ISC DHCP  4.3.4
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2016 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 
21 #ifdef DHCPv6
22 
23 #ifdef DHCP4o6
24 static void forw_dhcpv4_query(struct packet *packet);
25 static void send_dhcpv4_response(struct data_string *raw);
26 
27 static void recv_dhcpv4_query(struct data_string *raw);
28 static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29  struct packet *packet);
30 #endif
31 
32 /*
33  * We use print_hex_1() to output DUID values. We could actually output
34  * the DUID with more information... MAC address if using type 1 or 3,
35  * and so on. However, RFC 3315 contains Grave Warnings against actually
36  * attempting to understand a DUID.
37  */
38 
39 /*
40  * TODO: gettext() or other method of localization for the messages
41  * for status codes (and probably for log formats eventually)
42  * TODO: refactoring (simplify, simplify, simplify)
43  * TODO: support multiple shared_networks on each interface (this
44  * will allow the server to issue multiple IPv6 addresses to
45  * a single interface)
46  */
47 
48 /*
49  * DHCPv6 Reply workflow assist. A Reply packet is built by various
50  * different functions; this gives us one location where we keep state
51  * regarding a reply.
52  */
53 struct reply_state {
54  /* root level persistent state */
55  struct shared_network *shared;
56  struct host_decl *host;
57  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
58  struct option_state *opt_state;
59  struct packet *packet;
60  struct data_string client_id;
61 
62  /* IA level persistent state */
63  unsigned ia_count;
64  unsigned pd_count;
65  unsigned client_resources;
66  isc_boolean_t resources_included;
67  isc_boolean_t static_lease;
68  unsigned static_prefixes;
69  struct ia_xx *ia;
70  struct ia_xx *old_ia;
71  struct option_state *reply_ia;
72  struct data_string fixed;
73  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
74 
75  /* IAADDR/PREFIX level persistent state */
76  struct iasubopt *lease;
77 
78  /*
79  * "t1", "t2", preferred, and valid lifetimes records for calculating
80  * t1 and t2 (min/max).
81  */
82  u_int32_t renew, rebind, min_prefer, min_valid;
83 
84  /* Client-requested valid and preferred lifetimes. */
85  u_int32_t client_valid, client_prefer;
86 
87  /* Chosen values to transmit for valid and preferred lifetimes. */
88  u_int32_t send_valid, send_prefer;
89 
90  /* Preferred prefix length (-1 is any). */
91  int preflen;
92 
93  /* Index into the data field that has been consumed. */
94  unsigned cursor;
95 
96  /* Space for the on commit statements for a fixed host */
97  struct on_star on_star;
98 
99  union reply_buffer {
100  unsigned char data[65536];
101  struct dhcpv6_packet reply;
102  } buf;
103 };
104 
105 /*
106  * Prototypes local to this file.
107  */
108 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
109  struct data_string *enc_opt_data,
110  struct packet *packet,
111  struct option_cache *oc,
112  int offset);
113 static void build_dhcpv6_reply(struct data_string *, struct packet *);
114 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
115  struct packet *packet);
116 static void seek_shared_host(struct host_decl **hp,
117  struct shared_network *shared);
118 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
119  struct shared_network *shared);
120 static isc_result_t reply_process_ia_na(struct reply_state *reply,
121  struct option_cache *ia);
122 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
123  struct option_cache *ia);
124 static isc_result_t reply_process_addr(struct reply_state *reply,
125  struct option_cache *addr);
126 static isc_boolean_t address_is_owned(struct reply_state *reply,
127  struct iaddr *addr);
128 static isc_boolean_t temporary_is_available(struct reply_state *reply,
129  struct iaddr *addr);
130 static isc_result_t find_client_temporaries(struct reply_state *reply);
131 static isc_result_t reply_process_try_addr(struct reply_state *reply,
132  struct iaddr *addr);
133 static isc_result_t find_client_address(struct reply_state *reply);
134 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
135  struct binding_scope **scope,
136  struct group *group);
137 static isc_result_t reply_process_send_addr(struct reply_state *reply,
138  struct iaddr *addr);
139 static struct iasubopt *lease_compare(struct iasubopt *alpha,
140  struct iasubopt *beta);
141 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
142  struct option_cache *ia_pd);
143 static struct group *find_group_by_prefix(struct reply_state *reply);
144 static isc_result_t reply_process_prefix(struct reply_state *reply,
145  struct option_cache *pref);
146 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
147  struct iaddrcidrnet *pref);
148 static isc_result_t find_client_prefix(struct reply_state *reply);
149 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
150  struct iaddrcidrnet *pref);
151 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
152  struct binding_scope **scope,
153  struct group *group);
154 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
155  struct iaddrcidrnet *pref);
156 static struct iasubopt *prefix_compare(struct reply_state *reply,
157  struct iasubopt *alpha,
158  struct iasubopt *beta);
159 static void schedule_lease_timeout_reply(struct reply_state *reply);
160 
161 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
162 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
163  int prefix_mode);
164 
165 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
166  const struct data_string *client_id,
167  const struct data_string *server_id);
168 
169 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
170 static isc_result_t shared_network_from_requested_addr (struct shared_network
171  **shared,
172  struct packet* packet);
173 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
174  struct iaddr* iaddr);
175 
176 static void
177 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
178 
179 #ifdef DHCP4o6
180 /*
181  * \brief Omapi I/O handler
182  *
183  * The inter-process communication receive handler.
184  * Get the message, put it into the raw data_string
185  * and call \ref send_dhcpv4_response() (DHCPv6 side) or
186  * \ref recv_dhcpv4_query() (DHCPv4 side)
187  *
188  * \param h the OMAPI object
189  * \return a result for I/O success or error (used by the I/O subsystem)
190  */
191 isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
192  char buf[65536];
193  struct data_string raw;
194  int cc;
195 
196  if (h->type != dhcp4o6_type)
197  return DHCP_R_INVALIDARG;
198 
199  cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
200 
201  if (cc < DHCP_FIXED_NON_UDP + 32)
202  return ISC_R_UNEXPECTED;
203  memset(&raw, 0, sizeof(raw));
204  if (!buffer_allocate(&raw.buffer, cc, MDL)) {
205  log_error("dhcpv4o6_handler: no memory buffer.");
206  return ISC_R_NOMEMORY;
207  }
208  raw.data = raw.buffer->data;
209  raw.len = cc;
210  memcpy(raw.buffer->data, buf, cc);
211 
212  if (local_family == AF_INET6) {
213  send_dhcpv4_response(&raw);
214  } else {
215  recv_dhcpv4_query(&raw);
216  }
217 
218  data_string_forget(&raw, MDL);
219 
220  return ISC_R_SUCCESS;
221 }
222 
223 /*
224  * \brief Send the DHCPv4-response back to the DHCPv6 side
225  * (DHCPv6 server function)
226  *
227  * Format: interface:16 + address:16 + DHCPv6 DHCPv4-response message
228  *
229  * \param raw the IPC message content
230  */
231 static void send_dhcpv4_response(struct data_string *raw) {
232  struct interface_info *ip;
233  char name[16 + 1];
234  struct sockaddr_in6 to_addr;
235  char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
236  int send_ret;
237 
238  memset(name, 0, sizeof(name));
239  memcpy(name, raw->data, 16);
240  for (ip = interfaces; ip != NULL; ip = ip->next) {
241  if (!strcmp(name, ip->name))
242  break;
243  }
244  if (ip == NULL) {
245  log_error("send_dhcpv4_response: can't find interface %s.",
246  name);
247  return;
248  }
249 
250  memset(&to_addr, 0, sizeof(to_addr));
251  to_addr.sin6_family = AF_INET6;
252  memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
253  if ((raw->data[32] == DHCPV6_RELAY_FORW) ||
254  (raw->data[32] == DHCPV6_RELAY_REPL)) {
255  to_addr.sin6_port = local_port;
256  } else {
257  to_addr.sin6_port = remote_port;
258  }
259 
260  log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
261  dhcpv6_type_names[raw->data[32]],
262  name,
263  inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
264  ntohs(to_addr.sin6_port));
265 
266  send_ret = send_packet6(ip, raw->data + 32, raw->len - 32, &to_addr);
267  if (send_ret < 0) {
268  log_error("send_dhcpv4_response: send_packet6(): %m");
269  } else if (send_ret != raw->len - 32) {
270  log_error("send_dhcpv4_response: send_packet6() "
271  "sent %d of %d bytes",
272  send_ret, raw->len - 32);
273  }
274 }
275 #endif /* DHCP4o6 */
276 
277 /*
278  * Schedule lease timeouts for all of the iasubopts in the reply.
279  * This is currently used to schedule timeouts for soft leases.
280  */
281 
282 static void
283 schedule_lease_timeout_reply(struct reply_state *reply) {
284  struct iasubopt *tmp;
285  int i;
286 
287  /* sanity check the reply */
288  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
289  return;
290 
291  /* walk through the list, scheduling as we go */
292  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
293  tmp = reply->ia->iasubopt[i];
295  }
296 }
297 
298 /*
299  * This function returns the time since DUID time start for the
300  * given time_t value.
301  */
302 static u_int32_t
303 duid_time(time_t when) {
304  /*
305  * This time is modulo 2^32.
306  */
307  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
308  /* use 2^31 to avoid spurious compiler warnings */
309  when -= 2147483648u;
310  when -= 2147483648u;
311  }
312 
313  return when - DUID_TIME_EPOCH;
314 }
315 
316 
317 /*
318  * Server DUID.
319  *
320  * This must remain the same for the lifetime of this server, because
321  * clients return the server DUID that we sent them in Request packets.
322  *
323  * We pick the server DUID like this:
324  *
325  * 1. Check dhcpd.conf - any value the administrator has configured
326  * overrides any possible values.
327  * 2. Check the leases.txt - we want to use the previous value if
328  * possible.
329  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
330  * and generate that type.
331  * 4. Generate a type 1 (time + hardware address) DUID.
332  */
333 static struct data_string server_duid;
334 
335 /*
336  * Check if the server_duid has been set.
337  */
338 isc_boolean_t
339 server_duid_isset(void) {
340  return (server_duid.data != NULL);
341 }
342 
343 /*
344  * Return the server_duid.
345  */
346 void
347 copy_server_duid(struct data_string *ds, const char *file, int line) {
348  data_string_copy(ds, &server_duid, file, line);
349 }
350 
351 /*
352  * Set the server DUID to a specified value. This is used when
353  * the server DUID is stored in persistent memory (basically the
354  * leases.txt file).
355  */
356 void
357 set_server_duid(struct data_string *new_duid) {
358  /* INSIST(new_duid != NULL); */
359  /* INSIST(new_duid->data != NULL); */
360 
361  if (server_duid_isset()) {
362  data_string_forget(&server_duid, MDL);
363  }
364  data_string_copy(&server_duid, new_duid, MDL);
365 }
366 
367 
368 /*
369  * Set the server DUID based on the D6O_SERVERID option. This handles
370  * the case where the administrator explicitly put it in the dhcpd.conf
371  * file.
372  */
373 isc_result_t
375  struct option_state *opt_state;
376  struct option_cache *oc;
377  struct data_string option_duid;
378  isc_result_t ret_val;
379 
380  opt_state = NULL;
381  if (!option_state_allocate(&opt_state, MDL)) {
382  log_fatal("No memory for server DUID.");
383  }
384 
385  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
386  opt_state, &global_scope, root_group,
387  NULL, NULL);
388 
389  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
390  if (oc == NULL) {
391  ret_val = ISC_R_NOTFOUND;
392  } else {
393  memset(&option_duid, 0, sizeof(option_duid));
394  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
395  opt_state, NULL, &global_scope,
396  oc, MDL)) {
397  ret_val = ISC_R_UNEXPECTED;
398  } else {
399  set_server_duid(&option_duid);
400  data_string_forget(&option_duid, MDL);
401  ret_val = ISC_R_SUCCESS;
402  }
403  }
404 
405  option_state_dereference(&opt_state, MDL);
406 
407  return ret_val;
408 }
409 
410 /*
411  * DUID layout, as defined in RFC 3315, section 9.
412  *
413  * We support type 1 (hardware address plus time) and type 3 (hardware
414  * address).
415  *
416  * We can support type 2 for specific vendors in the future, if they
417  * publish the specification. And of course there may be additional
418  * types later.
419  */
420 static int server_duid_type = DUID_LLT;
421 
422 /*
423  * Set the DUID type.
424  */
425 void
426 set_server_duid_type(int type) {
427  server_duid_type = type;
428 }
429 
430 /*
431  * Generate a new server DUID. This is done if there was no DUID in
432  * the leases.txt or in the dhcpd.conf file.
433  */
434 isc_result_t
436  struct interface_info *p;
437  u_int32_t time_val;
438  struct data_string generated_duid;
439 
440  /*
441  * Verify we have a type that we support.
442  */
443  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
444  log_error("Invalid DUID type %d specified, "
445  "only LL and LLT types supported", server_duid_type);
446  return DHCP_R_INVALIDARG;
447  }
448 
449  /*
450  * Find an interface with a hardware address.
451  * Any will do. :)
452  */
453  for (p = interfaces; p != NULL; p = p->next) {
454  if (p->hw_address.hlen > 0) {
455  break;
456  }
457  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
458  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
459  }
460  }
461  if (p == NULL) {
462  return ISC_R_UNEXPECTED;
463  }
464 
465  /*
466  * Build our DUID.
467  */
468  memset(&generated_duid, 0, sizeof(generated_duid));
469  if (server_duid_type == DUID_LLT) {
470  time_val = duid_time(time(NULL));
471  generated_duid.len = 8 + p->hw_address.hlen - 1;
472  if (!buffer_allocate(&generated_duid.buffer,
473  generated_duid.len, MDL)) {
474  log_fatal("No memory for server DUID.");
475  }
476  generated_duid.data = generated_duid.buffer->data;
477  putUShort(generated_duid.buffer->data, DUID_LLT);
478  putUShort(generated_duid.buffer->data + 2,
479  p->hw_address.hbuf[0]);
480  putULong(generated_duid.buffer->data + 4, time_val);
481  memcpy(generated_duid.buffer->data + 8,
482  p->hw_address.hbuf+1, p->hw_address.hlen-1);
483  } else if (server_duid_type == DUID_LL) {
484  generated_duid.len = 4 + p->hw_address.hlen - 1;
485  if (!buffer_allocate(&generated_duid.buffer,
486  generated_duid.len, MDL)) {
487  log_fatal("No memory for server DUID.");
488  }
489  generated_duid.data = generated_duid.buffer->data;
490  putUShort(generated_duid.buffer->data, DUID_LL);
491  putUShort(generated_duid.buffer->data + 2,
492  p->hw_address.hbuf[0]);
493  memcpy(generated_duid.buffer->data + 4,
494  p->hw_address.hbuf+1, p->hw_address.hlen-1);
495  } else {
496  log_fatal("Unsupported server DUID type %d.", server_duid_type);
497  }
498 
499  set_server_duid(&generated_duid);
500  data_string_forget(&generated_duid, MDL);
501 
502  return ISC_R_SUCCESS;
503 }
504 
505 /*
506  * Get the client identifier from the packet.
507  */
508 isc_result_t
509 get_client_id(struct packet *packet, struct data_string *client_id) {
510  struct option_cache *oc;
511 
512  /*
513  * Verify our client_id structure is empty.
514  */
515  if ((client_id->data != NULL) || (client_id->len != 0)) {
516  return DHCP_R_INVALIDARG;
517  }
518 
520  if (oc == NULL) {
521  return ISC_R_NOTFOUND;
522  }
523 
524  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
525  packet->options, NULL,
526  &global_scope, oc, MDL)) {
527  return ISC_R_FAILURE;
528  }
529 
530  return ISC_R_SUCCESS;
531 }
532 
533 /*
534  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
535  *
536  * Servers MUST discard any Solicit messages that do not include a
537  * Client Identifier option or that do include a Server Identifier
538  * option.
539  */
540 int
541 valid_client_msg(struct packet *packet, struct data_string *client_id) {
542  int ret_val;
543  struct option_cache *oc;
544  struct data_string data;
545 
546  ret_val = 0;
547  memset(client_id, 0, sizeof(*client_id));
548  memset(&data, 0, sizeof(data));
549 
550  switch (get_client_id(packet, client_id)) {
551  case ISC_R_SUCCESS:
552  break;
553  case ISC_R_NOTFOUND:
554  log_debug("Discarding %s from %s; "
555  "client identifier missing",
557  piaddr(packet->client_addr));
558  goto exit;
559  default:
560  log_error("Error processing %s from %s; "
561  "unable to evaluate Client Identifier",
563  piaddr(packet->client_addr));
564  goto exit;
565  }
566 
567  /*
568  * Required by RFC 3315, section 15.
569  */
570  if (packet->unicast) {
571  log_debug("Discarding %s from %s; packet sent unicast "
572  "(CLIENTID %s)",
574  piaddr(packet->client_addr),
575  print_hex_1(client_id->len, client_id->data, 60));
576  goto exit;
577  }
578 
579 
581  if (oc != NULL) {
582  if (evaluate_option_cache(&data, packet, NULL, NULL,
583  packet->options, NULL,
584  &global_scope, oc, MDL)) {
585  log_debug("Discarding %s from %s; "
586  "server identifier found "
587  "(CLIENTID %s, SERVERID %s)",
589  piaddr(packet->client_addr),
590  print_hex_1(client_id->len,
591  client_id->data, 60),
592  print_hex_2(data.len,
593  data.data, 60));
594  } else {
595  log_debug("Discarding %s from %s; "
596  "server identifier found "
597  "(CLIENTID %s)",
599  print_hex_1(client_id->len,
600  client_id->data, 60),
601  piaddr(packet->client_addr));
602  }
603  goto exit;
604  }
605 
606  /* looks good */
607  ret_val = 1;
608 
609 exit:
610  if (data.len > 0) {
612  }
613  if (!ret_val) {
614  if (client_id->len > 0) {
615  data_string_forget(client_id, MDL);
616  }
617  }
618  return ret_val;
619 }
620 
621 /*
622  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
623  * 15.9 (slightly different wording, but same meaning):
624  *
625  * Servers MUST discard any received Request message that meet any of
626  * the following conditions:
627  *
628  * - the message does not include a Server Identifier option.
629  * - the contents of the Server Identifier option do not match the
630  * server's DUID.
631  * - the message does not include a Client Identifier option.
632  */
633 int
634 valid_client_resp(struct packet *packet,
635  struct data_string *client_id,
636  struct data_string *server_id)
637 {
638  int ret_val;
639  struct option_cache *oc;
640 
641  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
642 
643  ret_val = 0;
644  memset(client_id, 0, sizeof(*client_id));
645  memset(server_id, 0, sizeof(*server_id));
646 
647  switch (get_client_id(packet, client_id)) {
648  case ISC_R_SUCCESS:
649  break;
650  case ISC_R_NOTFOUND:
651  log_debug("Discarding %s from %s; "
652  "client identifier missing",
654  piaddr(packet->client_addr));
655  goto exit;
656  default:
657  log_error("Error processing %s from %s; "
658  "unable to evaluate Client Identifier",
660  piaddr(packet->client_addr));
661  goto exit;
662  }
663 
665  if (oc == NULL) {
666  log_debug("Discarding %s from %s: "
667  "server identifier missing (CLIENTID %s)",
669  piaddr(packet->client_addr),
670  print_hex_1(client_id->len, client_id->data, 60));
671  goto exit;
672  }
673  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
674  packet->options, NULL,
675  &global_scope, oc, MDL)) {
676  log_error("Error processing %s from %s; "
677  "unable to evaluate Server Identifier (CLIENTID %s)",
679  piaddr(packet->client_addr),
680  print_hex_1(client_id->len, client_id->data, 60));
681  goto exit;
682  }
683  if ((server_duid.len != server_id->len) ||
684  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
685  log_debug("Discarding %s from %s; "
686  "not our server identifier "
687  "(CLIENTID %s, SERVERID %s, server DUID %s)",
689  piaddr(packet->client_addr),
690  print_hex_1(client_id->len, client_id->data, 60),
691  print_hex_2(server_id->len, server_id->data, 60),
692  print_hex_3(server_duid.len, server_duid.data, 60));
693  goto exit;
694  }
695 
696  /* looks good */
697  ret_val = 1;
698 
699 exit:
700  if (!ret_val) {
701  if (server_id->len > 0) {
702  data_string_forget(server_id, MDL);
703  }
704  if (client_id->len > 0) {
705  data_string_forget(client_id, MDL);
706  }
707  }
708  return ret_val;
709 }
710 
711 /*
712  * Information request validation, defined in RFC 3315, section 15.12:
713  *
714  * Servers MUST discard any received Information-request message that
715  * meets any of the following conditions:
716  *
717  * - The message includes a Server Identifier option and the DUID in
718  * the option does not match the server's DUID.
719  *
720  * - The message includes an IA option.
721  */
722 int
723 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
724  int ret_val;
725  struct option_cache *oc;
726  struct data_string client_id;
727  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
728  plus a few more for extra information */
729 
730  ret_val = 0;
731  memset(server_id, 0, sizeof(*server_id));
732  memset(&client_id, 0, sizeof(client_id));
733 
734  /*
735  * Make a string that we can print out to give more
736  * information about the client if we need to.
737  *
738  * By RFC 3315, Section 18.1.5 clients SHOULD have a
739  * client-id on an Information-request packet, but it
740  * is not strictly necessary.
741  */
742  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
743  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
744  print_hex_1(client_id.len, client_id.data, 60));
745  data_string_forget(&client_id, MDL);
746  } else {
747  client_id_str[0] = '\0';
748  }
749 
750  /*
751  * Required by RFC 3315, section 15.
752  */
753  if (packet->unicast) {
754  log_debug("Discarding %s from %s; packet sent unicast%s",
756  piaddr(packet->client_addr), client_id_str);
757  goto exit;
758  }
759 
761  if (oc != NULL) {
762  log_debug("Discarding %s from %s; "
763  "IA_NA option present%s",
765  piaddr(packet->client_addr), client_id_str);
766  goto exit;
767  }
769  if (oc != NULL) {
770  log_debug("Discarding %s from %s; "
771  "IA_TA option present%s",
773  piaddr(packet->client_addr), client_id_str);
774  goto exit;
775  }
777  if (oc != NULL) {
778  log_debug("Discarding %s from %s; "
779  "IA_PD option present%s",
781  piaddr(packet->client_addr), client_id_str);
782  goto exit;
783  }
784 
786  if (oc != NULL) {
787  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
788  packet->options, NULL,
789  &global_scope, oc, MDL)) {
790  log_error("Error processing %s from %s; "
791  "unable to evaluate Server Identifier%s",
793  piaddr(packet->client_addr), client_id_str);
794  goto exit;
795  }
796  if ((server_duid.len != server_id->len) ||
797  (memcmp(server_duid.data, server_id->data,
798  server_duid.len) != 0)) {
799  log_debug("Discarding %s from %s; "
800  "not our server identifier "
801  "(SERVERID %s, server DUID %s)%s",
803  piaddr(packet->client_addr),
804  print_hex_1(server_id->len,
805  server_id->data, 60),
806  print_hex_2(server_duid.len,
807  server_duid.data, 60),
808  client_id_str);
809  goto exit;
810  }
811  }
812 
813  /* looks good */
814  ret_val = 1;
815 
816 exit:
817  if (!ret_val) {
818  if (server_id->len > 0) {
819  data_string_forget(server_id, MDL);
820  }
821  }
822  return ret_val;
823 }
824 
825 /*
826  * Options that we want to send, in addition to what was requested
827  * via the ORO.
828  */
829 static const int required_opts[] = {
830  D6O_CLIENTID,
831  D6O_SERVERID,
834  0
835 };
836 static const int required_opts_solicit[] = {
837  D6O_CLIENTID,
838  D6O_SERVERID,
839  D6O_IA_NA,
840  D6O_IA_TA,
841  D6O_IA_PD,
846  0
847 };
848 static const int required_opts_agent[] = {
851  0
852 };
853 static const int required_opts_IA[] = {
854  D6O_IAADDR,
856  0
857 };
858 static const int required_opts_IA_PD[] = {
859  D6O_IAPREFIX,
861  0
862 };
863 static const int required_opts_STATUS_CODE[] = {
865  0
866 };
867 #ifdef DHCP4o6
868 static const int required_opts_4o6[] = {
870  0
871 };
872 #endif
873 
874 static const int unicast_reject_opts[] = {
875  D6O_CLIENTID,
876  D6O_SERVERID,
878  0
879 };
880 
881 
882 /*
883  * Extracts from packet contents an IA_* option, storing the IA structure
884  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
885  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
886  * where in the IA_* the DHCPv6 options commence.
887  */
888 static int
889 get_encapsulated_IA_state(struct option_state **enc_opt_state,
890  struct data_string *enc_opt_data,
891  struct packet *packet,
892  struct option_cache *oc,
893  int offset)
894 {
895  /*
896  * Get the raw data for the encapsulated options.
897  */
898  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
899  if (!evaluate_option_cache(enc_opt_data, packet,
900  NULL, NULL, packet->options, NULL,
901  &global_scope, oc, MDL)) {
902  log_error("get_encapsulated_IA_state: "
903  "error evaluating raw option.");
904  return 0;
905  }
906  if (enc_opt_data->len < offset) {
907  log_error("get_encapsulated_IA_state: raw option too small.");
908  data_string_forget(enc_opt_data, MDL);
909  return 0;
910  }
911 
912  /*
913  * Now create the option state structure, and pass it to the
914  * function that parses options.
915  */
916  *enc_opt_state = NULL;
917  if (!option_state_allocate(enc_opt_state, MDL)) {
918  log_error("get_encapsulated_IA_state: no memory for options.");
919  data_string_forget(enc_opt_data, MDL);
920  return 0;
921  }
922  if (!parse_option_buffer(*enc_opt_state,
923  enc_opt_data->data + offset,
924  enc_opt_data->len - offset,
925  &dhcpv6_universe)) {
926  log_error("get_encapsulated_IA_state: error parsing options.");
927  option_state_dereference(enc_opt_state, MDL);
928  data_string_forget(enc_opt_data, MDL);
929  return 0;
930  }
931 
932  return 1;
933 }
934 
935 static int
936 set_status_code(u_int16_t status_code, const char *status_message,
937  struct option_state *opt_state)
938 {
939  struct data_string d;
940  int ret_val;
941 
942  memset(&d, 0, sizeof(d));
943  d.len = sizeof(status_code) + strlen(status_message);
944  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
945  log_fatal("set_status_code: no memory for status code.");
946  }
947  d.data = d.buffer->data;
948  putUShort(d.buffer->data, status_code);
949  memcpy(d.buffer->data + sizeof(status_code),
950  status_message, d.len - sizeof(status_code));
951  if (!save_option_buffer(&dhcpv6_universe, opt_state,
952  d.buffer, (unsigned char *)d.data, d.len,
953  D6O_STATUS_CODE, 0)) {
954  log_error("set_status_code: error saving status code.");
955  ret_val = 0;
956  } else {
957  ret_val = 1;
958  }
959  data_string_forget(&d, MDL);
960  return ret_val;
961 }
962 
963 void check_pool6_threshold(struct reply_state *reply,
964  struct iasubopt *lease)
965 {
966  struct ipv6_pond *pond;
967  isc_uint64_t used, count, high_threshold;
968  int poolhigh = 0, poollow = 0;
969  char *shared_name = "no name";
970  char tmp_addr[INET6_ADDRSTRLEN];
971 
972  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
973  return;
974  pond = lease->ipv6_pool->ipv6_pond;
975 
976  /* If the address range is too large to track, just skip all this. */
977  if (pond->jumbo_range == 1) {
978  return;
979  }
980 
981  count = pond->num_total;
982  used = pond->num_active;
983 
984  /* get network name for logging */
985  if ((pond->shared_network != NULL) &&
986  (pond->shared_network->name != NULL)) {
987  shared_name = pond->shared_network->name;
988  }
989 
990  /* The logged flag indicates if we have already crossed the high
991  * threshold and emitted a log message. If it is set we check to
992  * see if we have re-crossed the low threshold and need to reset
993  * things. When we cross the high threshold we determine what
994  * the low threshold is and save it into the low_threshold value.
995  * When we cross that threshold we reset the logged flag and
996  * the low_threshold to 0 which allows the high threshold message
997  * to be emitted once again.
998  * if we haven't recrossed the boundry we don't need to do anything.
999  */
1000  if (pond->logged !=0) {
1001  if (used <= pond->low_threshold) {
1002  pond->low_threshold = 0;
1003  pond->logged = 0;
1004  log_error("Pool threshold reset - shared subnet: %s; "
1005  "address: %s; low threshold %llu/%llu.",
1006  shared_name,
1007  inet_ntop(AF_INET6, &lease->addr,
1008  tmp_addr, sizeof(tmp_addr)),
1009  used, count);
1010  }
1011  return;
1012  }
1013 
1014  /* find the high threshold */
1015  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1016  NULL, reply->packet->options, reply->opt_state,
1017  reply->opt_state, &lease->scope,
1018  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1019  /* no threshold bail out */
1020  return;
1021  }
1022 
1023  /* We do have a threshold for this pool, see if its valid */
1024  if ((poolhigh <= 0) || (poolhigh > 100)) {
1025  /* not valid */
1026  return;
1027  }
1028 
1029  /* we have a valid value, have we exceeded it */
1030  high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1031  if (used < high_threshold) {
1032  /* nope, no more to do */
1033  return;
1034  }
1035 
1036  /* we've exceeded it, output a message */
1037  log_error("Pool threshold exceeded - shared subnet: %s; "
1038  "address: %s; high threshold %d%% %llu/%llu.",
1039  shared_name,
1040  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1041  poolhigh, used, count);
1042 
1043  /* handle the low threshold now, if we don't
1044  * have one we default to 0. */
1045  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1046  NULL, reply->packet->options, reply->opt_state,
1047  reply->opt_state, &lease->scope,
1048  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1049  (poollow > 100)) {
1050  poollow = 0;
1051  }
1052 
1053  /*
1054  * If the low theshold is higher than the high threshold we continue to log
1055  * If it isn't then we set the flag saying we already logged and determine
1056  * what the reset threshold is.
1057  */
1058  if (poollow < poolhigh) {
1059  pond->logged = 1;
1060  pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1061  }
1062 }
1063 
1064 /*
1065  * We have a set of operations we do to set up the reply packet, which
1066  * is the same for many message types.
1067  */
1068 static int
1069 start_reply(struct packet *packet,
1070  const struct data_string *client_id,
1071  const struct data_string *server_id,
1072  struct option_state **opt_state,
1073  struct dhcpv6_packet *reply)
1074 {
1075  struct option_cache *oc;
1076  const unsigned char *server_id_data;
1077  int server_id_len;
1078 
1079  /*
1080  * Build our option state for reply.
1081  */
1082  *opt_state = NULL;
1083  if (!option_state_allocate(opt_state, MDL)) {
1084  log_error("start_reply: no memory for option_state.");
1085  return 0;
1086  }
1087  execute_statements_in_scope(NULL, packet, NULL, NULL,
1088  packet->options, *opt_state,
1089  &global_scope, root_group, NULL, NULL);
1090 
1091  /*
1092  * A small bit of special handling for Solicit messages.
1093  *
1094  * We could move the logic into a flag, but for now just check
1095  * explicitly.
1096  */
1097  if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
1098  reply->msg_type = DHCPV6_ADVERTISE;
1099 
1100  /*
1101  * If:
1102  * - this message type supports rapid commit (Solicit), and
1103  * - the server is configured to supply a rapid commit, and
1104  * - the client requests a rapid commit,
1105  * Then we add a rapid commit option, and send Reply (instead
1106  * of an Advertise).
1107  */
1109  *opt_state, D6O_RAPID_COMMIT);
1110  if (oc != NULL) {
1112  packet->options, D6O_RAPID_COMMIT);
1113  if (oc != NULL) {
1114  /* Rapid-commit in action. */
1115  reply->msg_type = DHCPV6_REPLY;
1116  } else {
1117  /* Don't want a rapid-commit in advertise. */
1119  *opt_state, D6O_RAPID_COMMIT);
1120  }
1121  }
1122  } else {
1123  reply->msg_type = DHCPV6_REPLY;
1124  /* Delete the rapid-commit from the sent options. */
1126  *opt_state, D6O_RAPID_COMMIT);
1127  if (oc != NULL) {
1129  *opt_state, D6O_RAPID_COMMIT);
1130  }
1131  }
1132 
1133  /*
1134  * Use the client's transaction identifier for the reply.
1135  */
1136  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
1137  sizeof(reply->transaction_id));
1138 
1139  /*
1140  * RFC 3315, section 18.2 says we need server identifier and
1141  * client identifier.
1142  *
1143  * If the server ID is defined via the configuration file, then
1144  * it will already be present in the option state at this point,
1145  * so we don't need to set it.
