968  iaid = getULong(cli_enc_opt_data.data);
5969 
5970  /*
5971  * XXX: It is possible that we can get multiple addresses
5972  * sent by the client. We don't send multiple
5973  * addresses, so this indicates a client error.
5974  * We should check for multiple IAADDR options, log
5975  * if found, and set as an error.
5976  */
5977  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5978  D6O_IAADDR);
5979  if (oc == NULL) {
5980  /* no address given for this IA, ignore */
5981  option_state_dereference(&cli_enc_opt_state, MDL);
5982  data_string_forget(&cli_enc_opt_data, MDL);
5983  continue;
5984  }
5985 
5986  memset(&iaaddr, 0, sizeof(iaaddr));
5987  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5988  packet->options, NULL,
5989  &global_scope, oc, MDL)) {
5990  log_error("iterate_over_ia_na: "
5991  "error evaluating IAADDR.");
5992  goto exit;
5993  }
5994 
5995  /*
5996  * Now we need to figure out which host record matches
5997  * this IA_NA and IAADDR (encapsulated option contents
5998  * matching a host record by option).
5999  *
6000  * XXX: We don't currently track IA_NA separately, but
6001  * we will need to do this!
6002  */
6003  host = NULL;
6004  if (!find_hosts_by_option(&host, packet,
6005  cli_enc_opt_state, MDL)) {
6006  if (packet_host != NULL) {
6007  host = packet_host;
6008  } else {
6009  host = NULL;
6010  }
6011  }
6012  while (host != NULL) {
6013  if (host->fixed_addr != NULL) {
6014  if (!evaluate_option_cache(&fixed_addr, NULL,
6015  NULL, NULL, NULL,
6016  NULL, &global_scope,
6017  host->fixed_addr,
6018  MDL)) {
6019  log_error("iterate_over_ia_na: error "
6020  "evaluating host address.");
6021  goto exit;
6022  }
6023  if ((iaaddr.len >= 16) &&
6024  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
6025  data_string_forget(&fixed_addr, MDL);
6026  break;
6027  }
6028  data_string_forget(&fixed_addr, MDL);
6029  }
6030  host = host->n_ipaddr;
6031  }
6032 
6033  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
6034  /*
6035  * Find existing IA_NA.
6036  */
6037  if (ia_make_key(&key, iaid,
6038  (char *)client_id->data,
6039  client_id->len,
6040  MDL) != ISC_R_SUCCESS) {
6041  log_fatal("iterate_over_ia_na: no memory for "
6042  "key.");
6043  }
6044 
6045  existing_ia_na = NULL;
6046  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
6047  (unsigned char *)key.data,
6048  key.len, MDL)) {
6049  /*
6050  * Make sure this address is in the IA_NA.
6051  */
6052  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
6053  struct iasubopt *tmp;
6054  struct in6_addr *in6_addr;
6055 
6056  tmp = existing_ia_na->iasubopt[i];
6057  in6_addr = &tmp->addr;
6058  if (memcmp(in6_addr,
6059  iaaddr.data, 16) == 0) {
6061  tmp, MDL);
6062  break;
6063  }
6064  }
6065  }
6066 
6067  data_string_forget(&key, MDL);
6068  }
6069 
6070  if ((host != NULL) || (lease != NULL)) {
6071  ia_na_match(client_id, &iaaddr, lease);
6072  } else {
6073  ia_na_nomatch(client_id, &iaaddr,
6074  (u_int32_t *)cli_enc_opt_data.data,
6075  packet, reply_data, &reply_ofs,
6076  sizeof(reply_data));
6077  }
6078 
6079  if (lease != NULL) {
6081  }
6082 
6083  data_string_forget(&iaaddr, MDL);
6084  option_state_dereference(&cli_enc_opt_state, MDL);
6085  data_string_forget(&cli_enc_opt_data, MDL);
6086  }
6087 
6088  /*
6089  * Return our reply to the caller.
6090  */
6091  reply_ret->len = reply_ofs;
6092  reply_ret->buffer = NULL;
6093  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
6094  log_fatal("No memory to store reply.");
6095  }
6096  reply_ret->data = reply_ret->buffer->data;
6097  memcpy(reply_ret->buffer->data, reply, reply_ofs);
6098 
6099 exit:
6100  if (lease != NULL) {
6102  }
6103  if (fixed_addr.buffer != NULL) {
6104  data_string_forget(&fixed_addr, MDL);
6105  }
6106  if (iaaddr.buffer != NULL) {
6107  data_string_forget(&iaaddr, MDL);
6108  }
6109  if (cli_enc_opt_state != NULL) {
6110  option_state_dereference(&cli_enc_opt_state, MDL);
6111  }
6112  if (cli_enc_opt_data.buffer != NULL) {
6113  data_string_forget(&cli_enc_opt_data, MDL);
6114  }
6115  if (opt_state != NULL) {
6116  option_state_dereference(&opt_state, MDL);
6117  }
6118 }
6119 
6120 /*
6121  * Decline means a client has detected that something else is using an
6122  * address we gave it.
6123  *
6124  * Since we're only dealing with fixed leases for now, there's not
6125  * much we can do, other that log the occurrence.
6126  *
6127  * When we start issuing addresses from pools, then we will have to
6128  * record our declined addresses and issue another. In general with
6129  * IPv6 there is no worry about DoS by clients exhausting space, but
6130  * we still need to be aware of this possibility.
6131  */
6132 
6133 /* TODO: IA_TA */
6134 static void
6135 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
6136  struct data_string client_id;
6137  struct data_string server_id;
6138 
6139  /*
6140  * Validate our input.
6141  */
6142  if (!valid_client_resp(packet, &client_id, &server_id)) {
6143  return;
6144  }
6145 
6146  /* If the DECLINE arrived via unicast and unicast option isn't set,
6147  * reject it per RFC 3315, Sec 18.2.7 */
6148  if (packet->unicast == ISC_TRUE &&
6149  is_unicast_option_defined(packet) == ISC_FALSE) {
6150  unicast_reject(reply, packet, &client_id, &server_id);
6151  } else {
6152  /*
6153  * Undefined for IA_PD.
6154  */
6156 
6157  /*
6158  * And operate on each IA_NA in this packet.
6159  */
6160  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6161  "Decline", ia_na_match_decline,
6162  ia_na_nomatch_decline);
6163 
6164  }
6165 
6166  data_string_forget(&server_id, MDL);
6167  data_string_forget(&client_id, MDL);
6168 }
6169 
6170 static void
6171 ia_na_match_release(const struct data_string *client_id,
6172  const struct data_string *iaaddr,
6173  struct iasubopt *lease)
6174 {
6175  char tmp_addr[INET6_ADDRSTRLEN];
6176 
6177  log_info("Client %s releases address %s",
6178  print_hex_1(client_id->len, client_id->data, 60),
6179  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6180  if (lease != NULL) {
6181  release_lease6(lease->ipv6_pool, lease);
6182  lease->ia->cltt = cur_time;
6183  write_ia(lease->ia);
6184  }
6185 }
6186 
6187 static void
6188 ia_na_nomatch_release(const struct data_string *client_id,
6189  const struct data_string *iaaddr,
6190  u_int32_t *ia_na_id,
6191  struct packet *packet,
6192  char *reply_data,
6193  int *reply_ofs,
6194  int reply_len)
6195 {
6196  char tmp_addr[INET6_ADDRSTRLEN];
6197  struct option_state *host_opt_state;
6198  int len;
6199 
6200  log_info("Client %s releases address %s, which is not leased to it.",
6201  print_hex_1(client_id->len, client_id->data, 60),
6202  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6203 
6204  /*
6205  * Create state for this IA_NA.
6206  */
6207  host_opt_state = NULL;
6208  if (!option_state_allocate(&host_opt_state, MDL)) {
6209  log_error("ia_na_nomatch_release: out of memory "
6210  "allocating option_state.");
6211  goto exit;
6212  }
6213 
6214  if (!set_status_code(STATUS_NoBinding,
6215  "Release for non-leased address.",
6216  host_opt_state)) {
6217  goto exit;
6218  }
6219 
6220  /*
6221  * Insure we have enough space
6222  */
6223  if (reply_len < (*reply_ofs + 16)) {
6224  log_error("ia_na_nomatch_release: "
6225  "out of space for reply packet.");
6226  goto exit;
6227  }
6228 
6229  /*
6230  * Put our status code into the reply packet.
6231  */
6232  len = store_options6(reply_data+(*reply_ofs)+16,
6233  reply_len-(*reply_ofs)-16,
6234  host_opt_state, packet,
6235  required_opts_STATUS_CODE, NULL);
6236 
6237  /*
6238  * Store the non-encapsulated option data for this
6239  * IA_NA into our reply packet. Defined in RFC 3315,
6240  * section 22.4.
6241  */
6242  /* option number */
6243  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
6244  /* option length */
6245  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6246  /* IA_NA, copied from the client */
6247  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
6248  /* t1 and t2, odd that we need them, but here it is */
6249  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6250  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6251 
6252  /*
6253  * Get ready for next IA_NA.
6254  */
6255  *reply_ofs += (len + 16);
6256 
6257 exit:
6258  option_state_dereference(&host_opt_state, MDL);
6259 }
6260 
6261 static void
6262 ia_pd_match_release(const struct data_string *client_id,
6263  const struct data_string *iapref,
6264  struct iasubopt *prefix)
6265 {
6266  char tmp_addr[INET6_ADDRSTRLEN];
6267 
6268  log_info("Client %s releases prefix %s/%u",
6269  print_hex_1(client_id->len, client_id->data, 60),
6270  inet_ntop(AF_INET6, iapref->data + 9,
6271  tmp_addr, sizeof(tmp_addr)),
6272  (unsigned) getUChar(iapref->data + 8));
6273  if (prefix != NULL) {
6274  release_lease6(prefix->ipv6_pool, prefix);
6275  prefix->ia->cltt = cur_time;
6276  write_ia(prefix->ia);
6277  }
6278 }
6279 
6280 static void
6281 ia_pd_nomatch_release(const struct data_string *client_id,
6282  const struct data_string *iapref,
6283  u_int32_t *ia_pd_id,
6284  struct packet *packet,
6285  char *reply_data,
6286  int *reply_ofs,
6287  int reply_len)
6288 {
6289  char tmp_addr[INET6_ADDRSTRLEN];
6290  struct option_state *host_opt_state;
6291  int len;
6292 
6293  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
6294  print_hex_1(client_id->len, client_id->data, 60),
6295  inet_ntop(AF_INET6, iapref->data + 9,
6296  tmp_addr, sizeof(tmp_addr)),
6297  (unsigned) getUChar(iapref->data + 8));
6298 
6299  /*
6300  * Create state for this IA_PD.
6301  */
6302  host_opt_state = NULL;
6303  if (!option_state_allocate(&host_opt_state, MDL)) {
6304  log_error("ia_pd_nomatch_release: out of memory "
6305  "allocating option_state.");
6306  goto exit;
6307  }
6308 
6309  if (!set_status_code(STATUS_NoBinding,
6310  "Release for non-leased prefix.",
6311  host_opt_state)) {
6312  goto exit;
6313  }
6314 
6315  /*
6316  * Insure we have enough space
6317  */
6318  if (reply_len < (*reply_ofs + 16)) {
6319  log_error("ia_pd_nomatch_release: "
6320  "out of space for reply packet.");
6321  goto exit;
6322  }
6323 
6324  /*
6325  * Put our status code into the reply packet.
6326  */
6327  len = store_options6(reply_data+(*reply_ofs)+16,
6328  reply_len-(*reply_ofs)-16,
6329  host_opt_state, packet,
6330  required_opts_STATUS_CODE, NULL);
6331 
6332  /*
6333  * Store the non-encapsulated option data for this
6334  * IA_PD into our reply packet. Defined in RFC 3315,
6335  * section 22.4.
6336  */
6337  /* option number */
6338  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6339  /* option length */
6340  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6341  /* IA_PD, copied from the client */
6342  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6343  /* t1 and t2, odd that we need them, but here it is */
6344  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6345  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6346 
6347  /*
6348  * Get ready for next IA_PD.
