ISC DHCP  4.3.0
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2013 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 #include "trace.h"
21 
22 #ifdef DHCPv6
23 
24 /*
25  * We use print_hex_1() to output DUID values. We could actually output
26  * the DUID with more information... MAC address if using type 1 or 3,
27  * and so on. However, RFC 3315 contains Grave Warnings against actually
28  * attempting to understand a DUID.
29  */
30 
31 /*
32  * TODO: gettext() or other method of localization for the messages
33  * for status codes (and probably for log formats eventually)
34  * TODO: refactoring (simplify, simplify, simplify)
35  * TODO: support multiple shared_networks on each interface (this
36  * will allow the server to issue multiple IPv6 addresses to
37  * a single interface)
38  */
39 
40 /*
41  * DHCPv6 Reply workflow assist. A Reply packet is built by various
42  * different functions; this gives us one location where we keep state
43  * regarding a reply.
44  */
45 struct reply_state {
46  /* root level persistent state */
47  struct shared_network *shared;
48  struct host_decl *host;
49  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
50  struct option_state *opt_state;
51  struct packet *packet;
52  struct data_string client_id;
53 
54  /* IA level persistent state */
55  unsigned ia_count;
56  unsigned pd_count;
57  unsigned client_resources;
58  isc_boolean_t resources_included;
59  isc_boolean_t static_lease;
60  unsigned static_prefixes;
61  struct ia_xx *ia;
62  struct ia_xx *old_ia;
63  struct option_state *reply_ia;
64  struct data_string fixed;
65  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
66 
67  /* IAADDR/PREFIX level persistent state */
68  struct iasubopt *lease;
69 
70  /*
71  * "t1", "t2", preferred, and valid lifetimes records for calculating
72  * t1 and t2 (min/max).
73  */
74  u_int32_t renew, rebind, prefer, valid;
75 
76  /* Client-requested valid and preferred lifetimes. */
77  u_int32_t client_valid, client_prefer;
78 
79  /* Chosen values to transmit for valid and preferred lifetimes. */
80  u_int32_t send_valid, send_prefer;
81 
82  /* Preferred prefix length (-1 is any). */
83  int preflen;
84 
85  /* Index into the data field that has been consumed. */
86  unsigned cursor;
87 
88  /* Space for the on commit statements for a fixed host */
89  struct on_star on_star;
90 
91  union reply_buffer {
92  unsigned char data[65536];
93  struct dhcpv6_packet reply;
94  } buf;
95 };
96 
97 /*
98  * Prototypes local to this file.
99  */
100 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
101  struct data_string *enc_opt_data,
102  struct packet *packet,
103  struct option_cache *oc,
104  int offset);
105 static void build_dhcpv6_reply(struct data_string *, struct packet *);
106 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
107  struct packet *packet);
108 static void seek_shared_host(struct host_decl **hp,
109  struct shared_network *shared);
110 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
111  struct shared_network *shared);
112 static isc_result_t reply_process_ia_na(struct reply_state *reply,
113  struct option_cache *ia);
114 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
115  struct option_cache *ia);
116 static isc_result_t reply_process_addr(struct reply_state *reply,
117  struct option_cache *addr);
118 static isc_boolean_t address_is_owned(struct reply_state *reply,
119  struct iaddr *addr);
120 static isc_boolean_t temporary_is_available(struct reply_state *reply,
121  struct iaddr *addr);
122 static isc_result_t find_client_temporaries(struct reply_state *reply);
123 static isc_result_t reply_process_try_addr(struct reply_state *reply,
124  struct iaddr *addr);
125 static isc_result_t find_client_address(struct reply_state *reply);
126 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
127  struct binding_scope **scope,
128  struct group *group);
129 static isc_result_t reply_process_send_addr(struct reply_state *reply,
130  struct iaddr *addr);
131 static struct iasubopt *lease_compare(struct iasubopt *alpha,
132  struct iasubopt *beta);
133 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
134  struct option_cache *ia_pd);
135 static isc_result_t reply_process_prefix(struct reply_state *reply,
136  struct option_cache *pref);
137 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
138  struct iaddrcidrnet *pref);
139 static isc_result_t find_client_prefix(struct reply_state *reply);
140 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
141  struct iaddrcidrnet *pref);
142 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
143  struct binding_scope **scope,
144  struct group *group);
145 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
146  struct iaddrcidrnet *pref);
147 static struct iasubopt *prefix_compare(struct reply_state *reply,
148  struct iasubopt *alpha,
149  struct iasubopt *beta);
150 static int find_hosts_by_duid_chaddr(struct host_decl **host,
151  const struct data_string *client_id);
152 /*
153  * This function returns the time since DUID time start for the
154  * given time_t value.
155  */
156 static u_int32_t
157 duid_time(time_t when) {
158  /*
159  * This time is modulo 2^32.
160  */
161  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
162  /* use 2^31 to avoid spurious compiler warnings */
163  when -= 2147483648u;
164  when -= 2147483648u;
165  }
166 
167  return when - DUID_TIME_EPOCH;
168 }
169 
170 
171 /*
172  * Server DUID.
173  *
174  * This must remain the same for the lifetime of this server, because
175  * clients return the server DUID that we sent them in Request packets.
176  *
177  * We pick the server DUID like this:
178  *
179  * 1. Check dhcpd.conf - any value the administrator has configured
180  * overrides any possible values.
181  * 2. Check the leases.txt - we want to use the previous value if
182  * possible.
183  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
184  * and generate that type.
185  * 4. Generate a type 1 (time + hardware address) DUID.
186  */
187 static struct data_string server_duid;
188 
189 /*
190  * Check if the server_duid has been set.
191  */
192 isc_boolean_t
193 server_duid_isset(void) {
194  return (server_duid.data != NULL);
195 }
196 
197 /*
198  * Return the server_duid.
199  */
200 void
201 copy_server_duid(struct data_string *ds, const char *file, int line) {
202  data_string_copy(ds, &server_duid, file, line);
203 }
204 
205 /*
206  * Set the server DUID to a specified value. This is used when
207  * the server DUID is stored in persistent memory (basically the
208  * leases.txt file).
209  */
210 void
211 set_server_duid(struct data_string *new_duid) {
212  /* INSIST(new_duid != NULL); */
213  /* INSIST(new_duid->data != NULL); */
214 
215  if (server_duid_isset()) {
216  data_string_forget(&server_duid, MDL);
217  }
218  data_string_copy(&server_duid, new_duid, MDL);
219 }
220 
221 
222 /*
223  * Set the server DUID based on the D6O_SERVERID option. This handles
224  * the case where the administrator explicitly put it in the dhcpd.conf
225  * file.
226  */
227 isc_result_t
229  struct option_state *opt_state;
230  struct option_cache *oc;
231  struct data_string option_duid;
232  isc_result_t ret_val;
233 
234  opt_state = NULL;
235  if (!option_state_allocate(&opt_state, MDL)) {
236  log_fatal("No memory for server DUID.");
237  }
238 
239  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
240  opt_state, &global_scope, root_group,
241  NULL, NULL);
242 
243  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
244  if (oc == NULL) {
245  ret_val = ISC_R_NOTFOUND;
246  } else {
247  memset(&option_duid, 0, sizeof(option_duid));
248  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
249  opt_state, NULL, &global_scope,
250  oc, MDL)) {
251  ret_val = ISC_R_UNEXPECTED;
252  } else {
253  set_server_duid(&option_duid);
254  data_string_forget(&option_duid, MDL);
255  ret_val = ISC_R_SUCCESS;
256  }
257  }
258 
259  option_state_dereference(&opt_state, MDL);
260 
261  return ret_val;
262 }
263 
264 /*
265  * DUID layout, as defined in RFC 3315, section 9.
266  *
267  * We support type 1 (hardware address plus time) and type 3 (hardware
268  * address).
269  *
270  * We can support type 2 for specific vendors in the future, if they
271  * publish the specification. And of course there may be additional
272  * types later.
273  */
274 static int server_duid_type = DUID_LLT;
275 
276 /*
277  * Set the DUID type.
278  */
279 void
280 set_server_duid_type(int type) {
281  server_duid_type = type;
282 }
283 
284 /*
285  * Generate a new server DUID. This is done if there was no DUID in
286  * the leases.txt or in the dhcpd.conf file.
287  */
288 isc_result_t
290  struct interface_info *p;
291  u_int32_t time_val;
292  struct data_string generated_duid;
293 
294  /*
295  * Verify we have a type that we support.
296  */
297  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
298  log_error("Invalid DUID type %d specified, "
299  "only LL and LLT types supported", server_duid_type);
300  return DHCP_R_INVALIDARG;
301  }
302 
303  /*
304  * Find an interface with a hardware address.
305  * Any will do. :)
306  */
307  for (p = interfaces; p != NULL; p = p->next) {
308  if (p->hw_address.hlen > 0) {
309  break;
310  }
311  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
312  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
313  }
314  }
315  if (p == NULL) {
316  return ISC_R_UNEXPECTED;
317  }
318 
319  /*
320  * Build our DUID.
321  */
322  memset(&generated_duid, 0, sizeof(generated_duid));
323  if (server_duid_type == DUID_LLT) {
324  time_val = duid_time(time(NULL));
325  generated_duid.len = 8 + p->hw_address.hlen - 1;
326  if (!buffer_allocate(&generated_duid.buffer,
327  generated_duid.len, MDL)) {
328  log_fatal("No memory for server DUID.");
329  }
330  generated_duid.data = generated_duid.buffer->data;
331  putUShort(generated_duid.buffer->data, DUID_LLT);
332  putUShort(generated_duid.buffer->data + 2,
333  p->hw_address.hbuf[0]);
334  putULong(generated_duid.buffer->data + 4, time_val);
335  memcpy(generated_duid.buffer->data + 8,
336  p->hw_address.hbuf+1, p->hw_address.hlen-1);
337  } else if (server_duid_type == DUID_LL) {
338  generated_duid.len = 4 + p->hw_address.hlen - 1;
339  if (!buffer_allocate(&generated_duid.buffer,
340  generated_duid.len, MDL)) {
341  log_fatal("No memory for server DUID.");
342  }
343  generated_duid.data = generated_duid.buffer->data;
344  putUShort(generated_duid.buffer->data, DUID_LL);
345  putUShort(generated_duid.buffer->data + 2,
346  p->hw_address.hbuf[0]);
347  memcpy(generated_duid.buffer->data + 4,
348  p->hw_address.hbuf+1, p->hw_address.hlen-1);
349  } else {
350  log_fatal("Unsupported server DUID type %d.", server_duid_type);
351  }
352 
353  set_server_duid(&generated_duid);
354  data_string_forget(&generated_duid, MDL);
355 
356  return ISC_R_SUCCESS;
357 }
358 
359 /*
360  * Is the D6O_UNICAST option defined in dhcpd.conf ?
361  */
362 static isc_boolean_t unicast_option_defined;
363 
364 /*
365  * Did we already search dhcpd.conf for D6O_UNICAST option ?
366  * We need to store it here to not parse dhcpd.conf repeatedly.
367  */
368 static isc_boolean_t unicast_option_parsed = ISC_FALSE;
369 
370 
371 /*
372  * Is the D6O_UNICAST option defined in dhcpd.conf ?
373  */
374 isc_boolean_t
375 is_unicast_option_defined(void) {
376  struct option_state *opt_state;
377  struct option_cache *oc;
378 
379  /*
380  * If we are looking for the unicast option for the first time
381  */
382  if (unicast_option_parsed == ISC_FALSE) {
383  unicast_option_parsed = ISC_TRUE;
384  opt_state = NULL;
385  if (!option_state_allocate(&opt_state, MDL)) {
386  log_fatal("No memory for option state.");
387  }
388 
389  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
390  opt_state, &global_scope, root_group, NULL, NULL);
391 
392  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
393  unicast_option_defined = (oc != NULL);
394 
395  option_state_dereference(&opt_state, MDL);
396  }
397 
398  return (unicast_option_defined);
399 }
400 
401 /*
402  * Get the client identifier from the packet.
403  */
404 isc_result_t
405 get_client_id(struct packet *packet, struct data_string *client_id) {
406  struct option_cache *oc;
407 
408  /*
409  * Verify our client_id structure is empty.
410  */
411  if ((client_id->data != NULL) || (client_id->len != 0)) {
412  return DHCP_R_INVALIDARG;
413  }
414 
416  if (oc == NULL) {
417  return ISC_R_NOTFOUND;
418  }
419 
420  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
421  packet->options, NULL,
422  &global_scope, oc, MDL)) {
423  return ISC_R_FAILURE;
424  }
425 
426  return ISC_R_SUCCESS;
427 }
428 
429 /*
430  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
431  *
432  * Servers MUST discard any Solicit messages that do not include a
433  * Client Identifier option or that do include a Server Identifier
434  * option.
435  */
436 int
437 valid_client_msg(struct packet *packet, struct data_string *client_id) {
438  int ret_val;
439  struct option_cache *oc;
440  struct data_string data;
441 
442  ret_val = 0;
443  memset(client_id, 0, sizeof(*client_id));
444  memset(&data, 0, sizeof(data));
445 
446  switch (get_client_id(packet, client_id)) {
447  case ISC_R_SUCCESS:
448  break;
449  case ISC_R_NOTFOUND:
450  log_debug("Discarding %s from %s; "
451  "client identifier missing",
453  piaddr(packet->client_addr));
454  goto exit;
455  default:
456  log_error("Error processing %s from %s; "
457  "unable to evaluate Client Identifier",
459  piaddr(packet->client_addr));
460  goto exit;
461  }
462 
463  /*
464  * Required by RFC 3315, section 15.
465  */
466  if (packet->unicast) {
467  log_debug("Discarding %s from %s; packet sent unicast "
468  "(CLIENTID %s)",
470  piaddr(packet->client_addr),
471  print_hex_1(client_id->len, client_id->data, 60));
472  goto exit;
473  }
474 
475 
477  if (oc != NULL) {
478  if (evaluate_option_cache(&data, packet, NULL, NULL,
479  packet->options, NULL,
480  &global_scope, oc, MDL)) {
481  log_debug("Discarding %s from %s; "
482  "server identifier found "
483  "(CLIENTID %s, SERVERID %s)",
485  piaddr(packet->client_addr),
486  print_hex_1(client_id->len,
487  client_id->data, 60),
488  print_hex_2(data.len,
489  data.data, 60));
490  } else {
491  log_debug("Discarding %s from %s; "
492  "server identifier found "
493  "(CLIENTID %s)",
495  print_hex_1(client_id->len,
496  client_id->data, 60),
497  piaddr(packet->client_addr));
498  }
499  goto exit;
500  }
501 
502  /* looks good */
503  ret_val = 1;
504 
505 exit:
506  if (data.len > 0) {
508  }
509  if (!ret_val) {
510  if (client_id->len > 0) {
511  data_string_forget(client_id, MDL);
512  }
513  }
514  return ret_val;
515 }
516 
517 /*
518  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
519  * 15.9 (slightly different wording, but same meaning):
520  *
521  * Servers MUST discard any received Request message that meet any of
522  * the following conditions:
523  *
524  * - the message does not include a Server Identifier option.
525  * - the contents of the Server Identifier option do not match the
526  * server's DUID.
527  * - the message does not include a Client Identifier option.
528  */
529 int
530 valid_client_resp(struct packet *packet,
531  struct data_string *client_id,
532  struct data_string *server_id)
533 {
534  int ret_val;
535  struct option_cache *oc;
536 
537  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
538 
539  ret_val = 0;
540  memset(client_id, 0, sizeof(*client_id));
541  memset(server_id, 0, sizeof(*server_id));
542 
543  switch (get_client_id(packet, client_id)) {
544  case ISC_R_SUCCESS:
545  break;
546  case ISC_R_NOTFOUND:
547  log_debug("Discarding %s from %s; "
548  "client identifier missing",
550  piaddr(packet->client_addr));
551  goto exit;
552  default:
553  log_error("Error processing %s from %s; "
554  "unable to evaluate Client Identifier",
556  piaddr(packet->client_addr));
557  goto exit;
558  }
559 
561  if (oc == NULL) {
562  log_debug("Discarding %s from %s: "
563  "server identifier missing (CLIENTID %s)",
565  piaddr(packet->client_addr),
566  print_hex_1(client_id->len, client_id->data, 60));
567  goto exit;
568  }
569  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
570  packet->options, NULL,
571  &global_scope, oc, MDL)) {
572  log_error("Error processing %s from %s; "
573  "unable to evaluate Server Identifier (CLIENTID %s)",
575  piaddr(packet->client_addr),
576  print_hex_1(client_id->len, client_id->data, 60));
577  goto exit;
578  }
579  if ((server_duid.len != server_id->len) ||
580  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
581  log_debug("Discarding %s from %s; "
582  "not our server identifier "
583  "(CLIENTID %s, SERVERID %s, server DUID %s)",
585  piaddr(packet->client_addr),
586  print_hex_1(client_id->len, client_id->data, 60),
587  print_hex_2(server_id->len, server_id->data, 60),
588  print_hex_3(server_duid.len, server_duid.data, 60));
589  goto exit;
590  }
591 
592  /* looks good */
593  ret_val = 1;
594 
595 exit:
596  if (!ret_val) {
597  if (server_id->len > 0) {
598  data_string_forget(server_id, MDL);
599  }
600  if (client_id->len > 0) {
601  data_string_forget(client_id, MDL);
602  }
603  }
604  return ret_val;
605 }
606 
607 /*
608  * Information request validation, defined in RFC 3315, section 15.12:
609  *
610  * Servers MUST discard any received Information-request message that
611  * meets any of the following conditions:
612  *
613  * - The message includes a Server Identifier option and the DUID in
614  * the option does not match the server's DUID.
615  *
616  * - The message includes an IA option.
617  */
618 int
619 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
620  int ret_val;
621  struct option_cache *oc;
622  struct data_string client_id;
623  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
624  plus a few more for extra information */
625 
626  ret_val = 0;
627  memset(server_id, 0, sizeof(*server_id));
628  memset(&client_id, 0, sizeof(client_id));
629 
630  /*
631  * Make a string that we can print out to give more
632  * information about the client if we need to.
633  *
634  * By RFC 3315, Section 18.1.5 clients SHOULD have a
635  * client-id on an Information-request packet, but it
636  * is not strictly necessary.
637  */
638  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
639  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
640  print_hex_1(client_id.len, client_id.data, 60));
641  data_string_forget(&client_id, MDL);
642  } else {
643  client_id_str[0] = '\0';
644  }
645 
646  /*
647  * Required by RFC 3315, section 15.
648  */
649  if (packet->unicast) {
650  log_debug("Discarding %s from %s; packet sent unicast%s",
652  piaddr(packet->client_addr), client_id_str);
653  goto exit;
654  }
655 
657  if (oc != NULL) {
658  log_debug("Discarding %s from %s; "
659  "IA_NA option present%s",
661  piaddr(packet->client_addr), client_id_str);
662  goto exit;
663  }
665  if (oc != NULL) {
666  log_debug("Discarding %s from %s; "
667  "IA_TA option present%s",
669  piaddr(packet->client_addr), client_id_str);
670  goto exit;
671  }
673  if (oc != NULL) {
674  log_debug("Discarding %s from %s; "
675  "IA_PD option present%s",
677  piaddr(packet->client_addr), client_id_str);
678  goto exit;
679  }
680 
682  if (oc != NULL) {
683  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
684  packet->options, NULL,
685  &global_scope, oc, MDL)) {
686  log_error("Error processing %s from %s; "
687  "unable to evaluate Server Identifier%s",
689  piaddr(packet->client_addr), client_id_str);
690  goto exit;
691  }
692  if ((server_duid.len != server_id->len) ||
693  (memcmp(server_duid.data, server_id->data,
694  server_duid.len) != 0)) {
695  log_debug("Discarding %s from %s; "
696  "not our server identifier "
697  "(SERVERID %s, server DUID %s)%s",
699  piaddr(packet->client_addr),
700  print_hex_1(server_id->len,
701  server_id->data, 60),
702  print_hex_2(server_duid.len,
703  server_duid.data, 60),
704  client_id_str);
705  goto exit;
706  }
707  }
708 
709  /* looks good */
710  ret_val = 1;
711 
712 exit:
713  if (!ret_val) {
714  if (server_id->len > 0) {
715  data_string_forget(server_id, MDL);
716  }
717  }
718  return ret_val;
719 }
720 
721 /*
722  * Options that we want to send, in addition to what was requested
723  * via the ORO.
724  */
725 static const int required_opts[] = {
726  D6O_CLIENTID,
727  D6O_SERVERID,
730  0
731 };
732 static const int required_opts_NAA[] = {
733  D6O_CLIENTID,
734  D6O_SERVERID,
736  0
737 };
738 static const int required_opts_solicit[] = {
739  D6O_CLIENTID,
740  D6O_SERVERID,
741  D6O_IA_NA,
742  D6O_IA_TA,
743  D6O_IA_PD,
748  0
749 };
750 static const int required_opts_agent[] = {
753  0
754 };
755 static const int required_opts_IA[] = {
756  D6O_IAADDR,
758  0
759 };
760 static const int required_opts_IA_PD[] = {
761  D6O_IAPREFIX,
763  0
764 };
765 static const int required_opts_STATUS_CODE[] = {
767  0
768 };
769 
770 /*
771  * Extracts from packet contents an IA_* option, storing the IA structure
772  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
773  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
774  * where in the IA_* the DHCPv6 options commence.
775  */
776 static int
777 get_encapsulated_IA_state(struct option_state **enc_opt_state,
778  struct data_string *enc_opt_data,
779  struct packet *packet,
780  struct option_cache *oc,
781  int offset)
782 {
783  /*
784  * Get the raw data for the encapsulated options.
785  */
786  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
787  if (!evaluate_option_cache(enc_opt_data, packet,
788  NULL, NULL, packet->options, NULL,
789  &global_scope, oc, MDL)) {
790  log_error("get_encapsulated_IA_state: "
791  "error evaluating raw option.");
792  return 0;
793  }
794  if (enc_opt_data->len < offset) {
795  log_error("get_encapsulated_IA_state: raw option too small.");
796  data_string_forget(enc_opt_data, MDL);
797  return 0;
798  }
799 
800  /*
801  * Now create the option state structure, and pass it to the
802  * function that parses options.
803  */
804  *enc_opt_state = NULL;
805  if (!option_state_allocate(enc_opt_state, MDL)) {
806  log_error("get_encapsulated_IA_state: no memory for options.");
807  data_string_forget(enc_opt_data, MDL);
808  return 0;
809  }
810  if (!parse_option_buffer(*enc_opt_state,
811  enc_opt_data->data + offset,
812  enc_opt_data->len - offset,
813  &dhcpv6_universe)) {
814  log_error("get_encapsulated_IA_state: error parsing options.");
815  option_state_dereference(enc_opt_state, MDL);
816  data_string_forget(enc_opt_data, MDL);
817  return 0;
818  }
819 
820  return 1;
821 }
822 
823 static int
824 set_status_code(u_int16_t status_code, const char *status_message,
825  struct option_state *opt_state)
826 {
827  struct data_string d;
828  int ret_val;
829 
830  memset(&d, 0, sizeof(d));
831  d.len = sizeof(status_code) + strlen(status_message);
832  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
833  log_fatal("set_status_code: no memory for status code.");
834  }
835  d.data = d.buffer->data;
836  putUShort(d.buffer->data, status_code);
837  memcpy(d.buffer->data + sizeof(status_code),
838  status_message, d.len - sizeof(status_code));
839  if (!save_option_buffer(&dhcpv6_universe, opt_state,
840  d.buffer, (unsigned char *)d.data, d.len,
841  D6O_STATUS_CODE, 0)) {
842  log_error("set_status_code: error saving status code.");
843  ret_val = 0;
844  } else {
845  ret_val = 1;
846  }
847  data_string_forget(&d, MDL);
848  return ret_val;
849 }
850 
851 /*
852  * We have a set of operations we do to set up the reply packet, which
853  * is the same for many message types.
854  */
855 static int
856 start_reply(struct packet *packet,
857  const struct data_string *client_id,
858  const struct data_string *server_id,
859  struct option_state **opt_state,
860  struct dhcpv6_packet *reply)
861 {
862  struct option_cache *oc;
863  const unsigned char *server_id_data;
864  int server_id_len;
865 
866  /*
867  * Build our option state for reply.
868  */
869  *opt_state = NULL;
870  if (!option_state_allocate(opt_state, MDL)) {
871  log_error("start_reply: no memory for option_state.");
872  return 0;
873  }
874  execute_statements_in_scope(NULL, packet, NULL, NULL,
875  packet->options, *opt_state,
876  &global_scope, root_group, NULL, NULL);
877 
878  /*
879  * A small bit of special handling for Solicit messages.
880  *
881  * We could move the logic into a flag, but for now just check
882  * explicitly.
883  */
884  if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
885  reply->msg_type = DHCPV6_ADVERTISE;
886 
887  /*
888  * If:
889  * - this message type supports rapid commit (Solicit), and
890  * - the server is configured to supply a rapid commit, and
891  * - the client requests a rapid commit,
892  * Then we add a rapid commit option, and send Reply (instead
893  * of an Advertise).
894  */
896  *opt_state, D6O_RAPID_COMMIT);
897  if (oc != NULL) {
899  packet->options, D6O_RAPID_COMMIT);
900  if (oc != NULL) {
901  /* Rapid-commit in action. */
902  reply->msg_type = DHCPV6_REPLY;
903  } else {
904  /* Don't want a rapid-commit in advertise. */
906  *opt_state, D6O_RAPID_COMMIT);
907  }
908  }
909  } else {
910  reply->msg_type = DHCPV6_REPLY;
911  /* Delete the rapid-commit from the sent options. */
913  *opt_state, D6O_RAPID_COMMIT);
914  if (oc != NULL) {
916  *opt_state, D6O_RAPID_COMMIT);
917  }
918  }
919 
920  /*
921  * Use the client's transaction identifier for the reply.
922  */
923  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
924  sizeof(reply->transaction_id));
925 
926  /*
927  * RFC 3315, section 18.2 says we need server identifier and
928  * client identifier.
929  *
930  * If the server ID is defined via the configuration file, then
931  * it will already be present in the option state at this point,
932  * so we don't need to set it.
933  *
934  * If we have a server ID passed in from the caller,
935  * use that, otherwise use the global DUID.
936  */
937  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
938  if (oc == NULL) {
939  if (server_id == NULL) {
940  server_id_data = server_duid.data;
941  server_id_len = server_duid.len;
942  } else {
943  server_id_data = server_id->data;
944  server_id_len = server_id->len;
945  }
946  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
947  NULL, (unsigned char *)server_id_data,
948  server_id_len, D6O_SERVERID, 0)) {
949  log_error("start_reply: "
950  "error saving server identifier.");
951  return 0;
952  }
953  }
954 
955  if (client_id->buffer != NULL) {
956  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
957  client_id->buffer,
958  (unsigned char *)client_id->data,
959  client_id->len,
960  D6O_CLIENTID, 0)) {
961  log_error("start_reply: error saving "
962  "client identifier.");
963  return 0;
964  }
965  }
966 
967  /*
968  * If the client accepts reconfiguration, let it know that we
969  * will send them.
970  *
971  * Note: we don't actually do this yet, but DOCSIS requires we
972  * claim to.
973  */
974  oc = lookup_option(&dhcpv6_universe, packet->options,
976  if (oc != NULL) {
977  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
978  NULL, (unsigned char *)"", 0,
979  D6O_RECONF_ACCEPT, 0)) {
980  log_error("start_reply: "
981  "error saving RECONF_ACCEPT option.");
982  option_state_dereference(opt_state, MDL);
983  return 0;
984  }
985  }
986 
987  return 1;
988 }
989 
990 /*
991  * Try to get the IPv6 address the client asked for from the
992  * pool.
