ISC DHCP  4.4.3-P1
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2017 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * This Source Code Form is subject to the terms of the Mozilla Public
5  * License, v. 2.0. If a copy of the MPL was not distributed with this
6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 
21 #ifdef DHCPv6
22 
23 #ifdef DHCP4o6
24 static void forw_dhcpv4_query(struct packet *packet);
25 static void send_dhcpv4_response(struct data_string *raw);
26 
27 static void recv_dhcpv4_query(struct data_string *raw);
28 static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29  struct packet *packet);
30 
31 struct udp_data4o6 {
32  u_int16_t src_port;
33  u_int8_t rsp_opt_exist;
34  u_int8_t reserved;
35 };
36 
37 static int offset_data4o6 = 36; /* 16+16+4 */
38 #endif
39 
40 /*
41  * We use print_hex_1() to output DUID values. We could actually output
42  * the DUID with more information... MAC address if using type 1 or 3,
43  * and so on. However, RFC 3315 contains Grave Warnings against actually
44  * attempting to understand a DUID.
45  */
46 
47 /*
48  * TODO: gettext() or other method of localization for the messages
49  * for status codes (and probably for log formats eventually)
50  * TODO: refactoring (simplify, simplify, simplify)
51  * TODO: support multiple shared_networks on each interface (this
52  * will allow the server to issue multiple IPv6 addresses to
53  * a single interface)
54  */
55 
56 /*
57  * DHCPv6 Reply workflow assist. A Reply packet is built by various
58  * different functions; this gives us one location where we keep state
59  * regarding a reply.
60  */
61 struct reply_state {
62  /* root level persistent state */
63  struct shared_network *shared;
64  struct host_decl *host;
65  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
66  struct option_state *opt_state;
67  struct packet *packet;
68  struct data_string client_id;
69 
70  /* IA level persistent state */
71  unsigned ia_count;
72  unsigned pd_count;
73  unsigned client_resources;
74  isc_boolean_t resources_included;
75  isc_boolean_t static_lease;
76  unsigned static_prefixes;
77  struct ia_xx *ia;
78  struct ia_xx *old_ia;
79  struct option_state *reply_ia;
80  struct data_string fixed;
81  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
82 
83  /* IAADDR/PREFIX level persistent state */
84  struct iasubopt *lease;
85 
86  /*
87  * "t1", "t2", preferred, and valid lifetimes records for calculating
88  * t1 and t2 (min/max).
89  */
90  u_int32_t renew, rebind, min_prefer, min_valid;
91 
92  /* Client-requested valid and preferred lifetimes. */
93  u_int32_t client_valid, client_prefer;
94 
95  /* Chosen values to transmit for valid and preferred lifetimes. */
96  u_int32_t send_valid, send_prefer;
97 
98  /* Preferred prefix length (-1 is any). */
99  int preflen;
100 
101  /* Index into the data field that has been consumed. */
102  unsigned cursor;
103 
104  /* Space for the on commit statements for a fixed host */
105  struct on_star on_star;
106 
107  union reply_buffer {
108  unsigned char data[65536];
109  struct dhcpv6_packet reply;
110  } buf;
111 };
112 
113 /*
114  * Prototypes local to this file.
115  */
116 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
117  struct data_string *enc_opt_data,
118  struct packet *packet,
119  struct option_cache *oc,
120  int offset);
121 static void build_dhcpv6_reply(struct data_string *, struct packet *);
122 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
123  struct packet *packet);
124 static void seek_shared_host(struct host_decl **hp,
125  struct shared_network *shared);
126 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
127  struct shared_network *shared);
128 static isc_result_t reply_process_ia_na(struct reply_state *reply,
129  struct option_cache *ia);
130 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
131  struct option_cache *ia);
132 static isc_result_t reply_process_addr(struct reply_state *reply,
133  struct option_cache *addr);
134 static isc_boolean_t address_is_owned(struct reply_state *reply,
135  struct iaddr *addr);
136 static isc_boolean_t temporary_is_available(struct reply_state *reply,
137  struct iaddr *addr);
138 static isc_result_t find_client_temporaries(struct reply_state *reply);
139 static isc_result_t reply_process_try_addr(struct reply_state *reply,
140  struct iaddr *addr);
141 static isc_result_t find_client_address(struct reply_state *reply);
142 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
143  struct binding_scope **scope,
144  struct group *group);
145 static isc_result_t reply_process_send_addr(struct reply_state *reply,
146  struct iaddr *addr);
147 static struct iasubopt *lease_compare(struct iasubopt *alpha,
148  struct iasubopt *beta);
149 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
150  struct option_cache *ia_pd);
151 static struct group *find_group_by_prefix(struct reply_state *reply);
152 static isc_result_t reply_process_prefix(struct reply_state *reply,
153  struct option_cache *pref);
154 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
155  struct iaddrcidrnet *pref);
156 static isc_result_t find_client_prefix(struct reply_state *reply);
157 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
158  struct iaddrcidrnet *pref);
159 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
160  struct binding_scope **scope,
161  struct group *group);
162 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
163  struct iaddrcidrnet *pref);
164 static struct iasubopt *prefix_compare(struct reply_state *reply,
165  struct iasubopt *alpha,
166  struct iasubopt *beta);
167 static void schedule_lease_timeout_reply(struct reply_state *reply);
168 
169 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
170 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
171  int prefix_mode);
172 
173 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
174  const struct data_string *client_id,
175  const struct data_string *server_id);
176 
177 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
178 static isc_result_t shared_network_from_requested_addr (struct shared_network
179  **shared,
180  struct packet* packet);
181 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
182  struct iaddr* iaddr);
183 
184 static void
185 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
186 
187 static const char *iasubopt_plen_str(struct iasubopt *lease);
188 static int release_on_roam(struct reply_state *reply);
189 
190 static int reuse_lease6(struct reply_state *reply, struct iasubopt *lease);
191 static void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
192  time_t age, int threshold);
193 static void write_to_packet(struct reply_state *reply, unsigned ia_cursor);
194 static const char *iasubopt_plen_str(struct iasubopt *lease);
195 
196 #ifdef NSUPDATE
197 static void ddns_update_static6(struct reply_state* reply);
198 #endif
199 
200 #ifdef DHCP4o6
201 /*
202  * \brief Omapi I/O handler
203  *
204  * The inter-process communication receive handler.
205  * Get the message, put it into the raw data_string
206  * and call \ref send_dhcpv4_response() (DHCPv6 side) or
207  * \ref recv_dhcpv4_query() (DHCPv4 side)
208  *
209  * \param h the OMAPI object
210  * \return a result for I/O success or error (used by the I/O subsystem)
211  */
212 isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
213  char buf[65536];
214  struct data_string raw;
215  int cc;
216 
217  if (h->type != dhcp4o6_type)
218  return DHCP_R_INVALIDARG;
219 
220  cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
221 
222  if (cc < DHCP_FIXED_NON_UDP + offset_data4o6)
223  return ISC_R_UNEXPECTED;
224  memset(&raw, 0, sizeof(raw));
225  if (!buffer_allocate(&raw.buffer, cc, MDL)) {
226  log_error("dhcpv4o6_handler: no memory buffer.");
227  return ISC_R_NOMEMORY;
228  }
229  raw.data = raw.buffer->data;
230  raw.len = cc;
231  memcpy(raw.buffer->data, buf, cc);
232 
233  if (local_family == AF_INET6) {
234  send_dhcpv4_response(&raw);
235  } else {
236  recv_dhcpv4_query(&raw);
237  }
238 
239  data_string_forget(&raw, MDL);
240 
241  return ISC_R_SUCCESS;
242 }
243 
244 /*
245  * \brief Send the DHCPv4-response back to the DHCPv6 side
246  * (DHCPv6 server function)
247  *
248  * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-response message
249  *
250  * \param raw the IPC message content
251  */
252 static void send_dhcpv4_response(struct data_string *raw) {
253  struct interface_info *ip;
254  char name[16 + 1];
255  struct sockaddr_in6 to_addr;
256  char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
257  struct udp_data4o6 udp_data;
258  int send_ret;
259 
260  memset(name, 0, sizeof(name));
261  memcpy(name, raw->data, 16);
262  for (ip = interfaces; ip != NULL; ip = ip->next) {
263  if (!strcmp(name, ip->name))
264  break;
265  }
266  if (ip == NULL) {
267  log_error("send_dhcpv4_response: can't find interface %s.",
268  name);
269  return;
270  }
271 
272  memset(&to_addr, 0, sizeof(to_addr));
273  to_addr.sin6_family = AF_INET6;
274  memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
275  memset(&udp_data, 0, sizeof(udp_data));
276  memcpy(&udp_data, raw->data + 32, 4);
277  if ((raw->data[36] == DHCPV6_RELAY_FORW) ||
278  (raw->data[36] == DHCPV6_RELAY_REPL)) {
279  if (udp_data.rsp_opt_exist) {
280  to_addr.sin6_port = udp_data.src_port;
281  } else {
282  to_addr.sin6_port = local_port;
283  }
284  } else {
285  to_addr.sin6_port = remote_port;
286  }
287 
288  log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
289  dhcpv6_type_names[raw->data[36]],
290  name,
291  inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
292  ntohs(to_addr.sin6_port));
293 
294  send_ret = send_packet6(ip, raw->data + 36, raw->len - 36, &to_addr);
295  if (send_ret < 0) {
296  log_error("send_dhcpv4_response: send_packet6(): %m");
297  } else if (send_ret != raw->len - 36) {
298  log_error("send_dhcpv4_response: send_packet6() "
299  "sent %d of %d bytes",
300  send_ret, raw->len - 36);
301  }
302 }
303 #endif /* DHCP4o6 */
304 
305 /*
306  * Schedule lease timeouts for all of the iasubopts in the reply.
307  * This is currently used to schedule timeouts for soft leases.
308  */
309 
310 static void
311 schedule_lease_timeout_reply(struct reply_state *reply) {
312  struct iasubopt *tmp;
313  int i;
314 
315  /* sanity check the reply */
316  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
317  return;
318 
319  /* walk through the list, scheduling as we go */
320  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
321  tmp = reply->ia->iasubopt[i];
323  }
324 }
325 
326 /*
327  * This function returns the time since DUID time start for the
328  * given time_t value.
329  */
330 static u_int32_t
331 duid_time(time_t when) {
332  /*
333  * This time is modulo 2^32.
334  */
335  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
336  /* use 2^31 to avoid spurious compiler warnings */
337  when -= 2147483648u;
338  when -= 2147483648u;
339  }
340 
341  return when - DUID_TIME_EPOCH;
342 }
343 
344 
345 /*
346  * Server DUID.
347  *
348  * This must remain the same for the lifetime of this server, because
349  * clients return the server DUID that we sent them in Request packets.
350  *
351  * We pick the server DUID like this:
352  *
353  * 1. Check dhcpd.conf - any value the administrator has configured
354  * overrides any possible values.
355  * 2. Check the leases.txt - we want to use the previous value if
356  * possible.
357  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
358  * and generate that type.
359  * 4. Generate a type 1 (time + hardware address) DUID.
360  */
361 static struct data_string server_duid;
362 
363 /*
364  * Check if the server_duid has been set.
365  */
367 server_duid_isset(void) {
368  return (server_duid.data != NULL);
369 }
370 
371 /*
372  * Return the server_duid.
373  */
374 void
375 copy_server_duid(struct data_string *ds, const char *file, int line) {
376  data_string_copy(ds, &server_duid, file, line);
377 }
378 
379 /*
380  * Set the server DUID to a specified value. This is used when
381  * the server DUID is stored in persistent memory (basically the
382  * leases.txt file).
383  */
384 void
385 set_server_duid(struct data_string *new_duid) {
386  /* INSIST(new_duid != NULL); */
387  /* INSIST(new_duid->data != NULL); */
388 
389  if (server_duid_isset()) {
390  data_string_forget(&server_duid, MDL);
391  }
392  data_string_copy(&server_duid, new_duid, MDL);
393 }
394 
395 
396 /*
397  * Set the server DUID based on the D6O_SERVERID option. This handles
398  * the case where the administrator explicitly put it in the dhcpd.conf
399  * file.
400  */
401 isc_result_t
403  struct option_state *opt_state;
404  struct option_cache *oc;
405  struct data_string option_duid;
406  isc_result_t ret_val;
407 
408  opt_state = NULL;
409  if (!option_state_allocate(&opt_state, MDL)) {
410  log_fatal("No memory for server DUID.");
411  }
412 
413  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
414  opt_state, &global_scope, root_group,
415  NULL, NULL);
416 
417  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
418  if (oc == NULL) {
419  ret_val = ISC_R_NOTFOUND;
420  } else {
421  memset(&option_duid, 0, sizeof(option_duid));
422  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
423  opt_state, NULL, &global_scope,
424  oc, MDL)) {
425  ret_val = ISC_R_UNEXPECTED;
426  } else {
427  set_server_duid(&option_duid);
428  data_string_forget(&option_duid, MDL);
429  ret_val = ISC_R_SUCCESS;
430  }
431  }
432 
433  option_state_dereference(&opt_state, MDL);
434 
435  return ret_val;
436 }
437 
438 /*
439  * DUID layout, as defined in RFC 3315, section 9.
440  *
441  * We support type 1 (hardware address plus time) and type 3 (hardware
442  * address).
443  *
444  * We can support type 2 for specific vendors in the future, if they
445  * publish the specification. And of course there may be additional
446  * types later.
447  */
448 static int server_duid_type = DUID_LLT;
449 
450 /*
451  * Set the DUID type.
452  */
453 void
454 set_server_duid_type(int type) {
455  server_duid_type = type;
456 }
457 
458 /*
459  * Generate a new server DUID. This is done if there was no DUID in
460  * the leases.txt or in the dhcpd.conf file.
461  */
462 isc_result_t
464  struct interface_info *p;
465  u_int32_t time_val;
466  struct data_string generated_duid;
467 
468  /*
469  * Verify we have a type that we support.
470  */
471  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
472  log_error("Invalid DUID type %d specified, "
473  "only LL and LLT types supported", server_duid_type);
474  return DHCP_R_INVALIDARG;
475  }
476 
477  /*
478  * Find an interface with a hardware address.
479  * Any will do. :)
480  */
481  for (p = interfaces; p != NULL; p = p->next) {
482  if (p->hw_address.hlen > 0) {
483  break;
484  }
485  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
486  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
487  }
488  }
489  if (p == NULL) {
490  return ISC_R_UNEXPECTED;
491  }
492 
493  /*
494  * Build our DUID.