6349  */
6350  *reply_ofs += (len + 16);
6351 
6352 exit:
6353  option_state_dereference(&host_opt_state, MDL);
6354 }
6355 
6356 static void
6357 iterate_over_ia_pd(struct data_string *reply_ret,
6358  struct packet *packet,
6359  const struct data_string *client_id,
6360  const struct data_string *server_id,
6361  const char *packet_type,
6362  void (*ia_pd_match)(),
6363  void (*ia_pd_nomatch)())
6364 {
6365  struct data_string reply_new;
6366  int reply_len;
6367  struct option_state *opt_state;
6368  struct host_decl *packet_host;
6369  struct option_cache *ia;
6370  struct option_cache *oc;
6371  /* cli_enc_... variables come from the IA_PD options */
6372  struct data_string cli_enc_opt_data;
6373  struct option_state *cli_enc_opt_state;
6374  struct host_decl *host;
6375  struct data_string iaprefix;
6376  char reply_data[65536];
6377  int reply_ofs;
6378  struct iasubopt *prefix;
6379  struct ia_xx *existing_ia_pd;
6380  int i;
6381  struct data_string key;
6382  u_int32_t iaid;
6383 
6384  /*
6385  * Initialize to empty values, in case we have to exit early.
6386  */
6387  memset(&reply_new, 0, sizeof(reply_new));
6388  opt_state = NULL;
6389  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6390  cli_enc_opt_state = NULL;
6391  memset(&iaprefix, 0, sizeof(iaprefix));
6392  prefix = NULL;
6393 
6394  /*
6395  * Compute the available length for the reply.
6396  */
6397  reply_len = sizeof(reply_data) - reply_ret->len;
6398  reply_ofs = 0;
6399 
6400  /*
6401  * Find the host record that matches from the packet, if any.
6402  */
6403  packet_host = NULL;
6404  find_hosts6(&packet_host, packet, client_id, MDL);
6405 
6406  /*
6407  * Build our option state for reply.
6408  */
6409  opt_state = NULL;
6410  if (!option_state_allocate(&opt_state, MDL)) {
6411  log_error("iterate_over_ia_pd: no memory for option_state.");
6412  goto exit;
6413  }
6414  execute_statements_in_scope(NULL, packet, NULL, NULL,
6415  packet->options, opt_state,
6416  &global_scope, root_group, NULL, NULL);
6417 
6418  /*
6419  * Loop through the IA_PD reported by the client, and deal with
6420  * prefixes reported as already in use.
6421  */
6423  ia != NULL; ia = ia->next) {
6424 
6425  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6426  &cli_enc_opt_data,
6427  packet, ia, IA_PD_OFFSET)) {
6428  goto exit;
6429  }
6430 
6431  iaid = getULong(cli_enc_opt_data.data);
6432 
6433  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6434  D6O_IAPREFIX);
6435  if (oc == NULL) {
6436  /* no prefix given for this IA_PD, ignore */
6437  option_state_dereference(&cli_enc_opt_state, MDL);
6438  data_string_forget(&cli_enc_opt_data, MDL);
6439  continue;
6440  }
6441 
6442  for (; oc != NULL; oc = oc->next) {
6443  memset(&iaprefix, 0, sizeof(iaprefix));
6444  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6445  packet->options, NULL,
6446  &global_scope, oc, MDL)) {
6447  log_error("iterate_over_ia_pd: "
6448  "error evaluating IAPREFIX.");
6449  goto exit;
6450  }
6451 
6452  /*
6453  * Now we need to figure out which host record matches
6454  * this IA_PD and IAPREFIX (encapsulated option contents
6455  * matching a host record by option).
6456  *
6457  * XXX: We don't currently track IA_PD separately, but
6458  * we will need to do this!
6459  */
6460  host = NULL;
6461  if (!find_hosts_by_option(&host, packet,
6462  cli_enc_opt_state, MDL)) {
6463  if (packet_host != NULL) {
6464  host = packet_host;
6465  } else {
6466  host = NULL;
6467  }
6468  }
6469  while (host != NULL) {
6470  if (host->fixed_prefix != NULL) {
6471  struct iaddrcidrnetlist *l;
6472  int plen = (int) getUChar(iaprefix.data + 8);
6473 
6474  for (l = host->fixed_prefix; l != NULL;
6475  l = l->next) {
6476  if (plen != l->cidrnet.bits)
6477  continue;
6478  if (memcmp(iaprefix.data + 9,
6479  l->cidrnet.lo_addr.iabuf,
6480  16) == 0)
6481  break;
6482  }
6483  if ((l != NULL) && (iaprefix.len >= 17))
6484  break;
6485  }
6486  host = host->n_ipaddr;
6487  }
6488 
6489  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6490  /*
6491  * Find existing IA_PD.
6492  */
6493  if (ia_make_key(&key, iaid,
6494  (char *)client_id->data,
6495  client_id->len,
6496  MDL) != ISC_R_SUCCESS) {
6497  log_fatal("iterate_over_ia_pd: no memory for "
6498  "key.");
6499  }
6500 
6501  existing_ia_pd = NULL;
6502  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6503  (unsigned char *)key.data,
6504  key.len, MDL)) {
6505  /*
6506  * Make sure this prefix is in the IA_PD.
6507  */
6508  for (i = 0;
6509  i < existing_ia_pd->num_iasubopt;
6510  i++) {
6511  struct iasubopt *tmp;
6512  u_int8_t plen;
6513 
6514  plen = getUChar(iaprefix.data + 8);
6515  tmp = existing_ia_pd->iasubopt[i];
6516  if ((tmp->plen == plen) &&
6517  (memcmp(&tmp->addr,
6518  iaprefix.data + 9,
6519  16) == 0)) {
6520  iasubopt_reference(&prefix,
6521  tmp, MDL);
6522  break;
6523  }
6524  }
6525  }
6526 
6527  data_string_forget(&key, MDL);
6528  }
6529 
6530  if ((host != NULL) || (prefix != NULL)) {
6531  ia_pd_match(client_id, &iaprefix, prefix);
6532  } else {
6533  ia_pd_nomatch(client_id, &iaprefix,
6534  (u_int32_t *)cli_enc_opt_data.data,
6535  packet, reply_data, &reply_ofs,
6536  reply_len - reply_ofs);
6537  }
6538 
6539  if (prefix != NULL) {
6540  iasubopt_dereference(&prefix, MDL);
6541  }
6542 
6543  data_string_forget(&iaprefix, MDL);
6544  }
6545 
6546  option_state_dereference(&cli_enc_opt_state, MDL);
6547  data_string_forget(&cli_enc_opt_data, MDL);
6548  }
6549 
6550  /*
6551  * Return our reply to the caller.
6552  * The IA_NA routine has already filled at least the header.
6553  */
6554  reply_new.len = reply_ret->len + reply_ofs;
6555  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6556  log_fatal("No memory to store reply.");
6557  }
6558  reply_new.data = reply_new.buffer->data;
6559  memcpy(reply_new.buffer->data,
6560  reply_ret->buffer->data, reply_ret->len);
6561  memcpy(reply_new.buffer->data + reply_ret->len,
6562  reply_data, reply_ofs);
6563  data_string_forget(reply_ret, MDL);
6564  data_string_copy(reply_ret, &reply_new, MDL);
6565  data_string_forget(&reply_new, MDL);
6566 
6567 exit:
6568  if (prefix != NULL) {
6569  iasubopt_dereference(&prefix, MDL);
6570  }
6571  if (iaprefix.buffer != NULL) {
6572  data_string_forget(&iaprefix, MDL);
6573  }
6574  if (cli_enc_opt_state != NULL) {
6575  option_state_dereference(&cli_enc_opt_state, MDL);
6576  }
6577  if (cli_enc_opt_data.buffer != NULL) {
6578  data_string_forget(&cli_enc_opt_data, MDL);
6579  }
6580  if (opt_state != NULL) {
6581  option_state_dereference(&opt_state, MDL);
6582  }
6583 }
6584 
6585 /*
6586  * Release means a client is done with the leases.
6587  */
6588 
6589 static void
6590 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6591  struct data_string client_id;
6592  struct data_string server_id;
6593 
6594  /*
6595  * Validate our input.
6596  */
6597  if (!valid_client_resp(packet, &client_id, &server_id)) {
6598  return;
6599  }
6600 
6601  /* If the RELEASE arrived via unicast and unicast option isn't set,
6602  * reject it per RFC 3315, Sec 18.2.6 */
6603  if (packet->unicast == ISC_TRUE &&
6604  is_unicast_option_defined(packet) == ISC_FALSE) {
6605  unicast_reject(reply, packet, &client_id, &server_id);
6606  } else {
6607  /*
6608  * And operate on each IA_NA in this packet.
6609  */
6610  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6611  "Release", ia_na_match_release,
6612  ia_na_nomatch_release);
6613 
6614  /*
6615  * And operate on each IA_PD in this packet.
6616  */
6617  iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6618  "Release", ia_pd_match_release,
6619  ia_pd_nomatch_release);
6620  }
6621 
6622  data_string_forget(&server_id, MDL);
6623  data_string_forget(&client_id, MDL);
6624 }
6625 
6626 /*
6627  * Information-Request is used by clients who have obtained an address
6628  * from other means, but want configuration information from the server.
6629  */
6630 
6631 static void
6632 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6633  struct data_string client_id;
6634  struct data_string server_id;
6635 
6636  /*
6637  * Validate our input.
6638  */
6639  if (!valid_client_info_req(packet, &server_id)) {
6640  return;
6641  }
6642 
6643  /*
6644  * Get our client ID, if there is one.
6645  */
6646  memset(&client_id, 0, sizeof(client_id));
6647  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6648  data_string_forget(&client_id, MDL);
6649  }
6650 
6651  /*
6652  * Use the lease_to_client() function. This will work fine,
6653  * because the valid_client_info_req() insures that we
6654  * don't have any IA that would cause us to allocate
6655  * resources to the client.
6656  */
6657  lease_to_client(reply, packet, &client_id,
6658  server_id.data != NULL ? &server_id : NULL);
6659 
6660  /*
6661  * Cleanup.
6662  */
6663  if (client_id.data != NULL) {
6664  data_string_forget(&client_id, MDL);
6665  }
6666  data_string_forget(&server_id, MDL);
6667 }
6668 
6669 /*
6670  * The Relay-forw message is sent by relays. It typically contains a
6671  * single option, which encapsulates an entire packet.
6672  *
6673  * We need to build an encapsulated reply.
6674  */
6675 
6676 /* XXX: this is very, very similar to do_packet6(), and should probably
6677  be combined in a clever way */
6678 /* DHCPv6 server side */
6679 static void
6680 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6681  struct option_cache *oc;
6682  struct data_string enc_opt_data;
6683  struct packet *enc_packet;
6684  unsigned char msg_type;
6685  const struct dhcpv6_packet *msg;
6686  const struct dhcpv6_relay_packet *relay;
6687  struct data_string enc_reply;
6688  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6689  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6690  struct data_string a_opt, packet_ero;
6691  struct option_state *opt_state;
6692  static char reply_data[65536];
6693  struct dhcpv6_relay_packet *reply;
6694  int reply_ofs;
6695 
6696  /*
6697  * Initialize variables for early exit.
6698  */
6699  opt_state = NULL;
6700  memset(&a_opt, 0, sizeof(a_opt));
6701  memset(&packet_ero, 0, sizeof(packet_ero));
6702  memset(&enc_reply, 0, sizeof(enc_reply));
6703  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6704  enc_packet = NULL;
6705 
6706  /*
6707  * Get our encapsulated relay message.
6708  */
6710  if (oc == NULL) {
6711  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6712  link_addr, sizeof(link_addr));
6713  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6714  peer_addr, sizeof(peer_addr));
6715  log_info("Relay-forward from %s with link address=%s and "
6716  "peer address=%s missing Relay Message option.",
6717  piaddr(packet->client_addr), link_addr, peer_addr);
6718  goto exit;
6719  }
6720 
6721  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6722  NULL, NULL, &global_scope, oc, MDL)) {
6723  /* should be dhcpv6_relay_forw */
6724  log_error("dhcpv6_forw_relay: error evaluating "
6725  "relayed message.");
6726  goto exit;
6727  }
6728 
6729  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6730  /* should be dhcpv6_relay_forw */
6731  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6732  goto exit;
6733  }
6734 
6735  /*
6736  * Build a packet structure from this encapsulated packet.