993  *
994  * addr is the result (should be a pointer to NULL on entry)
995  * pool is the pool to search in
996  * requested_addr is the address the client wants
997  */
998 static isc_result_t
999 try_client_v6_address(struct iasubopt **addr,
1000  struct ipv6_pool *pool,
1001  const struct data_string *requested_addr)
1002 {
1003  struct in6_addr tmp_addr;
1004  isc_result_t result;
1005 
1006  if (requested_addr->len < sizeof(tmp_addr)) {
1007  return DHCP_R_INVALIDARG;
1008  }
1009  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1010  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1011  return ISC_R_FAILURE;
1012  }
1013 
1014  /*
1015  * The address is not covered by this (or possibly any) dynamic
1016  * range.
1017  */
1018  if (!ipv6_in_pool(&tmp_addr, pool)) {
1019  return ISC_R_ADDRNOTAVAIL;
1020  }
1021 
1022  if (lease6_exists(pool, &tmp_addr)) {
1023  return ISC_R_ADDRINUSE;
1024  }
1025 
1026  result = iasubopt_allocate(addr, MDL);
1027  if (result != ISC_R_SUCCESS) {
1028  return result;
1029  }
1030  (*addr)->addr = tmp_addr;
1031  (*addr)->plen = 0;
1032 
1033  /* Default is soft binding for 2 minutes. */
1034  result = add_lease6(pool, *addr, cur_time + 120);
1035  if (result != ISC_R_SUCCESS) {
1036  iasubopt_dereference(addr, MDL);
1037  }
1038  return result;
1039 }
1040 
1041 
1063 static isc_result_t
1064 pick_v6_address(struct reply_state *reply)
1065 {
1066  struct ipv6_pool *p = NULL;
1067  struct ipv6_pond *pond;
1068  int i;
1069  int start_pool;
1070  unsigned int attempts;
1071  char tmp_buf[INET6_ADDRSTRLEN];
1072  struct iasubopt **addr = &reply->lease;
1073 
1074  /*
1075  * Do a quick walk through of the ponds and pools
1076  * to see if we have any NA address pools
1077  */
1078  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1079  if (pond->ipv6_pools == NULL)
1080  continue;
1081 
1082  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1083  if (p->pool_type == D6O_IA_NA)
1084  break;
1085  }
1086  if (p != NULL)
1087  break;
1088  }
1089 
1090  /* If we get here and p is NULL we have no useful pools */
1091  if (p == NULL) {
1092  log_debug("Unable to pick client address: "
1093  "no IPv6 pools on this shared network");
1094  return ISC_R_NORESOURCES;
1095  }
1096 
1097  /*
1098  * We have at least one pool that could provide an address
1099  * Now we walk through the ponds and pools again and check
1100  * to see if the client is permitted and if an address is
1101  * available
1102  *
1103  * Within a given pond we start looking at the last pool we
1104  * allocated from, unless it had a collision trying to allocate
1105  * an address. This will tend to move us into less-filled pools.
1106  */
1107 
1108  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1109  if (((pond->prohibit_list != NULL) &&
1110  (permitted(reply->packet, pond->prohibit_list))) ||
1111  ((pond->permit_list != NULL) &&
1112  (!permitted(reply->packet, pond->permit_list))))
1113  continue;
1114 
1115  start_pool = pond->last_ipv6_pool;
1116  i = start_pool;
1117  do {
1118  p = pond->ipv6_pools[i];
1119  if ((p->pool_type == D6O_IA_NA) &&
1120  (create_lease6(p, addr, &attempts,
1121  &reply->ia->iaid_duid,
1122  cur_time + 120) == ISC_R_SUCCESS)) {
1123  /*
1124  * Record the pool used (or next one if there
1125  * was a collision).
1126  */
1127  if (attempts > 1) {
1128  i++;
1129  if (pond->ipv6_pools[i] == NULL) {
1130  i = 0;
1131  }
1132  }
1133  pond->last_ipv6_pool = i;
1134 
1135  log_debug("Picking pool address %s",
1136  inet_ntop(AF_INET6, &((*addr)->addr),
1137  tmp_buf, sizeof(tmp_buf)));
1138  return (ISC_R_SUCCESS);
1139  }
1140 
1141  i++;
1142  if (pond->ipv6_pools[i] == NULL) {
1143  i = 0;
1144  }
1145  } while (i != start_pool);
1146  }
1147 
1148  /*
1149  * If we failed to pick an IPv6 address from any of the subnets.
1150  * Presumably that means we have no addresses for the client.
1151  */
1152  log_debug("Unable to pick client address: no addresses available");
1153  return ISC_R_NORESOURCES;
1154 }
1155 
1156 /*
1157  * Try to get the IPv6 prefix the client asked for from the
1158  * prefix pool.
1159  *
1160  * pref is the result (should be a pointer to NULL on entry)
1161  * pool is the prefix pool to search in
1162  * requested_pref is the address the client wants
1163  */
1164 static isc_result_t
1165 try_client_v6_prefix(struct iasubopt **pref,
1166  struct ipv6_pool *pool,
1167  const struct data_string *requested_pref)
1168 {
1169  u_int8_t tmp_plen;
1170  struct in6_addr tmp_pref;
1171  struct iaddr ia;
1172  isc_result_t result;
1173 
1174  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1175  return DHCP_R_INVALIDARG;
1176  }
1177  tmp_plen = (int) requested_pref->data[0];
1178  if ((tmp_plen < 3) || (tmp_plen > 128) ||
1179  ((int)tmp_plen != pool->units)) {
1180  return ISC_R_FAILURE;
1181  }
1182  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1183  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1184  return ISC_R_FAILURE;
1185  }
1186  ia.len = 16;
1187  memcpy(&ia.iabuf, &tmp_pref, 16);
1188  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1189  return ISC_R_FAILURE;
1190  }
1191 
1192  if (!ipv6_in_pool(&tmp_pref, pool)) {
1193  return ISC_R_ADDRNOTAVAIL;
1194  }
1195 
1196  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1197  return ISC_R_ADDRINUSE;
1198  }
1199 
1200  result = iasubopt_allocate(pref, MDL);
1201  if (result != ISC_R_SUCCESS) {
1202  return result;
1203  }
1204  (*pref)->addr = tmp_pref;
1205  (*pref)->plen = tmp_plen;
1206 
1207  /* Default is soft binding for 2 minutes. */
1208  result = add_lease6(pool, *pref, cur_time + 120);
1209  if (result != ISC_R_SUCCESS) {
1210  iasubopt_dereference(pref, MDL);
1211  }
1212  return result;
1213 }
1214 
1237 static isc_result_t
1238 pick_v6_prefix(struct reply_state *reply)
1239 {
1240  struct ipv6_pool *p = NULL;
1241  struct ipv6_pond *pond;
1242  int i;
1243  unsigned int attempts;
1244  char tmp_buf[INET6_ADDRSTRLEN];
1245  struct iasubopt **pref = &reply->lease;
1246 
1247  /*
1248  * Do a quick walk through of the ponds and pools
1249  * to see if we have any prefix pools
1250  */
1251  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1252  if (pond->ipv6_pools == NULL)
1253  continue;
1254 
1255  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1256  if (p->pool_type == D6O_IA_PD)
1257  break;
1258  }
1259  if (p != NULL)
1260  break;
1261  }
1262 
1263  /* If we get here and p is NULL we have no useful pools */
1264  if (p == NULL) {
1265  log_debug("Unable to pick client prefix: "
1266  "no IPv6 pools on this shared network");
1267  return ISC_R_NORESOURCES;
1268  }
1269 
1270  /*
1271  * We have at least one pool that could provide a prefix
1272  * Now we walk through the ponds and pools again and check
1273  * to see if the client is permitted and if an prefix is
1274  * available
1275  *
1276  */
1277 
1278  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1279  if (((pond->prohibit_list != NULL) &&
1280  (permitted(reply->packet, pond->prohibit_list))) ||
1281  ((pond->permit_list != NULL) &&
1282  (!permitted(reply->packet, pond->permit_list))))
1283  continue;
1284 
1285  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1286  if (p->pool_type != D6O_IA_PD) {
1287  continue;
1288  }
1289 
1290  /*
1291  * Try only pools with the requested prefix length if any.
1292  */
1293  if ((reply->preflen >= 0) && (p->units != reply->preflen)) {
1294  continue;
1295  }
1296 
1297  if (create_prefix6(p, pref, &attempts, &reply->ia->iaid_duid,
1298  cur_time + 120) == ISC_R_SUCCESS) {
1299  log_debug("Picking pool prefix %s/%u",
1300  inet_ntop(AF_INET6, &((*pref)->addr),
1301  tmp_buf, sizeof(tmp_buf)),
1302  (unsigned) (*pref)->plen);
1303 
1304  return (ISC_R_SUCCESS);
1305  }
1306  }
1307  }
1308 
1309  /*
1310  * If we failed to pick an IPv6 prefix
1311  * Presumably that means we have no prefixes for the client.
1312  */
1313  log_debug("Unable to pick client prefix: no prefixes available");
1314  return ISC_R_NORESOURCES;
1315 }
1316 
1317 /*
1318  *! \file server/dhcpv6.c
1319  *
1320  * \brief construct a reply containing information about a client's lease
1321  *
1322  * lease_to_client() is called from several messages to construct a
1323  * reply that contains all that we know about the client's correct lease
1324  * (or projected lease).
1325  *
1326  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1327  * send what we "may" give them on a request.
1328  *
1329  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1330  * the client should really use).
1331  *
1332  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1333  * Rebind out any "wrong" addresses the client sends. This means we send
1334  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1335  * possibly send the address with zeroed lifetimes.
1336  *
1337  * Information-Request - No binding.
1338  *
1339  * The basic structure is to traverse the client-supplied data first, and
1340  * validate and echo back any contents that can be. If the client-supplied
1341  * data does not error out (on renew/rebind as above), but we did not send
1342  * any addresses, attempt to allocate one.
1343  *
1344  * At the end of the this function we call commit_leases_timed() to
1345  * fsync and rotate the file as necessary. commit_leases_timed() will
1346  * check that we have written at least one lease to the file and that
1347  * some time has passed before doing any fsync or file rewrite so we
1348  * don't bother tracking if we did a write_ia during this function.
1349  */
1350 /* TODO: look at client hints for lease times */
1351 
1352 static void
1353 lease_to_client(struct data_string *reply_ret,
1354  struct packet *packet,
1355  const struct data_string *client_id,
1356  const struct data_string *server_id)
1357 {
1358  static struct reply_state reply;
1359  struct option_cache *oc;
1360  struct data_string packet_oro;
1361 #if defined (RFC3315_PRE_ERRATA_2010_08)
1362  isc_boolean_t no_resources_avail = ISC_FALSE;
1363 #endif
1364  int i;
1365 
1366  memset(&packet_oro, 0, sizeof(packet_oro));
1367 
1368  /* Locate the client. */
1369  if (shared_network_from_packet6(&reply.shared,
1370  packet) != ISC_R_SUCCESS)
1371  goto exit;
1372 
1373  /*
1374  * Initialize the reply.
1375  */
1376  packet_reference(&reply.packet, packet, MDL);
1377  data_string_copy(&reply.client_id, client_id, MDL);
1378 
1379  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1380  &reply.buf.reply))
1381  goto exit;
1382 
1383  /* Set the write cursor to just past the reply header. */
1384  reply.cursor = REPLY_OPTIONS_INDEX;
1385 
1386  /*
1387  * Get the ORO from the packet, if any.
1388  */
1389  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1390  if (oc != NULL) {
1391  if (!evaluate_option_cache(&packet_oro, packet,
1392  NULL, NULL,
1393  packet->options, NULL,
1394  &global_scope, oc, MDL)) {
1395  log_error("lease_to_client: error evaluating ORO.");
1396  goto exit;
1397  }
1398  }
1399 
1400  /*
1401  * Find a host record that matches from the packet, if any, and is
1402  * valid for the shared network the client is on.
1403  */
1404  if (find_hosts_by_uid(&reply.host, client_id->data, client_id->len,
1405  MDL)) {
1406  packet->known = 1;
1407  seek_shared_host(&reply.host, reply.shared);
1408  }
1409 
1410  if ((reply.host == NULL) &&
1411  find_hosts_by_option(&reply.host, packet, packet->options, MDL)) {
1412  packet->known = 1;
1413  seek_shared_host(&reply.host, reply.shared);
1414  }
1415 
1416  /*
1417  * Check for 'hardware' matches last, as some of the synthesis methods
1418  * are not considered to be as reliable.
1419  */
1420  if ((reply.host == NULL) &&
1421  find_hosts_by_duid_chaddr(&reply.host, client_id)) {
1422  packet->known = 1;
1423  seek_shared_host(&reply.host, reply.shared);
1424  }
1425 
1426  /* Process the client supplied IA's onto the reply buffer. */
1427  reply.ia_count = 0;
1429 
1430  for (; oc != NULL ; oc = oc->next) {
1431  isc_result_t status;
1432 
1433  /* Start counting resources (addresses) offered. */
1434  reply.client_resources = 0;
1435  reply.resources_included = ISC_FALSE;
1436 
1437  status = reply_process_ia_na(&reply, oc);
1438 
1439  /*
1440  * We continue to try other IA's whether we can address
1441  * this one or not. Any other result is an immediate fail.
1442  */
1443  if ((status != ISC_R_SUCCESS) &&
1444  (status != ISC_R_NORESOURCES))
1445  goto exit;
1446 
1447 #if defined (RFC3315_PRE_ERRATA_2010_08)
1448  /*
1449  * If any address cannot be given to any IA, then set the
1450  * NoAddrsAvail status code.
1451  */
1452  if (reply.client_resources == 0)
1453  no_resources_avail = ISC_TRUE;
1454 #endif
1455  }
1457  for (; oc != NULL ; oc = oc->next) {
1458  isc_result_t status;
1459 
1460  /* Start counting resources (addresses) offered. */
1461  reply.client_resources = 0;
1462  reply.resources_included = ISC_FALSE;
1463 
1464  status = reply_process_ia_ta(&reply, oc);
1465 
1466  /*
1467  * We continue to try other IA's whether we can address
1468  * this one or not. Any other result is an immediate fail.
1469  */
1470  if ((status != ISC_R_SUCCESS) &&
1471  (status != ISC_R_NORESOURCES))
1472  goto exit;
1473 
1474 #if defined (RFC3315_PRE_ERRATA_2010_08)
1475  /*
1476  * If any address cannot be given to any IA, then set the
1477  * NoAddrsAvail status code.
1478  */
1479  if (reply.client_resources == 0)
1480  no_resources_avail = ISC_TRUE;
1481 #endif
1482  }
1483 
1484  /* Same for IA_PD's. */
1485  reply.pd_count = 0;
1487  for (; oc != NULL ; oc = oc->next) {
1488  isc_result_t status;
1489 
1490  /* Start counting resources (prefixes) offered. */
1491  reply.client_resources = 0;
1492  reply.resources_included = ISC_FALSE;
1493 
1494  status = reply_process_ia_pd(&reply, oc);
1495 
1496  /*
1497  * We continue to try other IA_PD's whether we can address
1498  * this one or not. Any other result is an immediate fail.
1499  */
1500  if ((status != ISC_R_SUCCESS) &&
1501  (status != ISC_R_NORESOURCES))
1502  goto exit;
1503  }
1504 
1505  /*
1506  * Make no reply if we gave no resources and is not
1507  * for Information-Request.
1508  */
1509  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1510  if (reply.packet->dhcpv6_msg_type !=
1512  goto exit;
1513 
1514  /*
1515  * Because we only execute statements on a per-IA basis,
1516  * we need to execute statements in any non-IA reply to
1517  * source configuration.
1518  */
1519  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1520  reply.packet->options,
1521  reply.opt_state, &global_scope,
1522  reply.shared->group, root_group,
1523  NULL);
1524 
1525  /* Execute statements from class scopes. */
1526  for (i = reply.packet->class_count; i > 0; i--) {
1527  execute_statements_in_scope(NULL, reply.packet,
1528  NULL, NULL,
1529  reply.packet->options,
1530  reply.opt_state,
1531  &global_scope,
1532  reply.packet->classes[i - 1]->group,
1533  reply.shared->group, NULL);
1534  }
1535 
1536  /* Bring in any configuration from a host record. */
1537  if (reply.host != NULL)
1538  execute_statements_in_scope(NULL, reply.packet,
1539  NULL, NULL,
1540  reply.packet->options,
1541  reply.opt_state,
1542  &global_scope,
1543  reply.host->group,
1544  reply.shared->group, NULL);
1545  }
1546 
1547  /* reject unicast message, unless we set unicast option */
1548  if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined())
1549  /*
1550  * RFC3315 section 18.2.1 (Request):
1551  *
1552  * When the server receives a Request message via unicast from a client
1553  * to which the server has not sent a unicast option, the server
1554  * discards the Request message and responds with a Reply message
1555  * containing a Status Code option with the value UseMulticast, a Server
1556  * Identifier option containing the server's DUID, the Client Identifier
1557  * option from the client message, and no other options.
1558  *
1559  * Section 18.2.3 (Renew):
1560  *
1561  * When the server receives a Renew message via unicast from a client to
1562  * which the server has not sent a unicast option, the server discards
1563  * the Renew message and responds with a Reply message containing a
1564  * Status Code option with the value UseMulticast, a Server Identifier
1565  * option containing the server's DUID, the Client Identifier option
1566  * from the client message, and no other options.
1567  */
1568  {
1569  /* Set the UseMulticast status code. */
1570  if (!set_status_code(STATUS_UseMulticast,
1571  "Unicast not allowed by server.",
1572  reply.opt_state)) {
1573  log_error("lease_to_client: Unable to set "
1574  "UseMulticast status code.");
1575  goto exit;
1576  }
1577 
1578  /* Rewind the cursor to the start. */
1579  reply.cursor = REPLY_OPTIONS_INDEX;
1580 
1581  /*
1582  * Produce an reply that includes only:
1583  *
1584  * Status code.
1585  * Server DUID.
1586  * Client DUID.
1587  */
1588  reply.cursor += store_options6((char *)reply.buf.data +
1589  reply.cursor,
1590  sizeof(reply.buf) -
1591  reply.cursor,
1592  reply.opt_state, reply.packet,
1593  required_opts_NAA,
1594  NULL);
1595  }
1596 
1597  /*
1598  * RFC3315 section 17.2.2 (Solicit):
1599  *
1600  * If the server will not assign any addresses to any IAs in a
1601  * subsequent Request from the client, the server MUST send an
1602  * Advertise message to the client that includes only a Status
1603  * Code option with code NoAddrsAvail and a status message for
1604  * the user, a Server Identifier option with the server's DUID,
1605  * and a Client Identifier option with the client's DUID.
1606  *
1607  * Section 18.2.1 (Request):
1608  *
1609  * If the server cannot assign any addresses to an IA in the
1610  * message from the client, the server MUST include the IA in
1611  * the Reply message with no addresses in the IA and a Status
1612  * Code option in the IA containing status code NoAddrsAvail.
1613  *
1614  * Section 18.1.8 (Client Behavior):
1615  *
1616  * Leave unchanged any information about addresses the client has
1617  * recorded in the IA but that were not included in the IA from
1618  * the server.
1619  * Sends a Renew/Rebind if the IA is not in the Reply message.
1620  */
1621 #if defined (RFC3315_PRE_ERRATA_2010_08)
1622  else if (no_resources_avail && (reply.ia_count != 0) &&
1623  (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT))
1624  {
1625  /* Set the NoAddrsAvail status code. */
1626  if (!set_status_code(STATUS_NoAddrsAvail,
1627  "No addresses available for this "
1628  "interface.", reply.opt_state)) {
1629  log_error("lease_to_client: Unable to set "
1630  "NoAddrsAvail status code.");
1631  goto exit;
1632  }
1633 
1634  /* Rewind the cursor to the start. */
1635  reply.cursor = REPLY_OPTIONS_INDEX;
1636 
1637  /*
1638  * Produce an advertise that includes only:
1639  *
1640  * Status code.
1641  * Server DUID.
1642  * Client DUID.
1643  */
1644  reply.buf.reply.msg_type = DHCPV6_ADVERTISE;
1645  reply.cursor += store_options6((char *)reply.buf.data +
1646  reply.cursor,
1647  sizeof(reply.buf) -
1648  reply.cursor,
1649  reply.opt_state, reply.packet,
1650  required_opts_NAA,
1651  NULL);
1652  } else {
1653  /*
1654  * Having stored the client's IA's, store any options that
1655  * will fit in the remaining space.
1656  */
1657  reply.cursor += store_options6((char *)reply.buf.data +
1658  reply.cursor,
1659  sizeof(reply.buf) -
1660  reply.cursor,
1661  reply.opt_state, reply.packet,
1662  required_opts_solicit,
1663  &packet_oro);
1664  }
1665 #else /* defined (RFC3315_PRE_ERRATA_2010_08) */
1666  /*
1667  * Having stored the client's IA's, store any options that
1668  * will fit in the remaining space.
1669  */
1670  else
1671  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1672  sizeof(reply.buf) - reply.cursor,
1673  reply.opt_state, reply.packet,
1674  required_opts_solicit,
1675  &packet_oro);
1676 #endif /* defined (RFC3315_PRE_ERRATA_2010_08) */
1677 
1678  /* Return our reply to the caller. */
1679  reply_ret->len = reply.cursor;
1680  reply_ret->buffer = NULL;
1681  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1682  log_fatal("No memory to store Reply.");
1683  }
1684  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1685  reply_ret->data = reply_ret->buffer->data;
1686 
1687  /* If appropriate commit and rotate the lease file */
1688  (void) commit_leases_timed();
1689 
1690  exit:
1691  /* Cleanup. */
1692  if (reply.shared != NULL)
1693  shared_network_dereference(&reply.shared, MDL);
1694  if (reply.host != NULL)
1695  host_dereference(&reply.host, MDL);
1696  if (reply.opt_state != NULL)
1697  option_state_dereference(&reply.opt_state, MDL);
1698  if (reply.packet != NULL)
1699  packet_dereference(&reply.packet, MDL);
1700  if (reply.client_id.data != NULL)
1701  data_string_forget(&reply.client_id, MDL);
1702  if (packet_oro.buffer != NULL)
1703  data_string_forget(&packet_oro, MDL);
1704  reply.renew = reply.rebind = reply.prefer = reply.valid = 0;
1705  reply.cursor = 0;
1706 }
1707 
1708 /* Process a client-supplied IA_NA. This may append options to the tail of
1709  * the reply packet being built in the reply_state structure.
1710  */
1711 static isc_result_t
1712 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1713  isc_result_t status = ISC_R_SUCCESS;
1714  u_int32_t iaid;
1715  unsigned ia_cursor;
1716  struct option_state *packet_ia;
1717  struct option_cache *oc;
1718  struct data_string ia_data, data;
1719 
1720  /* Initialize values that will get cleaned up on return. */
1721  packet_ia = NULL;
1722  memset(&ia_data, 0, sizeof(ia_data));
1723  memset(&data, 0, sizeof(data));
1724  /*
1725  * Note that find_client_address() may set reply->lease.
1726  */
1727 
1728  /* Make sure there is at least room for the header. */
1729  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
1730  log_error("reply_process_ia_na: Reply too long for IA.");
1731  return ISC_R_NOSPACE;
1732  }
1733 
1734 
1735  /* Fetch the IA_NA contents. */
1736  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
1737  ia, IA_NA_OFFSET)) {
1738  log_error("reply_process_ia_na: error evaluating ia");
1739  status = ISC_R_FAILURE;
1740  goto cleanup;
1741  }
1742 
1743  /* Extract IA_NA header contents. */
1744  iaid = getULong(ia_data.data);
1745  reply->renew = getULong(ia_data.data + 4);
1746  reply->rebind = getULong(ia_data.data + 8);
1747 
1748  /* Create an IA_NA structure. */
1749  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
1750  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
1751  log_error("reply_process_ia_na: no memory for ia.");
1752  status = ISC_R_NOMEMORY;
1753  goto cleanup;
1754  }
1755  reply->ia->ia_type = D6O_IA_NA;
1756 
1757  /* Cache pre-existing IA, if any. */
1758  ia_hash_lookup(&reply->old_ia, ia_na_active,
1759  (unsigned char *)reply->ia->iaid_duid.data,
1760  reply->ia->iaid_duid.len, MDL);
1761 
1762  /*
1763  * Create an option cache to carry the IA_NA option contents, and
1764  * execute any user-supplied values into it.
1765  */
1766  if (!option_state_allocate(&reply->reply_ia, MDL)) {
1767  status = ISC_R_NOMEMORY;
1768  goto cleanup;
1769  }
1770 
1771  /* Check & cache the fixed host record. */
1772  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
1773  struct iaddr tmp_addr;
1774 
1775  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
1776  NULL, NULL, &global_scope,
1777  reply->host->fixed_addr, MDL)) {
1778  log_error("reply_process_ia_na: unable to evaluate "
1779  "fixed address.");
1780  status = ISC_R_FAILURE;
1781  goto cleanup;
1782  }
1783 
1784  if (reply->fixed.len < 16) {
1785  log_error("reply_process_ia_na: invalid fixed address.");
1786  status = DHCP_R_INVALIDARG;
1787  goto cleanup;
1788  }
1789 
1790  /* Find the static lease's subnet. */
1791  tmp_addr.len = 16;
1792  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
1793 
1794  if (find_grouped_subnet(&reply->subnet, reply->shared,
1795  tmp_addr, MDL) == 0)
1796  log_fatal("Impossible condition at %s:%d.", MDL);
1797 
1798  reply->static_lease = ISC_TRUE;
1799  } else
1800  reply->static_lease = ISC_FALSE;
1801 
1802  /*
1803  * Save the cursor position at the start of the IA, so we can
1804  * set length and adjust t1/t2 values later. We write a temporary
1805  * header out now just in case we decide to adjust the packet
1806  * within sub-process functions.
1807  */
1808  ia_cursor = reply->cursor;
1809 
1810  /* Initialize the IA_NA header. First the code. */
1811  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
1812  reply->cursor += 2;
1813 
1814  /* Then option length. */
1815  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
1816  reply->cursor += 2;
1817 
1818  /* Then IA_NA header contents; IAID. */
1819  putULong(reply->buf.data + reply->cursor, iaid);
1820  reply->cursor += 4;
1821 
1822  /* We store the client's t1 for now, and may over-ride it later. */
1823  putULong(reply->buf.data + reply->cursor, reply->renew);
1824  reply->cursor += 4;
1825 
1826  /* We store the client's t2 for now, and may over-ride it later. */
1827  putULong(reply->buf.data + reply->cursor, reply->rebind);
1828  reply->cursor += 4;
1829 
1830  /*
1831  * For each address in this IA_NA, decide what to do about it.
1832  *
1833  * Guidelines:
1834  *
1835  * The client leaves unchanged any information about addresses
1836  * it has recorded but are not included ("cancel/break" below).
1837  * A not included IA ("cleanup" below) could give a Renew/Rebind.
1838  */
1839  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
1840  reply->valid = reply->prefer = 0xffffffff;
1841  reply->client_valid = reply->client_prefer = 0;
1842  for (; oc != NULL ; oc = oc->next) {
1843  status = reply_process_addr(reply, oc);
1844 
1845  /*
1846  * Canceled means we did not allocate addresses to the
1847  * client, but we're "done" with this IA - we set a status
1848  * code. So transmit this reply, e.g., move on to the next
1849  * IA.
1850  */
1851  if (status == ISC_R_CANCELED)
1852  break;
1853 
1854  if ((status != ISC_R_SUCCESS) &&
1855  (status != ISC_R_ADDRINUSE) &&
1856  (status != ISC_R_ADDRNOTAVAIL))
1857  goto cleanup;
1858  }
1859 
1860  reply->ia_count++;
1861 
1862  /*
1863  * If we fell through the above and never gave the client
1864  * an address, give it one now.