495  */
496  memset(&generated_duid, 0, sizeof(generated_duid));
497  if (server_duid_type == DUID_LLT) {
498  time_val = duid_time(time(NULL));
499  generated_duid.len = 8 + p->hw_address.hlen - 1;
500  if (!buffer_allocate(&generated_duid.buffer,
501  generated_duid.len, MDL)) {
502  log_fatal("No memory for server DUID.");
503  }
504  generated_duid.data = generated_duid.buffer->data;
505  putUShort(generated_duid.buffer->data, DUID_LLT);
506  putUShort(generated_duid.buffer->data + 2,
507  p->hw_address.hbuf[0]);
508  putULong(generated_duid.buffer->data + 4, time_val);
509  memcpy(generated_duid.buffer->data + 8,
510  p->hw_address.hbuf+1, p->hw_address.hlen-1);
511  } else if (server_duid_type == DUID_LL) {
512  generated_duid.len = 4 + p->hw_address.hlen - 1;
513  if (!buffer_allocate(&generated_duid.buffer,
514  generated_duid.len, MDL)) {
515  log_fatal("No memory for server DUID.");
516  }
517  generated_duid.data = generated_duid.buffer->data;
518  putUShort(generated_duid.buffer->data, DUID_LL);
519  putUShort(generated_duid.buffer->data + 2,
520  p->hw_address.hbuf[0]);
521  memcpy(generated_duid.buffer->data + 4,
522  p->hw_address.hbuf+1, p->hw_address.hlen-1);
523  } else {
524  log_fatal("Unsupported server DUID type %d.", server_duid_type);
525  }
526 
527  set_server_duid(&generated_duid);
528  data_string_forget(&generated_duid, MDL);
529 
530  return ISC_R_SUCCESS;
531 }
532 
533 /*
534  * Get the client identifier from the packet.
535  */
536 isc_result_t
537 get_client_id(struct packet *packet, struct data_string *client_id) {
538  struct option_cache *oc;
539 
540  /*
541  * Verify our client_id structure is empty.
542  */
543  if ((client_id->data != NULL) || (client_id->len != 0)) {
544  return DHCP_R_INVALIDARG;
545  }
546 
548  if (oc == NULL) {
549  return ISC_R_NOTFOUND;
550  }
551 
552  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
553  packet->options, NULL,
554  &global_scope, oc, MDL)) {
555  return ISC_R_FAILURE;
556  }
557 
558  return ISC_R_SUCCESS;
559 }
560 
561 /*
562  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
563  *
564  * Servers MUST discard any Solicit messages that do not include a
565  * Client Identifier option or that do include a Server Identifier
566  * option.
567  */
568 int
569 valid_client_msg(struct packet *packet, struct data_string *client_id) {
570  int ret_val;
571  struct option_cache *oc;
572  struct data_string data;
573 
574  ret_val = 0;
575  memset(client_id, 0, sizeof(*client_id));
576  memset(&data, 0, sizeof(data));
577 
578  switch (get_client_id(packet, client_id)) {
579  case ISC_R_SUCCESS:
580  break;
581  case ISC_R_NOTFOUND:
582  log_debug("Discarding %s from %s; "
583  "client identifier missing",
586  goto exit;
587  default:
588  log_error("Error processing %s from %s; "
589  "unable to evaluate Client Identifier",
592  goto exit;
593  }
594 
595  /*
596  * Required by RFC 3315, section 15.
597  */
598  if (packet->unicast) {
599  log_debug("Discarding %s from %s; packet sent unicast "
600  "(CLIENTID %s)",
603  print_hex_1(client_id->len, client_id->data, 60));
604  goto exit;
605  }
606 
607 
609  if (oc != NULL) {
610  if (evaluate_option_cache(&data, packet, NULL, NULL,
611  packet->options, NULL,
612  &global_scope, oc, MDL)) {
613  log_debug("Discarding %s from %s; "
614  "server identifier found "
615  "(CLIENTID %s, SERVERID %s)",
618  print_hex_1(client_id->len,
619  client_id->data, 60),
620  print_hex_2(data.len,
621  data.data, 60));
622  } else {
623  log_debug("Discarding %s from %s; "
624  "server identifier found "
625  "(CLIENTID %s)",
627  print_hex_1(client_id->len,
628  client_id->data, 60),
630  }
631  goto exit;
632  }
633 
634  /* looks good */
635  ret_val = 1;
636 
637 exit:
639  if (!ret_val) {
640  data_string_forget(client_id, MDL);
641  }
642  return ret_val;
643 }
644 
645 /*
646  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
647  * 15.9 (slightly different wording, but same meaning):
648  *
649  * Servers MUST discard any received Request message that meet any of
650  * the following conditions:
651  *
652  * - the message does not include a Server Identifier option.
653  * - the contents of the Server Identifier option do not match the
654  * server's DUID.
655  * - the message does not include a Client Identifier option.
656  */
657 int
658 valid_client_resp(struct packet *packet,
659  struct data_string *client_id,
660  struct data_string *server_id)
661 {
662  int ret_val;
663  struct option_cache *oc;
664 
665  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
666 
667  ret_val = 0;
668  memset(client_id, 0, sizeof(*client_id));
669  memset(server_id, 0, sizeof(*server_id));
670 
671  switch (get_client_id(packet, client_id)) {
672  case ISC_R_SUCCESS:
673  break;
674  case ISC_R_NOTFOUND:
675  log_debug("Discarding %s from %s; "
676  "client identifier missing",
679  goto exit;
680  default:
681  log_error("Error processing %s from %s; "
682  "unable to evaluate Client Identifier",
685  goto exit;
686  }
687 
689  if (oc == NULL) {
690  log_debug("Discarding %s from %s: "
691  "server identifier missing (CLIENTID %s)",
694  print_hex_1(client_id->len, client_id->data, 60));
695  goto exit;
696  }
697  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
698  packet->options, NULL,
699  &global_scope, oc, MDL)) {
700  log_error("Error processing %s from %s; "
701  "unable to evaluate Server Identifier (CLIENTID %s)",
704  print_hex_1(client_id->len, client_id->data, 60));
705  goto exit;
706  }
707  if ((server_duid.len != server_id->len) ||
708  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
709  log_debug("Discarding %s from %s; "
710  "not our server identifier "
711  "(CLIENTID %s, SERVERID %s, server DUID %s)",
714  print_hex_1(client_id->len, client_id->data, 60),
715  print_hex_2(server_id->len, server_id->data, 60),
716  print_hex_3(server_duid.len, server_duid.data, 60));
717  goto exit;
718  }
719 
720  /* looks good */
721  ret_val = 1;
722 
723 exit:
724  if (!ret_val) {
725  data_string_forget(server_id, MDL);
726  data_string_forget(client_id, MDL);
727  }
728  return ret_val;
729 }
730 
731 /*
732  * Information request validation, defined in RFC 3315, section 15.12:
733  *
734  * Servers MUST discard any received Information-request message that
735  * meets any of the following conditions:
736  *
737  * - The message includes a Server Identifier option and the DUID in
738  * the option does not match the server's DUID.
739  *
740  * - The message includes an IA option.
741  */
742 int
743 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
744  int ret_val;
745  struct option_cache *oc;
746  struct data_string client_id;
747  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
748  plus a few more for extra information */
749 
750  ret_val = 0;
751  memset(server_id, 0, sizeof(*server_id));
752  memset(&client_id, 0, sizeof(client_id));
753 
754  /*
755  * Make a string that we can print out to give more
756  * information about the client if we need to.
757  *
758  * By RFC 3315, Section 18.1.5 clients SHOULD have a
759  * client-id on an Information-request packet, but it
760  * is not strictly necessary.
761  */
762  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
763  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
764  print_hex_1(client_id.len, client_id.data, 60));
765  data_string_forget(&client_id, MDL);
766  } else {
767  client_id_str[0] = '\0';
768  }
769 
770  /*
771  * Required by RFC 3315, section 15.
772  */
773  if (packet->unicast) {
774  log_debug("Discarding %s from %s; packet sent unicast%s",
776  piaddr(packet->client_addr), client_id_str);
777  goto exit;
778  }
779 
781  if (oc != NULL) {
782  log_debug("Discarding %s from %s; "
783  "IA_NA option present%s",
785  piaddr(packet->client_addr), client_id_str);
786  goto exit;
787  }
789  if (oc != NULL) {
790  log_debug("Discarding %s from %s; "
791  "IA_TA option present%s",
793  piaddr(packet->client_addr), client_id_str);
794  goto exit;
795  }
797  if (oc != NULL) {
798  log_debug("Discarding %s from %s; "
799  "IA_PD option present%s",
801  piaddr(packet->client_addr), client_id_str);
802  goto exit;
803  }
804 
806  if (oc != NULL) {
807  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
808  packet->options, NULL,
809  &global_scope, oc, MDL)) {
810  log_error("Error processing %s from %s; "
811  "unable to evaluate Server Identifier%s",
813  piaddr(packet->client_addr), client_id_str);
814  goto exit;
815  }
816  if ((server_duid.len != server_id->len) ||
817  (memcmp(server_duid.data, server_id->data,
818  server_duid.len) != 0)) {
819  log_debug("Discarding %s from %s; "
820  "not our server identifier "
821  "(SERVERID %s, server DUID %s)%s",
824  print_hex_1(server_id->len,
825  server_id->data, 60),
826  print_hex_2(server_duid.len,
827  server_duid.data, 60),
828  client_id_str);
829  goto exit;
830  }
831  }
832 
833  /* looks good */
834  ret_val = 1;
835 
836 exit:
837  if (!ret_val) {
838  data_string_forget(server_id, MDL);
839  }
840  return ret_val;
841 }
842 
843 /*
844  * Options that we want to send, in addition to what was requested
845  * via the ORO.
846  */
847 static const int required_opts[] = {
848  D6O_CLIENTID,
849  D6O_SERVERID,
852  0
853 };
854 static const int required_opts_solicit[] = {
855  D6O_CLIENTID,
856  D6O_SERVERID,
857  D6O_IA_NA,
858  D6O_IA_TA,
859  D6O_IA_PD,
864  0
865 };
866 static const int required_opts_agent[] = {
868 #if defined(RELAY_PORT)
870 #endif
872  0
873 };
874 static const int required_opts_IA[] = {
875  D6O_IAADDR,
877  0
878 };
879 static const int required_opts_IA_PD[] = {
880  D6O_IAPREFIX,
882  0
883 };
884 static const int required_opts_STATUS_CODE[] = {
886  0
887 };
888 #ifdef DHCP4o6
889 static const int required_opts_4o6[] = {
891  0
892 };
893 #endif
894 
895 static const int unicast_reject_opts[] = {
896  D6O_CLIENTID,
897  D6O_SERVERID,
899  0
900 };
901 
902 
903 /*
904  * Extracts from packet contents an IA_* option, storing the IA structure
905  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
906  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
907  * where in the IA_* the DHCPv6 options commence.
908  */
909 static int
910 get_encapsulated_IA_state(struct option_state **enc_opt_state,
911  struct data_string *enc_opt_data,
912  struct packet *packet,
913  struct option_cache *oc,
914  int offset)
915 {
916  /*
917  * Get the raw data for the encapsulated options.
918  */
919  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
920  if (!evaluate_option_cache(enc_opt_data, packet,
921  NULL, NULL, packet->options, NULL,
922  &global_scope, oc, MDL)) {
923  log_error("get_encapsulated_IA_state: "
924  "error evaluating raw option.");
925  return 0;
926  }
927  if (enc_opt_data->len < offset) {
928  log_error("get_encapsulated_IA_state: raw option too small.");
929  data_string_forget(enc_opt_data, MDL);
930  return 0;
931  }
932 
933  /*
934  * Now create the option state structure, and pass it to the
935  * function that parses options.
936  */
937  *enc_opt_state = NULL;
938  if (!option_state_allocate(enc_opt_state, MDL)) {
939  log_error("get_encapsulated_IA_state: no memory for options.");
940  data_string_forget(enc_opt_data, MDL);
941  return 0;
942  }
943  if (!parse_option_buffer(*enc_opt_state,
944  enc_opt_data->data + offset,
945  enc_opt_data->len - offset,
946  &dhcpv6_universe)) {
947  log_error("get_encapsulated_IA_state: error parsing options.");
948  option_state_dereference(enc_opt_state, MDL);
949  data_string_forget(enc_opt_data, MDL);
950  return 0;
951  }
952 
953  return 1;
954 }
955 
956 static int
957 set_status_code(u_int16_t status_code, const char *status_message,
958  struct option_state *opt_state)
959 {
960  struct data_string d;
961  int ret_val;
962 
963  memset(&d, 0, sizeof(d));
964  d.len = sizeof(status_code) + strlen(status_message);
965  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
966  log_fatal("set_status_code: no memory for status code.");
967  }
968  d.data = d.buffer->data;
969  putUShort(d.buffer->data, status_code);
970  memcpy(d.buffer->data + sizeof(status_code),
971  status_message, d.len - sizeof(status_code));
972  if (!save_option_buffer(&dhcpv6_universe, opt_state,
973  d.buffer, (unsigned char *)d.data, d.len,
974  D6O_STATUS_CODE, 0)) {
975  log_error("set_status_code: error saving status code.");
976  ret_val = 0;
977  } else {
978  ret_val = 1;
979  }
980  data_string_forget(&d, MDL);
981  return ret_val;
982 }
983 
984 void check_pool6_threshold(struct reply_state *reply,
985  struct iasubopt *lease)
986 {
987  struct ipv6_pond *pond;
988  isc_uint64_t used, count, high_threshold;
989  int poolhigh = 0, poollow = 0;
990  char *shared_name = "no name";
991  char tmp_addr[INET6_ADDRSTRLEN];
992 
993  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
994  return;
995  pond = lease->ipv6_pool->ipv6_pond;
996 
997  /* If the address range is too large to track, just skip all this. */
998  if (pond->jumbo_range == 1) {
999  return;
1000  }
1001 
1002  count = pond->num_total;
1003  used = pond->num_active;
1004 
1005  /* get network name for logging */
1006  if ((pond->shared_network != NULL) &&
1007  (pond->shared_network->name != NULL)) {
1008  shared_name = pond->shared_network->name;
1009  }
1010 
1011  /* The logged flag indicates if we have already crossed the high
1012  * threshold and emitted a log message. If it is set we check to
1013  * see if we have re-crossed the low threshold and need to reset
1014  * things. When we cross the high threshold we determine what
1015  * the low threshold is and save it into the low_threshold value.
1016  * When we cross that threshold we reset the logged flag and
1017  * the low_threshold to 0 which allows the high threshold message
1018  * to be emitted once again.
1019  * if we haven't recrossed the boundry we don't need to do anything.
1020  */
1021  if (pond->logged !=0) {
1022  if (used <= pond->low_threshold) {
1023  pond->low_threshold = 0;
1024  pond->logged = 0;
1025  log_error("Pool threshold reset - shared subnet: %s; "
1026  "address: %s; low threshold %llu/%llu.",
1027  shared_name,
1028  inet_ntop(AF_INET6, &lease->addr,
1029  tmp_addr, sizeof(tmp_addr)),
1030  (long long unsigned)(used),
1031  (long long unsigned)(count));
1032  }
1033  return;
1034  }
1035 
1036  /* find the high threshold */
1037  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1038  NULL, reply->packet->options, reply->opt_state,
1039  reply->opt_state, &lease->scope,
1040  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1041  /* no threshold bail out */
1042  return;
1043  }
1044 
1045  /* We do have a threshold for this pool, see if its valid */
1046  if ((poolhigh <= 0) || (poolhigh > 100)) {
1047  /* not valid */
1048  return;
1049  }
1050 
1051  /* we have a valid value, have we exceeded it */
1052  high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1053  if (used < high_threshold) {
1054  /* nope, no more to do */
1055  return;
1056  }
1057 
1058  /* we've exceeded it, output a message */
1059  log_error("Pool threshold exceeded - shared subnet: %s; "
1060  "address: %s; high threshold %d%% %llu/%llu.",
1061  shared_name,
1062  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1063  poolhigh, (long long unsigned)(used),
1064  (long long unsigned)(count));
1065 
1066  /* handle the low threshold now, if we don't
1067  * have one we default to 0. */
1068  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1069  NULL, reply->packet->options, reply->opt_state,
1070  reply->opt_state, &lease->scope,
1071  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1072  (poollow > 100)) {
1073  poollow = 0;
1074  }
1075 
1076  /*
1077  * If the low theshold is higher than the high threshold we continue to log
1078  * If it isn't then we set the flag saying we already logged and determine
1079  * what the reset threshold is.