6737  */
6738  enc_packet = NULL;
6739  if (!packet_allocate(&enc_packet, MDL)) {
6740  /* should be dhcpv6_relay_forw */
6741  log_error("dhcpv6_forw_relay: "
6742  "no memory for encapsulated packet.");
6743  goto exit;
6744  }
6745 
6746  if (!option_state_allocate(&enc_packet->options, MDL)) {
6747  /* should be dhcpv6_relay_forw */
6748  log_error("dhcpv6_forw_relay: "
6749  "no memory for encapsulated packet's options.");
6750  goto exit;
6751  }
6752 
6753  enc_packet->client_port = packet->client_port;
6754  enc_packet->client_addr = packet->client_addr;
6755  interface_reference(&enc_packet->interface, packet->interface, MDL);
6756  enc_packet->dhcpv6_container_packet = packet;
6757 
6758  msg_type = enc_opt_data.data[0];
6759  if ((msg_type == DHCPV6_RELAY_FORW) ||
6760  (msg_type == DHCPV6_RELAY_REPL)) {
6761  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6762  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6763  enc_packet->dhcpv6_msg_type = relay->msg_type;
6764 
6765  /* relay-specific data */
6766  enc_packet->dhcpv6_hop_count = relay->hop_count;
6767  memcpy(&enc_packet->dhcpv6_link_address,
6768  relay->link_address, sizeof(relay->link_address));
6769  memcpy(&enc_packet->dhcpv6_peer_address,
6770  relay->peer_address, sizeof(relay->peer_address));
6771 
6772  if (!parse_option_buffer(enc_packet->options,
6773  relay->options,
6774  enc_opt_data.len - relaylen,
6775  &dhcpv6_universe)) {
6776  /* no logging here, as parse_option_buffer() logs all
6777  cases where it fails */
6778  goto exit;
6779  }
6780  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6782 #ifdef DHCP4o6
6783  if (!dhcpv4_over_dhcpv6 ||
6785  log_error("dhcpv6_relay_forw: "
6786  "unsupported %s message type.",
6788  goto exit;
6789  }
6790  forw_dhcpv4_query(packet);
6791  goto exit;
6792 #else /* DHCP4o6 */
6793  log_error("dhcpv6_relay_forw: unsupported %s message type.",
6795  goto exit;
6796 #endif /* DHCP4o6 */
6797  } else {
6798  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6799  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6800  enc_packet->dhcpv6_msg_type = msg->msg_type;
6801 
6802  /* message-specific data */
6803  memcpy(enc_packet->dhcpv6_transaction_id,
6804  msg->transaction_id,
6805  sizeof(enc_packet->dhcpv6_transaction_id));
6806 
6807  if (!parse_option_buffer(enc_packet->options,
6808  msg->options,
6809  enc_opt_data.len - msglen,
6810  &dhcpv6_universe)) {
6811  /* no logging here, as parse_option_buffer() logs all
6812  cases where it fails */
6813  goto exit;
6814  }
6815  }
6816 
6817  /*
6818  * This is recursive. It is possible to exceed maximum packet size.
6819  * XXX: This will cause the packet send to fail.
6820  */
6821  build_dhcpv6_reply(&enc_reply, enc_packet);
6822 
6823  /*
6824  * If we got no encapsulated data, then it is discarded, and
6825  * our reply-forw is also discarded.
6826  */
6827  if (enc_reply.data == NULL) {
6828  goto exit;
6829  }
6830 
6831  /*
6832  * Now we can use the reply_data buffer.
6833  * Packet header stuff all comes from the forward message.
6834  */
6835  reply = (struct dhcpv6_relay_packet *)reply_data;
6836  reply->msg_type = DHCPV6_RELAY_REPL;
6837  reply->hop_count = packet->dhcpv6_hop_count;
6838  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6839  sizeof(reply->link_address));
6840  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6841  sizeof(reply->peer_address));
6842  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6843 
6844  /*
6845  * Get the reply option state.
6846  */
6847  opt_state = NULL;
6848  if (!option_state_allocate(&opt_state, MDL)) {
6849  log_error("dhcpv6_relay_forw: no memory for option state.");
6850  goto exit;
6851  }
6852 
6853  /*
6854  * Append the interface-id if present.
6855  */
6858  if (oc != NULL) {
6859  if (!evaluate_option_cache(&a_opt, packet,
6860  NULL, NULL,
6861  packet->options, NULL,
6862  &global_scope, oc, MDL)) {
6863  log_error("dhcpv6_relay_forw: error evaluating "
6864  "Interface ID.");
6865  goto exit;
6866  }
6867  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6868  (unsigned char *)a_opt.data,
6869  a_opt.len,
6870  D6O_INTERFACE_ID, 0)) {
6871  log_error("dhcpv6_relay_forw: error saving "
6872  "Interface ID.");
6873  goto exit;
6874  }
6875  data_string_forget(&a_opt, MDL);
6876  }
6877 
6878 #if defined(RELAY_PORT)
6879  /*
6880  * Append the relay_source_port option if present.
6881  */
6884  if (oc != NULL) {
6885  if (!evaluate_option_cache(&a_opt, packet,
6886  NULL, NULL,
6887  packet->options, NULL,
6888  &global_scope, oc, MDL)) {
6889  log_error("dhcpv6_relay_forw: error evaluating "
6890  "Relay Source Port.");
6891  goto exit;
6892  }
6893  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6894  (unsigned char *)a_opt.data,
6895  a_opt.len,
6896  D6O_RELAY_SOURCE_PORT, 0)) {
6897  log_error("dhcpv6_relay_forw: error saving "
6898  "Relay Source Port.");
6899  goto exit;
6900  }
6901  data_string_forget(&a_opt, MDL);
6902 
6903  packet->relay_source_port = ISC_TRUE;
6904  }
6905 #endif
6906 
6907  /*
6908  * Append our encapsulated stuff for caller.
6909  */
6910  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6911  (unsigned char *)enc_reply.data,
6912  enc_reply.len,
6913  D6O_RELAY_MSG, 0)) {
6914  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6915  goto exit;
6916  }
6917 
6918  /*
6919  * Get the ERO if any.
6920  */
6922  if (oc != NULL) {
6923  unsigned req;
6924  int i;
6925 
6926  if (!evaluate_option_cache(&packet_ero, packet,
6927  NULL, NULL,
6928  packet->options, NULL,
6929  &global_scope, oc, MDL) ||
6930  (packet_ero.len & 1)) {
6931  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6932  goto exit;
6933  }
6934 
6935  /* Decode and apply the ERO. */
6936  for (i = 0; i < packet_ero.len; i += 2) {
6937  req = getUShort(packet_ero.data + i);
6938  /* Already in the reply? */
6939  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6940  if (oc != NULL)
6941  continue;
6942  /* Get it from the packet if present. */
6944  packet->options,
6945  req);
6946  if (oc == NULL)
6947  continue;
6948  if (!evaluate_option_cache(&a_opt, packet,
6949  NULL, NULL,
6950  packet->options, NULL,
6951  &global_scope, oc, MDL)) {
6952  log_error("dhcpv6_relay_forw: error "
6953  "evaluating option %u.", req);
6954  goto exit;
6955  }
6957  opt_state,
6958  NULL,
6959  (unsigned char *)a_opt.data,
6960  a_opt.len,
6961  req,
6962  0)) {
6963  log_error("dhcpv6_relay_forw: error saving "
6964  "option %u.", req);
6965  goto exit;
6966  }
6967  data_string_forget(&a_opt, MDL);
6968  }
6969  }
6970 
6971  reply_ofs += store_options6(reply_data + reply_ofs,
6972  sizeof(reply_data) - reply_ofs,
6973  opt_state, packet,
6974  required_opts_agent, &packet_ero);
6975 
6976  /*
6977  * Return our reply to the caller.
6978  */
6979  reply_ret->len = reply_ofs;
6980  reply_ret->buffer = NULL;
6981  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6982  log_fatal("No memory to store reply.");
6983  }
6984  reply_ret->data = reply_ret->buffer->data;
6985  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6986 
6987 exit:
6988  if (opt_state != NULL)
6989  option_state_dereference(&opt_state, MDL);
6990  if (a_opt.data != NULL) {
6991  data_string_forget(&a_opt, MDL);
6992  }
6993  if (packet_ero.data != NULL) {
6994  data_string_forget(&packet_ero, MDL);
6995  }
6996  if (enc_reply.data != NULL) {
6997  data_string_forget(&enc_reply, MDL);
6998  }
6999  if (enc_opt_data.data != NULL) {
7000  data_string_forget(&enc_opt_data, MDL);
7001  }
7002  if (enc_packet != NULL) {
7003  packet_dereference(&enc_packet, MDL);
7004  }
7005 }
7006 
7007 #ifdef DHCP4o6
7008 /* \brief Internal processing of a relayed DHCPv4-query
7009  * (DHCPv4 server side)
7010  *
7011  * Code copied from \ref dhcpv6_relay_forw() which itself is
7012  * from \ref do_packet6().
7013  *
7014  * \param reply_ret pointer to the response
7015  * \param packet the query
7016  */
7017 static void
7018 dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
7019  struct option_cache *oc;
7020  struct data_string enc_opt_data;
7021  struct packet *enc_packet;
7022  unsigned char msg_type;
7023  const struct dhcpv6_relay_packet *relay;
7024  const struct dhcpv4_over_dhcpv6_packet *msg;
7025  struct data_string enc_reply;
7026  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7027  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7028  struct data_string a_opt, packet_ero;
7029  struct option_state *opt_state;
7030  static char reply_data[65536];
7031  struct dhcpv6_relay_packet *reply;
7032  int reply_ofs;
7033 
7034  /*
7035  * Initialize variables for early exit.
7036  */
7037  opt_state = NULL;
7038  memset(&a_opt, 0, sizeof(a_opt));
7039  memset(&packet_ero, 0, sizeof(packet_ero));
7040  memset(&enc_reply, 0, sizeof(enc_reply));
7041  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7042  enc_packet = NULL;
7043 
7044  /*
7045  * Get our encapsulated relay message.
7046  */
7048  if (oc == NULL) {
7049  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
7050  link_addr, sizeof(link_addr));
7051  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
7052  peer_addr, sizeof(peer_addr));
7053  log_info("Relay-forward from %s with link address=%s and "
7054  "peer address=%s missing Relay Message option.",
7055  piaddr(packet->client_addr), link_addr, peer_addr);
7056  goto exit;
7057  }
7058 
7059  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7060  NULL, NULL, &global_scope, oc, MDL)) {
7061  log_error("dhcp4o6_relay_forw: error evaluating "
7062  "relayed message.");
7063  goto exit;
7064  }
7065 
7066  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
7067  log_error("dhcp4o6_relay_forw: "
7068  "encapsulated packet too short.");
7069  goto exit;
7070  }
7071 
7072  /*
7073  * Build a packet structure from this encapsulated packet.