1865  */
1866  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
1867  status = find_client_address(reply);
1868 
1869  if (status == ISC_R_NORESOURCES) {
1870  switch (reply->packet->dhcpv6_msg_type) {
1871  case DHCPV6_SOLICIT:
1872  /*
1873  * No address for any IA is handled
1874  * by the caller.
1875  */
1876  /* FALL THROUGH */
1877 
1878  case DHCPV6_REQUEST:
1879  /* Section 18.2.1 (Request):
1880  *
1881  * If the server cannot assign any addresses to
1882  * an IA in the message from the client, the
1883  * server MUST include the IA in the Reply
1884  * message with no addresses in the IA and a
1885  * Status Code option in the IA containing
1886  * status code NoAddrsAvail.
1887  */
1888  option_state_dereference(&reply->reply_ia, MDL);
1889  if (!option_state_allocate(&reply->reply_ia,
1890  MDL))
1891  {
1892  log_error("reply_process_ia_na: No "
1893  "memory for option state "
1894  "wipe.");
1895  status = ISC_R_NOMEMORY;
1896  goto cleanup;
1897  }
1898 
1899  if (!set_status_code(STATUS_NoAddrsAvail,
1900  "No addresses available "
1901  "for this interface.",
1902  reply->reply_ia)) {
1903  log_error("reply_process_ia_na: Unable "
1904  "to set NoAddrsAvail status "
1905  "code.");
1906  status = ISC_R_FAILURE;
1907  goto cleanup;
1908  }
1909 
1910  status = ISC_R_SUCCESS;
1911  break;
1912 
1913  default:
1914  /*
1915  * RFC 3315 does not tell us to emit a status
1916  * code in this condition, or anything else.
1917  *
1918  * If we included non-allocated addresses
1919  * (zeroed lifetimes) in an IA, then the client
1920  * will deconfigure them.
1921  *
1922  * So we want to include the IA even if we
1923  * can't give it a new address if it includes
1924  * zeroed lifetime addresses.
1925  *
1926  * We don't want to include the IA if we
1927  * provide zero addresses including zeroed
1928  * lifetimes.
1929  */
1930  if (reply->resources_included)
1931  status = ISC_R_SUCCESS;
1932  else
1933  goto cleanup;
1934  break;
1935  }
1936  }
1937 
1938  if (status != ISC_R_SUCCESS)
1939  goto cleanup;
1940  }
1941 
1942  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
1943  sizeof(reply->buf) - reply->cursor,
1944  reply->reply_ia, reply->packet,
1945  required_opts_IA, NULL);
1946 
1947  /* Reset the length of this IA to match what was just written. */
1948  putUShort(reply->buf.data + ia_cursor + 2,
1949  reply->cursor - (ia_cursor + 4));
1950 
1951  /*
1952  * T1/T2 time selection is kind of weird. We actually use DHCP
1953  * (v4) scoped options as handy existing places where these might
1954  * be configured by an administrator. A value of zero tells the
1955  * client it may choose its own renewal time.
1956  */
1957  reply->renew = 0;
1958  oc = lookup_option(&dhcp_universe, reply->opt_state,
1960  if (oc != NULL) {
1961  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
1962  reply->packet->options,
1963  reply->opt_state, &global_scope,
1964  oc, MDL) ||
1965  (data.len != 4)) {
1966  log_error("Invalid renewal time.");
1967  } else {
1968  reply->renew = getULong(data.data);
1969  }
1970 
1971  if (data.data != NULL)
1972  data_string_forget(&data, MDL);
1973  }
1974  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
1975 
1976  /* Now T2. */
1977  reply->rebind = 0;
1978  oc = lookup_option(&dhcp_universe, reply->opt_state,
1980  if (oc != NULL) {
1981  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
1982  reply->packet->options,
1983  reply->opt_state, &global_scope,
1984  oc, MDL) ||
1985  (data.len != 4)) {
1986  log_error("Invalid rebinding time.");
1987  } else {
1988  reply->rebind = getULong(data.data);
1989  }
1990 
1991  if (data.data != NULL)
1992  data_string_forget(&data, MDL);
1993  }
1994  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
1995 
1996  /*
1997  * yes, goto's aren't the best but we also want to avoid extra
1998  * indents
1999  */
2000  if (status == ISC_R_CANCELED)
2001  goto cleanup;
2002 
2003  /*
2004  * Handle static leases, we always log stuff and if it's
2005  * a hard binding we run any commit statements that we have
2006  */
2007  if (reply->static_lease) {
2008  char tmp_addr[INET6_ADDRSTRLEN];
2009  log_info("%s NA: address %s to client with duid %s iaid = %d "
2010  "static",
2011  dhcpv6_type_names[reply->buf.reply.msg_type],
2012  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2013  sizeof(tmp_addr)),
2014  print_hex_1(reply->client_id.len,
2015  reply->client_id.data, 60),
2016  iaid);
2017 
2018  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2019  (reply->on_star.on_commit != NULL)) {
2020  execute_statements(NULL, reply->packet, NULL, NULL,
2021  reply->packet->options,
2022  reply->opt_state, NULL,
2023  reply->on_star.on_commit, NULL);
2025  (&reply->on_star.on_commit, MDL);
2026  }
2027  goto cleanup;
2028  }
2029 
2030  /*
2031  * If we have any addresses log what we are doing.
2032  */
2033  if (reply->ia->num_iasubopt != 0) {
2034  struct iasubopt *tmp;
2035  int i;
2036  char tmp_addr[INET6_ADDRSTRLEN];
2037 
2038  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2039  tmp = reply->ia->iasubopt[i];
2040 
2041  log_info("%s NA: address %s to client with duid %s "
2042  "iaid = %d valid for %d seconds",
2043  dhcpv6_type_names[reply->buf.reply.msg_type],
2044  inet_ntop(AF_INET6, &tmp->addr,
2045  tmp_addr, sizeof(tmp_addr)),
2046  print_hex_1(reply->client_id.len,
2047  reply->client_id.data, 60),
2048  iaid, tmp->valid);
2049  }
2050  }
2051 
2052  /*
2053  * If this is not a 'soft' binding, consume the new changes into
2054  * the database (if any have been attached to the ia_na).
2055  *
2056  * Loop through the assigned dynamic addresses, referencing the
2057  * leases onto this IA_NA rather than any old ones, and updating
2058  * pool timers for each (if any).
2059  */
2060 
2061  if ((reply->ia->num_iasubopt != 0) &&
2062  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2063  struct iasubopt *tmp;
2064  struct data_string *ia_id;
2065  int i;
2066 
2067  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2068  tmp = reply->ia->iasubopt[i];
2069 
2070  if (tmp->ia != NULL)
2071  ia_dereference(&tmp->ia, MDL);
2072  ia_reference(&tmp->ia, reply->ia, MDL);
2073 
2074  /* Commit 'hard' bindings. */
2075  renew_lease6(tmp->ipv6_pool, tmp);
2077 
2078  /* If we have anything to do on commit do it now */
2079  if (tmp->on_star.on_commit != NULL) {
2080  execute_statements(NULL, reply->packet,
2081  NULL, NULL,
2082  reply->packet->options,
2083  reply->opt_state,
2084  &tmp->scope,
2085  tmp->on_star.on_commit,
2086  &tmp->on_star);
2088  (&tmp->on_star.on_commit, MDL);
2089  }
2090 
2091 #if defined (NSUPDATE)
2092  /*
2093  * Perform ddns updates.
2094  */
2095  oc = lookup_option(&server_universe, reply->opt_state,
2096  SV_DDNS_UPDATES);
2097  if ((oc == NULL) ||
2098  evaluate_boolean_option_cache(NULL, reply->packet,
2099  NULL, NULL,
2100  reply->packet->options,
2101  reply->opt_state,
2102  &tmp->scope,
2103  oc, MDL)) {
2104  ddns_updates(reply->packet, NULL, NULL,
2105  tmp, NULL, reply->opt_state);
2106  }
2107 #endif
2108  }
2109 
2110  /* Remove any old ia from the hash. */
2111  if (reply->old_ia != NULL) {
2112  ia_id = &reply->old_ia->iaid_duid;
2113  ia_hash_delete(ia_na_active,
2114  (unsigned char *)ia_id->data,
2115  ia_id->len, MDL);
2116  ia_dereference(&reply->old_ia, MDL);
2117  }
2118 
2119  /* Put new ia into the hash. */
2120  reply->ia->cltt = cur_time;
2121  ia_id = &reply->ia->iaid_duid;
2122  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2123  ia_id->len, reply->ia, MDL);
2124 
2125  write_ia(reply->ia);
2126  }
2127 
2128  cleanup:
2129  if (packet_ia != NULL)
2130  option_state_dereference(&packet_ia, MDL);
2131  if (reply->reply_ia != NULL)
2132  option_state_dereference(&reply->reply_ia, MDL);
2133  if (ia_data.data != NULL)
2134  data_string_forget(&ia_data, MDL);
2135  if (data.data != NULL)
2137  if (reply->ia != NULL)
2138  ia_dereference(&reply->ia, MDL);
2139  if (reply->old_ia != NULL)
2140  ia_dereference(&reply->old_ia, MDL);
2141  if (reply->lease != NULL)
2142  iasubopt_dereference(&reply->lease, MDL);
2143  if (reply->fixed.data != NULL)
2144  data_string_forget(&reply->fixed, MDL);
2145  if (reply->subnet != NULL)
2146  subnet_dereference(&reply->subnet, MDL);
2147  if (reply->on_star.on_expiry != NULL)
2149  (&reply->on_star.on_expiry, MDL);
2150  if (reply->on_star.on_release != NULL)
2152  (&reply->on_star.on_release, MDL);
2153 
2154  /*
2155  * ISC_R_CANCELED is a status code used by the addr processing to
2156  * indicate we're replying with a status code. This is still a
2157  * success at higher layers.
2158  */
2159  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2160 }
2161 
2162 /*
2163  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2164  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2165  * in the event we are replying with a status code and do not wish to process
2166  * more IAADDRs within this IA.
2167  */
2168 static isc_result_t
2169 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2170  u_int32_t pref_life, valid_life;
2171  struct binding_scope **scope;
2172  struct group *group;
2173  struct subnet *subnet;
2174  struct iaddr tmp_addr;
2175  struct option_cache *oc;
2176  struct data_string iaaddr, data;
2177  isc_result_t status = ISC_R_SUCCESS;
2178 
2179  /* Initializes values that will be cleaned up. */
2180  memset(&iaaddr, 0, sizeof(iaaddr));
2181  memset(&data, 0, sizeof(data));
2182  /* Note that reply->lease may be set by address_is_owned() */
2183 
2184  /*
2185  * There is no point trying to process an incoming address if there
2186  * is no room for an outgoing address.
2187  */
2188  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2189  log_error("reply_process_addr: Out of room for address.");
2190  return ISC_R_NOSPACE;
2191  }
2192 
2193  /* Extract this IAADDR option. */
2194  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2195  reply->packet->options, NULL, &global_scope,
2196  addr, MDL) ||
2197  (iaaddr.len < IAADDR_OFFSET)) {
2198  log_error("reply_process_addr: error evaluating IAADDR.");
2199  status = ISC_R_FAILURE;
2200  goto cleanup;
2201  }
2202 
2203  /* The first 16 bytes are the IPv6 address. */
2204  pref_life = getULong(iaaddr.data + 16);
2205  valid_life = getULong(iaaddr.data + 20);
2206 
2207  if ((reply->client_valid == 0) ||
2208  (reply->client_valid > valid_life))
2209  reply->client_valid = valid_life;
2210 
2211  if ((reply->client_prefer == 0) ||
2212  (reply->client_prefer > pref_life))
2213  reply->client_prefer = pref_life;
2214 
2215  /*
2216  * Clients may choose to send :: as an address, with the idea to give
2217  * hints about preferred-lifetime or valid-lifetime.
2218  */
2219  tmp_addr.len = 16;
2220  memset(tmp_addr.iabuf, 0, 16);
2221  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2222  /* Status remains success; we just ignore this one. */
2223  goto cleanup;
2224  }
2225 
2226  /* tmp_addr len remains 16 */
2227  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2228 
2229  /*
2230  * Verify that this address is on the client's network.
2231  */
2232  for (subnet = reply->shared->subnets ; subnet != NULL ;
2233  subnet = subnet->next_sibling) {
2234  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2235  subnet->net))
2236  break;
2237  }
2238 
2239  /* Address not found on shared network. */
2240  if (subnet == NULL) {
2241  /* Ignore this address on 'soft' bindings. */
2242  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2243  /* disable rapid commit */
2244  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2246  reply->opt_state,
2248  /* status remains success */
2249  goto cleanup;
2250  }
2251 
2252  /*
2253  * RFC3315 section 18.2.1:
2254  *
2255  * If the server finds that the prefix on one or more IP
2256  * addresses in any IA in the message from the client is not
2257  * appropriate for the link to which the client is connected,
2258  * the server MUST return the IA to the client with a Status
2259  * Code option with the value NotOnLink.
2260  */
2261  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2262  /* Rewind the IA_NA to empty. */
2263  option_state_dereference(&reply->reply_ia, MDL);
2264  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2265  log_error("reply_process_addr: No memory for "
2266  "option state wipe.");
2267  status = ISC_R_NOMEMORY;
2268  goto cleanup;
2269  }
2270 
2271  /* Append a NotOnLink status code. */
2272  if (!set_status_code(STATUS_NotOnLink,
2273  "Address not for use on this "
2274  "link.", reply->reply_ia)) {
2275  log_error("reply_process_addr: Failure "
2276  "setting status code.");
2277  status = ISC_R_FAILURE;
2278  goto cleanup;
2279  }
2280 
2281  /* Fin (no more IAADDRs). */
2282  status = ISC_R_CANCELED;
2283  goto cleanup;
2284  }
2285 
2286  /*
2287  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2288  *
2289  * If the server finds that any of the addresses are not
2290  * appropriate for the link to which the client is attached,
2291  * the server returns the address to the client with lifetimes
2292  * of 0.
2293  */
2294  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2295  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2296  log_error("It is impossible to lease a client that is "
2297  "not sending a solicit, request, renew, or "
2298  "rebind.");
2299  status = ISC_R_FAILURE;
2300  goto cleanup;
2301  }
2302 
2303  reply->send_prefer = reply->send_valid = 0;
2304  goto send_addr;
2305  }
2306 
2307  /* Verify the address belongs to the client. */
2308  if (!address_is_owned(reply, &tmp_addr)) {
2309  /*
2310  * For solicit and request, any addresses included are
2311  * 'requested' addresses. For rebind, we actually have
2312  * no direction on what to do from 3315 section 18.2.4!
2313  * So I think the best bet is to try and give it out, and if
2314  * we can't, zero lifetimes.
2315  */
2316  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2317  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2318  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2319  status = reply_process_try_addr(reply, &tmp_addr);
2320 
2321  /*
2322  * If the address is in use, or isn't in any dynamic
2323  * range, continue as normal. If any other error was
2324  * found, error out.
2325  */
2326  if ((status != ISC_R_SUCCESS) &&
2327  (status != ISC_R_ADDRINUSE) &&
2328  (status != ISC_R_ADDRNOTAVAIL))
2329  goto cleanup;
2330 
2331  /*
2332  * If we didn't honor this lease, for solicit and
2333  * request we simply omit it from our answer. For
2334  * rebind, we send it with zeroed lifetimes.
2335  */
2336  if (reply->lease == NULL) {
2337  if (reply->packet->dhcpv6_msg_type ==
2338  DHCPV6_REBIND) {
2339  reply->send_prefer = 0;
2340  reply->send_valid = 0;
2341  goto send_addr;
2342  }
2343 
2344  /* status remains success - ignore */
2345  goto cleanup;
2346  }
2347  /*
2348  * RFC3315 section 18.2.3:
2349  *
2350  * If the server cannot find a client entry for the IA the
2351  * server returns the IA containing no addresses with a Status
2352  * Code option set to NoBinding in the Reply message.
2353  *
2354  * On mismatch we (ab)use this pretending we have not the IA
2355  * as soon as we have not an address.
2356  */
2357  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2358  /* Rewind the IA_NA to empty. */
2359  option_state_dereference(&reply->reply_ia, MDL);
2360  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2361  log_error("reply_process_addr: No memory for "
2362  "option state wipe.");
2363  status = ISC_R_NOMEMORY;
2364  goto cleanup;
2365  }
2366 
2367  /* Append a NoBinding status code. */
2368  if (!set_status_code(STATUS_NoBinding,
2369  "Address not bound to this "
2370  "interface.", reply->reply_ia)) {
2371  log_error("reply_process_addr: Unable to "
2372  "attach status code.");
2373  status = ISC_R_FAILURE;
2374  goto cleanup;
2375  }
2376 
2377  /* Fin (no more IAADDRs). */
2378  status = ISC_R_CANCELED;
2379  goto cleanup;
2380  } else {
2381  log_error("It is impossible to lease a client that is "
2382  "not sending a solicit, request, renew, or "
2383  "rebind message.");
2384  status = ISC_R_FAILURE;
2385  goto cleanup;
2386  }
2387  }
2388 
2389  if (reply->static_lease) {
2390  if (reply->host == NULL)
2391  log_fatal("Impossible condition at %s:%d.", MDL);
2392 
2393  scope = &global_scope;
2394  group = reply->subnet->group;
2395  } else {
2396  if (reply->lease == NULL)
2397  log_fatal("Impossible condition at %s:%d.", MDL);
2398 
2399  scope = &reply->lease->scope;
2400  group = reply->lease->ipv6_pool->ipv6_pond->group;
2401  }
2402 
2403  /*
2404  * If client_resources is nonzero, then the reply_process_is_addressed
2405  * function has executed configuration state into the reply option
2406  * cache. We will use that valid cache to derive configuration for
2407  * whether or not to engage in additional addresses, and similar.
2408  */
2409  if (reply->client_resources != 0) {
2410  unsigned limit = 1;
2411 
2412  /*
2413  * Does this client have "enough" addresses already? Default
2414  * to one. Everybody gets one, and one should be enough for
2415  * anybody.
2416  */
2417  oc = lookup_option(&server_universe, reply->opt_state,
2419  if (oc != NULL) {
2420  if (!evaluate_option_cache(&data, reply->packet,
2421  NULL, NULL,
2422  reply->packet->options,
2423  reply->opt_state,
2424  scope, oc, MDL) ||
2425  (data.len != 4)) {
2426  log_error("reply_process_addr: unable to "
2427  "evaluate addrs-per-ia value.");
2428  status = ISC_R_FAILURE;
2429  goto cleanup;
2430  }
2431 
2432  limit = getULong(data.data);
2434  }
2435 
2436  /*
2437  * If we wish to limit the client to a certain number of
2438  * addresses, then omit the address from the reply.
2439  */
2440  if (reply->client_resources >= limit)
2441  goto cleanup;
2442  }
2443 
2444  status = reply_process_is_addressed(reply, scope, group);
2445  if (status != ISC_R_SUCCESS)
2446  goto cleanup;
2447 
2448  send_addr:
2449  status = reply_process_send_addr(reply, &tmp_addr);
2450 
2451  cleanup:
2452  if (iaaddr.data != NULL)
2453  data_string_forget(&iaaddr, MDL);
2454  if (data.data != NULL)
2456  if (reply->lease != NULL)
2457  iasubopt_dereference(&reply->lease, MDL);
2458 
2459  return status;
2460 }
2461 
2462 /*
2463  * Verify the address belongs to the client. If we've got a host
2464  * record with a fixed address, it has to be the assigned address
2465  * (fault out all else). Otherwise it's a dynamic address, so lookup
2466  * that address and make sure it belongs to this DUID:IAID pair.
2467  */
2468 static isc_boolean_t
2469 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2470  int i;
2471  struct ipv6_pond *pond;
2472 
2473  /*
2474  * This faults out addresses that don't match fixed addresses.
2475  */
2476  if (reply->static_lease) {
2477  if (reply->fixed.data == NULL)
2478  log_fatal("Impossible condition at %s:%d.", MDL);
2479 
2480  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2481  return (ISC_TRUE);
2482 
2483  return (ISC_FALSE);
2484  }
2485 
2486  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2487  return (ISC_FALSE);
2488 
2489  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2490  struct iasubopt *tmp;
2491 
2492  tmp = reply->old_ia->iasubopt[i];
2493 
2494  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2495  if (lease6_usable(tmp) == ISC_FALSE) {
2496  return (ISC_FALSE);
2497  }
2498 
2499  pond = tmp->ipv6_pool->ipv6_pond;
2500  if (((pond->prohibit_list != NULL) &&
2501  (permitted(reply->packet, pond->prohibit_list))) ||
2502  ((pond->permit_list != NULL) &&
2503  (!permitted(reply->packet, pond->permit_list))))
2504  return (ISC_FALSE);
2505 
2506  iasubopt_reference(&reply->lease, tmp, MDL);
2507 
2508  return (ISC_TRUE);
2509  }
2510  }
2511 
2512  return (ISC_FALSE);
2513 }
2514 
2515 /* Process a client-supplied IA_TA. This may append options to the tail of
2516  * the reply packet being built in the reply_state structure.
2517  */
2518 static isc_result_t
2519 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2520  isc_result_t status = ISC_R_SUCCESS;
2521  u_int32_t iaid;
2522  unsigned ia_cursor;
2523  struct option_state *packet_ia;
2524  struct option_cache *oc;
2525  struct data_string ia_data, data;
2526  struct data_string iaaddr;
2527  u_int32_t pref_life, valid_life;
2528  struct iaddr tmp_addr;
2529 
2530  /* Initialize values that will get cleaned up on return. */
2531  packet_ia = NULL;
2532  memset(&ia_data, 0, sizeof(ia_data));
2533  memset(&data, 0, sizeof(data));
2534  memset(&iaaddr, 0, sizeof(iaaddr));
2535 
2536  /* Make sure there is at least room for the header. */
2537  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2538  log_error("reply_process_ia_ta: Reply too long for IA.");
2539  return ISC_R_NOSPACE;
2540  }
2541 
2542 
2543  /* Fetch the IA_TA contents. */
2544  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2545  ia, IA_TA_OFFSET)) {
2546  log_error("reply_process_ia_ta: error evaluating ia");
2547  status = ISC_R_FAILURE;
2548  goto cleanup;
2549  }
2550 
2551  /* Extract IA_TA header contents. */
2552  iaid = getULong(ia_data.data);
2553 
2554  /* Create an IA_TA structure. */
2555  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2556  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2557  log_error("reply_process_ia_ta: no memory for ia.");
2558  status = ISC_R_NOMEMORY;
2559  goto cleanup;
2560  }
2561  reply->ia->ia_type = D6O_IA_TA;
2562 
2563  /* Cache pre-existing IA, if any. */
2564  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2565  (unsigned char *)reply->ia->iaid_duid.data,
2566  reply->ia->iaid_duid.len, MDL);
2567 
2568  /*
2569  * Create an option cache to carry the IA_TA option contents, and
2570  * execute any user-supplied values into it.
2571  */
2572  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2573  status = ISC_R_NOMEMORY;
2574  goto cleanup;
2575  }
2576 
2577  /*
2578  * Temporary leases are dynamic by definition.
2579  */
2580  reply->static_lease = ISC_FALSE;
2581 
2582  /*
2583  * Save the cursor position at the start of the IA, so we can
2584  * set length later. We write a temporary
2585  * header out now just in case we decide to adjust the packet
2586  * within sub-process functions.
2587  */
2588  ia_cursor = reply->cursor;
2589 
2590  /* Initialize the IA_TA header. First the code. */
2591  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2592  reply->cursor += 2;
2593 
2594  /* Then option length. */
2595  putUShort(reply->buf.data + reply->cursor, 0x04u);
2596  reply->cursor += 2;
2597 
2598  /* Then IA_TA header contents; IAID. */
2599  putULong(reply->buf.data + reply->cursor, iaid);
2600  reply->cursor += 4;
2601 
2602  /*
2603  * Deal with an IAADDR for lifetimes.
2604  * For all or none, process IAADDRs as hints.
2605  */
2606  reply->valid = reply->prefer = 0xffffffff;
2607  reply->client_valid = reply->client_prefer = 0;
2608  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2609  for (; oc != NULL; oc = oc->next) {
2610  memset(&iaaddr, 0, sizeof(iaaddr));
2611  if (!evaluate_option_cache(&iaaddr, reply->packet,
2612  NULL, NULL,
2613  reply->packet->options, NULL,
2614  &global_scope, oc, MDL) ||
2615  (iaaddr.len < IAADDR_OFFSET)) {
2616  log_error("reply_process_ia_ta: error "
2617  "evaluating IAADDR.");
2618  status = ISC_R_FAILURE;
2619  goto cleanup;
2620  }
2621  /* The first 16 bytes are the IPv6 address. */
2622  pref_life = getULong(iaaddr.data + 16);
2623  valid_life = getULong(iaaddr.data + 20);
2624 
2625  if ((reply->client_valid == 0) ||
2626  (reply->client_valid > valid_life))
2627  reply->client_valid = valid_life;
2628 
2629  if ((reply->client_prefer == 0) ||
2630  (reply->client_prefer > pref_life))
2631  reply->client_prefer = pref_life;
2632 
2633  /* Nothing more if something has failed. */
2634  if (status == ISC_R_CANCELED)
2635  continue;
2636 
2637  tmp_addr.len = 16;
2638  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2639  if (!temporary_is_available(reply, &tmp_addr))
2640  goto bad_temp;
2641  status = reply_process_is_addressed(reply,
2642  &reply->lease->scope,
2643  reply->lease->ipv6_pool->ipv6_pond->group);
2644  if (status != ISC_R_SUCCESS)
2645  goto bad_temp;
2646  status = reply_process_send_addr(reply, &tmp_addr);
2647  if (status != ISC_R_SUCCESS)
2648  goto bad_temp;
2649  if (reply->lease != NULL)
2650  iasubopt_dereference(&reply->lease, MDL);
2651  continue;
2652 
2653  bad_temp:
2654  /* Rewind the IA_TA to empty. */
2655  option_state_dereference(&reply->reply_ia, MDL);
2656  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2657  status = ISC_R_NOMEMORY;
2658  goto cleanup;
2659  }
2660  status = ISC_R_CANCELED;
2661  reply->client_resources = 0;
2662  reply->resources_included = ISC_FALSE;
2663  if (reply->lease != NULL)
2664  iasubopt_dereference(&reply->lease, MDL);
2665  }
2666  reply->ia_count++;
2667 
2668  /*
2669  * Give the client temporary addresses.
2670  */
2671  if (reply->client_resources != 0)
2672  goto store;
2673  status = find_client_temporaries(reply);
2674  if (status == ISC_R_NORESOURCES) {
2675  switch (reply->packet->dhcpv6_msg_type) {
2676  case DHCPV6_SOLICIT:
2677  /*
2678  * No address for any IA is handled
2679  * by the caller.
2680  */
2681  /* FALL THROUGH */
2682 
2683  case DHCPV6_REQUEST:
2684  /* Section 18.2.1 (Request):
2685  *
2686  * If the server cannot assign any addresses to
2687  * an IA in the message from the client, the
2688  * server MUST include the IA in the Reply
2689  * message with no addresses in the IA and a
2690  * Status Code option in the IA containing
2691  * status code NoAddrsAvail.
2692  */
2693  option_state_dereference(&reply->reply_ia, MDL);
2694  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2695  log_error("reply_process_ia_ta: No "
2696  "memory for option state wipe.");
2697  status = ISC_R_NOMEMORY;
2698  goto cleanup;
2699  }
2700 
2701  if (!set_status_code(STATUS_NoAddrsAvail,
2702  "No addresses available "
2703  "for this interface.",
2704  reply->reply_ia)) {
2705  log_error("reply_process_ia_ta: Unable "
2706  "to set NoAddrsAvail status code.");
2707  status = ISC_R_FAILURE;
2708  goto cleanup;
2709  }
2710 
2711  status = ISC_R_SUCCESS;
2712  break;
2713 
2714  default:
2715  /*
2716  * We don't want to include the IA if we
2717  * provide zero addresses including zeroed
2718  * lifetimes.