1080  */
1081  if (poollow < poolhigh) {
1082  pond->logged = 1;
1083  pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1084  }
1085 }
1086 
1087 /*
1088  * We have a set of operations we do to set up the reply packet, which
1089  * is the same for many message types.
1090  */
1091 static int
1092 start_reply(struct packet *packet,
1093  const struct data_string *client_id,
1094  const struct data_string *server_id,
1095  struct option_state **opt_state,
1096  struct dhcpv6_packet *reply)
1097 {
1098  struct option_cache *oc;
1099  const unsigned char *server_id_data;
1100  int server_id_len;
1101 
1102  /*
1103  * Build our option state for reply.
1104  */
1105  *opt_state = NULL;
1106  if (!option_state_allocate(opt_state, MDL)) {
1107  log_error("start_reply: no memory for option_state.");
1108  return 0;
1109  }
1110  execute_statements_in_scope(NULL, packet, NULL, NULL,
1111  packet->options, *opt_state,
1112  &global_scope, root_group, NULL, NULL);
1113 
1114  /*
1115  * A small bit of special handling for Solicit messages.
1116  *
1117  * We could move the logic into a flag, but for now just check
1118  * explicitly.
1119  */
1121  reply->msg_type = DHCPV6_ADVERTISE;
1122 
1123  /*
1124  * If:
1125  * - this message type supports rapid commit (Solicit), and
1126  * - the server is configured to supply a rapid commit, and
1127  * - the client requests a rapid commit,
1128  * Then we add a rapid commit option, and send Reply (instead
1129  * of an Advertise).
1130  */
1132  *opt_state, D6O_RAPID_COMMIT);
1133  if (oc != NULL) {
1136  if (oc != NULL) {
1137  /* Rapid-commit in action. */
1138  reply->msg_type = DHCPV6_REPLY;
1139  } else {
1140  /* Don't want a rapid-commit in advertise. */
1142  *opt_state, D6O_RAPID_COMMIT);
1143  }
1144  }
1145  } else {
1146  reply->msg_type = DHCPV6_REPLY;
1147  /* Delete the rapid-commit from the sent options. */
1149  *opt_state, D6O_RAPID_COMMIT);
1150  if (oc != NULL) {
1152  *opt_state, D6O_RAPID_COMMIT);
1153  }
1154  }
1155 
1156  /*
1157  * Use the client's transaction identifier for the reply.
1158  */
1160  sizeof(reply->transaction_id));
1161 
1162  /*
1163  * RFC 3315, section 18.2 says we need server identifier and
1164  * client identifier.
1165  *
1166  * If the server ID is defined via the configuration file, then
1167  * it will already be present in the option state at this point,
1168  * so we don't need to set it.
1169  *
1170  * If we have a server ID passed in from the caller,
1171  * use that, otherwise use the global DUID.
1172  */
1173  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1174  if (oc == NULL) {
1175  if (server_id == NULL) {
1176  server_id_data = server_duid.data;
1177  server_id_len = server_duid.len;
1178  } else {
1179  server_id_data = server_id->data;
1180  server_id_len = server_id->len;
1181  }
1182  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1183  NULL, (unsigned char *)server_id_data,
1184  server_id_len, D6O_SERVERID, 0)) {
1185  log_error("start_reply: "
1186  "error saving server identifier.");
1187  return 0;
1188  }
1189  }
1190 
1191  if (client_id->buffer != NULL) {
1192  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1193  client_id->buffer,
1194  (unsigned char *)client_id->data,
1195  client_id->len,
1196  D6O_CLIENTID, 0)) {
1197  log_error("start_reply: error saving "
1198  "client identifier.");
1199  return 0;
1200  }
1201  }
1202 
1203  /*
1204  * If the client accepts reconfiguration, let it know that we
1205  * will send them.
1206  *
1207  * Note: we don't actually do this yet, but DOCSIS requires we
1208  * claim to.
1209  */
1212  if (oc != NULL) {
1213  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1214  NULL, (unsigned char *)"", 0,
1215  D6O_RECONF_ACCEPT, 0)) {
1216  log_error("start_reply: "
1217  "error saving RECONF_ACCEPT option.");
1218  option_state_dereference(opt_state, MDL);
1219  return 0;
1220  }
1221  }
1222 
1223  return 1;
1224 }
1225 
1226 /*
1227  * Try to get the IPv6 address the client asked for from the
1228  * pool.
1229  *
1230  * addr is the result (should be a pointer to NULL on entry)
1231  * pool is the pool to search in
1232  * requested_addr is the address the client wants
1233  */
1234 static isc_result_t
1235 try_client_v6_address(struct iasubopt **addr,
1236  struct ipv6_pool *pool,
1237  const struct data_string *requested_addr)
1238 {
1239  struct in6_addr tmp_addr;
1240  isc_result_t result;
1241 
1242  if (requested_addr->len < sizeof(tmp_addr)) {
1243  return DHCP_R_INVALIDARG;
1244  }
1245  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1246  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1247  return ISC_R_FAILURE;
1248  }
1249 
1250  /*
1251  * The address is not covered by this (or possibly any) dynamic
1252  * range.
1253  */
1254  if (!ipv6_in_pool(&tmp_addr, pool)) {
1255  return ISC_R_ADDRNOTAVAIL;
1256  }
1257 
1258  if (lease6_exists(pool, &tmp_addr)) {
1259  return ISC_R_ADDRINUSE;
1260  }
1261 
1262  result = iasubopt_allocate(addr, MDL);
1263  if (result != ISC_R_SUCCESS) {
1264  return result;
1265  }
1266  (*addr)->addr = tmp_addr;
1267  (*addr)->plen = 0;
1268 
1269  /* Default is soft binding for 2 minutes. */
1270  result = add_lease6(pool, *addr, cur_time + 120);
1271  if (result != ISC_R_SUCCESS) {
1272  iasubopt_dereference(addr, MDL);
1273  }
1274  return result;
1275 }
1276 
1298 static isc_result_t
1299 pick_v6_address(struct reply_state *reply)
1300 {
1301  struct ipv6_pool *p = NULL;
1302  struct ipv6_pond *pond;
1303  int i;
1304  int start_pool;
1305  unsigned int attempts;
1306  char tmp_buf[INET6_ADDRSTRLEN];
1307  struct iasubopt **addr = &reply->lease;
1308  isc_uint64_t total = 0;
1309  isc_uint64_t active = 0;
1310  isc_uint64_t abandoned = 0;
1311  int jumbo_range = 0;
1312  char *shared_name = (reply->shared->name ?
1313  reply->shared->name : "(no name)");
1314 
1315  /*
1316  * Do a quick walk through of the ponds and pools
1317  * to see if we have any NA address pools
1318  */
1319  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1320  if (pond->ipv6_pools == NULL)
1321  continue;
1322 
1323  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1324  if (p->pool_type == D6O_IA_NA)
1325  break;
1326  }
1327  if (p != NULL)
1328  break;
1329  }
1330 
1331  /* If we get here and p is NULL we have no useful pools */
1332  if (p == NULL) {
1333  log_debug("Unable to pick client address: "
1334  "no IPv6 pools on this shared network");
1335  return ISC_R_NORESOURCES;
1336  }
1337 
1338  /*
1339  * We have at least one pool that could provide an address
1340  * Now we walk through the ponds and pools again and check
1341  * to see if the client is permitted and if an address is
1342  * available
1343  *
1344  * Within a given pond we start looking at the last pool we
1345  * allocated from, unless it had a collision trying to allocate
1346  * an address. This will tend to move us into less-filled pools.
1347  */
1348 
1349  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1350  isc_result_t result = ISC_R_FAILURE;
1351 
1352  if (((pond->prohibit_list != NULL) &&
1353  (permitted(reply->packet, pond->prohibit_list))) ||
1354  ((pond->permit_list != NULL) &&
1355  (!permitted(reply->packet, pond->permit_list))))
1356  continue;
1357 
1358 #ifdef EUI_64
1359  /* If pond is EUI-64 but client duid isn't a valid EUI-64
1360  * id, then skip this pond */
1361  if (pond->use_eui_64 &&
1362  !valid_eui_64_duid(&reply->ia->iaid_duid, IAID_LEN)) {
1363  continue;
1364  }
1365 #endif
1366 
1367  start_pool = pond->last_ipv6_pool;
1368  i = start_pool;
1369  do {
1370  p = pond->ipv6_pools[i];
1371  if (p->pool_type == D6O_IA_NA) {
1372 #ifdef EUI_64
1373  if (pond->use_eui_64) {
1374  result =
1375  create_lease6_eui_64(p, addr,
1376  &reply->ia->iaid_duid,
1377  cur_time + 120);
1378  }
1379  else
1380 #endif
1381  {
1382  result =
1383  create_lease6(p, addr, &attempts,
1384  &reply->ia->iaid_duid,
1385  cur_time + 120);
1386 
1387  }
1388 
1389  if (result == ISC_R_SUCCESS) {
1390  /*
1391  * Record the pool used (or next one if
1392  * there was a collision).
1393  */
1394  if (attempts > 1) {
1395  i++;
1396  if (pond->ipv6_pools[i]
1397  == NULL) {
1398  i = 0;
1399  }
1400  }
1401 
1402  pond->last_ipv6_pool = i;
1403 
1404  log_debug("Picking pool address %s",
1405  inet_ntop(AF_INET6,
1406  &((*addr)->addr),
1407  tmp_buf, sizeof(tmp_buf)));
1408  return (ISC_R_SUCCESS);
1409  }
1410  }
1411 
1412  i++;
1413  if (pond->ipv6_pools[i] == NULL) {
1414  i = 0;
1415  }
1416  } while (i != start_pool);
1417 
1418  if (result == ISC_R_NORESOURCES) {
1419  jumbo_range += pond->jumbo_range;
1420  total += pond->num_total;
1421  active += pond->num_active;
1422  abandoned += pond->num_abandoned;
1423  }
1424  }
1425 
1426  /*
1427  * If we failed to pick an IPv6 address from any of the subnets.
1428  * Presumably that means we have no addresses for the client.
1429  */
1430  if (jumbo_range != 0) {
1431  log_debug("Unable to pick client address: "
1432  "no addresses available - shared network %s: "
1433  " 2^64-1 < total, %llu active, %llu abandoned",
1434  shared_name, (long long unsigned)(active - abandoned),
1435  (long long unsigned)(abandoned));
1436  } else {
1437  log_debug("Unable to pick client address: "
1438  "no addresses available - shared network %s: "
1439  "%llu total, %llu active, %llu abandoned",
1440  shared_name, (long long unsigned)(total),
1441  (long long unsigned)(active - abandoned),
1442  (long long unsigned)(abandoned));
1443  }
1444 
1445  return ISC_R_NORESOURCES;
1446 }
1447 
1448 /*
1449  * Try to get the IPv6 prefix the client asked for from the
1450  * prefix pool.
1451  *
1452  * pref is the result (should be a pointer to NULL on entry)
1453  * pool is the prefix pool to search in
1454  * requested_pref is the address the client wants
1455  */
1456 static isc_result_t
1457 try_client_v6_prefix(struct iasubopt **pref,
1458  struct ipv6_pool *pool,
1459  const struct data_string *requested_pref)
1460 {
1461  u_int8_t tmp_plen;
1462  struct in6_addr tmp_pref;
1463  struct iaddr ia;
1464  isc_result_t result;
1465 
1466  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1467  return DHCP_R_INVALIDARG;
1468  }
1469 
1470  tmp_plen = (int) requested_pref->data[0];
1471  if ((tmp_plen < 3) || (tmp_plen > 128)) {
1472  return ISC_R_FAILURE;
1473  }
1474 
1475  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1476  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1477  return ISC_R_FAILURE;
1478  }
1479 
1480  ia.len = 16;
1481  memcpy(&ia.iabuf, &tmp_pref, 16);
1482  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1483  return ISC_R_FAILURE;
1484  }
1485 
1486  if (!ipv6_in_pool(&tmp_pref, pool) ||
1487  ((int)tmp_plen != pool->units)) {
1488  return ISC_R_ADDRNOTAVAIL;
1489  }
1490 
1491  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1492  return ISC_R_ADDRINUSE;
1493  }
1494 
1495  result = iasubopt_allocate(pref, MDL);
1496  if (result != ISC_R_SUCCESS) {
1497  return result;
1498  }
1499 
1500  (*pref)->addr = tmp_pref;
1501  (*pref)->plen = tmp_plen;
1502 
1503  /* Default is soft binding for 2 minutes. */
1504  result = add_lease6(pool, *pref, cur_time + 120);
1505  if (result != ISC_R_SUCCESS) {
1506  iasubopt_dereference(pref, MDL);
1507  }
1508 
1509  return result;
1510 }
1511 
1551 static isc_result_t
1552 pick_v6_prefix(struct reply_state *reply) {
1553  struct ipv6_pool *p = NULL;
1554  struct ipv6_pond *pond;
1555  int i;
1556  isc_result_t result;
1557 
1558  /*
1559  * Do a quick walk through of the ponds and pools
1560  * to see if we have any prefix pools
1561  */
1562  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1563  if (pond->ipv6_pools == NULL)
1564  continue;
1565 
1566  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1567  if (p->pool_type == D6O_IA_PD)
1568  break;
1569  }
1570  if (p != NULL)
1571  break;
1572  }
1573 
1574  /* If we get here and p is NULL we have no useful pools */
1575  if (p == NULL) {
1576  log_debug("Unable to pick client prefix: "
1577  "no IPv6 pools on this shared network");
1578  return ISC_R_NORESOURCES;
1579  }
1580 
1581  if (reply->preflen <= 0) {
1582  /* If we didn't get a plen (-1) or client plen is 0, then just
1583  * select first available (same as PLM_INGORE) */
1584  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1585  } else {
1586  switch (prefix_length_mode) {
1587  case PLM_PREFER:
1588  /* First we look for an exact match, if not found
1589  * then first available */
1590  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1591  if (result != ISC_R_SUCCESS) {
1592  result = pick_v6_prefix_helper(reply,
1593  PLM_IGNORE);
1594  }
1595  break;
1596 
1597  case PLM_EXACT:
1598  /* Match exactly or fail */
1599  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1600  break;
1601 
1602  case PLM_MINIMUM:
1603  case PLM_MAXIMUM:
1604  /* First we look for an exact match, if not found
1605  * then first available by mode */
1606  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1607  if (result != ISC_R_SUCCESS) {
1608  result = pick_v6_prefix_helper(reply,
1610  }
1611  break;
1612 
1613  default:
1614  /* First available */
1615  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1616  break;
1617  }
1618  }
1619 
1620  if (result == ISC_R_SUCCESS) {
1621  char tmp_buf[INET6_ADDRSTRLEN];
1622 
1623  log_debug("Picking pool prefix %s/%u",
1624  inet_ntop(AF_INET6, &(reply->lease->addr),
1625  tmp_buf, sizeof(tmp_buf)),
1626  (unsigned)(reply->lease->plen));
1627  return (ISC_R_SUCCESS);
1628  }
1629 
1630  /*
1631  * If we failed to pick an IPv6 prefix
1632  * Presumably that means we have no prefixes for the client.