1146  *
1147  * If we have a server ID passed in from the caller,
1148  * use that, otherwise use the global DUID.
1149  */
1150  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1151  if (oc == NULL) {
1152  if (server_id == NULL) {
1153  server_id_data = server_duid.data;
1154  server_id_len = server_duid.len;
1155  } else {
1156  server_id_data = server_id->data;
1157  server_id_len = server_id->len;
1158  }
1159  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1160  NULL, (unsigned char *)server_id_data,
1161  server_id_len, D6O_SERVERID, 0)) {
1162  log_error("start_reply: "
1163  "error saving server identifier.");
1164  return 0;
1165  }
1166  }
1167 
1168  if (client_id->buffer != NULL) {
1169  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1170  client_id->buffer,
1171  (unsigned char *)client_id->data,
1172  client_id->len,
1173  D6O_CLIENTID, 0)) {
1174  log_error("start_reply: error saving "
1175  "client identifier.");
1176  return 0;
1177  }
1178  }
1179 
1180  /*
1181  * If the client accepts reconfiguration, let it know that we
1182  * will send them.
1183  *
1184  * Note: we don't actually do this yet, but DOCSIS requires we
1185  * claim to.
1186  */
1187  oc = lookup_option(&dhcpv6_universe, packet->options,
1189  if (oc != NULL) {
1190  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1191  NULL, (unsigned char *)"", 0,
1192  D6O_RECONF_ACCEPT, 0)) {
1193  log_error("start_reply: "
1194  "error saving RECONF_ACCEPT option.");
1195  option_state_dereference(opt_state, MDL);
1196  return 0;
1197  }
1198  }
1199 
1200  return 1;
1201 }
1202 
1203 /*
1204  * Try to get the IPv6 address the client asked for from the
1205  * pool.
1206  *
1207  * addr is the result (should be a pointer to NULL on entry)
1208  * pool is the pool to search in
1209  * requested_addr is the address the client wants
1210  */
1211 static isc_result_t
1212 try_client_v6_address(struct iasubopt **addr,
1213  struct ipv6_pool *pool,
1214  const struct data_string *requested_addr)
1215 {
1216  struct in6_addr tmp_addr;
1217  isc_result_t result;
1218 
1219  if (requested_addr->len < sizeof(tmp_addr)) {
1220  return DHCP_R_INVALIDARG;
1221  }
1222  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1223  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1224  return ISC_R_FAILURE;
1225  }
1226 
1227  /*
1228  * The address is not covered by this (or possibly any) dynamic
1229  * range.
1230  */
1231  if (!ipv6_in_pool(&tmp_addr, pool)) {
1232  return ISC_R_ADDRNOTAVAIL;
1233  }
1234 
1235  if (lease6_exists(pool, &tmp_addr)) {
1236  return ISC_R_ADDRINUSE;
1237  }
1238 
1239  result = iasubopt_allocate(addr, MDL);
1240  if (result != ISC_R_SUCCESS) {
1241  return result;
1242  }
1243  (*addr)->addr = tmp_addr;
1244  (*addr)->plen = 0;
1245 
1246  /* Default is soft binding for 2 minutes. */
1247  result = add_lease6(pool, *addr, cur_time + 120);
1248  if (result != ISC_R_SUCCESS) {
1249  iasubopt_dereference(addr, MDL);
1250  }
1251  return result;
1252 }
1253 
1254 
1276 static isc_result_t
1277 pick_v6_address(struct reply_state *reply)
1278 {
1279  struct ipv6_pool *p = NULL;
1280  struct ipv6_pond *pond;
1281  int i;
1282  int start_pool;
1283  unsigned int attempts;
1284  char tmp_buf[INET6_ADDRSTRLEN];
1285  struct iasubopt **addr = &reply->lease;
1286  isc_uint64_t total = 0;
1287  isc_uint64_t active = 0;
1288  isc_uint64_t abandoned = 0;
1289  int jumbo_range = 0;
1290  char *shared_name = (reply->shared->name ?
1291  reply->shared->name : "(no name)");
1292 
1293  /*
1294  * Do a quick walk through of the ponds and pools
1295  * to see if we have any NA address pools
1296  */
1297  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1298  if (pond->ipv6_pools == NULL)
1299  continue;
1300 
1301  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1302  if (p->pool_type == D6O_IA_NA)
1303  break;
1304  }
1305  if (p != NULL)
1306  break;
1307  }
1308 
1309  /* If we get here and p is NULL we have no useful pools */
1310  if (p == NULL) {
1311  log_debug("Unable to pick client address: "
1312  "no IPv6 pools on this shared network");
1313  return ISC_R_NORESOURCES;
1314  }
1315 
1316  /*
1317  * We have at least one pool that could provide an address
1318  * Now we walk through the ponds and pools again and check
1319  * to see if the client is permitted and if an address is
1320  * available
1321  *
1322  * Within a given pond we start looking at the last pool we
1323  * allocated from, unless it had a collision trying to allocate
1324  * an address. This will tend to move us into less-filled pools.
1325  */
1326 
1327  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1328  isc_result_t result = ISC_R_FAILURE;
1329 
1330  if (((pond->prohibit_list != NULL) &&
1331  (permitted(reply->packet, pond->prohibit_list))) ||
1332  ((pond->permit_list != NULL) &&
1333  (!permitted(reply->packet, pond->permit_list))))
1334  continue;
1335 
1336  start_pool = pond->last_ipv6_pool;
1337  i = start_pool;
1338  do {
1339  p = pond->ipv6_pools[i];
1340  if (p->pool_type == D6O_IA_NA) {
1341  result = create_lease6(p, addr, &attempts,
1342  &reply->ia->iaid_duid,
1343  cur_time + 120);
1344  if (result == ISC_R_SUCCESS) {
1345  /*
1346  * Record the pool used (or next one if
1347  * there was a collision).
1348  */
1349  if (attempts > 1) {
1350  i++;
1351  if (pond->ipv6_pools[i]
1352  == NULL) {
1353  i = 0;
1354  }
1355  }
1356 
1357  pond->last_ipv6_pool = i;
1358 
1359  log_debug("Picking pool address %s",
1360  inet_ntop(AF_INET6,
1361  &((*addr)->addr),
1362  tmp_buf, sizeof(tmp_buf)));
1363  return (ISC_R_SUCCESS);
1364  }
1365  }
1366 
1367  i++;
1368  if (pond->ipv6_pools[i] == NULL) {
1369  i = 0;
1370  }
1371  } while (i != start_pool);
1372 
1373  if (result == ISC_R_NORESOURCES) {
1374  jumbo_range += pond->jumbo_range;
1375  total += pond->num_total;
1376  active += pond->num_active;
1377  abandoned += pond->num_abandoned;
1378  }
1379  }
1380 
1381  /*
1382  * If we failed to pick an IPv6 address from any of the subnets.
1383  * Presumably that means we have no addresses for the client.
1384  */
1385  if (jumbo_range != 0) {
1386  log_debug("Unable to pick client address: "
1387  "no addresses available - shared network %s: "
1388  " 2^64-1 < total, %llu active, %llu abandoned",
1389  shared_name, active - abandoned, abandoned);
1390  } else {
1391  log_debug("Unable to pick client address: "
1392  "no addresses available - shared network %s: "
1393  "%llu total, %llu active, %llu abandoned",
1394  shared_name, total, active - abandoned, abandoned);
1395  }
1396 
1397  return ISC_R_NORESOURCES;
1398 }
1399 
1400 /*
1401  * Try to get the IPv6 prefix the client asked for from the
1402  * prefix pool.
1403  *
1404  * pref is the result (should be a pointer to NULL on entry)
1405  * pool is the prefix pool to search in
1406  * requested_pref is the address the client wants
1407  */
1408 static isc_result_t
1409 try_client_v6_prefix(struct iasubopt **pref,
1410  struct ipv6_pool *pool,
1411  const struct data_string *requested_pref)
1412 {
1413  u_int8_t tmp_plen;
1414  struct in6_addr tmp_pref;
1415  struct iaddr ia;
1416  isc_result_t result;
1417 
1418  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1419  return DHCP_R_INVALIDARG;
1420  }
1421  tmp_plen = (int) requested_pref->data[0];
1422  if ((tmp_plen < 3) || (tmp_plen > 128) ||
1423  ((int)tmp_plen != pool->units)) {
1424  return ISC_R_FAILURE;
1425  }
1426  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1427  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1428  return ISC_R_FAILURE;
1429  }
1430  ia.len = 16;
1431  memcpy(&ia.iabuf, &tmp_pref, 16);
1432  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1433  return ISC_R_FAILURE;
1434  }
1435 
1436  if (!ipv6_in_pool(&tmp_pref, pool)) {
1437  return ISC_R_ADDRNOTAVAIL;
1438  }
1439 
1440  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1441  return ISC_R_ADDRINUSE;
1442  }
1443 
1444  result = iasubopt_allocate(pref, MDL);
1445  if (result != ISC_R_SUCCESS) {
1446  return result;
1447  }
1448  (*pref)->addr = tmp_pref;
1449  (*pref)->plen = tmp_plen;
1450 
1451  /* Default is soft binding for 2 minutes. */
1452  result = add_lease6(pool, *pref, cur_time + 120);
1453  if (result != ISC_R_SUCCESS) {
1454  iasubopt_dereference(pref, MDL);
1455  }
1456  return result;
1457 }
1458 
1498 static isc_result_t
1499 pick_v6_prefix(struct reply_state *reply) {
1500  struct ipv6_pool *p = NULL;
1501  struct ipv6_pond *pond;
1502  int i;
1503  isc_result_t result;
1504 
1505  /*
1506  * Do a quick walk through of the ponds and pools
1507  * to see if we have any prefix pools
1508  */
1509  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1510  if (pond->ipv6_pools == NULL)
1511  continue;
1512 
1513  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1514  if (p->pool_type == D6O_IA_PD)
1515  break;
1516  }
1517  if (p != NULL)
1518  break;
1519  }
1520 
1521  /* If we get here and p is NULL we have no useful pools */
1522  if (p == NULL) {
1523  log_debug("Unable to pick client prefix: "
1524  "no IPv6 pools on this shared network");
1525  return ISC_R_NORESOURCES;
1526  }
1527 
1528  if (reply->preflen <= 0) {
1529  /* If we didn't get a plen (-1) or client plen is 0, then just
1530  * select first available (same as PLM_INGORE) */
1531  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1532  } else {
1533  switch (prefix_length_mode) {
1534  case PLM_PREFER:
1535  /* First we look for an exact match, if not found
1536  * then first available */
1537  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1538  if (result != ISC_R_SUCCESS) {
1539  result = pick_v6_prefix_helper(reply,
1540  PLM_IGNORE);
1541  }
1542  break;
1543 
1544  case PLM_EXACT:
1545  /* Match exactly or fail */
1546  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1547  break;
1548 
1549  case PLM_MINIMUM:
1550  case PLM_MAXIMUM:
1551  /* First we look for an exact match, if not found
1552  * then first available by mode */
1553  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1554  if (result != ISC_R_SUCCESS) {
1555  result = pick_v6_prefix_helper(reply,
1557  }
1558  break;
1559 
1560  default:
1561  /* First available */
1562  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1563  break;
1564  }
1565  }
1566 
1567  if (result == ISC_R_SUCCESS) {
1568  char tmp_buf[INET6_ADDRSTRLEN];
1569 
1570  log_debug("Picking pool prefix %s/%u",
1571  inet_ntop(AF_INET6, &(reply->lease->addr),
1572  tmp_buf, sizeof(tmp_buf)),
1573  (unsigned)(reply->lease->plen));
1574  return (ISC_R_SUCCESS);
1575  }
1576 
1577  /*
1578  * If we failed to pick an IPv6 prefix
1579  * Presumably that means we have no prefixes for the client.
1580  */
1581  log_debug("Unable to pick client prefix: no prefixes available");
1582  return ISC_R_NORESOURCES;
1583 }
1584 
1608 isc_result_t
1609 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1610  struct ipv6_pool *p = NULL;
1611  struct ipv6_pond *pond;
1612  int i;
1613  unsigned int attempts;
1614  struct iasubopt **pref = &reply->lease;
1615 
1616  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1617  if (((pond->prohibit_list != NULL) &&
1618  (permitted(reply->packet, pond->prohibit_list))) ||
1619  ((pond->permit_list != NULL) &&
1620  (!permitted(reply->packet, pond->permit_list))))
1621  continue;
1622 
1623  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1624  if ((p->pool_type == D6O_IA_PD) &&
1625  (eval_prefix_mode(p->units, reply->preflen,
1626  prefix_mode) == 1) &&
1627  (create_prefix6(p, pref, &attempts,
1628  &reply->ia->iaid_duid,
1629  cur_time + 120) == ISC_R_SUCCESS)) {
1630  return (ISC_R_SUCCESS);
1631  }
1632  }
1633  }
1634 
1635  return ISC_R_NORESOURCES;
1636 }
1637 
1652 int
1653 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1654  int use_it = 1;
1655  switch (prefix_mode) {
1656  case PLM_EXACT:
1657  use_it = (len == preflen);
1658  break;
1659  case PLM_MINIMUM:
1660  /* they asked for a prefix length no "shorter" than preflen */
1661  use_it = (len >= preflen);
1662  break;
1663  case PLM_MAXIMUM:
1664  /* they asked for a prefix length no "longer" than preflen */
1665  use_it = (len <= preflen);
1666  break;
1667  default:
1668  /* otherwise use it */
1669  break;
1670  }
1671 
1672 #if defined (DEBUG)
1673  log_debug("eval_prefix_mode: "
1674  "len %d, preflen %d, mode %s, use_it %d",
1675  len, preflen,
1676  prefix_length_modes.values[prefix_mode].name, use_it);
1677 #endif
1678 
1679  return (use_it);
1680 }
1681 
1682 /*
1683  *! \file server/dhcpv6.c
1684  *
1685  * \brief construct a reply containing information about a client's lease
1686  *
1687  * lease_to_client() is called from several messages to construct a
1688  * reply that contains all that we know about the client's correct lease
1689  * (or projected lease).
1690  *
1691  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1692  * send what we "may" give them on a request.
1693  *
1694  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1695  * the client should really use).
1696  *
1697  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1698  * Rebind out any "wrong" addresses the client sends. This means we send
1699  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1700  * possibly send the address with zeroed lifetimes.
1701  *
1702  * Information-Request - No binding.
1703  *
1704  * The basic structure is to traverse the client-supplied data first, and
1705  * validate and echo back any contents that can be. If the client-supplied
1706  * data does not error out (on renew/rebind as above), but we did not send
1707  * any addresses, attempt to allocate one.
1708  *
1709  * At the end of the this function we call commit_leases_timed() to
1710  * fsync and rotate the file as necessary. commit_leases_timed() will
1711  * check that we have written at least one lease to the file and that
1712  * some time has passed before doing any fsync or file rewrite so we
1713  * don't bother tracking if we did a write_ia during this function.
1714  */
1715 /* TODO: look at client hints for lease times */
1716 
1717 static void
1718 lease_to_client(struct data_string *reply_ret,
1719  struct packet *packet,
1720  const struct data_string *client_id,
1721  const struct data_string *server_id)
1722 {
1723  static struct reply_state reply;
1724  struct option_cache *oc;
1725  struct data_string packet_oro;
1726  int i;
1727 
1728  memset(&packet_oro, 0, sizeof(packet_oro));
1729 
1730  /* Locate the client. */
1731  if (shared_network_from_packet6(&reply.shared,
1732  packet) != ISC_R_SUCCESS)
1733  goto exit;
1734 
1735  /*
1736  * Initialize the reply.
1737  */
1738  packet_reference(&reply.packet, packet, MDL);
1739  data_string_copy(&reply.client_id, client_id, MDL);
1740 
1741  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1742  &reply.buf.reply))
1743  goto exit;
1744 
1745  /* Set the write cursor to just past the reply header. */
1746  reply.cursor = REPLY_OPTIONS_INDEX;
1747 
1748  /*
1749  * Get the ORO from the packet, if any.
1750  */
1751  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1752  if (oc != NULL) {
1753  if (!evaluate_option_cache(&packet_oro, packet,
1754  NULL, NULL,
1755  packet->options, NULL,
1756  &global_scope, oc, MDL)) {
1757  log_error("lease_to_client: error evaluating ORO.");
1758  goto exit;
1759  }
1760  }
1761 
1762  /*
1763  * Find a host record that matches the packet, if any, and is
1764  * valid for the shared network the client is on.
1765  */
1766  if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1767  packet->known = 1;
1768  seek_shared_host(&reply.host, reply.shared);
1769  }
1770 
1771  /* Process the client supplied IA's onto the reply buffer. */
1772  reply.ia_count = 0;
1774 
1775  for (; oc != NULL ; oc = oc->next) {
1776  isc_result_t status;
1777 
1778  /* Start counting resources (addresses) offered. */
1779  reply.client_resources = 0;
1780  reply.resources_included = ISC_FALSE;
1781 
1782  status = reply_process_ia_na(&reply, oc);
1783 
1784  /*
1785  * We continue to try other IA's whether we can address
1786  * this one or not. Any other result is an immediate fail.
1787  */
1788  if ((status != ISC_R_SUCCESS) &&
1789  (status != ISC_R_NORESOURCES))
1790  goto exit;
1791  }
1793  for (; oc != NULL ; oc = oc->next) {
1794  isc_result_t status;
1795 
1796  /* Start counting resources (addresses) offered. */
1797  reply.client_resources = 0;
1798  reply.resources_included = ISC_FALSE;
1799 
1800  status = reply_process_ia_ta(&reply, oc);
1801 
1802  /*
1803  * We continue to try other IA's whether we can address
1804  * this one or not. Any other result is an immediate fail.
1805  */
1806  if ((status != ISC_R_SUCCESS) &&
1807  (status != ISC_R_NORESOURCES))
1808  goto exit;
1809  }
1810 
1811  /* Same for IA_PD's. */
1812  reply.pd_count = 0;
1814  for (; oc != NULL ; oc = oc->next) {
1815  isc_result_t status;
1816 
1817  /* Start counting resources (prefixes) offered. */
1818  reply.client_resources = 0;
1819  reply.resources_included = ISC_FALSE;
1820 
1821  status = reply_process_ia_pd(&reply, oc);
1822 
1823  /*
1824  * We continue to try other IA_PD's whether we can address
1825  * this one or not. Any other result is an immediate fail.
1826  */
1827  if ((status != ISC_R_SUCCESS) &&
1828  (status != ISC_R_NORESOURCES))
1829  goto exit;
1830  }
1831 
1832  /*
1833  * Make no reply if we gave no resources and is not
1834  * for Information-Request.
1835  */
1836  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1837  if (reply.packet->dhcpv6_msg_type !=
1839  goto exit;
1840 
1841  /*
1842  * Because we only execute statements on a per-IA basis,
1843  * we need to execute statements in any non-IA reply to
1844  * source configuration.
1845  */
1846  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1847  reply.packet->options,
1848  reply.opt_state, &global_scope,
1849  reply.shared->group, root_group,
1850  NULL);
1851 
1852  /* Execute statements from class scopes. */
1853  for (i = reply.packet->class_count; i > 0; i--) {
1854  execute_statements_in_scope(NULL, reply.packet,
1855  NULL, NULL,
1856  reply.packet->options,
1857  reply.opt_state,
1858  &global_scope,
1859  reply.packet->classes[i - 1]->group,
1860  reply.shared->group, NULL);
1861  }
1862 
1863  /* Bring in any configuration from a host record. */
1864  if (reply.host != NULL)
1865  execute_statements_in_scope(NULL, reply.packet,
1866  NULL, NULL,
1867  reply.packet->options,
1868  reply.opt_state,
1869  &global_scope,
1870  reply.host->group,
1871  reply.shared->group, NULL);
1872  }
1873 
1874  /*
1875  * RFC3315 section 17.2.2 (Solicit):
1876  *
1877  * If the server will not assign any addresses to any IAs in a
1878  * subsequent Request from the client, the server MUST send an
1879  * Advertise message to the client that includes only a Status
1880  * Code option with code NoAddrsAvail and a status message for
1881  * the user, a Server Identifier option with the server's DUID,
1882  * and a Client Identifier option with the client's DUID.
1883  *
1884  * This has been updated by an errata such that the server
1885  * can always send an IA.
1886  *
1887  * Section 18.2.1 (Request):
1888  *
1889  * If the server cannot assign any addresses to an IA in the
1890  * message from the client, the server MUST include the IA in
1891  * the Reply message with no addresses in the IA and a Status
1892  * Code option in the IA containing status code NoAddrsAvail.
1893  *
1894  * Section 18.1.8 (Client Behavior):
1895  *
1896  * Leave unchanged any information about addresses the client has
1897  * recorded in the IA but that were not included in the IA from
1898  * the server.
1899  * Sends a Renew/Rebind if the IA is not in the Reply message.
1900  */
1901 
1902  /*
1903  * Having stored the client's IA's, store any options that
1904  * will fit in the remaining space.
1905  */
1906  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1907  sizeof(reply.buf) - reply.cursor,
1908  reply.opt_state, reply.packet,
1909  required_opts_solicit,
1910  &packet_oro);
1911 
1912  /* Return our reply to the caller. */
1913  reply_ret->len = reply.cursor;
1914  reply_ret->buffer = NULL;
1915  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1916  log_fatal("No memory to store Reply.");
1917  }
1918  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1919  reply_ret->data = reply_ret->buffer->data;
1920 
1921  /* If appropriate commit and rotate the lease file */
1922  (void) commit_leases_timed();
1923 
1924  exit:
1925  /* Cleanup. */
1926  if (reply.shared != NULL)
1927  shared_network_dereference(&reply.shared, MDL);
1928  if (reply.host != NULL)
1929  host_dereference(&reply.host, MDL);
1930  if (reply.opt_state != NULL)
1931  option_state_dereference(&reply.opt_state, MDL);
1932  if (reply.packet != NULL)
1933  packet_dereference(&reply.packet, MDL);
1934  if (reply.client_id.data != NULL)
1935  data_string_forget(&reply.client_id, MDL);
1936  if (packet_oro.buffer != NULL)
1937  data_string_forget(&packet_oro, MDL);
1938  reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1939  reply.cursor = 0;
1940 }
1941 
1942 /* Process a client-supplied IA_NA. This may append options to the tail of
1943  * the reply packet being built in the reply_state structure.
1944  */
1945 static isc_result_t
1946 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1947  isc_result_t status = ISC_R_SUCCESS;
1948  u_int32_t iaid;
1949  unsigned ia_cursor;
1950  struct option_state *packet_ia;
1951  struct option_cache *oc;
1952  struct data_string ia_data, data;
1953 
1954  /* Initialize values that will get cleaned up on return. */
1955  packet_ia = NULL;
1956  memset(&ia_data, 0, sizeof(ia_data));
1957  memset(&data, 0, sizeof(data));
1958  /*
1959  * Note that find_client_address() may set reply->lease.
1960  */
1961 
1962  /* Make sure there is at least room for the header. */
1963  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
1964  log_error("reply_process_ia_na: Reply too long for IA.");
1965  return ISC_R_NOSPACE;
1966  }
1967 
1968 
1969  /* Fetch the IA_NA contents. */
1970  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
1971  ia, IA_NA_OFFSET)) {
1972  log_error("reply_process_ia_na: error evaluating ia");
1973  status = ISC_R_FAILURE;
1974  goto cleanup;
1975  }
1976 
1977  /* Extract IA_NA header contents. */
1978  iaid = getULong(ia_data.data);
1979  reply->renew = getULong(ia_data.data + 4);
1980  reply->rebind = getULong(ia_data.data + 8);
1981 
1982  /* Create an IA_NA structure. */
1983  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
1984  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
1985  log_error("reply_process_ia_na: no memory for ia.");
1986  status = ISC_R_NOMEMORY;
1987  goto cleanup;
1988  }
1989  reply->ia->ia_type = D6O_IA_NA;
1990 
1991  /* Cache pre-existing IA, if any. */
1992  ia_hash_lookup(&reply->old_ia, ia_na_active,
1993  (unsigned char *)reply->ia->iaid_duid.data,
1994  reply->ia->iaid_duid.len, MDL);
1995 
1996  /*
1997  * Create an option cache to carry the IA_NA option contents, and
1998  * execute any user-supplied values into it.
1999  */
2000  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2001  status = ISC_R_NOMEMORY;
2002  goto cleanup;
2003  }
2004 
2005  /* Check & cache the fixed host record. */
2006  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2007  struct iaddr tmp_addr;
2008 
2009  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2010  NULL, NULL, &global_scope,
2011  reply->host->fixed_addr, MDL)) {
2012  log_error("reply_process_ia_na: unable to evaluate "
2013  "fixed address.");
2014  status = ISC_R_FAILURE;
2015  goto cleanup;
2016  }
2017 
2018  if (reply->fixed.len < 16) {
2019  log_error("reply_process_ia_na: invalid fixed address.");
2020  status = DHCP_R_INVALIDARG;
2021  goto cleanup;
2022  }
2023 
2024  /* Find the static lease's subnet. */
2025  tmp_addr.len = 16;
2026  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2027 
2028  if (find_grouped_subnet(&reply->subnet, reply->shared,
2029  tmp_addr, MDL) == 0)
2030  log_fatal("Impossible condition at %s:%d.", MDL);
2031 
2032  reply->static_lease = ISC_TRUE;
2033  } else
2034  reply->static_lease = ISC_FALSE;
2035 
2036  /*
2037  * Save the cursor position at the start of the IA, so we can
2038  * set length and adjust t1/t2 values later. We write a temporary
2039  * header out now just in case we decide to adjust the packet
2040  * within sub-process functions.
2041  */
2042  ia_cursor = reply->cursor;
2043 
2044  /* Initialize the IA_NA header. First the code. */
2045  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2046  reply->cursor += 2;
2047 
2048  /* Then option length. */
2049  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2050  reply->cursor += 2;
2051 
2052  /* Then IA_NA header contents; IAID. */
2053  putULong(reply->buf.data + reply->cursor, iaid);
2054  reply->cursor += 4;
2055 
2056  /* We store the client's t1 for now, and may over-ride it later. */
2057  putULong(reply->buf.data + reply->cursor, reply->renew);
2058  reply->cursor += 4;
2059 
2060  /* We store the client's t2 for now, and may over-ride it later. */
2061  putULong(reply->buf.data + reply->cursor, reply->rebind);
2062  reply->cursor += 4;
2063 
2064  /*
2065  * For each address in this IA_NA, decide what to do about it.
2066  *
2067  * Guidelines:
2068  *
2069  * The client leaves unchanged any information about addresses
2070  * it has recorded but are not included ("cancel/break" below).
2071  * A not included IA ("cleanup" below) could give a Renew/Rebind.
2072  */
2073  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2074  reply->min_valid = reply->min_prefer = 0xffffffff;
2075  reply->client_valid = reply->client_prefer = 0;
2076  for (; oc != NULL ; oc = oc->next) {
2077  status = reply_process_addr(reply, oc);
2078 
2079  /*
2080  * Canceled means we did not allocate addresses to the
2081  * client, but we're "done" with this IA - we set a status
2082  * code. So transmit this reply, e.g., move on to the next
2083  * IA.
2084  */
2085  if (status == ISC_R_CANCELED)
2086  break;
2087 
2088  if ((status != ISC_R_SUCCESS) &&
2089  (status != ISC_R_ADDRINUSE) &&
2090  (status != ISC_R_ADDRNOTAVAIL))
2091  goto cleanup;
2092  }
2093 
2094  reply->ia_count++;
2095 
2096  /*
2097  * If we fell through the above and never gave the client
2098  * an address, give it one now.
2099  */
2100  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2101  status = find_client_address(reply);
2102 
2103  if (status == ISC_R_NORESOURCES) {
2104  switch (reply->packet->dhcpv6_msg_type) {
2105  case DHCPV6_SOLICIT:
2106  /*
2107  * No address for any IA is handled
2108  * by the caller.
2109  */
2110  /* FALL THROUGH */
2111 
2112  case DHCPV6_REQUEST:
2113  /* Section 18.2.1 (Request):
2114  *
2115  * If the server cannot assign any addresses to
2116  * an IA in the message from the client, the
2117  * server MUST include the IA in the Reply
2118  * message with no addresses in the IA and a
2119  * Status Code option in the IA containing
2120  * status code NoAddrsAvail.
2121  */
2122  option_state_dereference(&reply->reply_ia, MDL);
2123  if (!option_state_allocate(&reply->reply_ia,
2124  MDL))
2125  {
2126  log_error("reply_process_ia_na: No "
2127  "memory for option state "
2128  "wipe.");
2129  status = ISC_R_NOMEMORY;
2130  goto cleanup;
2131  }
2132 
2133  if (!set_status_code(STATUS_NoAddrsAvail,
2134  "No addresses available "
2135  "for this interface.",
2136  reply->reply_ia)) {
2137  log_error("reply_process_ia_na: Unable "
2138  "to set NoAddrsAvail status "
2139  "code.");
2140  status = ISC_R_FAILURE;
2141  goto cleanup;
2142  }
2143 
2144  status = ISC_R_SUCCESS;
2145  break;
2146 
2147  default:
2148  /*
2149  * RFC 3315 does not tell us to emit a status
2150  * code in this condition, or anything else.
2151  *
2152  * If we included non-allocated addresses
2153  * (zeroed lifetimes) in an IA, then the client
2154  * will deconfigure them.
2155  *
2156  * So we want to include the IA even if we
2157  * can't give it a new address if it includes
2158  * zeroed lifetime addresses.
2159  *
2160  * We don't want to include the IA if we
2161  * provide zero addresses including zeroed
2162  * lifetimes.
2163  */
2164  if (reply->resources_included)
2165  status = ISC_R_SUCCESS;
2166  else
2167  goto cleanup;
2168  break;
2169  }
2170  }
2171 
2172  if (status != ISC_R_SUCCESS)
2173  goto cleanup;
2174  }
2175 
2176  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2177  sizeof(reply->buf) - reply->cursor,
2178  reply->reply_ia, reply->packet,
2179  required_opts_IA, NULL);
2180 
2181  /* Reset the length of this IA to match what was just written. */
2182  putUShort(reply->buf.data + ia_cursor + 2,
2183  reply->cursor - (ia_cursor + 4));
2184 
2185  /* Calculate T1/T2 and stuff them in the reply */
2186  set_reply_tee_times(reply, ia_cursor);
2187 
2188  /*
2189  * yes, goto's aren't the best but we also want to avoid extra
2190  * indents
2191  */
2192  if (status == ISC_R_CANCELED)
2193  goto cleanup;
2194 
2195  /*
2196  * Handle static leases, we always log stuff and if it's
2197  * a hard binding we run any commit statements that we have
2198  */
2199  if (reply->static_lease) {
2200  char tmp_addr[INET6_ADDRSTRLEN];
2201  log_info("%s NA: address %s to client with duid %s iaid = %d "
2202  "static",
2203  dhcpv6_type_names[reply->buf.reply.msg_type],
2204  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2205  sizeof(tmp_addr)),
2206  print_hex_1(reply->client_id.len,
2207  reply->client_id.data, 60),
2208  iaid);
2209 
2210  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2211  (reply->on_star.on_commit != NULL)) {
2212  execute_statements(NULL, reply->packet, NULL, NULL,
2213  reply->packet->options,
2214  reply->opt_state, NULL,
2215  reply->on_star.on_commit, NULL);
2217  (&reply->on_star.on_commit, MDL);
2218  }
2219  goto cleanup;
2220  }
2221 
2222  /*
2223  * If we have any addresses log what we are doing.
2224  */
2225  if (reply->ia->num_iasubopt != 0) {
2226  struct iasubopt *tmp;
2227  int i;
2228  char tmp_addr[INET6_ADDRSTRLEN];
2229 
2230  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2231  tmp = reply->ia->iasubopt[i];
2232 
2233  log_info("%s NA: address %s to client with duid %s "
2234  "iaid = %d valid for %u seconds",
2235  dhcpv6_type_names[reply->buf.reply.msg_type],
2236  inet_ntop(AF_INET6, &tmp->addr,
2237  tmp_addr, sizeof(tmp_addr)),
2238  print_hex_1(reply->client_id.len,
2239  reply->client_id.data, 60),
2240  iaid, tmp->valid);
2241  }
2242  }
2243 
2244  /*
2245  * If this is not a 'soft' binding, consume the new changes into
2246  * the database (if any have been attached to the ia_na).
2247  *
2248  * Loop through the assigned dynamic addresses, referencing the
2249  * leases onto this IA_NA rather than any old ones, and updating
2250  * pool timers for each (if any).