7074  */
7075  if (!packet_allocate(&enc_packet, MDL)) {
7076  log_error("dhcp4o6_relay_forw: "
7077  "no memory for encapsulated packet.");
7078  goto exit;
7079  }
7080 
7081  if (!option_state_allocate(&enc_packet->options, MDL)) {
7082  log_error("dhcp4o6_relay_forw: "
7083  "no memory for encapsulated packet's options.");
7084  goto exit;
7085  }
7086 
7087  enc_packet->client_port = packet->client_port;
7088  enc_packet->client_addr = packet->client_addr;
7089  interface_reference(&enc_packet->interface, packet->interface, MDL);
7090  enc_packet->dhcpv6_container_packet = packet;
7091 
7092  msg_type = enc_opt_data.data[0];
7093  if ((msg_type == DHCPV6_RELAY_FORW) ||
7094  (msg_type == DHCPV6_RELAY_REPL)) {
7095  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
7096  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
7097  enc_packet->dhcpv6_msg_type = relay->msg_type;
7098 
7099  /* relay-specific data */
7100  enc_packet->dhcpv6_hop_count = relay->hop_count;
7101  memcpy(&enc_packet->dhcpv6_link_address,
7102  relay->link_address, sizeof(relay->link_address));
7103  memcpy(&enc_packet->dhcpv6_peer_address,
7104  relay->peer_address, sizeof(relay->peer_address));
7105 
7106  if (!parse_option_buffer(enc_packet->options,
7107  relay->options,
7108  enc_opt_data.len - relaylen,
7109  &dhcpv6_universe)) {
7110  /* no logging here, as parse_option_buffer() logs all
7111  cases where it fails */
7112  goto exit;
7113  }
7114  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7116  int msglen =
7117  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7118  msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
7119  enc_packet->dhcpv6_msg_type = msg->msg_type;
7120 
7121  /* message-specific data */
7122  memcpy(enc_packet->dhcp4o6_flags,
7123  msg->flags,
7124  sizeof(enc_packet->dhcp4o6_flags));
7125 
7126  if (!parse_option_buffer(enc_packet->options,
7127  msg->options,
7128  enc_opt_data.len - msglen,
7129  &dhcpv6_universe)) {
7130  /* no logging here, as parse_option_buffer() logs all
7131  cases where it fails */
7132  goto exit;
7133  }
7134  } else {
7135  log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
7136  (int)msg_type);
7137  goto exit;
7138  }
7139 
7140  /*
7141  * This is recursive. It is possible to exceed maximum packet size.
7142  * XXX: This will cause the packet send to fail.
7143  */
7144  build_dhcpv6_reply(&enc_reply, enc_packet);
7145 
7146  /*
7147  * If we got no encapsulated data, then it is discarded, and
7148  * our reply-forw is also discarded.
7149  */
7150  if (enc_reply.data == NULL) {
7151  goto exit;
7152  }
7153 
7154  /*
7155  * Now we can use the reply_data buffer.
7156  * Packet header stuff all comes from the forward message.
7157  */
7158  reply = (struct dhcpv6_relay_packet *)reply_data;
7159  reply->msg_type = DHCPV6_RELAY_REPL;
7160  reply->hop_count = packet->dhcpv6_hop_count;
7161  memcpy(reply->link_address, &packet->dhcpv6_link_address,
7162  sizeof(reply->link_address));
7163  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
7164  sizeof(reply->peer_address));
7165  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
7166 
7167  /*
7168  * Get the reply option state.
7169  */
7170  if (!option_state_allocate(&opt_state, MDL)) {
7171  log_error("dhcp4o6_relay_forw: no memory for option state.");
7172  goto exit;
7173  }
7174 
7175  /*
7176  * Append the interface-id if present.
7177  */
7180  if (oc != NULL) {
7181  if (!evaluate_option_cache(&a_opt, packet,
7182  NULL, NULL,
7183  packet->options, NULL,
7184  &global_scope, oc, MDL)) {
7185  log_error("dhcp4o6_relay_forw: error evaluating "
7186  "Interface ID.");
7187  goto exit;
7188  }
7189  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7190  (unsigned char *)a_opt.data,
7191  a_opt.len,
7192  D6O_INTERFACE_ID, 0)) {
7193  log_error("dhcp4o6_relay_forw: error saving "
7194  "Interface ID.");
7195  goto exit;
7196  }
7197  data_string_forget(&a_opt, MDL);
7198  }
7199 
7200 #if defined(RELAY_PORT)
7201  /*
7202  * Append the relay_source_port option if present.
7203  */
7206  if (oc != NULL) {
7207  if (!evaluate_option_cache(&a_opt, packet,
7208  NULL, NULL,
7209  packet->options, NULL,
7210  &global_scope, oc, MDL)) {
7211  log_error("dhcpv4o6_relay_forw: error evaluating "
7212  "Relay Source Port.");
7213  goto exit;
7214  }
7215  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7216  (unsigned char *)a_opt.data,
7217  a_opt.len,
7218  D6O_RELAY_SOURCE_PORT, 0)) {
7219  log_error("dhcpv4o6_relay_forw: error saving "
7220  "Relay Source Port.");
7221  goto exit;
7222  }
7223  data_string_forget(&a_opt, MDL);
7224 
7225  packet->relay_source_port = ISC_TRUE;
7226  }
7227 #endif
7228 
7229  /*
7230  * Append our encapsulated stuff for caller.
7231  */
7232  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7233  (unsigned char *)enc_reply.data,
7234  enc_reply.len,
7235  D6O_RELAY_MSG, 0)) {
7236  log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
7237  goto exit;
7238  }
7239 
7240  /*
7241  * Get the ERO if any.
7242  */
7244  if (oc != NULL) {
7245  unsigned req;
7246  int i;
7247 
7248  if (!evaluate_option_cache(&packet_ero, packet,
7249  NULL, NULL,
7250  packet->options, NULL,
7251  &global_scope, oc, MDL) ||
7252  (packet_ero.len & 1)) {
7253  log_error("dhcp4o6_relay_forw: error evaluating ERO.");
7254  goto exit;
7255  }
7256 
7257  /* Decode and apply the ERO. */
7258  for (i = 0; i < packet_ero.len; i += 2) {
7259  req = getUShort(packet_ero.data + i);
7260  /* Already in the reply? */
7261  oc = lookup_option(&dhcpv6_universe, opt_state, req);
7262  if (oc != NULL)
7263  continue;
7264  /* Get it from the packet if present. */
7266  packet->options,
7267  req);
7268  if (oc == NULL)
7269  continue;
7270  if (!evaluate_option_cache(&a_opt, packet,
7271  NULL, NULL,
7272  packet->options, NULL,
7273  &global_scope, oc, MDL)) {
7274  log_error("dhcp4o6_relay_forw: error "
7275  "evaluating option %u.", req);
7276  goto exit;
7277  }
7279  opt_state,
7280  NULL,
7281  (unsigned char *)a_opt.data,
7282  a_opt.len,
7283  req,
7284  0)) {
7285  log_error("dhcp4o6_relay_forw: error saving "
7286  "option %u.", req);
7287  goto exit;
7288  }
7289  data_string_forget(&a_opt, MDL);
7290  }
7291  }
7292 
7293  reply_ofs += store_options6(reply_data + reply_ofs,
7294  sizeof(reply_data) - reply_ofs,
7295  opt_state, packet,
7296  required_opts_agent, &packet_ero);
7297 
7298  /*
7299  * Return our reply to the caller.
7300  */
7301  reply_ret->len = reply_ofs;
7302  reply_ret->buffer = NULL;
7303  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7304  log_fatal("No memory to store reply.");
7305  }
7306  reply_ret->data = reply_ret->buffer->data;
7307  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
7308 
7309 exit:
7310  if (opt_state != NULL)
7311  option_state_dereference(&opt_state, MDL);
7312  if (a_opt.data != NULL) {
7313  data_string_forget(&a_opt, MDL);
7314  }
7315  if (packet_ero.data != NULL) {
7316  data_string_forget(&packet_ero, MDL);
7317  }
7318  if (enc_reply.data != NULL) {
7319  data_string_forget(&enc_reply, MDL);
7320  }
7321  if (enc_opt_data.data != NULL) {
7322  data_string_forget(&enc_opt_data, MDL);
7323  }
7324  if (enc_packet != NULL) {
7325  packet_dereference(&enc_packet, MDL);
7326  }
7327 }
7328 
7329 /*
7330  * \brief Internal processing of a DHCPv4-query
7331  * (DHCPv4 server function)
7332  *
7333  * Code copied from \ref do_packet().
7334  *
7335  * \param reply_ret pointer to the response
7336  * \param packet the query
7337  */
7338 static void
7339 dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
7340  struct option_cache *oc;
7341  struct data_string enc_opt_data;
7342  struct packet *enc_packet;
7343  struct data_string enc_response;
7344  struct option_state *opt_state;
7345  static char response_data[65536];
7346  struct dhcpv4_over_dhcpv6_packet *response;
7347  int response_ofs;
7348 
7349  /*
7350  * Initialize variables for early exit.
7351  */
7352  opt_state = NULL;
7353  memset(&enc_response, 0, sizeof(enc_response));
7354  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7355  enc_packet = NULL;
7356 
7357  /*
7358  * Get our encapsulated relay message.
7359  */
7361  if (oc == NULL) {
7362  log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
7364  goto exit;
7365  }
7366 
7367  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7368  NULL, NULL, &global_scope, oc, MDL)) {
7369  log_error("dhcp4o6_dhcpv4_query: error evaluating "
7370  "DHCPv4 message.");
7371  goto exit;
7372  }
7373 
7374  if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
7375  log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
7376  goto exit;
7377  }
7378 
7379  /*
7380  * Build a packet structure from this encapsulated packet.
7381  */
7382  if (!packet_allocate(&enc_packet, MDL)) {
7383  log_error("dhcp4o6_dhcpv4_query: "
7384  "no memory for encapsulated packet.");
7385  goto exit;
7386  }
7387 
7388  enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7389  enc_packet->packet_length = enc_opt_data.len;
7390  enc_packet->dhcp4o6_response = &enc_response;
7391  enc_packet->client_port = packet->client_port;
7392  enc_packet->client_addr = packet->client_addr;
7393  interface_reference(&enc_packet->interface, packet->interface, MDL);
7394  enc_packet->dhcpv6_container_packet = packet;
7396  enc_packet->unicast = 1;
7397 
7398  if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7399  log_info("dhcp4o6_dhcpv4_query: "
7400  "discarding packet with bogus hlen.");
7401  goto exit;
7402  }
7403 
7404  /* Allocate packet->options now so it is non-null for all packets */
7405  if (!option_state_allocate (&enc_packet->options, MDL)) {
7406  log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7407  goto exit;
7408  }
7409 
7410  /* If there's an option buffer, try to parse it. */
7411  if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7412  struct option_cache *op;
7413  if (!parse_options(enc_packet)) {
7414  if (enc_packet->options)
7416  (&enc_packet->options, MDL);
7417  packet_dereference (&enc_packet, MDL);
7418  goto exit;
7419  }
7420 
7421  if (enc_packet->options_valid &&
7423  enc_packet->options,
7425  struct data_string dp;
7426  memset(&dp, 0, sizeof dp);
7427  evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7428  enc_packet->options, NULL,
7429  NULL, op, MDL);
7430  if (dp.len > 0)
7431  enc_packet->packet_type = dp.data[0];
7432  else
7433  enc_packet->packet_type = 0;
7434  data_string_forget(&dp, MDL);
7435  }
7436  }
7437 
7438  if (validate_packet(enc_packet) != 0) {
7439  if (enc_packet->packet_type)
7440  dhcp(enc_packet);
7441  else
7442  bootp(enc_packet);
7443  }
7444 
7445  /* If the caller kept the packet, they'll have upped the refcnt. */
7446  packet_dereference(&enc_packet, MDL);
7447 
7448  /*
7449  * If we got no response data, then it is discarded, and
7450  * our DHCPv4-response is also discarded.
7451  */
7452  if (enc_response.data == NULL) {
7453  goto exit;
7454  }
7455 
7456  /*
7457  * Now we can use the response_data buffer.
7458  */
7459  response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7460  response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7461  response->flags[0] = response->flags[1] = response->flags[2] = 0;
7462  response_ofs =
7463  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7464 
7465  /*
7466  * Get the response option state.
7467  */
7468  if (!option_state_allocate(&opt_state, MDL)) {
7469  log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7470  goto exit;
7471  }
7472 
7473  /*
7474  * Append our encapsulated stuff for caller.
7475  */
7476  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7477  (unsigned char *)enc_response.data,
7478  enc_response.len,
7479  D6O_DHCPV4_MSG, 0)) {
7480  log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7481  goto exit;
7482  }
7483 
7484  response_ofs += store_options6(response_data + response_ofs,
7485  sizeof(response_data) - response_ofs,
7486  opt_state, packet,
7487  required_opts_4o6, NULL);
7488 
7489  /*
7490  * Return our response to the caller.