1633  */
1634  log_debug("Unable to pick client prefix: no prefixes available");
1635  return ISC_R_NORESOURCES;
1636 }
1637 
1661 isc_result_t
1662 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1663  struct ipv6_pool *p = NULL;
1664  struct ipv6_pond *pond;
1665  int i;
1666  unsigned int attempts;
1667  struct iasubopt **pref = &reply->lease;
1668 
1669  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1670  if (((pond->prohibit_list != NULL) &&
1671  (permitted(reply->packet, pond->prohibit_list))) ||
1672  ((pond->permit_list != NULL) &&
1673  (!permitted(reply->packet, pond->permit_list))))
1674  continue;
1675 
1676  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1677  if ((p->pool_type == D6O_IA_PD) &&
1678  (eval_prefix_mode(p->units, reply->preflen,
1679  prefix_mode) == 1) &&
1680  (create_prefix6(p, pref, &attempts,
1681  &reply->ia->iaid_duid,
1682  cur_time + 120) == ISC_R_SUCCESS)) {
1683  return (ISC_R_SUCCESS);
1684  }
1685  }
1686  }
1687 
1688  return ISC_R_NORESOURCES;
1689 }
1690 
1705 int
1706 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1707  int use_it = 1;
1708  switch (prefix_mode) {
1709  case PLM_EXACT:
1710  use_it = (len == preflen);
1711  break;
1712  case PLM_MINIMUM:
1713  /* they asked for a prefix length no "shorter" than preflen */
1714  use_it = (len >= preflen);
1715  break;
1716  case PLM_MAXIMUM:
1717  /* they asked for a prefix length no "longer" than preflen */
1718  use_it = (len <= preflen);
1719  break;
1720  default:
1721  /* otherwise use it */
1722  break;
1723  }
1724 
1725  return (use_it);
1726 }
1727 
1728 /*
1729  *! \file server/dhcpv6.c
1730  *
1731  * \brief construct a reply containing information about a client's lease
1732  *
1733  * lease_to_client() is called from several messages to construct a
1734  * reply that contains all that we know about the client's correct lease
1735  * (or projected lease).
1736  *
1737  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1738  * send what we "may" give them on a request.
1739  *
1740  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1741  * the client should really use).
1742  *
1743  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1744  * Rebind out any "wrong" addresses the client sends. This means we send
1745  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1746  * possibly send the address with zeroed lifetimes.
1747  *
1748  * Information-Request - No binding.
1749  *
1750  * The basic structure is to traverse the client-supplied data first, and
1751  * validate and echo back any contents that can be. If the client-supplied
1752  * data does not error out (on renew/rebind as above), but we did not send
1753  * any addresses, attempt to allocate one.
1754  *
1755  * At the end of the this function we call commit_leases_timed() to
1756  * fsync and rotate the file as necessary. commit_leases_timed() will
1757  * check that we have written at least one lease to the file and that
1758  * some time has passed before doing any fsync or file rewrite so we
1759  * don't bother tracking if we did a write_ia during this function.
1760  */
1761 /* TODO: look at client hints for lease times */
1762 
1763 static void
1764 lease_to_client(struct data_string *reply_ret,
1765  struct packet *packet,
1766  const struct data_string *client_id,
1767  const struct data_string *server_id)
1768 {
1769  static struct reply_state reply;
1770  struct option_cache *oc;
1771  struct data_string packet_oro;
1772  int i;
1773 
1774  memset(&packet_oro, 0, sizeof(packet_oro));
1775 
1776  /* Locate the client. */
1777  if (shared_network_from_packet6(&reply.shared,
1778  packet) != ISC_R_SUCCESS)
1779  goto exit;
1780 
1781  /*
1782  * Initialize the reply.
1783  */
1784  packet_reference(&reply.packet, packet, MDL);
1785  data_string_copy(&reply.client_id, client_id, MDL);
1786 
1787  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1788  &reply.buf.reply))
1789  goto exit;
1790 
1791  /* Set the write cursor to just past the reply header. */
1792  reply.cursor = REPLY_OPTIONS_INDEX;
1793 
1794  /*
1795  * Get the ORO from the packet, if any.
1796  */
1798  if (oc != NULL) {
1799  if (!evaluate_option_cache(&packet_oro, packet,
1800  NULL, NULL,
1801  packet->options, NULL,
1802  &global_scope, oc, MDL)) {
1803  log_error("lease_to_client: error evaluating ORO.");
1804  goto exit;
1805  }
1806  }
1807 
1808  /*
1809  * Find a host record that matches the packet, if any, and is
1810  * valid for the shared network the client is on.
1811  */
1812  if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1813  packet->known = 1;
1814  seek_shared_host(&reply.host, reply.shared);
1815  }
1816 
1817  /* Process the client supplied IA's onto the reply buffer. */
1818  reply.ia_count = 0;
1820 
1821  for (; oc != NULL ; oc = oc->next) {
1822  isc_result_t status;
1823 
1824  /* Start counting resources (addresses) offered. */
1825  reply.client_resources = 0;
1826  reply.resources_included = ISC_FALSE;
1827 
1828  status = reply_process_ia_na(&reply, oc);
1829 
1830  /*
1831  * We continue to try other IA's whether we can address
1832  * this one or not. Any other result is an immediate fail.
1833  */
1834  if ((status != ISC_R_SUCCESS) &&
1835  (status != ISC_R_NORESOURCES))
1836  goto exit;
1837  }
1839  for (; oc != NULL ; oc = oc->next) {
1840  isc_result_t status;
1841 
1842  /* Start counting resources (addresses) offered. */
1843  reply.client_resources = 0;
1844  reply.resources_included = ISC_FALSE;
1845 
1846  status = reply_process_ia_ta(&reply, oc);
1847 
1848  /*
1849  * We continue to try other IA's whether we can address
1850  * this one or not. Any other result is an immediate fail.
1851  */
1852  if ((status != ISC_R_SUCCESS) &&
1853  (status != ISC_R_NORESOURCES))
1854  goto exit;
1855  }
1856 
1857  /* Same for IA_PD's. */
1858  reply.pd_count = 0;
1860  for (; oc != NULL ; oc = oc->next) {
1861  isc_result_t status;
1862 
1863  /* Start counting resources (prefixes) offered. */
1864  reply.client_resources = 0;
1865  reply.resources_included = ISC_FALSE;
1866 
1867  status = reply_process_ia_pd(&reply, oc);
1868 
1869  /*
1870  * We continue to try other IA_PD's whether we can address
1871  * this one or not. Any other result is an immediate fail.
1872  */
1873  if ((status != ISC_R_SUCCESS) &&
1874  (status != ISC_R_NORESOURCES))
1875  goto exit;
1876  }
1877 
1878  /*
1879  * Make no reply if we gave no resources and is not
1880  * for Information-Request.
1881  */
1882  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1883  if (reply.packet->dhcpv6_msg_type !=
1885  goto exit;
1886 
1887  /*
1888  * Because we only execute statements on a per-IA basis,
1889  * we need to execute statements in any non-IA reply to
1890  * source configuration.
1891  */
1892  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1893  reply.packet->options,
1894  reply.opt_state, &global_scope,
1895  reply.shared->group, root_group,
1896  NULL);
1897 
1898  /* Execute statements from class scopes. */
1899  for (i = reply.packet->class_count; i > 0; i--) {
1900  execute_statements_in_scope(NULL, reply.packet,
1901  NULL, NULL,
1902  reply.packet->options,
1903  reply.opt_state,
1904  &global_scope,
1905  reply.packet->classes[i - 1]->group,
1906  reply.shared->group, NULL);
1907  }
1908 
1909  /* Bring in any configuration from a host record. */
1910  if (reply.host != NULL)
1911  execute_statements_in_scope(NULL, reply.packet,
1912  NULL, NULL,
1913  reply.packet->options,
1914  reply.opt_state,
1915  &global_scope,
1916  reply.host->group,
1917  reply.shared->group, NULL);
1918  }
1919 
1920  /*
1921  * RFC3315 section 17.2.2 (Solicit):
1922  *
1923  * If the server will not assign any addresses to any IAs in a
1924  * subsequent Request from the client, the server MUST send an
1925  * Advertise message to the client that includes only a Status
1926  * Code option with code NoAddrsAvail and a status message for
1927  * the user, a Server Identifier option with the server's DUID,
1928  * and a Client Identifier option with the client's DUID.
1929  *
1930  * This has been updated by an errata such that the server
1931  * can always send an IA.
1932  *
1933  * Section 18.2.1 (Request):
1934  *
1935  * If the server cannot assign any addresses to an IA in the
1936  * message from the client, the server MUST include the IA in
1937  * the Reply message with no addresses in the IA and a Status
1938  * Code option in the IA containing status code NoAddrsAvail.
1939  *
1940  * Section 18.1.8 (Client Behavior):
1941  *
1942  * Leave unchanged any information about addresses the client has
1943  * recorded in the IA but that were not included in the IA from
1944  * the server.
1945  * Sends a Renew/Rebind if the IA is not in the Reply message.
1946  */
1947 
1948  /*
1949  * Having stored the client's IA's, store any options that
1950  * will fit in the remaining space.
1951  */
1952  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1953  sizeof(reply.buf) - reply.cursor,
1954  reply.opt_state, reply.packet,
1955  required_opts_solicit,
1956  &packet_oro);
1957 
1958  /* Return our reply to the caller. */
1959  reply_ret->len = reply.cursor;
1960  reply_ret->buffer = NULL;
1961  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1962  log_fatal("No memory to store Reply.");
1963  }
1964  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1965  reply_ret->data = reply_ret->buffer->data;
1966 
1967  /* If appropriate commit and rotate the lease file */
1968  (void) commit_leases_timed();
1969 
1970  exit:
1971  /* Cleanup. */
1972  if (reply.shared != NULL)
1973  shared_network_dereference(&reply.shared, MDL);
1974  if (reply.host != NULL)
1975  host_dereference(&reply.host, MDL);
1976  if (reply.opt_state != NULL)
1977  option_state_dereference(&reply.opt_state, MDL);
1978  if (reply.packet != NULL)
1979  packet_dereference(&reply.packet, MDL);
1980  if (reply.client_id.data != NULL)
1981  data_string_forget(&reply.client_id, MDL);
1982  if (packet_oro.buffer != NULL)
1983  data_string_forget(&packet_oro, MDL);
1984  reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1985  reply.cursor = 0;
1986 }
1987 
1988 /* Process a client-supplied IA_NA. This may append options to the tail of
1989  * the reply packet being built in the reply_state structure.
1990  */
1991 static isc_result_t
1992 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1993  isc_result_t status = ISC_R_SUCCESS;
1994  u_int32_t iaid;
1995  unsigned ia_cursor;
1996  struct option_state *packet_ia;
1997  struct option_cache *oc;
1998  struct data_string ia_data, data;
1999 
2000  /* Initialize values that will get cleaned up on return. */
2001  packet_ia = NULL;
2002  memset(&ia_data, 0, sizeof(ia_data));
2003  memset(&data, 0, sizeof(data));
2004  /*
2005  * Note that find_client_address() may set reply->lease.
2006  */
2007 
2008  /* Make sure there is at least room for the header. */
2009  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
2010  log_error("reply_process_ia_na: Reply too long for IA.");
2011  return ISC_R_NOSPACE;
2012  }
2013 
2014 
2015  /* Fetch the IA_NA contents. */
2016  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2017  ia, IA_NA_OFFSET)) {
2018  log_error("reply_process_ia_na: error evaluating ia");
2019  status = ISC_R_FAILURE;
2020  goto cleanup;
2021  }
2022 
2023  /* Extract IA_NA header contents. */
2024  iaid = getULong(ia_data.data);
2025  reply->renew = getULong(ia_data.data + 4);
2026  reply->rebind = getULong(ia_data.data + 8);
2027 
2028  /* Create an IA_NA structure. */
2029  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2030  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2031  log_error("reply_process_ia_na: no memory for ia.");
2032  status = ISC_R_NOMEMORY;
2033  goto cleanup;
2034  }
2035  reply->ia->ia_type = D6O_IA_NA;
2036 
2037  /* Cache pre-existing IA, if any. */
2038  ia_hash_lookup(&reply->old_ia, ia_na_active,
2039  (unsigned char *)reply->ia->iaid_duid.data,
2040  reply->ia->iaid_duid.len, MDL);
2041 
2042  /*
2043  * Create an option cache to carry the IA_NA option contents, and
2044  * execute any user-supplied values into it.
2045  */
2046  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2047  status = ISC_R_NOMEMORY;
2048  goto cleanup;
2049  }
2050 
2051  /* Check & cache the fixed host record. */
2052  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2053  struct iaddr tmp_addr;
2054 
2055  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2056  NULL, NULL, &global_scope,
2057  reply->host->fixed_addr, MDL)) {
2058  log_error("reply_process_ia_na: unable to evaluate "
2059  "fixed address.");
2060  status = ISC_R_FAILURE;
2061  goto cleanup;
2062  }
2063 
2064  if (reply->fixed.len < 16) {
2065  log_error("reply_process_ia_na: invalid fixed address.");
2066  status = DHCP_R_INVALIDARG;
2067  goto cleanup;
2068  }
2069 
2070  /* Find the static lease's subnet. */
2071  tmp_addr.len = 16;
2072  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2073 
2074  if (find_grouped_subnet(&reply->subnet, reply->shared,
2075  tmp_addr, MDL) == 0)
2076  log_fatal("Impossible condition at %s:%d.", MDL);
2077 
2078  reply->static_lease = ISC_TRUE;
2079  } else
2080  reply->static_lease = ISC_FALSE;
2081 
2082  /*
2083  * Save the cursor position at the start of the IA, so we can
2084  * set length and adjust t1/t2 values later. We write a temporary
2085  * header out now just in case we decide to adjust the packet
2086  * within sub-process functions.