2251  */
2252 
2253  if ((reply->ia->num_iasubopt != 0) &&
2254  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2255  struct iasubopt *tmp;
2256  struct data_string *ia_id;
2257  int i;
2258 
2259  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2260  tmp = reply->ia->iasubopt[i];
2261 
2262  if (tmp->ia != NULL)
2263  ia_dereference(&tmp->ia, MDL);
2264  ia_reference(&tmp->ia, reply->ia, MDL);
2265 
2266  /* Commit 'hard' bindings. */
2267  renew_lease6(tmp->ipv6_pool, tmp);
2269 
2270  /* If we have anything to do on commit do it now */
2271  if (tmp->on_star.on_commit != NULL) {
2272  execute_statements(NULL, reply->packet,
2273  NULL, NULL,
2274  reply->packet->options,
2275  reply->opt_state,
2276  &tmp->scope,
2277  tmp->on_star.on_commit,
2278  &tmp->on_star);
2280  (&tmp->on_star.on_commit, MDL);
2281  }
2282 
2283 #if defined (NSUPDATE)
2284  /*
2285  * Perform ddns updates.
2286  */
2287  oc = lookup_option(&server_universe, reply->opt_state,
2288  SV_DDNS_UPDATES);
2289  if ((oc == NULL) ||
2290  evaluate_boolean_option_cache(NULL, reply->packet,
2291  NULL, NULL,
2292  reply->packet->options,
2293  reply->opt_state,
2294  &tmp->scope,
2295  oc, MDL)) {
2296  ddns_updates(reply->packet, NULL, NULL,
2297  tmp, NULL, reply->opt_state);
2298  }
2299 #endif
2300  /* Do our threshold check. */
2301  check_pool6_threshold(reply, tmp);
2302  }
2303 
2304  /* Remove any old ia from the hash. */
2305  if (reply->old_ia != NULL) {
2306  ia_id = &reply->old_ia->iaid_duid;
2307  ia_hash_delete(ia_na_active,
2308  (unsigned char *)ia_id->data,
2309  ia_id->len, MDL);
2310  ia_dereference(&reply->old_ia, MDL);
2311  }
2312 
2313  /* Put new ia into the hash. */
2314  reply->ia->cltt = cur_time;
2315  ia_id = &reply->ia->iaid_duid;
2316  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2317  ia_id->len, reply->ia, MDL);
2318 
2319  write_ia(reply->ia);
2320  } else {
2321  schedule_lease_timeout_reply(reply);
2322  }
2323 
2324  cleanup:
2325  if (packet_ia != NULL)
2326  option_state_dereference(&packet_ia, MDL);
2327  if (reply->reply_ia != NULL)
2328  option_state_dereference(&reply->reply_ia, MDL);
2329  if (ia_data.data != NULL)
2330  data_string_forget(&ia_data, MDL);
2331  if (data.data != NULL)
2333  if (reply->ia != NULL)
2334  ia_dereference(&reply->ia, MDL);
2335  if (reply->old_ia != NULL)
2336  ia_dereference(&reply->old_ia, MDL);
2337  if (reply->lease != NULL)
2338  iasubopt_dereference(&reply->lease, MDL);
2339  if (reply->fixed.data != NULL)
2340  data_string_forget(&reply->fixed, MDL);
2341  if (reply->subnet != NULL)
2342  subnet_dereference(&reply->subnet, MDL);
2343  if (reply->on_star.on_expiry != NULL)
2345  (&reply->on_star.on_expiry, MDL);
2346  if (reply->on_star.on_release != NULL)
2348  (&reply->on_star.on_release, MDL);
2349 
2350  /*
2351  * ISC_R_CANCELED is a status code used by the addr processing to
2352  * indicate we're replying with a status code. This is still a
2353  * success at higher layers.
2354  */
2355  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2356 }
2357 
2358 /*
2359  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2360  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2361  * in the event we are replying with a status code and do not wish to process
2362  * more IAADDRs within this IA.
2363  */
2364 static isc_result_t
2365 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2366  u_int32_t pref_life, valid_life;
2367  struct binding_scope **scope;
2368  struct group *group;
2369  struct subnet *subnet;
2370  struct iaddr tmp_addr;
2371  struct option_cache *oc;
2372  struct data_string iaaddr, data;
2373  isc_result_t status = ISC_R_SUCCESS;
2374 
2375  /* Initializes values that will be cleaned up. */
2376  memset(&iaaddr, 0, sizeof(iaaddr));
2377  memset(&data, 0, sizeof(data));
2378  /* Note that reply->lease may be set by address_is_owned() */
2379 
2380  /*
2381  * There is no point trying to process an incoming address if there
2382  * is no room for an outgoing address.
2383  */
2384  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2385  log_error("reply_process_addr: Out of room for address.");
2386  return ISC_R_NOSPACE;
2387  }
2388 
2389  /* Extract this IAADDR option. */
2390  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2391  reply->packet->options, NULL, &global_scope,
2392  addr, MDL) ||
2393  (iaaddr.len < IAADDR_OFFSET)) {
2394  log_error("reply_process_addr: error evaluating IAADDR.");
2395  status = ISC_R_FAILURE;
2396  goto cleanup;
2397  }
2398 
2399  /* The first 16 bytes are the IPv6 address. */
2400  pref_life = getULong(iaaddr.data + 16);
2401  valid_life = getULong(iaaddr.data + 20);
2402 
2403  if ((reply->client_valid == 0) ||
2404  (reply->client_valid > valid_life))
2405  reply->client_valid = valid_life;
2406 
2407  if ((reply->client_prefer == 0) ||
2408  (reply->client_prefer > pref_life))
2409  reply->client_prefer = pref_life;
2410 
2411  /*
2412  * Clients may choose to send :: as an address, with the idea to give
2413  * hints about preferred-lifetime or valid-lifetime.
2414  */
2415  tmp_addr.len = 16;
2416  memset(tmp_addr.iabuf, 0, 16);
2417  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2418  /* Status remains success; we just ignore this one. */
2419  goto cleanup;
2420  }
2421 
2422  /* tmp_addr len remains 16 */
2423  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2424 
2425  /*
2426  * Verify that this address is on the client's network.
2427  */
2428  for (subnet = reply->shared->subnets ; subnet != NULL ;
2429  subnet = subnet->next_sibling) {
2430  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2431  subnet->net))
2432  break;
2433  }
2434 
2435  /* Address not found on shared network. */
2436  if (subnet == NULL) {
2437  /* Ignore this address on 'soft' bindings. */
2438  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2439  /* disable rapid commit */
2440  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2442  reply->opt_state,
2444  /* status remains success */
2445  goto cleanup;
2446  }
2447 
2448  /*
2449  * RFC3315 section 18.2.1:
2450  *
2451  * If the server finds that the prefix on one or more IP
2452  * addresses in any IA in the message from the client is not
2453  * appropriate for the link to which the client is connected,
2454  * the server MUST return the IA to the client with a Status
2455  * Code option with the value NotOnLink.
2456  */
2457  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2458  /* Rewind the IA_NA to empty. */
2459  option_state_dereference(&reply->reply_ia, MDL);
2460  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2461  log_error("reply_process_addr: No memory for "
2462  "option state wipe.");
2463  status = ISC_R_NOMEMORY;
2464  goto cleanup;
2465  }
2466 
2467  /* Append a NotOnLink status code. */
2468  if (!set_status_code(STATUS_NotOnLink,
2469  "Address not for use on this "
2470  "link.", reply->reply_ia)) {
2471  log_error("reply_process_addr: Failure "
2472  "setting status code.");
2473  status = ISC_R_FAILURE;
2474  goto cleanup;
2475  }
2476 
2477  /* Fin (no more IAADDRs). */
2478  status = ISC_R_CANCELED;
2479  goto cleanup;
2480  }
2481 
2482  /*
2483  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2484  *
2485  * If the server finds that any of the addresses are not
2486  * appropriate for the link to which the client is attached,
2487  * the server returns the address to the client with lifetimes
2488  * of 0.
2489  */
2490  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2491  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2492  log_error("It is impossible to lease a client that is "
2493  "not sending a solicit, request, renew, or "
2494  "rebind.");
2495  status = ISC_R_FAILURE;
2496  goto cleanup;
2497  }
2498 
2499  reply->send_prefer = reply->send_valid = 0;
2500  goto send_addr;
2501  }
2502 
2503  /* Verify the address belongs to the client. */
2504  if (!address_is_owned(reply, &tmp_addr)) {
2505  /*
2506  * For solicit and request, any addresses included are
2507  * 'requested' addresses. For rebind, we actually have
2508  * no direction on what to do from 3315 section 18.2.4!
2509  * So I think the best bet is to try and give it out, and if
2510  * we can't, zero lifetimes.
2511  */
2512  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2513  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2514  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2515  status = reply_process_try_addr(reply, &tmp_addr);
2516 
2517  /*
2518  * If the address is in use, or isn't in any dynamic
2519  * range, continue as normal. If any other error was
2520  * found, error out.
2521  */
2522  if ((status != ISC_R_SUCCESS) &&
2523  (status != ISC_R_ADDRINUSE) &&
2524  (status != ISC_R_ADDRNOTAVAIL))
2525  goto cleanup;
2526 
2527  /*
2528  * If we didn't honor this lease, for solicit and
2529  * request we simply omit it from our answer. For
2530  * rebind, we send it with zeroed lifetimes.
2531  */
2532  if (reply->lease == NULL) {
2533  if (reply->packet->dhcpv6_msg_type ==
2534  DHCPV6_REBIND) {
2535  reply->send_prefer = 0;
2536  reply->send_valid = 0;
2537  goto send_addr;
2538  }
2539 
2540  /* status remains success - ignore */
2541  goto cleanup;
2542  }
2543  /*
2544  * RFC3315 section 18.2.3:
2545  *
2546  * If the server cannot find a client entry for the IA the
2547  * server returns the IA containing no addresses with a Status
2548  * Code option set to NoBinding in the Reply message.
2549  *
2550  * On mismatch we (ab)use this pretending we have not the IA
2551  * as soon as we have not an address.
2552  */
2553  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2554  /* Rewind the IA_NA to empty. */
2555  option_state_dereference(&reply->reply_ia, MDL);
2556  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2557  log_error("reply_process_addr: No memory for "
2558  "option state wipe.");
2559  status = ISC_R_NOMEMORY;
2560  goto cleanup;
2561  }
2562 
2563  /* Append a NoBinding status code. */
2564  if (!set_status_code(STATUS_NoBinding,
2565  "Address not bound to this "
2566  "interface.", reply->reply_ia)) {
2567  log_error("reply_process_addr: Unable to "
2568  "attach status code.");
2569  status = ISC_R_FAILURE;
2570  goto cleanup;
2571  }
2572 
2573  /* Fin (no more IAADDRs). */
2574  status = ISC_R_CANCELED;
2575  goto cleanup;
2576  } else {
2577  log_error("It is impossible to lease a client that is "
2578  "not sending a solicit, request, renew, or "
2579  "rebind message.");
2580  status = ISC_R_FAILURE;
2581  goto cleanup;
2582  }
2583  }
2584 
2585  if (reply->static_lease) {
2586  if (reply->host == NULL)
2587  log_fatal("Impossible condition at %s:%d.", MDL);
2588 
2589  scope = &global_scope;
2590  group = reply->subnet->group;
2591  } else {
2592  if (reply->lease == NULL)
2593  log_fatal("Impossible condition at %s:%d.", MDL);
2594 
2595  scope = &reply->lease->scope;
2596  group = reply->lease->ipv6_pool->ipv6_pond->group;
2597  }
2598 
2599  /*
2600  * If client_resources is nonzero, then the reply_process_is_addressed
2601  * function has executed configuration state into the reply option
2602  * cache. We will use that valid cache to derive configuration for
2603  * whether or not to engage in additional addresses, and similar.
2604  */
2605  if (reply->client_resources != 0) {
2606  unsigned limit = 1;
2607 
2608  /*
2609  * Does this client have "enough" addresses already? Default
2610  * to one. Everybody gets one, and one should be enough for
2611  * anybody.
2612  */
2613  oc = lookup_option(&server_universe, reply->opt_state,
2615  if (oc != NULL) {
2616  if (!evaluate_option_cache(&data, reply->packet,
2617  NULL, NULL,
2618  reply->packet->options,
2619  reply->opt_state,
2620  scope, oc, MDL) ||
2621  (data.len != 4)) {
2622  log_error("reply_process_addr: unable to "
2623  "evaluate addrs-per-ia value.");
2624  status = ISC_R_FAILURE;
2625  goto cleanup;
2626  }
2627 
2628  limit = getULong(data.data);
2630  }
2631 
2632  /*
2633  * If we wish to limit the client to a certain number of
2634  * addresses, then omit the address from the reply.
2635  */
2636  if (reply->client_resources >= limit)
2637  goto cleanup;
2638  }
2639 
2640  status = reply_process_is_addressed(reply, scope, group);
2641  if (status != ISC_R_SUCCESS)
2642  goto cleanup;
2643 
2644  send_addr:
2645  status = reply_process_send_addr(reply, &tmp_addr);
2646 
2647  cleanup:
2648  if (iaaddr.data != NULL)
2649  data_string_forget(&iaaddr, MDL);
2650  if (data.data != NULL)
2652  if (reply->lease != NULL)
2653  iasubopt_dereference(&reply->lease, MDL);
2654 
2655  return status;
2656 }
2657 
2658 /*
2659  * Verify the address belongs to the client. If we've got a host
2660  * record with a fixed address, it has to be the assigned address
2661  * (fault out all else). Otherwise it's a dynamic address, so lookup
2662  * that address and make sure it belongs to this DUID:IAID pair.
2663  */
2664 static isc_boolean_t
2665 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2666  int i;
2667  struct ipv6_pond *pond;
2668 
2669  /*
2670  * This faults out addresses that don't match fixed addresses.
2671  */
2672  if (reply->static_lease) {
2673  if (reply->fixed.data == NULL)
2674  log_fatal("Impossible condition at %s:%d.", MDL);
2675 
2676  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2677  return (ISC_TRUE);
2678 
2679  return (ISC_FALSE);
2680  }
2681 
2682  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2683  return (ISC_FALSE);
2684 
2685  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2686  struct iasubopt *tmp;
2687 
2688  tmp = reply->old_ia->iasubopt[i];
2689 
2690  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2691  if (lease6_usable(tmp) == ISC_FALSE) {
2692  return (ISC_FALSE);
2693  }
2694 
2695  pond = tmp->ipv6_pool->ipv6_pond;
2696  if (((pond->prohibit_list != NULL) &&
2697  (permitted(reply->packet, pond->prohibit_list))) ||
2698  ((pond->permit_list != NULL) &&
2699  (!permitted(reply->packet, pond->permit_list))))
2700  return (ISC_FALSE);
2701 
2702  iasubopt_reference(&reply->lease, tmp, MDL);
2703 
2704  return (ISC_TRUE);
2705  }
2706  }
2707 
2708  return (ISC_FALSE);
2709 }
2710 
2711 /* Process a client-supplied IA_TA. This may append options to the tail of
2712  * the reply packet being built in the reply_state structure.
2713  */
2714 static isc_result_t
2715 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2716  isc_result_t status = ISC_R_SUCCESS;
2717  u_int32_t iaid;
2718  unsigned ia_cursor;
2719  struct option_state *packet_ia;
2720  struct option_cache *oc;
2721  struct data_string ia_data, data;
2722  struct data_string iaaddr;
2723  u_int32_t pref_life, valid_life;
2724  struct iaddr tmp_addr;
2725 
2726  /* Initialize values that will get cleaned up on return. */
2727  packet_ia = NULL;
2728  memset(&ia_data, 0, sizeof(ia_data));
2729  memset(&data, 0, sizeof(data));
2730  memset(&iaaddr, 0, sizeof(iaaddr));
2731 
2732  /* Make sure there is at least room for the header. */
2733  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2734  log_error("reply_process_ia_ta: Reply too long for IA.");
2735  return ISC_R_NOSPACE;
2736  }
2737 
2738 
2739  /* Fetch the IA_TA contents. */
2740  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2741  ia, IA_TA_OFFSET)) {
2742  log_error("reply_process_ia_ta: error evaluating ia");
2743  status = ISC_R_FAILURE;
2744  goto cleanup;
2745  }
2746 
2747  /* Extract IA_TA header contents. */
2748  iaid = getULong(ia_data.data);
2749 
2750  /* Create an IA_TA structure. */
2751  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2752  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2753  log_error("reply_process_ia_ta: no memory for ia.");
2754  status = ISC_R_NOMEMORY;
2755  goto cleanup;
2756  }
2757  reply->ia->ia_type = D6O_IA_TA;
2758 
2759  /* Cache pre-existing IA, if any. */
2760  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2761  (unsigned char *)reply->ia->iaid_duid.data,
2762  reply->ia->iaid_duid.len, MDL);
2763 
2764  /*
2765  * Create an option cache to carry the IA_TA option contents, and
2766  * execute any user-supplied values into it.
2767  */
2768  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2769  status = ISC_R_NOMEMORY;
2770  goto cleanup;
2771  }
2772 
2773  /*
2774  * Temporary leases are dynamic by definition.
2775  */
2776  reply->static_lease = ISC_FALSE;
2777 
2778  /*
2779  * Save the cursor position at the start of the IA, so we can
2780  * set length later. We write a temporary
2781  * header out now just in case we decide to adjust the packet
2782  * within sub-process functions.
2783  */
2784  ia_cursor = reply->cursor;
2785 
2786  /* Initialize the IA_TA header. First the code. */
2787  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2788  reply->cursor += 2;
2789 
2790  /* Then option length. */
2791  putUShort(reply->buf.data + reply->cursor, 0x04u);
2792  reply->cursor += 2;
2793 
2794  /* Then IA_TA header contents; IAID. */
2795  putULong(reply->buf.data + reply->cursor, iaid);
2796  reply->cursor += 4;
2797 
2798  /*
2799  * Deal with an IAADDR for lifetimes.
2800  * For all or none, process IAADDRs as hints.
2801  */
2802  reply->min_valid = reply->min_prefer = 0xffffffff;
2803  reply->client_valid = reply->client_prefer = 0;
2804  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2805  for (; oc != NULL; oc = oc->next) {
2806  memset(&iaaddr, 0, sizeof(iaaddr));
2807  if (!evaluate_option_cache(&iaaddr, reply->packet,
2808  NULL, NULL,
2809  reply->packet->options, NULL,
2810  &global_scope, oc, MDL) ||
2811  (iaaddr.len < IAADDR_OFFSET)) {
2812  log_error("reply_process_ia_ta: error "
2813  "evaluating IAADDR.");
2814  status = ISC_R_FAILURE;
2815  goto cleanup;
2816  }
2817  /* The first 16 bytes are the IPv6 address. */
2818  pref_life = getULong(iaaddr.data + 16);
2819  valid_life = getULong(iaaddr.data + 20);
2820 
2821  if ((reply->client_valid == 0) ||
2822  (reply->client_valid > valid_life))
2823  reply->client_valid = valid_life;
2824 
2825  if ((reply->client_prefer == 0) ||
2826  (reply->client_prefer > pref_life))
2827  reply->client_prefer = pref_life;
2828 
2829  /* Nothing more if something has failed. */
2830  if (status == ISC_R_CANCELED)
2831  continue;
2832 
2833  tmp_addr.len = 16;
2834  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2835  if (!temporary_is_available(reply, &tmp_addr))
2836  goto bad_temp;
2837  status = reply_process_is_addressed(reply,
2838  &reply->lease->scope,
2839  reply->lease->ipv6_pool->ipv6_pond->group);
2840  if (status != ISC_R_SUCCESS)
2841  goto bad_temp;
2842  status = reply_process_send_addr(reply, &tmp_addr);
2843  if (status != ISC_R_SUCCESS)
2844  goto bad_temp;
2845  if (reply->lease != NULL)
2846  iasubopt_dereference(&reply->lease, MDL);
2847  continue;
2848 
2849  bad_temp:
2850  /* Rewind the IA_TA to empty. */
2851  option_state_dereference(&reply->reply_ia, MDL);
2852  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2853  status = ISC_R_NOMEMORY;
2854  goto cleanup;
2855  }
2856  status = ISC_R_CANCELED;
2857  reply->client_resources = 0;
2858  reply->resources_included = ISC_FALSE;
2859  if (reply->lease != NULL)
2860  iasubopt_dereference(&reply->lease, MDL);
2861  }
2862  reply->ia_count++;
2863 
2864  /*
2865  * Give the client temporary addresses.
2866  */
2867  if (reply->client_resources != 0)
2868  goto store;
2869  status = find_client_temporaries(reply);
2870  if (status == ISC_R_NORESOURCES) {
2871  switch (reply->packet->dhcpv6_msg_type) {
2872  case DHCPV6_SOLICIT:
2873  /*
2874  * No address for any IA is handled
2875  * by the caller.
2876  */
2877  /* FALL THROUGH */
2878 
2879  case DHCPV6_REQUEST:
2880  /* Section 18.2.1 (Request):
2881  *
2882  * If the server cannot assign any addresses to
2883  * an IA in the message from the client, the
2884  * server MUST include the IA in the Reply
2885  * message with no addresses in the IA and a
2886  * Status Code option in the IA containing
2887  * status code NoAddrsAvail.
2888  */
2889  option_state_dereference(&reply->reply_ia, MDL);
2890  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2891  log_error("reply_process_ia_ta: No "
2892  "memory for option state wipe.");
2893  status = ISC_R_NOMEMORY;
2894  goto cleanup;
2895  }
2896 
2897  if (!set_status_code(STATUS_NoAddrsAvail,
2898  "No addresses available "
2899  "for this interface.",
2900  reply->reply_ia)) {
2901  log_error("reply_process_ia_ta: Unable "
2902  "to set NoAddrsAvail status code.");
2903  status = ISC_R_FAILURE;
2904  goto cleanup;
2905  }
2906 
2907  status = ISC_R_SUCCESS;
2908  break;
2909 
2910  default:
2911  /*
2912  * We don't want to include the IA if we
2913  * provide zero addresses including zeroed
2914  * lifetimes.
2915  */
2916  if (reply->resources_included)
2917  status = ISC_R_SUCCESS;
2918  else
2919  goto cleanup;
2920  break;
2921  }
2922  } else if (status != ISC_R_SUCCESS)
2923  goto cleanup;
2924 
2925  store:
2926  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2927  sizeof(reply->buf) - reply->cursor,
2928  reply->reply_ia, reply->packet,
2929  required_opts_IA, NULL);
2930 
2931  /* Reset the length of this IA to match what was just written. */
2932  putUShort(reply->buf.data + ia_cursor + 2,
2933  reply->cursor - (ia_cursor + 4));
2934 
2935  /*
2936  * yes, goto's aren't the best but we also want to avoid extra
2937  * indents
2938  */
2939  if (status == ISC_R_CANCELED)
2940  goto cleanup;
2941 
2942  /*
2943  * If we have any addresses log what we are doing.
2944  */
2945  if (reply->ia->num_iasubopt != 0) {
2946  struct iasubopt *tmp;
2947  int i;
2948  char tmp_addr[INET6_ADDRSTRLEN];
2949 
2950  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2951  tmp = reply->ia->iasubopt[i];
2952 
2953  log_info("%s TA: address %s to client with duid %s "
2954  "iaid = %d valid for %u seconds",
2955  dhcpv6_type_names[reply->buf.reply.msg_type],
2956  inet_ntop(AF_INET6, &tmp->addr,
2957  tmp_addr, sizeof(tmp_addr)),
2958  print_hex_1(reply->client_id.len,
2959  reply->client_id.data, 60),
2960  iaid,
2961  tmp->valid);
2962  }
2963  }
2964 
2965  /*
2966  * For hard bindings we consume the new changes into
2967  * the database (if any have been attached to the ia_ta).
2968  *
2969  * Loop through the assigned dynamic addresses, referencing the
2970  * leases onto this IA_TA rather than any old ones, and updating
2971  * pool timers for each (if any).
2972  */
2973  if ((reply->ia->num_iasubopt != 0) &&
2974  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2975  struct iasubopt *tmp;
2976  struct data_string *ia_id;
2977  int i;
2978 
2979  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2980  tmp = reply->ia->iasubopt[i];
2981 
2982  if (tmp->ia != NULL)
2983  ia_dereference(&tmp->ia, MDL);
2984  ia_reference(&tmp->ia, reply->ia, MDL);
2985 
2986  /* Commit 'hard' bindings. */
2987  renew_lease6(tmp->ipv6_pool, tmp);
2989 
2990  /* If we have anything to do on commit do it now */
2991  if (tmp->on_star.on_commit != NULL) {
2992  execute_statements(NULL, reply->packet,
2993  NULL, NULL,
2994  reply->packet->options,
2995  reply->opt_state,
2996  &tmp->scope,
2997  tmp->on_star.on_commit,
2998  &tmp->on_star);
3000  (&tmp->on_star.on_commit, MDL);
3001  }
3002 
3003 #if defined (NSUPDATE)
3004  /*
3005  * Perform ddns updates.
3006  */
3007  oc = lookup_option(&server_universe, reply->opt_state,
3008  SV_DDNS_UPDATES);
3009  if ((oc == NULL) ||
3010  evaluate_boolean_option_cache(NULL, reply->packet,
3011  NULL, NULL,
3012  reply->packet->options,
3013  reply->opt_state,
3014  &tmp->scope,
3015  oc, MDL)) {
3016  ddns_updates(reply->packet, NULL, NULL,
3017  tmp, NULL, reply->opt_state);
3018  }
3019 #endif
3020  /* Do our threshold check. */
3021  check_pool6_threshold(reply, tmp);
3022  }
3023 
3024  /* Remove any old ia from the hash. */
3025  if (reply->old_ia != NULL) {
3026  ia_id = &reply->old_ia->iaid_duid;
3027  ia_hash_delete(ia_ta_active,
3028  (unsigned char *)ia_id->data,
3029  ia_id->len, MDL);
3030  ia_dereference(&reply->old_ia, MDL);
3031  }
3032 
3033  /* Put new ia into the hash. */
3034  reply->ia->cltt = cur_time;
3035  ia_id = &reply->ia->iaid_duid;
3036  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3037  ia_id->len, reply->ia, MDL);
3038 
3039  write_ia(reply->ia);
3040  } else {
3041  schedule_lease_timeout_reply(reply);
3042  }
3043 
3044  cleanup:
3045  if (packet_ia != NULL)
3046  option_state_dereference(&packet_ia, MDL);
3047  if (iaaddr.data != NULL)
3048  data_string_forget(&iaaddr, MDL);
3049  if (reply->reply_ia != NULL)
3050  option_state_dereference(&reply->reply_ia, MDL);
3051  if (ia_data.data != NULL)
3052  data_string_forget(&ia_data, MDL);
3053  if (data.data != NULL)
3055  if (reply->ia != NULL)
3056  ia_dereference(&reply->ia, MDL);
3057  if (reply->old_ia != NULL)
3058  ia_dereference(&reply->old_ia, MDL);
3059  if (reply->lease != NULL)
3060  iasubopt_dereference(&reply->lease, MDL);
3061 
3062  /*
3063  * ISC_R_CANCELED is a status code used by the addr processing to
3064  * indicate we're replying with other addresses. This is still a
3065  * success at higher layers.
3066  */
3067  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3068 }
3069 
3070 /*
3071  * Verify the temporary address is available.
3072  */
3073 static isc_boolean_t
3074 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3075  struct in6_addr tmp_addr;
3076  struct subnet *subnet;
3077  struct ipv6_pool *pool = NULL;
3078  struct ipv6_pond *pond = NULL;
3079  int i;
3080 
3081  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3082  /*
3083  * Clients may choose to send :: as an address, with the idea to give
3084  * hints about preferred-lifetime or valid-lifetime.
3085  * So this is not a request for this address.
3086  */
3087  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3088  return ISC_FALSE;
3089 
3090  /*
3091  * Verify that this address is on the client's network.
3092  */
3093  for (subnet = reply->shared->subnets ; subnet != NULL ;
3094  subnet = subnet->next_sibling) {
3095  if (addr_eq(subnet_number(*addr, subnet->netmask),
3096  subnet->net))
3097  break;
3098  }
3099 
3100  /* Address not found on shared network. */
3101  if (subnet == NULL)
3102  return ISC_FALSE;
3103 
3104  /*
3105  * Check if this address is owned (must be before next step).
3106  */
3107  if (address_is_owned(reply, addr))
3108  return ISC_TRUE;
3109 
3110  /*
3111  * Verify that this address is in a temporary pool and try to get it.
3112  */
3113  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3114  if (((pond->prohibit_list != NULL) &&
3115  (permitted(reply->packet, pond->prohibit_list))) ||
3116  ((pond->permit_list != NULL) &&
3117  (!permitted(reply->packet, pond->permit_list))))
3118  continue;
3119 
3120  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3121  if (pool->pool_type != D6O_IA_TA)
3122  continue;
3123 
3124  if (ipv6_in_pool(&tmp_addr, pool))
3125  break;
3126  }
3127 
3128  if (pool != NULL)
3129  break;
3130  }
3131 
3132  if (pool == NULL)
3133  return ISC_FALSE;
3134  if (lease6_exists(pool, &tmp_addr))
3135  return ISC_FALSE;
3136  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3137  return ISC_FALSE;
3138  reply->lease->addr = tmp_addr;
3139  reply->lease->plen = 0;
3140  /* Default is soft binding for 2 minutes. */
3141  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3142  return ISC_FALSE;
3143 
3144  return ISC_TRUE;
3145 }
3146 
3147 /*
3148  * Get a temporary address per prefix.
3149  */
3150 static isc_result_t
3151 find_client_temporaries(struct reply_state *reply) {
3152  int i;
3153  struct ipv6_pool *p = NULL;
3154  struct ipv6_pond *pond;
3155  isc_result_t status = ISC_R_NORESOURCES;;
3156  unsigned int attempts;
3157  struct iaddr send_addr;
3158 
3159  /*
3160  * Do a quick walk through of the ponds and pools
3161  * to see if we have any prefix pools
3162  */
3163  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3164  if (pond->ipv6_pools == NULL)
3165  continue;
3166 
3167  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3168  if (p->pool_type == D6O_IA_TA)
3169  break;
3170  }
3171  if (p != NULL)
3172  break;
3173  }
3174 
3175  /* If we get here and p is NULL we have no useful pools */
3176  if (p == NULL) {
3177  log_debug("Unable to get client addresses: "
3178  "no IPv6 pools on this shared network");
3179  return ISC_R_NORESOURCES;
3180  }
3181 
3182  /*
3183  * We have at least one pool that could provide an address
3184  * Now we walk through the ponds and pools again and check
3185  * to see if the client is permitted and if an address is
3186  * available
3187  */
3188 
3189  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3190  if (((pond->prohibit_list != NULL) &&
3191  (permitted(reply->packet, pond->prohibit_list))) ||
3192  ((pond->permit_list != NULL) &&
3193  (!permitted(reply->packet, pond->permit_list))))
3194  continue;
3195 
3196  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3197  if (p->pool_type != D6O_IA_TA) {
3198  continue;
3199  }
3200 
3201  /*
3202  * Get an address in this temporary pool.
3203  */
3204  status = create_lease6(p, &reply->lease, &attempts,
3205  &reply->client_id, cur_time + 120);
3206  if (status != ISC_R_SUCCESS) {
3207  log_debug("Unable to get a temporary address.");
3208  goto cleanup;
3209  }
3210 
3211  status = reply_process_is_addressed(reply,
3212  &reply->lease->scope,
3213  pond->group);
3214  if (status != ISC_R_SUCCESS) {
3215  goto cleanup;
3216  }
3217  send_addr.len = 16;
3218  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3219  status = reply_process_send_addr(reply, &send_addr);
3220  if (status != ISC_R_SUCCESS) {
3221  goto cleanup;
3222  }
3223  /*
3224  * reply->lease can't be null as we use it above
3225  * add check if that changes
3226  */
3227  iasubopt_dereference(&reply->lease, MDL);
3228  }
3229  }
3230 
3231  cleanup:
3232  if (reply->lease != NULL) {
3233  iasubopt_dereference(&reply->lease, MDL);
3234  }
3235  return status;
3236 }
3237 
3238 /*
3239  * This function only returns failure on 'hard' failures. If it succeeds,
3240  * it will leave a lease structure behind.