7491  */
7492  reply_ret->len = response_ofs;
7493  reply_ret->buffer = NULL;
7494  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7495  log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7496  }
7497  reply_ret->data = reply_ret->buffer->data;
7498  memcpy(reply_ret->buffer->data, response_data, response_ofs);
7499 
7500 exit:
7501  if (opt_state != NULL)
7502  option_state_dereference(&opt_state, MDL);
7503  if (enc_response.data != NULL) {
7504  data_string_forget(&enc_response, MDL);
7505  }
7506  if (enc_opt_data.data != NULL) {
7507  data_string_forget(&enc_opt_data, MDL);
7508  }
7509  if (enc_packet != NULL) {
7510  packet_dereference(&enc_packet, MDL);
7511  }
7512 }
7513 
7514 /*
7515  * \brief Forward a DHCPv4-query message to the DHCPv4 side
7516  * (DHCPv6 server function)
7517  *
7518  * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7519  *
7520  * \brief packet the DHCPv6 DHCPv4-query message
7521  */
7522 static void forw_dhcpv4_query(struct packet *packet) {
7523  struct data_string ds;
7524  struct udp_data4o6 udp_data;
7525  unsigned len;
7526  int cc;
7527 
7528  /* Get the initial message. */
7529  while (packet->dhcpv6_container_packet != NULL)
7531 
7532  /* Check the initial message. */
7533  if ((packet->raw == NULL) ||
7534  (packet->client_addr.len != 16) ||
7535  (packet->interface == NULL)) {
7536  log_error("forw_dhcpv4_query: can't find initial message.");
7537  return;
7538  }
7539 
7540  /* Get a buffer. */
7541  len = packet->packet_length + 36;
7542  memset(&ds, 0, sizeof(ds));
7543  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7544  log_error("forw_dhcpv4_query: "
7545  "no memory for encapsulating packet.");
7546  return;
7547  }
7548  ds.data = ds.buffer->data;
7549  ds.len = len;
7550 
7551  /* Fill the buffer. */
7552  strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7553  memcpy(ds.buffer->data + 16,
7554  packet->client_addr.iabuf, 16);
7555  memset(&udp_data, 0, sizeof(udp_data));
7556  udp_data.src_port = packet->client_port;
7557  memcpy(ds.buffer->data + 32, &udp_data, 4);
7558  memcpy(ds.buffer->data + 36,
7559  (unsigned char *)packet->raw,
7561 
7562  /* Forward to the DHCPv4 server. */
7563  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7564  if (cc < 0)
7565  log_error("forw_dhcpv4_query: send(): %m");
7566  data_string_forget(&ds, MDL);
7567 }
7568 #endif
7569 
7570 static void
7571 dhcpv6_discard(struct packet *packet) {
7572  /* INSIST(packet->msg_type > 0); */
7573  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7574 
7575  log_debug("Discarding %s from %s; message type not handled by server",
7578 }
7579 
7580 static void
7581 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7582  memset(reply, 0, sizeof(*reply));
7583 
7584  /* I would like to classify the client once here, but
7585  * as I don't want to classify all of the incoming packets
7586  * I need to do it before handling specific types.
7587  * We don't need to classify if we are tossing the packet
7588  * or if it is a relay - the classification step will get
7589  * done when we process the inner client packet.
7590  */
7591 
7592  switch (packet->dhcpv6_msg_type) {
7593  case DHCPV6_SOLICIT:
7595  dhcpv6_solicit(reply, packet);
7596  break;
7597  case DHCPV6_ADVERTISE:
7598  dhcpv6_discard(packet);
7599  break;
7600  case DHCPV6_REQUEST:
7602  dhcpv6_request(reply, packet);
7603  break;
7604  case DHCPV6_CONFIRM:
7606  dhcpv6_confirm(reply, packet);
7607  break;
7608  case DHCPV6_RENEW:
7610  dhcpv6_renew(reply, packet);
7611  break;
7612  case DHCPV6_REBIND:
7614  dhcpv6_rebind(reply, packet);
7615  break;
7616  case DHCPV6_REPLY:
7617  dhcpv6_discard(packet);
7618  break;
7619  case DHCPV6_RELEASE:
7621  dhcpv6_release(reply, packet);
7622  break;
7623  case DHCPV6_DECLINE:
7625  dhcpv6_decline(reply, packet);
7626  break;
7627  case DHCPV6_RECONFIGURE:
7628  dhcpv6_discard(packet);
7629  break;
7632  dhcpv6_information_request(reply, packet);
7633  break;
7634  case DHCPV6_RELAY_FORW:
7635 #ifdef DHCP4o6
7636  if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7637  dhcp4o6_relay_forw(reply, packet);
7638  else
7639 #endif /* DHCP4o6 */
7640  dhcpv6_relay_forw(reply, packet);
7641  break;
7642  case DHCPV6_RELAY_REPL:
7643  dhcpv6_discard(packet);
7644  break;
7645  case DHCPV6_LEASEQUERY:
7647  dhcpv6_leasequery(reply, packet);
7648  break;
7650  dhcpv6_discard(packet);
7651  break;
7652  case DHCPV6_DHCPV4_QUERY:
7653 #ifdef DHCP4o6
7654  if (dhcpv4_over_dhcpv6) {
7655  if (local_family == AF_INET6) {
7656  forw_dhcpv4_query(packet);
7657  } else {
7658  dhcp4o6_dhcpv4_query(reply, packet);
7659  }
7660  } else
7661 #endif /* DHCP4o6 */
7662  dhcpv6_discard(packet);
7663  break;
7665  dhcpv6_discard(packet);
7666  break;
7667  default:
7668  /* XXX: would be nice if we had "notice" level,
7669  as syslog, for this */
7670  log_info("Discarding unknown DHCPv6 message type %d "
7671  "from %s", packet->dhcpv6_msg_type,
7673  }
7674 }
7675 
7676 static void
7677 log_packet_in(const struct packet *packet) {
7678  struct data_string s;
7679  u_int32_t tid;
7680  char tmp_addr[INET6_ADDRSTRLEN];
7681  const void *addr;
7682 
7683  memset(&s, 0, sizeof(s));
7684 
7686  data_string_sprintfa(&s, "%s message from %s port %d",
7689  ntohs(packet->client_port));
7690  } else {
7692  "Unknown message type %d from %s port %d",
7695  ntohs(packet->client_port));
7696  }
7699  addr = &packet->dhcpv6_link_address;
7700  data_string_sprintfa(&s, ", link address %s",
7701  inet_ntop(AF_INET6, addr,
7702  tmp_addr, sizeof(tmp_addr)));
7703  addr = &packet->dhcpv6_peer_address;
7704  data_string_sprintfa(&s, ", peer address %s",
7705  inet_ntop(AF_INET6, addr,
7706  tmp_addr, sizeof(tmp_addr)));
7707  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7709  tid = 0;
7710  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7711  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7712 
7713 /*
7714  oc = lookup_option(&dhcpv6_universe, packet->options,
7715  D6O_CLIENTID);
7716  if (oc != NULL) {
7717  memset(&tmp_ds, 0, sizeof(tmp_ds_));
7718  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7719  packet->options, NULL,
7720  &global_scope, oc, MDL)) {
7721  log_error("Error evaluating Client Identifier");
7722  } else {
7723  data_strint_sprintf(&s, ", client ID %s",
7724 
7725  data_string_forget(&tmp_ds, MDL);
7726  }
7727  }
7728 */
7729 
7730  }
7731  log_info("%s", s.data);
7732 
7733  data_string_forget(&s, MDL);
7734 }
7735 
7736 void
7737 dhcpv6(struct packet *packet) {
7738  struct data_string reply;
7739  struct sockaddr_in6 to_addr;
7740  int send_ret;
7741 
7742  /*
7743  * Log a message that we received this packet.
7744  */
7745  log_packet_in(packet);
7746 
7747  /*
7748  * Build our reply packet.
7749  */
7750  build_dhcpv6_reply(&reply, packet);
7751 
7752  if (reply.data != NULL) {
7753  /*
7754  * Send our reply, if we have one.
7755  */
7756  memset(&to_addr, 0, sizeof(to_addr));
7757  to_addr.sin6_family = AF_INET6;
7760  to_addr.sin6_port = local_port;
7761  } else {
7762  to_addr.sin6_port = remote_port;
7763  }
7764 
7765 #if defined (REPLY_TO_SOURCE_PORT)
7766  /*
7767  * This appears to have been included for testing so we would
7768  * not need a root client, but was accidently left in the
7769  * final code. We continue to include it in case
7770  * some users have come to rely upon it, but leave
7771  * it off by default as it's a bad idea.
7772  */
7773  to_addr.sin6_port = packet->client_port;
7774 #endif
7775 
7776 #if defined(RELAY_PORT)
7777  /*
7778  * Check relay source port.
7779  */
7780  if (packet->relay_source_port) {
7781  to_addr.sin6_port = packet->client_port;
7782  }
7783 #endif
7784 
7785  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7786  sizeof(to_addr.sin6_addr));
7787 
7788  log_info("Sending %s to %s port %d",
7789  dhcpv6_type_names[reply.data[0]],
7791  ntohs(to_addr.sin6_port));
7792 
7793  send_ret = send_packet6(packet->interface,
7794  reply.data, reply.len, &to_addr);
7795  if (send_ret != reply.len) {
7796  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7797  send_ret, reply.len);
7798  }
7799  data_string_forget(&reply, MDL);
7800  }
7801 }
7802 
7803 #ifdef DHCP4o6
7804 /*
7805  * \brief Receive a DHCPv4-query message from the DHCPv6 side
7806  * (DHCPv4 server function)
7807  *
7808  * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7809  * (code copied from \ref do_packet6() \ref and dhcpv6())
7810  *
7811  * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7812  *
7813  * \param raw the DHCPv6 DHCPv4-query message raw content
7814  */
7815 static void recv_dhcpv4_query(struct data_string *raw) {
7816  struct interface_info *ip;
7817  char name[16 + 1];
7818  struct iaddr iaddr;
7819  struct packet *packet;
7820  unsigned char msg_type;
7821  const struct dhcpv6_relay_packet *relay;
7822  const struct dhcpv4_over_dhcpv6_packet *msg;
7823  struct data_string reply;
7824  struct data_string ds;
7825  struct udp_data4o6 udp_data;
7826  unsigned len;
7827  int cc;
7828 
7829  memset(name, 0, sizeof(name));
7830  memcpy(name, raw->data, 16);
7831  for (ip = interfaces; ip != NULL; ip = ip->next) {
7832  if (!strcmp(name, ip->name))
7833  break;
7834  }
7835  if (ip == NULL) {
7836  log_error("recv_dhcpv4_query: can't find interface %s.",
7837  name);
7838  return;
7839  }
7840 
7841  iaddr.len = 16;
7842  memcpy(iaddr.iabuf, raw->data + 16, 16);
7843 
7844  memset(&udp_data, 0, sizeof(udp_data));
7845  memcpy(&udp_data, raw->data + 32, 4);
7846 
7847  /*
7848  * From do_packet6().
7849  */
7850 
7851  if (!packet6_len_okay((char *)raw->data + 36, raw->len - 36)) {
7852  log_error("recv_dhcpv4_query: "
7853  "short packet from %s, len %d, dropped",
7854  piaddr(iaddr), raw->len - 36);
7855  return;
7856  }
7857 
7858  /*
7859  * Build a packet structure.