2087  */
2088  ia_cursor = reply->cursor;
2089 
2090  /* Initialize the IA_NA header. First the code. */
2091  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2092  reply->cursor += 2;
2093 
2094  /* Then option length. */
2095  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2096  reply->cursor += 2;
2097 
2098  /* Then IA_NA header contents; IAID. */
2099  putULong(reply->buf.data + reply->cursor, iaid);
2100  reply->cursor += 4;
2101 
2102  /* We store the client's t1 for now, and may over-ride it later. */
2103  putULong(reply->buf.data + reply->cursor, reply->renew);
2104  reply->cursor += 4;
2105 
2106  /* We store the client's t2 for now, and may over-ride it later. */
2107  putULong(reply->buf.data + reply->cursor, reply->rebind);
2108  reply->cursor += 4;
2109 
2110  /*
2111  * For each address in this IA_NA, decide what to do about it.
2112  *
2113  * Guidelines:
2114  *
2115  * The client leaves unchanged any information about addresses
2116  * it has recorded but are not included ("cancel/break" below).
2117  * A not included IA ("cleanup" below) could give a Renew/Rebind.
2118  */
2119  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2120  reply->min_valid = reply->min_prefer = INFINITE_TIME;
2121  reply->client_valid = reply->client_prefer = 0;
2122  for (; oc != NULL ; oc = oc->next) {
2123  status = reply_process_addr(reply, oc);
2124 
2125  /*
2126  * Canceled means we did not allocate addresses to the
2127  * client, but we're "done" with this IA - we set a status
2128  * code. So transmit this reply, e.g., move on to the next
2129  * IA.
2130  */
2131  if (status == ISC_R_CANCELED)
2132  break;
2133 
2134  if ((status != ISC_R_SUCCESS) &&
2135  (status != ISC_R_ADDRINUSE) &&
2136  (status != ISC_R_ADDRNOTAVAIL))
2137  goto cleanup;
2138  }
2139 
2140  reply->ia_count++;
2141 
2142  /*
2143  * If we fell through the above and never gave the client
2144  * an address, give it one now.
2145  */
2146  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2147  status = find_client_address(reply);
2148 
2149  if (status == ISC_R_NORESOURCES) {
2150  switch (reply->packet->dhcpv6_msg_type) {
2151  case DHCPV6_SOLICIT:
2152  /*
2153  * No address for any IA is handled
2154  * by the caller.
2155  */
2156  /* FALL THROUGH */
2157 
2158  case DHCPV6_REQUEST:
2159  /* Section 18.2.1 (Request):
2160  *
2161  * If the server cannot assign any addresses to
2162  * an IA in the message from the client, the
2163  * server MUST include the IA in the Reply
2164  * message with no addresses in the IA and a
2165  * Status Code option in the IA containing
2166  * status code NoAddrsAvail.
2167  */
2168  option_state_dereference(&reply->reply_ia, MDL);
2169  if (!option_state_allocate(&reply->reply_ia,
2170  MDL))
2171  {
2172  log_error("reply_process_ia_na: No "
2173  "memory for option state "
2174  "wipe.");
2175  status = ISC_R_NOMEMORY;
2176  goto cleanup;
2177  }
2178 
2179  if (!set_status_code(STATUS_NoAddrsAvail,
2180  "No addresses available "
2181  "for this interface.",
2182  reply->reply_ia)) {
2183  log_error("reply_process_ia_na: Unable "
2184  "to set NoAddrsAvail status "
2185  "code.");
2186  status = ISC_R_FAILURE;
2187  goto cleanup;
2188  }
2189 
2190  status = ISC_R_SUCCESS;
2191  break;
2192 
2193  default:
2194  /*
2195  * RFC 3315 does not tell us to emit a status
2196  * code in this condition, or anything else.
2197  *
2198  * If we included non-allocated addresses
2199  * (zeroed lifetimes) in an IA, then the client
2200  * will deconfigure them.
2201  *
2202  * So we want to include the IA even if we
2203  * can't give it a new address if it includes
2204  * zeroed lifetime addresses.
2205  *
2206  * We don't want to include the IA if we
2207  * provide zero addresses including zeroed
2208  * lifetimes.
2209  */
2210  if (reply->resources_included)
2211  status = ISC_R_SUCCESS;
2212  else
2213  goto cleanup;
2214  break;
2215  }
2216  }
2217 
2218  if (status != ISC_R_SUCCESS)
2219  goto cleanup;
2220  }
2221 
2222  /*
2223  * yes, goto's aren't the best but we also want to avoid extra
2224  * indents
2225  */
2226  if (status == ISC_R_CANCELED) {
2227  /* We're replying with a status code so we still need to
2228  * write it out in wire-format to the outbound buffer */
2229  write_to_packet(reply, ia_cursor);
2230  goto cleanup;
2231  }
2232 
2233  /*
2234  * Handle static leases, we always log stuff and if it's
2235  * a hard binding we run any commit statements that we have
2236  */
2237  if (reply->static_lease) {
2238  char tmp_addr[INET6_ADDRSTRLEN];
2239  log_info("%s NA: address %s to client with duid %s iaid = %d "
2240  "static",
2241  dhcpv6_type_names[reply->buf.reply.msg_type],
2242  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2243  sizeof(tmp_addr)),
2244  print_hex_1(reply->client_id.len,
2245  reply->client_id.data, 60),
2246  iaid);
2247 
2248  /* Write the lease out in wire-format to the outbound buffer */
2249  write_to_packet(reply, ia_cursor);
2250 #ifdef NSUPDATE
2251  /* Performs DDNS updates if we're configured to do them */
2252  ddns_update_static6(reply);
2253 #endif
2254  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2255  (reply->on_star.on_commit != NULL)) {
2256  execute_statements(NULL, reply->packet, NULL, NULL,
2257  reply->packet->options,
2258  reply->opt_state, NULL,
2259  reply->on_star.on_commit, NULL);
2261  (&reply->on_star.on_commit, MDL);
2262  }
2263  goto cleanup;
2264  }
2265 
2266  /*
2267  * If we have any addresses log what we are doing.
2268  */
2269  if (reply->ia->num_iasubopt != 0) {
2270  struct iasubopt *tmp;
2271  int i;
2272  char tmp_addr[INET6_ADDRSTRLEN];
2273 
2274  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2275  tmp = reply->ia->iasubopt[i];
2276 
2277  log_info("%s NA: address %s to client with duid %s "
2278  "iaid = %d valid for %u seconds",
2279  dhcpv6_type_names[reply->buf.reply.msg_type],
2280  inet_ntop(AF_INET6, &tmp->addr,
2281  tmp_addr, sizeof(tmp_addr)),
2282  print_hex_1(reply->client_id.len,
2283  reply->client_id.data, 60),
2284  iaid, tmp->valid);
2285  }
2286  }
2287 
2288  /*
2289  * If this is not a 'soft' binding, consume the new changes into
2290  * the database (if any have been attached to the ia_na).
2291  *
2292  * Loop through the assigned dynamic addresses, referencing the
2293  * leases onto this IA_NA rather than any old ones, and updating
2294  * pool timers for each (if any).
2295  *
2296  * Note that we must do ddns_updates() before we test for lease
2297  * reuse (so we'll know if DNS entries are different). To ensure
2298  * we don't break any configs, we run on_commit statements before
2299  * we do ddns_updates() just in case the former affects the later.
2300  * This is symetrical with v4 logic. We always run on_commit and
2301  * ddns_udpates() whether a lease is reused or renewed.
2302  */
2303  if ((reply->ia->num_iasubopt != 0) &&
2304  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2305  int must_commit = 0;
2306  struct iasubopt *tmp;
2307  struct data_string *ia_id;
2308  int i;
2309 
2310  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2311  tmp = reply->ia->iasubopt[i];
2312  if (tmp->ia != NULL) {
2313  ia_dereference(&tmp->ia, MDL);
2314  }
2315 
2316  ia_reference(&tmp->ia, reply->ia, MDL);
2317 
2318  /* If we have anything to do on commit do it now */
2319  if (tmp->on_star.on_commit != NULL) {
2320  execute_statements(NULL, reply->packet,
2321  NULL, NULL,
2322  reply->packet->options,
2323  reply->opt_state,
2324  &tmp->scope,
2325  tmp->on_star.on_commit,
2326  &tmp->on_star);
2328  (&tmp->on_star.on_commit, MDL);
2329  }
2330 
2331 #if defined (NSUPDATE)
2332 
2333  /* Perform ddns updates */
2334  oc = lookup_option(&server_universe, reply->opt_state,
2335  SV_DDNS_UPDATES);
2336  if ((oc == NULL) ||
2337  evaluate_boolean_option_cache(NULL, reply->packet,
2338  NULL, NULL,
2339  reply->packet->options,
2340  reply->opt_state,
2341  &tmp->scope,
2342  oc, MDL)) {
2343  ddns_updates(reply->packet, NULL, NULL,
2344  tmp, NULL, reply->opt_state);
2345  }
2346 #endif
2347  if (!reuse_lease6(reply, tmp)) {
2348  /* Commit 'hard' bindings. */
2349  must_commit = 1;
2350  renew_lease6(tmp->ipv6_pool, tmp);
2352 
2353  /* Do our threshold check. */
2354  check_pool6_threshold(reply, tmp);
2355  }
2356  }
2357 
2358  /* write the IA_NA in wire-format to the outbound buffer */
2359  write_to_packet(reply, ia_cursor);
2360 
2361  /* Remove any old ia from the hash. */
2362  if (reply->old_ia != NULL) {
2363  if (!release_on_roam(reply)) {
2364  ia_id = &reply->old_ia->iaid_duid;
2365  ia_hash_delete(ia_na_active,
2366  (unsigned char *)ia_id->data,
2367  ia_id->len, MDL);
2368  }
2369 
2370  ia_dereference(&reply->old_ia, MDL);
2371  }
2372 
2373  /* Put new ia into the hash. */
2374  reply->ia->cltt = cur_time;
2375  ia_id = &reply->ia->iaid_duid;
2376  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2377  ia_id->len, reply->ia, MDL);
2378 
2379  /* If we couldn't reuse all of the iasubopts, we
2380  * must update udpate the lease db */
2381  if (must_commit) {
2382  write_ia(reply->ia);
2383  }
2384  } else {
2385  /* write the IA_NA in wire-format to the outbound buffer */
2386  write_to_packet(reply, ia_cursor);
2387  schedule_lease_timeout_reply(reply);
2388  }
2389 
2390  cleanup:
2391  if (packet_ia != NULL)
2392  option_state_dereference(&packet_ia, MDL);
2393  if (reply->reply_ia != NULL)
2394  option_state_dereference(&reply->reply_ia, MDL);
2395  if (ia_data.data != NULL)
2396  data_string_forget(&ia_data, MDL);
2397  if (data.data != NULL)
2399  if (reply->ia != NULL)
2400  ia_dereference(&reply->ia, MDL);
2401  if (reply->old_ia != NULL)
2402  ia_dereference(&reply->old_ia, MDL);
2403  if (reply->lease != NULL)
2404  iasubopt_dereference(&reply->lease, MDL);
2405  if (reply->fixed.data != NULL)
2406  data_string_forget(&reply->fixed, MDL);
2407  if (reply->subnet != NULL)
2408  subnet_dereference(&reply->subnet, MDL);
2409  if (reply->on_star.on_expiry != NULL)
2411  (&reply->on_star.on_expiry, MDL);
2412  if (reply->on_star.on_release != NULL)
2414  (&reply->on_star.on_release, MDL);
2415 
2416  /*
2417  * ISC_R_CANCELED is a status code used by the addr processing to
2418  * indicate we're replying with a status code. This is still a
2419  * success at higher layers.
2420  */
2421  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2422 }
2423 
2424 /*
2425  * Writes the populated IA_xx in wire format to the reply buffer
2426  */
2427 void
2428 write_to_packet(struct reply_state *reply, unsigned ia_cursor) {
2429  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2430  sizeof(reply->buf) - reply->cursor,
2431  reply->reply_ia, reply->packet,
2432  (reply->ia->ia_type != D6O_IA_PD ?
2433  required_opts_IA : required_opts_IA_PD),
2434  NULL);
2435 
2436  /* Reset the length of this IA to match what was just written. */
2437  putUShort(reply->buf.data + ia_cursor + 2,
2438  reply->cursor - (ia_cursor + 4));
2439 
2440  if (reply->ia->ia_type != D6O_IA_TA) {
2441  /* Calculate T1/T2 and stuff them in the reply */
2442  set_reply_tee_times(reply, ia_cursor);
2443  }
2444 }
2445 
2446 /*
2447  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2448  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2449  * in the event we are replying with a status code and do not wish to process
2450  * more IAADDRs within this IA.
2451  */
2452 static isc_result_t
2453 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2454  u_int32_t pref_life, valid_life;
2455  struct binding_scope **scope;
2456  struct group *group;
2457  struct subnet *subnet;
2458  struct iaddr tmp_addr;
2459  struct option_cache *oc;
2460  struct data_string iaaddr, data;
2461  isc_result_t status = ISC_R_SUCCESS;
2462 #ifdef EUI_64
2463  int invalid_for_eui_64 = 0;
2464 #endif
2465 
2466  /* Initializes values that will be cleaned up. */
2467  memset(&iaaddr, 0, sizeof(iaaddr));
2468  memset(&data, 0, sizeof(data));
2469  /* Note that reply->lease may be set by address_is_owned() */
2470 
2471  /*
2472  * There is no point trying to process an incoming address if there
2473  * is no room for an outgoing address.
2474  */
2475  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2476  log_error("reply_process_addr: Out of room for address.");
2477  return ISC_R_NOSPACE;
2478  }
2479 
2480  /* Extract this IAADDR option. */
2481  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2482  reply->packet->options, NULL, &global_scope,
2483  addr, MDL) ||
2484  (iaaddr.len < IAADDR_OFFSET)) {
2485  log_error("reply_process_addr: error evaluating IAADDR.");
2486  status = ISC_R_FAILURE;
2487  goto cleanup;
2488  }
2489 
2490  /* The first 16 bytes are the IPv6 address. */
2491  pref_life = getULong(iaaddr.data + 16);
2492  valid_life = getULong(iaaddr.data + 20);
2493 
2494  if ((reply->client_valid == 0) ||
2495  (reply->client_valid > valid_life))
2496  reply->client_valid = valid_life;
2497 
2498  if ((reply->client_prefer == 0) ||
2499  (reply->client_prefer > pref_life))
2500  reply->client_prefer = pref_life;
2501 
2502  /*
2503  * Clients may choose to send :: as an address, with the idea to give
2504  * hints about preferred-lifetime or valid-lifetime.
2505  */
2506  tmp_addr.len = 16;
2507  memset(tmp_addr.iabuf, 0, 16);
2508  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2509  /* Status remains success; we just ignore this one. */
2510  goto cleanup;
2511  }
2512 
2513  /* tmp_addr len remains 16 */
2514  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2515 
2516  /*
2517  * Verify that this address is on the client's network.