3241  */
3242 static isc_result_t
3243 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3244  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3245  struct ipv6_pool *pool = NULL;
3246  struct ipv6_pond *pond = NULL;
3247  int i;
3248  struct data_string data_addr;
3249 
3250  if ((reply == NULL) || (reply->shared == NULL) ||
3251  (addr == NULL) || (reply->lease != NULL))
3252  return (DHCP_R_INVALIDARG);
3253 
3254  /*
3255  * Do a quick walk through of the ponds and pools
3256  * to see if we have any NA address pools
3257  */
3258  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3259  if (pond->ipv6_pools == NULL)
3260  continue;
3261 
3262  for (i = 0; ; i++) {
3263  pool = pond->ipv6_pools[i];
3264  if ((pool == NULL) ||
3265  (pool->pool_type == D6O_IA_NA))
3266  break;
3267  }
3268  if (pool != NULL)
3269  break;
3270  }
3271 
3272  /* If we get here and p is NULL we have no useful pools */
3273  if (pool == NULL) {
3274  return (ISC_R_ADDRNOTAVAIL);
3275  }
3276 
3277  memset(&data_addr, 0, sizeof(data_addr));
3278  data_addr.len = addr->len;
3279  data_addr.data = addr->iabuf;
3280 
3281  /*
3282  * We have at least one pool that could provide an address
3283  * Now we walk through the ponds and pools again and check
3284  * to see if the client is permitted and if an address is
3285  * available
3286  *
3287  * Within a given pond we start looking at the last pool we
3288  * allocated from, unless it had a collision trying to allocate
3289  * an address. This will tend to move us into less-filled pools.
3290  */
3291 
3292  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3293  if (((pond->prohibit_list != NULL) &&
3294  (permitted(reply->packet, pond->prohibit_list))) ||
3295  ((pond->permit_list != NULL) &&
3296  (!permitted(reply->packet, pond->permit_list))))
3297  continue;
3298 
3299  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3300  if (pool->pool_type != D6O_IA_NA)
3301  continue;
3302 
3303  status = try_client_v6_address(&reply->lease, pool,
3304  &data_addr);
3305  if (status == ISC_R_SUCCESS)
3306  break;
3307  }
3308 
3309  if (status == ISC_R_SUCCESS)
3310  break;
3311  }
3312 
3313  /* Note that this is just pedantry. There is no allocation to free. */
3314  data_string_forget(&data_addr, MDL);
3315  /* Return just the most recent status... */
3316  return (status);
3317 }
3318 
3319 /* Look around for an address to give the client. First, look through the
3320  * old IA for addresses we can extend. Second, try to allocate a new address.
3321  * Finally, actually add that address into the current reply IA.
3322  */
3323 static isc_result_t
3324 find_client_address(struct reply_state *reply) {
3325  struct iaddr send_addr;
3326  isc_result_t status = ISC_R_NORESOURCES;
3327  struct iasubopt *lease, *best_lease = NULL;
3328  struct binding_scope **scope;
3329  struct group *group;
3330  int i;
3331 
3332  if (reply->static_lease) {
3333  if (reply->host == NULL)
3334  return DHCP_R_INVALIDARG;
3335 
3336  send_addr.len = 16;
3337  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3338 
3339  scope = &global_scope;
3340  group = reply->subnet->group;
3341  goto send_addr;
3342  }
3343 
3344  if (reply->old_ia != NULL) {
3345  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3346  struct shared_network *candidate_shared;
3347  struct ipv6_pond *pond;
3348 
3349  lease = reply->old_ia->iasubopt[i];
3350  candidate_shared = lease->ipv6_pool->shared_network;
3351  pond = lease->ipv6_pool->ipv6_pond;
3352 
3353  /*
3354  * Look for the best lease on the client's shared
3355  * network, that is still permitted
3356  */
3357 
3358  if ((candidate_shared != reply->shared) ||
3359  (lease6_usable(lease) != ISC_TRUE))
3360  continue;
3361 
3362  if (((pond->prohibit_list != NULL) &&
3363  (permitted(reply->packet, pond->prohibit_list))) ||
3364  ((pond->permit_list != NULL) &&
3365  (!permitted(reply->packet, pond->permit_list))))
3366  continue;
3367 
3368  best_lease = lease_compare(lease, best_lease);
3369  }
3370  }
3371 
3372  /* Try to pick a new address if we didn't find one, or if we found an
3373  * abandoned lease.
3374  */
3375  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3376  status = pick_v6_address(reply);
3377  } else if (best_lease != NULL) {
3378  iasubopt_reference(&reply->lease, best_lease, MDL);
3379  status = ISC_R_SUCCESS;
3380  }
3381 
3382  /* Pick the abandoned lease as a last resort. */
3383  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3384  /* I don't see how this is supposed to be done right now. */
3385  log_error("Best match for DUID %s is an abandoned address,"
3386  " This may be a result of multiple clients attempting"
3387  " to use this DUID",
3388  print_hex_1(reply->client_id.len,
3389  reply->client_id.data, 60));
3390  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3391  }
3392 
3393  /* Give up now if we didn't find a lease. */
3394  if (status != ISC_R_SUCCESS)
3395  return status;
3396 
3397  if (reply->lease == NULL)
3398  log_fatal("Impossible condition at %s:%d.", MDL);
3399 
3400  /* Draw binding scopes from the lease's binding scope, and config
3401  * from the lease's containing subnet and higher. Note that it may
3402  * be desirable to place the group attachment directly in the pool.
3403  */
3404  scope = &reply->lease->scope;
3405  group = reply->lease->ipv6_pool->ipv6_pond->group;
3406 
3407  send_addr.len = 16;
3408  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3409 
3410  send_addr:
3411  status = reply_process_is_addressed(reply, scope, group);
3412  if (status != ISC_R_SUCCESS)
3413  return status;
3414 
3415  status = reply_process_send_addr(reply, &send_addr);
3416  return status;
3417 }
3418 
3419 /* Once an address is found for a client, perform several common functions;
3420  * Calculate and store valid and preferred lease times, draw client options
3421  * into the option state.
3422  */
3423 static isc_result_t
3424 reply_process_is_addressed(struct reply_state *reply,
3425  struct binding_scope **scope, struct group *group)
3426 {
3427  isc_result_t status = ISC_R_SUCCESS;
3428  struct data_string data;
3429  struct option_cache *oc;
3430  struct option_state *tmp_options = NULL;
3431  struct on_star *on_star;
3432  int i;
3433 
3434  /* Initialize values we will cleanup. */
3435  memset(&data, 0, sizeof(data));
3436 
3437  /*
3438  * Find the proper on_star block to use. We use the
3439  * one in the lease if we have a lease or the one in
3440  * the reply if we don't have a lease because this is
3441  * a static instance
3442  */
3443  if (reply->lease) {
3444  on_star = &reply->lease->on_star;
3445  } else {
3446  on_star = &reply->on_star;
3447  }
3448 
3449  /*
3450  * Bring in the root configuration. We only do this to bring
3451  * in the on * statements, as we didn't have the lease available
3452  * we did it the first time.
3453  */
3454  option_state_allocate(&tmp_options, MDL);
3455  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3456  reply->packet->options, tmp_options,
3457  &global_scope, root_group, NULL,
3458  on_star);
3459  if (tmp_options != NULL) {
3460  option_state_dereference(&tmp_options, MDL);
3461  }
3462 
3463  /*
3464  * Bring configured options into the root packet level cache - start
3465  * with the lease's closest enclosing group (passed in by the caller
3466  * as 'group').
3467  */
3468  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3469  reply->packet->options, reply->opt_state,
3470  scope, group, root_group, on_star);
3471 
3472  /* Execute statements from class scopes. */
3473  for (i = reply->packet->class_count; i > 0; i--) {
3474  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3475  reply->packet->options,
3476  reply->opt_state, scope,
3477  reply->packet->classes[i - 1]->group,
3478  group, on_star);
3479  }
3480 
3481  /*
3482  * If there is a host record, over-ride with values configured there,
3483  * without re-evaluating configuration from the previously executed
3484  * group or its common enclosers.
3485  */
3486  if (reply->host != NULL)
3487  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3488  reply->packet->options,
3489  reply->opt_state, scope,
3490  reply->host->group, group,
3491  on_star);
3492 
3493  /* Determine valid lifetime. */
3494  if (reply->client_valid == 0)
3495  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3496  else
3497  reply->send_valid = reply->client_valid;
3498 
3499  oc = lookup_option(&server_universe, reply->opt_state,
3501  if (oc != NULL) {
3502  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3503  reply->packet->options,
3504  reply->opt_state,
3505  scope, oc, MDL) ||
3506  (data.len != 4)) {
3507  log_error("reply_process_is_addressed: unable to "
3508  "evaluate default lease time");
3509  status = ISC_R_FAILURE;
3510  goto cleanup;
3511  }
3512 
3513  reply->send_valid = getULong(data.data);
3514  data_string_forget(&data, MDL);
3515  }
3516 
3517  /* Check to see if the lease time would cause us to wrap
3518  * in which case we make it infinite.
3519  * The following doesn't work on at least some systems:
3520  * (cur_time + reply->send_valid < cur_time)
3521  */
3522  if (reply->send_valid != 0xFFFFFFFF) {
3523  time_t test_time = cur_time + reply->send_valid;
3524  if (test_time < cur_time)
3525  reply->send_valid = 0xFFFFFFFF;
3526  }
3527 
3528  if (reply->client_prefer == 0)
3529  reply->send_prefer = reply->send_valid;
3530  else
3531  reply->send_prefer = reply->client_prefer;
3532 
3533  if ((reply->send_prefer >= reply->send_valid) &&
3534  (reply->send_valid != 0xFFFFFFFF))
3535  reply->send_prefer = (reply->send_valid / 2) +
3536  (reply->send_valid / 8);
3537 
3538  oc = lookup_option(&server_universe, reply->opt_state,
3540  if (oc != NULL) {
3541  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3542  reply->packet->options,
3543  reply->opt_state,
3544  scope, oc, MDL) ||
3545  (data.len != 4)) {
3546  log_error("reply_process_is_addressed: unable to "
3547  "evaluate preferred lease time");
3548  status = ISC_R_FAILURE;
3549  goto cleanup;
3550  }
3551 
3552  reply->send_prefer = getULong(data.data);
3553  data_string_forget(&data, MDL);
3554  }
3555 
3556  /* Note lowest values for later calculation of renew/rebind times. */
3557  if (reply->min_prefer > reply->send_prefer)
3558  reply->min_prefer = reply->send_prefer;
3559 
3560  if (reply->min_valid > reply->send_valid)
3561  reply->min_valid = reply->send_valid;
3562 
3563 #if 0
3564  /*
3565  * XXX: Old 4.0.0 alpha code would change the host {} record
3566  * XXX: uid upon lease assignment. This was intended to cover the
3567  * XXX: case where a client first identifies itself using vendor
3568  * XXX: options in a solicit, or request, but later neglects to include
3569  * XXX: these options in a Renew or Rebind. It is not clear that this
3570  * XXX: is required, and has some startling ramifications (such as
3571  * XXX: how to recover this dynamic host {} state across restarts).
3572  */
3573  if (reply->host != NULL)
3574  change_host_uid(host, reply->client_id->data,
3575  reply->client_id->len);
3576 #endif /* 0 */
3577 
3578  /* Perform dynamic lease related update work. */
3579  if (reply->lease != NULL) {
3580  /* Cached lifetimes */
3581  reply->lease->prefer = reply->send_prefer;
3582  reply->lease->valid = reply->send_valid;
3583 
3584  /* Advance (or rewind) the valid lifetime.
3585  * In the protocol 0xFFFFFFFF is infinite
3586  * when connecting to the lease file MAX_TIME is
3587  */
3588  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3589  if (reply->send_valid == 0xFFFFFFFF) {
3590  reply->lease->soft_lifetime_end_time = MAX_TIME;
3591  } else {
3592  reply->lease->soft_lifetime_end_time =
3593  cur_time + reply->send_valid;
3594  }
3595  /* Wait before renew! */
3596  }
3597 
3598  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3599  if (status != ISC_R_SUCCESS) {
3600  log_fatal("reply_process_is_addressed: Unable to "
3601  "attach lease to new IA: %s",
3602  isc_result_totext(status));
3603  }
3604 
3605  /*
3606  * If this is a new lease, make sure it is attached somewhere.
3607  */
3608  if (reply->lease->ia == NULL) {
3609  ia_reference(&reply->lease->ia, reply->ia, MDL);
3610  }
3611  }
3612 
3613  /* Bring a copy of the relevant options into the IA scope. */
3614  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3615  reply->packet->options, reply->reply_ia,
3616  scope, group, root_group, NULL);
3617 
3618  /* Execute statements from class scopes. */
3619  for (i = reply->packet->class_count; i > 0; i--) {
3620  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3621  reply->packet->options,
3622  reply->reply_ia, scope,
3623  reply->packet->classes[i - 1]->group,
3624  group, NULL);
3625  }
3626 
3627  /*
3628  * And bring in host record configuration, if any, but not to overlap
3629  * the previous group or its common enclosers.
3630  */
3631  if (reply->host != NULL)
3632  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3633  reply->packet->options,
3634  reply->reply_ia, scope,
3635  reply->host->group, group, NULL);
3636 
3637  cleanup:
3638  if (data.data != NULL)
3639  data_string_forget(&data, MDL);
3640 
3641  if (status == ISC_R_SUCCESS)
3642  reply->client_resources++;
3643 
3644  return status;
3645 }
3646 
3647 /* Simply send an IAADDR within the IA scope as described. */
3648 static isc_result_t
3649 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3650  isc_result_t status = ISC_R_SUCCESS;
3651  struct data_string data;
3652 
3653  memset(&data, 0, sizeof(data));
3654 
3655  /* Now append the lease. */
3656  data.len = IAADDR_OFFSET;
3657  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3658  log_error("reply_process_send_addr: out of memory"
3659  "allocating new IAADDR buffer.");
3660  status = ISC_R_NOMEMORY;
3661  goto cleanup;
3662  }
3663  data.data = data.buffer->data;
3664 
3665  memcpy(data.buffer->data, addr->iabuf, 16);
3666  putULong(data.buffer->data + 16, reply->send_prefer);
3667  putULong(data.buffer->data + 20, reply->send_valid);
3668 
3669  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3670  data.buffer, data.buffer->data,
3671  data.len, D6O_IAADDR, 0)) {
3672  log_error("reply_process_send_addr: unable "
3673  "to save IAADDR option");
3674  status = ISC_R_FAILURE;
3675  goto cleanup;
3676  }
3677 
3678  reply->resources_included = ISC_TRUE;
3679 
3680  cleanup:
3681  if (data.data != NULL)
3683 
3684  return status;
3685 }
3686 
3687 /* Choose the better of two leases. */
3688 static struct iasubopt *
3689 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3690  if (alpha == NULL)
3691  return beta;
3692  if (beta == NULL)
3693  return alpha;
3694 
3695  switch(alpha->state) {
3696  case FTS_ACTIVE:
3697  switch(beta->state) {
3698  case FTS_ACTIVE:
3699  /* Choose the lease with the longest lifetime (most
3700  * likely the most recently allocated).
3701  */
3702  if (alpha->hard_lifetime_end_time <
3703  beta->hard_lifetime_end_time)
3704  return beta;
3705  else
3706  return alpha;
3707 
3708  case FTS_EXPIRED:
3709  case FTS_ABANDONED:
3710  return alpha;
3711 
3712  default:
3713  log_fatal("Impossible condition at %s:%d.", MDL);
3714  }
3715  break;
3716 
3717  case FTS_EXPIRED:
3718  switch (beta->state) {
3719  case FTS_ACTIVE:
3720  return beta;
3721 
3722  case FTS_EXPIRED:
3723  /* Choose the most recently expired lease. */
3724  if (alpha->hard_lifetime_end_time <
3725  beta->hard_lifetime_end_time)
3726  return beta;
3727  else if ((alpha->hard_lifetime_end_time ==
3728  beta->hard_lifetime_end_time) &&
3729  (alpha->soft_lifetime_end_time <
3730  beta->soft_lifetime_end_time))
3731  return beta;
3732  else
3733  return alpha;
3734 
3735  case FTS_ABANDONED:
3736  return alpha;
3737 
3738  default:
3739  log_fatal("Impossible condition at %s:%d.", MDL);
3740  }
3741  break;
3742 
3743  case FTS_ABANDONED:
3744  switch (beta->state) {
3745  case FTS_ACTIVE:
3746  case FTS_EXPIRED:
3747  return alpha;
3748 
3749  case FTS_ABANDONED:
3750  /* Choose the lease that was abandoned longest ago. */
3751  if (alpha->hard_lifetime_end_time <
3752  beta->hard_lifetime_end_time)
3753  return alpha;
3754  else
3755  return beta;
3756 
3757  default:
3758  log_fatal("Impossible condition at %s:%d.", MDL);
3759  }
3760  break;
3761 
3762  default:
3763  log_fatal("Impossible condition at %s:%d.", MDL);
3764  }
3765 
3766  log_fatal("Triple impossible condition at %s:%d.", MDL);
3767  return NULL;
3768 }
3769 
3770 /* Process a client-supplied IA_PD. This may append options to the tail of
3771  * the reply packet being built in the reply_state structure.
3772  */
3773 static isc_result_t
3774 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
3775  isc_result_t status = ISC_R_SUCCESS;
3776  u_int32_t iaid;
3777  unsigned ia_cursor;
3778  struct option_state *packet_ia;
3779  struct option_cache *oc;
3780  struct data_string ia_data, data;
3781 
3782  /* Initialize values that will get cleaned up on return. */
3783  packet_ia = NULL;
3784  memset(&ia_data, 0, sizeof(ia_data));
3785  memset(&data, 0, sizeof(data));
3786  /*
3787  * Note that find_client_prefix() may set reply->lease.
3788  */
3789 
3790  /* Make sure there is at least room for the header. */
3791  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
3792  log_error("reply_process_ia_pd: Reply too long for IA.");
3793  return ISC_R_NOSPACE;
3794  }
3795 
3796 
3797  /* Fetch the IA_PD contents. */
3798  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
3799  ia, IA_PD_OFFSET)) {
3800  log_error("reply_process_ia_pd: error evaluating ia");
3801  status = ISC_R_FAILURE;
3802  goto cleanup;
3803  }
3804 
3805  /* Extract IA_PD header contents. */
3806  iaid = getULong(ia_data.data);
3807  reply->renew = getULong(ia_data.data + 4);
3808  reply->rebind = getULong(ia_data.data + 8);
3809 
3810  /* Create an IA_PD structure. */
3811  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
3812  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
3813  log_error("reply_process_ia_pd: no memory for ia.");
3814  status = ISC_R_NOMEMORY;
3815  goto cleanup;
3816  }
3817  reply->ia->ia_type = D6O_IA_PD;
3818 
3819  /* Cache pre-existing IA_PD, if any. */
3820  ia_hash_lookup(&reply->old_ia, ia_pd_active,
3821  (unsigned char *)reply->ia->iaid_duid.data,
3822  reply->ia->iaid_duid.len, MDL);
3823 
3824  /*
3825  * Create an option cache to carry the IA_PD option contents, and
3826  * execute any user-supplied values into it.
3827  */
3828  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3829  status = ISC_R_NOMEMORY;
3830  goto cleanup;
3831  }
3832 
3833  /* Check & count the fixed prefix host records. */
3834  reply->static_prefixes = 0;
3835  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
3836  struct iaddrcidrnetlist *fp;
3837 
3838  for (fp = reply->host->fixed_prefix; fp != NULL;
3839  fp = fp->next) {
3840  reply->static_prefixes += 1;
3841  }
3842  }
3843 
3844  /*
3845  * Save the cursor position at the start of the IA_PD, so we can
3846  * set length and adjust t1/t2 values later. We write a temporary
3847  * header out now just in case we decide to adjust the packet
3848  * within sub-process functions.
3849  */
3850  ia_cursor = reply->cursor;
3851 
3852  /* Initialize the IA_PD header. First the code. */
3853  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
3854  reply->cursor += 2;
3855 
3856  /* Then option length. */
3857  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
3858  reply->cursor += 2;
3859 
3860  /* Then IA_PD header contents; IAID. */
3861  putULong(reply->buf.data + reply->cursor, iaid);
3862  reply->cursor += 4;
3863 
3864  /* We store the client's t1 for now, and may over-ride it later. */
3865  putULong(reply->buf.data + reply->cursor, reply->renew);
3866  reply->cursor += 4;
3867 
3868  /* We store the client's t2 for now, and may over-ride it later. */
3869  putULong(reply->buf.data + reply->cursor, reply->rebind);
3870  reply->cursor += 4;
3871 
3872  /*
3873  * For each prefix in this IA_PD, decide what to do about it.
3874  */
3875  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
3876  reply->min_valid = reply->min_prefer = 0xffffffff;
3877  reply->client_valid = reply->client_prefer = 0;
3878  reply->preflen = -1;
3879  for (; oc != NULL ; oc = oc->next) {
3880  status = reply_process_prefix(reply, oc);
3881 
3882  /*
3883  * Canceled means we did not allocate prefixes to the
3884  * client, but we're "done" with this IA - we set a status
3885  * code. So transmit this reply, e.g., move on to the next
3886  * IA.
3887  */
3888  if (status == ISC_R_CANCELED)
3889  break;
3890 
3891  if ((status != ISC_R_SUCCESS) &&
3892  (status != ISC_R_ADDRINUSE) &&
3893  (status != ISC_R_ADDRNOTAVAIL))
3894  goto cleanup;
3895  }
3896 
3897  reply->pd_count++;
3898 
3899  /*
3900  * If we fell through the above and never gave the client
3901  * a prefix, give it one now.
3902  */
3903  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
3904  status = find_client_prefix(reply);
3905 
3906  if (status == ISC_R_NORESOURCES) {
3907  switch (reply->packet->dhcpv6_msg_type) {
3908  case DHCPV6_SOLICIT:
3909  /*
3910  * No prefix for any IA is handled
3911  * by the caller.
3912  */
3913  /* FALL THROUGH */
3914 
3915  case DHCPV6_REQUEST:
3916  /* Same than for addresses. */
3917  option_state_dereference(&reply->reply_ia, MDL);
3918  if (!option_state_allocate(&reply->reply_ia,
3919  MDL))
3920  {
3921  log_error("reply_process_ia_pd: No "
3922  "memory for option state "
3923  "wipe.");
3924  status = ISC_R_NOMEMORY;
3925  goto cleanup;
3926  }
3927 
3928  if (!set_status_code(STATUS_NoPrefixAvail,
3929  "No prefixes available "
3930  "for this interface.",
3931  reply->reply_ia)) {
3932  log_error("reply_process_ia_pd: "
3933  "Unable to set "
3934  "NoPrefixAvail status "
3935  "code.");
3936  status = ISC_R_FAILURE;
3937  goto cleanup;
3938  }
3939 
3940  status = ISC_R_SUCCESS;
3941  break;
3942 
3943  default:
3944  if (reply->resources_included)
3945  status = ISC_R_SUCCESS;
3946  else
3947  goto cleanup;
3948  break;
3949  }
3950  }
3951 
3952  if (status != ISC_R_SUCCESS)
3953  goto cleanup;
3954  }
3955 
3956  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
3957  sizeof(reply->buf) - reply->cursor,
3958  reply->reply_ia, reply->packet,
3959  required_opts_IA_PD, NULL);
3960 
3961  /* Reset the length of this IA_PD to match what was just written. */
3962  putUShort(reply->buf.data + ia_cursor + 2,
3963  reply->cursor - (ia_cursor + 4));
3964 
3965  /* Calculate T1/T2 and stuff them in the reply */
3966  set_reply_tee_times(reply, ia_cursor);
3967 
3968  /*
3969  * yes, goto's aren't the best but we also want to avoid extra
3970  * indents
3971  */
3972  if (status == ISC_R_CANCELED)
3973  goto cleanup;
3974 
3975  /*
3976  * Handle static prefixes, we always log stuff and if it's
3977  * a hard binding we run any commit statements that we have
3978  */
3979  if (reply->static_prefixes != 0) {
3980  char tmp_addr[INET6_ADDRSTRLEN];
3981  log_info("%s PD: address %s/%d to client with duid %s "
3982  "iaid = %d static",
3983  dhcpv6_type_names[reply->buf.reply.msg_type],
3984  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
3985  tmp_addr, sizeof(tmp_addr)),
3986  reply->fixed_pref.bits,
3987  print_hex_1(reply->client_id.len,
3988  reply->client_id.data, 60),
3989  iaid);
3990  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3991  (reply->on_star.on_commit != NULL)) {
3992  execute_statements(NULL, reply->packet, NULL, NULL,
3993  reply->packet->options,
3994  reply->opt_state,
3995  NULL, reply->on_star.on_commit,
3996  NULL);
3998  (&reply->on_star.on_commit, MDL);
3999  }
4000  goto cleanup;
4001  }
4002 
4003  /*
4004  * If we have any addresses log what we are doing.
4005  */
4006  if (reply->ia->num_iasubopt != 0) {
4007  struct iasubopt *tmp;
4008  int i;
4009  char tmp_addr[INET6_ADDRSTRLEN];
4010 
4011  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4012  tmp = reply->ia->iasubopt[i];
4013 
4014  log_info("%s PD: address %s/%d to client with duid %s"
4015  " iaid = %d valid for %u seconds",
4016  dhcpv6_type_names[reply->buf.reply.msg_type],
4017  inet_ntop(AF_INET6, &tmp->addr,
4018  tmp_addr, sizeof(tmp_addr)),
4019  (int)tmp->plen,
4020  print_hex_1(reply->client_id.len,
4021  reply->client_id.data, 60),
4022  iaid, tmp->valid);
4023  }
4024  }
4025 
4026  /*
4027  * If this is not a 'soft' binding, consume the new changes into
4028  * the database (if any have been attached to the ia_pd).
4029  *
4030  * Loop through the assigned dynamic prefixes, referencing the
4031  * prefixes onto this IA_PD rather than any old ones, and updating
4032  * prefix pool timers for each (if any).
4033  */
4034  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4035  (reply->ia->num_iasubopt != 0)) {
4036  struct iasubopt *tmp;
4037  struct data_string *ia_id;
4038  int i;
4039 
4040  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4041  tmp = reply->ia->iasubopt[i];
4042 
4043  if (tmp->ia != NULL)
4044  ia_dereference(&tmp->ia, MDL);
4045  ia_reference(&tmp->ia, reply->ia, MDL);
4046 
4047  /* Commit 'hard' bindings. */
4048  renew_lease6(tmp->ipv6_pool, tmp);
4050 
4051  /* If we have anything to do on commit do it now */
4052  if (tmp->on_star.on_commit != NULL) {
4053  execute_statements(NULL, reply->packet,
4054  NULL, NULL,
4055  reply->packet->options,
4056  reply->opt_state,
4057  &tmp->scope,
4058  tmp->on_star.on_commit,
4059  &tmp->on_star);
4061  (&tmp->on_star.on_commit, MDL);
4062  }
4063 
4064  /* Do our threshold check. */
4065  check_pool6_threshold(reply, tmp);
4066  }
4067 
4068  /* Remove any old ia from the hash. */
4069  if (reply->old_ia != NULL) {
4070  ia_id = &reply->old_ia->iaid_duid;
4071  ia_hash_delete(ia_pd_active,
4072  (unsigned char *)ia_id->data,
4073  ia_id->len, MDL);
4074  ia_dereference(&reply->old_ia, MDL);
4075  }
4076 
4077  /* Put new ia into the hash. */
4078  reply->ia->cltt = cur_time;
4079  ia_id = &reply->ia->iaid_duid;
4080  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4081  ia_id->len, reply->ia, MDL);
4082 
4083  write_ia(reply->ia);
4084  } else {
4085  schedule_lease_timeout_reply(reply);
4086  }
4087 
4088  cleanup:
4089  if (packet_ia != NULL)
4090  option_state_dereference(&packet_ia, MDL);
4091  if (reply->reply_ia != NULL)
4092  option_state_dereference(&reply->reply_ia, MDL);
4093  if (ia_data.data != NULL)
4094  data_string_forget(&ia_data, MDL);
4095  if (data.data != NULL)
4097  if (reply->ia != NULL)
4098  ia_dereference(&reply->ia, MDL);
4099  if (reply->old_ia != NULL)
4100  ia_dereference(&reply->old_ia, MDL);
4101  if (reply->lease != NULL)
4102  iasubopt_dereference(&reply->lease, MDL);
4103  if (reply->on_star.on_expiry != NULL)
4105  (&reply->on_star.on_expiry, MDL);
4106  if (reply->on_star.on_release != NULL)
4108  (&reply->on_star.on_release, MDL);
4109 
4110  /*
4111  * ISC_R_CANCELED is a status code used by the prefix processing to
4112  * indicate we're replying with a status code. This is still a
4113  * success at higher layers.
4114  */
4115  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4116 }
4117 
4137 static struct group *
4138 find_group_by_prefix(struct reply_state *reply) {
4139  /* default group if we don't find anything better */
4140  struct group *group = reply->shared->group;
4141  struct subnet *subnet = NULL;
4142  struct iaddr tmp_addr;
4143  struct data_string fixed_addr;
4144 
4145  /* Try with the prefix first */
4146  if (find_grouped_subnet(&subnet, reply->shared,
4147  reply->fixed_pref.lo_addr, MDL) != 0) {
4148  group = subnet->group;
4149  subnet_dereference(&subnet, MDL);
4150  return (group);
4151  }
4152 
4153  /* Didn't find a subnet via prefix, what about fixed address */
4154  /* The caller has already tested reply->host != NULL */
4155 
4156  memset(&fixed_addr, 0, sizeof(fixed_addr));
4157 
4158  if ((reply->host->fixed_addr != NULL) &&
4159  (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4160  NULL, NULL, &global_scope,
4161  reply->host->fixed_addr, MDL))) {
4162  if (fixed_addr.len >= 16) {
4163  tmp_addr.len = 16;
4164  memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4165  if (find_grouped_subnet(&subnet, reply->shared,
4166  tmp_addr, MDL) != 0) {
4167  group = subnet->group;
4168  subnet_dereference(&subnet, MDL);
4169  }
4170  }
4171  data_string_forget(&fixed_addr, MDL);
4172  }
4173 
4174  /* return whatever we got */
4175  return (group);
4176 }
4177 
4178 /*
4179  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4180  * contents into the reply's current ia_pd-scoped option cache. Returns
4181  * ISC_R_CANCELED in the event we are replying with a status code and do
4182  * not wish to process more IAPREFIXes within this IA_PD.
4183  */
4184 static isc_result_t
4185 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4186  u_int32_t pref_life, valid_life;
4187  struct binding_scope **scope;
4188  struct iaddrcidrnet tmp_pref;
4189  struct option_cache *oc;
4190  struct data_string iapref, data;
4191  isc_result_t status = ISC_R_SUCCESS;
4192  struct group *group;
4193 
4194  /* Initializes values that will be cleaned up. */
4195  memset(&iapref, 0, sizeof(iapref));
4196  memset(&data, 0, sizeof(data));
4197  /* Note that reply->lease may be set by prefix_is_owned() */
4198 
4199  /*
4200  * There is no point trying to process an incoming prefix if there
4201  * is no room for an outgoing prefix.
4202  */
4203  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4204  log_error("reply_process_prefix: Out of room for prefix.");
4205  return ISC_R_NOSPACE;
4206  }
4207 
4208  /* Extract this IAPREFIX option. */
4209  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4210  reply->packet->options, NULL, &global_scope,
4211  pref, MDL) ||
4212  (iapref.len < IAPREFIX_OFFSET)) {
4213  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4214  status = ISC_R_FAILURE;
4215  goto cleanup;
4216  }
4217 
4218  /*
4219  * Layout: preferred and valid lifetimes followed by the prefix
4220  * length and the IPv6 address.
4221  */
4222  pref_life = getULong(iapref.data);
4223  valid_life = getULong(iapref.data + 4);
4224 
4225  if ((reply->client_valid == 0) ||
4226  (reply->client_valid > valid_life))
4227  reply->client_valid = valid_life;
4228 
4229  if ((reply->client_prefer == 0) ||
4230  (reply->client_prefer > pref_life))
4231  reply->client_prefer = pref_life;
4232 
4233  /*
4234  * Clients may choose to send ::/0 as a prefix, with the idea to give
4235  * hints about preferred-lifetime or valid-lifetime.
4236  */
4237  tmp_pref.lo_addr.len = 16;
4238  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4239  if ((iapref.data[8] == 0) &&
4240  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4241  /* Status remains success; we just ignore this one. */
4242  goto cleanup;
4243  }
4244 
4245  /*
4246  * Clients may choose to send ::/X as a prefix to specify a
4247  * preferred/requested prefix length. Note X is never zero here.