7860  */
7861  packet = NULL;
7862  if (!packet_allocate(&packet, MDL)) {
7863  log_error("recv_dhcpv4_query: no memory for packet.");
7864  return;
7865  }
7866 
7868  log_error("recv_dhcpv4_query: no memory for options.");
7870  return;
7871  }
7872 
7873  packet->raw = (struct dhcp_packet *)(raw->data + 36);
7874  packet->packet_length = raw->len - 36;
7875  packet->client_port = udp_data.src_port;
7877  interface_reference(&packet->interface, ip, MDL);
7878 
7879  msg_type = raw->data[36];
7880  if ((msg_type == DHCPV6_RELAY_FORW) ||
7881  (msg_type == DHCPV6_RELAY_REPL)) {
7882  int relaylen =
7883  (int)(offsetof(struct dhcpv6_relay_packet, options));
7884  relay = (const struct dhcpv6_relay_packet *)(raw->data + 36);
7885  packet->dhcpv6_msg_type = relay->msg_type;
7886 
7887  /* relay-specific data */
7888  packet->dhcpv6_hop_count = relay->hop_count;
7889  memcpy(&packet->dhcpv6_link_address,
7890  relay->link_address, sizeof(relay->link_address));
7891  memcpy(&packet->dhcpv6_peer_address,
7892  relay->peer_address, sizeof(relay->peer_address));
7893 
7895  relay->options,
7896  raw->len - 36 - relaylen,
7897  &dhcpv6_universe)) {
7898  /* no logging here, as parse_option_buffer() logs all
7899  cases where it fails */
7901  return;
7902  }
7903  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7905  int msglen =
7906  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7907  msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 36);
7909 
7910  /* message-specific data */
7911  memcpy(packet->dhcp4o6_flags, msg->flags,
7912  sizeof(packet->dhcp4o6_flags));
7913 
7915  msg->options,
7916  raw->len - 36 - msglen,
7917  &dhcpv6_universe)) {
7918  /* no logging here, as parse_option_buffer() logs all
7919  cases where it fails */
7921  return;
7922  }
7923  } else {
7924  log_error("recv_dhcpv4_query: unexpected message of type %d.",
7925  (int)msg_type);
7927  return;
7928  }
7929 
7930  /*
7931  * From dhcpv6().
7932  */
7933 
7934  /*
7935  * Log a message that we received this packet.
7936  */
7937  /* log_packet_in(packet); */
7938  memset(&ds, 0, sizeof(ds));
7940  data_string_sprintfa(&ds, "%s message from %s",
7943  } else {
7945  "Unknown message type %d from %s",
7948  }
7951  char tmp_addr[INET6_ADDRSTRLEN];
7952  const void *addr;
7953 
7954  addr = &packet->dhcpv6_link_address;
7955  data_string_sprintfa(&ds, ", link address %s",
7956  inet_ntop(AF_INET6, addr,
7957  tmp_addr, sizeof(tmp_addr)));
7958  addr = &packet->dhcpv6_peer_address;
7959  data_string_sprintfa(&ds, ", peer address %s",
7960  inet_ntop(AF_INET6, addr,
7961  tmp_addr, sizeof(tmp_addr)));
7962  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7964  u_int32_t tid = 0;
7965 
7966  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7967  data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7968  }
7969  log_info("%s", ds.data);
7970  data_string_forget(&ds, MDL);
7971 
7972  /*
7973  * Build our reply packet.
7974  */
7975  build_dhcpv6_reply(&reply, packet);
7976 
7977  if (reply.data == NULL) {
7979  return;
7980  }
7981 
7982  /*
7983  * Forward the response.
7984  */
7985  len = reply.len + 36;
7986  memset(&ds, 0, sizeof(ds));
7987  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7988  log_error("recv_dhcpv4_query: no memory.");
7990  return;
7991  }
7992  ds.data = ds.buffer->data;
7993  ds.len = len;
7994 
7995  memcpy(ds.buffer->data, name, 16);
7996  memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7997  udp_data.rsp_opt_exist = packet->relay_source_port ? 1 : 0;
7998  memcpy(ds.buffer->data + 32, &udp_data, 4);
7999  memcpy(ds.buffer->data + 36, reply.data, reply.len);
8000 
8001  /*
8002  * Now we can release the packet.
8003  */
8005 
8006  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
8007  if (cc < 0)
8008  log_error("recv_dhcpv4_query: send(): %m");
8009  data_string_forget(&ds, MDL);
8010 }
8011 #endif /* DHCP4o6 */
8012 
8013 static void
8014 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
8015  struct host_decl *nofixed = NULL;
8016  struct host_decl *seek, *hold = NULL;
8017 
8018  /*
8019  * Seek forward through fixed addresses for the right link.
8020  *
8021  * Note: how to do this for fixed prefixes???
8022  */
8023  host_reference(&hold, *hp, MDL);
8024  host_dereference(hp, MDL);
8025  seek = hold;
8026  while (seek != NULL) {
8027  if (seek->fixed_addr == NULL)
8028  nofixed = seek;
8029  else if (fixed_matches_shared(seek, shared))
8030  break;
8031 
8032  seek = seek->n_ipaddr;
8033  }
8034 
8035  if ((seek == NULL) && (nofixed != NULL))
8036  seek = nofixed;
8037 
8038  if (seek != NULL)
8039  host_reference(hp, seek, MDL);
8040 }
8041 
8042 static isc_boolean_t
8043 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
8044  struct subnet *subnet;
8045  struct data_string addr;
8046  isc_boolean_t matched;
8047  struct iaddr fixed;
8048 
8049  if (host->fixed_addr == NULL)
8050  return ISC_FALSE;
8051 
8052  memset(&addr, 0, sizeof(addr));
8053  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
8054  &global_scope, host->fixed_addr, MDL))
8055  return ISC_FALSE;
8056 
8057  if (addr.len < 16) {
8058  data_string_forget(&addr, MDL);
8059  return ISC_FALSE;
8060  }
8061 
8062  fixed.len = 16;
8063  memcpy(fixed.iabuf, addr.data, 16);
8064 
8065  matched = ISC_FALSE;
8066  for (subnet = shared->subnets ; subnet != NULL ;
8067  subnet = subnet->next_sibling) {
8068  if (addr_eq(subnet_number(fixed, subnet->netmask),
8069  subnet->net)) {
8070  matched = ISC_TRUE;
8071  break;
8072  }
8073  }
8074 
8075  data_string_forget(&addr, MDL);
8076  return matched;
8077 }
8078 
8095 void
8096 unicast_reject(struct data_string *reply_ret,
8097  struct packet *packet,
8098  const struct data_string *client_id,
8099  const struct data_string *server_id)
8100 {
8101  struct reply_state reply;
8102  memset(&reply, 0x0, sizeof(struct reply_state));
8103 
8104  /* Locate the client. */
8105  if (shared_network_from_packet6(&reply.shared, packet)
8106  != ISC_R_SUCCESS) {
8107  log_error("unicast_reject: could not locate client.");
8108  return;
8109  }
8110 
8111  /* Initialize the reply. */
8112  packet_reference(&reply.packet, packet, MDL);
8113  data_string_copy(&reply.client_id, client_id, MDL);
8114 
8115  if (start_reply(packet, client_id, server_id, &reply.opt_state,
8116  &reply.buf.reply)) {
8117  /* Set the UseMulticast status code. */
8118  if (!set_status_code(STATUS_UseMulticast,
8119  "Unicast not allowed by server.",
8120  reply.opt_state)) {
8121  log_error("unicast_reject: Unable to set status code.");
8122  } else {
8123  /* Set write cursor to just past the reply header. */
8124  reply.cursor = REPLY_OPTIONS_INDEX;
8125  reply.cursor += store_options6(((char *)reply.buf.data
8126  + reply.cursor),
8127  (sizeof(reply.buf)
8128  - reply.cursor),
8129  reply.opt_state,
8130  reply.packet,
8131  unicast_reject_opts,
8132  NULL);
8133 
8134  /* Return our reply to the caller. */
8135  reply_ret->len = reply.cursor;
8136  reply_ret->buffer = NULL;
8137  if (!buffer_allocate(&reply_ret->buffer,
8138  reply.cursor, MDL)) {
8139  log_fatal("unicast_reject:"
8140  "No memory to store Reply.");
8141  }
8142 
8143  memcpy(reply_ret->buffer->data, reply.buf.data,
8144  reply.cursor);
8145  reply_ret->data = reply_ret->buffer->data;
8146  }
8147 
8148  }
8149 
8150  /* Cleanup. */
8151  if (reply.shared != NULL)
8152  shared_network_dereference(&reply.shared, MDL);
8153  if (reply.opt_state != NULL)
8154  option_state_dereference(&reply.opt_state, MDL);
8155  if (reply.packet != NULL)
8156  packet_dereference(&reply.packet, MDL);
8157  if (reply.client_id.data != NULL)
8158  data_string_forget(&reply.client_id, MDL);
8159 }
8160 
8179 isc_boolean_t
8180 is_unicast_option_defined(struct packet *packet) {
8181  isc_boolean_t is_defined = ISC_FALSE;
8182  struct option_state *opt_state = NULL;
8183  struct option_cache *oc = NULL;
8184  struct shared_network *shared = NULL;
8185 
8186  if (!option_state_allocate(&opt_state, MDL)) {
8187  log_fatal("is_unicast_option_defined:"
8188  "No memory for option state.");
8189  }
8190 
8191  /* We try to map the packet to a network first by an IA_XX value.
8192  * If that fails, we try by packet source. */
8193  if (((shared_network_from_requested_addr(&shared, packet)
8194  != ISC_R_SUCCESS) &&
8195  (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
8196  || (shared == NULL)) {
8197  /* @todo what would this really mean? I think wrong network
8198  * logic will catch it */
8199  log_error("is_unicast_option_defined:"
8200  "cannot attribute packet to a network.");
8201  return (ISC_FALSE);
8202  }
8203 
8204  /* Now that we've mapped it to a network, execute statments to that
8205  * scope, looking for the unicast option. We don't care about the
8206  * value of the option, only whether or not it is defined. */
8207  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
8208  &global_scope, shared->group, NULL, NULL);
8209 
8210  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
8211  is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
8212  log_debug("is_unicast_option_defined: option found : %d", is_defined);
8213 
8214  if (shared != NULL) {
8215  shared_network_dereference(&shared, MDL);
8216  }
8217 
8218  if (opt_state != NULL) {
8219  option_state_dereference(&opt_state, MDL);
8220  }
8221 
8222  return (is_defined);
8223 }
8224 
8240 static isc_result_t
8241 shared_network_from_requested_addr (struct shared_network **shared,
8242  struct packet* packet) {
8243  struct iaddr iaddr;
8244  struct subnet* subnet = NULL;
8245  isc_result_t status = ISC_R_FAILURE;
8246 
8247  /* Try to match first IA_ address or prefix we find to a subnet. In
8248  * theory all IA_ values in a given request are supposed to be in the
8249  * same subnet so we only need to try one right? */
8250  if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
8251  && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
8252  != ISC_R_SUCCESS)
8253  && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
8254  != ISC_R_SUCCESS)) {
8255  /* we found nothing to match against */
8256  log_debug("share_network_from_request_addr: nothing to match");
8257  return (ISC_R_FAILURE);
8258  }
8259 
8260  if (!find_subnet(&subnet, iaddr, MDL)) {
8261  log_debug("shared_network_from_requested_addr:"
8262  "No subnet found for addr %s.", piaddr(iaddr));
8263  } else {
8264  status = shared_network_reference(shared,
8266  subnet_dereference(&subnet, MDL);
8267  log_debug("shared_network_from_requested_addr:"
8268  " found shared network %s for address %s.",
8269  ((*shared)->name ? (*shared)->name : "unnamed"),
8270  piaddr(iaddr));
8271  return (status);
8272  }
8273 
8274  return (ISC_R_FAILURE);
8275 }
8276 
8295 static isc_result_t
8296 get_first_ia_addr_val (struct packet* packet, int addr_type,
8297  struct iaddr* iaddr) {
8298  struct option_cache *ia;
8299  struct option_cache *oc = NULL;
8300  struct data_string cli_enc_opt_data;
8301  struct option_state *cli_enc_opt_state;
8302  int addr_opt_offset;
8303  int addr_opt;
8304  int addr_opt_data_len;
8305  int ip_addr_offset;
8306 
8307  isc_result_t status = ISC_R_FAILURE;
8308  memset(iaddr, 0, sizeof(struct iaddr));
8309 
8310  /* Set up address type specifics */
8311  switch (addr_type) {
8312  case D6O_IA_NA:
8313  addr_opt_offset = IA_NA_OFFSET;
8314  addr_opt = D6O_IAADDR;
8315  addr_opt_data_len = 24;
8316  ip_addr_offset = 0;
8317  break;
8318  case D6O_IA_TA:
8319  addr_opt_offset = IA_TA_OFFSET;
8320  addr_opt = D6O_IAADDR;
8321  addr_opt_data_len = 24;
8322  ip_addr_offset = 0;
8323  break;
8324  case D6O_IA_PD:
8325  addr_opt_offset = IA_PD_OFFSET;
8326  addr_opt = D6O_IAPREFIX;
8327  addr_opt_data_len = 25;
8328  ip_addr_offset = 9;
8329  break;
8330  default:
8331  /* shouldn't be here */
8332  log_error ("get_first_ia_addr_val: invalid opt type %d",
8333  addr_type);
8334  return (ISC_R_FAILURE);
8335  }
8336 
8337  /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
8338  for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
8339  ia != NULL && oc == NULL; ia = ia->next) {
8340  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
8341  &cli_enc_opt_data,
8342  packet, ia, addr_opt_offset)) {
8343  log_debug ("get_first_ia_addr_val:"
8344  " couldn't unroll enclosing option");
8345  return (ISC_R_FAILURE);
8346  }
8347 
8348  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
8349  addr_opt);
8350  if (oc == NULL) {
8351  /* no address given for this IA, ignore */
8352  option_state_dereference(&cli_enc_opt_state, MDL);
8353  data_string_forget(&cli_enc_opt_data, MDL);
8354  }
8355  }
8356 
8357  /* If we found a non-blank IA_XX then extract its ip address. */
8358  if (oc != NULL) {
8359  struct data_string iaddr_str;
8360 
8361  memset(&iaddr_str, 0, sizeof(iaddr_str));
8362  if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
8363  packet->options, NULL, &global_scope,
8364  oc, MDL)) {
8365  log_error("get_first_ia_addr_val: "
8366  "error evaluating IA_XX option.");
8367  } else {
8368  if (iaddr_str.len != addr_opt_data_len) {
8369  log_error("shared_network_from_requested_addr:"
8370  " invalid length %d, expected %d",
8371  iaddr_str.len, addr_opt_data_len);
8372  } else {
8373  iaddr->len = 16;
8374  memcpy (iaddr->iabuf,
8375  iaddr_str.data + ip_addr_offset, 16);
8376  status = ISC_R_SUCCESS;
8377  }
8378  data_string_forget(&iaddr_str, MDL);
8379  }
8380 
8381  option_state_dereference(&cli_enc_opt_state, MDL);
8382  data_string_forget(&cli_enc_opt_data, MDL);
8383  }
8384 
8385  return (status);
8386 }
8387 
8388 /*
8389 * \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
8390 *
8391 * T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
8392 * options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
8393 * where these can be configured by an administrator. A value of zero tells the
8394 * client it may choose its own value.