2719  */
2720  if (reply->resources_included)
2721  status = ISC_R_SUCCESS;
2722  else
2723  goto cleanup;
2724  break;
2725  }
2726  } else if (status != ISC_R_SUCCESS)
2727  goto cleanup;
2728 
2729  store:
2730  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2731  sizeof(reply->buf) - reply->cursor,
2732  reply->reply_ia, reply->packet,
2733  required_opts_IA, NULL);
2734 
2735  /* Reset the length of this IA to match what was just written. */
2736  putUShort(reply->buf.data + ia_cursor + 2,
2737  reply->cursor - (ia_cursor + 4));
2738 
2739  /*
2740  * yes, goto's aren't the best but we also want to avoid extra
2741  * indents
2742  */
2743  if (status == ISC_R_CANCELED)
2744  goto cleanup;
2745 
2746  /*
2747  * If we have any addresses log what we are doing.
2748  */
2749  if (reply->ia->num_iasubopt != 0) {
2750  struct iasubopt *tmp;
2751  int i;
2752  char tmp_addr[INET6_ADDRSTRLEN];
2753 
2754  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2755  tmp = reply->ia->iasubopt[i];
2756 
2757  log_info("%s TA: address %s to client with duid %s "
2758  "iaid = %d valid for %d seconds",
2759  dhcpv6_type_names[reply->buf.reply.msg_type],
2760  inet_ntop(AF_INET6, &tmp->addr,
2761  tmp_addr, sizeof(tmp_addr)),
2762  print_hex_1(reply->client_id.len,
2763  reply->client_id.data, 60),
2764  iaid,
2765  tmp->valid);
2766  }
2767  }
2768 
2769  /*
2770  * For hard bindings we consume the new changes into
2771  * the database (if any have been attached to the ia_ta).
2772  *
2773  * Loop through the assigned dynamic addresses, referencing the
2774  * leases onto this IA_TA rather than any old ones, and updating
2775  * pool timers for each (if any).
2776  */
2777  if ((reply->ia->num_iasubopt != 0) &&
2778  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2779  struct iasubopt *tmp;
2780  struct data_string *ia_id;
2781  int i;
2782 
2783  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2784  tmp = reply->ia->iasubopt[i];
2785 
2786  if (tmp->ia != NULL)
2787  ia_dereference(&tmp->ia, MDL);
2788  ia_reference(&tmp->ia, reply->ia, MDL);
2789 
2790  /* Commit 'hard' bindings. */
2791  renew_lease6(tmp->ipv6_pool, tmp);
2793 
2794  /* If we have anything to do on commit do it now */
2795  if (tmp->on_star.on_commit != NULL) {
2796  execute_statements(NULL, reply->packet,
2797  NULL, NULL,
2798  reply->packet->options,
2799  reply->opt_state,
2800  &tmp->scope,
2801  tmp->on_star.on_commit,
2802  &tmp->on_star);
2804  (&tmp->on_star.on_commit, MDL);
2805  }
2806 
2807 #if defined (NSUPDATE)
2808  /*
2809  * Perform ddns updates.
2810  */
2811  oc = lookup_option(&server_universe, reply->opt_state,
2812  SV_DDNS_UPDATES);
2813  if ((oc == NULL) ||
2814  evaluate_boolean_option_cache(NULL, reply->packet,
2815  NULL, NULL,
2816  reply->packet->options,
2817  reply->opt_state,
2818  &tmp->scope,
2819  oc, MDL)) {
2820  ddns_updates(reply->packet, NULL, NULL,
2821  tmp, NULL, reply->opt_state);
2822  }
2823 #endif
2824  }
2825 
2826  /* Remove any old ia from the hash. */
2827  if (reply->old_ia != NULL) {
2828  ia_id = &reply->old_ia->iaid_duid;
2829  ia_hash_delete(ia_ta_active,
2830  (unsigned char *)ia_id->data,
2831  ia_id->len, MDL);
2832  ia_dereference(&reply->old_ia, MDL);
2833  }
2834 
2835  /* Put new ia into the hash. */
2836  reply->ia->cltt = cur_time;
2837  ia_id = &reply->ia->iaid_duid;
2838  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
2839  ia_id->len, reply->ia, MDL);
2840 
2841  write_ia(reply->ia);
2842  }
2843 
2844  cleanup:
2845  if (packet_ia != NULL)
2846  option_state_dereference(&packet_ia, MDL);
2847  if (iaaddr.data != NULL)
2848  data_string_forget(&iaaddr, MDL);
2849  if (reply->reply_ia != NULL)
2850  option_state_dereference(&reply->reply_ia, MDL);
2851  if (ia_data.data != NULL)
2852  data_string_forget(&ia_data, MDL);
2853  if (data.data != NULL)
2855  if (reply->ia != NULL)
2856  ia_dereference(&reply->ia, MDL);
2857  if (reply->old_ia != NULL)
2858  ia_dereference(&reply->old_ia, MDL);
2859  if (reply->lease != NULL)
2860  iasubopt_dereference(&reply->lease, MDL);
2861 
2862  /*
2863  * ISC_R_CANCELED is a status code used by the addr processing to
2864  * indicate we're replying with other addresses. This is still a
2865  * success at higher layers.
2866  */
2867  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2868 }
2869 
2870 /*
2871  * Verify the temporary address is available.
2872  */
2873 static isc_boolean_t
2874 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
2875  struct in6_addr tmp_addr;
2876  struct subnet *subnet;
2877  struct ipv6_pool *pool = NULL;
2878  struct ipv6_pond *pond = NULL;
2879  int i;
2880 
2881  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
2882  /*
2883  * Clients may choose to send :: as an address, with the idea to give
2884  * hints about preferred-lifetime or valid-lifetime.
2885  * So this is not a request for this address.
2886  */
2887  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
2888  return ISC_FALSE;
2889 
2890  /*
2891  * Verify that this address is on the client's network.
2892  */
2893  for (subnet = reply->shared->subnets ; subnet != NULL ;
2894  subnet = subnet->next_sibling) {
2895  if (addr_eq(subnet_number(*addr, subnet->netmask),
2896  subnet->net))
2897  break;
2898  }
2899 
2900  /* Address not found on shared network. */
2901  if (subnet == NULL)
2902  return ISC_FALSE;
2903 
2904  /*
2905  * Check if this address is owned (must be before next step).
2906  */
2907  if (address_is_owned(reply, addr))
2908  return ISC_TRUE;
2909 
2910  /*
2911  * Verify that this address is in a temporary pool and try to get it.
2912  */
2913  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
2914  if (((pond->prohibit_list != NULL) &&
2915  (permitted(reply->packet, pond->prohibit_list))) ||
2916  ((pond->permit_list != NULL) &&
2917  (!permitted(reply->packet, pond->permit_list))))
2918  continue;
2919 
2920  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
2921  if (pool->pool_type != D6O_IA_TA)
2922  continue;
2923 
2924  if (ipv6_in_pool(&tmp_addr, pool))
2925  break;
2926  }
2927 
2928  if (pool != NULL)
2929  break;
2930  }
2931 
2932  if (pool == NULL)
2933  return ISC_FALSE;
2934  if (lease6_exists(pool, &tmp_addr))
2935  return ISC_FALSE;
2936  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
2937  return ISC_FALSE;
2938  reply->lease->addr = tmp_addr;
2939  reply->lease->plen = 0;
2940  /* Default is soft binding for 2 minutes. */
2941  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
2942  return ISC_FALSE;
2943 
2944  return ISC_TRUE;
2945 }
2946 
2947 /*
2948  * Get a temporary address per prefix.
2949  */
2950 static isc_result_t
2951 find_client_temporaries(struct reply_state *reply) {
2952  int i;
2953  struct ipv6_pool *p = NULL;
2954  struct ipv6_pond *pond;
2955  isc_result_t status = ISC_R_NORESOURCES;;
2956  unsigned int attempts;
2957  struct iaddr send_addr;
2958 
2959  /*
2960  * Do a quick walk through of the ponds and pools
2961  * to see if we have any prefix pools
2962  */
2963  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
2964  if (pond->ipv6_pools == NULL)
2965  continue;
2966 
2967  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
2968  if (p->pool_type == D6O_IA_TA)
2969  break;
2970  }
2971  if (p != NULL)
2972  break;
2973  }
2974 
2975  /* If we get here and p is NULL we have no useful pools */
2976  if (p == NULL) {
2977  log_debug("Unable to get client addresses: "
2978  "no IPv6 pools on this shared network");
2979  return ISC_R_NORESOURCES;
2980  }
2981 
2982  /*
2983  * We have at least one pool that could provide an address
2984  * Now we walk through the ponds and pools again and check
2985  * to see if the client is permitted and if an address is
2986  * available
2987  */
2988 
2989  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
2990  if (((pond->prohibit_list != NULL) &&
2991  (permitted(reply->packet, pond->prohibit_list))) ||
2992  ((pond->permit_list != NULL) &&
2993  (!permitted(reply->packet, pond->permit_list))))
2994  continue;
2995 
2996  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
2997  if (p->pool_type != D6O_IA_TA) {
2998  continue;
2999  }
3000 
3001  /*
3002  * Get an address in this temporary pool.
3003  */
3004  status = create_lease6(p, &reply->lease, &attempts,
3005  &reply->client_id, cur_time + 120);
3006  if (status != ISC_R_SUCCESS) {
3007  log_debug("Unable to get a temporary address.");
3008  goto cleanup;
3009  }
3010 
3011  status = reply_process_is_addressed(reply,
3012  &reply->lease->scope,
3013  pond->group);
3014  if (status != ISC_R_SUCCESS) {
3015  goto cleanup;
3016  }
3017  send_addr.len = 16;
3018  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3019  status = reply_process_send_addr(reply, &send_addr);
3020  if (status != ISC_R_SUCCESS) {
3021  goto cleanup;
3022  }
3023  /*
3024  * reply->lease can't be null as we use it above
3025  * add check if that changes
3026  */
3027  iasubopt_dereference(&reply->lease, MDL);
3028  }
3029  }
3030 
3031  cleanup:
3032  if (reply->lease != NULL) {
3033  iasubopt_dereference(&reply->lease, MDL);
3034  }
3035  return status;
3036 }
3037 
3038 /*
3039  * This function only returns failure on 'hard' failures. If it succeeds,
3040  * it will leave a lease structure behind.
3041  */
3042 static isc_result_t
3043 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3044  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3045  struct ipv6_pool *pool = NULL;
3046  struct ipv6_pond *pond = NULL;
3047  int i;
3048  struct data_string data_addr;
3049 
3050  if ((reply == NULL) || (reply->shared == NULL) ||
3051  (addr == NULL) || (reply->lease != NULL))
3052  return (DHCP_R_INVALIDARG);
3053 
3054  /*
3055  * Do a quick walk through of the ponds and pools
3056  * to see if we have any NA address pools
3057  */
3058  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3059  if (pond->ipv6_pools == NULL)
3060  continue;
3061 
3062  for (i = 0; ; i++) {
3063  pool = pond->ipv6_pools[i];
3064  if ((pool == NULL) ||
3065  (pool->pool_type == D6O_IA_NA))
3066  break;
3067  }
3068  if (pool != NULL)
3069  break;
3070  }
3071 
3072  /* If we get here and p is NULL we have no useful pools */
3073  if (pool == NULL) {
3074  return (ISC_R_ADDRNOTAVAIL);
3075  }
3076 
3077  memset(&data_addr, 0, sizeof(data_addr));
3078  data_addr.len = addr->len;
3079  data_addr.data = addr->iabuf;
3080 
3081  /*
3082  * We have at least one pool that could provide an address
3083  * Now we walk through the ponds and pools again and check
3084  * to see if the client is permitted and if an address is
3085  * available
3086  *
3087  * Within a given pond we start looking at the last pool we
3088  * allocated from, unless it had a collision trying to allocate
3089  * an address. This will tend to move us into less-filled pools.
3090  */
3091 
3092  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3093  if (((pond->prohibit_list != NULL) &&
3094  (permitted(reply->packet, pond->prohibit_list))) ||
3095  ((pond->permit_list != NULL) &&
3096  (!permitted(reply->packet, pond->permit_list))))
3097  continue;
3098 
3099  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3100  if (pool->pool_type != D6O_IA_NA)
3101  continue;
3102 
3103  status = try_client_v6_address(&reply->lease, pool,
3104  &data_addr);
3105  if (status == ISC_R_SUCCESS)
3106  break;
3107  }
3108 
3109  if (status == ISC_R_SUCCESS)
3110  break;
3111  }
3112 
3113  /* Note that this is just pedantry. There is no allocation to free. */
3114  data_string_forget(&data_addr, MDL);
3115  /* Return just the most recent status... */
3116  return (status);
3117 }
3118 
3119 /* Look around for an address to give the client. First, look through the
3120  * old IA for addresses we can extend. Second, try to allocate a new address.
3121  * Finally, actually add that address into the current reply IA.
3122  */
3123 static isc_result_t
3124 find_client_address(struct reply_state *reply) {
3125  struct iaddr send_addr;
3126  isc_result_t status = ISC_R_NORESOURCES;
3127  struct iasubopt *lease, *best_lease = NULL;
3128  struct binding_scope **scope;
3129  struct group *group;
3130  int i;
3131 
3132  if (reply->static_lease) {
3133  if (reply->host == NULL)
3134  return DHCP_R_INVALIDARG;
3135 
3136  send_addr.len = 16;
3137  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3138 
3139  scope = &global_scope;
3140  group = reply->subnet->group;
3141  goto send_addr;
3142  }
3143 
3144  if (reply->old_ia != NULL) {
3145  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3146  struct shared_network *candidate_shared;
3147  struct ipv6_pond *pond;
3148 
3149  lease = reply->old_ia->iasubopt[i];
3150  candidate_shared = lease->ipv6_pool->shared_network;
3151  pond = lease->ipv6_pool->ipv6_pond;
3152 
3153  /*
3154  * Look for the best lease on the client's shared
3155  * network, that is still permitted
3156  */
3157 
3158  if ((candidate_shared != reply->shared) ||
3159  (lease6_usable(lease) != ISC_TRUE))
3160  continue;
3161 
3162  if (((pond->prohibit_list != NULL) &&
3163  (permitted(reply->packet, pond->prohibit_list))) ||
3164  ((pond->permit_list != NULL) &&
3165  (!permitted(reply->packet, pond->permit_list))))
3166  continue;
3167 
3168  best_lease = lease_compare(lease, best_lease);
3169  }
3170  }
3171 
3172  /* Try to pick a new address if we didn't find one, or if we found an
3173  * abandoned lease.
3174  */
3175  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3176  status = pick_v6_address(reply);
3177  } else if (best_lease != NULL) {
3178  iasubopt_reference(&reply->lease, best_lease, MDL);
3179  status = ISC_R_SUCCESS;
3180  }
3181 
3182  /* Pick the abandoned lease as a last resort. */
3183  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3184  /* I don't see how this is supposed to be done right now. */
3185  log_error("Reclaiming abandoned addresses is not yet "
3186  "supported. Treating this as an out of space "
3187  "condition.");
3188  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3189  }
3190 
3191  /* Give up now if we didn't find a lease. */
3192  if (status != ISC_R_SUCCESS)
3193  return status;
3194 
3195  if (reply->lease == NULL)
3196  log_fatal("Impossible condition at %s:%d.", MDL);
3197 
3198  /* Draw binding scopes from the lease's binding scope, and config
3199  * from the lease's containing subnet and higher. Note that it may
3200  * be desirable to place the group attachment directly in the pool.
3201  */
3202  scope = &reply->lease->scope;
3203  group = reply->lease->ipv6_pool->ipv6_pond->group;
3204 
3205  send_addr.len = 16;
3206  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3207 
3208  send_addr:
3209  status = reply_process_is_addressed(reply, scope, group);
3210  if (status != ISC_R_SUCCESS)
3211  return status;
3212 
3213  status = reply_process_send_addr(reply, &send_addr);
3214  return status;
3215 }
3216 
3217 /* Once an address is found for a client, perform several common functions;
3218  * Calculate and store valid and preferred lease times, draw client options
3219  * into the option state.
3220  */
3221 static isc_result_t
3222 reply_process_is_addressed(struct reply_state *reply,
3223  struct binding_scope **scope, struct group *group)
3224 {
3225  isc_result_t status = ISC_R_SUCCESS;
3226  struct data_string data;
3227  struct option_cache *oc;
3228  struct option_state *tmp_options = NULL;
3229  struct on_star *on_star;
3230  int i;
3231 
3232  /* Initialize values we will cleanup. */
3233  memset(&data, 0, sizeof(data));
3234 
3235  /*
3236  * Find the proper on_star block to use. We use the
3237  * one in the lease if we have a lease or the one in
3238  * the reply if we don't have a lease because this is
3239  * a static instance
3240  */
3241  if (reply->lease) {
3242  on_star = &reply->lease->on_star;
3243  } else {
3244  on_star = &reply->on_star;
3245  }
3246 
3247  /*
3248  * Bring in the root configuration. We only do this to bring
3249  * in the on * statements, as we didn't have the lease available
3250  * we did it the first time.
3251  */
3252  option_state_allocate(&tmp_options, MDL);
3253  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3254  reply->packet->options, tmp_options,
3255  &global_scope, root_group, NULL,
3256  on_star);
3257  if (tmp_options != NULL) {
3258  option_state_dereference(&tmp_options, MDL);
3259  }
3260 
3261  /*
3262  * Bring configured options into the root packet level cache - start
3263  * with the lease's closest enclosing group (passed in by the caller
3264  * as 'group').
3265  */
3266  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3267  reply->packet->options, reply->opt_state,
3268  scope, group, root_group, on_star);
3269 
3270  /* Execute statements from class scopes. */
3271  for (i = reply->packet->class_count; i > 0; i--) {
3272  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3273  reply->packet->options,
3274  reply->opt_state, scope,
3275  reply->packet->classes[i - 1]->group,
3276  group, on_star);
3277  }
3278 
3279  /*
3280  * If there is a host record, over-ride with values configured there,
3281  * without re-evaluating configuration from the previously executed
3282  * group or its common enclosers.
3283  */
3284  if (reply->host != NULL)
3285  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3286  reply->packet->options,
3287  reply->opt_state, scope,
3288  reply->host->group, group,
3289  on_star);
3290 
3291  /* Determine valid lifetime. */
3292  if (reply->client_valid == 0)
3293  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3294  else
3295  reply->send_valid = reply->client_valid;
3296 
3297  oc = lookup_option(&server_universe, reply->opt_state,
3299  if (oc != NULL) {
3300  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3301  reply->packet->options,
3302  reply->opt_state,
3303  scope, oc, MDL) ||
3304  (data.len != 4)) {
3305  log_error("reply_process_is_addressed: unable to "
3306  "evaluate default lease time");
3307  status = ISC_R_FAILURE;
3308  goto cleanup;
3309  }
3310 
3311  reply->send_valid = getULong(data.data);
3312  data_string_forget(&data, MDL);
3313  }
3314 
3315  if (reply->client_prefer == 0)
3316  reply->send_prefer = reply->send_valid;
3317  else
3318  reply->send_prefer = reply->client_prefer;
3319 
3320  if (reply->send_prefer >= reply->send_valid)
3321  reply->send_prefer = (reply->send_valid / 2) +
3322  (reply->send_valid / 8);
3323 
3324  oc = lookup_option(&server_universe, reply->opt_state,
3326  if (oc != NULL) {
3327  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3328  reply->packet->options,
3329  reply->opt_state,
3330  scope, oc, MDL) ||
3331  (data.len != 4)) {
3332  log_error("reply_process_is_addressed: unable to "
3333  "evaluate preferred lease time");
3334  status = ISC_R_FAILURE;
3335  goto cleanup;
3336  }
3337 
3338  reply->send_prefer = getULong(data.data);
3339  data_string_forget(&data, MDL);
3340  }
3341 
3342  /* Note lowest values for later calculation of renew/rebind times. */
3343  if (reply->prefer > reply->send_prefer)
3344  reply->prefer = reply->send_prefer;
3345 
3346  if (reply->valid > reply->send_valid)
3347  reply->valid = reply->send_valid;
3348 
3349 #if 0
3350  /*
3351  * XXX: Old 4.0.0 alpha code would change the host {} record
3352  * XXX: uid upon lease assignment. This was intended to cover the
3353  * XXX: case where a client first identifies itself using vendor
3354  * XXX: options in a solicit, or request, but later neglects to include
3355  * XXX: these options in a Renew or Rebind. It is not clear that this
3356  * XXX: is required, and has some startling ramifications (such as
3357  * XXX: how to recover this dynamic host {} state across restarts).
3358  */
3359  if (reply->host != NULL)
3360  change_host_uid(host, reply->client_id->data,
3361  reply->client_id->len);
3362 #endif /* 0 */
3363 
3364  /* Perform dynamic lease related update work. */
3365  if (reply->lease != NULL) {
3366  /* Cached lifetimes */
3367  reply->lease->prefer = reply->send_prefer;
3368  reply->lease->valid = reply->send_valid;
3369 
3370  /* Advance (or rewind) the valid lifetime. */
3371  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3372  reply->lease->soft_lifetime_end_time =
3373  cur_time + reply->send_valid;
3374  /* Wait before renew! */
3375  }
3376 
3377  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3378  if (status != ISC_R_SUCCESS) {
3379  log_fatal("reply_process_is_addressed: Unable to "
3380  "attach lease to new IA: %s",
3381  isc_result_totext(status));
3382  }
3383 
3384  /*
3385  * If this is a new lease, make sure it is attached somewhere.
3386  */
3387  if (reply->lease->ia == NULL) {
3388  ia_reference(&reply->lease->ia, reply->ia, MDL);
3389  }
3390  }
3391 
3392  /* Bring a copy of the relevant options into the IA scope. */
3393  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3394  reply->packet->options, reply->reply_ia,
3395  scope, group, root_group, NULL);
3396 
3397  /* Execute statements from class scopes. */
3398  for (i = reply->packet->class_count; i > 0; i--) {
3399  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3400  reply->packet->options,
3401  reply->reply_ia, scope,
3402  reply->packet->classes[i - 1]->group,
3403  group, NULL);
3404  }
3405 
3406  /*
3407  * And bring in host record configuration, if any, but not to overlap
3408  * the previous group or its common enclosers.
3409  */
3410  if (reply->host != NULL)
3411  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3412  reply->packet->options,
3413  reply->reply_ia, scope,
3414  reply->host->group, group, NULL);
3415 
3416  cleanup:
3417  if (data.data != NULL)
3418  data_string_forget(&data, MDL);
3419 
3420  if (status == ISC_R_SUCCESS)
3421  reply->client_resources++;
3422 
3423  return status;
3424 }
3425 
3426 /* Simply send an IAADDR within the IA scope as described. */
3427 static isc_result_t
3428 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3429  isc_result_t status = ISC_R_SUCCESS;
3430  struct data_string data;
3431 
3432  memset(&data, 0, sizeof(data));
3433 
3434  /* Now append the lease. */
3435  data.len = IAADDR_OFFSET;
3436  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3437  log_error("reply_process_send_addr: out of memory"
3438  "allocating new IAADDR buffer.");
3439  status = ISC_R_NOMEMORY;
3440  goto cleanup;
3441  }
3442  data.data = data.buffer->data;
3443 
3444  memcpy(data.buffer->data, addr->iabuf, 16);
3445  putULong(data.buffer->data + 16, reply->send_prefer);
3446  putULong(data.buffer->data + 20, reply->send_valid);
3447 
3448  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3449  data.buffer, data.buffer->data,
3450  data.len, D6O_IAADDR, 0)) {
3451  log_error("reply_process_send_addr: unable "
3452  "to save IAADDR option");
3453  status = ISC_R_FAILURE;
3454  goto cleanup;
3455  }
3456 
3457  reply->resources_included = ISC_TRUE;
3458 
3459  cleanup:
3460  if (data.data != NULL)
3462 
3463  return status;
3464 }
3465 
3466 /* Choose the better of two leases. */
3467 static struct iasubopt *
3468 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3469  if (alpha == NULL)
3470  return beta;
3471  if (beta == NULL)
3472  return alpha;
3473 
3474  switch(alpha->state) {
3475  case FTS_ACTIVE:
3476  switch(beta->state) {
3477  case FTS_ACTIVE:
3478  /* Choose the lease with the longest lifetime (most
3479  * likely the most recently allocated).
3480  */
3481  if (alpha->hard_lifetime_end_time <
3482  beta->hard_lifetime_end_time)
3483  return beta;
3484  else
3485  return alpha;
3486 
3487  case FTS_EXPIRED:
3488  case FTS_ABANDONED:
3489  return alpha;
3490 
3491  default:
3492  log_fatal("Impossible condition at %s:%d.", MDL);
3493  }
3494  break;
3495 
3496  case FTS_EXPIRED:
3497  switch (beta->state) {
3498  case FTS_ACTIVE:
3499  return beta;
3500 
3501  case FTS_EXPIRED:
3502  /* Choose the most recently expired lease. */
3503  if (alpha->hard_lifetime_end_time <
3504  beta->hard_lifetime_end_time)
3505  return beta;
3506  else if ((alpha->hard_lifetime_end_time ==
3507  beta->hard_lifetime_end_time) &&
3508  (alpha->soft_lifetime_end_time <
3509  beta->soft_lifetime_end_time))
3510  return beta;
3511  else
3512  return alpha;
3513 
3514  case FTS_ABANDONED:
3515  return alpha;
3516 
3517  default:
3518  log_fatal("Impossible condition at %s:%d.", MDL);
3519  }
3520  break;
3521 
3522  case FTS_ABANDONED:
3523  switch (beta->state) {
3524  case FTS_ACTIVE:
3525  case FTS_EXPIRED:
3526  return alpha;
3527 
3528  case FTS_ABANDONED:
3529  /* Choose the lease that was abandoned longest ago. */
3530  if (alpha->hard_lifetime_end_time <
3531  beta->hard_lifetime_end_time)
3532  return alpha;
3533 
3534  default:
3535  log_fatal("Impossible condition at %s:%d.", MDL);
3536  }
3537  break;
3538 
3539  default:
3540  log_fatal("Impossible condition at %s:%d.", MDL);
3541  }
3542 
3543  log_fatal("Triple impossible condition at %s:%d.", MDL);
3544  return NULL;
3545 }
3546 
3547 /* Process a client-supplied IA_PD. This may append options to the tail of
3548  * the reply packet being built in the reply_state structure.
3549  */
3550 static isc_result_t
3551 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
3552  isc_result_t status = ISC_R_SUCCESS;
3553  u_int32_t iaid;
3554  unsigned ia_cursor;
3555  struct option_state *packet_ia;
3556  struct option_cache *oc;
3557  struct data_string ia_data, data;
3558 
3559  /* Initialize values that will get cleaned up on return. */
3560  packet_ia = NULL;
3561  memset(&ia_data, 0, sizeof(ia_data));
3562  memset(&data, 0, sizeof(data));
3563  /*
3564  * Note that find_client_prefix() may set reply->lease.