4248  */
4249  tmp_pref.bits = (int) iapref.data[8];
4250  if (reply->preflen < 0) {
4251  /* Cache the first preferred prefix length. */
4252  reply->preflen = tmp_pref.bits;
4253  }
4254  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4255  goto cleanup;
4256  }
4257 
4258  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4259 
4260  /* Verify the prefix belongs to the client. */
4261  if (!prefix_is_owned(reply, &tmp_pref)) {
4262  /* Same than for addresses. */
4263  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4264  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4265  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4266  status = reply_process_try_prefix(reply, &tmp_pref);
4267 
4268  /* Either error out or skip this prefix. */
4269  if ((status != ISC_R_SUCCESS) &&
4270  (status != ISC_R_ADDRINUSE) &&
4271  (status != ISC_R_ADDRNOTAVAIL))
4272  goto cleanup;
4273 
4274  if (reply->lease == NULL) {
4275  if (reply->packet->dhcpv6_msg_type ==
4276  DHCPV6_REBIND) {
4277  reply->send_prefer = 0;
4278  reply->send_valid = 0;
4279  goto send_pref;
4280  }
4281 
4282  /* status remains success - ignore */
4283  goto cleanup;
4284  }
4285  /*
4286  * RFC3633 section 18.2.3:
4287  *
4288  * If the delegating router cannot find a binding
4289  * for the requesting router's IA_PD the delegating
4290  * router returns the IA_PD containing no prefixes
4291  * with a Status Code option set to NoBinding in the
4292  * Reply message.
4293  *
4294  * On mismatch we (ab)use this pretending we have not the IA
4295  * as soon as we have not a prefix.
4296  */
4297  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4298  /* Rewind the IA_PD to empty. */
4299  option_state_dereference(&reply->reply_ia, MDL);
4300  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4301  log_error("reply_process_prefix: No memory "
4302  "for option state wipe.");
4303  status = ISC_R_NOMEMORY;
4304  goto cleanup;
4305  }
4306 
4307  /* Append a NoBinding status code. */
4308  if (!set_status_code(STATUS_NoBinding,
4309  "Prefix not bound to this "
4310  "interface.", reply->reply_ia)) {
4311  log_error("reply_process_prefix: Unable to "
4312  "attach status code.");
4313  status = ISC_R_FAILURE;
4314  goto cleanup;
4315  }
4316 
4317  /* Fin (no more IAPREFIXes). */
4318  status = ISC_R_CANCELED;
4319  goto cleanup;
4320  } else {
4321  log_error("It is impossible to lease a client that is "
4322  "not sending a solicit, request, renew, or "
4323  "rebind message.");
4324  status = ISC_R_FAILURE;
4325  goto cleanup;
4326  }
4327  }
4328 
4329  if (reply->static_prefixes > 0) {
4330  if (reply->host == NULL)
4331  log_fatal("Impossible condition at %s:%d.", MDL);
4332 
4333  scope = &global_scope;
4334 
4335  /* Copy the static prefix for logging and finding the group */
4336  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4337 
4338  /* Try to find a group for the static prefix */
4339  group = find_group_by_prefix(reply);
4340  } else {
4341  if (reply->lease == NULL)
4342  log_fatal("Impossible condition at %s:%d.", MDL);
4343 
4344  scope = &reply->lease->scope;
4345  group = reply->lease->ipv6_pool->ipv6_pond->group;
4346  }
4347 
4348  /*
4349  * If client_resources is nonzero, then the reply_process_is_prefixed
4350  * function has executed configuration state into the reply option
4351  * cache. We will use that valid cache to derive configuration for
4352  * whether or not to engage in additional prefixes, and similar.
4353  */
4354  if (reply->client_resources != 0) {
4355  unsigned limit = 1;
4356 
4357  /*
4358  * Does this client have "enough" prefixes already? Default
4359  * to one. Everybody gets one, and one should be enough for
4360  * anybody.
4361  */
4362  oc = lookup_option(&server_universe, reply->opt_state,
4364  if (oc != NULL) {
4365  if (!evaluate_option_cache(&data, reply->packet,
4366  NULL, NULL,
4367  reply->packet->options,
4368  reply->opt_state,
4369  scope, oc, MDL) ||
4370  (data.len != 4)) {
4371  log_error("reply_process_prefix: unable to "
4372  "evaluate prefs-per-ia value.");
4373  status = ISC_R_FAILURE;
4374  goto cleanup;
4375  }
4376 
4377  limit = getULong(data.data);
4378  data_string_forget(&data, MDL);
4379  }
4380 
4381  /*
4382  * If we wish to limit the client to a certain number of
4383  * prefixes, then omit the prefix from the reply.
4384  */
4385  if (reply->client_resources >= limit)
4386  goto cleanup;
4387  }
4388 
4389  status = reply_process_is_prefixed(reply, scope, group);
4390  if (status != ISC_R_SUCCESS)
4391  goto cleanup;
4392 
4393  send_pref:
4394  status = reply_process_send_prefix(reply, &tmp_pref);
4395 
4396  cleanup:
4397  if (iapref.data != NULL)
4398  data_string_forget(&iapref, MDL);
4399  if (data.data != NULL)
4400  data_string_forget(&data, MDL);
4401  if (reply->lease != NULL)
4402  iasubopt_dereference(&reply->lease, MDL);
4403 
4404  return status;
4405 }
4406 
4407 /*
4408  * Verify the prefix belongs to the client. If we've got a host
4409  * record with fixed prefixes, it has to be an assigned prefix
4410  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4411  * that prefix and make sure it belongs to this DUID:IAID pair.
4412  */
4413 static isc_boolean_t
4414 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4415  struct iaddrcidrnetlist *l;
4416  int i;
4417  struct ipv6_pond *pond;
4418 
4419  /*
4420  * This faults out prefixes that don't match fixed prefixes.
4421  */
4422  if (reply->static_prefixes > 0) {
4423  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4424  if ((pref->bits == l->cidrnet.bits) &&
4425  (memcmp(pref->lo_addr.iabuf,
4426  l->cidrnet.lo_addr.iabuf, 16) == 0))
4427  return (ISC_TRUE);
4428  }
4429  return (ISC_FALSE);
4430  }
4431 
4432  if ((reply->old_ia == NULL) ||
4433  (reply->old_ia->num_iasubopt == 0))
4434  return (ISC_FALSE);
4435 
4436  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4437  struct iasubopt *tmp;
4438 
4439  tmp = reply->old_ia->iasubopt[i];
4440 
4441  if ((pref->bits == (int) tmp->plen) &&
4442  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4443  if (lease6_usable(tmp) == ISC_FALSE) {
4444  return (ISC_FALSE);
4445  }
4446 
4447  pond = tmp->ipv6_pool->ipv6_pond;
4448  if (((pond->prohibit_list != NULL) &&
4449  (permitted(reply->packet, pond->prohibit_list))) ||
4450  ((pond->permit_list != NULL) &&
4451  (!permitted(reply->packet, pond->permit_list))))
4452  return (ISC_FALSE);
4453 
4454  iasubopt_reference(&reply->lease, tmp, MDL);
4455  return (ISC_TRUE);
4456  }
4457  }
4458 
4459  return (ISC_FALSE);
4460 }
4461 
4462 /*
4463  * This function only returns failure on 'hard' failures. If it succeeds,
4464  * it will leave a prefix structure behind.
4465  */
4466 static isc_result_t
4467 reply_process_try_prefix(struct reply_state *reply,
4468  struct iaddrcidrnet *pref) {
4469  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4470  struct ipv6_pool *pool = NULL;
4471  struct ipv6_pond *pond = NULL;
4472  int i;
4473  struct data_string data_pref;
4474 
4475  if ((reply == NULL) || (reply->shared == NULL) ||
4476  (pref == NULL) || (reply->lease != NULL))
4477  return (DHCP_R_INVALIDARG);
4478 
4479  /*
4480  * Do a quick walk through of the ponds and pools
4481  * to see if we have any prefix pools
4482  */
4483  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4484  if (pond->ipv6_pools == NULL)
4485  continue;
4486 
4487  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4488  if (pool->pool_type == D6O_IA_PD)
4489  break;
4490  }
4491  if (pool != NULL)
4492  break;
4493  }
4494 
4495  /* If we get here and p is NULL we have no useful pools */
4496  if (pool == NULL) {
4497  return (ISC_R_ADDRNOTAVAIL);
4498  }
4499 
4500  memset(&data_pref, 0, sizeof(data_pref));
4501  data_pref.len = 17;
4502  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4503  log_error("reply_process_try_prefix: out of memory.");
4504  return (ISC_R_NOMEMORY);
4505  }
4506  data_pref.data = data_pref.buffer->data;
4507  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4508  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4509 
4510  /*
4511  * We have at least one pool that could provide a prefix
4512  * Now we walk through the ponds and pools again and check
4513  * to see if the client is permitted and if an prefix is
4514  * available
4515  *
4516  */
4517 
4518  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4519  if (((pond->prohibit_list != NULL) &&
4520  (permitted(reply->packet, pond->prohibit_list))) ||
4521  ((pond->permit_list != NULL) &&
4522  (!permitted(reply->packet, pond->permit_list))))
4523  continue;
4524 
4525  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4526  if (pool->pool_type != D6O_IA_PD) {
4527  continue;
4528  }
4529 
4530  status = try_client_v6_prefix(&reply->lease, pool,
4531  &data_pref);
4532  /* If we found it in this pool (either in use or available),
4533  there is no need to look further. */
4534  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4535  break;
4536  }
4537  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4538  break;
4539  }
4540 
4541  data_string_forget(&data_pref, MDL);
4542  /* Return just the most recent status... */
4543  return (status);
4544 }
4545 
4546 /* Look around for a prefix to give the client. First, look through the old
4547  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4548  * Finally, actually add that prefix into the current reply IA_PD.
4549  */
4550 static isc_result_t
4551 find_client_prefix(struct reply_state *reply) {
4552  struct iaddrcidrnet send_pref;
4553  isc_result_t status = ISC_R_NORESOURCES;
4554  struct iasubopt *prefix, *best_prefix = NULL;
4555  struct binding_scope **scope;
4556  int i;
4557  struct group *group;
4558 
4559  if (reply->static_prefixes > 0) {
4560  struct iaddrcidrnetlist *l;
4561 
4562  if (reply->host == NULL)
4563  return DHCP_R_INVALIDARG;
4564 
4565  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4566  if (l->cidrnet.bits == reply->preflen)
4567  break;
4568  }
4569  if (l == NULL) {
4570  /*
4571  * If no fixed prefix has the preferred length,
4572  * get the first one.
4573  */
4574  l = reply->host->fixed_prefix;
4575  }
4576  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4577 
4578  scope = &global_scope;
4579 
4580  /* Copy the prefix for logging purposes */
4581  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4582 
4583  /* Try to find a group for the static prefix */
4584  group = find_group_by_prefix(reply);
4585 
4586  goto send_pref;
4587  }
4588 
4589  if (reply->old_ia != NULL) {
4590  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4591  struct shared_network *candidate_shared;
4592  struct ipv6_pond *pond;
4593 
4594  prefix = reply->old_ia->iasubopt[i];
4595  candidate_shared = prefix->ipv6_pool->shared_network;
4596  pond = prefix->ipv6_pool->ipv6_pond;
4597 
4598  /*
4599  * Consider this prefix if it is in a global pool or
4600  * if it is scoped in a pool under the client's shared
4601  * network.
4602  */
4603  if (((candidate_shared != NULL) &&
4604  (candidate_shared != reply->shared)) ||
4605  (lease6_usable(prefix) != ISC_TRUE))
4606  continue;
4607 
4608  /*
4609  * And check if the prefix is still permitted
4610  */
4611 
4612  if (((pond->prohibit_list != NULL) &&
4613  (permitted(reply->packet, pond->prohibit_list))) ||
4614  ((pond->permit_list != NULL) &&
4615  (!permitted(reply->packet, pond->permit_list))))
4616  continue;
4617 
4618  best_prefix = prefix_compare(reply, prefix,
4619  best_prefix);
4620  }
4621  }
4622 
4623  /* Try to pick a new prefix if we didn't find one, or if we found an
4624  * abandoned prefix.
4625  */
4626  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4627  status = pick_v6_prefix(reply);
4628  } else if (best_prefix != NULL) {
4629  iasubopt_reference(&reply->lease, best_prefix, MDL);
4630  status = ISC_R_SUCCESS;
4631  }
4632 
4633  /* Pick the abandoned prefix as a last resort. */
4634  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4635  /* I don't see how this is supposed to be done right now. */
4636  log_error("Reclaiming abandoned prefixes is not yet "
4637  "supported. Treating this as an out of space "
4638  "condition.");
4639  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4640  }
4641 
4642  /* Give up now if we didn't find a prefix. */
4643  if (status != ISC_R_SUCCESS)
4644  return status;
4645 
4646  if (reply->lease == NULL)
4647  log_fatal("Impossible condition at %s:%d.", MDL);
4648 
4649  scope = &reply->lease->scope;
4650  group = reply->lease->ipv6_pool->ipv6_pond->group;
4651 
4652  send_pref.lo_addr.len = 16;
4653  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4654  send_pref.bits = (int) reply->lease->plen;
4655 
4656  send_pref:
4657  status = reply_process_is_prefixed(reply, scope, group);
4658  if (status != ISC_R_SUCCESS)
4659  return status;
4660 
4661  status = reply_process_send_prefix(reply, &send_pref);
4662  return status;
4663 }
4664 
4665 /* Once a prefix is found for a client, perform several common functions;
4666  * Calculate and store valid and preferred prefix times, draw client options
4667  * into the option state.
4668  */
4669 static isc_result_t
4670 reply_process_is_prefixed(struct reply_state *reply,
4671  struct binding_scope **scope, struct group *group)
4672 {
4673  isc_result_t status = ISC_R_SUCCESS;
4674  struct data_string data;
4675  struct option_cache *oc;
4676  struct option_state *tmp_options = NULL;
4677  struct on_star *on_star;
4678  int i;
4679 
4680  /* Initialize values we will cleanup. */
4681  memset(&data, 0, sizeof(data));
4682 
4683  /*
4684  * Find the proper on_star block to use. We use the
4685  * one in the lease if we have a lease or the one in
4686  * the reply if we don't have a lease because this is
4687  * a static instance
4688  */
4689  if (reply->lease) {
4690  on_star = &reply->lease->on_star;
4691  } else {
4692  on_star = &reply->on_star;
4693  }
4694 
4695  /*
4696  * Bring in the root configuration. We only do this to bring
4697  * in the on * statements, as we didn't have the lease available
4698  * we we did it the first time.
4699  */
4700  option_state_allocate(&tmp_options, MDL);
4701  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4702  reply->packet->options, tmp_options,
4703  &global_scope, root_group, NULL,
4704  on_star);
4705  if (tmp_options != NULL) {
4706  option_state_dereference(&tmp_options, MDL);
4707  }
4708 
4709  /*
4710  * Bring configured options into the root packet level cache - start
4711  * with the lease's closest enclosing group (passed in by the caller
4712  * as 'group').
4713  */
4714  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4715  reply->packet->options, reply->opt_state,
4716  scope, group, root_group, on_star);
4717 
4718  /* Execute statements from class scopes. */
4719  for (i = reply->packet->class_count; i > 0; i--) {
4720  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4721  reply->packet->options,
4722  reply->opt_state, scope,
4723  reply->packet->classes[i - 1]->group,
4724  group, on_star);
4725  }
4726 
4727  /*
4728  * If there is a host record, over-ride with values configured there,
4729  * without re-evaluating configuration from the previously executed
4730  * group or its common enclosers.
4731  */
4732  if (reply->host != NULL)
4733  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4734  reply->packet->options,
4735  reply->opt_state, scope,
4736  reply->host->group, group,
4737  on_star);
4738 
4739  /* Determine valid lifetime. */
4740  if (reply->client_valid == 0)
4741  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
4742  else
4743  reply->send_valid = reply->client_valid;
4744 
4745  oc = lookup_option(&server_universe, reply->opt_state,
4747  if (oc != NULL) {
4748  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4749  reply->packet->options,
4750  reply->opt_state,
4751  scope, oc, MDL) ||
4752  (data.len != 4)) {
4753  log_error("reply_process_is_prefixed: unable to "
4754  "evaluate default prefix time");
4755  status = ISC_R_FAILURE;
4756  goto cleanup;
4757  }
4758 
4759  reply->send_valid = getULong(data.data);
4760  data_string_forget(&data, MDL);
4761  }
4762 
4763  /* Check to see if the lease time would cause us to wrap
4764  * in which case we make it infinite.
4765  * The following doesn't work on at least some systems:
4766  * (cur_time + reply->send_valid < cur_time)
4767  */
4768  if (reply->send_valid != 0xFFFFFFFF) {
4769  time_t test_time = cur_time + reply->send_valid;
4770  if (test_time < cur_time)
4771  reply->send_valid = 0xFFFFFFFF;
4772  }
4773 
4774  if (reply->client_prefer == 0)
4775  reply->send_prefer = reply->send_valid;
4776  else
4777  reply->send_prefer = reply->client_prefer;
4778 
4779  if ((reply->send_prefer >= reply->send_valid) &&
4780  (reply->send_valid != 0xFFFFFFFF))
4781  reply->send_prefer = (reply->send_valid / 2) +
4782  (reply->send_valid / 8);
4783 
4784  oc = lookup_option(&server_universe, reply->opt_state,
4786  if (oc != NULL) {
4787  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4788  reply->packet->options,
4789  reply->opt_state,
4790  scope, oc, MDL) ||
4791  (data.len != 4)) {
4792  log_error("reply_process_is_prefixed: unable to "
4793  "evaluate preferred prefix time");
4794  status = ISC_R_FAILURE;
4795  goto cleanup;
4796  }
4797 
4798  reply->send_prefer = getULong(data.data);
4799  data_string_forget(&data, MDL);
4800  }
4801 
4802  /* Note lowest values for later calculation of renew/rebind times. */
4803  if (reply->min_prefer > reply->send_prefer)
4804  reply->min_prefer = reply->send_prefer;
4805 
4806  if (reply->min_valid > reply->send_valid)
4807  reply->min_valid = reply->send_valid;
4808 
4809  /* Perform dynamic prefix related update work. */
4810  if (reply->lease != NULL) {
4811  /* Cached lifetimes */
4812  reply->lease->prefer = reply->send_prefer;
4813  reply->lease->valid = reply->send_valid;
4814 
4815  /* Advance (or rewind) the valid lifetime.
4816  * In the protocol 0xFFFFFFFF is infinite
4817  * when connecting to the lease file MAX_TIME is
4818  */
4819  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
4820  if (reply->send_valid == 0xFFFFFFFF) {
4821  reply->lease->soft_lifetime_end_time = MAX_TIME;
4822  } else {
4823  reply->lease->soft_lifetime_end_time =
4824  cur_time + reply->send_valid;
4825  }
4826  /* Wait before renew! */
4827  }
4828 
4829  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
4830  if (status != ISC_R_SUCCESS) {
4831  log_fatal("reply_process_is_prefixed: Unable to "
4832  "attach prefix to new IA_PD: %s",
4833  isc_result_totext(status));
4834  }
4835 
4836  /*
4837  * If this is a new prefix, make sure it is attached somewhere.
4838  */
4839  if (reply->lease->ia == NULL) {
4840  ia_reference(&reply->lease->ia, reply->ia, MDL);
4841  }
4842  }
4843 
4844  /* Bring a copy of the relevant options into the IA_PD scope. */
4845  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4846  reply->packet->options, reply->reply_ia,
4847  scope, group, root_group, NULL);
4848 
4849  /* Execute statements from class scopes. */
4850  for (i = reply->packet->class_count; i > 0; i--) {
4851  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4852  reply->packet->options,
4853  reply->reply_ia, scope,
4854  reply->packet->classes[i - 1]->group,
4855  group, NULL);
4856  }
4857 
4858  /*
4859  * And bring in host record configuration, if any, but not to overlap
4860  * the previous group or its common enclosers.
4861  */
4862  if (reply->host != NULL)
4863  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4864  reply->packet->options,
4865  reply->reply_ia, scope,
4866  reply->host->group, group, NULL);
4867 
4868  cleanup:
4869  if (data.data != NULL)
4870  data_string_forget(&data, MDL);
4871 
4872  if (status == ISC_R_SUCCESS)
4873  reply->client_resources++;
4874 
4875  return status;
4876 }
4877 
4878 /* Simply send an IAPREFIX within the IA_PD scope as described. */
4879 static isc_result_t
4880 reply_process_send_prefix(struct reply_state *reply,
4881  struct iaddrcidrnet *pref) {
4882  isc_result_t status = ISC_R_SUCCESS;
4883  struct data_string data;
4884 
4885  memset(&data, 0, sizeof(data));
4886 
4887  /* Now append the prefix. */
4888  data.len = IAPREFIX_OFFSET;
4889  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
4890  log_error("reply_process_send_prefix: out of memory"
4891  "allocating new IAPREFIX buffer.");
4892  status = ISC_R_NOMEMORY;
4893  goto cleanup;
4894  }
4895  data.data = data.buffer->data;
4896 
4897  putULong(data.buffer->data, reply->send_prefer);
4898  putULong(data.buffer->data + 4, reply->send_valid);
4899  data.buffer->data[8] = pref->bits;
4900  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
4901 
4902  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
4903  data.buffer, data.buffer->data,
4904  data.len, D6O_IAPREFIX, 0)) {
4905  log_error("reply_process_send_prefix: unable "
4906  "to save IAPREFIX option");
4907  status = ISC_R_FAILURE;
4908  goto cleanup;
4909  }
4910 
4911  reply->resources_included = ISC_TRUE;
4912 
4913  cleanup:
4914  if (data.data != NULL)
4916 
4917  return status;
4918 }
4919 
4920 /* Choose the better of two prefixes. */
4921 static struct iasubopt *
4922 prefix_compare(struct reply_state *reply,
4923  struct iasubopt *alpha, struct iasubopt *beta) {
4924  if (alpha == NULL)
4925  return beta;
4926  if (beta == NULL)
4927  return alpha;
4928 
4929  if (reply->preflen >= 0) {
4930  if ((alpha->plen == reply->preflen) &&
4931  (beta->plen != reply->preflen))
4932  return alpha;
4933  if ((beta->plen == reply->preflen) &&
4934  (alpha->plen != reply->preflen))
4935  return beta;
4936  }
4937 
4938  switch(alpha->state) {
4939  case FTS_ACTIVE:
4940  switch(beta->state) {
4941  case FTS_ACTIVE:
4942  /* Choose the prefix with the longest lifetime (most
4943  * likely the most recently allocated).
4944  */
4945  if (alpha->hard_lifetime_end_time <
4946  beta->hard_lifetime_end_time)
4947  return beta;
4948  else
4949  return alpha;
4950 
4951  case FTS_EXPIRED:
4952  case FTS_ABANDONED:
4953  return alpha;
4954 
4955  default:
4956  log_fatal("Impossible condition at %s:%d.", MDL);
4957  }
4958  break;
4959 
4960  case FTS_EXPIRED:
4961  switch (beta->state) {
4962  case FTS_ACTIVE:
4963  return beta;
4964 
4965  case FTS_EXPIRED:
4966  /* Choose the most recently expired prefix. */
4967  if (alpha->hard_lifetime_end_time <
4968  beta->hard_lifetime_end_time)
4969  return beta;
4970  else if ((alpha->hard_lifetime_end_time ==
4971  beta->hard_lifetime_end_time) &&
4972  (alpha->soft_lifetime_end_time <
4973  beta->soft_lifetime_end_time))
4974  return beta;
4975  else
4976  return alpha;
4977 
4978  case FTS_ABANDONED:
4979  return alpha;
4980 
4981  default:
4982  log_fatal("Impossible condition at %s:%d.", MDL);
4983  }
4984  break;
4985 
4986  case FTS_ABANDONED:
4987  switch (beta->state) {
4988  case FTS_ACTIVE:
4989  case FTS_EXPIRED:
4990  return alpha;
4991 
4992  case FTS_ABANDONED:
4993  /* Choose the prefix that was abandoned longest ago. */
4994  if (alpha->hard_lifetime_end_time <
4995  beta->hard_lifetime_end_time)
4996  return alpha;
4997  else
4998  return beta;
4999 
5000  default:
5001  log_fatal("Impossible condition at %s:%d.", MDL);
5002  }
5003  break;
5004 
5005  default:
5006  log_fatal("Impossible condition at %s:%d.", MDL);
5007  }
5008 
5009  log_fatal("Triple impossible condition at %s:%d.", MDL);
5010  return NULL;
5011 }
5012 
5013 /*
5014  * Solicit is how a client starts requesting addresses.
5015  *
5016  * If the client asks for rapid commit, and we support it, we will
5017  * allocate the addresses and reply.
5018  *
5019  * Otherwise we will send an advertise message.
5020  */
5021 
5022 static void
5023 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5024  struct data_string client_id;
5025 
5026  /*
5027  * Validate our input.
5028  */
5029  if (!valid_client_msg(packet, &client_id)) {
5030  return;
5031  }
5032 
5033  lease_to_client(reply_ret, packet, &client_id, NULL);
5034 
5035  /*
5036  * Clean up.
5037  */
5038  data_string_forget(&client_id, MDL);
5039 }
5040 
5041 /*
5042  * Request is how a client actually requests addresses.
5043  *
5044  * Very similar to Solicit handling, except the server DUID is required.
5045  */
5046 
5047 static void
5048 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5049  struct data_string client_id;
5050  struct data_string server_id;
5051 
5052  /*
5053  * Validate our input.
5054  */
5055  if (!valid_client_resp(packet, &client_id, &server_id)) {
5056  return;
5057  }
5058 
5059  /* If the REQUEST arrived via unicast and unicast option isn't set,
5060  * reject it per RFC 3315, Sec 18.2.1 */
5061  if (packet->unicast == ISC_TRUE &&
5062  is_unicast_option_defined(packet) == ISC_FALSE) {
5063  unicast_reject(reply_ret, packet, &client_id, &server_id);
5064  } else {
5065  /*
5066  * Issue our lease.
5067  */
5068  lease_to_client(reply_ret, packet, &client_id, &server_id);
5069  }
5070 
5071  /*
5072  * Cleanup.
5073  */
5074  data_string_forget(&client_id, MDL);
5075  data_string_forget(&server_id, MDL);
5076 }
5077 
5078 /* Find a DHCPv6 packet's shared network from hints in the packet.
5079  */
5080 static isc_result_t
5081 shared_network_from_packet6(struct shared_network **shared,
5082  struct packet *packet)
5083 {
5084  const struct packet *chk_packet;
5085  const struct in6_addr *link_addr, *first_link_addr;
5086  struct iaddr tmp_addr;
5087  struct subnet *subnet;
5088  isc_result_t status;
5089 
5090  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5091  return DHCP_R_INVALIDARG;
5092 
5093  /*
5094  * First, find the link address where the packet from the client
5095  * first appeared (if this packet was relayed).
5096  */
5097  first_link_addr = NULL;
5098  chk_packet = packet->dhcpv6_container_packet;
5099  while (chk_packet != NULL) {
5100  link_addr = &chk_packet->dhcpv6_link_address;
5101  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5102  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5103  first_link_addr = link_addr;
5104  break;
5105  }
5106  chk_packet = chk_packet->dhcpv6_container_packet;
5107  }
5108 
5109  /*
5110  * If there is a relayed link address, find the subnet associated
5111  * with that, and use that to get the appropriate
5112  * shared_network.
5113  */
5114  if (first_link_addr != NULL) {
5115  tmp_addr.len = sizeof(*first_link_addr);
5116  memcpy(tmp_addr.iabuf,
5117  first_link_addr, sizeof(*first_link_addr));
5118  subnet = NULL;
5119  if (!find_subnet(&subnet, tmp_addr, MDL)) {
5120  log_debug("No subnet found for link-address %s.",
5121  piaddr(tmp_addr));
5122  return ISC_R_NOTFOUND;
5123  }
5124  status = shared_network_reference(shared,
5125  subnet->shared_network, MDL);
5126  subnet_dereference(&subnet, MDL);
5127 
5128  /*
5129  * If there is no link address, we will use the interface
5130  * that this packet came in on to pick the shared_network.
5131  */
5132  } else if (packet->interface != NULL) {
5133  status = shared_network_reference(shared,
5134  packet->interface->shared_network,
5135  MDL);
5136  if (packet->dhcpv6_container_packet != NULL) {
5137  log_info("[L2 Relay] No link address in relay packet "
5138  "assuming L2 relay and using receiving "
5139  "interface");
5140  }
5141 
5142  } else {
5143  /*
5144  * We shouldn't be able to get here but if there is no link
5145  * address and no interface we don't know where to get the
5146  * pool from log an error and return an error.
5147  */
5148  log_error("No interface and no link address "
5149  "can't determine pool");
5150  status = DHCP_R_INVALIDARG;
5151  }
5152 
5153  return status;
5154 }
5155 
5156 /*
5157  * When a client thinks it might be on a new link, it sends a
5158  * Confirm message.
5159  *
5160  * From RFC3315 section 18.2.2:
5161  *
5162  * When the server receives a Confirm message, the server determines
5163  * whether the addresses in the Confirm message are appropriate for the
5164  * link to which the client is attached. If all of the addresses in the
5165  * Confirm message pass this test, the server returns a status of
5166  * Success. If any of the addresses do not pass this test, the server
5167  * returns a status of NotOnLink. If the server is unable to perform
5168  * this test (for example, the server does not have information about
5169  * prefixes on the link to which the client is connected), or there were
5170  * no addresses in any of the IAs sent by the client, the server MUST
5171  * NOT send a reply to the client.
5172  */
5173 
5174 static void
5175 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5176  struct shared_network *shared;
5177  struct subnet *subnet;
5178  struct option_cache *ia, *ta, *oc;
5179  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5180  struct option_state *cli_enc_opt_state, *opt_state;
5181  struct iaddr cli_addr;
5182  int pass;
5183  isc_boolean_t inappropriate, has_addrs;
5184  char reply_data[65536];
5185  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5186  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5187 
5188  /*
5189  * Basic client message validation.
5190  */
5191  memset(&client_id, 0, sizeof(client_id));
5192  if (!valid_client_msg(packet, &client_id)) {
5193  return;
5194  }
5195 
5196  /*
5197  * Do not process Confirms that do not have IA's we do not recognize.
5198  */
5201  if ((ia == NULL) && (ta == NULL))
5202  return;
5203 
5204  /*
5205  * IA_PD's are simply ignored.
5206  */
5208 
5209  /*
5210  * Bit of variable initialization.
5211  */
5212  opt_state = cli_enc_opt_state = NULL;
5213  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5214  memset(&iaaddr, 0, sizeof(iaaddr));
5215  memset(&packet_oro, 0, sizeof(packet_oro));
5216 
5217  /* Determine what shared network the client is connected to. We
5218  * must not respond if we don't have any information about the
5219  * network the client is on.
5220  */
5221  shared = NULL;
5222  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5223  (shared == NULL))
5224  goto exit;
5225 
5226  /* If there are no recorded subnets, then we have no
5227  * information about this subnet - ignore Confirms.
5228  */
5229  subnet = shared->subnets;
5230  if (subnet == NULL)
5231  goto exit;
5232 
5233  /* Are the addresses in all the IA's appropriate for that link? */
5234  has_addrs = inappropriate = ISC_FALSE;
5235  pass = D6O_IA_NA;
5236  while(!inappropriate) {
5237  /* If we've reached the end of the IA_NA pass, move to the
5238  * IA_TA pass.
5239  */
5240  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5241  pass = D6O_IA_TA;
5242  ia = ta;
5243  }
5244 
5245  /* If we've reached the end of all passes, we're done. */
5246  if (ia == NULL)
5247  break;
5248 
5249  if (((pass == D6O_IA_NA) &&
5250  !get_encapsulated_IA_state(&cli_enc_opt_state,
5251  &cli_enc_opt_data,
5252  packet, ia, IA_NA_OFFSET)) ||
5253  ((pass == D6O_IA_TA) &&
5254  !get_encapsulated_IA_state(&cli_enc_opt_state,
5255  &cli_enc_opt_data,
5256  packet, ia, IA_TA_OFFSET))) {
5257  goto exit;
5258  }
5259 
5260  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5261  D6O_IAADDR);
5262 
5263  for ( ; oc != NULL ; oc = oc->next) {
5264  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5265  packet->options, NULL,
5266  &global_scope, oc, MDL) ||
5267  (iaaddr.len < IAADDR_OFFSET)) {
5268  log_error("dhcpv6_confirm: "
5269  "error evaluating IAADDR.");
5270  goto exit;
5271  }
5272 
5273  /* Copy out the IPv6 address for processing. */
5274  cli_addr.len = 16;
5275  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5276 
5277  data_string_forget(&iaaddr, MDL);
5278 
5279  /* Record that we've processed at least one address. */
5280  has_addrs = ISC_TRUE;
5281 
5282  /* Find out if any subnets cover this address. */
5283  for (subnet = shared->subnets ; subnet != NULL ;
5284  subnet = subnet->next_sibling) {
5285  if (addr_eq(subnet_number(cli_addr,
5286  subnet->netmask),
5287  subnet->net))
5288  break;
5289  }
5290 
5291  /* If we reach the end of the subnet list, and no
5292  * subnet matches the client address, then it must
5293  * be inappropriate to the link (so far as our
5294  * configuration says). Once we've found one
5295  * inappropriate address, there is no reason to
5296  * continue searching.