8395 *
8396 * When those options are not defined, the values will be set to zero unless
8397 * the global option, dhcpv6-set-tee-times is enabled. When this option is
8398 * enabled the values are calculated as recommended by RFC 3315, Section 22.4:
8399 *
8400 * T1 will be set to 0.5 times the shortest preferred lifetime
8401 * in the IA_XX option. If the "shortest" preferred lifetime is
8402 * 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
8403 *
8404 * T2 will be set to 0.8 times the shortest preferred lifetime
8405 * in the IA_XX option. If the "shortest" preferred lifetime is
8406 * 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
8407 *
8408 * Note that dhcpv6-set-tee-times is intended to be transitional and will
8409 * likely be removed in 4.4.0, leaving the behavior as getting the values
8410 * either from the configured parameters (if you want zeros, define them as
8411 * zeros) or by calculating them per the RFC.
8412 *
8413 * \param reply - pointer to the reply_state structure
8414 * \param ia_cursor - offset of the beginning of the IA_XX option within the
8415 * reply's outbound data buffer
8416 */
8417 static void
8418 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8419 {
8420  struct option_cache *oc;
8421  int set_tee_times;
8422 
8423  /* Found out if calculated values are enabled. */
8424  oc = lookup_option(&server_universe, reply->opt_state,
8426  set_tee_times = (oc &&
8427  evaluate_boolean_option_cache(NULL, reply->packet,
8428  NULL, NULL,
8429  reply->packet->options,
8430  reply->opt_state,
8431  &global_scope, oc, MDL));
8432 
8433  oc = lookup_option(&dhcp_universe, reply->opt_state,
8435  if (oc != NULL) {
8436  /* dhcp-renewal-time is defined, use it */
8437  struct data_string data;
8438  memset(&data, 0x00, sizeof(data));
8439 
8440  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8441  reply->packet->options,
8442  reply->opt_state, &global_scope,
8443  oc, MDL) ||
8444  (data.len != 4)) {
8445  log_error("Invalid renewal time.");
8446  reply->renew = 0;
8447  } else {
8448  reply->renew = getULong(data.data);
8449  }
8450 
8451  if (data.data != NULL)
8453  } else if (set_tee_times) {
8454  /* Setting them is enabled so T1 is either infinite or
8455  * 0.5 * the shortest preferred lifetime in the IA_XX */
8456  if (reply->min_prefer == INFINITE_TIME)
8457  reply->renew = INFINITE_TIME;
8458  else
8459  reply->renew = reply->min_prefer / 2;
8460  } else {
8461  /* Default is to let the client choose */
8462  reply->renew = 0;
8463  }
8464 
8465  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8466 
8467  /* Now T2. */
8468  oc = lookup_option(&dhcp_universe, reply->opt_state,
8470  if (oc != NULL) {
8471  /* dhcp-rebinding-time is defined, use it */
8472  struct data_string data;
8473  memset(&data, 0x00, sizeof(data));
8474 
8475  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8476  reply->packet->options,
8477  reply->opt_state, &global_scope,
8478  oc, MDL) ||
8479  (data.len != 4)) {
8480  log_error("Invalid rebinding time.");
8481  reply->rebind = 0;
8482  } else {
8483  reply->rebind = getULong(data.data);
8484  }
8485 
8486  if (data.data != NULL)
8488  } else if (set_tee_times) {
8489  /* Setting them is enabled so T2 is either infinite or
8490  * 0.8 * the shortest preferred lifetime in the reply */
8491  if (reply->min_prefer == INFINITE_TIME)
8492  reply->rebind = INFINITE_TIME;
8493  else
8494  reply->rebind = (reply->min_prefer / 5) * 4;
8495  } else {
8496  /* Default is to let the client choose */
8497  reply->rebind = 0;
8498  }
8499 
8500  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8501 }
8502 
8503 /*
8504  * Releases the iasubopts in the pre-existing IA, if they are not in
8505  * the same shared-network as the new IA.
8506  *
8507  * returns 1 if the release was done, 0 otherwise
8508  */
8509 int
8510 release_on_roam(struct reply_state* reply) {
8511  struct ia_xx* old_ia = reply->old_ia;
8512  struct iasubopt *lease = NULL;
8513  int i;
8514 
8515  if ((!do_release_on_roam) || old_ia == NULL
8516  || old_ia->num_iasubopt <= 0) {
8517  return(0);
8518  }
8519 
8520  /* If the old shared-network and new are the same, client hasn't
8521  * roamed, nothing to do. We only check the first one because you
8522  * cannot have iasubopts on different shared-networks within a
8523  * single ia. */
8524  lease = old_ia->iasubopt[0];
8525  if (lease->ipv6_pool->shared_network == reply->shared) {
8526  return (0);
8527  }
8528 
8529  /* Old and new are on different shared networks so the client must
8530  * roamed. Release the old leases. */
8531  for (i = 0; i < old_ia->num_iasubopt; i++) {
8532  lease = old_ia->iasubopt[i];
8533 
8534  log_info("Client: %s roamed to new network,"
8535  " releasing lease: %s%s",
8536  print_hex_1(reply->client_id.len,
8537  reply->client_id.data, 60),
8538  pin6_addr(&lease->addr), iasubopt_plen_str(lease));
8539 
8540  release_lease6(lease->ipv6_pool, lease);
8541  lease->ia->cltt = cur_time;
8542  write_ia(lease->ia);
8543  }
8544 
8545  return (1);
8546 }
8547 
8548 /*
8549  * Convenience function which returns a string (static buffer)
8550  * containing either a "/" followed by the prefix length or an
8551  * empty string depending on the lease type
8552  */
8553 const char *iasubopt_plen_str(struct iasubopt *lease) {
8554  static char prefix_buf[16];
8555  *prefix_buf = 0;
8556  if ((lease->ia) && (lease->ia->ia_type == D6O_IA_PD)) {
8557  sprintf(prefix_buf, "/%-d", lease->plen);
8558  }
8559 
8560  return (prefix_buf);
8561 }
8562 
8563 #ifdef NSUPDATE
8564 /*
8565  * Initiates DDNS updates for static v6 leases if configured to do so.
8566  *
8567  * The function, which must be called after the IA has been written to the
8568  * packet, adds an iasubopt to the IA for static lease. This is done so we
8569  * have an iasubopt to pass into ddns_updates(). A reference to the IA is
8570  * added to the DDNS control block to ensure it and it's iasubopt remain in
8571  * scope until the update is complete.