2518  */
2519  for (subnet = reply->shared->subnets ; subnet != NULL ;
2520  subnet = subnet->next_sibling) {
2521  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2522  subnet->net))
2523  break;
2524  }
2525 
2526 #ifdef EUI_64
2527  if (subnet) {
2528  /* If the requested address falls into an EUI-64 pool, then
2529  * we need to verify if it has EUI-64 duid AND the requested
2530  * address is correct for that duid. If not we treat it just
2531  * like an not-on-link request. */
2532  struct ipv6_pool* pool = NULL;
2533  struct in6_addr* addr = (struct in6_addr*)(iaaddr.data);
2534  if ((find_ipv6_pool(&pool, D6O_IA_NA, addr) == ISC_R_SUCCESS)
2535  && (pool->ipv6_pond->use_eui_64) &&
2536  (!valid_for_eui_64_pool(pool, &reply->client_id, 0, addr))) {
2537  log_debug ("Requested address: %s,"
2538  " not valid for EUI-64 pool",
2539  pin6_addr(addr));
2540  invalid_for_eui_64 = 1;
2541  }
2542  }
2543 #endif
2544 
2545  /* Address not found on shared network. */
2546 #ifdef EUI_64
2547  if ((subnet == NULL) || invalid_for_eui_64) {
2548 #else
2549  if (subnet == NULL) {
2550 #endif
2551  /* Ignore this address on 'soft' bindings. */
2552  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2553  /* disable rapid commit */
2554  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2556  reply->opt_state,
2558  /* status remains success */
2559  goto cleanup;
2560  }
2561 
2562  /*
2563  * RFC3315 section 18.2.1:
2564  *
2565  * If the server finds that the prefix on one or more IP
2566  * addresses in any IA in the message from the client is not
2567  * appropriate for the link to which the client is connected,
2568  * the server MUST return the IA to the client with a Status
2569  * Code option with the value NotOnLink.
2570  */
2571  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2572  /* Rewind the IA_NA to empty. */
2573  option_state_dereference(&reply->reply_ia, MDL);
2574  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2575  log_error("reply_process_addr: No memory for "
2576  "option state wipe.");
2577  status = ISC_R_NOMEMORY;
2578  goto cleanup;
2579  }
2580 
2581  /* Append a NotOnLink status code. */
2582  if (!set_status_code(STATUS_NotOnLink,
2583  "Address not for use on this "
2584  "link.", reply->reply_ia)) {
2585  log_error("reply_process_addr: Failure "
2586  "setting status code.");
2587  status = ISC_R_FAILURE;
2588  goto cleanup;
2589  }
2590 
2591  /* Fin (no more IAADDRs). */
2592  status = ISC_R_CANCELED;
2593  goto cleanup;
2594  }
2595 
2596  /*
2597  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2598  *
2599  * If the server finds that any of the addresses are not
2600  * appropriate for the link to which the client is attached,
2601  * the server returns the address to the client with lifetimes
2602  * of 0.
2603  */
2604  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2605  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2606  log_error("It is impossible to lease a client that is "
2607  "not sending a solicit, request, renew, or "
2608  "rebind.");
2609  status = ISC_R_FAILURE;
2610  goto cleanup;
2611  }
2612 
2613  reply->send_prefer = reply->send_valid = 0;
2614  goto send_addr;
2615  }
2616 
2617 
2618  /* Verify the address belongs to the client. */
2619  if (!address_is_owned(reply, &tmp_addr)) {
2620  /*
2621  * For solicit and request, any addresses included are
2622  * 'requested' addresses. For rebind, we actually have
2623  * no direction on what to do from 3315 section 18.2.4!
2624  * So I think the best bet is to try and give it out, and if
2625  * we can't, zero lifetimes.
2626  */
2627  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2628  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2629  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2630  status = reply_process_try_addr(reply, &tmp_addr);
2631 
2632  /*
2633  * If the address is in use, or isn't in any dynamic
2634  * range, continue as normal. If any other error was
2635  * found, error out.
2636  */
2637  if ((status != ISC_R_SUCCESS) &&
2638  (status != ISC_R_ADDRINUSE) &&
2639  (status != ISC_R_ADDRNOTAVAIL))
2640  goto cleanup;
2641 
2642  /*
2643  * If we didn't honor this lease, for solicit and
2644  * request we simply omit it from our answer. For
2645  * rebind, we send it with zeroed lifetimes.
2646  */
2647  if (reply->lease == NULL) {
2648  if (reply->packet->dhcpv6_msg_type ==
2649  DHCPV6_REBIND) {
2650  reply->send_prefer = 0;
2651  reply->send_valid = 0;
2652  goto send_addr;
2653  }
2654 
2655  /* status remains success - ignore */
2656  goto cleanup;
2657  }
2658  /*
2659  * RFC3315 section 18.2.3:
2660  *
2661  * If the server cannot find a client entry for the IA the
2662  * server returns the IA containing no addresses with a Status
2663  * Code option set to NoBinding in the Reply message.
2664  *
2665  * On mismatch we (ab)use this pretending we have not the IA
2666  * as soon as we have not an address.
2667  */
2668  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2669  /* Rewind the IA_NA to empty. */
2670  option_state_dereference(&reply->reply_ia, MDL);
2671  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2672  log_error("reply_process_addr: No memory for "
2673  "option state wipe.");
2674  status = ISC_R_NOMEMORY;
2675  goto cleanup;
2676  }
2677 
2678  /* Append a NoBinding status code. */
2679  if (!set_status_code(STATUS_NoBinding,
2680  "Address not bound to this "
2681  "interface.", reply->reply_ia)) {
2682  log_error("reply_process_addr: Unable to "
2683  "attach status code.");
2684  status = ISC_R_FAILURE;
2685  goto cleanup;
2686  }
2687 
2688  /* Fin (no more IAADDRs). */
2689  status = ISC_R_CANCELED;
2690  goto cleanup;
2691  } else {
2692  log_error("It is impossible to lease a client that is "
2693  "not sending a solicit, request, renew, or "
2694  "rebind message.");
2695  status = ISC_R_FAILURE;
2696  goto cleanup;
2697  }
2698  }
2699 
2700  if (reply->static_lease) {
2701  if (reply->host == NULL)
2702  log_fatal("Impossible condition at %s:%d.", MDL);
2703 
2704  scope = &global_scope;
2705  group = reply->subnet->group;
2706  } else {
2707  if (reply->lease == NULL)
2708  log_fatal("Impossible condition at %s:%d.", MDL);
2709 
2710  scope = &reply->lease->scope;
2711  group = reply->lease->ipv6_pool->ipv6_pond->group;
2712  }
2713 
2714  /*
2715  * If client_resources is nonzero, then the reply_process_is_addressed
2716  * function has executed configuration state into the reply option
2717  * cache. We will use that valid cache to derive configuration for
2718  * whether or not to engage in additional addresses, and similar.
2719  */
2720  if (reply->client_resources != 0) {
2721  unsigned limit = 1;
2722 
2723  /*
2724  * Does this client have "enough" addresses already? Default
2725  * to one. Everybody gets one, and one should be enough for
2726  * anybody.
2727  */
2728  oc = lookup_option(&server_universe, reply->opt_state,
2730  if (oc != NULL) {
2731  if (!evaluate_option_cache(&data, reply->packet,
2732  NULL, NULL,
2733  reply->packet->options,
2734  reply->opt_state,
2735  scope, oc, MDL) ||
2736  (data.len != 4)) {
2737  log_error("reply_process_addr: unable to "
2738  "evaluate addrs-per-ia value.");
2739  status = ISC_R_FAILURE;
2740  goto cleanup;
2741  }
2742 
2743  limit = getULong(data.data);
2744  data_string_forget(&data, MDL);
2745  }
2746 
2747  /*
2748  * If we wish to limit the client to a certain number of
2749  * addresses, then omit the address from the reply.
2750  */
2751  if (reply->client_resources >= limit)
2752  goto cleanup;
2753  }
2754 
2755  status = reply_process_is_addressed(reply, scope, group);
2756  if (status != ISC_R_SUCCESS)
2757  goto cleanup;
2758 
2759  send_addr:
2760  status = reply_process_send_addr(reply, &tmp_addr);
2761 
2762  cleanup:
2763  if (iaaddr.data != NULL)
2764  data_string_forget(&iaaddr, MDL);
2765  if (data.data != NULL)
2766  data_string_forget(&data, MDL);
2767  if (reply->lease != NULL)
2768  iasubopt_dereference(&reply->lease, MDL);
2769 
2770  return status;
2771 }
2772 
2773 /*
2774  * Verify the address belongs to the client. If we've got a host
2775  * record with a fixed address, it has to be the assigned address
2776  * (fault out all else). Otherwise it's a dynamic address, so lookup
2777  * that address and make sure it belongs to this DUID:IAID pair.
2778  */
2779 static isc_boolean_t
2780 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2781  int i;
2782  struct ipv6_pond *pond;
2783 
2784  /*
2785  * This faults out addresses that don't match fixed addresses.
2786  */
2787  if (reply->static_lease) {
2788  if (reply->fixed.data == NULL)
2789  log_fatal("Impossible condition at %s:%d.", MDL);
2790 
2791  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2792  return (ISC_TRUE);
2793 
2794  return (ISC_FALSE);
2795  }
2796 
2797  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2798  return (ISC_FALSE);
2799 
2800  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2801  struct iasubopt *tmp;
2802 
2803  tmp = reply->old_ia->iasubopt[i];
2804 
2805  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2806  if (lease6_usable(tmp) == ISC_FALSE) {
2807  return (ISC_FALSE);
2808  }
2809 
2810  pond = tmp->ipv6_pool->ipv6_pond;
2811  if (((pond->prohibit_list != NULL) &&
2812  (permitted(reply->packet, pond->prohibit_list))) ||
2813  ((pond->permit_list != NULL) &&
2814  (!permitted(reply->packet, pond->permit_list))))
2815  return (ISC_FALSE);
2816 
2817  iasubopt_reference(&reply->lease, tmp, MDL);
2818 
2819  return (ISC_TRUE);
2820  }
2821  }
2822 
2823  return (ISC_FALSE);
2824 }
2825 
2826 /* Process a client-supplied IA_TA. This may append options to the tail of
2827  * the reply packet being built in the reply_state structure.
2828  */
2829 static isc_result_t
2830 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2831  isc_result_t status = ISC_R_SUCCESS;
2832  u_int32_t iaid;
2833  unsigned ia_cursor;
2834  struct option_state *packet_ia;
2835  struct option_cache *oc;
2836  struct data_string ia_data, data;
2837  struct data_string iaaddr;
2838  u_int32_t pref_life, valid_life;
2839  struct iaddr tmp_addr;
2840 
2841  /* Initialize values that will get cleaned up on return. */
2842  packet_ia = NULL;
2843  memset(&ia_data, 0, sizeof(ia_data));
2844  memset(&data, 0, sizeof(data));
2845  memset(&iaaddr, 0, sizeof(iaaddr));
2846 
2847  /* Make sure there is at least room for the header. */
2848  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2849  log_error("reply_process_ia_ta: Reply too long for IA.");
2850  return ISC_R_NOSPACE;
2851  }
2852 
2853 
2854  /* Fetch the IA_TA contents. */
2855  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2856  ia, IA_TA_OFFSET)) {
2857  log_error("reply_process_ia_ta: error evaluating ia");
2858  status = ISC_R_FAILURE;
2859  goto cleanup;
2860  }
2861 
2862  /* Extract IA_TA header contents. */
2863  iaid = getULong(ia_data.data);
2864 
2865  /* Create an IA_TA structure. */
2866  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2867  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2868  log_error("reply_process_ia_ta: no memory for ia.");
2869  status = ISC_R_NOMEMORY;
2870  goto cleanup;
2871  }
2872  reply->ia->ia_type = D6O_IA_TA;
2873 
2874  /* Cache pre-existing IA, if any. */
2875  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2876  (unsigned char *)reply->ia->iaid_duid.data,
2877  reply->ia->iaid_duid.len, MDL);
2878 
2879  /*
2880  * Create an option cache to carry the IA_TA option contents, and
2881  * execute any user-supplied values into it.
2882  */
2883  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2884  status = ISC_R_NOMEMORY;
2885  goto cleanup;
2886  }
2887 
2888  /*
2889  * Temporary leases are dynamic by definition.
2890  */
2891  reply->static_lease = ISC_FALSE;
2892 
2893  /*
2894  * Save the cursor position at the start of the IA, so we can
2895  * set length later. We write a temporary
2896  * header out now just in case we decide to adjust the packet
2897  * within sub-process functions.
2898  */
2899  ia_cursor = reply->cursor;
2900 
2901  /* Initialize the IA_TA header. First the code. */
2902  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2903  reply->cursor += 2;
2904 
2905  /* Then option length. */
2906  putUShort(reply->buf.data + reply->cursor, 0x04u);
2907  reply->cursor += 2;
2908 
2909  /* Then IA_TA header contents; IAID. */
2910  putULong(reply->buf.data + reply->cursor, iaid);
2911  reply->cursor += 4;
2912 
2913  /*
2914  * Deal with an IAADDR for lifetimes.
2915  * For all or none, process IAADDRs as hints.
2916  */
2917  reply->min_valid = reply->min_prefer = INFINITE_TIME;
2918  reply->client_valid = reply->client_prefer = 0;
2919  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2920  for (; oc != NULL; oc = oc->next) {
2921  memset(&iaaddr, 0, sizeof(iaaddr));
2922  if (!evaluate_option_cache(&iaaddr, reply->packet,
2923  NULL, NULL,
2924  reply->packet->options, NULL,
2925  &global_scope, oc, MDL) ||
2926  (iaaddr.len < IAADDR_OFFSET)) {
2927  log_error("reply_process_ia_ta: error "
2928  "evaluating IAADDR.");
2929  status = ISC_R_FAILURE;
2930  goto cleanup;
2931  }
2932  /* The first 16 bytes are the IPv6 address. */
2933  pref_life = getULong(iaaddr.data + 16);
2934  valid_life = getULong(iaaddr.data + 20);
2935 
2936  if ((reply->client_valid == 0) ||
2937  (reply->client_valid > valid_life))
2938  reply->client_valid = valid_life;
2939 
2940  if ((reply->client_prefer == 0) ||
2941  (reply->client_prefer > pref_life))
2942  reply->client_prefer = pref_life;
2943 
2944  /* Nothing more if something has failed. */
2945  if (status == ISC_R_CANCELED)
2946  continue;
2947 
2948  tmp_addr.len = 16;
2949  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2950  if (!temporary_is_available(reply, &tmp_addr))
2951  goto bad_temp;
2952  status = reply_process_is_addressed(reply,
2953  &reply->lease->scope,
2954  reply->lease->ipv6_pool->ipv6_pond->group);
2955  if (status != ISC_R_SUCCESS)
2956  goto bad_temp;
2957  status = reply_process_send_addr(reply, &tmp_addr);
2958  if (status != ISC_R_SUCCESS)
2959  goto bad_temp;
2960  if (reply->lease != NULL)
2961  iasubopt_dereference(&reply->lease, MDL);
2962  continue;
2963 
2964  bad_temp:
2965  /* Rewind the IA_TA to empty. */
2966  option_state_dereference(&reply->reply_ia, MDL);
2967  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2968  status = ISC_R_NOMEMORY;
2969  goto cleanup;
2970  }
2971  status = ISC_R_CANCELED;
2972  reply->client_resources = 0;
2973  reply->resources_included = ISC_FALSE;
2974  if (reply->lease != NULL)
2975  iasubopt_dereference(&reply->lease, MDL);
2976  }
2977  reply->ia_count++;
2978 
2979  /*
2980  * Give the client temporary addresses.