5297  */
5298  if (subnet == NULL) {
5299  inappropriate = ISC_TRUE;
5300  break;
5301  }
5302  }
5303 
5304  option_state_dereference(&cli_enc_opt_state, MDL);
5305  data_string_forget(&cli_enc_opt_data, MDL);
5306 
5307  /* Advance to the next IA_*. */
5308  ia = ia->next;
5309  }
5310 
5311  /* If the client supplied no addresses, do not reply. */
5312  if (!has_addrs)
5313  goto exit;
5314 
5315  /*
5316  * Set up reply.
5317  */
5318  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5319  goto exit;
5320  }
5321 
5322  /*
5323  * Set our status.
5324  */
5325  if (inappropriate) {
5326  if (!set_status_code(STATUS_NotOnLink,
5327  "Some of the addresses are not on link.",
5328  opt_state)) {
5329  goto exit;
5330  }
5331  } else {
5332  if (!set_status_code(STATUS_Success,
5333  "All addresses still on link.",
5334  opt_state)) {
5335  goto exit;
5336  }
5337  }
5338 
5339  /*
5340  * Only one option: add it.
5341  */
5342  reply_ofs += store_options6(reply_data+reply_ofs,
5343  sizeof(reply_data)-reply_ofs,
5344  opt_state, packet,
5345  required_opts, &packet_oro);
5346 
5347  /*
5348  * Return our reply to the caller.
5349  */
5350  reply_ret->len = reply_ofs;
5351  reply_ret->buffer = NULL;
5352  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5353  log_fatal("No memory to store reply.");
5354  }
5355  reply_ret->data = reply_ret->buffer->data;
5356  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5357 
5358 exit:
5359  /* Cleanup any stale data strings. */
5360  if (cli_enc_opt_data.buffer != NULL)
5361  data_string_forget(&cli_enc_opt_data, MDL);
5362  if (iaaddr.buffer != NULL)
5363  data_string_forget(&iaaddr, MDL);
5364  if (client_id.buffer != NULL)
5365  data_string_forget(&client_id, MDL);
5366  if (packet_oro.buffer != NULL)
5367  data_string_forget(&packet_oro, MDL);
5368 
5369  /* Release any stale option states. */
5370  if (cli_enc_opt_state != NULL)
5371  option_state_dereference(&cli_enc_opt_state, MDL);
5372  if (opt_state != NULL)
5373  option_state_dereference(&opt_state, MDL);
5374 }
5375 
5376 /*
5377  * Renew is when a client wants to extend its lease/prefix, at time T1.
5378  *
5379  * We handle this the same as if the client wants a new lease/prefix,
5380  * except for the error code of when addresses don't match.
5381  */
5382 
5383 static void
5384 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5385  struct data_string client_id;
5386  struct data_string server_id;
5387 
5388  /*
5389  * Validate the request.
5390  */
5391  if (!valid_client_resp(packet, &client_id, &server_id)) {
5392  return;
5393  }
5394 
5395  /* If the RENEW arrived via unicast and unicast option isn't set,
5396  * reject it per RFC 3315, Sec 18.2.3 */
5397  if (packet->unicast == ISC_TRUE &&
5398  is_unicast_option_defined(packet) == ISC_FALSE) {
5399  unicast_reject(reply, packet, &client_id, &server_id);
5400  } else {
5401  /*
5402  * Renew our lease.
5403  */
5404  lease_to_client(reply, packet, &client_id, &server_id);
5405  }
5406 
5407  /*
5408  * Cleanup.
5409  */
5410  data_string_forget(&server_id, MDL);
5411  data_string_forget(&client_id, MDL);
5412 }
5413 
5414 /*
5415  * Rebind is when a client wants to extend its lease, at time T2.
5416  *
5417  * We handle this the same as if the client wants a new lease, except
5418  * for the error code of when addresses don't match.
5419  */
5420 
5421 static void
5422 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5423  struct data_string client_id;
5424 
5425  if (!valid_client_msg(packet, &client_id)) {
5426  return;
5427  }
5428 
5429  lease_to_client(reply, packet, &client_id, NULL);
5430 
5431  data_string_forget(&client_id, MDL);
5432 }
5433 
5434 static void
5435 ia_na_match_decline(const struct data_string *client_id,
5436  const struct data_string *iaaddr,
5437  struct iasubopt *lease)
5438 {
5439  char tmp_addr[INET6_ADDRSTRLEN];
5440 
5441  log_error("Client %s reports address %s is "
5442  "already in use by another host!",
5443  print_hex_1(client_id->len, client_id->data, 60),
5444  inet_ntop(AF_INET6, iaaddr->data,
5445  tmp_addr, sizeof(tmp_addr)));
5446  if (lease != NULL) {
5447  decline_lease6(lease->ipv6_pool, lease);
5448  lease->ia->cltt = cur_time;
5449  write_ia(lease->ia);
5450  }
5451 }
5452 
5453 static void
5454 ia_na_nomatch_decline(const struct data_string *client_id,
5455  const struct data_string *iaaddr,
5456  u_int32_t *ia_na_id,
5457  struct packet *packet,
5458  char *reply_data,
5459  int *reply_ofs,
5460  int reply_len)
5461 {
5462  char tmp_addr[INET6_ADDRSTRLEN];
5463  struct option_state *host_opt_state;
5464  int len;
5465 
5466  log_info("Client %s declines address %s, which is not offered to it.",
5467  print_hex_1(client_id->len, client_id->data, 60),
5468  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5469 
5470  /*
5471  * Create state for this IA_NA.
5472  */
5473  host_opt_state = NULL;
5474  if (!option_state_allocate(&host_opt_state, MDL)) {
5475  log_error("ia_na_nomatch_decline: out of memory "
5476  "allocating option_state.");
5477  goto exit;
5478  }
5479 
5480  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5481  host_opt_state)) {
5482  goto exit;
5483  }
5484 
5485  /*
5486  * Insure we have enough space
5487  */
5488  if (reply_len < (*reply_ofs + 16)) {
5489  log_error("ia_na_nomatch_decline: "
5490  "out of space for reply packet.");
5491  goto exit;
5492  }
5493 
5494  /*
5495  * Put our status code into the reply packet.
5496  */
5497  len = store_options6(reply_data+(*reply_ofs)+16,
5498  reply_len-(*reply_ofs)-16,
5499  host_opt_state, packet,
5500  required_opts_STATUS_CODE, NULL);
5501 
5502  /*
5503  * Store the non-encapsulated option data for this
5504  * IA_NA into our reply packet. Defined in RFC 3315,
5505  * section 22.4.
5506  */
5507  /* option number */
5508  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5509  /* option length */
5510  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5511  /* IA_NA, copied from the client */
5512  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5513  /* t1 and t2, odd that we need them, but here it is */
5514  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5515  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5516 
5517  /*
5518  * Get ready for next IA_NA.
5519  */
5520  *reply_ofs += (len + 16);
5521 
5522 exit:
5523  option_state_dereference(&host_opt_state, MDL);
5524 }
5525 
5526 static void
5527 iterate_over_ia_na(struct data_string *reply_ret,
5528  struct packet *packet,
5529  const struct data_string *client_id,
5530  const struct data_string *server_id,
5531  const char *packet_type,
5532  void (*ia_na_match)(),
5533  void (*ia_na_nomatch)())
5534 {
5535  struct option_state *opt_state;
5536  struct host_decl *packet_host;
5537  struct option_cache *ia;
5538  struct option_cache *oc;
5539  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5540  struct data_string cli_enc_opt_data;
5541  struct option_state *cli_enc_opt_state;
5542  struct host_decl *host;
5543  struct data_string iaaddr;
5544  struct data_string fixed_addr;
5545  char reply_data[65536];
5546  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5547  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5548  char status_msg[32];
5549  struct iasubopt *lease;
5550  struct ia_xx *existing_ia_na;
5551  int i;
5552  struct data_string key;
5553  u_int32_t iaid;
5554 
5555  /*
5556  * Initialize to empty values, in case we have to exit early.
5557  */
5558  opt_state = NULL;
5559  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5560  cli_enc_opt_state = NULL;
5561  memset(&iaaddr, 0, sizeof(iaaddr));
5562  memset(&fixed_addr, 0, sizeof(fixed_addr));
5563  lease = NULL;
5564 
5565  /*
5566  * Find the host record that matches from the packet, if any.
5567  */
5568  packet_host = NULL;
5569  find_hosts6(&packet_host, packet, client_id, MDL);
5570 
5571  /*
5572  * Set our reply information.
5573  */
5574  reply->msg_type = DHCPV6_REPLY;
5575  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5576  sizeof(reply->transaction_id));
5577 
5578  /*
5579  * Build our option state for reply.
5580  */
5581  opt_state = NULL;
5582  if (!option_state_allocate(&opt_state, MDL)) {
5583  log_error("iterate_over_ia_na: no memory for option_state.");
5584  goto exit;
5585  }
5586  execute_statements_in_scope(NULL, packet, NULL, NULL,
5587  packet->options, opt_state,
5588  &global_scope, root_group, NULL, NULL);
5589 
5590  /*
5591  * RFC 3315, section 18.2.7 tells us which options to include.
5592  */
5593  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5594  if (oc == NULL) {
5595  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5596  (unsigned char *)server_duid.data,
5597  server_duid.len, D6O_SERVERID, 0)) {
5598  log_error("iterate_over_ia_na: "
5599  "error saving server identifier.");
5600  goto exit;
5601  }
5602  }
5603 
5604  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5605  client_id->buffer,
5606  (unsigned char *)client_id->data,
5607  client_id->len,
5608  D6O_CLIENTID, 0)) {
5609  log_error("iterate_over_ia_na: "
5610  "error saving client identifier.");
5611  goto exit;
5612  }
5613 
5614  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5615  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5616  goto exit;
5617  }
5618 
5619  /*
5620  * Add our options that are not associated with any IA_NA or IA_TA.
5621  */
5622  reply_ofs += store_options6(reply_data+reply_ofs,
5623  sizeof(reply_data)-reply_ofs,
5624  opt_state, packet,
5625  required_opts, NULL);
5626 
5627  /*
5628  * Loop through the IA_NA reported by the client, and deal with
5629  * addresses reported as already in use.
5630  */
5631  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5632  ia != NULL; ia = ia->next) {
5633 
5634  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5635  &cli_enc_opt_data,
5636  packet, ia, IA_NA_OFFSET)) {
5637  goto exit;
5638  }
5639 
5640  iaid = getULong(cli_enc_opt_data.data);
5641 
5642  /*
5643  * XXX: It is possible that we can get multiple addresses
5644  * sent by the client. We don't send multiple
5645  * addresses, so this indicates a client error.
5646  * We should check for multiple IAADDR options, log
5647  * if found, and set as an error.
5648  */
5649  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5650  D6O_IAADDR);
5651  if (oc == NULL) {
5652  /* no address given for this IA, ignore */
5653  option_state_dereference(&cli_enc_opt_state, MDL);
5654  data_string_forget(&cli_enc_opt_data, MDL);
5655  continue;
5656  }
5657 
5658  memset(&iaaddr, 0, sizeof(iaaddr));
5659  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5660  packet->options, NULL,
5661  &global_scope, oc, MDL)) {
5662  log_error("iterate_over_ia_na: "
5663  "error evaluating IAADDR.");
5664  goto exit;
5665  }
5666 
5667  /*
5668  * Now we need to figure out which host record matches
5669  * this IA_NA and IAADDR (encapsulated option contents
5670  * matching a host record by option).
5671  *
5672  * XXX: We don't currently track IA_NA separately, but
5673  * we will need to do this!
5674  */
5675  host = NULL;
5676  if (!find_hosts_by_option(&host, packet,
5677  cli_enc_opt_state, MDL)) {
5678  if (packet_host != NULL) {
5679  host = packet_host;
5680  } else {
5681  host = NULL;
5682  }
5683  }
5684  while (host != NULL) {
5685  if (host->fixed_addr != NULL) {
5686  if (!evaluate_option_cache(&fixed_addr, NULL,
5687  NULL, NULL, NULL,
5688  NULL, &global_scope,
5689  host->fixed_addr,
5690  MDL)) {
5691  log_error("iterate_over_ia_na: error "
5692  "evaluating host address.");
5693  goto exit;
5694  }
5695  if ((iaaddr.len >= 16) &&
5696  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
5697  data_string_forget(&fixed_addr, MDL);
5698  break;
5699  }
5700  data_string_forget(&fixed_addr, MDL);
5701  }
5702  host = host->n_ipaddr;
5703  }
5704 
5705  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
5706  /*
5707  * Find existing IA_NA.
5708  */
5709  if (ia_make_key(&key, iaid,
5710  (char *)client_id->data,
5711  client_id->len,
5712  MDL) != ISC_R_SUCCESS) {
5713  log_fatal("iterate_over_ia_na: no memory for "
5714  "key.");
5715  }
5716 
5717  existing_ia_na = NULL;
5718  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
5719  (unsigned char *)key.data,
5720  key.len, MDL)) {
5721  /*
5722  * Make sure this address is in the IA_NA.
5723  */
5724  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
5725  struct iasubopt *tmp;
5726  struct in6_addr *in6_addr;
5727 
5728  tmp = existing_ia_na->iasubopt[i];
5729  in6_addr = &tmp->addr;
5730  if (memcmp(in6_addr,
5731  iaaddr.data, 16) == 0) {
5732  iasubopt_reference(&lease,
5733  tmp, MDL);
5734  break;
5735  }
5736  }
5737  }
5738 
5739  data_string_forget(&key, MDL);
5740  }
5741 
5742  if ((host != NULL) || (lease != NULL)) {
5743  ia_na_match(client_id, &iaaddr, lease);
5744  } else {
5745  ia_na_nomatch(client_id, &iaaddr,
5746  (u_int32_t *)cli_enc_opt_data.data,
5747  packet, reply_data, &reply_ofs,
5748  sizeof(reply_data));
5749  }
5750 
5751  if (lease != NULL) {
5752  iasubopt_dereference(&lease, MDL);
5753  }
5754 
5755  data_string_forget(&iaaddr, MDL);
5756  option_state_dereference(&cli_enc_opt_state, MDL);
5757  data_string_forget(&cli_enc_opt_data, MDL);
5758  }
5759 
5760  /*
5761  * Return our reply to the caller.
5762  */
5763  reply_ret->len = reply_ofs;
5764  reply_ret->buffer = NULL;
5765  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5766  log_fatal("No memory to store reply.");
5767  }
5768  reply_ret->data = reply_ret->buffer->data;
5769  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5770 
5771 exit:
5772  if (lease != NULL) {
5773  iasubopt_dereference(&lease, MDL);
5774  }
5775  if (fixed_addr.buffer != NULL) {
5776  data_string_forget(&fixed_addr, MDL);
5777  }
5778  if (iaaddr.buffer != NULL) {
5779  data_string_forget(&iaaddr, MDL);
5780  }
5781  if (cli_enc_opt_state != NULL) {
5782  option_state_dereference(&cli_enc_opt_state, MDL);
5783  }
5784  if (cli_enc_opt_data.buffer != NULL) {
5785  data_string_forget(&cli_enc_opt_data, MDL);
5786  }
5787  if (opt_state != NULL) {
5788  option_state_dereference(&opt_state, MDL);
5789  }
5790 }
5791 
5792 /*
5793  * Decline means a client has detected that something else is using an
5794  * address we gave it.
5795  *
5796  * Since we're only dealing with fixed leases for now, there's not
5797  * much we can do, other that log the occurrence.
5798  *
5799  * When we start issuing addresses from pools, then we will have to
5800  * record our declined addresses and issue another. In general with
5801  * IPv6 there is no worry about DoS by clients exhausting space, but
5802  * we still need to be aware of this possibility.
5803  */
5804 
5805 /* TODO: IA_TA */
5806 static void
5807 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
5808  struct data_string client_id;
5809  struct data_string server_id;
5810 
5811  /*
5812  * Validate our input.
5813  */
5814  if (!valid_client_resp(packet, &client_id, &server_id)) {
5815  return;
5816  }
5817 
5818  /* If the DECLINE arrived via unicast and unicast option isn't set,
5819  * reject it per RFC 3315, Sec 18.2.7 */
5820  if (packet->unicast == ISC_TRUE &&
5821  is_unicast_option_defined(packet) == ISC_FALSE) {
5822  unicast_reject(reply, packet, &client_id, &server_id);
5823  } else {
5824  /*
5825  * Undefined for IA_PD.
5826  */
5828 
5829  /*
5830  * And operate on each IA_NA in this packet.
5831  */
5832  iterate_over_ia_na(reply, packet, &client_id, &server_id,
5833  "Decline", ia_na_match_decline,
5834  ia_na_nomatch_decline);
5835 
5836  }
5837 
5838  data_string_forget(&server_id, MDL);
5839  data_string_forget(&client_id, MDL);
5840 }
5841 
5842 static void
5843 ia_na_match_release(const struct data_string *client_id,
5844  const struct data_string *iaaddr,
5845  struct iasubopt *lease)
5846 {
5847  char tmp_addr[INET6_ADDRSTRLEN];
5848 
5849  log_info("Client %s releases address %s",
5850  print_hex_1(client_id->len, client_id->data, 60),
5851  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5852  if (lease != NULL) {
5853  release_lease6(lease->ipv6_pool, lease);
5854  lease->ia->cltt = cur_time;
5855  write_ia(lease->ia);
5856  }
5857 }
5858 
5859 static void
5860 ia_na_nomatch_release(const struct data_string *client_id,
5861  const struct data_string *iaaddr,
5862  u_int32_t *ia_na_id,
5863  struct packet *packet,
5864  char *reply_data,
5865  int *reply_ofs,
5866  int reply_len)
5867 {
5868  char tmp_addr[INET6_ADDRSTRLEN];
5869  struct option_state *host_opt_state;
5870  int len;
5871 
5872  log_info("Client %s releases address %s, which is not leased to it.",
5873  print_hex_1(client_id->len, client_id->data, 60),
5874  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5875 
5876  /*
5877  * Create state for this IA_NA.
5878  */
5879  host_opt_state = NULL;
5880  if (!option_state_allocate(&host_opt_state, MDL)) {
5881  log_error("ia_na_nomatch_release: out of memory "
5882  "allocating option_state.");
5883  goto exit;
5884  }
5885 
5886  if (!set_status_code(STATUS_NoBinding,
5887  "Release for non-leased address.",
5888  host_opt_state)) {
5889  goto exit;
5890  }
5891 
5892  /*
5893  * Insure we have enough space
5894  */
5895  if (reply_len < (*reply_ofs + 16)) {
5896  log_error("ia_na_nomatch_release: "
5897  "out of space for reply packet.");
5898  goto exit;
5899  }
5900 
5901  /*
5902  * Put our status code into the reply packet.
5903  */
5904  len = store_options6(reply_data+(*reply_ofs)+16,
5905  reply_len-(*reply_ofs)-16,
5906  host_opt_state, packet,
5907  required_opts_STATUS_CODE, NULL);
5908 
5909  /*
5910  * Store the non-encapsulated option data for this
5911  * IA_NA into our reply packet. Defined in RFC 3315,
5912  * section 22.4.
5913  */
5914  /* option number */
5915  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5916  /* option length */
5917  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5918  /* IA_NA, copied from the client */
5919  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5920  /* t1 and t2, odd that we need them, but here it is */
5921  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5922  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5923 
5924  /*
5925  * Get ready for next IA_NA.
5926  */
5927  *reply_ofs += (len + 16);
5928 
5929 exit:
5930  option_state_dereference(&host_opt_state, MDL);
5931 }
5932 
5933 static void
5934 ia_pd_match_release(const struct data_string *client_id,
5935  const struct data_string *iapref,
5936  struct iasubopt *prefix)
5937 {
5938  char tmp_addr[INET6_ADDRSTRLEN];
5939 
5940  log_info("Client %s releases prefix %s/%u",
5941  print_hex_1(client_id->len, client_id->data, 60),
5942  inet_ntop(AF_INET6, iapref->data + 9,
5943  tmp_addr, sizeof(tmp_addr)),
5944  (unsigned) getUChar(iapref->data + 8));
5945  if (prefix != NULL) {
5946  release_lease6(prefix->ipv6_pool, prefix);
5947  prefix->ia->cltt = cur_time;
5948  write_ia(prefix->ia);
5949  }
5950 }
5951 
5952 static void
5953 ia_pd_nomatch_release(const struct data_string *client_id,
5954  const struct data_string *iapref,
5955  u_int32_t *ia_pd_id,
5956  struct packet *packet,
5957  char *reply_data,
5958  int *reply_ofs,
5959  int reply_len)
5960 {
5961  char tmp_addr[INET6_ADDRSTRLEN];
5962  struct option_state *host_opt_state;
5963  int len;
5964 
5965  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
5966  print_hex_1(client_id->len, client_id->data, 60),
5967  inet_ntop(AF_INET6, iapref->data + 9,
5968  tmp_addr, sizeof(tmp_addr)),
5969  (unsigned) getUChar(iapref->data + 8));
5970 
5971  /*
5972  * Create state for this IA_PD.
5973  */
5974  host_opt_state = NULL;
5975  if (!option_state_allocate(&host_opt_state, MDL)) {
5976  log_error("ia_pd_nomatch_release: out of memory "
5977  "allocating option_state.");
5978  goto exit;
5979  }
5980 
5981  if (!set_status_code(STATUS_NoBinding,
5982  "Release for non-leased prefix.",
5983  host_opt_state)) {
5984  goto exit;
5985  }
5986 
5987  /*
5988  * Insure we have enough space
5989  */
5990  if (reply_len < (*reply_ofs + 16)) {
5991  log_error("ia_pd_nomatch_release: "
5992  "out of space for reply packet.");
5993  goto exit;
5994  }
5995 
5996  /*
5997  * Put our status code into the reply packet.
5998  */
5999  len = store_options6(reply_data+(*reply_ofs)+16,
6000  reply_len-(*reply_ofs)-16,
6001  host_opt_state, packet,
6002  required_opts_STATUS_CODE, NULL);
6003 
6004  /*
6005  * Store the non-encapsulated option data for this
6006  * IA_PD into our reply packet. Defined in RFC 3315,
6007  * section 22.4.
6008  */
6009  /* option number */
6010  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6011  /* option length */
6012  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6013  /* IA_PD, copied from the client */
6014  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6015  /* t1 and t2, odd that we need them, but here it is */
6016  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6017  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6018 
6019  /*
6020  * Get ready for next IA_PD.
6021  */
6022  *reply_ofs += (len + 16);
6023 
6024 exit:
6025  option_state_dereference(&host_opt_state, MDL);
6026 }
6027 
6028 static void
6029 iterate_over_ia_pd(struct data_string *reply_ret,
6030  struct packet *packet,
6031  const struct data_string *client_id,
6032  const struct data_string *server_id,
6033  const char *packet_type,
6034  void (*ia_pd_match)(),
6035  void (*ia_pd_nomatch)())
6036 {
6037  struct data_string reply_new;
6038  int reply_len;
6039  struct option_state *opt_state;
6040  struct host_decl *packet_host;
6041  struct option_cache *ia;
6042  struct option_cache *oc;
6043  /* cli_enc_... variables come from the IA_PD options */
6044  struct data_string cli_enc_opt_data;
6045  struct option_state *cli_enc_opt_state;
6046  struct host_decl *host;
6047  struct data_string iaprefix;
6048  char reply_data[65536];
6049  int reply_ofs;
6050  struct iasubopt *prefix;
6051  struct ia_xx *existing_ia_pd;
6052  int i;
6053  struct data_string key;
6054  u_int32_t iaid;
6055 
6056  /*
6057  * Initialize to empty values, in case we have to exit early.
6058  */
6059  memset(&reply_new, 0, sizeof(reply_new));
6060  opt_state = NULL;
6061  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6062  cli_enc_opt_state = NULL;
6063  memset(&iaprefix, 0, sizeof(iaprefix));
6064  prefix = NULL;
6065 
6066  /*
6067  * Compute the available length for the reply.
6068  */
6069  reply_len = sizeof(reply_data) - reply_ret->len;
6070  reply_ofs = 0;
6071 
6072  /*
6073  * Find the host record that matches from the packet, if any.
6074  */
6075  packet_host = NULL;
6076  find_hosts6(&packet_host, packet, client_id, MDL);
6077 
6078  /*
6079  * Build our option state for reply.
6080  */
6081  opt_state = NULL;
6082  if (!option_state_allocate(&opt_state, MDL)) {
6083  log_error("iterate_over_ia_pd: no memory for option_state.");
6084  goto exit;
6085  }
6086  execute_statements_in_scope(NULL, packet, NULL, NULL,
6087  packet->options, opt_state,
6088  &global_scope, root_group, NULL, NULL);
6089 
6090  /*
6091  * Loop through the IA_PD reported by the client, and deal with
6092  * prefixes reported as already in use.
6093  */
6094  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6095  ia != NULL; ia = ia->next) {
6096 
6097  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6098  &cli_enc_opt_data,
6099  packet, ia, IA_PD_OFFSET)) {
6100  goto exit;
6101  }
6102 
6103  iaid = getULong(cli_enc_opt_data.data);
6104 
6105  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6106  D6O_IAPREFIX);
6107  if (oc == NULL) {
6108  /* no prefix given for this IA_PD, ignore */
6109  option_state_dereference(&cli_enc_opt_state, MDL);
6110  data_string_forget(&cli_enc_opt_data, MDL);
6111  continue;
6112  }
6113 
6114  for (; oc != NULL; oc = oc->next) {
6115  memset(&iaprefix, 0, sizeof(iaprefix));
6116  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6117  packet->options, NULL,
6118  &global_scope, oc, MDL)) {
6119  log_error("iterate_over_ia_pd: "
6120  "error evaluating IAPREFIX.");
6121  goto exit;
6122  }
6123 
6124  /*
6125  * Now we need to figure out which host record matches
6126  * this IA_PD and IAPREFIX (encapsulated option contents
6127  * matching a host record by option).
6128  *
6129  * XXX: We don't currently track IA_PD separately, but
6130  * we will need to do this!
6131  */
6132  host = NULL;
6133  if (!find_hosts_by_option(&host, packet,
6134  cli_enc_opt_state, MDL)) {
6135  if (packet_host != NULL) {
6136  host = packet_host;
6137  } else {
6138  host = NULL;
6139  }
6140  }
6141  while (host != NULL) {
6142  if (host->fixed_prefix != NULL) {
6143  struct iaddrcidrnetlist *l;
6144  int plen = (int) getUChar(iaprefix.data + 8);
6145 
6146  for (l = host->fixed_prefix; l != NULL;
6147  l = l->next) {
6148  if (plen != l->cidrnet.bits)
6149  continue;
6150  if (memcmp(iaprefix.data + 9,
6151  l->cidrnet.lo_addr.iabuf,
6152  16) == 0)
6153  break;
6154  }
6155  if ((l != NULL) && (iaprefix.len >= 17))
6156  break;
6157  }
6158  host = host->n_ipaddr;
6159  }
6160 
6161  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6162  /*
6163  * Find existing IA_PD.
6164  */
6165  if (ia_make_key(&key, iaid,
6166  (char *)client_id->data,
6167  client_id->len,
6168  MDL) != ISC_R_SUCCESS) {
6169  log_fatal("iterate_over_ia_pd: no memory for "
6170  "key.");
6171  }
6172 
6173  existing_ia_pd = NULL;
6174  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6175  (unsigned char *)key.data,
6176  key.len, MDL)) {
6177  /*
6178  * Make sure this prefix is in the IA_PD.
6179  */
6180  for (i = 0;
6181  i < existing_ia_pd->num_iasubopt;
6182  i++) {
6183  struct iasubopt *tmp;
6184  u_int8_t plen;
6185 
6186  plen = getUChar(iaprefix.data + 8);
6187  tmp = existing_ia_pd->iasubopt[i];
6188  if ((tmp->plen == plen) &&
6189  (memcmp(&tmp->addr,
6190  iaprefix.data + 9,
6191  16) == 0)) {
6192  iasubopt_reference(&prefix,
6193  tmp, MDL);
6194  break;
6195  }
6196  }
6197  }
6198 
6199  data_string_forget(&key, MDL);
6200  }
6201 
6202  if ((host != NULL) || (prefix != NULL)) {
6203  ia_pd_match(client_id, &iaprefix, prefix);
6204  } else {
6205  ia_pd_nomatch(client_id, &iaprefix,
6206  (u_int32_t *)cli_enc_opt_data.data,
6207  packet, reply_data, &reply_ofs,
6208  reply_len - reply_ofs);
6209  }
6210 
6211  if (prefix != NULL) {
6212  iasubopt_dereference(&prefix, MDL);
6213  }
6214 
6215  data_string_forget(&iaprefix, MDL);
6216  }
6217 
6218  option_state_dereference(&cli_enc_opt_state, MDL);
6219  data_string_forget(&cli_enc_opt_data, MDL);
6220  }
6221 
6222  /*
6223  * Return our reply to the caller.
6224  * The IA_NA routine has already filled at least the header.
6225  */
6226  reply_new.len = reply_ret->len + reply_ofs;
6227  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6228  log_fatal("No memory to store reply.");
6229  }
6230  reply_new.data = reply_new.buffer->data;
6231  memcpy(reply_new.buffer->data,
6232  reply_ret->buffer->data, reply_ret->len);
6233  memcpy(reply_new.buffer->data + reply_ret->len,
6234  reply_data, reply_ofs);
6235  data_string_forget(reply_ret, MDL);
6236  data_string_copy(reply_ret, &reply_new, MDL);
6237  data_string_forget(&reply_new, MDL);
6238 
6239 exit:
6240  if (prefix != NULL) {
6241  iasubopt_dereference(&prefix, MDL);
6242  }
6243  if (iaprefix.buffer != NULL) {
6244  data_string_forget(&iaprefix, MDL);
6245  }
6246  if (cli_enc_opt_state != NULL) {
6247  option_state_dereference(&cli_enc_opt_state, MDL);
6248  }
6249  if (cli_enc_opt_data.buffer != NULL) {
6250  data_string_forget(&cli_enc_opt_data, MDL);
6251  }
6252  if (opt_state != NULL) {
6253  option_state_dereference(&opt_state, MDL);
6254  }
6255 }
6256 
6257 /*
6258  * Release means a client is done with the leases.
6259  */
6260 
6261 static void
6262 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6263  struct data_string client_id;
6264  struct data_string server_id;
6265 
6266  /*
6267  * Validate our input.
6268  */
6269  if (!valid_client_resp(packet, &client_id, &server_id)) {
6270  return;
6271  }
6272 
6273  /* If the RELEASE arrived via unicast and unicast option isn't set,
6274  * reject it per RFC 3315, Sec 18.2.6 */
6275  if (packet->unicast == ISC_TRUE &&
6276  is_unicast_option_defined(packet) == ISC_FALSE) {
6277  unicast_reject(reply, packet, &client_id, &server_id);
6278  } else {
6279  /*
6280  * And operate on each IA_NA in this packet.
6281  */
6282  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6283  "Release", ia_na_match_release,
6284  ia_na_nomatch_release);
6285 
6286  /*
6287  * And operate on each IA_PD in this packet.
6288  */
6289  iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6290  "Release", ia_pd_match_release,
6291  ia_pd_nomatch_release);
6292  }
6293 
6294  data_string_forget(&server_id, MDL);
6295  data_string_forget(&client_id, MDL);
6296 }
6297 
6298 /*
6299  * Information-Request is used by clients who have obtained an address
6300  * from other means, but want configuration information from the server.
6301  */
6302 
6303 static void
6304 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6305  struct data_string client_id;
6306  struct data_string server_id;
6307 
6308  /*
6309  * Validate our input.
6310  */
6311  if (!valid_client_info_req(packet, &server_id)) {
6312  return;
6313  }
6314 
6315  /*
6316  * Get our client ID, if there is one.
6317  */
6318  memset(&client_id, 0, sizeof(client_id));
6319  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6320  data_string_forget(&client_id, MDL);
6321  }
6322 
6323  /*
6324  * Use the lease_to_client() function. This will work fine,
6325  * because the valid_client_info_req() insures that we
6326  * don't have any IA that would cause us to allocate
6327  * resources to the client.
6328  */
6329  lease_to_client(reply, packet, &client_id,
6330  server_id.data != NULL ? &server_id : NULL);
6331 
6332  /*
6333  * Cleanup.
6334  */
6335  if (client_id.data != NULL) {
6336  data_string_forget(&client_id, MDL);
6337  }
6338  data_string_forget(&server_id, MDL);
6339 }
6340 
6341 /*
6342  * The Relay-forw message is sent by relays. It typically contains a
6343  * single option, which encapsulates an entire packet.
6344  *
6345  * We need to build an encapsulated reply.