3565  */
3566 
3567  /* Make sure there is at least room for the header. */
3568  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
3569  log_error("reply_process_ia_pd: Reply too long for IA.");
3570  return ISC_R_NOSPACE;
3571  }
3572 
3573 
3574  /* Fetch the IA_PD contents. */
3575  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
3576  ia, IA_PD_OFFSET)) {
3577  log_error("reply_process_ia_pd: error evaluating ia");
3578  status = ISC_R_FAILURE;
3579  goto cleanup;
3580  }
3581 
3582  /* Extract IA_PD header contents. */
3583  iaid = getULong(ia_data.data);
3584  reply->renew = getULong(ia_data.data + 4);
3585  reply->rebind = getULong(ia_data.data + 8);
3586 
3587  /* Create an IA_PD structure. */
3588  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
3589  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
3590  log_error("reply_process_ia_pd: no memory for ia.");
3591  status = ISC_R_NOMEMORY;
3592  goto cleanup;
3593  }
3594  reply->ia->ia_type = D6O_IA_PD;
3595 
3596  /* Cache pre-existing IA_PD, if any. */
3597  ia_hash_lookup(&reply->old_ia, ia_pd_active,
3598  (unsigned char *)reply->ia->iaid_duid.data,
3599  reply->ia->iaid_duid.len, MDL);
3600 
3601  /*
3602  * Create an option cache to carry the IA_PD option contents, and
3603  * execute any user-supplied values into it.
3604  */
3605  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3606  status = ISC_R_NOMEMORY;
3607  goto cleanup;
3608  }
3609 
3610  /* Check & count the fixed prefix host records. */
3611  reply->static_prefixes = 0;
3612  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
3613  struct iaddrcidrnetlist *fp;
3614 
3615  for (fp = reply->host->fixed_prefix; fp != NULL;
3616  fp = fp->next) {
3617  reply->static_prefixes += 1;
3618  }
3619  }
3620 
3621  /*
3622  * Save the cursor position at the start of the IA_PD, so we can
3623  * set length and adjust t1/t2 values later. We write a temporary
3624  * header out now just in case we decide to adjust the packet
3625  * within sub-process functions.
3626  */
3627  ia_cursor = reply->cursor;
3628 
3629  /* Initialize the IA_PD header. First the code. */
3630  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
3631  reply->cursor += 2;
3632 
3633  /* Then option length. */
3634  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
3635  reply->cursor += 2;
3636 
3637  /* Then IA_PD header contents; IAID. */
3638  putULong(reply->buf.data + reply->cursor, iaid);
3639  reply->cursor += 4;
3640 
3641  /* We store the client's t1 for now, and may over-ride it later. */
3642  putULong(reply->buf.data + reply->cursor, reply->renew);
3643  reply->cursor += 4;
3644 
3645  /* We store the client's t2 for now, and may over-ride it later. */
3646  putULong(reply->buf.data + reply->cursor, reply->rebind);
3647  reply->cursor += 4;
3648 
3649  /*
3650  * For each prefix in this IA_PD, decide what to do about it.
3651  */
3652  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
3653  reply->valid = reply->prefer = 0xffffffff;
3654  reply->client_valid = reply->client_prefer = 0;
3655  reply->preflen = -1;
3656  for (; oc != NULL ; oc = oc->next) {
3657  status = reply_process_prefix(reply, oc);
3658 
3659  /*
3660  * Canceled means we did not allocate prefixes to the
3661  * client, but we're "done" with this IA - we set a status
3662  * code. So transmit this reply, e.g., move on to the next
3663  * IA.
3664  */
3665  if (status == ISC_R_CANCELED)
3666  break;
3667 
3668  if ((status != ISC_R_SUCCESS) &&
3669  (status != ISC_R_ADDRINUSE) &&
3670  (status != ISC_R_ADDRNOTAVAIL))
3671  goto cleanup;
3672  }
3673 
3674  reply->pd_count++;
3675 
3676  /*
3677  * If we fell through the above and never gave the client
3678  * a prefix, give it one now.
3679  */
3680  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
3681  status = find_client_prefix(reply);
3682 
3683  if (status == ISC_R_NORESOURCES) {
3684  switch (reply->packet->dhcpv6_msg_type) {
3685  case DHCPV6_SOLICIT:
3686  /*
3687  * No prefix for any IA is handled
3688  * by the caller.
3689  */
3690  /* FALL THROUGH */
3691 
3692  case DHCPV6_REQUEST:
3693  /* Same than for addresses. */
3694  option_state_dereference(&reply->reply_ia, MDL);
3695  if (!option_state_allocate(&reply->reply_ia,
3696  MDL))
3697  {
3698  log_error("reply_process_ia_pd: No "
3699  "memory for option state "
3700  "wipe.");
3701  status = ISC_R_NOMEMORY;
3702  goto cleanup;
3703  }
3704 
3705  if (!set_status_code(STATUS_NoPrefixAvail,
3706  "No prefixes available "
3707  "for this interface.",
3708  reply->reply_ia)) {
3709  log_error("reply_process_ia_pd: "
3710  "Unable to set "
3711  "NoPrefixAvail status "
3712  "code.");
3713  status = ISC_R_FAILURE;
3714  goto cleanup;
3715  }
3716 
3717  status = ISC_R_SUCCESS;
3718  break;
3719 
3720  default:
3721  if (reply->resources_included)
3722  status = ISC_R_SUCCESS;
3723  else
3724  goto cleanup;
3725  break;
3726  }
3727  }
3728 
3729  if (status != ISC_R_SUCCESS)
3730  goto cleanup;
3731  }
3732 
3733  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
3734  sizeof(reply->buf) - reply->cursor,
3735  reply->reply_ia, reply->packet,
3736  required_opts_IA_PD, NULL);
3737 
3738  /* Reset the length of this IA_PD to match what was just written. */
3739  putUShort(reply->buf.data + ia_cursor + 2,
3740  reply->cursor - (ia_cursor + 4));
3741 
3742  /*
3743  * T1/T2 time selection is kind of weird. We actually use DHCP
3744  * (v4) scoped options as handy existing places where these might
3745  * be configured by an administrator. A value of zero tells the
3746  * client it may choose its own renewal time.
3747  */
3748  reply->renew = 0;
3749  oc = lookup_option(&dhcp_universe, reply->opt_state,
3751  if (oc != NULL) {
3752  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3753  reply->packet->options,
3754  reply->opt_state, &global_scope,
3755  oc, MDL) ||
3756  (data.len != 4)) {
3757  log_error("Invalid renewal time.");
3758  } else {
3759  reply->renew = getULong(data.data);
3760  }
3761 
3762  if (data.data != NULL)
3763  data_string_forget(&data, MDL);
3764  }
3765  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
3766 
3767  /* Now T2. */
3768  reply->rebind = 0;
3769  oc = lookup_option(&dhcp_universe, reply->opt_state,
3771  if (oc != NULL) {
3772  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3773  reply->packet->options,
3774  reply->opt_state, &global_scope,
3775  oc, MDL) ||
3776  (data.len != 4)) {
3777  log_error("Invalid rebinding time.");
3778  } else {
3779  reply->rebind = getULong(data.data);
3780  }
3781 
3782  if (data.data != NULL)
3783  data_string_forget(&data, MDL);
3784  }
3785  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
3786 
3787  /*
3788  * yes, goto's aren't the best but we also want to avoid extra
3789  * indents
3790  */
3791  if (status == ISC_R_CANCELED)
3792  goto cleanup;
3793 
3794  /*
3795  * Handle static prefixes, we always log stuff and if it's
3796  * a hard binding we run any commit statements that we have
3797  */
3798  if (reply->static_prefixes != 0) {
3799  char tmp_addr[INET6_ADDRSTRLEN];
3800  log_info("%s PD: address %s/%d to client with duid %s "
3801  "iaid = %d static",
3802  dhcpv6_type_names[reply->buf.reply.msg_type],
3803  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
3804  tmp_addr, sizeof(tmp_addr)),
3805  reply->fixed_pref.bits,
3806  print_hex_1(reply->client_id.len,
3807  reply->client_id.data, 60),
3808  iaid);
3809  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3810  (reply->on_star.on_commit != NULL)) {
3811  execute_statements(NULL, reply->packet, NULL, NULL,
3812  reply->packet->options,
3813  reply->opt_state,
3814  NULL, reply->on_star.on_commit,
3815  NULL);
3817  (&reply->on_star.on_commit, MDL);
3818  }
3819  goto cleanup;
3820  }
3821 
3822  /*
3823  * If we have any addresses log what we are doing.
3824  */
3825  if (reply->ia->num_iasubopt != 0) {
3826  struct iasubopt *tmp;
3827  int i;
3828  char tmp_addr[INET6_ADDRSTRLEN];
3829 
3830  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3831  tmp = reply->ia->iasubopt[i];
3832 
3833  log_info("%s PD: address %s/%d to client with duid %s"
3834  " iaid = %d valid for %d seconds",
3835  dhcpv6_type_names[reply->buf.reply.msg_type],
3836  inet_ntop(AF_INET6, &tmp->addr,
3837  tmp_addr, sizeof(tmp_addr)),
3838  (int)tmp->plen,
3839  print_hex_1(reply->client_id.len,
3840  reply->client_id.data, 60),
3841  iaid, tmp->valid);
3842  }
3843  }
3844 
3845  /*
3846  * If this is not a 'soft' binding, consume the new changes into
3847  * the database (if any have been attached to the ia_pd).
3848  *
3849  * Loop through the assigned dynamic prefixes, referencing the
3850  * prefixes onto this IA_PD rather than any old ones, and updating
3851  * prefix pool timers for each (if any).
3852  */
3853  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3854  (reply->ia->num_iasubopt != 0)) {
3855  struct iasubopt *tmp;
3856  struct data_string *ia_id;
3857  int i;
3858 
3859  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3860  tmp = reply->ia->iasubopt[i];
3861 
3862  if (tmp->ia != NULL)
3863  ia_dereference(&tmp->ia, MDL);
3864  ia_reference(&tmp->ia, reply->ia, MDL);
3865 
3866  /* Commit 'hard' bindings. */
3867  renew_lease6(tmp->ipv6_pool, tmp);
3869 
3870  /* If we have anything to do on commit do it now */
3871  if (tmp->on_star.on_commit != NULL) {
3872  execute_statements(NULL, reply->packet,
3873  NULL, NULL,
3874  reply->packet->options,
3875  reply->opt_state,
3876  &tmp->scope,
3877  tmp->on_star.on_commit,
3878  &tmp->on_star);
3880  (&tmp->on_star.on_commit, MDL);
3881  }
3882  }
3883 
3884  /* Remove any old ia from the hash. */
3885  if (reply->old_ia != NULL) {
3886  ia_id = &reply->old_ia->iaid_duid;
3887  ia_hash_delete(ia_pd_active,
3888  (unsigned char *)ia_id->data,
3889  ia_id->len, MDL);
3890  ia_dereference(&reply->old_ia, MDL);
3891  }
3892 
3893  /* Put new ia into the hash. */
3894  reply->ia->cltt = cur_time;
3895  ia_id = &reply->ia->iaid_duid;
3896  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
3897  ia_id->len, reply->ia, MDL);
3898 
3899  write_ia(reply->ia);
3900  }
3901 
3902  cleanup:
3903  if (packet_ia != NULL)
3904  option_state_dereference(&packet_ia, MDL);
3905  if (reply->reply_ia != NULL)
3906  option_state_dereference(&reply->reply_ia, MDL);
3907  if (ia_data.data != NULL)
3908  data_string_forget(&ia_data, MDL);
3909  if (data.data != NULL)
3911  if (reply->ia != NULL)
3912  ia_dereference(&reply->ia, MDL);
3913  if (reply->old_ia != NULL)
3914  ia_dereference(&reply->old_ia, MDL);
3915  if (reply->lease != NULL)
3916  iasubopt_dereference(&reply->lease, MDL);
3917  if (reply->on_star.on_expiry != NULL)
3919  (&reply->on_star.on_expiry, MDL);
3920  if (reply->on_star.on_release != NULL)
3922  (&reply->on_star.on_release, MDL);
3923 
3924  /*
3925  * ISC_R_CANCELED is a status code used by the prefix processing to
3926  * indicate we're replying with a status code. This is still a
3927  * success at higher layers.
3928  */
3929  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3930 }
3931 
3932 /*
3933  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
3934  * contents into the reply's current ia_pd-scoped option cache. Returns
3935  * ISC_R_CANCELED in the event we are replying with a status code and do
3936  * not wish to process more IAPREFIXes within this IA_PD.
3937  */
3938 static isc_result_t
3939 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
3940  u_int32_t pref_life, valid_life;
3941  struct binding_scope **scope;
3942  struct iaddrcidrnet tmp_pref;
3943  struct option_cache *oc;
3944  struct data_string iapref, data;
3945  isc_result_t status = ISC_R_SUCCESS;
3946  struct group *group;
3947 
3948  /* Initializes values that will be cleaned up. */
3949  memset(&iapref, 0, sizeof(iapref));
3950  memset(&data, 0, sizeof(data));
3951  /* Note that reply->lease may be set by prefix_is_owned() */
3952 
3953  /*
3954  * There is no point trying to process an incoming prefix if there
3955  * is no room for an outgoing prefix.
3956  */
3957  if ((reply->cursor + 29) > sizeof(reply->buf)) {
3958  log_error("reply_process_prefix: Out of room for prefix.");
3959  return ISC_R_NOSPACE;
3960  }
3961 
3962  /* Extract this IAPREFIX option. */
3963  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
3964  reply->packet->options, NULL, &global_scope,
3965  pref, MDL) ||
3966  (iapref.len < IAPREFIX_OFFSET)) {
3967  log_error("reply_process_prefix: error evaluating IAPREFIX.");
3968  status = ISC_R_FAILURE;
3969  goto cleanup;
3970  }
3971 
3972  /*
3973  * Layout: preferred and valid lifetimes followed by the prefix
3974  * length and the IPv6 address.
3975  */
3976  pref_life = getULong(iapref.data);
3977  valid_life = getULong(iapref.data + 4);
3978 
3979  if ((reply->client_valid == 0) ||
3980  (reply->client_valid > valid_life))
3981  reply->client_valid = valid_life;
3982 
3983  if ((reply->client_prefer == 0) ||
3984  (reply->client_prefer > pref_life))
3985  reply->client_prefer = pref_life;
3986 
3987  /*
3988  * Clients may choose to send ::/0 as a prefix, with the idea to give
3989  * hints about preferred-lifetime or valid-lifetime.
3990  */
3991  tmp_pref.lo_addr.len = 16;
3992  memset(tmp_pref.lo_addr.iabuf, 0, 16);
3993  if ((iapref.data[8] == 0) &&
3994  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
3995  /* Status remains success; we just ignore this one. */
3996  goto cleanup;
3997  }
3998 
3999  /*
4000  * Clients may choose to send ::/X as a prefix to specify a
4001  * preferred/requested prefix length. Note X is never zero here.
4002  */
4003  tmp_pref.bits = (int) iapref.data[8];
4004  if (reply->preflen < 0) {
4005  /* Cache the first preferred prefix length. */
4006  reply->preflen = tmp_pref.bits;
4007  }
4008  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4009  goto cleanup;
4010  }
4011 
4012  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4013 
4014  /* Verify the prefix belongs to the client. */
4015  if (!prefix_is_owned(reply, &tmp_pref)) {
4016  /* Same than for addresses. */
4017  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4018  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4019  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4020  status = reply_process_try_prefix(reply, &tmp_pref);
4021 
4022  /* Either error out or skip this prefix. */
4023  if ((status != ISC_R_SUCCESS) &&
4024  (status != ISC_R_ADDRINUSE) &&
4025  (status != ISC_R_ADDRNOTAVAIL))
4026  goto cleanup;
4027 
4028  if (reply->lease == NULL) {
4029  if (reply->packet->dhcpv6_msg_type ==
4030  DHCPV6_REBIND) {
4031  reply->send_prefer = 0;
4032  reply->send_valid = 0;
4033  goto send_pref;
4034  }
4035 
4036  /* status remains success - ignore */
4037  goto cleanup;
4038  }
4039  /*
4040  * RFC3633 section 18.2.3:
4041  *
4042  * If the delegating router cannot find a binding
4043  * for the requesting router's IA_PD the delegating
4044  * router returns the IA_PD containing no prefixes
4045  * with a Status Code option set to NoBinding in the
4046  * Reply message.
4047  *
4048  * On mismatch we (ab)use this pretending we have not the IA
4049  * as soon as we have not a prefix.
4050  */
4051  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4052  /* Rewind the IA_PD to empty. */
4053  option_state_dereference(&reply->reply_ia, MDL);
4054  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4055  log_error("reply_process_prefix: No memory "
4056  "for option state wipe.");
4057  status = ISC_R_NOMEMORY;
4058  goto cleanup;
4059  }
4060 
4061  /* Append a NoBinding status code. */
4062  if (!set_status_code(STATUS_NoBinding,
4063  "Prefix not bound to this "
4064  "interface.", reply->reply_ia)) {
4065  log_error("reply_process_prefix: Unable to "
4066  "attach status code.");
4067  status = ISC_R_FAILURE;
4068  goto cleanup;
4069  }
4070 
4071  /* Fin (no more IAPREFIXes). */
4072  status = ISC_R_CANCELED;
4073  goto cleanup;
4074  } else {
4075  log_error("It is impossible to lease a client that is "
4076  "not sending a solicit, request, renew, or "
4077  "rebind message.");
4078  status = ISC_R_FAILURE;
4079  goto cleanup;
4080  }
4081  }
4082 
4083  if (reply->static_prefixes > 0) {
4084  if (reply->host == NULL)
4085  log_fatal("Impossible condition at %s:%d.", MDL);
4086 
4087  scope = &global_scope;
4088 
4089  /* Find the static prefixe's subnet. */
4090  if (find_grouped_subnet(&reply->subnet, reply->shared,
4091  tmp_pref.lo_addr, MDL) == 0)
4092  log_fatal("Impossible condition at %s:%d.", MDL);
4093  group = reply->subnet->group;
4094  subnet_dereference(&reply->subnet, MDL);
4095 
4096  /* Copy the static prefix for logging purposes */
4097  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4098  } else {
4099  if (reply->lease == NULL)
4100  log_fatal("Impossible condition at %s:%d.", MDL);
4101 
4102  scope = &reply->lease->scope;
4103  group = reply->lease->ipv6_pool->ipv6_pond->group;
4104  }
4105 
4106  /*
4107  * If client_resources is nonzero, then the reply_process_is_prefixed
4108  * function has executed configuration state into the reply option
4109  * cache. We will use that valid cache to derive configuration for
4110  * whether or not to engage in additional prefixes, and similar.
4111  */
4112  if (reply->client_resources != 0) {
4113  unsigned limit = 1;
4114 
4115  /*
4116  * Does this client have "enough" prefixes already? Default
4117  * to one. Everybody gets one, and one should be enough for
4118  * anybody.
4119  */
4120  oc = lookup_option(&server_universe, reply->opt_state,
4122  if (oc != NULL) {
4123  if (!evaluate_option_cache(&data, reply->packet,
4124  NULL, NULL,
4125  reply->packet->options,
4126  reply->opt_state,
4127  scope, oc, MDL) ||
4128  (data.len != 4)) {
4129  log_error("reply_process_prefix: unable to "
4130  "evaluate prefs-per-ia value.");
4131  status = ISC_R_FAILURE;
4132  goto cleanup;
4133  }
4134 
4135  limit = getULong(data.data);
4136  data_string_forget(&data, MDL);
4137  }
4138 
4139  /*
4140  * If we wish to limit the client to a certain number of
4141  * prefixes, then omit the prefix from the reply.
4142  */
4143  if (reply->client_resources >= limit)
4144  goto cleanup;
4145  }
4146 
4147  status = reply_process_is_prefixed(reply, scope, group);
4148  if (status != ISC_R_SUCCESS)
4149  goto cleanup;
4150 
4151  send_pref:
4152  status = reply_process_send_prefix(reply, &tmp_pref);
4153 
4154  cleanup:
4155  if (iapref.data != NULL)
4156  data_string_forget(&iapref, MDL);
4157  if (data.data != NULL)
4158  data_string_forget(&data, MDL);
4159  if (reply->lease != NULL)
4160  iasubopt_dereference(&reply->lease, MDL);
4161 
4162  return status;
4163 }
4164 
4165 /*
4166  * Verify the prefix belongs to the client. If we've got a host
4167  * record with fixed prefixes, it has to be an assigned prefix
4168  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4169  * that prefix and make sure it belongs to this DUID:IAID pair.
4170  */
4171 static isc_boolean_t
4172 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4173  struct iaddrcidrnetlist *l;
4174  int i;
4175  struct ipv6_pond *pond;
4176 
4177  /*
4178  * This faults out prefixes that don't match fixed prefixes.
4179  */
4180  if (reply->static_prefixes > 0) {
4181  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4182  if ((pref->bits == l->cidrnet.bits) &&
4183  (memcmp(pref->lo_addr.iabuf,
4184  l->cidrnet.lo_addr.iabuf, 16) == 0))
4185  return (ISC_TRUE);
4186  }
4187  return (ISC_FALSE);
4188  }
4189 
4190  if ((reply->old_ia == NULL) ||
4191  (reply->old_ia->num_iasubopt == 0))
4192  return (ISC_FALSE);
4193 
4194  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4195  struct iasubopt *tmp;
4196 
4197  tmp = reply->old_ia->iasubopt[i];
4198 
4199  if ((pref->bits == (int) tmp->plen) &&
4200  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4201  if (lease6_usable(tmp) == ISC_FALSE) {
4202  return (ISC_FALSE);
4203  }
4204 
4205  pond = tmp->ipv6_pool->ipv6_pond;
4206  if (((pond->prohibit_list != NULL) &&
4207  (permitted(reply->packet, pond->prohibit_list))) ||
4208  ((pond->permit_list != NULL) &&
4209  (!permitted(reply->packet, pond->permit_list))))
4210  return (ISC_FALSE);
4211 
4212  iasubopt_reference(&reply->lease, tmp, MDL);
4213  return (ISC_TRUE);
4214  }
4215  }
4216 
4217  return (ISC_FALSE);
4218 }
4219 
4220 /*
4221  * This function only returns failure on 'hard' failures. If it succeeds,
4222  * it will leave a prefix structure behind.
4223  */
4224 static isc_result_t
4225 reply_process_try_prefix(struct reply_state *reply,
4226  struct iaddrcidrnet *pref) {
4227  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4228  struct ipv6_pool *pool = NULL;
4229  struct ipv6_pond *pond = NULL;
4230  int i;
4231  struct data_string data_pref;
4232 
4233  if ((reply == NULL) || (reply->shared == NULL) ||
4234  (pref == NULL) || (reply->lease != NULL))
4235  return (DHCP_R_INVALIDARG);
4236 
4237  /*
4238  * Do a quick walk through of the ponds and pools
4239  * to see if we have any prefix pools
4240  */
4241  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4242  if (pond->ipv6_pools == NULL)
4243  continue;
4244 
4245  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4246  if (pool->pool_type == D6O_IA_PD)
4247  break;
4248  }
4249  if (pool != NULL)
4250  break;
4251  }
4252 
4253  /* If we get here and p is NULL we have no useful pools */
4254  if (pool == NULL) {
4255  return (ISC_R_ADDRNOTAVAIL);
4256  }
4257 
4258  memset(&data_pref, 0, sizeof(data_pref));
4259  data_pref.len = 17;
4260  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4261  log_error("reply_process_try_prefix: out of memory.");
4262  return (ISC_R_NOMEMORY);
4263  }
4264  data_pref.data = data_pref.buffer->data;
4265  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4266  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4267 
4268  /*
4269  * We have at least one pool that could provide a prefix
4270  * Now we walk through the ponds and pools again and check
4271  * to see if the client is permitted and if an prefix is
4272  * available
4273  *
4274  */
4275 
4276  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4277  if (((pond->prohibit_list != NULL) &&
4278  (permitted(reply->packet, pond->prohibit_list))) ||
4279  ((pond->permit_list != NULL) &&
4280  (!permitted(reply->packet, pond->permit_list))))
4281  continue;
4282 
4283  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4284  if (pool->pool_type != D6O_IA_PD) {
4285  continue;
4286  }
4287 
4288  status = try_client_v6_prefix(&reply->lease, pool,
4289  &data_pref);
4290  /* If we found it in this pool (either in use or available),
4291  there is no need to look further. */
4292  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4293  break;
4294  }
4295  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4296  break;
4297  }
4298 
4299  data_string_forget(&data_pref, MDL);
4300  /* Return just the most recent status... */
4301  return (status);
4302 }
4303 
4304 /* Look around for a prefix to give the client. First, look through the old
4305  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4306  * Finally, actually add that prefix into the current reply IA_PD.
4307  */
4308 static isc_result_t
4309 find_client_prefix(struct reply_state *reply) {
4310  struct iaddrcidrnet send_pref;
4311  isc_result_t status = ISC_R_NORESOURCES;
4312  struct iasubopt *prefix, *best_prefix = NULL;
4313  struct binding_scope **scope;
4314  int i;
4315  struct group *group;
4316 
4317  if (reply->static_prefixes > 0) {
4318  struct iaddrcidrnetlist *l;
4319 
4320  if (reply->host == NULL)
4321  return DHCP_R_INVALIDARG;
4322 
4323  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4324  if (l->cidrnet.bits == reply->preflen)
4325  break;
4326  }
4327  if (l == NULL) {
4328  /*
4329  * If no fixed prefix has the preferred length,
4330  * get the first one.
4331  */
4332  l = reply->host->fixed_prefix;
4333  }
4334  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4335 
4336  scope = &global_scope;
4337 
4338  /* Find the static prefixe's subnet. */
4339  if (find_grouped_subnet(&reply->subnet, reply->shared,
4340  send_pref.lo_addr, MDL) == 0)
4341  log_fatal("Impossible condition at %s:%d.", MDL);
4342  group = reply->subnet->group;
4343  subnet_dereference(&reply->subnet, MDL);
4344 
4345  /* Copy the prefix for logging purposes */
4346  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4347 
4348  goto send_pref;
4349  }
4350 
4351  if (reply->old_ia != NULL) {
4352  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4353  struct shared_network *candidate_shared;
4354  struct ipv6_pond *pond;
4355 
4356  prefix = reply->old_ia->iasubopt[i];
4357  candidate_shared = prefix->ipv6_pool->shared_network;
4358  pond = prefix->ipv6_pool->ipv6_pond;
4359 
4360  /*
4361  * Consider this prefix if it is in a global pool or
4362  * if it is scoped in a pool under the client's shared
4363  * network.
4364  */
4365  if (((candidate_shared != NULL) &&
4366  (candidate_shared != reply->shared)) ||
4367  (lease6_usable(prefix) != ISC_TRUE))
4368  continue;
4369 
4370  /*
4371  * And check if the prefix is still permitted
4372  */
4373 
4374  if (((pond->prohibit_list != NULL) &&
4375  (permitted(reply->packet, pond->prohibit_list))) ||
4376  ((pond->permit_list != NULL) &&
4377  (!permitted(reply->packet, pond->permit_list))))
4378  continue;
4379 
4380  best_prefix = prefix_compare(reply, prefix,
4381  best_prefix);
4382  }
4383  }
4384 
4385  /* Try to pick a new prefix if we didn't find one, or if we found an
4386  * abandoned prefix.
4387  */
4388  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4389  status = pick_v6_prefix(reply);
4390  } else if (best_prefix != NULL) {
4391  iasubopt_reference(&reply->lease, best_prefix, MDL);
4392  status = ISC_R_SUCCESS;
4393  }
4394 
4395  /* Pick the abandoned prefix as a last resort. */
4396  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4397  /* I don't see how this is supposed to be done right now. */
4398  log_error("Reclaiming abandoned prefixes is not yet "
4399  "supported. Treating this as an out of space "
4400  "condition.");
4401  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4402  }
4403 
4404  /* Give up now if we didn't find a prefix. */
4405  if (status != ISC_R_SUCCESS)
4406  return status;
4407 
4408  if (reply->lease == NULL)
4409  log_fatal("Impossible condition at %s:%d.", MDL);
4410 
4411  scope = &reply->lease->scope;
4412  group = reply->lease->ipv6_pool->ipv6_pond->group;
4413 
4414  send_pref.lo_addr.len = 16;
4415  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4416  send_pref.bits = (int) reply->lease->plen;
4417 
4418  send_pref:
4419  status = reply_process_is_prefixed(reply, scope, group);
4420  if (status != ISC_R_SUCCESS)
4421  return status;
4422 
4423  status = reply_process_send_prefix(reply, &send_pref);
4424  return status;
4425 }
4426 
4427 /* Once a prefix is found for a client, perform several common functions;
4428  * Calculate and store valid and preferred prefix times, draw client options
4429  * into the option state.