2981  */
2982  if (reply->client_resources != 0)
2983  goto store;
2984  status = find_client_temporaries(reply);
2985  if (status == ISC_R_NORESOURCES) {
2986  switch (reply->packet->dhcpv6_msg_type) {
2987  case DHCPV6_SOLICIT:
2988  /*
2989  * No address for any IA is handled
2990  * by the caller.
2991  */
2992  /* FALL THROUGH */
2993 
2994  case DHCPV6_REQUEST:
2995  /* Section 18.2.1 (Request):
2996  *
2997  * If the server cannot assign any addresses to
2998  * an IA in the message from the client, the
2999  * server MUST include the IA in the Reply
3000  * message with no addresses in the IA and a
3001  * Status Code option in the IA containing
3002  * status code NoAddrsAvail.
3003  */
3004  option_state_dereference(&reply->reply_ia, MDL);
3005  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3006  log_error("reply_process_ia_ta: No "
3007  "memory for option state wipe.");
3008  status = ISC_R_NOMEMORY;
3009  goto cleanup;
3010  }
3011 
3012  if (!set_status_code(STATUS_NoAddrsAvail,
3013  "No addresses available "
3014  "for this interface.",
3015  reply->reply_ia)) {
3016  log_error("reply_process_ia_ta: Unable "
3017  "to set NoAddrsAvail status code.");
3018  status = ISC_R_FAILURE;
3019  goto cleanup;
3020  }
3021 
3022  status = ISC_R_SUCCESS;
3023  break;
3024 
3025  default:
3026  /*
3027  * We don't want to include the IA if we
3028  * provide zero addresses including zeroed
3029  * lifetimes.
3030  */
3031  if (reply->resources_included)
3032  status = ISC_R_SUCCESS;
3033  else
3034  goto cleanup;
3035  break;
3036  }
3037  } else if (status != ISC_R_SUCCESS)
3038  goto cleanup;
3039 
3040  store:
3041 
3042  /*
3043  * yes, goto's aren't the best but we also want to avoid extra
3044  * indents
3045  */
3046  if (status == ISC_R_CANCELED) {
3047  /* We're replying with a status code so we still need to
3048  * write it out in wire-format to the outbound buffer */
3049  write_to_packet(reply, ia_cursor);
3050  goto cleanup;
3051  }
3052 
3053  /*
3054  * If we have any addresses log what we are doing.
3055  */
3056  if (reply->ia->num_iasubopt != 0) {
3057  struct iasubopt *tmp;
3058  int i;
3059  char tmp_addr[INET6_ADDRSTRLEN];
3060 
3061  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3062  tmp = reply->ia->iasubopt[i];
3063 
3064  log_info("%s TA: address %s to client with duid %s "
3065  "iaid = %d valid for %u seconds",
3066  dhcpv6_type_names[reply->buf.reply.msg_type],
3067  inet_ntop(AF_INET6, &tmp->addr,
3068  tmp_addr, sizeof(tmp_addr)),
3069  print_hex_1(reply->client_id.len,
3070  reply->client_id.data, 60),
3071  iaid,
3072  tmp->valid);
3073  }
3074  }
3075 
3076  /*
3077  * For hard bindings we consume the new changes into
3078  * the database (if any have been attached to the ia_ta).
3079  *
3080  * Loop through the assigned dynamic addresses, referencing the
3081  * leases onto this IA_TA rather than any old ones, and updating
3082  * pool timers for each (if any).
3083  */
3084  if ((reply->ia->num_iasubopt != 0) &&
3085  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
3086  int must_commit = 0;
3087  struct iasubopt *tmp;
3088  struct data_string *ia_id;
3089  int i;
3090 
3091  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3092  tmp = reply->ia->iasubopt[i];
3093 
3094  if (tmp->ia != NULL)
3095  ia_dereference(&tmp->ia, MDL);
3096  ia_reference(&tmp->ia, reply->ia, MDL);
3097 
3098  /* If we have anything to do on commit do it now */
3099  if (tmp->on_star.on_commit != NULL) {
3100  execute_statements(NULL, reply->packet,
3101  NULL, NULL,
3102  reply->packet->options,
3103  reply->opt_state,
3104  &tmp->scope,
3105  tmp->on_star.on_commit,
3106  &tmp->on_star);
3108  (&tmp->on_star.on_commit, MDL);
3109  }
3110 
3111 #if defined (NSUPDATE)
3112  /*
3113  * Perform ddns updates.
3114  */
3115  oc = lookup_option(&server_universe, reply->opt_state,
3116  SV_DDNS_UPDATES);
3117  if ((oc == NULL) ||
3118  evaluate_boolean_option_cache(NULL, reply->packet,
3119  NULL, NULL,
3120  reply->packet->options,
3121  reply->opt_state,
3122  &tmp->scope,
3123  oc, MDL)) {
3124  ddns_updates(reply->packet, NULL, NULL,
3125  tmp, NULL, reply->opt_state);
3126  }
3127 #endif
3128 
3129  if (!reuse_lease6(reply, tmp)) {
3130  /* Commit 'hard' bindings. */
3131  must_commit = 1;
3132  renew_lease6(tmp->ipv6_pool, tmp);
3134 
3135  /* Do our threshold check. */
3136  check_pool6_threshold(reply, tmp);
3137  }
3138  }
3139 
3140  /* write the IA_TA in wire-format to the outbound buffer */
3141  write_to_packet(reply, ia_cursor);
3142 
3143  /* Remove any old ia from the hash. */
3144  if (reply->old_ia != NULL) {
3145  if (!release_on_roam(reply)) {
3146  ia_id = &reply->old_ia->iaid_duid;
3147  ia_hash_delete(ia_ta_active,
3148  (unsigned char *)ia_id->data,
3149  ia_id->len, MDL);
3150  }
3151 
3152  ia_dereference(&reply->old_ia, MDL);
3153  }
3154 
3155  /* Put new ia into the hash. */
3156  reply->ia->cltt = cur_time;
3157  ia_id = &reply->ia->iaid_duid;
3158  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3159  ia_id->len, reply->ia, MDL);
3160 
3161  /* If we couldn't reuse all of the iasubopts, we
3162  * must update udpate the lease db */
3163  if (must_commit) {
3164  write_ia(reply->ia);
3165  }
3166  } else {
3167  /* write the IA_TA in wire-format to the outbound buffer */
3168  write_to_packet(reply, ia_cursor);
3169  schedule_lease_timeout_reply(reply);
3170  }
3171 
3172  cleanup:
3173  if (packet_ia != NULL)
3174  option_state_dereference(&packet_ia, MDL);
3175  if (iaaddr.data != NULL)
3176  data_string_forget(&iaaddr, MDL);
3177  if (reply->reply_ia != NULL)
3178  option_state_dereference(&reply->reply_ia, MDL);
3179  if (ia_data.data != NULL)
3180  data_string_forget(&ia_data, MDL);
3181  if (data.data != NULL)
3183  if (reply->ia != NULL)
3184  ia_dereference(&reply->ia, MDL);
3185  if (reply->old_ia != NULL)
3186  ia_dereference(&reply->old_ia, MDL);
3187  if (reply->lease != NULL)
3188  iasubopt_dereference(&reply->lease, MDL);
3189 
3190  /*
3191  * ISC_R_CANCELED is a status code used by the addr processing to
3192  * indicate we're replying with other addresses. This is still a
3193  * success at higher layers.
3194  */
3195  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3196 }
3197 /*
3198  * Determines if a lease (iasubopt) can be reused without extending it.
3199  * If dhcp-cache-threshold is greater than zero (i.e enabled) then
3200  * a lease may be reused without going through a full renewal if
3201  * it meets all the requirements. In short it must be active, younger
3202  * than the threshold, and not have DNS changes.
3203  *
3204  * If it is determined that it can be reused, that a call to
3205  * shorten_lifetimes() is made to reduce the valid and preferred lifetimes
3206  * sent to the client by the age of the lease.
3207  *
3208  * Returns 1 if lease can be reused, 0 otherwise
3209  */
3210 int
3211 reuse_lease6(struct reply_state *reply, struct iasubopt *lease) {
3212  int threshold = DEFAULT_CACHE_THRESHOLD;
3213  struct option_cache* oc = NULL;
3214  struct data_string d1;
3215  time_t age;
3216  time_t limit;
3217  int reuse_it = 0;
3218 
3219  /* In order to even qualify for reuse consideration:
3220  * 1. Lease must be active
3221  * 2. It must have been accepted at least once
3222  * 3. DNS info must not have changed */
3223  if ((lease->state != FTS_ACTIVE) ||
3224  (lease->hard_lifetime_end_time == 0) ||
3225  (lease->ddns_cb != NULL)) {
3226  return (0);
3227  }
3228 
3229  /* Look up threshold value */
3230  memset(&d1, 0, sizeof(struct data_string));
3231  oc = lookup_option(&server_universe, reply->opt_state,
3233  if (oc &&
3234  evaluate_option_cache(&d1, reply->packet, NULL, NULL,
3235  reply->packet->options, reply->opt_state,
3236  &lease->scope, oc, MDL)) {
3237  if (d1.len == 1 && (d1.data[0] < 100)) {
3238  threshold = d1.data[0];
3239  }
3240 
3241  data_string_forget(&d1, MDL);
3242  }
3243 
3244  if (threshold <= 0) {
3245  return (0);
3246  }
3247 
3248  if (lease->valid >= MAX_TIME) {
3249  /* Infinite leases are always reused. We have to make
3250  * a choice because we cannot determine when they actually
3251  * began, so we either always reuse them or we never do. */
3252  log_debug ("reusing infinite lease for: %s%s",
3253  pin6_addr(&lease->addr), iasubopt_plen_str(lease));
3254  return (1);
3255  }
3256 
3257  age = cur_tv.tv_sec - (lease->hard_lifetime_end_time - lease->valid);
3258  if (lease->valid <= (INT_MAX / threshold))
3259  limit = lease->valid * threshold / 100;
3260  else
3261  limit = lease->valid / 100 * threshold;
3262 
3263  if (age < limit) {
3264  /* Reduce valid/preferred going to the client by age */
3265  shorten_lifetimes(reply, lease, age, threshold);
3266  reuse_it = 1;
3267  }
3268 
3269  return (reuse_it);
3270 }
3271 
3272 /*
3273  * Reduces the valid and preferred lifetimes for a given lease (iasubopt)
3274  *
3275  * We cannot determine until after a iasubopt has been added to
3276  * the reply if the lease can be reused. Therefore, when we do reuse a
3277  * lease we need a way to alter the lifetimes that will be sent to the client.
3278  * That's where this function comes in handy:
3279  *
3280  * Locate the iasubopt by it's address within the reply the reduce both
3281  * the preferred and valid lifetimes by the given number of seconds.
3282  *
3283  * Note that this function, by necessity, works directly with the
3284  * option_cache data. Sort of a no-no but I don't have any better ideas.
3285  */
3286 void shorten_lifetimes(struct reply_state *reply, struct iasubopt *lease,
3287  time_t age, int threshold) {
3288  struct option_cache* oc = NULL;
3289  int subopt_type;
3290  int addr_offset;
3291  int pref_offset;
3292  int val_offset;
3293  int exp_length;
3294 
3295  if (reply->ia->ia_type != D6O_IA_PD) {
3296  subopt_type = D6O_IAADDR;
3297  addr_offset = IASUBOPT_NA_ADDR_OFFSET;
3298  pref_offset = IASUBOPT_NA_PREF_OFFSET;
3299  val_offset = IASUBOPT_NA_VALID_OFFSET;
3300  exp_length = IASUBOPT_NA_LEN;
3301  }
3302  else {
3303  subopt_type = D6O_IAPREFIX;
3304  addr_offset = IASUBOPT_PD_PREFIX_OFFSET;
3305  pref_offset = IASUBOPT_PD_PREF_OFFSET;
3306  val_offset = IASUBOPT_PD_VALID_OFFSET;
3307  exp_length = IASUBOPT_PD_LEN;
3308  }
3309 
3310  // loop through the iasubopts for the one that matches this lease
3311  oc = lookup_option(&dhcpv6_universe, reply->reply_ia, subopt_type);
3312  for (; oc != NULL ; oc = oc->next) {
3313  if (oc->data.data == NULL || oc->data.len != exp_length) {
3314  /* shouldn't happen */
3315  continue;
3316  }
3317 
3318  /* If address matches (and for PDs the prefix len matches)
3319  * we assume this is our subopt, so update the lifetimes */
3320  if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) &&
3321  (subopt_type != D6O_IAPREFIX ||
3323  lease->plen))) {
3324  u_int32_t pref_life = getULong(oc->data.data +
3325  pref_offset);
3326  u_int32_t valid_life = getULong(oc->data.data +
3327  val_offset);
3328 
3329  if (pref_life < MAX_TIME && pref_life > age) {
3330  pref_life -= age;
3331  putULong((unsigned char*)(oc->data.data) +
3332  pref_offset, pref_life);
3333 
3334  if (reply->min_prefer > pref_life) {
3335  reply->min_prefer = pref_life;
3336  }
3337  }
3338 
3339  if (valid_life < MAX_TIME && valid_life > age) {
3340  valid_life -= age;
3341  putULong((unsigned char*)(oc->data.data) +
3342  val_offset, valid_life);
3343 
3344  if (reply->min_valid > reply->send_valid) {
3345  reply->min_valid = valid_life;
3346  }
3347  }
3348 
3349  log_debug ("Reusing lease for: %s%s, "
3350  "age %ld secs < %d%%,"
3351  " sending shortened lifetimes -"
3352  " preferred: %u, valid %u",
3353  pin6_addr(&lease->addr),
3354  iasubopt_plen_str(lease),
3355  (long)age, threshold,
3356  pref_life, valid_life);
3357  break;
3358  }
3359  }
3360 }
3361 
3362 /*
3363  * Verify the temporary address is available.
3364  */
3365 static isc_boolean_t
3366 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3367  struct in6_addr tmp_addr;
3368  struct subnet *subnet;
3369  struct ipv6_pool *pool = NULL;
3370  struct ipv6_pond *pond = NULL;
3371  int i;
3372 
3373  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3374  /*
3375  * Clients may choose to send :: as an address, with the idea to give
3376  * hints about preferred-lifetime or valid-lifetime.
3377  * So this is not a request for this address.
3378  */
3379  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3380  return ISC_FALSE;
3381 
3382  /*
3383  * Verify that this address is on the client's network.
3384  */
3385  for (subnet = reply->shared->subnets ; subnet != NULL ;
3386  subnet = subnet->next_sibling) {
3387  if (addr_eq(subnet_number(*addr, subnet->netmask),
3388  subnet->net))
3389  break;
3390  }
3391 
3392  /* Address not found on shared network. */
3393  if (subnet == NULL)
3394  return ISC_FALSE;
3395 
3396  /*
3397  * Check if this address is owned (must be before next step).
3398  */
3399  if (address_is_owned(reply, addr))
3400  return ISC_TRUE;
3401 
3402  /*
3403  * Verify that this address is in a temporary pool and try to get it.