6346  */
6347 
6348 /* XXX: this is very, very similar to do_packet6(), and should probably
6349  be combined in a clever way */
6350 /* DHCPv6 server side */
6351 static void
6352 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6353  struct option_cache *oc;
6354  struct data_string enc_opt_data;
6355  struct packet *enc_packet;
6356  unsigned char msg_type;
6357  const struct dhcpv6_packet *msg;
6358  const struct dhcpv6_relay_packet *relay;
6359  struct data_string enc_reply;
6360  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6361  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6362  struct data_string a_opt, packet_ero;
6363  struct option_state *opt_state;
6364  static char reply_data[65536];
6365  struct dhcpv6_relay_packet *reply;
6366  int reply_ofs;
6367 
6368  /*
6369  * Initialize variables for early exit.
6370  */
6371  opt_state = NULL;
6372  memset(&a_opt, 0, sizeof(a_opt));
6373  memset(&packet_ero, 0, sizeof(packet_ero));
6374  memset(&enc_reply, 0, sizeof(enc_reply));
6375  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6376  enc_packet = NULL;
6377 
6378  /*
6379  * Get our encapsulated relay message.
6380  */
6382  if (oc == NULL) {
6383  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6384  link_addr, sizeof(link_addr));
6385  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6386  peer_addr, sizeof(peer_addr));
6387  log_info("Relay-forward from %s with link address=%s and "
6388  "peer address=%s missing Relay Message option.",
6389  piaddr(packet->client_addr), link_addr, peer_addr);
6390  goto exit;
6391  }
6392 
6393  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6394  NULL, NULL, &global_scope, oc, MDL)) {
6395  /* should be dhcpv6_relay_forw */
6396  log_error("dhcpv6_forw_relay: error evaluating "
6397  "relayed message.");
6398  goto exit;
6399  }
6400 
6401  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6402  /* should be dhcpv6_relay_forw */
6403  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6404  goto exit;
6405  }
6406 
6407  /*
6408  * Build a packet structure from this encapsulated packet.
6409  */
6410  enc_packet = NULL;
6411  if (!packet_allocate(&enc_packet, MDL)) {
6412  /* should be dhcpv6_relay_forw */
6413  log_error("dhcpv6_forw_relay: "
6414  "no memory for encapsulated packet.");
6415  goto exit;
6416  }
6417 
6418  if (!option_state_allocate(&enc_packet->options, MDL)) {
6419  /* should be dhcpv6_relay_forw */
6420  log_error("dhcpv6_forw_relay: "
6421  "no memory for encapsulated packet's options.");
6422  goto exit;
6423  }
6424 
6425  enc_packet->client_port = packet->client_port;
6426  enc_packet->client_addr = packet->client_addr;
6427  interface_reference(&enc_packet->interface, packet->interface, MDL);
6428  enc_packet->dhcpv6_container_packet = packet;
6429 
6430  msg_type = enc_opt_data.data[0];
6431  if ((msg_type == DHCPV6_RELAY_FORW) ||
6432  (msg_type == DHCPV6_RELAY_REPL)) {
6433  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6434  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6435  enc_packet->dhcpv6_msg_type = relay->msg_type;
6436 
6437  /* relay-specific data */
6438  enc_packet->dhcpv6_hop_count = relay->hop_count;
6439  memcpy(&enc_packet->dhcpv6_link_address,
6440  relay->link_address, sizeof(relay->link_address));
6441  memcpy(&enc_packet->dhcpv6_peer_address,
6442  relay->peer_address, sizeof(relay->peer_address));
6443 
6444  if (!parse_option_buffer(enc_packet->options,
6445  relay->options,
6446  enc_opt_data.len - relaylen,
6447  &dhcpv6_universe)) {
6448  /* no logging here, as parse_option_buffer() logs all
6449  cases where it fails */
6450  goto exit;
6451  }
6452  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6453  (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6454 #ifdef DHCP4o6
6455  if (!dhcpv4_over_dhcpv6 ||
6456  (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6457  log_error("dhcpv6_relay_forw: "
6458  "unsupported %s message type.",
6459  dhcpv6_type_names[msg_type]);
6460  goto exit;
6461  }
6462  forw_dhcpv4_query(packet);
6463  goto exit;
6464 #else /* DHCP4o6 */
6465  log_error("dhcpv6_relay_forw: unsupported %s message type.",
6466  dhcpv6_type_names[msg_type]);
6467  goto exit;
6468 #endif /* DHCP4o6 */
6469  } else {
6470  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6471  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6472  enc_packet->dhcpv6_msg_type = msg->msg_type;
6473 
6474  /* message-specific data */
6475  memcpy(enc_packet->dhcpv6_transaction_id,
6476  msg->transaction_id,
6477  sizeof(enc_packet->dhcpv6_transaction_id));
6478 
6479  if (!parse_option_buffer(enc_packet->options,
6480  msg->options,
6481  enc_opt_data.len - msglen,
6482  &dhcpv6_universe)) {
6483  /* no logging here, as parse_option_buffer() logs all
6484  cases where it fails */
6485  goto exit;
6486  }
6487  }
6488 
6489  /*
6490  * This is recursive. It is possible to exceed maximum packet size.
6491  * XXX: This will cause the packet send to fail.
6492  */
6493  build_dhcpv6_reply(&enc_reply, enc_packet);
6494 
6495  /*
6496  * If we got no encapsulated data, then it is discarded, and
6497  * our reply-forw is also discarded.
6498  */
6499  if (enc_reply.data == NULL) {
6500  goto exit;
6501  }
6502 
6503  /*
6504  * Now we can use the reply_data buffer.
6505  * Packet header stuff all comes from the forward message.
6506  */
6507  reply = (struct dhcpv6_relay_packet *)reply_data;
6508  reply->msg_type = DHCPV6_RELAY_REPL;
6509  reply->hop_count = packet->dhcpv6_hop_count;
6510  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6511  sizeof(reply->link_address));
6512  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6513  sizeof(reply->peer_address));
6514  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6515 
6516  /*
6517  * Get the reply option state.
6518  */
6519  opt_state = NULL;
6520  if (!option_state_allocate(&opt_state, MDL)) {
6521  log_error("dhcpv6_relay_forw: no memory for option state.");
6522  goto exit;
6523  }
6524 
6525  /*
6526  * Append the interface-id if present.
6527  */
6528  oc = lookup_option(&dhcpv6_universe, packet->options,
6530  if (oc != NULL) {
6531  if (!evaluate_option_cache(&a_opt, packet,
6532  NULL, NULL,
6533  packet->options, NULL,
6534  &global_scope, oc, MDL)) {
6535  log_error("dhcpv6_relay_forw: error evaluating "
6536  "Interface ID.");
6537  goto exit;
6538  }
6539  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6540  (unsigned char *)a_opt.data,
6541  a_opt.len,
6542  D6O_INTERFACE_ID, 0)) {
6543  log_error("dhcpv6_relay_forw: error saving "
6544  "Interface ID.");
6545  goto exit;
6546  }
6547  data_string_forget(&a_opt, MDL);
6548  }
6549 
6550  /*
6551  * Append our encapsulated stuff for caller.
6552  */
6553  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6554  (unsigned char *)enc_reply.data,
6555  enc_reply.len,
6556  D6O_RELAY_MSG, 0)) {
6557  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6558  goto exit;
6559  }
6560 
6561  /*
6562  * Get the ERO if any.
6563  */
6564  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6565  if (oc != NULL) {
6566  unsigned req;
6567  int i;
6568 
6569  if (!evaluate_option_cache(&packet_ero, packet,
6570  NULL, NULL,
6571  packet->options, NULL,
6572  &global_scope, oc, MDL) ||
6573  (packet_ero.len & 1)) {
6574  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6575  goto exit;
6576  }
6577 
6578  /* Decode and apply the ERO. */
6579  for (i = 0; i < packet_ero.len; i += 2) {
6580  req = getUShort(packet_ero.data + i);
6581  /* Already in the reply? */
6582  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6583  if (oc != NULL)
6584  continue;
6585  /* Get it from the packet if present. */
6587  packet->options,
6588  req);
6589  if (oc == NULL)
6590  continue;
6591  if (!evaluate_option_cache(&a_opt, packet,
6592  NULL, NULL,
6593  packet->options, NULL,
6594  &global_scope, oc, MDL)) {
6595  log_error("dhcpv6_relay_forw: error "
6596  "evaluating option %u.", req);
6597  goto exit;
6598  }
6600  opt_state,
6601  NULL,
6602  (unsigned char *)a_opt.data,
6603  a_opt.len,
6604  req,
6605  0)) {
6606  log_error("dhcpv6_relay_forw: error saving "
6607  "option %u.", req);
6608  goto exit;
6609  }
6610  data_string_forget(&a_opt, MDL);
6611  }
6612  }
6613 
6614  reply_ofs += store_options6(reply_data + reply_ofs,
6615  sizeof(reply_data) - reply_ofs,
6616  opt_state, packet,
6617  required_opts_agent, &packet_ero);
6618 
6619  /*
6620  * Return our reply to the caller.
6621  */
6622  reply_ret->len = reply_ofs;
6623  reply_ret->buffer = NULL;
6624  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6625  log_fatal("No memory to store reply.");
6626  }
6627  reply_ret->data = reply_ret->buffer->data;
6628  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6629 
6630 exit:
6631  if (opt_state != NULL)
6632  option_state_dereference(&opt_state, MDL);
6633  if (a_opt.data != NULL) {
6634  data_string_forget(&a_opt, MDL);
6635  }
6636  if (packet_ero.data != NULL) {
6637  data_string_forget(&packet_ero, MDL);
6638  }
6639  if (enc_reply.data != NULL) {
6640  data_string_forget(&enc_reply, MDL);
6641  }
6642  if (enc_opt_data.data != NULL) {
6643  data_string_forget(&enc_opt_data, MDL);
6644  }
6645  if (enc_packet != NULL) {
6646  packet_dereference(&enc_packet, MDL);
6647  }
6648 }
6649 
6650 #ifdef DHCP4o6
6651 /* \brief Internal processing of a relayed DHCPv4-query
6652  * (DHCPv4 server side)
6653  *
6654  * Code copied from \ref dhcpv6_relay_forw() which itself is
6655  * from \ref do_packet6().
6656  *
6657  * \param reply_ret pointer to the response
6658  * \param packet the query
6659  */
6660 static void
6661 dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6662  struct option_cache *oc;
6663  struct data_string enc_opt_data;
6664  struct packet *enc_packet;
6665  unsigned char msg_type;
6666  const struct dhcpv6_relay_packet *relay;
6667  const struct dhcpv4_over_dhcpv6_packet *msg;
6668  struct data_string enc_reply;
6669  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6670  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6671  struct data_string a_opt, packet_ero;
6672  struct option_state *opt_state;
6673  static char reply_data[65536];
6674  struct dhcpv6_relay_packet *reply;
6675  int reply_ofs;
6676 
6677  /*
6678  * Initialize variables for early exit.
6679  */
6680  opt_state = NULL;
6681  memset(&a_opt, 0, sizeof(a_opt));
6682  memset(&packet_ero, 0, sizeof(packet_ero));
6683  memset(&enc_reply, 0, sizeof(enc_reply));
6684  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6685  enc_packet = NULL;
6686 
6687  /*
6688  * Get our encapsulated relay message.
6689  */
6691  if (oc == NULL) {
6692  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6693  link_addr, sizeof(link_addr));
6694  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6695  peer_addr, sizeof(peer_addr));
6696  log_info("Relay-forward from %s with link address=%s and "
6697  "peer address=%s missing Relay Message option.",
6698  piaddr(packet->client_addr), link_addr, peer_addr);
6699  goto exit;
6700  }
6701 
6702  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6703  NULL, NULL, &global_scope, oc, MDL)) {
6704  log_error("dhcp4o6_relay_forw: error evaluating "
6705  "relayed message.");
6706  goto exit;
6707  }
6708 
6709  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6710  log_error("dhcp4o6_relay_forw: "
6711  "encapsulated packet too short.");
6712  goto exit;
6713  }
6714 
6715  /*
6716  * Build a packet structure from this encapsulated packet.
6717  */
6718  if (!packet_allocate(&enc_packet, MDL)) {
6719  log_error("dhcp4o6_relay_forw: "
6720  "no memory for encapsulated packet.");
6721  goto exit;
6722  }
6723 
6724  if (!option_state_allocate(&enc_packet->options, MDL)) {
6725  log_error("dhcp4o6_relay_forw: "
6726  "no memory for encapsulated packet's options.");
6727  goto exit;
6728  }
6729 
6730  enc_packet->client_port = packet->client_port;
6731  enc_packet->client_addr = packet->client_addr;
6732  interface_reference(&enc_packet->interface, packet->interface, MDL);
6733  enc_packet->dhcpv6_container_packet = packet;
6734 
6735  msg_type = enc_opt_data.data[0];
6736  if ((msg_type == DHCPV6_RELAY_FORW) ||
6737  (msg_type == DHCPV6_RELAY_REPL)) {
6738  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6739  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6740  enc_packet->dhcpv6_msg_type = relay->msg_type;
6741 
6742  /* relay-specific data */
6743  enc_packet->dhcpv6_hop_count = relay->hop_count;
6744  memcpy(&enc_packet->dhcpv6_link_address,
6745  relay->link_address, sizeof(relay->link_address));
6746  memcpy(&enc_packet->dhcpv6_peer_address,
6747  relay->peer_address, sizeof(relay->peer_address));
6748 
6749  if (!parse_option_buffer(enc_packet->options,
6750  relay->options,
6751  enc_opt_data.len - relaylen,
6752  &dhcpv6_universe)) {
6753  /* no logging here, as parse_option_buffer() logs all
6754  cases where it fails */
6755  goto exit;
6756  }
6757  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6758  (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
6759  int msglen =
6760  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
6761  msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
6762  enc_packet->dhcpv6_msg_type = msg->msg_type;
6763 
6764  /* message-specific data */
6765  memcpy(enc_packet->dhcp4o6_flags,
6766  msg->flags,
6767  sizeof(enc_packet->dhcp4o6_flags));
6768 
6769  if (!parse_option_buffer(enc_packet->options,
6770  msg->options,
6771  enc_opt_data.len - msglen,
6772  &dhcpv6_universe)) {
6773  /* no logging here, as parse_option_buffer() logs all
6774  cases where it fails */
6775  goto exit;
6776  }
6777  } else {
6778  log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
6779  (int)msg_type);
6780  goto exit;
6781  }
6782 
6783  /*
6784  * This is recursive. It is possible to exceed maximum packet size.
6785  * XXX: This will cause the packet send to fail.
6786  */
6787  build_dhcpv6_reply(&enc_reply, enc_packet);
6788 
6789  /*
6790  * If we got no encapsulated data, then it is discarded, and
6791  * our reply-forw is also discarded.
6792  */
6793  if (enc_reply.data == NULL) {
6794  goto exit;
6795  }
6796 
6797  /*
6798  * Now we can use the reply_data buffer.
6799  * Packet header stuff all comes from the forward message.
6800  */
6801  reply = (struct dhcpv6_relay_packet *)reply_data;
6802  reply->msg_type = DHCPV6_RELAY_REPL;
6803  reply->hop_count = packet->dhcpv6_hop_count;
6804  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6805  sizeof(reply->link_address));
6806  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6807  sizeof(reply->peer_address));
6808  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6809 
6810  /*
6811  * Get the reply option state.
6812  */
6813  if (!option_state_allocate(&opt_state, MDL)) {
6814  log_error("dhcp4o6_relay_forw: no memory for option state.");
6815  goto exit;
6816  }
6817 
6818  /*
6819  * Append the interface-id if present.
6820  */
6821  oc = lookup_option(&dhcpv6_universe, packet->options,
6823  if (oc != NULL) {
6824  if (!evaluate_option_cache(&a_opt, packet,
6825  NULL, NULL,
6826  packet->options, NULL,
6827  &global_scope, oc, MDL)) {
6828  log_error("dhcp4o6_relay_forw: error evaluating "
6829  "Interface ID.");
6830  goto exit;
6831  }
6832  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6833  (unsigned char *)a_opt.data,
6834  a_opt.len,
6835  D6O_INTERFACE_ID, 0)) {
6836  log_error("dhcp4o6_relay_forw: error saving "
6837  "Interface ID.");
6838  goto exit;
6839  }
6840  data_string_forget(&a_opt, MDL);
6841  }
6842 
6843  /*
6844  * Append our encapsulated stuff for caller.
6845  */
6846  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6847  (unsigned char *)enc_reply.data,
6848  enc_reply.len,
6849  D6O_RELAY_MSG, 0)) {
6850  log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
6851  goto exit;
6852  }
6853 
6854  /*
6855  * Get the ERO if any.
6856  */
6857  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6858  if (oc != NULL) {
6859  unsigned req;
6860  int i;
6861 
6862  if (!evaluate_option_cache(&packet_ero, packet,
6863  NULL, NULL,
6864  packet->options, NULL,
6865  &global_scope, oc, MDL) ||
6866  (packet_ero.len & 1)) {
6867  log_error("dhcp4o6_relay_forw: error evaluating ERO.");
6868  goto exit;
6869  }
6870 
6871  /* Decode and apply the ERO. */
6872  for (i = 0; i < packet_ero.len; i += 2) {
6873  req = getUShort(packet_ero.data + i);
6874  /* Already in the reply? */
6875  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6876  if (oc != NULL)
6877  continue;
6878  /* Get it from the packet if present. */
6880  packet->options,
6881  req);
6882  if (oc == NULL)
6883  continue;
6884  if (!evaluate_option_cache(&a_opt, packet,
6885  NULL, NULL,
6886  packet->options, NULL,
6887  &global_scope, oc, MDL)) {
6888  log_error("dhcp4o6_relay_forw: error "
6889  "evaluating option %u.", req);
6890  goto exit;
6891  }
6893  opt_state,
6894  NULL,
6895  (unsigned char *)a_opt.data,
6896  a_opt.len,
6897  req,
6898  0)) {
6899  log_error("dhcp4o6_relay_forw: error saving "
6900  "option %u.", req);
6901  goto exit;
6902  }
6903  data_string_forget(&a_opt, MDL);
6904  }
6905  }
6906 
6907  reply_ofs += store_options6(reply_data + reply_ofs,
6908  sizeof(reply_data) - reply_ofs,
6909  opt_state, packet,
6910  required_opts_agent, &packet_ero);
6911 
6912  /*
6913  * Return our reply to the caller.
6914  */
6915  reply_ret->len = reply_ofs;
6916  reply_ret->buffer = NULL;
6917  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6918  log_fatal("No memory to store reply.");
6919  }
6920  reply_ret->data = reply_ret->buffer->data;
6921  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6922 
6923 exit:
6924  if (opt_state != NULL)
6925  option_state_dereference(&opt_state, MDL);
6926  if (a_opt.data != NULL) {
6927  data_string_forget(&a_opt, MDL);
6928  }
6929  if (packet_ero.data != NULL) {
6930  data_string_forget(&packet_ero, MDL);
6931  }
6932  if (enc_reply.data != NULL) {
6933  data_string_forget(&enc_reply, MDL);
6934  }
6935  if (enc_opt_data.data != NULL) {
6936  data_string_forget(&enc_opt_data, MDL);
6937  }
6938  if (enc_packet != NULL) {
6939  packet_dereference(&enc_packet, MDL);
6940  }
6941 }
6942 
6943 /*
6944  * \brief Internal processing of a DHCPv4-query
6945  * (DHCPv4 server function)
6946  *
6947  * Code copied from \ref do_packet().
6948  *
6949  * \param reply_ret pointer to the response
6950  * \param packet the query
6951  */
6952 static void
6953 dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
6954  struct option_cache *oc;
6955  struct data_string enc_opt_data;
6956  struct packet *enc_packet;
6957  struct data_string enc_response;
6958  struct option_state *opt_state;
6959  static char response_data[65536];
6960  struct dhcpv4_over_dhcpv6_packet *response;
6961  int response_ofs;
6962 
6963  /*
6964  * Initialize variables for early exit.
6965  */
6966  opt_state = NULL;
6967  memset(&enc_response, 0, sizeof(enc_response));
6968  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6969  enc_packet = NULL;
6970 
6971  /*
6972  * Get our encapsulated relay message.
6973  */
6975  if (oc == NULL) {
6976  log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
6977  piaddr(packet->client_addr));
6978  goto exit;
6979  }
6980 
6981  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6982  NULL, NULL, &global_scope, oc, MDL)) {
6983  log_error("dhcp4o6_dhcpv4_query: error evaluating "
6984  "DHCPv4 message.");
6985  goto exit;
6986  }
6987 
6988  if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
6989  log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
6990  goto exit;
6991  }
6992 
6993  /*
6994  * Build a packet structure from this encapsulated packet.
6995  */
6996  if (!packet_allocate(&enc_packet, MDL)) {
6997  log_error("dhcp4o6_dhcpv4_query: "
6998  "no memory for encapsulated packet.");
6999  goto exit;
7000  }
7001 
7002  enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7003  enc_packet->packet_length = enc_opt_data.len;
7004  enc_packet->dhcp4o6_response = &enc_response;
7005  enc_packet->client_port = packet->client_port;
7006  enc_packet->client_addr = packet->client_addr;
7007  interface_reference(&enc_packet->interface, packet->interface, MDL);
7008  enc_packet->dhcpv6_container_packet = packet;
7009  if (packet->dhcp4o6_flags[0] & DHCP4O6_QUERY_UNICAST)
7010  enc_packet->unicast = 1;
7011 
7012  if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7013  log_info("dhcp4o6_dhcpv4_query: "
7014  "discarding packet with bogus hlen.");
7015  goto exit;
7016  }
7017 
7018  /* Allocate packet->options now so it is non-null for all packets */
7019  if (!option_state_allocate (&enc_packet->options, MDL)) {
7020  log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7021  goto exit;
7022  }
7023 
7024  /* If there's an option buffer, try to parse it. */
7025  if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7026  struct option_cache *op;
7027  if (!parse_options(enc_packet)) {
7028  if (enc_packet->options)
7030  (&enc_packet->options, MDL);
7031  packet_dereference (&enc_packet, MDL);
7032  goto exit;
7033  }
7034 
7035  if (enc_packet->options_valid &&
7037  enc_packet->options,
7039  struct data_string dp;
7040  memset(&dp, 0, sizeof dp);
7041  evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7042  enc_packet->options, NULL,
7043  NULL, op, MDL);
7044  if (dp.len > 0)
7045  enc_packet->packet_type = dp.data[0];
7046  else
7047  enc_packet->packet_type = 0;
7048  data_string_forget(&dp, MDL);
7049  }
7050  }
7051 
7052  if (validate_packet(enc_packet) != 0) {
7053  if (enc_packet->packet_type)
7054  dhcp(enc_packet);
7055  else
7056  bootp(enc_packet);
7057  }
7058 
7059  /* If the caller kept the packet, they'll have upped the refcnt. */
7060  packet_dereference(&enc_packet, MDL);
7061 
7062  /*
7063  * If we got no response data, then it is discarded, and
7064  * our DHCPv4-response is also discarded.
7065  */
7066  if (enc_response.data == NULL) {
7067  goto exit;
7068  }
7069 
7070  /*
7071  * Now we can use the response_data buffer.
7072  */
7073  response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7074  response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7075  response->flags[0] = response->flags[1] = response->flags[2] = 0;
7076  response_ofs =
7077  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7078 
7079  /*
7080  * Get the response option state.
7081  */
7082  if (!option_state_allocate(&opt_state, MDL)) {
7083  log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7084  goto exit;
7085  }
7086 
7087  /*
7088  * Append our encapsulated stuff for caller.
7089  */
7090  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7091  (unsigned char *)enc_response.data,
7092  enc_response.len,
7093  D6O_DHCPV4_MSG, 0)) {
7094  log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7095  goto exit;
7096  }
7097 
7098  response_ofs += store_options6(response_data + response_ofs,
7099  sizeof(response_data) - response_ofs,
7100  opt_state, packet,
7101  required_opts_4o6, NULL);
7102 
7103  /*
7104  * Return our response to the caller.
7105  */
7106  reply_ret->len = response_ofs;
7107  reply_ret->buffer = NULL;
7108  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7109  log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7110  }
7111  reply_ret->data = reply_ret->buffer->data;
7112  memcpy(reply_ret->buffer->data, response_data, response_ofs);
7113 
7114 exit:
7115  if (opt_state != NULL)
7116  option_state_dereference(&opt_state, MDL);
7117  if (enc_response.data != NULL) {
7118  data_string_forget(&enc_response, MDL);
7119  }
7120  if (enc_opt_data.data != NULL) {
7121  data_string_forget(&enc_opt_data, MDL);
7122  }
7123  if (enc_packet != NULL) {
7124  packet_dereference(&enc_packet, MDL);
7125  }
7126 }
7127 
7128 /*
7129  * \brief Forward a DHCPv4-query message to the DHCPv4 side
7130  * (DHCPv6 server function)
7131  *
7132  * Format: interface:16 + address:16 + DHCPv6 DHCPv4-query message
7133  *
7134  * \brief packet the DHCPv6 DHCPv4-query message
7135  */
7136 static void forw_dhcpv4_query(struct packet *packet) {
7137  struct data_string ds;
7138  unsigned len;
7139  int cc;
7140 
7141  /* Get the initial message. */
7142  while (packet->dhcpv6_container_packet != NULL)
7143  packet = packet->dhcpv6_container_packet;
7144 
7145  /* Check the initial message. */
7146  if ((packet->raw == NULL) ||
7147  (packet->client_addr.len != 16) ||
7148  (packet->interface == NULL)) {
7149  log_error("forw_dhcpv4_query: can't find initial message.");
7150  return;
7151  }
7152 
7153  /* Get a buffer. */
7154  len = packet->packet_length + 32;
7155  memset(&ds, 0, sizeof(ds));
7156  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7157  log_error("forw_dhcpv4_query: "
7158  "no memory for encapsulating packet.");
7159  return;
7160  }
7161  ds.data = ds.buffer->data;
7162  ds.len = len;
7163 
7164  /* Fill the buffer. */
7165  strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7166  memcpy(ds.buffer->data + 16,
7167  packet->client_addr.iabuf, 16);
7168  memcpy(ds.buffer->data + 32,
7169  (unsigned char *)packet->raw,
7170  packet->packet_length);
7171 
7172  /* Forward to the DHCPv4 server. */
7173  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7174  if (cc < 0)
7175  log_error("forw_dhcpv4_query: send(): %m");
7176  data_string_forget(&ds, MDL);
7177 }
7178 #endif
7179 
7180 static void
7181 dhcpv6_discard(struct packet *packet) {
7182  /* INSIST(packet->msg_type > 0); */
7183  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7184 
7185  log_debug("Discarding %s from %s; message type not handled by server",
7187  piaddr(packet->client_addr));
7188 }
7189 
7190 static void
7191 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7192  memset(reply, 0, sizeof(*reply));
7193 
7194  /* I would like to classify the client once here, but
7195  * as I don't want to classify all of the incoming packets
7196  * I need to do it before handling specific types.
7197  * We don't need to classify if we are tossing the packet
7198  * or if it is a relay - the classification step will get
7199  * done when we process the inner client packet.
7200  */
7201 
7202  switch (packet->dhcpv6_msg_type) {
7203  case DHCPV6_SOLICIT:
7204  classify_client(packet);
7205  dhcpv6_solicit(reply, packet);
7206  break;
7207  case DHCPV6_ADVERTISE:
7208  dhcpv6_discard(packet);
7209  break;
7210  case DHCPV6_REQUEST:
7211  classify_client(packet);
7212  dhcpv6_request(reply, packet);
7213  break;
7214  case DHCPV6_CONFIRM:
7215  classify_client(packet);
7216  dhcpv6_confirm(reply, packet);
7217  break;
7218  case DHCPV6_RENEW:
7219  classify_client(packet);
7220  dhcpv6_renew(reply, packet);
7221  break;
7222  case DHCPV6_REBIND:
7223  classify_client(packet);
7224  dhcpv6_rebind(reply, packet);
7225  break;
7226  case DHCPV6_REPLY:
7227  dhcpv6_discard(packet);
7228  break;
7229  case DHCPV6_RELEASE:
7230  classify_client(packet);
7231  dhcpv6_release(reply, packet);
7232  break;
7233  case DHCPV6_DECLINE:
7234  classify_client(packet);
7235  dhcpv6_decline(reply, packet);
7236  break;
7237  case DHCPV6_RECONFIGURE:
7238  dhcpv6_discard(packet);
7239  break;
7241  classify_client(packet);
7242  dhcpv6_information_request(reply, packet);
7243  break;
7244  case DHCPV6_RELAY_FORW:
7245 #ifdef DHCP4o6
7246  if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7247  dhcp4o6_relay_forw(reply, packet);
7248  else
7249 #endif /* DHCP4o6 */
7250  dhcpv6_relay_forw(reply, packet);
7251  break;
7252  case DHCPV6_RELAY_REPL:
7253  dhcpv6_discard(packet);
7254  break;
7255  case DHCPV6_LEASEQUERY:
7256  classify_client(packet);
7257  dhcpv6_leasequery(reply, packet);
7258  break;
7260  dhcpv6_discard(packet);
7261  break;
7262  case DHCPV6_DHCPV4_QUERY:
7263 #ifdef DHCP4o6
7264  if (dhcpv4_over_dhcpv6) {
7265  if (local_family == AF_INET6) {
7266  forw_dhcpv4_query(packet);
7267  } else {
7268  dhcp4o6_dhcpv4_query(reply, packet);
7269  }
7270  } else
7271 #endif /* DHCP4o6 */
7272  dhcpv6_discard(packet);
7273  break;
7275  dhcpv6_discard(packet);
7276  break;
7277  default:
7278  /* XXX: would be nice if we had "notice" level,
7279  as syslog, for this */
7280  log_info("Discarding unknown DHCPv6 message type %d "
7281  "from %s", packet->dhcpv6_msg_type,
7282  piaddr(packet->client_addr));
7283  }
7284 }
7285 
7286 static void
7287 log_packet_in(const struct packet *packet) {
7288  struct data_string s;
7289  u_int32_t tid;
7290  char tmp_addr[INET6_ADDRSTRLEN];
7291  const void *addr;
7292 
7293  memset(&s, 0, sizeof(s));
7294 
7295  if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
7296  data_string_sprintfa(&s, "%s message from %s port %d",
7298  piaddr(packet->client_addr),
7299  ntohs(packet->client_port));
7300  } else {
7302  "Unknown message type %d from %s port %d",
7303  packet->dhcpv6_msg_type,
7304  piaddr(packet->client_addr),
7305  ntohs(packet->client_port));
7306  }
7307  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7308  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7309  addr = &packet->dhcpv6_link_address;
7310  data_string_sprintfa(&s, ", link address %s",
7311  inet_ntop(AF_INET6, addr,
7312  tmp_addr, sizeof(tmp_addr)));
7313  addr = &packet->dhcpv6_peer_address;
7314  data_string_sprintfa(&s, ", peer address %s",
7315  inet_ntop(AF_INET6, addr,
7316  tmp_addr, sizeof(tmp_addr)));
7317  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7318  (packet->dhcpv6_msg_type != DHCPV6_DHCPV4_RESPONSE)) {
7319  tid = 0;
7320  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7321  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7322 
7323 /*
7324  oc = lookup_option(&dhcpv6_universe, packet->options,
7325  D6O_CLIENTID);
7326  if (oc != NULL) {
7327  memset(&tmp_ds, 0, sizeof(tmp_ds_));
7328  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7329  packet->options, NULL,
7330  &global_scope, oc, MDL)) {
7331  log_error("Error evaluating Client Identifier");
7332  } else {
7333  data_strint_sprintf(&s, ", client ID %s",
7334 
7335  data_string_forget(&tmp_ds, MDL);
7336  }
7337  }
7338 */
7339 
7340  }
7341  log_info("%s", s.data);
7342 
7343  data_string_forget(&s, MDL);
7344 }
7345 
7346 void
7347 dhcpv6(struct packet *packet) {
7348  struct data_string reply;
7349  struct sockaddr_in6 to_addr;
7350  int send_ret;
7351 
7352  /*
7353  * Log a message that we received this packet.
7354  */
7355  log_packet_in(packet);
7356 
7357  /*
7358  * Build our reply packet.
7359  */
7360  build_dhcpv6_reply(&reply, packet);
7361 
7362  if (reply.data != NULL) {
7363  /*
7364  * Send our reply, if we have one.
7365  */
7366  memset(&to_addr, 0, sizeof(to_addr));
7367  to_addr.sin6_family = AF_INET6;
7368  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7369  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7370  to_addr.sin6_port = local_port;
7371  } else {
7372  to_addr.sin6_port = remote_port;
7373  }
7374 
7375 #if defined (REPLY_TO_SOURCE_PORT)
7376  /*
7377  * This appears to have been included for testing so we would
7378  * not need a root client, but was accidently left in the
7379  * final code. We continue to include it in case
7380  * some users have come to rely upon it, but leave
7381  * it off by default as it's a bad idea.