8572  *
8573  */
8574 void ddns_update_static6(struct reply_state* reply) {
8575  struct iasubopt *iasub = NULL;
8576  struct binding_scope *scope = NULL;
8577  struct option_cache *oc = NULL;
8578 
8579  oc = lookup_option(&server_universe, reply->opt_state, SV_DDNS_UPDATES);
8580  if ((oc != NULL) &&
8581  (evaluate_boolean_option_cache(NULL, reply->packet, NULL, NULL,
8582  reply->packet->options,
8583  reply->opt_state, NULL,
8584  oc, MDL) == 0)) {
8585  return;
8586  }
8587 
8588  oc = lookup_option(&server_universe, reply->opt_state,
8590  if ((oc == NULL) ||
8591  (evaluate_boolean_option_cache(NULL, reply->packet,
8592  NULL, NULL,
8593  reply->packet->options,
8594  reply->opt_state, NULL,
8595  oc, MDL) == 0)) {
8596  return;
8597  }
8598 
8599  if (iasubopt_allocate(&iasub, MDL) != ISC_R_SUCCESS) {
8600  log_fatal("No memory for iasubopt.");
8601  }
8602 
8603  if (ia_add_iasubopt(reply->ia, iasub, MDL) != ISC_R_SUCCESS) {
8604  log_fatal("Could not add iasubopt.");
8605  }
8606 
8607  ia_reference(&iasub->ia, reply->ia, MDL);
8608 
8609  memcpy(iasub->addr.s6_addr, reply->fixed.data, 16);
8610  iasub->plen = 0;
8611  iasub->prefer = MAX_TIME;
8612  iasub->valid = MAX_TIME;
8613  iasub->static_lease = 1;
8614 
8615  if (!binding_scope_allocate(&scope, MDL)) {
8616  log_fatal("Out of memory for binding scope.");
8617  }
8618 
8619  binding_scope_reference(&iasub->scope, scope, MDL);
8620 
8621  ddns_updates(reply->packet, NULL, NULL, iasub, NULL, reply->opt_state);
8622 }
8623 #endif /* NSUPDATE */
8624 
8625 #endif /* DHCPv6 */
#define FTS_ABANDONED
Definition: dhcpd.h:540
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define IASUBOPT_PD_VALID_OFFSET
Definition: dhcp6.h:293
#define DHCP_FIXED_NON_UDP
Definition: dhcp.h:36
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1623
struct ipv6_pond * next
Definition: dhcpd.h:1730
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:930
unsigned char peer_address[16]
Definition: dhcp6.h:243
const char int line
Definition: dhcpd.h:3781
#define D6O_IAADDR
Definition: dhcp6.h:34
struct binding_scope * global_scope
Definition: tree.c:38
#define STATUS_NoBinding
Definition: dhcp6.h:127
#define DHCPV6_RELEASE
Definition: dhcp6.h:147
struct subnet * subnets
Definition: dhcpd.h:1050
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1414
Definition: dhcpd.h:559
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:311
unsigned len
Definition: tree.h:79
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:623
isc_uint64_t num_active
Definition: dhcpd.h:1743
struct shared_network * shared_network
Definition: dhcpd.h:1368
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:579
u_int8_t hlen
Definition: dhcpd.h:492
struct dhcp_ddns_cb * ddns_cb
Definition: dhcpd.h:649
Definition: dhcpd.h:1664
#define D6O_STATUS_CODE
Definition: dhcp6.h:42
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:414
char name[IFNAMSIZ]
Definition: dhcpd.h:1392
isc_boolean_t server_duid_isset(void)
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:244
int units
Definition: dhcpd.h:1703
int prefix_length_mode
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:403
struct lease_state * state
Definition: dhcpd.h:627
#define PLM_EXACT
Definition: dhcpd.h:875
unsigned char msg_type
Definition: dhcp6.h:228
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:56
Definition: dhcpd.h:1060
struct universe server_universe
Definition: stables.c:176
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
#define HTYPE_RESERVED
Definition: dhcp.h:83
#define MDL
Definition: omapip.h:567
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1552
#define D6O_PREFERENCE
Definition: dhcp6.h:36
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:637
unsigned char iabuf[16]
Definition: inet.h:33
#define IASUBOPT_PD_LEN
Definition: dhcp6.h:296
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2621
#define IA_PD_OFFSET
Definition: dhcp6.h:175
u_int8_t hlen
Definition: dhcp.h:50
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:126
const char * dhcpv6_type_names[]
Definition: tables.c:660
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:146
#define DHCPV6_REQUEST
Definition: dhcp6.h:142
int last_ipv6_pool
Definition: dhcpd.h:1740
unsigned char msg_type
Definition: dhcp6.h:252
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:149
#define IAADDR_OFFSET
Definition: dhcp6.h:178
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:762
struct group * group
Definition: dhcpd.h:1054
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:43
#define PLM_PREFER
Definition: dhcpd.h:874
struct universe dhcp_universe
int dhcpv4_over_dhcpv6
Definition: discover.c:48
#define D6O_SERVERID
Definition: dhcp6.h:31
#define STATUS_NotOnLink
Definition: dhcp6.h:128
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1339
struct option_cache * next
Definition: dhcpd.h:387
void bootp(struct packet *packet)
Definition: dhclient.c:2101
struct shared_network * shared_network
Definition: dhcpd.h:1732
#define D6O_INTERFACE_ID
Definition: dhcp6.h:47
struct option_cache * fixed_addr
Definition: dhcpd.h:971
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:240
#define DUID_LL
Definition: dhcp6.h:169
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2868
u_int32_t valid
Definition: dhcpd.h:1638
#define IASUBOPT_NA_PREF_OFFSET
Definition: dhcp6.h:287
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1670
#define FTS_EXPIRED
Definition: dhcpd.h:538
struct on_star on_star
Definition: dhcpd.h:1660
int known
Definition: dhcpd.h:457
struct binding_scope * scope
Definition: dhcpd.h:1634
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1714
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:150
#define STATUS_Success
Definition: dhcp6.h:124
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:173
#define DHCPV6_DHCPV4_QUERY
Definition: dhcp6.h:159
#define D6O_DHCPV4_MSG
Definition: dhcp6.h:116
unsigned char flags[3]
Definition: dhcp6.h:253
int logged
Definition: dhcpd.h:1745
#define D6O_RELAY_SOURCE_PORT
Definition: dhcp6.h:119
#define D6O_CLIENTID
Definition: dhcp6.h:30
struct permit * prohibit_list
Definition: dhcpd.h:1735
Definition: dhcpd.h:552
struct option_state * options
Definition: dhcpd.h:449
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:417
unsigned char link_address[16]
Definition: dhcp6.h:242
#define INFINITE_TIME
Definition: dhcpd.h:1613
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:411
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1524
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:152
int client_port
Definition: dhcpd.h:431
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:153
#define D6O_IA_TA
Definition: dhcp6.h:33
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:117
#define PLM_MINIMUM
Definition: dhcpd.h:876
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:802
#define D6O_UNICAST
Definition: dhcp6.h:41
struct dhcp_packet * raw
Definition: dhcpd.h:406
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1774
#define IASUBOPT_NA_ADDR_OFFSET
Definition: dhcp6.h:286
int find_hosts6(struct host_decl **host, struct packet *packet, const struct data_string *client_id, char *file, int line)
Definition: mdb6.c:3013
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:34
#define SV_DDNS_UPDATES
Definition: dhcpd.h:739
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1536
#define D6O_IAPREFIX
Definition: dhcp6.h:55
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:563
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:183
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1799
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:2163
#define IASUBOPT_PD_PREF_OFFSET
Definition: dhcp6.h:292
#define DUID_TIME_EPOCH
Definition: dhcp6.h:275
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:846
time_t hard_lifetime_end_time
Definition: dhcpd.h:1635
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2699
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:130
#define DHCPV6_DHCPV4_RESPONSE
Definition: dhcp6.h:160
unsigned char chaddr[16]
Definition: dhcp.h:59
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1053
Definition: dhcpd.h:1014
#define DHCPV6_RENEW
Definition: dhcp6.h:144
int options_valid
Definition: dhcpd.h:430
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1640
struct iaddr net
Definition: dhcpd.h:1067
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:679
struct interface_info * interface
Definition: dhcpd.h:433
#define PLM_IGNORE
Definition: dhcpd.h:873
int binding_scope_allocate(struct binding_scope **ptr, const char *file, int line)
Definition: alloc.c:1194
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
#define PLM_MAXIMUM
Definition: dhcpd.h:877
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:145
#define DEFAULT_CACHE_THRESHOLD
Definition: dhcpd.h:843
u_int16_t local_port
Definition: dhclient.c:94
Definition: dhcpd.h:405
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:847
u_int8_t plen
Definition: dhcpd.h:1632
#define cur_time
Definition: dhcpd.h:2109
Definition: ip.h:47
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:151
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2507
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:72
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1032
u_int32_t prefer
Definition: dhcpd.h:1637
struct host_decl * n_ipaddr
Definition: dhcpd.h:961
#define SV_DHCPV6_SET_TEE_TIMES
Definition: dhcpd.h:806
int jumbo_range
Definition: dhcpd.h:1747
struct hardware hw_address
Definition: dhcpd.h:1370
int packet_type
Definition: dhcpd.h:409
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2465
#define IA_TA_OFFSET
Definition: dhcp6.h:174
#define IASUBOPT_NA_VALID_OFFSET
Definition: dhcp6.h:288
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2623
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:5051
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1668
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1739
binding_state_t state
Definition: dhcpd.h:1633
int packet6_len_okay(const char *packet, int len)
Definition: options.c:4099
const char * pin6_addr(const struct in6_addr *)
int parse_options(struct packet *packet)
Definition: options.c:47
struct interface_info * interfaces
Definition: discover.c:42
unsigned char dhcp4o6_flags[3]
Definition: dhcpd.h:425
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:1064
isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type, const struct in6_addr *addr)
Definition: mdb6.c:2289
int validate_packet(struct packet *packet)
Definition: options.c:4445
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:166
struct group * group
Definition: dhcpd.h:1070
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2271
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:154
TIME cltt
Definition: dhcpd.h:639
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:181
#define IASUBOPT_PD_PREFIX_OFFSET
Definition: dhcp6.h:295
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1698
#define DHCP4O6_QUERY_UNICAST
Definition: dhcp6.h:256
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:1043
int local_family
Definition: discover.c:56
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2531
#define FIND_POND6_PERCENT(count, percent)
Definition: dhcpd.h:3902
u_int32_t getUChar(const unsigned char *)
struct data_string * dhcp4o6_response
Definition: dhcpd.h:428
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:972
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:911
ia_hash_t * ia_pd_active
Definition: dhcpd.h:947
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1064
struct timeval cur_tv
Definition: dispatch.c:35
#define IAID_LEN
Definition: dhcp6.h:283
const int dhcpv6_type_name_max
Definition: tables.c:684
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:303
int binding_scope_reference(struct binding_scope **ptr, struct binding_scope *bp, const char *file, int line)
Definition: alloc.c:1227
unsigned char hop_count
Definition: dhcp6.h:241
isc_uint64_t low_threshold
Definition: dhcpd.h:1746
struct interface_info * next
Definition: dhcpd.h:1367
struct universe dhcpv6_universe
Definition: tables.c:343
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1981
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2733
#define D6O_IA_NA
Definition: dhcp6.h:32
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2622
int do_release_on_roam
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1081
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1015
const char int
Definition: omapip.h:442
struct iaddr netmask
Definition: dhcpd.h:1068
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:261
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:141
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:801
isc_uint64_t num_abandoned
Definition: dhcpd.h:1744
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:339
#define D6O_ORO
Definition: dhcp6.h:35
struct subnet * next_sibling
Definition: dhcpd.h:1063
isc_boolean_t unicast
Definition: dhcpd.h:470
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:439
unsigned char data[1]
Definition: tree.h:62
unsigned char transaction_id[3]
Definition: dhcp6.h:229
#define SV_CACHE_THRESHOLD
Definition: dhcpd.h:796
time_t soft_lifetime_end_time
Definition: dhcpd.h:1636
struct iaddr lo_addr
Definition: inet.h:71
#define IASUBOPT_NA_LEN
Definition: dhcp6.h:289
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:710
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:493
#define MAX_TIME
Definition: dhcpd.h:1614
#define DHCPV6_CONFIRM
Definition: dhcp6.h:143
struct iaddr client_addr
Definition: dhcpd.h:432
struct data_string data
Definition: dhcpd.h:390
ipv6_pond structure
Definition: dhcpd.h:1728
isc_boolean_t relay_source_port
Definition: dhcpd.h:477
isc_uint64_t num_total
Definition: dhcpd.h:1742
#define D6O_IA_PD
Definition: dhcp6.h:54
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:234
#define DUID_LLT
Definition: dhcp6.h:167
void dhcp(struct packet *packet)
Definition: dhclient.c:2134
struct iasubopt ** iasubopt
Definition: dhcpd.h:1671
int write_ia(const struct ia_xx *)
Definition: db.c:518
struct ia_xx * ia
Definition: dhcpd.h:1639
u_int16_t remote_port
Definition: dhclient.c:95
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:149
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:419
int static_lease
Definition: dhcpd.h:1661
const char * file
Definition: dhcpd.h:3781
char * name
Definition: dhcpd.h:1045
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1892
struct shared_network * shared_network
Definition: dhcpd.h:1711
struct in6_addr addr
Definition: dhcpd.h:1631
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:377
struct executable_statement * on_commit
Definition: dhcpd.h:554
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:765
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:254
const unsigned char * data
Definition: tree.h:78
#define DHO_DHCP_MESSAGE_TYPE
Definition: dhcp.h:144
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2320
isc_result_t generate_new_server_duid(void)
struct binding_scope * scope
Definition: dhcpd.h:574
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1323
unsigned packet_length
Definition: dhcpd.h:408
#define D6O_RELAY_MSG
Definition: dhcp6.h:38
struct permit * permit_list
Definition: dhcpd.h:1734
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:49
u_int16_t pool_type
Definition: dhcpd.h:1700
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:150
#define SV_UPDATE_STATIC_LEASES
Definition: dhcpd.h:752
#define DHCPV6_DECLINE
Definition: dhcp6.h:148
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:418
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:230
void classify_client(struct packet *)
Definition: class.c:55
struct group * group
Definition: dhcpd.h:1731
#define DHCPV6_SOLICIT
Definition: dhcp6.h:140
struct buffer * buffer
Definition: tree.h:77
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:766
unsigned char options[DHCP_MAX_OPTION_LEN]
Definition: dhcp.h:62
#define STATUS_UseMulticast
Definition: dhcp6.h:129
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:422
#define FTS_ACTIVE
Definition: dhcpd.h:537
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:234
#define IASUBOPT_PD_PREFLEN_OFFSET
Definition: dhcp6.h:294