4430  */
4431 static isc_result_t
4432 reply_process_is_prefixed(struct reply_state *reply,
4433  struct binding_scope **scope, struct group *group)
4434 {
4435  isc_result_t status = ISC_R_SUCCESS;
4436  struct data_string data;
4437  struct option_cache *oc;
4438  struct option_state *tmp_options = NULL;
4439  struct on_star *on_star;
4440  int i;
4441 
4442  /* Initialize values we will cleanup. */
4443  memset(&data, 0, sizeof(data));
4444 
4445  /*
4446  * Find the proper on_star block to use. We use the
4447  * one in the lease if we have a lease or the one in
4448  * the reply if we don't have a lease because this is
4449  * a static instance
4450  */
4451  if (reply->lease) {
4452  on_star = &reply->lease->on_star;
4453  } else {
4454  on_star = &reply->on_star;
4455  }
4456 
4457  /*
4458  * Bring in the root configuration. We only do this to bring
4459  * in the on * statements, as we didn't have the lease available
4460  * we we did it the first time.
4461  */
4462  option_state_allocate(&tmp_options, MDL);
4463  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4464  reply->packet->options, tmp_options,
4465  &global_scope, root_group, NULL,
4466  on_star);
4467  if (tmp_options != NULL) {
4468  option_state_dereference(&tmp_options, MDL);
4469  }
4470 
4471  /*
4472  * Bring configured options into the root packet level cache - start
4473  * with the lease's closest enclosing group (passed in by the caller
4474  * as 'group').
4475  */
4476  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4477  reply->packet->options, reply->opt_state,
4478  scope, group, root_group, on_star);
4479 
4480  /* Execute statements from class scopes. */
4481  for (i = reply->packet->class_count; i > 0; i--) {
4482  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4483  reply->packet->options,
4484  reply->opt_state, scope,
4485  reply->packet->classes[i - 1]->group,
4486  group, on_star);
4487  }
4488 
4489  /*
4490  * If there is a host record, over-ride with values configured there,
4491  * without re-evaluating configuration from the previously executed
4492  * group or its common enclosers.
4493  */
4494  if (reply->host != NULL)
4495  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4496  reply->packet->options,
4497  reply->opt_state, scope,
4498  reply->host->group, group,
4499  on_star);
4500 
4501  /* Determine valid lifetime. */
4502  if (reply->client_valid == 0)
4503  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
4504  else
4505  reply->send_valid = reply->client_valid;
4506 
4507  oc = lookup_option(&server_universe, reply->opt_state,
4509  if (oc != NULL) {
4510  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4511  reply->packet->options,
4512  reply->opt_state,
4513  scope, oc, MDL) ||
4514  (data.len != 4)) {
4515  log_error("reply_process_is_prefixed: unable to "
4516  "evaluate default prefix time");
4517  status = ISC_R_FAILURE;
4518  goto cleanup;
4519  }
4520 
4521  reply->send_valid = getULong(data.data);
4522  data_string_forget(&data, MDL);
4523  }
4524 
4525  if (reply->client_prefer == 0)
4526  reply->send_prefer = reply->send_valid;
4527  else
4528  reply->send_prefer = reply->client_prefer;
4529 
4530  if (reply->send_prefer >= reply->send_valid)
4531  reply->send_prefer = (reply->send_valid / 2) +
4532  (reply->send_valid / 8);
4533 
4534  oc = lookup_option(&server_universe, reply->opt_state,
4536  if (oc != NULL) {
4537  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4538  reply->packet->options,
4539  reply->opt_state,
4540  scope, oc, MDL) ||
4541  (data.len != 4)) {
4542  log_error("reply_process_is_prefixed: unable to "
4543  "evaluate preferred prefix time");
4544  status = ISC_R_FAILURE;
4545  goto cleanup;
4546  }
4547 
4548  reply->send_prefer = getULong(data.data);
4549  data_string_forget(&data, MDL);
4550  }
4551 
4552  /* Note lowest values for later calculation of renew/rebind times. */
4553  if (reply->prefer > reply->send_prefer)
4554  reply->prefer = reply->send_prefer;
4555 
4556  if (reply->valid > reply->send_valid)
4557  reply->valid = reply->send_valid;
4558 
4559  /* Perform dynamic prefix related update work. */
4560  if (reply->lease != NULL) {
4561  /* Cached lifetimes */
4562  reply->lease->prefer = reply->send_prefer;
4563  reply->lease->valid = reply->send_valid;
4564 
4565  /* Advance (or rewind) the valid lifetime. */
4566  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
4567  reply->lease->soft_lifetime_end_time =
4568  cur_time + reply->send_valid;
4569  /* Wait before renew! */
4570  }
4571 
4572  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
4573  if (status != ISC_R_SUCCESS) {
4574  log_fatal("reply_process_is_prefixed: Unable to "
4575  "attach prefix to new IA_PD: %s",
4576  isc_result_totext(status));
4577  }
4578 
4579  /*
4580  * If this is a new prefix, make sure it is attached somewhere.
4581  */
4582  if (reply->lease->ia == NULL) {
4583  ia_reference(&reply->lease->ia, reply->ia, MDL);
4584  }
4585  }
4586 
4587  /* Bring a copy of the relevant options into the IA_PD scope. */
4588  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4589  reply->packet->options, reply->reply_ia,
4590  scope, group, root_group, NULL);
4591 
4592  /* Execute statements from class scopes. */
4593  for (i = reply->packet->class_count; i > 0; i--) {
4594  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4595  reply->packet->options,
4596  reply->reply_ia, scope,
4597  reply->packet->classes[i - 1]->group,
4598  group, NULL);
4599  }
4600 
4601  /*
4602  * And bring in host record configuration, if any, but not to overlap
4603  * the previous group or its common enclosers.
4604  */
4605  if (reply->host != NULL)
4606  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4607  reply->packet->options,
4608  reply->reply_ia, scope,
4609  reply->host->group, group, NULL);
4610 
4611  cleanup:
4612  if (data.data != NULL)
4613  data_string_forget(&data, MDL);
4614 
4615  if (status == ISC_R_SUCCESS)
4616  reply->client_resources++;
4617 
4618  return status;
4619 }
4620 
4621 /* Simply send an IAPREFIX within the IA_PD scope as described. */
4622 static isc_result_t
4623 reply_process_send_prefix(struct reply_state *reply,
4624  struct iaddrcidrnet *pref) {
4625  isc_result_t status = ISC_R_SUCCESS;
4626  struct data_string data;
4627 
4628  memset(&data, 0, sizeof(data));
4629 
4630  /* Now append the prefix. */
4631  data.len = IAPREFIX_OFFSET;
4632  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
4633  log_error("reply_process_send_prefix: out of memory"
4634  "allocating new IAPREFIX buffer.");
4635  status = ISC_R_NOMEMORY;
4636  goto cleanup;
4637  }
4638  data.data = data.buffer->data;
4639 
4640  putULong(data.buffer->data, reply->send_prefer);
4641  putULong(data.buffer->data + 4, reply->send_valid);
4642  data.buffer->data[8] = pref->bits;
4643  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
4644 
4645  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
4646  data.buffer, data.buffer->data,
4647  data.len, D6O_IAPREFIX, 0)) {
4648  log_error("reply_process_send_prefix: unable "
4649  "to save IAPREFIX option");
4650  status = ISC_R_FAILURE;
4651  goto cleanup;
4652  }
4653 
4654  reply->resources_included = ISC_TRUE;
4655 
4656  cleanup:
4657  if (data.data != NULL)
4659 
4660  return status;
4661 }
4662 
4663 /* Choose the better of two prefixes. */
4664 static struct iasubopt *
4665 prefix_compare(struct reply_state *reply,
4666  struct iasubopt *alpha, struct iasubopt *beta) {
4667  if (alpha == NULL)
4668  return beta;
4669  if (beta == NULL)
4670  return alpha;
4671 
4672  if (reply->preflen >= 0) {
4673  if ((alpha->plen == reply->preflen) &&
4674  (beta->plen != reply->preflen))
4675  return alpha;
4676  if ((beta->plen == reply->preflen) &&
4677  (alpha->plen != reply->preflen))
4678  return beta;
4679  }
4680 
4681  switch(alpha->state) {
4682  case FTS_ACTIVE:
4683  switch(beta->state) {
4684  case FTS_ACTIVE:
4685  /* Choose the prefix with the longest lifetime (most
4686  * likely the most recently allocated).
4687  */
4688  if (alpha->hard_lifetime_end_time <
4689  beta->hard_lifetime_end_time)
4690  return beta;
4691  else
4692  return alpha;
4693 
4694  case FTS_EXPIRED:
4695  case FTS_ABANDONED:
4696  return alpha;
4697 
4698  default:
4699  log_fatal("Impossible condition at %s:%d.", MDL);
4700  }
4701  break;
4702 
4703  case FTS_EXPIRED:
4704  switch (beta->state) {
4705  case FTS_ACTIVE:
4706  return beta;
4707 
4708  case FTS_EXPIRED:
4709  /* Choose the most recently expired prefix. */
4710  if (alpha->hard_lifetime_end_time <
4711  beta->hard_lifetime_end_time)
4712  return beta;
4713  else if ((alpha->hard_lifetime_end_time ==
4714  beta->hard_lifetime_end_time) &&
4715  (alpha->soft_lifetime_end_time <
4716  beta->soft_lifetime_end_time))
4717  return beta;
4718  else
4719  return alpha;
4720 
4721  case FTS_ABANDONED:
4722  return alpha;
4723 
4724  default:
4725  log_fatal("Impossible condition at %s:%d.", MDL);
4726  }
4727  break;
4728 
4729  case FTS_ABANDONED:
4730  switch (beta->state) {
4731  case FTS_ACTIVE:
4732  case FTS_EXPIRED:
4733  return alpha;
4734 
4735  case FTS_ABANDONED:
4736  /* Choose the prefix that was abandoned longest ago. */
4737  if (alpha->hard_lifetime_end_time <
4738  beta->hard_lifetime_end_time)
4739  return alpha;
4740 
4741  default:
4742  log_fatal("Impossible condition at %s:%d.", MDL);
4743  }
4744  break;
4745 
4746  default:
4747  log_fatal("Impossible condition at %s:%d.", MDL);
4748  }
4749 
4750  log_fatal("Triple impossible condition at %s:%d.", MDL);
4751  return NULL;
4752 }
4753 
4754 /*
4755  * Solicit is how a client starts requesting addresses.
4756  *
4757  * If the client asks for rapid commit, and we support it, we will
4758  * allocate the addresses and reply.
4759  *
4760  * Otherwise we will send an advertise message.
4761  */
4762 
4763 static void
4764 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
4765  struct data_string client_id;
4766 
4768 
4769  /*
4770  * Validate our input.
4771  */
4772  if (!valid_client_msg(packet, &client_id)) {
4773  return;
4774  }
4775 
4776  lease_to_client(reply_ret, packet, &client_id, NULL);
4777 
4778  /*
4779  * Clean up.
4780  */
4781  data_string_forget(&client_id, MDL);
4782 
4784 }
4785 
4786 /*
4787  * Request is how a client actually requests addresses.
4788  *
4789  * Very similar to Solicit handling, except the server DUID is required.
4790  */
4791 
4792 static void
4793 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
4794  struct data_string client_id;
4795  struct data_string server_id;
4796 
4798 
4799  /*
4800  * Validate our input.
4801  */
4802  if (!valid_client_resp(packet, &client_id, &server_id)) {
4803  return;
4804  }
4805 
4806  /*
4807  * Issue our lease.
4808  */
4809  lease_to_client(reply_ret, packet, &client_id, &server_id);
4810 
4811  /*
4812  * Cleanup.
4813  */
4814  data_string_forget(&client_id, MDL);
4815  data_string_forget(&server_id, MDL);
4816 
4818 }
4819 
4820 /* Find a DHCPv6 packet's shared network from hints in the packet.
4821  */
4822 static isc_result_t
4823 shared_network_from_packet6(struct shared_network **shared,
4824  struct packet *packet)
4825 {
4826  const struct packet *chk_packet;
4827  const struct in6_addr *link_addr, *first_link_addr;
4828  struct iaddr tmp_addr;
4829  struct subnet *subnet;
4830  isc_result_t status;
4831 
4832  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
4833  return DHCP_R_INVALIDARG;
4834 
4835  /*
4836  * First, find the link address where the packet from the client
4837  * first appeared (if this packet was relayed).
4838  */
4839  first_link_addr = NULL;
4840  chk_packet = packet->dhcpv6_container_packet;
4841  while (chk_packet != NULL) {
4842  link_addr = &chk_packet->dhcpv6_link_address;
4843  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
4844  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
4845  first_link_addr = link_addr;
4846  break;
4847  }
4848  chk_packet = chk_packet->dhcpv6_container_packet;
4849  }
4850 
4851  /*
4852  * If there is a relayed link address, find the subnet associated
4853  * with that, and use that to get the appropriate
4854  * shared_network.
4855  */
4856  if (first_link_addr != NULL) {
4857  tmp_addr.len = sizeof(*first_link_addr);
4858  memcpy(tmp_addr.iabuf,
4859  first_link_addr, sizeof(*first_link_addr));
4860  subnet = NULL;
4861  if (!find_subnet(&subnet, tmp_addr, MDL)) {
4862  log_debug("No subnet found for link-address %s.",
4863  piaddr(tmp_addr));
4864  return ISC_R_NOTFOUND;
4865  }
4866  status = shared_network_reference(shared,
4867  subnet->shared_network, MDL);
4868  subnet_dereference(&subnet, MDL);
4869 
4870  /*
4871  * If there is no link address, we will use the interface
4872  * that this packet came in on to pick the shared_network.
4873  */
4874  } else if (packet->interface != NULL) {
4875  status = shared_network_reference(shared,
4876  packet->interface->shared_network,
4877  MDL);
4878  if (packet->dhcpv6_container_packet != NULL) {
4879  log_info("[L2 Relay] No link address in relay packet "
4880  "assuming L2 relay and using receiving "
4881  "interface");
4882  }
4883 
4884  } else {
4885  /*
4886  * We shouldn't be able to get here but if there is no link
4887  * address and no interface we don't know where to get the
4888  * pool from log an error and return an error.
4889  */
4890  log_error("No interface and no link address "
4891  "can't determine pool");
4892  status = DHCP_R_INVALIDARG;
4893  }
4894 
4895  return status;
4896 }
4897 
4898 /*
4899  * When a client thinks it might be on a new link, it sends a
4900  * Confirm message.
4901  *
4902  * From RFC3315 section 18.2.2:
4903  *
4904  * When the server receives a Confirm message, the server determines
4905  * whether the addresses in the Confirm message are appropriate for the
4906  * link to which the client is attached. If all of the addresses in the
4907  * Confirm message pass this test, the server returns a status of
4908  * Success. If any of the addresses do not pass this test, the server
4909  * returns a status of NotOnLink. If the server is unable to perform
4910  * this test (for example, the server does not have information about
4911  * prefixes on the link to which the client is connected), or there were
4912  * no addresses in any of the IAs sent by the client, the server MUST
4913  * NOT send a reply to the client.
4914  */
4915 
4916 static void
4917 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
4918  struct shared_network *shared;
4919  struct subnet *subnet;
4920  struct option_cache *ia, *ta, *oc;
4921  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
4922  struct option_state *cli_enc_opt_state, *opt_state;
4923  struct iaddr cli_addr;
4924  int pass;
4925  isc_boolean_t inappropriate, has_addrs;
4926  char reply_data[65536];
4927  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
4928  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
4929 
4931 
4932  /*
4933  * Basic client message validation.
4934  */
4935  memset(&client_id, 0, sizeof(client_id));
4936  if (!valid_client_msg(packet, &client_id)) {
4937  return;
4938  }
4939 
4940  /*
4941  * Do not process Confirms that do not have IA's we do not recognize.
4942  */
4945  if ((ia == NULL) && (ta == NULL))
4946  return;
4947 
4948  /*
4949  * IA_PD's are simply ignored.
4950  */
4952 
4953  /*
4954  * Bit of variable initialization.
4955  */
4956  opt_state = cli_enc_opt_state = NULL;
4957  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
4958  memset(&iaaddr, 0, sizeof(iaaddr));
4959  memset(&packet_oro, 0, sizeof(packet_oro));
4960 
4961  /* Determine what shared network the client is connected to. We
4962  * must not respond if we don't have any information about the
4963  * network the client is on.
4964  */
4965  shared = NULL;
4966  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
4967  (shared == NULL))
4968  goto exit;
4969 
4970  /* If there are no recorded subnets, then we have no
4971  * information about this subnet - ignore Confirms.
4972  */
4973  subnet = shared->subnets;
4974  if (subnet == NULL)
4975  goto exit;
4976 
4977  /* Are the addresses in all the IA's appropriate for that link? */
4978  has_addrs = inappropriate = ISC_FALSE;
4979  pass = D6O_IA_NA;
4980  while(!inappropriate) {
4981  /* If we've reached the end of the IA_NA pass, move to the
4982  * IA_TA pass.
4983  */
4984  if ((pass == D6O_IA_NA) && (ia == NULL)) {
4985  pass = D6O_IA_TA;
4986  ia = ta;
4987  }
4988 
4989  /* If we've reached the end of all passes, we're done. */
4990  if (ia == NULL)
4991  break;
4992 
4993  if (((pass == D6O_IA_NA) &&
4994  !get_encapsulated_IA_state(&cli_enc_opt_state,
4995  &cli_enc_opt_data,
4996  packet, ia, IA_NA_OFFSET)) ||
4997  ((pass == D6O_IA_TA) &&
4998  !get_encapsulated_IA_state(&cli_enc_opt_state,
4999  &cli_enc_opt_data,
5000  packet, ia, IA_TA_OFFSET))) {
5001  goto exit;
5002  }
5003 
5004  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5005  D6O_IAADDR);
5006 
5007  for ( ; oc != NULL ; oc = oc->next) {
5008  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5009  packet->options, NULL,
5010  &global_scope, oc, MDL) ||
5011  (iaaddr.len < IAADDR_OFFSET)) {
5012  log_error("dhcpv6_confirm: "
5013  "error evaluating IAADDR.");
5014  goto exit;
5015  }
5016 
5017  /* Copy out the IPv6 address for processing. */
5018  cli_addr.len = 16;
5019  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5020 
5021  data_string_forget(&iaaddr, MDL);
5022 
5023  /* Record that we've processed at least one address. */
5024  has_addrs = ISC_TRUE;
5025 
5026  /* Find out if any subnets cover this address. */
5027  for (subnet = shared->subnets ; subnet != NULL ;
5028  subnet = subnet->next_sibling) {
5029  if (addr_eq(subnet_number(cli_addr,
5030  subnet->netmask),
5031  subnet->net))
5032  break;
5033  }
5034 
5035  /* If we reach the end of the subnet list, and no
5036  * subnet matches the client address, then it must
5037  * be inappropriate to the link (so far as our
5038  * configuration says). Once we've found one
5039  * inappropriate address, there is no reason to
5040  * continue searching.
5041  */
5042  if (subnet == NULL) {
5043  inappropriate = ISC_TRUE;
5044  break;
5045  }
5046  }
5047 
5048  option_state_dereference(&cli_enc_opt_state, MDL);
5049  data_string_forget(&cli_enc_opt_data, MDL);
5050 
5051  /* Advance to the next IA_*. */
5052  ia = ia->next;
5053  }
5054 
5055  /* If the client supplied no addresses, do not reply. */
5056  if (!has_addrs)
5057  goto exit;
5058 
5059  /*
5060  * Set up reply.
5061  */
5062  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5063  goto exit;
5064  }
5065 
5066  /*
5067  * Set our status.
5068  */
5069  if (inappropriate) {
5070  if (!set_status_code(STATUS_NotOnLink,
5071  "Some of the addresses are not on link.",
5072  opt_state)) {
5073  goto exit;
5074  }
5075  } else {
5076  if (!set_status_code(STATUS_Success,
5077  "All addresses still on link.",
5078  opt_state)) {
5079  goto exit;
5080  }
5081  }
5082 
5083  /*
5084  * Only one option: add it.
5085  */
5086  reply_ofs += store_options6(reply_data+reply_ofs,
5087  sizeof(reply_data)-reply_ofs,
5088  opt_state, packet,
5089  required_opts, &packet_oro);
5090 
5091  /*
5092  * Return our reply to the caller.
5093  */
5094  reply_ret->len = reply_ofs;
5095  reply_ret->buffer = NULL;
5096  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5097  log_fatal("No memory to store reply.");
5098  }
5099  reply_ret->data = reply_ret->buffer->data;
5100  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5101 
5102 exit:
5103  /* Cleanup any stale data strings. */
5104  if (cli_enc_opt_data.buffer != NULL)
5105  data_string_forget(&cli_enc_opt_data, MDL);
5106  if (iaaddr.buffer != NULL)
5107  data_string_forget(&iaaddr, MDL);
5108  if (client_id.buffer != NULL)
5109  data_string_forget(&client_id, MDL);
5110  if (packet_oro.buffer != NULL)
5111  data_string_forget(&packet_oro, MDL);
5112 
5113  /* Release any stale option states. */
5114  if (cli_enc_opt_state != NULL)
5115  option_state_dereference(&cli_enc_opt_state, MDL);
5116  if (opt_state != NULL)
5117  option_state_dereference(&opt_state, MDL);
5118 
5120 }
5121 
5122 /*
5123  * Renew is when a client wants to extend its lease/prefix, at time T1.
5124  *
5125  * We handle this the same as if the client wants a new lease/prefix,
5126  * except for the error code of when addresses don't match.
5127  */
5128 
5129 static void
5130 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5131  struct data_string client_id;
5132  struct data_string server_id;
5133 
5135 
5136  /*
5137  * Validate the request.
5138  */
5139  if (!valid_client_resp(packet, &client_id, &server_id)) {
5140  return;
5141  }
5142 
5143  /*
5144  * Renew our lease.
5145  */
5146  lease_to_client(reply, packet, &client_id, &server_id);
5147 
5148  /*
5149  * Cleanup.
5150  */
5151  data_string_forget(&server_id, MDL);
5152  data_string_forget(&client_id, MDL);
5153 
5155 }
5156 
5157 /*
5158  * Rebind is when a client wants to extend its lease, at time T2.
5159  *
5160  * We handle this the same as if the client wants a new lease, except
5161  * for the error code of when addresses don't match.
5162  */
5163 
5164 static void
5165 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5166  struct data_string client_id;
5167 
5169 
5170  if (!valid_client_msg(packet, &client_id)) {
5171  return;
5172  }
5173 
5174  lease_to_client(reply, packet, &client_id, NULL);
5175 
5176  data_string_forget(&client_id, MDL);
5177 
5179 }
5180 
5181 static void
5182 ia_na_match_decline(const struct data_string *client_id,
5183  const struct data_string *iaaddr,
5184  struct iasubopt *lease)
5185 {
5186  char tmp_addr[INET6_ADDRSTRLEN];
5187 
5188  log_error("Client %s reports address %s is "
5189  "already in use by another host!",
5190  print_hex_1(client_id->len, client_id->data, 60),
5191  inet_ntop(AF_INET6, iaaddr->data,
5192  tmp_addr, sizeof(tmp_addr)));
5193  if (lease != NULL) {
5194  decline_lease6(lease->ipv6_pool, lease);
5195  lease->ia->cltt = cur_time;
5196  write_ia(lease->ia);
5197  }
5198 }
5199 
5200 static void
5201 ia_na_nomatch_decline(const struct data_string *client_id,
5202  const struct data_string *iaaddr,
5203  u_int32_t *ia_na_id,
5204  struct packet *packet,
5205  char *reply_data,
5206  int *reply_ofs,
5207  int reply_len)
5208 {
5209  char tmp_addr[INET6_ADDRSTRLEN];
5210  struct option_state *host_opt_state;
5211  int len;
5212 
5213  log_info("Client %s declines address %s, which is not offered to it.",
5214  print_hex_1(client_id->len, client_id->data, 60),
5215  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5216 
5217  /*
5218  * Create state for this IA_NA.
5219  */
5220  host_opt_state = NULL;
5221  if (!option_state_allocate(&host_opt_state, MDL)) {
5222  log_error("ia_na_nomatch_decline: out of memory "
5223  "allocating option_state.");
5224  goto exit;
5225  }
5226 
5227  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5228  host_opt_state)) {
5229  goto exit;
5230  }
5231 
5232  /*
5233  * Insure we have enough space
5234  */
5235  if (reply_len < (*reply_ofs + 16)) {
5236  log_error("ia_na_nomatch_decline: "
5237  "out of space for reply packet.");
5238  goto exit;
5239  }
5240 
5241  /*
5242  * Put our status code into the reply packet.
5243  */
5244  len = store_options6(reply_data+(*reply_ofs)+16,
5245  reply_len-(*reply_ofs)-16,
5246  host_opt_state, packet,
5247  required_opts_STATUS_CODE, NULL);
5248 
5249  /*
5250  * Store the non-encapsulated option data for this
5251  * IA_NA into our reply packet. Defined in RFC 3315,
5252  * section 22.4.
5253  */
5254  /* option number */
5255  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5256  /* option length */
5257  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5258  /* IA_NA, copied from the client */
5259  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5260  /* t1 and t2, odd that we need them, but here it is */
5261  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5262  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5263 
5264  /*
5265  * Get ready for next IA_NA.
5266  */
5267  *reply_ofs += (len + 16);
5268 
5269 exit:
5270  option_state_dereference(&host_opt_state, MDL);
5271 }
5272 
5273 static void
5274 iterate_over_ia_na(struct data_string *reply_ret,
5275  struct packet *packet,
5276  const struct data_string *client_id,
5277  const struct data_string *server_id,
5278  const char *packet_type,
5279  void (*ia_na_match)(),
5280  void (*ia_na_nomatch)())
5281 {
5282  struct option_state *opt_state;
5283  struct host_decl *packet_host;
5284  struct option_cache *ia;
5285  struct option_cache *oc;
5286  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5287  struct data_string cli_enc_opt_data;
5288  struct option_state *cli_enc_opt_state;
5289  struct host_decl *host;
5290  struct option_state *host_opt_state;
5291  struct data_string iaaddr;
5292  struct data_string fixed_addr;
5293  char reply_data[65536];
5294  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5295  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5296  char status_msg[32];
5297  struct iasubopt *lease;
5298  struct ia_xx *existing_ia_na;
5299  int i;
5300  struct data_string key;
5301  u_int32_t iaid;
5302 
5303  /*
5304  * Initialize to empty values, in case we have to exit early.
5305  */
5306  opt_state = NULL;
5307  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5308  cli_enc_opt_state = NULL;
5309  memset(&iaaddr, 0, sizeof(iaaddr));
5310  memset(&fixed_addr, 0, sizeof(fixed_addr));
5311  host_opt_state = NULL;
5312  lease = NULL;
5313 
5314  /*
5315  * Find the host record that matches from the packet, if any.
5316  */
5317  packet_host = NULL;
5318  if (!find_hosts_by_uid(&packet_host,
5319  client_id->data, client_id->len, MDL)) {
5320  packet_host = NULL;
5321  /*
5322  * Note: In general, we don't expect a client to provide
5323  * enough information to match by option for these
5324  * types of messages, but if we don't have a UID
5325  * match we can check anyway.