7382  */
7383  to_addr.sin6_port = packet->client_port;
7384 #endif
7385 
7386  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7387  sizeof(to_addr.sin6_addr));
7388 
7389  log_info("Sending %s to %s port %d",
7390  dhcpv6_type_names[reply.data[0]],
7391  piaddr(packet->client_addr),
7392  ntohs(to_addr.sin6_port));
7393 
7394  send_ret = send_packet6(packet->interface,
7395  reply.data, reply.len, &to_addr);
7396  if (send_ret != reply.len) {
7397  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7398  send_ret, reply.len);
7399  }
7400  data_string_forget(&reply, MDL);
7401  }
7402 }
7403 
7404 #ifdef DHCP4o6
7405 /*
7406  * \brief Receive a DHCPv4-query message from the DHCPv6 side
7407  * (DHCPv4 server function)
7408  *
7409  * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7410  * (code copied from \ref do_packet6() \ref and dhcpv6())
7411  *
7412  * Format: interface:16 + address:16 + DHCPv6 DHCPv4-query message
7413  *
7414  * \param raw the DHCPv6 DHCPv4-query message raw content
7415  */
7416 static void recv_dhcpv4_query(struct data_string *raw) {
7417  struct interface_info *ip;
7418  char name[16 + 1];
7419  struct iaddr iaddr;
7420  struct packet *packet;
7421  unsigned char msg_type;
7422  const struct dhcpv6_relay_packet *relay;
7423  const struct dhcpv4_over_dhcpv6_packet *msg;
7424  struct data_string reply;
7425  struct data_string ds;
7426  unsigned len;
7427  int cc;
7428 
7429  memset(name, 0, sizeof(name));
7430  memcpy(name, raw->data, 16);
7431  for (ip = interfaces; ip != NULL; ip = ip->next) {
7432  if (!strcmp(name, ip->name))
7433  break;
7434  }
7435  if (ip == NULL) {
7436  log_error("recv_dhcpv4_query: can't find interface %s.",
7437  name);
7438  return;
7439  }
7440 
7441  iaddr.len = 16;
7442  memcpy(iaddr.iabuf, raw->data + 16, 16);
7443 
7444  /*
7445  * From do_packet6().
7446  */
7447 
7448  if (!packet6_len_okay((char *)raw->data + 32, raw->len - 32)) {
7449  log_error("recv_dhcpv4_query: "
7450  "short packet from %s, len %d, dropped",
7451  piaddr(iaddr), raw->len - 32);
7452  return;
7453  }
7454 
7455  /*
7456  * Build a packet structure.
7457  */
7458  packet = NULL;
7459  if (!packet_allocate(&packet, MDL)) {
7460  log_error("recv_dhcpv4_query: no memory for packet.");
7461  return;
7462  }
7463 
7464  if (!option_state_allocate(&packet->options, MDL)) {
7465  log_error("recv_dhcpv4_query: no memory for options.");
7466  packet_dereference(&packet, MDL);
7467  return;
7468  }
7469 
7470  packet->raw = (struct dhcp_packet *)(raw->data + 32);
7471  packet->packet_length = raw->len - 32;
7472  packet->client_port = remote_port;
7473  packet->client_addr = iaddr;
7474  interface_reference(&packet->interface, ip, MDL);
7475 
7476  msg_type = raw->data[32];
7477  if ((msg_type == DHCPV6_RELAY_FORW) ||
7478  (msg_type == DHCPV6_RELAY_REPL)) {
7479  int relaylen =
7480  (int)(offsetof(struct dhcpv6_relay_packet, options));
7481  relay = (const struct dhcpv6_relay_packet *)(raw->data + 32);
7482  packet->dhcpv6_msg_type = relay->msg_type;
7483 
7484  /* relay-specific data */
7485  packet->dhcpv6_hop_count = relay->hop_count;
7486  memcpy(&packet->dhcpv6_link_address,
7487  relay->link_address, sizeof(relay->link_address));
7488  memcpy(&packet->dhcpv6_peer_address,
7489  relay->peer_address, sizeof(relay->peer_address));
7490 
7491  if (!parse_option_buffer(packet->options,
7492  relay->options,
7493  raw->len - 32 - relaylen,
7494  &dhcpv6_universe)) {
7495  /* no logging here, as parse_option_buffer() logs all
7496  cases where it fails */
7497  packet_dereference(&packet, MDL);
7498  return;
7499  }
7500  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7501  (msg_type == DHCPV6_DHCPV4_RESPONSE)) {
7502  int msglen =
7503  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7504  msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 32);
7505  packet->dhcpv6_msg_type = msg->msg_type;
7506 
7507  /* message-specific data */
7508  memcpy(packet->dhcp4o6_flags, msg->flags,
7509  sizeof(packet->dhcp4o6_flags));
7510 
7511  if (!parse_option_buffer(packet->options,
7512  msg->options,
7513  raw->len - 32 - msglen,
7514  &dhcpv6_universe)) {
7515  /* no logging here, as parse_option_buffer() logs all
7516  cases where it fails */
7517  packet_dereference(&packet, MDL);
7518  return;
7519  }
7520  } else {
7521  log_error("recv_dhcpv4_query: unexpected message of type %d.",
7522  (int)msg_type);
7523  packet_dereference(&packet, MDL);
7524  return;
7525  }
7526 
7527  /*
7528  * From dhcpv6().
7529  */
7530 
7531  /*
7532  * Log a message that we received this packet.
7533  */
7534  /* log_packet_in(packet); */
7535  memset(&ds, 0, sizeof(ds));
7536  if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
7537  data_string_sprintfa(&ds, "%s message from %s",
7539  piaddr(packet->client_addr));
7540  } else {
7542  "Unknown message type %d from %s",
7543  packet->dhcpv6_msg_type,
7544  piaddr(packet->client_addr));
7545  }
7546  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
7547  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
7548  char tmp_addr[INET6_ADDRSTRLEN];
7549  const void *addr;
7550 
7551  addr = &packet->dhcpv6_link_address;
7552  data_string_sprintfa(&ds, ", link address %s",
7553  inet_ntop(AF_INET6, addr,
7554  tmp_addr, sizeof(tmp_addr)));
7555  addr = &packet->dhcpv6_peer_address;
7556  data_string_sprintfa(&ds, ", peer address %s",
7557  inet_ntop(AF_INET6, addr,
7558  tmp_addr, sizeof(tmp_addr)));
7559  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7560  (packet->dhcpv6_msg_type != DHCPV6_DHCPV4_RESPONSE)) {
7561  u_int32_t tid = 0;
7562 
7563  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7564  data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7565  }
7566  log_info("%s", ds.data);
7567  data_string_forget(&ds, MDL);
7568 
7569  /*
7570  * Build our reply packet.
7571  */
7572  build_dhcpv6_reply(&reply, packet);
7573 
7574  packet_dereference(&packet, MDL);
7575 
7576  if (reply.data == NULL)
7577  return;
7578 
7579  /*
7580  * Forward the response.
7581  */
7582  len = reply.len + 32;
7583  memset(&ds, 0, sizeof(ds));
7584  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7585  log_error("recv_dhcpv4_query: no memory.");
7586  return;
7587  }
7588  ds.data = ds.buffer->data;
7589  ds.len = len;
7590 
7591  memcpy(ds.buffer->data, name, 16);
7592  memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7593  memcpy(ds.buffer->data + 32, reply.data, reply.len);
7594  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7595  if (cc < 0)
7596  log_error("recv_dhcpv4_query: send(): %m");
7597  data_string_forget(&ds, MDL);
7598 }
7599 #endif /* DHCP4o6 */
7600 
7601 static void
7602 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
7603  struct host_decl *nofixed = NULL;
7604  struct host_decl *seek, *hold = NULL;
7605 
7606  /*
7607  * Seek forward through fixed addresses for the right link.
7608  *
7609  * Note: how to do this for fixed prefixes???
7610  */
7611  host_reference(&hold, *hp, MDL);
7612  host_dereference(hp, MDL);
7613  seek = hold;
7614  while (seek != NULL) {
7615  if (seek->fixed_addr == NULL)
7616  nofixed = seek;
7617  else if (fixed_matches_shared(seek, shared))
7618  break;
7619 
7620  seek = seek->n_ipaddr;
7621  }
7622 
7623  if ((seek == NULL) && (nofixed != NULL))
7624  seek = nofixed;
7625 
7626  if (seek != NULL)
7627  host_reference(hp, seek, MDL);
7628 }
7629 
7630 static isc_boolean_t
7631 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
7632  struct subnet *subnet;
7633  struct data_string addr;
7634  isc_boolean_t matched;
7635  struct iaddr fixed;
7636 
7637  if (host->fixed_addr == NULL)
7638  return ISC_FALSE;
7639 
7640  memset(&addr, 0, sizeof(addr));
7641  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
7642  &global_scope, host->fixed_addr, MDL))
7643  return ISC_FALSE;
7644 
7645  if (addr.len < 16) {
7646  data_string_forget(&addr, MDL);
7647  return ISC_FALSE;
7648  }
7649 
7650  fixed.len = 16;
7651  memcpy(fixed.iabuf, addr.data, 16);
7652 
7653  matched = ISC_FALSE;
7654  for (subnet = shared->subnets ; subnet != NULL ;
7655  subnet = subnet->next_sibling) {
7656  if (addr_eq(subnet_number(fixed, subnet->netmask),
7657  subnet->net)) {
7658  matched = ISC_TRUE;
7659  break;
7660  }
7661  }
7662 
7663  data_string_forget(&addr, MDL);
7664  return matched;
7665 }
7666 
7683 void
7684 unicast_reject(struct data_string *reply_ret,
7685  struct packet *packet,
7686  const struct data_string *client_id,
7687  const struct data_string *server_id)
7688 {
7689  struct reply_state reply;
7690  memset(&reply, 0x0, sizeof(struct reply_state));
7691 
7692  /* Locate the client. */
7693  if (shared_network_from_packet6(&reply.shared, packet)
7694  != ISC_R_SUCCESS) {
7695  log_error("unicast_reject: could not locate client.");
7696  return;
7697  }
7698 
7699  /* Initialize the reply. */
7700  packet_reference(&reply.packet, packet, MDL);
7701  data_string_copy(&reply.client_id, client_id, MDL);
7702 
7703  if (start_reply(packet, client_id, server_id, &reply.opt_state,
7704  &reply.buf.reply)) {
7705  /* Set the UseMulticast status code. */
7706  if (!set_status_code(STATUS_UseMulticast,
7707  "Unicast not allowed by server.",
7708  reply.opt_state)) {
7709  log_error("unicast_reject: Unable to set status code.");
7710  } else {
7711  /* Set write cursor to just past the reply header. */
7712  reply.cursor = REPLY_OPTIONS_INDEX;
7713  reply.cursor += store_options6(((char *)reply.buf.data
7714  + reply.cursor),
7715  (sizeof(reply.buf)
7716  - reply.cursor),
7717  reply.opt_state,
7718  reply.packet,
7719  unicast_reject_opts,
7720  NULL);
7721 
7722  /* Return our reply to the caller. */
7723  reply_ret->len = reply.cursor;
7724  reply_ret->buffer = NULL;
7725  if (!buffer_allocate(&reply_ret->buffer,
7726  reply.cursor, MDL)) {
7727  log_fatal("unicast_reject:"
7728  "No memory to store Reply.");
7729  }
7730 
7731  memcpy(reply_ret->buffer->data, reply.buf.data,
7732  reply.cursor);
7733  reply_ret->data = reply_ret->buffer->data;
7734  }
7735 
7736  }
7737 
7738  /* Cleanup. */
7739  if (reply.shared != NULL)
7740  shared_network_dereference(&reply.shared, MDL);
7741  if (reply.opt_state != NULL)
7742  option_state_dereference(&reply.opt_state, MDL);
7743  if (reply.packet != NULL)
7744  packet_dereference(&reply.packet, MDL);
7745  if (reply.client_id.data != NULL)
7746  data_string_forget(&reply.client_id, MDL);
7747 }
7748 
7767 isc_boolean_t
7768 is_unicast_option_defined(struct packet *packet) {
7769  isc_boolean_t is_defined = ISC_FALSE;
7770  struct option_state *opt_state = NULL;
7771  struct option_cache *oc = NULL;
7772  struct shared_network *shared = NULL;
7773 
7774  if (!option_state_allocate(&opt_state, MDL)) {
7775  log_fatal("is_unicast_option_defined:"
7776  "No memory for option state.");
7777  }
7778 
7779  /* We try to map the packet to a network first by an IA_XX value.
7780  * If that fails, we try by packet source. */
7781  if (((shared_network_from_requested_addr(&shared, packet)
7782  != ISC_R_SUCCESS) &&
7783  (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
7784  || (shared == NULL)) {
7785  /* @todo what would this really mean? I think wrong network
7786  * logic will catch it */
7787  log_error("is_unicast_option_defined:"
7788  "cannot attribute packet to a network.");
7789  return (ISC_FALSE);
7790  }
7791 
7792  /* Now that we've mapped it to a network, execute statments to that
7793  * scope, looking for the unicast option. We don't care about the
7794  * value of the option, only whether or not it is defined. */
7795  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
7796  &global_scope, shared->group, NULL, NULL);
7797 
7798  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
7799  is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
7800  log_debug("is_unicast_option_defined: option found : %d", is_defined);
7801 
7802  if (shared != NULL) {
7803  shared_network_dereference(&shared, MDL);
7804  }
7805 
7806  if (opt_state != NULL) {
7807  option_state_dereference(&opt_state, MDL);
7808  }
7809 
7810  return (is_defined);
7811 }
7812 
7828 static isc_result_t
7829 shared_network_from_requested_addr (struct shared_network **shared,
7830  struct packet* packet) {
7831  struct iaddr iaddr;
7832  struct subnet* subnet = NULL;
7833  isc_result_t status = ISC_R_FAILURE;
7834 
7835  /* Try to match first IA_ address or prefix we find to a subnet. In
7836  * theory all IA_ values in a given request are supposed to be in the
7837  * same subnet so we only need to try one right? */
7838  if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
7839  && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
7840  != ISC_R_SUCCESS)
7841  && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
7842  != ISC_R_SUCCESS)) {
7843  /* we found nothing to match against */
7844  log_debug("share_network_from_request_addr: nothing to match");
7845  return (ISC_R_FAILURE);
7846  }
7847 
7848  if (!find_subnet(&subnet, iaddr, MDL)) {
7849  log_debug("shared_network_from_requested_addr:"
7850  "No subnet found for addr %s.", piaddr(iaddr));
7851  } else {
7852  status = shared_network_reference(shared,
7853  subnet->shared_network, MDL);
7854  subnet_dereference(&subnet, MDL);
7855  log_debug("shared_network_from_requested_addr:"
7856  " found shared network %s for address %s.",
7857  ((*shared)->name ? (*shared)->name : "unnamed"),
7858  piaddr(iaddr));
7859  return (status);
7860  }
7861 
7862  return (ISC_R_FAILURE);
7863 }
7864 
7883 static isc_result_t
7884 get_first_ia_addr_val (struct packet* packet, int addr_type,
7885  struct iaddr* iaddr) {
7886  struct option_cache *ia;
7887  struct option_cache *oc = NULL;
7888  struct data_string cli_enc_opt_data;
7889  struct option_state *cli_enc_opt_state;
7890  int addr_opt_offset;
7891  int addr_opt;
7892  int addr_opt_data_len;
7893  int ip_addr_offset;
7894 
7895  isc_result_t status = ISC_R_FAILURE;
7896  memset(iaddr, 0, sizeof(struct iaddr));
7897 
7898  /* Set up address type specifics */
7899  switch (addr_type) {
7900  case D6O_IA_NA:
7901  addr_opt_offset = IA_NA_OFFSET;
7902  addr_opt = D6O_IAADDR;
7903  addr_opt_data_len = 24;
7904  ip_addr_offset = 0;
7905  break;
7906  case D6O_IA_TA:
7907  addr_opt_offset = IA_TA_OFFSET;
7908  addr_opt = D6O_IAADDR;
7909  addr_opt_data_len = 24;
7910  ip_addr_offset = 0;
7911  break;
7912  case D6O_IA_PD:
7913  addr_opt_offset = IA_PD_OFFSET;
7914  addr_opt = D6O_IAPREFIX;
7915  addr_opt_data_len = 25;
7916  ip_addr_offset = 9;
7917  break;
7918  default:
7919  /* shouldn't be here */
7920  log_error ("get_first_ia_addr_val: invalid opt type %d",
7921  addr_type);
7922  return (ISC_R_FAILURE);
7923  }
7924 
7925  /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
7926  for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
7927  ia != NULL && oc == NULL; ia = ia->next) {
7928  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
7929  &cli_enc_opt_data,
7930  packet, ia, addr_opt_offset)) {
7931  log_debug ("get_first_ia_addr_val:"
7932  " couldn't unroll enclosing option");
7933  return (ISC_R_FAILURE);
7934  }
7935 
7936  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
7937  addr_opt);
7938  if (oc == NULL) {
7939  /* no address given for this IA, ignore */
7940  option_state_dereference(&cli_enc_opt_state, MDL);
7941  data_string_forget(&cli_enc_opt_data, MDL);
7942  }
7943  }
7944 
7945  /* If we found a non-blank IA_XX then extract its ip address. */
7946  if (oc != NULL) {
7947  struct data_string iaddr_str;
7948 
7949  memset(&iaddr_str, 0, sizeof(iaddr_str));
7950  if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
7951  packet->options, NULL, &global_scope,
7952  oc, MDL)) {
7953  log_error("get_first_ia_addr_val: "
7954  "error evaluating IA_XX option.");
7955  } else {
7956  if (iaddr_str.len != addr_opt_data_len) {
7957  log_error("shared_network_from_requested_addr:"
7958  " invalid length %d, expected %d",
7959  iaddr_str.len, addr_opt_data_len);
7960  } else {
7961  iaddr->len = 16;
7962  memcpy (iaddr->iabuf,
7963  iaddr_str.data + ip_addr_offset, 16);
7964  status = ISC_R_SUCCESS;
7965  }
7966  data_string_forget(&iaddr_str, MDL);
7967  }
7968 
7969  option_state_dereference(&cli_enc_opt_state, MDL);
7970  data_string_forget(&cli_enc_opt_data, MDL);
7971  }
7972 
7973  return (status);
7974 }
7975 
7976 /*
7977 * \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
7978 *
7979 * T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
7980 * options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
7981 * where these can be configured by an administrator. A value of zero tells the
7982 * client it may choose its own value.
7983 *
7984 * When those options are not defined, the values will be set to zero unless
7985 * the global option, dhcpv6-set-tee-times is enabled. When this option is
7986 * enabled the values are calculated as recommended by RFC 3315, Section 22.4:
7987 *
7988 * T1 will be set to 0.5 times the shortest preferred lifetime
7989 * in the IA_XX option. If the "shortest" preferred lifetime is
7990 * 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
7991 *
7992 * T2 will be set to 0.8 times the shortest preferred lifetime
7993 * in the IA_XX option. If the "shortest" preferred lifetime is
7994 * 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
7995 *
7996 * Note that dhcpv6-set-tee-times is intended to be transitional and will
7997 * likely be removed in 4.4.0, leaving the behavior as getting the values
7998 * either from the configured parameters (if you want zeros, define them as
7999 * zeros) or by calculating them per the RFC.
8000 *
8001 * \param reply - pointer to the reply_state structure
8002 * \param ia_cursor - offset of the beginning of the IA_XX option within the
8003 * reply's outbound data buffer
8004 */
8005 static void
8006 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8007 {
8008  struct option_cache *oc;
8009  int set_tee_times;
8010 
8011  /* Found out if calculated values are enabled. */
8012  oc = lookup_option(&server_universe, reply->opt_state,
8014  set_tee_times = (oc &&
8015  evaluate_boolean_option_cache(NULL, reply->packet,
8016  NULL, NULL,
8017  reply->packet->options,
8018  reply->opt_state,
8019  &global_scope, oc, MDL));
8020 
8021  oc = lookup_option(&dhcp_universe, reply->opt_state,
8023  if (oc != NULL) {
8024  /* dhcp-renewal-time is defined, use it */
8025  struct data_string data;
8026  memset(&data, 0x00, sizeof(data));
8027 
8028  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8029  reply->packet->options,
8030  reply->opt_state, &global_scope,
8031  oc, MDL) ||
8032  (data.len != 4)) {
8033  log_error("Invalid renewal time.");
8034  reply->renew = 0;
8035  } else {
8036  reply->renew = getULong(data.data);
8037  }
8038 
8039  if (data.data != NULL)
8041  } else if (set_tee_times) {
8042  /* Setting them is enabled so T1 is either infinite or
8043  * 0.5 * the shortest preferred lifetime in the IA_XX */
8044  reply->renew = (reply->min_prefer == 0xFFFFFFFF ? 0xFFFFFFFF
8045  : reply->min_prefer / 2);
8046  } else {
8047  /* Default is to let the client choose */
8048  reply->renew = 0;
8049  }
8050 
8051  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8052 
8053  /* Now T2. */
8054  oc = lookup_option(&dhcp_universe, reply->opt_state,
8056  if (oc != NULL) {
8057  /* dhcp-rebinding-time is defined, use it */
8058  struct data_string data;
8059  memset(&data, 0x00, sizeof(data));
8060 
8061  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8062  reply->packet->options,
8063  reply->opt_state, &global_scope,
8064  oc, MDL) ||
8065  (data.len != 4)) {
8066  log_error("Invalid rebinding time.");
8067  reply->rebind = 0;
8068  } else {
8069  reply->rebind = getULong(data.data);
8070  }
8071 
8072  if (data.data != NULL)
8074  } else if (set_tee_times) {
8075  /* Setting them is enabled so T2 is either infinite or
8076  * 0.8 * the shortest preferred lifetime in the reply */
8077  reply->rebind = (reply->min_prefer == 0xFFFFFFFF ? 0xFFFFFFFF
8078  : (reply->min_prefer / 5) * 4);
8079  } else {
8080  /* Default is to let the client choose */
8081  reply->rebind = 0;
8082  }
8083 
8084  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8085 }
8086 
8087 
8088 #endif /* DHCPv6 */
#define FTS_ABANDONED
Definition: dhcpd.h:537
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define DHCP_FIXED_NON_UDP
Definition: dhcp.h:37
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1444
struct ipv6_pond * next
Definition: dhcpd.h:1705
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:931
unsigned char peer_address[16]
Definition: dhcp6.h:241
const char int line
Definition: dhcpd.h:3717
#define D6O_IAADDR
Definition: dhcp6.h:34
struct binding_scope * global_scope
Definition: tree.c:38
#define STATUS_NoBinding
Definition: dhcp6.h:125
#define DHCPV6_RELEASE
Definition: dhcp6.h:145
struct subnet * subnets
Definition: dhcpd.h:1029
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1234
Definition: dhcpd.h:556
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:310
unsigned len
Definition: tree.h:80
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:622
isc_uint64_t num_active
Definition: dhcpd.h:1718
struct shared_network * shared_network
Definition: dhcpd.h:1346
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:579
u_int8_t hlen
Definition: dhcpd.h:489
Definition: dhcpd.h:1639
#define D6O_STATUS_CODE
Definition: dhcp6.h:42
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:414
char name[IFNAMSIZ]
Definition: dhcpd.h:1370
isc_boolean_t server_duid_isset(void)
const char * name
Definition: tree.h:42
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:242
int units
Definition: dhcpd.h:1678
int prefix_length_mode
Definition: dhcpd.c:81
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:402
#define PLM_EXACT
Definition: dhcpd.h:854
unsigned char msg_type
Definition: dhcp6.h:226
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:56
Definition: dhcpd.h:1039
struct universe server_universe
Definition: stables.c:175
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:34
#define HTYPE_RESERVED
Definition: dhcp.h:84
#define MDL
Definition: omapip.h:568
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1372
#define D6O_PREFERENCE
Definition: dhcp6.h:36
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:638
unsigned char iabuf[16]
Definition: inet.h:33
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2568
#define IA_PD_OFFSET
Definition: dhcp6.h:173
u_int8_t hlen
Definition: dhcp.h:51
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:124
const char * dhcpv6_type_names[]
Definition: tables.c:656
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:144
#define DHCPV6_REQUEST
Definition: dhcp6.h:140
int last_ipv6_pool
Definition: dhcpd.h:1715
unsigned char msg_type
Definition: dhcp6.h:250
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:147
#define IAADDR_OFFSET
Definition: dhcp6.h:176
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:759
struct group * group
Definition: dhcpd.h:1033
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:43
#define PLM_PREFER
Definition: dhcpd.h:853
struct universe dhcp_universe
int dhcpv4_over_dhcpv6
Definition: discover.c:47
#define D6O_SERVERID
Definition: dhcp6.h:31
#define STATUS_NotOnLink
Definition: dhcp6.h:126
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1339
struct option_cache * next
Definition: dhcpd.h:387
void bootp(struct packet *packet)
Definition: dhclient.c:1987
struct shared_network * shared_network
Definition: dhcpd.h:1707
#define D6O_INTERFACE_ID
Definition: dhcp6.h:47
struct option_cache * fixed_addr
Definition: dhcpd.h:950
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:238
#define DUID_LL
Definition: dhcp6.h:167
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2751
u_int32_t valid
Definition: dhcpd.h:1615
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1645
#define FTS_EXPIRED
Definition: dhcpd.h:535
struct on_star on_star
Definition: dhcpd.h:1636
int known
Definition: dhcpd.h:457
struct binding_scope * scope
Definition: dhcpd.h:1611
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1689
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:151
#define STATUS_Success
Definition: dhcp6.h:122
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:171
#define DHCPV6_DHCPV4_QUERY
Definition: dhcp6.h:157
#define D6O_DHCPV4_MSG
Definition: dhcp6.h:116
unsigned char flags[3]
Definition: dhcp6.h:251
int logged
Definition: dhcpd.h:1720
#define D6O_CLIENTID
Definition: dhcp6.h:30
struct permit * prohibit_list
Definition: dhcpd.h:1710
Definition: dhcpd.h:549
struct option_state * options
Definition: dhcpd.h:449
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:417
unsigned char link_address[16]
Definition: dhcp6.h:240
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:411
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1344
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:150
int client_port
Definition: dhcpd.h:431
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:151
#define D6O_IA_TA
Definition: dhcp6.h:33
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:117
#define PLM_MINIMUM
Definition: dhcpd.h:855
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:799
#define D6O_UNICAST
Definition: dhcp6.h:41
struct dhcp_packet * raw
Definition: dhcpd.h:406
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1597
int find_hosts6(struct host_decl **host, struct packet *packet, const struct data_string *client_id, char *file, int line)
Definition: mdb6.c:2771
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:34
#define SV_DDNS_UPDATES
Definition: dhcpd.h:736
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1422
#define D6O_IAPREFIX
Definition: dhcp6.h:55
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:562
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:184
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1622
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:1986
#define DUID_TIME_EPOCH
Definition: dhcp6.h:273
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:846
time_t hard_lifetime_end_time
Definition: dhcpd.h:1612
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2699
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:128
#define DHCPV6_DHCPV4_RESPONSE
Definition: dhcp6.h:158
unsigned char chaddr[16]
Definition: dhcp.h:60
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1053
Definition: dhcpd.h:993
#define DHCPV6_RENEW
Definition: dhcp6.h:142
int options_valid
Definition: dhcpd.h:430
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1617
struct iaddr net
Definition: dhcpd.h:1046
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:679
struct interface_info * interface
Definition: dhcpd.h:433
#define PLM_IGNORE
Definition: dhcpd.h:852
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
#define PLM_MAXIMUM
Definition: dhcpd.h:856
struct enumeration_value * values
Definition: tree.h:50
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:143
u_int16_t local_port
Definition: dhclient.c:91
Definition: dhcpd.h:405
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:830
u_int8_t plen
Definition: dhcpd.h:1609
#define cur_time
Definition: dhcpd.h:2071
Definition: ip.h:47
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:149
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2390
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:72
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:953
struct host_decl * n_ipaddr
Definition: dhcpd.h:940
#define SV_DHCPV6_SET_TEE_TIMES
Definition: dhcpd.h:803
int jumbo_range
Definition: dhcpd.h:1722
struct hardware hw_address
Definition: dhcpd.h:1348
int packet_type
Definition: dhcpd.h:409
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2348
#define IA_TA_OFFSET
Definition: dhcp6.h:172
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2570
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:4978
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1643
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1714
binding_state_t state
Definition: dhcpd.h:1610
int packet6_len_okay(const char *packet, int len)
Definition: options.c:3978
int parse_options(struct packet *packet)
Definition: options.c:47
struct interface_info * interfaces
Definition: discover.c:42
unsigned char dhcp4o6_flags[3]
Definition: dhcpd.h:425
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:1043
int validate_packet(struct packet *packet)
Definition: options.c:4324
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:166
struct group * group
Definition: dhcpd.h:1049
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2094
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:152
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:179
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1673
#define DHCP4O6_QUERY_UNICAST
Definition: dhcp6.h:254
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:931
int local_family
Definition: discover.c:55
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2414
#define FIND_POND6_PERCENT(count, percent)
Definition: dhcpd.h:3829
u_int32_t getUChar(const unsigned char *)
struct data_string * dhcp4o6_response
Definition: dhcpd.h:428
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:951
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:911
ia_hash_t * ia_pd_active
Definition: dhcpd.h:926
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1043
const int dhcpv6_type_name_max
Definition: tables.c:680
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:303
unsigned char hop_count
Definition: dhcp6.h:239
isc_uint64_t low_threshold
Definition: dhcpd.h:1721
struct interface_info * next
Definition: dhcpd.h:1345
struct universe dhcpv6_universe
Definition: tables.c:343
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1804
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2733
#define D6O_IA_NA
Definition: dhcp6.h:32
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2569
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1081
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1015
const char int
Definition: omapip.h:443
struct iaddr netmask
Definition: dhcpd.h:1047
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:260
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:139
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:798
isc_uint64_t num_abandoned
Definition: dhcpd.h:1719
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:338
#define D6O_ORO
Definition: dhcp6.h:35
struct subnet * next_sibling
Definition: dhcpd.h:1042
isc_boolean_t unicast
Definition: dhcpd.h:470
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:438
unsigned char data[1]
Definition: tree.h:63
unsigned char transaction_id[3]
Definition: dhcp6.h:227
time_t soft_lifetime_end_time
Definition: dhcpd.h:1613
struct iaddr lo_addr
Definition: inet.h:71
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:707
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:490
#define MAX_TIME
Definition: dhcpd.h:1591
#define DHCPV6_CONFIRM
Definition: dhcp6.h:141
struct iaddr client_addr
Definition: dhcpd.h:432
ipv6_pond structure
Definition: dhcpd.h:1703
isc_uint64_t num_total
Definition: dhcpd.h:1717
#define D6O_IA_PD
Definition: dhcp6.h:54
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:232
#define DUID_LLT
Definition: dhcp6.h:165
void dhcp(struct packet *packet)
Definition: dhclient.c:2020
struct iasubopt ** iasubopt
Definition: dhcpd.h:1646
int write_ia(const struct ia_xx *)
Definition: db.c:518
struct ia_xx * ia
Definition: dhcpd.h:1616
u_int16_t remote_port
Definition: dhclient.c:92
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:150
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:419
const char * file
Definition: dhcpd.h:3717
char * name
Definition: dhcpd.h:1024
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1715
struct shared_network * shared_network
Definition: dhcpd.h:1686
struct in6_addr addr
Definition: dhcpd.h:1608
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:376
struct executable_statement * on_commit
Definition: dhcpd.h:551
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:762
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:252
const unsigned char * data
Definition: tree.h:79
#define DHO_DHCP_MESSAGE_TYPE
Definition: dhcp.h:145
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2203
isc_result_t generate_new_server_duid(void)
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1323
unsigned packet_length
Definition: dhcpd.h:408
#define D6O_RELAY_MSG
Definition: dhcp6.h:38
struct permit * permit_list
Definition: dhcpd.h:1709
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:49
struct enumeration prefix_length_modes
Definition: stables.c:361
u_int16_t pool_type
Definition: dhcpd.h:1675
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:148
#define DHCPV6_DECLINE
Definition: dhcp6.h:146
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:418
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:228
void classify_client(struct packet *)
Definition: class.c:63
struct group * group
Definition: dhcpd.h:1706
#define DHCPV6_SOLICIT
Definition: dhcp6.h:138
struct buffer * buffer
Definition: tree.h:78
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:763
unsigned char options[DHCP_MAX_OPTION_LEN]
Definition: dhcp.h:63
#define STATUS_UseMulticast
Definition: dhcp6.h:127
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:422
#define FTS_ACTIVE
Definition: dhcpd.h:534
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:233