5326  */
5327  if (!find_hosts_by_option(&packet_host,
5328  packet, packet->options, MDL)) {
5329  packet_host = NULL;
5330 
5331  if (!find_hosts_by_duid_chaddr(&packet_host,
5332  client_id))
5333  packet_host = NULL;
5334  }
5335  }
5336 
5337  /*
5338  * Set our reply information.
5339  */
5340  reply->msg_type = DHCPV6_REPLY;
5341  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5342  sizeof(reply->transaction_id));
5343 
5344  /*
5345  * Build our option state for reply.
5346  */
5347  opt_state = NULL;
5348  if (!option_state_allocate(&opt_state, MDL)) {
5349  log_error("iterate_over_ia_na: no memory for option_state.");
5350  goto exit;
5351  }
5352  execute_statements_in_scope(NULL, packet, NULL, NULL,
5353  packet->options, opt_state,
5354  &global_scope, root_group, NULL, NULL);
5355 
5356  /*
5357  * RFC 3315, section 18.2.7 tells us which options to include.
5358  */
5359  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5360  if (oc == NULL) {
5361  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5362  (unsigned char *)server_duid.data,
5363  server_duid.len, D6O_SERVERID, 0)) {
5364  log_error("iterate_over_ia_na: "
5365  "error saving server identifier.");
5366  goto exit;
5367  }
5368  }
5369 
5370  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5371  client_id->buffer,
5372  (unsigned char *)client_id->data,
5373  client_id->len,
5374  D6O_CLIENTID, 0)) {
5375  log_error("iterate_over_ia_na: "
5376  "error saving client identifier.");
5377  goto exit;
5378  }
5379 
5380  /* reject unicast message, unless we set unicast option */
5381  if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) {
5382  /*
5383  * RFC3315 section 18.2.6 (Release):
5384  *
5385  * When the server receives a Release message via unicast from a client
5386  * to which the server has not sent a unicast option, the server
5387  * discards the Release message and responds with a Reply message
5388  * containing a Status Code option with value UseMulticast, a Server
5389  * Identifier option containing the server's DUID, the Client Identifier
5390  * option from the client message, and no other options.
5391  *
5392  * Section 18.2.7 (Decline):
5393  *
5394  * When the server receives a Decline message via unicast from a client
5395  * to which the server has not sent a unicast option, the server
5396  * discards the Decline message and responds with a Reply message
5397  * containing a Status Code option with the value UseMulticast, a Server
5398  * Identifier option containing the server's DUID, the Client Identifier
5399  * option from the client message, and no other options.
5400  */
5401  snprintf(status_msg, sizeof(status_msg),
5402  "%s received unicast.", packet_type);
5403  if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) {
5404  goto exit;
5405  }
5406 
5407  /*
5408  * Produce an reply that includes only:
5409  *
5410  * Status code.
5411  * Server DUID.
5412  * Client DUID.
5413  */
5414  reply_ofs += store_options6(reply_data+reply_ofs,
5415  sizeof(reply_data)-reply_ofs,
5416  opt_state, packet,
5417  required_opts_NAA, NULL);
5418 
5419  goto return_reply;
5420  } else {
5421  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5422  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5423  goto exit;
5424  }
5425 
5426  /*
5427  * Add our options that are not associated with any IA_NA or IA_TA.
5428  */
5429  reply_ofs += store_options6(reply_data+reply_ofs,
5430  sizeof(reply_data)-reply_ofs,
5431  opt_state, packet,
5432  required_opts, NULL);
5433  }
5434 
5435  /*
5436  * Loop through the IA_NA reported by the client, and deal with
5437  * addresses reported as already in use.
5438  */
5439  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5440  ia != NULL; ia = ia->next) {
5441 
5442  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5443  &cli_enc_opt_data,
5444  packet, ia, IA_NA_OFFSET)) {
5445  goto exit;
5446  }
5447 
5448  iaid = getULong(cli_enc_opt_data.data);
5449 
5450  /*
5451  * XXX: It is possible that we can get multiple addresses
5452  * sent by the client. We don't send multiple
5453  * addresses, so this indicates a client error.
5454  * We should check for multiple IAADDR options, log
5455  * if found, and set as an error.
5456  */
5457  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5458  D6O_IAADDR);
5459  if (oc == NULL) {
5460  /* no address given for this IA, ignore */
5461  option_state_dereference(&cli_enc_opt_state, MDL);
5462  data_string_forget(&cli_enc_opt_data, MDL);
5463  continue;
5464  }
5465 
5466  memset(&iaaddr, 0, sizeof(iaaddr));
5467  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5468  packet->options, NULL,
5469  &global_scope, oc, MDL)) {
5470  log_error("iterate_over_ia_na: "
5471  "error evaluating IAADDR.");
5472  goto exit;
5473  }
5474 
5475  /*
5476  * Now we need to figure out which host record matches
5477  * this IA_NA and IAADDR (encapsulated option contents
5478  * matching a host record by option).
5479  *
5480  * XXX: We don't currently track IA_NA separately, but
5481  * we will need to do this!
5482  */
5483  host = NULL;
5484  if (!find_hosts_by_option(&host, packet,
5485  cli_enc_opt_state, MDL)) {
5486  if (packet_host != NULL) {
5487  host = packet_host;
5488  } else {
5489  host = NULL;
5490  }
5491  }
5492  while (host != NULL) {
5493  if (host->fixed_addr != NULL) {
5494  if (!evaluate_option_cache(&fixed_addr, NULL,
5495  NULL, NULL, NULL,
5496  NULL, &global_scope,
5497  host->fixed_addr,
5498  MDL)) {
5499  log_error("iterate_over_ia_na: error "
5500  "evaluating host address.");
5501  goto exit;
5502  }
5503  if ((iaaddr.len >= 16) &&
5504  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
5505  data_string_forget(&fixed_addr, MDL);
5506  break;
5507  }
5508  data_string_forget(&fixed_addr, MDL);
5509  }
5510  host = host->n_ipaddr;
5511  }
5512 
5513  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
5514  /*
5515  * Find existing IA_NA.
5516  */
5517  if (ia_make_key(&key, iaid,
5518  (char *)client_id->data,
5519  client_id->len,
5520  MDL) != ISC_R_SUCCESS) {
5521  log_fatal("iterate_over_ia_na: no memory for "
5522  "key.");
5523  }
5524 
5525  existing_ia_na = NULL;
5526  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
5527  (unsigned char *)key.data,
5528  key.len, MDL)) {
5529  /*
5530  * Make sure this address is in the IA_NA.
5531  */
5532  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
5533  struct iasubopt *tmp;
5534  struct in6_addr *in6_addr;
5535 
5536  tmp = existing_ia_na->iasubopt[i];
5537  in6_addr = &tmp->addr;
5538  if (memcmp(in6_addr,
5539  iaaddr.data, 16) == 0) {
5540  iasubopt_reference(&lease,
5541  tmp, MDL);
5542  break;
5543  }
5544  }
5545  }
5546 
5547  data_string_forget(&key, MDL);
5548  }
5549 
5550  if ((host != NULL) || (lease != NULL)) {
5551  ia_na_match(client_id, &iaaddr, lease);
5552  } else {
5553  ia_na_nomatch(client_id, &iaaddr,
5554  (u_int32_t *)cli_enc_opt_data.data,
5555  packet, reply_data, &reply_ofs,
5556  sizeof(reply_data));
5557  }
5558 
5559  if (lease != NULL) {
5560  iasubopt_dereference(&lease, MDL);
5561  }
5562 
5563  data_string_forget(&iaaddr, MDL);
5564  option_state_dereference(&cli_enc_opt_state, MDL);
5565  data_string_forget(&cli_enc_opt_data, MDL);
5566  }
5567 
5568  /*
5569  * Return our reply to the caller.
5570  */
5571 return_reply:
5572  reply_ret->len = reply_ofs;
5573  reply_ret->buffer = NULL;
5574  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5575  log_fatal("No memory to store reply.");
5576  }
5577  reply_ret->data = reply_ret->buffer->data;
5578  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5579 
5580 exit:
5581  if (lease != NULL) {
5582  iasubopt_dereference(&lease, MDL);
5583  }
5584  if (host_opt_state != NULL) {
5585  option_state_dereference(&host_opt_state, MDL);
5586  }
5587  if (fixed_addr.buffer != NULL) {
5588  data_string_forget(&fixed_addr, MDL);
5589  }
5590  if (iaaddr.buffer != NULL) {
5591  data_string_forget(&iaaddr, MDL);
5592  }
5593  if (cli_enc_opt_state != NULL) {
5594  option_state_dereference(&cli_enc_opt_state, MDL);
5595  }
5596  if (cli_enc_opt_data.buffer != NULL) {
5597  data_string_forget(&cli_enc_opt_data, MDL);
5598  }
5599  if (opt_state != NULL) {
5600  option_state_dereference(&opt_state, MDL);
5601  }
5602 }
5603 
5604 /*
5605  * Decline means a client has detected that something else is using an
5606  * address we gave it.
5607  *
5608  * Since we're only dealing with fixed leases for now, there's not
5609  * much we can do, other that log the occurrence.
5610  *
5611  * When we start issuing addresses from pools, then we will have to
5612  * record our declined addresses and issue another. In general with
5613  * IPv6 there is no worry about DoS by clients exhausting space, but
5614  * we still need to be aware of this possibility.
5615  */
5616 
5617 /* TODO: IA_TA */
5618 static void
5619 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
5620  struct data_string client_id;
5621  struct data_string server_id;
5622 
5624 
5625  /*
5626  * Validate our input.
5627  */
5628  if (!valid_client_resp(packet, &client_id, &server_id)) {
5629  return;
5630  }
5631 
5632  /*
5633  * Undefined for IA_PD.
5634  */
5636 
5637  /*
5638  * And operate on each IA_NA in this packet.
5639  */
5640  iterate_over_ia_na(reply, packet, &client_id, &server_id, "Decline",
5641  ia_na_match_decline, ia_na_nomatch_decline);
5642 
5643  data_string_forget(&server_id, MDL);
5644  data_string_forget(&client_id, MDL);
5645 
5647 }
5648 
5649 static void
5650 ia_na_match_release(const struct data_string *client_id,
5651  const struct data_string *iaaddr,
5652  struct iasubopt *lease)
5653 {
5654  char tmp_addr[INET6_ADDRSTRLEN];
5655 
5656  log_info("Client %s releases address %s",
5657  print_hex_1(client_id->len, client_id->data, 60),
5658  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5659  if (lease != NULL) {
5660  release_lease6(lease->ipv6_pool, lease);
5661  lease->ia->cltt = cur_time;
5662  write_ia(lease->ia);
5663  }
5664 }
5665 
5666 static void
5667 ia_na_nomatch_release(const struct data_string *client_id,
5668  const struct data_string *iaaddr,
5669  u_int32_t *ia_na_id,
5670  struct packet *packet,
5671  char *reply_data,
5672  int *reply_ofs,
5673  int reply_len)
5674 {
5675  char tmp_addr[INET6_ADDRSTRLEN];
5676  struct option_state *host_opt_state;
5677  int len;
5678 
5679  log_info("Client %s releases address %s, which is not leased to it.",
5680  print_hex_1(client_id->len, client_id->data, 60),
5681  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5682 
5683  /*
5684  * Create state for this IA_NA.
5685  */
5686  host_opt_state = NULL;
5687  if (!option_state_allocate(&host_opt_state, MDL)) {
5688  log_error("ia_na_nomatch_release: out of memory "
5689  "allocating option_state.");
5690  goto exit;
5691  }
5692 
5693  if (!set_status_code(STATUS_NoBinding,
5694  "Release for non-leased address.",
5695  host_opt_state)) {
5696  goto exit;
5697  }
5698 
5699  /*
5700  * Insure we have enough space
5701  */
5702  if (reply_len < (*reply_ofs + 16)) {
5703  log_error("ia_na_nomatch_release: "
5704  "out of space for reply packet.");
5705  goto exit;
5706  }
5707 
5708  /*
5709  * Put our status code into the reply packet.
5710  */
5711  len = store_options6(reply_data+(*reply_ofs)+16,
5712  reply_len-(*reply_ofs)-16,
5713  host_opt_state, packet,
5714  required_opts_STATUS_CODE, NULL);
5715 
5716  /*
5717  * Store the non-encapsulated option data for this
5718  * IA_NA into our reply packet. Defined in RFC 3315,
5719  * section 22.4.
5720  */
5721  /* option number */
5722  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5723  /* option length */
5724  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5725  /* IA_NA, copied from the client */
5726  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5727  /* t1 and t2, odd that we need them, but here it is */
5728  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5729  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5730 
5731  /*
5732  * Get ready for next IA_NA.
5733  */
5734  *reply_ofs += (len + 16);
5735 
5736 exit:
5737  option_state_dereference(&host_opt_state, MDL);
5738 }
5739 
5740 static void
5741 ia_pd_match_release(const struct data_string *client_id,
5742  const struct data_string *iapref,
5743  struct iasubopt *prefix)
5744 {
5745  char tmp_addr[INET6_ADDRSTRLEN];
5746 
5747  log_info("Client %s releases prefix %s/%u",
5748  print_hex_1(client_id->len, client_id->data, 60),
5749  inet_ntop(AF_INET6, iapref->data + 9,
5750  tmp_addr, sizeof(tmp_addr)),
5751  (unsigned) getUChar(iapref->data + 8));
5752  if (prefix != NULL) {
5753  release_lease6(prefix->ipv6_pool, prefix);
5754  prefix->ia->cltt = cur_time;
5755  write_ia(prefix->ia);
5756  }
5757 }
5758 
5759 static void
5760 ia_pd_nomatch_release(const struct data_string *client_id,
5761  const struct data_string *iapref,
5762  u_int32_t *ia_pd_id,
5763  struct packet *packet,
5764  char *reply_data,
5765  int *reply_ofs,
5766  int reply_len)
5767 {
5768  char tmp_addr[INET6_ADDRSTRLEN];
5769  struct option_state *host_opt_state;
5770  int len;
5771 
5772  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
5773  print_hex_1(client_id->len, client_id->data, 60),
5774  inet_ntop(AF_INET6, iapref->data + 9,
5775  tmp_addr, sizeof(tmp_addr)),
5776  (unsigned) getUChar(iapref->data + 8));
5777 
5778  /*
5779  * Create state for this IA_PD.
5780  */
5781  host_opt_state = NULL;
5782  if (!option_state_allocate(&host_opt_state, MDL)) {
5783  log_error("ia_pd_nomatch_release: out of memory "
5784  "allocating option_state.");
5785  goto exit;
5786  }
5787 
5788  if (!set_status_code(STATUS_NoBinding,
5789  "Release for non-leased prefix.",
5790  host_opt_state)) {
5791  goto exit;
5792  }
5793 
5794  /*
5795  * Insure we have enough space
5796  */
5797  if (reply_len < (*reply_ofs + 16)) {
5798  log_error("ia_pd_nomatch_release: "
5799  "out of space for reply packet.");
5800  goto exit;
5801  }
5802 
5803  /*
5804  * Put our status code into the reply packet.
5805  */
5806  len = store_options6(reply_data+(*reply_ofs)+16,
5807  reply_len-(*reply_ofs)-16,
5808  host_opt_state, packet,
5809  required_opts_STATUS_CODE, NULL);
5810 
5811  /*
5812  * Store the non-encapsulated option data for this
5813  * IA_PD into our reply packet. Defined in RFC 3315,
5814  * section 22.4.
5815  */
5816  /* option number */
5817  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
5818  /* option length */
5819  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5820  /* IA_PD, copied from the client */
5821  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
5822  /* t1 and t2, odd that we need them, but here it is */
5823  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5824  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5825 
5826  /*
5827  * Get ready for next IA_PD.
5828  */
5829  *reply_ofs += (len + 16);
5830 
5831 exit:
5832  option_state_dereference(&host_opt_state, MDL);
5833 }
5834 
5835 static void
5836 iterate_over_ia_pd(struct data_string *reply_ret,
5837  struct packet *packet,
5838  const struct data_string *client_id,
5839  const struct data_string *server_id,
5840  const char *packet_type,
5841  void (*ia_pd_match)(),
5842  void (*ia_pd_nomatch)())
5843 {
5844  struct data_string reply_new;
5845  int reply_len;
5846  struct option_state *opt_state;
5847  struct host_decl *packet_host;
5848  struct option_cache *ia;
5849  struct option_cache *oc;
5850  /* cli_enc_... variables come from the IA_PD options */
5851  struct data_string cli_enc_opt_data;
5852  struct option_state *cli_enc_opt_state;
5853  struct host_decl *host;
5854  struct option_state *host_opt_state;
5855  struct data_string iaprefix;
5856  char reply_data[65536];
5857  int reply_ofs;
5858  struct iasubopt *prefix;
5859  struct ia_xx *existing_ia_pd;
5860  int i;
5861  struct data_string key;
5862  u_int32_t iaid;
5863 
5864  /*
5865  * Initialize to empty values, in case we have to exit early.
5866  */
5867  memset(&reply_new, 0, sizeof(reply_new));
5868  opt_state = NULL;
5869  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5870  cli_enc_opt_state = NULL;
5871  memset(&iaprefix, 0, sizeof(iaprefix));
5872  host_opt_state = NULL;
5873  prefix = NULL;
5874 
5875  /*
5876  * Compute the available length for the reply.
5877  */
5878  reply_len = sizeof(reply_data) - reply_ret->len;
5879  reply_ofs = 0;
5880 
5881  /*
5882  * Find the host record that matches from the packet, if any.
5883  */
5884  packet_host = NULL;
5885  if (!find_hosts_by_uid(&packet_host,
5886  client_id->data, client_id->len, MDL)) {
5887  packet_host = NULL;
5888  /*
5889  * Note: In general, we don't expect a client to provide
5890  * enough information to match by option for these
5891  * types of messages, but if we don't have a UID
5892  * match we can check anyway.
5893  */
5894  if (!find_hosts_by_option(&packet_host,
5895  packet, packet->options, MDL)) {
5896  packet_host = NULL;
5897 
5898  if (!find_hosts_by_duid_chaddr(&packet_host,
5899  client_id))
5900  packet_host = NULL;
5901  }
5902  }
5903 
5904  /*
5905  * Build our option state for reply.
5906  */
5907  opt_state = NULL;
5908  if (!option_state_allocate(&opt_state, MDL)) {
5909  log_error("iterate_over_ia_pd: no memory for option_state.");
5910  goto exit;
5911  }
5912  execute_statements_in_scope(NULL, packet, NULL, NULL,
5913  packet->options, opt_state,
5914  &global_scope, root_group, NULL, NULL);
5915 
5916  /*
5917  * Loop through the IA_PD reported by the client, and deal with
5918  * prefixes reported as already in use.
5919  */
5920  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
5921  ia != NULL; ia = ia->next) {
5922 
5923  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5924  &cli_enc_opt_data,
5925  packet, ia, IA_PD_OFFSET)) {
5926  goto exit;
5927  }
5928 
5929  iaid = getULong(cli_enc_opt_data.data);
5930 
5931  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5932  D6O_IAPREFIX);
5933  if (oc == NULL) {
5934  /* no prefix given for this IA_PD, ignore */
5935  option_state_dereference(&cli_enc_opt_state, MDL);
5936  data_string_forget(&cli_enc_opt_data, MDL);
5937  continue;
5938  }
5939 
5940  for (; oc != NULL; oc = oc->next) {
5941  memset(&iaprefix, 0, sizeof(iaprefix));
5942  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
5943  packet->options, NULL,
5944  &global_scope, oc, MDL)) {
5945  log_error("iterate_over_ia_pd: "
5946  "error evaluating IAPREFIX.");
5947  goto exit;
5948  }
5949 
5950  /*
5951  * Now we need to figure out which host record matches
5952  * this IA_PD and IAPREFIX (encapsulated option contents
5953  * matching a host record by option).
5954  *
5955  * XXX: We don't currently track IA_PD separately, but
5956  * we will need to do this!
5957  */
5958  host = NULL;
5959  if (!find_hosts_by_option(&host, packet,
5960  cli_enc_opt_state, MDL)) {
5961  if (packet_host != NULL) {
5962  host = packet_host;
5963  } else {
5964  host = NULL;
5965  }
5966  }
5967  while (host != NULL) {
5968  if (host->fixed_prefix != NULL) {
5969  struct iaddrcidrnetlist *l;
5970  int plen = (int) getUChar(iaprefix.data + 8);
5971 
5972  for (l = host->fixed_prefix; l != NULL;
5973  l = l->next) {
5974  if (plen != l->cidrnet.bits)
5975  continue;
5976  if (memcmp(iaprefix.data + 9,
5977  l->cidrnet.lo_addr.iabuf,
5978  16) == 0)
5979  break;
5980  }
5981  if ((l != NULL) && (iaprefix.len >= 17))
5982  break;
5983  }
5984  host = host->n_ipaddr;
5985  }
5986 
5987  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
5988  /*
5989  * Find existing IA_PD.
5990  */
5991  if (ia_make_key(&key, iaid,
5992  (char *)client_id->data,
5993  client_id->len,
5994  MDL) != ISC_R_SUCCESS) {
5995  log_fatal("iterate_over_ia_pd: no memory for "
5996  "key.");
5997  }
5998 
5999  existing_ia_pd = NULL;
6000  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6001  (unsigned char *)key.data,
6002  key.len, MDL)) {
6003  /*
6004  * Make sure this prefix is in the IA_PD.
6005  */
6006  for (i = 0;
6007  i < existing_ia_pd->num_iasubopt;
6008  i++) {
6009  struct iasubopt *tmp;
6010  u_int8_t plen;
6011 
6012  plen = getUChar(iaprefix.data + 8);
6013  tmp = existing_ia_pd->iasubopt[i];
6014  if ((tmp->plen == plen) &&
6015  (memcmp(&tmp->addr,
6016  iaprefix.data + 9,
6017  16) == 0)) {
6018  iasubopt_reference(&prefix,
6019  tmp, MDL);
6020  break;
6021  }
6022  }
6023  }
6024 
6025  data_string_forget(&key, MDL);
6026  }
6027 
6028  if ((host != NULL) || (prefix != NULL)) {
6029  ia_pd_match(client_id, &iaprefix, prefix);
6030  } else {
6031  ia_pd_nomatch(client_id, &iaprefix,
6032  (u_int32_t *)cli_enc_opt_data.data,
6033  packet, reply_data, &reply_ofs,
6034  reply_len - reply_ofs);
6035  }
6036 
6037  if (prefix != NULL) {
6038  iasubopt_dereference(&prefix, MDL);
6039  }
6040 
6041  data_string_forget(&iaprefix, MDL);
6042  }
6043 
6044  option_state_dereference(&cli_enc_opt_state, MDL);
6045  data_string_forget(&cli_enc_opt_data, MDL);
6046  }
6047 
6048  /*
6049  * Return our reply to the caller.
6050  * The IA_NA routine has already filled at least the header.
6051  */
6052  reply_new.len = reply_ret->len + reply_ofs;
6053  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6054  log_fatal("No memory to store reply.");
6055  }
6056  reply_new.data = reply_new.buffer->data;
6057  memcpy(reply_new.buffer->data,
6058  reply_ret->buffer->data, reply_ret->len);
6059  memcpy(reply_new.buffer->data + reply_ret->len,
6060  reply_data, reply_ofs);
6061  data_string_forget(reply_ret, MDL);
6062  data_string_copy(reply_ret, &reply_new, MDL);
6063  data_string_forget(&reply_new, MDL);
6064 
6065 exit:
6066  if (prefix != NULL) {
6067  iasubopt_dereference(&prefix, MDL);
6068  }
6069  if (host_opt_state != NULL) {
6070  option_state_dereference(&host_opt_state, MDL);
6071  }
6072  if (iaprefix.buffer != NULL) {
6073  data_string_forget(&iaprefix, MDL);
6074  }
6075  if (cli_enc_opt_state != NULL) {
6076  option_state_dereference(&cli_enc_opt_state, MDL);
6077  }
6078  if (cli_enc_opt_data.buffer != NULL) {
6079  data_string_forget(&cli_enc_opt_data, MDL);
6080  }
6081  if (opt_state != NULL) {
6082  option_state_dereference(&opt_state, MDL);
6083  }
6084 }
6085 
6086 /*
6087  * Release means a client is done with the leases.
6088  */
6089 
6090 static void
6091 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6092  struct data_string client_id;
6093  struct data_string server_id;
6094 
6096 
6097  /*
6098  * Validate our input.
6099  */
6100  if (!valid_client_resp(packet, &client_id, &server_id)) {
6101  return;
6102  }
6103 
6104  /*
6105  * And operate on each IA_NA in this packet.
6106  */
6107  iterate_over_ia_na(reply, packet, &client_id, &server_id, "Release",
6108  ia_na_match_release, ia_na_nomatch_release);
6109 
6110  /*
6111  * And operate on each IA_PD in this packet.
6112  */
6113  iterate_over_ia_pd(reply, packet, &client_id, &server_id, "Release",
6114  ia_pd_match_release, ia_pd_nomatch_release);
6115 
6116  data_string_forget(&server_id, MDL);
6117  data_string_forget(&client_id, MDL);
6118 
6120 }
6121 
6122 /*
6123  * Information-Request is used by clients who have obtained an address
6124  * from other means, but want configuration information from the server.
6125  */
6126 
6127 static void
6128 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6129  struct data_string client_id;
6130  struct data_string server_id;
6131 
6133 
6134  /*
6135  * Validate our input.
6136  */
6137  if (!valid_client_info_req(packet, &server_id)) {
6138  return;
6139  }
6140 
6141  /*
6142  * Get our client ID, if there is one.
6143  */
6144  memset(&client_id, 0, sizeof(client_id));
6145  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6146  data_string_forget(&client_id, MDL);
6147  }
6148 
6149  /*
6150  * Use the lease_to_client() function. This will work fine,
6151  * because the valid_client_info_req() insures that we
6152  * don't have any IA that would cause us to allocate
6153  * resources to the client.
6154  */
6155  lease_to_client(reply, packet, &client_id,
6156  server_id.data != NULL ? &server_id : NULL);
6157 
6158  /*
6159  * Cleanup.
6160  */
6161  if (client_id.data != NULL) {
6162  data_string_forget(&client_id, MDL);
6163  }
6164  data_string_forget(&server_id, MDL);
6165 
6167 }
6168 
6169 /*
6170  * The Relay-forw message is sent by relays. It typically contains a
6171  * single option, which encapsulates an entire packet.
6172  *
6173  * We need to build an encapsulated reply.
6174  */
6175 
6176 /* XXX: this is very, very similar to do_packet6(), and should probably
6177  be combined in a clever way */
6178 static void
6179 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6180  struct option_cache *oc;
6181  struct data_string enc_opt_data;
6182  struct packet *enc_packet;
6183  unsigned char msg_type;
6184  const struct dhcpv6_packet *msg;
6185  const struct dhcpv6_relay_packet *relay;
6186  struct data_string enc_reply;
6187  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6188  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6189  struct data_string a_opt, packet_ero;
6190  struct option_state *opt_state;
6191  static char reply_data[65536];
6192  struct dhcpv6_relay_packet *reply;
6193  int reply_ofs;
6194 
6196 
6197  /*
6198  * Initialize variables for early exit.
6199  */
6200  opt_state = NULL;
6201  memset(&a_opt, 0, sizeof(a_opt));
6202  memset(&packet_ero, 0, sizeof(packet_ero));
6203  memset(&enc_reply, 0, sizeof(enc_reply));
6204  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6205  enc_packet = NULL;
6206 
6207  /*
6208  * Get our encapsulated relay message.
6209  */
6211  if (oc == NULL) {
6212  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6213  link_addr, sizeof(link_addr));
6214  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6215  peer_addr, sizeof(peer_addr));
6216  log_info("Relay-forward from %s with link address=%s and "
6217  "peer address=%s missing Relay Message option.",
6218  piaddr(packet->client_addr), link_addr, peer_addr);
6219  goto exit;
6220  }
6221 
6222  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6223  NULL, NULL, &global_scope, oc, MDL)) {
6224  log_error("dhcpv6_forw_relay: error evaluating "
6225  "relayed message.");
6226  goto exit;
6227  }
6228 
6229  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6230  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6231  goto exit;
6232  }
6233 
6234  /*
6235  * Build a packet structure from this encapsulated packet.
6236  */
6237  enc_packet = NULL;
6238  if (!packet_allocate(&enc_packet, MDL)) {
6239  log_error("dhcpv6_forw_relay: "
6240  "no memory for encapsulated packet.");
6241  goto exit;
6242  }
6243 
6244  if (!option_state_allocate(&enc_packet->options, MDL)) {
6245  log_error("dhcpv6_forw_relay: "
6246  "no memory for encapsulated packet's options.");
6247  goto exit;
6248  }
6249 
6250  enc_packet->client_port = packet->client_port;
6251  enc_packet->client_addr = packet->client_addr;
6252  interface_reference(&enc_packet->interface, packet->interface, MDL);
6253  enc_packet->dhcpv6_container_packet = packet;
6254 
6255  msg_type = enc_opt_data.data[0];
6256  if ((msg_type == DHCPV6_RELAY_FORW) ||
6257  (msg_type == DHCPV6_RELAY_REPL)) {
6258  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6259  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6260  enc_packet->dhcpv6_msg_type = relay->msg_type;
6261 
6262  /* relay-specific data */
6263  enc_packet->dhcpv6_hop_count = relay->hop_count;
6264  memcpy(&enc_packet->dhcpv6_link_address,
6265  relay->link_address, sizeof(relay->link_address));
6266  memcpy(&enc_packet->dhcpv6_peer_address,
6267  relay->peer_address, sizeof(relay->peer_address));
6268 
6269  if (!parse_option_buffer(enc_packet->options,
6270  relay->options,
6271  enc_opt_data.len - relaylen,
6272  &dhcpv6_universe)) {
6273  /* no logging here, as parse_option_buffer() logs all
6274  cases where it fails */
6275  goto exit;
6276  }
6277  } else {
6278  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6279  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6280  enc_packet->dhcpv6_msg_type = msg->msg_type;
6281 
6282  /* message-specific data */
6283  memcpy(enc_packet->dhcpv6_transaction_id,
6284  msg->transaction_id,
6285  sizeof(enc_packet->dhcpv6_transaction_id));
6286 
6287  if (!parse_option_buffer(enc_packet->options,
6288  msg->options,
6289  enc_opt_data.len - msglen,
6290  &dhcpv6_universe)) {
6291  /* no logging here, as parse_option_buffer() logs all
6292  cases where it fails */
6293  goto exit;
6294  }
6295  }
6296 
6297  /*
6298  * This is recursive. It is possible to exceed maximum packet size.
6299  * XXX: This will cause the packet send to fail.
6300  */
6301  build_dhcpv6_reply(&enc_reply, enc_packet);
6302 
6303  /*
6304  * If we got no encapsulated data, then it is discarded, and
6305  * our reply-forw is also discarded.
6306  */
6307  if (enc_reply.data == NULL) {
6308  goto exit;
6309  }
6310 
6311  /*
6312  * Now we can use the reply_data buffer.
6313  * Packet header stuff all comes from the forward message.
6314  */
6315  reply = (struct dhcpv6_relay_packet *)reply_data;
6316  reply->msg_type = DHCPV6_RELAY_REPL;
6317  reply->hop_count = packet->dhcpv6_hop_count;
6318  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6319  sizeof(reply->link_address));
6320  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6321  sizeof(reply->peer_address));
6322  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6323 
6324  /*
6325  * Get the reply option state.
6326  */
6327  opt_state = NULL;
6328  if (!option_state_allocate(&opt_state, MDL)) {
6329  log_error("dhcpv6_relay_forw: no memory for option state.");
6330  goto exit;
6331  }
6332 
6333  /*
6334  * Append the interface-id if present.
6335  */
6336  oc = lookup_option(&dhcpv6_universe, packet->options,
6338  if (oc != NULL) {
6339  if (!evaluate_option_cache(&a_opt, packet,
6340  NULL, NULL,
6341  packet->options, NULL,
6342  &global_scope, oc, MDL)) {
6343  log_error("dhcpv6_relay_forw: error evaluating "
6344  "Interface ID.");
6345  goto exit;
6346  }
6347  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6348  (unsigned char *)a_opt.data,
6349  a_opt.len,
6350  D6O_INTERFACE_ID, 0)) {
6351  log_error("dhcpv6_relay_forw: error saving "
6352  "Interface ID.");
6353  goto exit;
6354  }
6355  data_string_forget(&a_opt, MDL);
6356  }
6357 
6358  /*
6359  * Append our encapsulated stuff for caller.
6360  */
6361  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6362  (unsigned char *)enc_reply.data,
6363  enc_reply.len,
6364  D6O_RELAY_MSG, 0)) {
6365  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6366  goto exit;
6367  }
6368 
6369  /*
6370  * Get the ERO if any.
6371  */
6372  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6373  if (oc != NULL) {
6374  unsigned req;
6375  int i;
6376 
6377  if (!evaluate_option_cache(&packet_ero, packet,
6378  NULL, NULL,
6379  packet->options, NULL,
6380  &global_scope, oc, MDL) ||
6381  (packet_ero.len & 1)) {
6382  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6383  goto exit;
6384  }
6385 
6386  /* Decode and apply the ERO. */
6387  for (i = 0; i < packet_ero.len; i += 2) {
6388  req = getUShort(packet_ero.data + i);
6389  /* Already in the reply? */
6390  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6391  if (oc != NULL)
6392  continue;
6393  /* Get it from the packet if present. */
6395  packet->options,
6396  req);
6397  if (oc == NULL)
6398  continue;
6399  if (!evaluate_option_cache(&a_opt, packet,
6400  NULL, NULL,
6401  packet->options, NULL,
6402  &global_scope, oc, MDL)) {
6403  log_error("dhcpv6_relay_forw: error "
6404  "evaluating option %u.", req);
6405  goto exit;
6406  }
6408  opt_state,
6409  NULL,
6410  (unsigned char *)a_opt.data,
6411  a_opt.len,
6412  req,
6413  0)) {
6414  log_error("dhcpv6_relay_forw: error saving "
6415  "option %u.", req);
6416  goto exit;
6417  }
6418  data_string_forget(&a_opt, MDL);
6419  }
6420  }
6421 
6422  reply_ofs += store_options6(reply_data + reply_ofs,
6423  sizeof(reply_data) - reply_ofs,
6424  opt_state, packet,
6425  required_opts_agent, &packet_ero);
6426 
6427  /*
6428  * Return our reply to the caller.
6429  */
6430  reply_ret->len = reply_ofs;
6431  reply_ret->buffer = NULL;
6432  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6433  log_fatal("No memory to store reply.");
6434  }
6435  reply_ret->data = reply_ret->buffer->data;
6436  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6437 
6438 exit:
6439  if (opt_state != NULL)
6440  option_state_dereference(&opt_state, MDL);
6441  if (a_opt.data != NULL) {
6442  data_string_forget(&a_opt, MDL);
6443  }
6444  if (packet_ero.data != NULL) {
6445  data_string_forget(&packet_ero, MDL);
6446  }
6447  if (enc_reply.data != NULL) {
6448  data_string_forget(&enc_reply, MDL);
6449  }
6450  if (enc_opt_data.data != NULL) {
6451  data_string_forget(&enc_opt_data, MDL);
6452  }
6453  if (enc_packet != NULL) {
6454  packet_dereference(&enc_packet, MDL);
6455  }
6456 
6458 }
6459 
6460 static void
6461 dhcpv6_discard(struct packet *packet) {
6462  /* INSIST(packet->msg_type > 0); */
6463  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
6464 
6465  log_debug("Discarding %s from %s; message type not handled by server",
6467  piaddr(packet->client_addr));
6468 }
6469 
6470 static void
6471 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
6472  memset(reply, 0, sizeof(*reply));
6473 
6474  /* I would like to classify the client once here, but
6475  * as I don't want to classify all of the incoming packets
6476  * I need to do it before handling specific types.
6477  * We don't need to classify if we are tossing the packet
6478  * or if it is a relay - the classification step will get
6479  * done when we process the inner client packet.
6480  */
6481 
6482  switch (packet->dhcpv6_msg_type) {
6483  case DHCPV6_SOLICIT:
6484  classify_client(packet);
6485  dhcpv6_solicit(reply, packet);
6486  break;
6487  case DHCPV6_ADVERTISE:
6488  dhcpv6_discard(packet);
6489  break;
6490  case DHCPV6_REQUEST:
6491  classify_client(packet);
6492  dhcpv6_request(reply, packet);
6493  break;
6494  case DHCPV6_CONFIRM:
6495  classify_client(packet);
6496  dhcpv6_confirm(reply, packet);
6497  break;
6498  case DHCPV6_RENEW:
6499  classify_client(packet);
6500  dhcpv6_renew(reply, packet);
6501  break;
6502  case DHCPV6_REBIND:
6503  classify_client(packet);
6504  dhcpv6_rebind(reply, packet);
6505  break;
6506  case DHCPV6_REPLY:
6507  dhcpv6_discard(packet);
6508  break;
6509  case DHCPV6_RELEASE:
6510  classify_client(packet);
6511  dhcpv6_release(reply, packet);
6512  break;
6513  case DHCPV6_DECLINE:
6514  classify_client(packet);
6515  dhcpv6_decline(reply, packet);
6516  break;
6517  case DHCPV6_RECONFIGURE:
6518  dhcpv6_discard(packet);
6519  break;
6521  classify_client(packet);
6522  dhcpv6_information_request(reply, packet);
6523  break;
6524  case DHCPV6_RELAY_FORW:
6525  dhcpv6_relay_forw(reply, packet);
6526  break;
6527  case DHCPV6_RELAY_REPL:
6528  dhcpv6_discard(packet);
6529  break;
6530  case DHCPV6_LEASEQUERY:
6531  classify_client(packet);
6532  dhcpv6_leasequery(reply, packet);
6533  break;
6535  dhcpv6_discard(packet);
6536  break;
6537  default:
6538  /* XXX: would be nice if we had "notice" level,
6539  as syslog, for this */
6540  log_info("Discarding unknown DHCPv6 message type %d "
6541  "from %s", packet->dhcpv6_msg_type,
6542  piaddr(packet->client_addr));
6543  }
6544 }
6545 
6546 static void
6547 log_packet_in(const struct packet *packet) {
6548  struct data_string s;
6549  u_int32_t tid;
6550  char tmp_addr[INET6_ADDRSTRLEN];
6551  const void *addr;
6552 
6553  memset(&s, 0, sizeof(s));
6554 
6555  if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
6556  data_string_sprintfa(&s, "%s message from %s port %d",
6558  piaddr(packet->client_addr),
6559  ntohs(packet->client_port));
6560  } else {
6562  "Unknown message type %d from %s port %d",
6563  packet->dhcpv6_msg_type,
6564  piaddr(packet->client_addr),
6565  ntohs(packet->client_port));
6566  }
6567  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6568  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6569  addr = &packet->dhcpv6_link_address;
6570  data_string_sprintfa(&s, ", link address %s",
6571  inet_ntop(AF_INET6, addr,
6572  tmp_addr, sizeof(tmp_addr)));
6573  addr = &packet->dhcpv6_peer_address;
6574  data_string_sprintfa(&s, ", peer address %s",
6575  inet_ntop(AF_INET6, addr,
6576  tmp_addr, sizeof(tmp_addr)));
6577  } else {
6578  tid = 0;
6579  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
6580  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
6581 
6582 /*
6583  oc = lookup_option(&dhcpv6_universe, packet->options,
6584  D6O_CLIENTID);
6585  if (oc != NULL) {
6586  memset(&tmp_ds, 0, sizeof(tmp_ds_));
6587  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
6588  packet->options, NULL,
6589  &global_scope, oc, MDL)) {
6590  log_error("Error evaluating Client Identifier");
6591  } else {
6592  data_strint_sprintf(&s, ", client ID %s",
6593 
6594  data_string_forget(&tmp_ds, MDL);
6595  }
6596  }
6597 */
6598 
6599  }
6600  log_info("%s", s.data);
6601 
6602  data_string_forget(&s, MDL);
6603 }
6604 
6605 void
6606 dhcpv6(struct packet *packet) {
6607  struct data_string reply;
6608  struct sockaddr_in6 to_addr;
6609  int send_ret;
6610 
6611  /*
6612  * Log a message that we received this packet.
6613  */
6614  log_packet_in(packet);
6615 
6616  /*
6617  * Build our reply packet.
6618  */
6619  build_dhcpv6_reply(&reply, packet);
6620 
6621  if (reply.data != NULL) {
6622  /*
6623  * Send our reply, if we have one.
6624  */
6625  memset(&to_addr, 0, sizeof(to_addr));
6626  to_addr.sin6_family = AF_INET6;
6627  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6628  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6629  to_addr.sin6_port = local_port;
6630  } else {
6631  to_addr.sin6_port = remote_port;
6632  }
6633 
6634 #if defined (REPLY_TO_SOURCE_PORT)
6635  /*
6636  * This appears to have been included for testing so we would
6637  * not need a root client, but was accidently left in the
6638  * final code. We continue to include it in case
6639  * some users have come to rely upon it, but leave
6640  * it off by default as it's a bad idea.
6641  */
6642  to_addr.sin6_port = packet->client_port;
6643 #endif
6644 
6645  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
6646  sizeof(to_addr.sin6_addr));
6647 
6648  log_info("Sending %s to %s port %d",
6649  dhcpv6_type_names[reply.data[0]],
6650  piaddr(packet->client_addr),
6651  ntohs(to_addr.sin6_port));
6652 
6653  send_ret = send_packet6(packet->interface,
6654  reply.data, reply.len, &to_addr);
6655  if (send_ret != reply.len) {
6656  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
6657  send_ret, reply.len);
6658  }
6659  data_string_forget(&reply, MDL);
6660  }
6661 }
6662 
6663 static void
6664 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
6665  struct host_decl *nofixed = NULL;
6666  struct host_decl *seek, *hold = NULL;
6667 
6668  /*
6669  * Seek forward through fixed addresses for the right link.
6670  *
6671  * Note: how to do this for fixed prefixes???
6672  */
6673  host_reference(&hold, *hp, MDL);
6674  host_dereference(hp, MDL);
6675  seek = hold;
6676  while (seek != NULL) {
6677  if (seek->fixed_addr == NULL)
6678  nofixed = seek;
6679  else if (fixed_matches_shared(seek, shared))
6680  break;
6681 
6682  seek = seek->n_ipaddr;
6683  }
6684 
6685  if ((seek == NULL) && (nofixed != NULL))
6686  seek = nofixed;
6687 
6688  if (seek != NULL)
6689  host_reference(hp, seek, MDL);
6690 }
6691 
6692 static isc_boolean_t
6693 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
6694  struct subnet *subnet;
6695  struct data_string addr;
6696  isc_boolean_t matched;
6697  struct iaddr fixed;
6698 
6699  if (host->fixed_addr == NULL)
6700  return ISC_FALSE;
6701 
6702  memset(&addr, 0, sizeof(addr));
6703  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
6704  &global_scope, host->fixed_addr, MDL))
6705  return ISC_FALSE;
6706 
6707  if (addr.len < 16) {
6708  data_string_forget(&addr, MDL);
6709  return ISC_FALSE;
6710  }
6711 
6712  fixed.len = 16;
6713  memcpy(fixed.iabuf, addr.data, 16);
6714 
6715  matched = ISC_FALSE;
6716  for (subnet = shared->subnets ; subnet != NULL ;
6717  subnet = subnet->next_sibling) {
6718  if (addr_eq(subnet_number(fixed, subnet->netmask),
6719  subnet->net)) {
6720  matched = ISC_TRUE;
6721  break;
6722  }
6723  }
6724 
6725  data_string_forget(&addr, MDL);
6726  return matched;
6727 }
6728 
6729 /*
6730  * find_host_by_duid_chaddr() synthesizes a DHCPv4-like 'hardware'
6731  * parameter from a DHCPv6 supplied DUID (client-identifier option),
6732  * and may seek to use client or relay supplied hardware addresses.
6733  */
6734 static int
6735 find_hosts_by_duid_chaddr(struct host_decl **host,
6736  const struct data_string *client_id) {
6737  static int once_htype;
6738  int htype, hlen;
6739  const unsigned char *chaddr;
6740 
6741  /*
6742  * The DUID-LL and DUID-LLT must have a 2-byte DUID type and 2-byte
6743  * htype.
6744  */
6745  if (client_id->len < 4)
6746  return 0;
6747 
6748  /*
6749  * The third and fourth octets of the DUID-LL and DUID-LLT
6750  * is the hardware type, but in 16 bits.
6751  */
6752  htype = getUShort(client_id->data + 2);
6753  hlen = 0;
6754  chaddr = NULL;
6755 
6756  /* The first two octets of the DUID identify the type. */
6757  switch(getUShort(client_id->data)) {
6758  case DUID_LLT:
6759  if (client_id->len > 8) {
6760  hlen = client_id->len - 8;
6761  chaddr = client_id->data + 8;
6762  }
6763  break;
6764 
6765  case DUID_LL:
6766  /*
6767  * Note that client_id->len must be greater than or equal
6768  * to four to get to this point in the function.
6769  */
6770  hlen = client_id->len - 4;
6771  chaddr = client_id->data + 4;
6772  break;
6773 
6774  default:
6775  break;
6776  }
6777 
6778  if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN))
6779  return 0;
6780 
6781  /*
6782  * XXX: DHCPv6 gives a 16-bit field for the htype. DHCPv4 gives an
6783  * 8-bit field. To change the semantics of the generic 'hardware'
6784  * structure, we would have to adjust many DHCPv4 sources (from
6785  * interface to DHCPv4 lease code), and we would have to update the
6786  * 'hardware' config directive (probably being reverse compatible and
6787  * providing a new upgrade/replacement primitive). This is a little
6788  * too much to change for now. Hopefully we will revisit this before
6789  * hardware types exceeding 8 bits are assigned.
6790  */
6791  if ((htype & 0xFF00) && !once_htype) {
6792  once_htype = 1;
6793  log_error("Attention: At least one client advertises a "
6794  "hardware type of %d, which exceeds the software "
6795  "limitation of 255.", htype);
6796  }
6797 
6798  return find_hosts_by_haddr(host, htype, chaddr, hlen, MDL);
6799 }
6800 
6801 #endif /* DHCPv6 */
6802 
#define FTS_ABANDONED
Definition: dhcpd.h:488
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define DHCPD_SIX_RELAY_FORW_DONE()
Definition: probes.h:416
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1415
struct ipv6_pond * next
Definition: dhcpd.h:1595
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:900
unsigned char peer_address[16]
Definition: dhcp6.h:194
#define DHCPD_SIX_INFORMATION_REQUEST_START()
Definition: probes.h:383
const char int line
Definition: dhcpd.h:3535
#define D6O_IAADDR
Definition: dhcp6.h:35
struct binding_scope * global_scope
Definition: tree.c:39
#define STATUS_NoBinding
Definition: dhcp6.h:86
#define DHCPV6_RELEASE
Definition: dhcp6.h:105
struct subnet * subnets
Definition: dhcpd.h:938
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1226
#define DHCPD_SIX_SOLICIT_DONE()
Definition: probes.h:240
Definition: dhcpd.h:507
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:310
unsigned len
Definition: tree.h:80
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:615
struct shared_network * shared_network
Definition: dhcpd.h:1243
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:581
u_int8_t hlen
Definition: dhcpd.h:440
Definition: dhcpd.h:1530
#define D6O_STATUS_CODE
Definition: dhcp6.h:43
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:378
isc_boolean_t server_duid_isset(void)
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:195
int units
Definition: dhcpd.h:1569
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:402
#define DHCPD_SIX_RELAY_FORW_START()
Definition: probes.h:405
unsigned char msg_type
Definition: dhcp6.h:179
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:57
Definition: dhcpd.h:948
struct universe server_universe
Definition: stables.c:175
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
#define HTYPE_RESERVED
Definition: dhcp.h:84
#define MDL
Definition: omapip.h:568
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1346
#define D6O_PREFERENCE
Definition: dhcp6.h:37
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:638
unsigned char iabuf[16]
Definition: inet.h:33
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2404
#define IA_PD_OFFSET
Definition: dhcp6.h:126
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:85
#define DHCPD_SIX_RELEASE_DONE()
Definition: probes.h:372
const char * dhcpv6_type_names[]
Definition: tables.c:618
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:104
#define DHCPV6_REQUEST
Definition: dhcp6.h:100
int last_ipv6_pool
Definition: dhcpd.h:1605
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:107
#define IAADDR_OFFSET
Definition: dhcp6.h:129
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:699
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:44
struct universe dhcp_universe
#define D6O_SERVERID
Definition: dhcp6.h:32
#define STATUS_NotOnLink
Definition: dhcp6.h:87
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1276
struct option_cache * next
Definition: dhcpd.h:351
#define DHCPD_SIX_RENEW_DONE()
Definition: probes.h:306
#define D6O_INTERFACE_ID
Definition: dhcp6.h:48
#define DHCPD_SIX_DECLINE_DONE()
Definition: probes.h:350
struct option_cache * fixed_addr
Definition: dhcpd.h:873
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:191
#define DUID_LL
Definition: dhcp6.h:121
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2652
u_int32_t valid
Definition: dhcpd.h:1506
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1536
#define FTS_EXPIRED
Definition: dhcpd.h:486
struct on_star on_star
Definition: dhcpd.h:1527
int known
Definition: dhcpd.h:415
struct binding_scope * scope
Definition: dhcpd.h:1502
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1579
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:151
#define STATUS_Success
Definition: dhcp6.h:83
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:124
int find_hosts_by_haddr(struct host_decl **, int, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:610
#define DHCPD_SIX_RENEW_START()
Definition: probes.h:295
#define DHCPD_SIX_SOLICIT_START()
Definition: probes.h:229
#define D6O_CLIENTID
Definition: dhcp6.h:31
struct permit * prohibit_list
Definition: dhcpd.h:1600
Definition: dhcpd.h:500
#define DHCPD_SIX_REBIND_DONE()
Definition: probes.h:328
struct option_state * options
Definition: dhcpd.h:407
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:381
unsigned char link_address[16]
Definition: dhcp6.h:193
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:375
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1318
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:110
int client_port
Definition: dhcpd.h:389
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:111
#define D6O_IA_TA
Definition: dhcp6.h:34
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:123
#define DHCPD_SIX_DECLINE_START()
Definition: probes.h:339
#define D6O_UNICAST
Definition: dhcp6.h:42
#define DHCPD_SIX_REQUEST_DONE()
Definition: probes.h:262
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1555
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:36
#define SV_DDNS_UPDATES
Definition: dhcpd.h:676
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1247
#define D6O_IAPREFIX
Definition: dhcp6.h:56
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:555
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:184
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1575
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:1939
#define DUID_TIME_EPOCH
Definition: dhcp6.h:209
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:847
time_t hard_lifetime_end_time
Definition: dhcpd.h:1503
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2643
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:89
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1054
Definition: dhcpd.h:904
#define DHCPV6_RENEW
Definition: dhcp6.h:102
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1508
struct iaddr net
Definition: dhcpd.h:955
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:680
struct interface_info * interface
Definition: dhcpd.h:391
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:103
u_int16_t local_port
Definition: dhclient.c:87
Definition: dhcpd.h:369
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:759
u_int8_t plen
Definition: dhcpd.h:1500
#define cur_time
Definition: dhcpd.h:1926
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:109
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2291
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:73
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:953
u_int32_t prefer
Definition: dhcpd.h:1505
struct host_decl * n_ipaddr
Definition: dhcpd.h:863
struct hardware hw_address
Definition: dhcpd.h:1245
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2249
#define IA_TA_OFFSET
Definition: dhcp6.h:125
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2406
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:4610
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1534
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1604
binding_state_t state
Definition: dhcpd.h:1501
int packet6_len_okay(const char *packet, int len)
Definition: options.c:3875
struct interface_info * interfaces
Definition: discover.c:40
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:952
int find_hosts_by_uid(struct host_decl **, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:630
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:168
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2047
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:112
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:132
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1564
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:925
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2315
u_int32_t getUChar(const unsigned char *)
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:874
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:912
ia_hash_t * ia_pd_active
Definition: dhcpd.h:849
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1046
const int dhcpv6_type_name_max
Definition: tables.c:636
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:305
unsigned char hop_count
Definition: dhcp6.h:192
#define DHCPD_SIX_CONFIRM_START()
Definition: probes.h:273
struct interface_info * next
Definition: dhcpd.h:1242
struct universe dhcpv6_universe
Definition: tables.c:328
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1757
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2670
#define D6O_IA_NA
Definition: dhcp6.h:33
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2405
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1082
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1016
const char int
Definition: omapip.h:443
struct iaddr netmask
Definition: dhcpd.h:956
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:260
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:99
#define DHCPD_SIX_REQUEST_START()
Definition: probes.h:251
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:338
#define D6O_ORO
Definition: dhcp6.h:36
struct subnet * next_sibling
Definition: dhcpd.h:951
isc_boolean_t unicast
Definition: dhcpd.h:428
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:438
unsigned char data[1]
Definition: tree.h:63
unsigned char transaction_id[3]
Definition: dhcp6.h:180
time_t soft_lifetime_end_time
Definition: dhcpd.h:1504
struct iaddr lo_addr
Definition: inet.h:71
#define DHCPD_SIX_INFORMATION_REQUEST_DONE()
Definition: probes.h:394
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:647
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:441
#define DHCPV6_CONFIRM
Definition: dhcp6.h:101
struct iaddr client_addr
Definition: dhcpd.h:390
ipv6_pond structure
Definition: dhcpd.h:1593
#define HARDWARE_ADDR_LEN
Definition: dhcpd.h:437
#define DHCPD_SIX_CONFIRM_DONE()
Definition: probes.h:284
#define D6O_IA_PD
Definition: dhcp6.h:55
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:185
#define DUID_LLT
Definition: dhcp6.h:119
struct iasubopt ** iasubopt
Definition: dhcpd.h:1537
int write_ia(const struct ia_xx *)
Definition: db.c:519
struct ia_xx * ia
Definition: dhcpd.h:1507
u_int16_t remote_port
Definition: dhclient.c:88
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:150
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:383
const char * file
Definition: dhcpd.h:3535
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1668
#define DHCPD_SIX_RELEASE_START()
Definition: probes.h:361
#define DHCPD_SIX_REBIND_START()
Definition: probes.h:317
struct shared_network * shared_network
Definition: dhcpd.h:1576
struct in6_addr addr
Definition: dhcpd.h:1499
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:376
struct executable_statement * on_commit
Definition: dhcpd.h:502
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:702
const unsigned char * data
Definition: tree.h:79
isc_result_t generate_new_server_duid(void)
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1260
#define D6O_RELAY_MSG
Definition: dhcp6.h:39
struct permit * permit_list
Definition: dhcpd.h:1599
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:50
u_int16_t pool_type
Definition: dhcpd.h:1566
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:108
#define DHCPV6_DECLINE
Definition: dhcp6.h:106
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:382
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:181
void classify_client(struct packet *)
Definition: class.c:63
struct group * group
Definition: dhcpd.h:1596
#define DHCPV6_SOLICIT
Definition: dhcp6.h:98
struct buffer * buffer
Definition: tree.h:78
#define TRACE(probe)
Definition: trace.h:10
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:703
#define STATUS_UseMulticast
Definition: dhcp6.h:88
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:386
#define FTS_ACTIVE
Definition: dhcpd.h:485
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:233