3404  */
3405  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3406  if (((pond->prohibit_list != NULL) &&
3407  (permitted(reply->packet, pond->prohibit_list))) ||
3408  ((pond->permit_list != NULL) &&
3409  (!permitted(reply->packet, pond->permit_list))))
3410  continue;
3411 
3412  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3413  if (pool->pool_type != D6O_IA_TA)
3414  continue;
3415 
3416  if (ipv6_in_pool(&tmp_addr, pool))
3417  break;
3418  }
3419 
3420  if (pool != NULL)
3421  break;
3422  }
3423 
3424  if (pool == NULL)
3425  return ISC_FALSE;
3426  if (lease6_exists(pool, &tmp_addr))
3427  return ISC_FALSE;
3428  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3429  return ISC_FALSE;
3430  reply->lease->addr = tmp_addr;
3431  reply->lease->plen = 0;
3432  /* Default is soft binding for 2 minutes. */
3433  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3434  return ISC_FALSE;
3435 
3436  return ISC_TRUE;
3437 }
3438 
3439 /*
3440  * Get a temporary address per prefix.
3441  */
3442 static isc_result_t
3443 find_client_temporaries(struct reply_state *reply) {
3444  int i;
3445  struct ipv6_pool *p = NULL;
3446  struct ipv6_pond *pond;
3447  isc_result_t status = ISC_R_NORESOURCES;;
3448  unsigned int attempts;
3449  struct iaddr send_addr;
3450 
3451  /*
3452  * Do a quick walk through of the ponds and pools
3453  * to see if we have any prefix pools
3454  */
3455  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3456  if (pond->ipv6_pools == NULL)
3457  continue;
3458 
3459  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3460  if (p->pool_type == D6O_IA_TA)
3461  break;
3462  }
3463  if (p != NULL)
3464  break;
3465  }
3466 
3467  /* If we get here and p is NULL we have no useful pools */
3468  if (p == NULL) {
3469  log_debug("Unable to get client addresses: "
3470  "no IPv6 pools on this shared network");
3471  return ISC_R_NORESOURCES;
3472  }
3473 
3474  /*
3475  * We have at least one pool that could provide an address
3476  * Now we walk through the ponds and pools again and check
3477  * to see if the client is permitted and if an address is
3478  * available
3479  */
3480 
3481  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3482  if (((pond->prohibit_list != NULL) &&
3483  (permitted(reply->packet, pond->prohibit_list))) ||
3484  ((pond->permit_list != NULL) &&
3485  (!permitted(reply->packet, pond->permit_list))))
3486  continue;
3487 
3488  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3489  if (p->pool_type != D6O_IA_TA) {
3490  continue;
3491  }
3492 
3493  /*
3494  * Get an address in this temporary pool.
3495  */
3496  status = create_lease6(p, &reply->lease, &attempts,
3497  &reply->client_id,
3498  cur_time + 120);
3499 
3500  if (status != ISC_R_SUCCESS) {
3501  log_debug("Unable to get a temporary address.");
3502  goto cleanup;
3503  }
3504 
3505  status = reply_process_is_addressed(reply,
3506  &reply->lease->scope,
3507  pond->group);
3508  if (status != ISC_R_SUCCESS) {
3509  goto cleanup;
3510  }
3511  send_addr.len = 16;
3512  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3513  status = reply_process_send_addr(reply, &send_addr);
3514  if (status != ISC_R_SUCCESS) {
3515  goto cleanup;
3516  }
3517  /*
3518  * reply->lease can't be null as we use it above
3519  * add check if that changes
3520  */
3521  iasubopt_dereference(&reply->lease, MDL);
3522  }
3523  }
3524 
3525  cleanup:
3526  if (reply->lease != NULL) {
3527  iasubopt_dereference(&reply->lease, MDL);
3528  }
3529  return status;
3530 }
3531 
3532 /*
3533  * This function only returns failure on 'hard' failures. If it succeeds,
3534  * it will leave a lease structure behind.
3535  */
3536 static isc_result_t
3537 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3538  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3539  struct ipv6_pool *pool = NULL;
3540  struct ipv6_pond *pond = NULL;
3541  int i;
3542  struct data_string data_addr;
3543 
3544  if ((reply == NULL) || (reply->shared == NULL) ||
3545  (addr == NULL) || (reply->lease != NULL))
3546  return (DHCP_R_INVALIDARG);
3547 
3548  /*
3549  * Do a quick walk through of the ponds and pools
3550  * to see if we have any NA address pools
3551  */
3552  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3553  if (pond->ipv6_pools == NULL)
3554  continue;
3555 
3556  for (i = 0; ; i++) {
3557  pool = pond->ipv6_pools[i];
3558  if ((pool == NULL) ||
3559  (pool->pool_type == D6O_IA_NA))
3560  break;
3561  }
3562  if (pool != NULL)
3563  break;
3564  }
3565 
3566  /* If we get here and p is NULL we have no useful pools */
3567  if (pool == NULL) {
3568  return (ISC_R_ADDRNOTAVAIL);
3569  }
3570 
3571  memset(&data_addr, 0, sizeof(data_addr));
3572  data_addr.len = addr->len;
3573  data_addr.data = addr->iabuf;
3574 
3575  /*
3576  * We have at least one pool that could provide an address
3577  * Now we walk through the ponds and pools again and check
3578  * to see if the client is permitted and if an address is
3579  * available
3580  *
3581  * Within a given pond we start looking at the last pool we
3582  * allocated from, unless it had a collision trying to allocate
3583  * an address. This will tend to move us into less-filled pools.
3584  */
3585 
3586  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3587  if (((pond->prohibit_list != NULL) &&
3588  (permitted(reply->packet, pond->prohibit_list))) ||
3589  ((pond->permit_list != NULL) &&
3590  (!permitted(reply->packet, pond->permit_list))))
3591  continue;
3592 
3593  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3594  if (pool->pool_type != D6O_IA_NA)
3595  continue;
3596 
3597  status = try_client_v6_address(&reply->lease, pool,
3598  &data_addr);
3599  if (status == ISC_R_SUCCESS)
3600  break;
3601  }
3602 
3603  if (status == ISC_R_SUCCESS)
3604  break;
3605  }
3606 
3607  /* Note that this is just pedantry. There is no allocation to free. */
3608  data_string_forget(&data_addr, MDL);
3609  /* Return just the most recent status... */
3610  return (status);
3611 }
3612 
3613 /* Look around for an address to give the client. First, look through the
3614  * old IA for addresses we can extend. Second, try to allocate a new address.
3615  * Finally, actually add that address into the current reply IA.
3616  */
3617 static isc_result_t
3618 find_client_address(struct reply_state *reply) {
3619  struct iaddr send_addr;
3620  isc_result_t status = ISC_R_NORESOURCES;
3621  struct iasubopt *lease, *best_lease = NULL;
3622  struct binding_scope **scope;
3623  struct group *group;
3624  int i;
3625 
3626  if (reply->static_lease) {
3627  if (reply->host == NULL)
3628  return DHCP_R_INVALIDARG;
3629 
3630  send_addr.len = 16;
3631  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3632 
3633  scope = &global_scope;
3634  group = reply->subnet->group;
3635  goto send_addr;
3636  }
3637 
3638  if (reply->old_ia != NULL) {
3639  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3640  struct shared_network *candidate_shared;
3641  struct ipv6_pond *pond;
3642 
3643  lease = reply->old_ia->iasubopt[i];
3644  candidate_shared = lease->ipv6_pool->shared_network;
3645  pond = lease->ipv6_pool->ipv6_pond;
3646 
3647  /*
3648  * Look for the best lease on the client's shared
3649  * network, that is still permitted
3650  */
3651 
3652  if ((candidate_shared != reply->shared) ||
3654  continue;
3655 
3656  if (((pond->prohibit_list != NULL) &&
3657  (permitted(reply->packet, pond->prohibit_list))) ||
3658  ((pond->permit_list != NULL) &&
3659  (!permitted(reply->packet, pond->permit_list))))
3660  continue;
3661 
3662  best_lease = lease_compare(lease, best_lease);
3663  }
3664  }
3665 
3666  /* Try to pick a new address if we didn't find one, or if we found an
3667  * abandoned lease.
3668  */
3669  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3670  status = pick_v6_address(reply);
3671  } else if (best_lease != NULL) {
3672  iasubopt_reference(&reply->lease, best_lease, MDL);
3673  status = ISC_R_SUCCESS;
3674  }
3675 
3676  /* Pick the abandoned lease as a last resort. */
3677  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3678  /* I don't see how this is supposed to be done right now. */
3679  log_error("Best match for DUID %s is an abandoned address,"
3680  " This may be a result of multiple clients attempting"
3681  " to use this DUID",
3682  print_hex_1(reply->client_id.len,
3683  reply->client_id.data, 60));
3684  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3685  }
3686 
3687  /* Give up now if we didn't find a lease. */
3688  if (status != ISC_R_SUCCESS)
3689  return status;
3690 
3691  if (reply->lease == NULL)
3692  log_fatal("Impossible condition at %s:%d.", MDL);
3693 
3694  /* Draw binding scopes from the lease's binding scope, and config
3695  * from the lease's containing subnet and higher. Note that it may
3696  * be desirable to place the group attachment directly in the pool.
3697  */
3698  scope = &reply->lease->scope;
3699  group = reply->lease->ipv6_pool->ipv6_pond->group;
3700 
3701  send_addr.len = 16;
3702  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3703 
3704  send_addr:
3705  status = reply_process_is_addressed(reply, scope, group);
3706  if (status != ISC_R_SUCCESS)
3707  return status;
3708 
3709  status = reply_process_send_addr(reply, &send_addr);
3710  return status;
3711 }
3712 
3713 /* Once an address is found for a client, perform several common functions;
3714  * Calculate and store valid and preferred lease times, draw client options
3715  * into the option state.
3716  */
3717 static isc_result_t
3718 reply_process_is_addressed(struct reply_state *reply,
3719  struct binding_scope **scope, struct group *group)
3720 {
3721  isc_result_t status = ISC_R_SUCCESS;
3722  struct data_string data;
3723  struct option_cache *oc;
3724  struct option_state *tmp_options = NULL;
3725  struct on_star *on_star;
3726  int i;
3727 
3728  /* Initialize values we will cleanup. */
3729  memset(&data, 0, sizeof(data));
3730 
3731  /*
3732  * Find the proper on_star block to use. We use the
3733  * one in the lease if we have a lease or the one in
3734  * the reply if we don't have a lease because this is
3735  * a static instance
3736  */
3737  if (reply->lease) {
3738  on_star = &reply->lease->on_star;
3739  } else {
3740  on_star = &reply->on_star;
3741  }
3742 
3743  /*
3744  * Bring in the root configuration. We only do this to bring
3745  * in the on * statements, as we didn't have the lease available
3746  * we did it the first time.
3747  */
3748  option_state_allocate(&tmp_options, MDL);
3749  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3750  reply->packet->options, tmp_options,
3751  &global_scope, root_group, NULL,
3752  on_star);
3753  if (tmp_options != NULL) {
3754  option_state_dereference(&tmp_options, MDL);
3755  }
3756 
3757  /*
3758  * Bring configured options into the root packet level cache - start
3759  * with the lease's closest enclosing group (passed in by the caller
3760  * as 'group').
3761  */
3762  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3763  reply->packet->options, reply->opt_state,
3764  scope, group, root_group, on_star);
3765 
3766  /* Execute statements from class scopes. */
3767  for (i = reply->packet->class_count; i > 0; i--) {
3768  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3769  reply->packet->options,
3770  reply->opt_state, scope,
3771  reply->packet->classes[i - 1]->group,
3772  group, on_star);
3773  }
3774 
3775  /*
3776  * If there is a host record, over-ride with values configured there,
3777  * without re-evaluating configuration from the previously executed
3778  * group or its common enclosers.
3779  */
3780  if (reply->host != NULL)
3781  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3782  reply->packet->options,
3783  reply->opt_state, scope,
3784  reply->host->group, group,
3785  on_star);
3786 
3787  /* Determine valid lifetime. */
3788  if (reply->client_valid == 0)
3789  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3790  else
3791  reply->send_valid = reply->client_valid;
3792 
3793  oc = lookup_option(&server_universe, reply->opt_state,
3795  if (oc != NULL) {
3796  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3797  reply->packet->options,
3798  reply->opt_state,
3799  scope, oc, MDL) ||
3800  (data.len != 4)) {
3801  log_error("reply_process_is_addressed: unable to "
3802  "evaluate default lease time");
3803  status = ISC_R_FAILURE;
3804  goto cleanup;
3805  }
3806 
3807  reply->send_valid = getULong(data.data);
3808  data_string_forget(&data, MDL);
3809  }
3810 
3811  /* Check to see if the lease time would cause us to wrap
3812  * in which case we make it infinite.
3813  * The following doesn't work on at least some systems:
3814  * (cur_time + reply->send_valid < cur_time)
3815  */
3816  if (reply->send_valid != INFINITE_TIME) {
3817  time_t test_time = cur_time + reply->send_valid;
3818  if (test_time < cur_time)
3819  reply->send_valid = INFINITE_TIME;
3820  }
3821 
3822  if (reply->client_prefer == 0)
3823  reply->send_prefer = reply->send_valid;
3824  else
3825  reply->send_prefer = reply->client_prefer;
3826 
3827  if ((reply->send_prefer >= reply->send_valid) &&
3828  (reply->send_valid != INFINITE_TIME))
3829  reply->send_prefer = (reply->send_valid / 2) +
3830  (reply->send_valid / 8);
3831 
3832  oc = lookup_option(&server_universe, reply->opt_state,
3834  if (oc != NULL) {
3835  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3836  reply->packet->options,
3837  reply->opt_state,
3838  scope, oc, MDL) ||
3839  (data.len != 4)) {
3840  log_error("reply_process_is_addressed: unable to "
3841  "evaluate preferred lease time");
3842  status = ISC_R_FAILURE;
3843  goto cleanup;
3844  }
3845 
3846  reply->send_prefer = getULong(data.data);
3847  data_string_forget(&data, MDL);
3848  }
3849 
3850  /* Note lowest values for later calculation of renew/rebind times. */
3851  if (reply->min_prefer > reply->send_prefer)
3852  reply->min_prefer = reply->send_prefer;
3853 
3854  if (reply->min_valid > reply->send_valid)
3855  reply->min_valid = reply->send_valid;
3856 
3857 #if 0
3858  /*
3859  * XXX: Old 4.0.0 alpha code would change the host {} record
3860  * XXX: uid upon lease assignment. This was intended to cover the
3861  * XXX: case where a client first identifies itself using vendor
3862  * XXX: options in a solicit, or request, but later neglects to include
3863  * XXX: these options in a Renew or Rebind. It is not clear that this
3864  * XXX: is required, and has some startling ramifications (such as
3865  * XXX: how to recover this dynamic host {} state across restarts).
3866  */
3867  if (reply->host != NULL)
3868  change_host_uid(host, reply->client_id->data,
3869  reply->client_id->len);
3870 #endif /* 0 */
3871 
3872  /* Perform dynamic lease related update work. */
3873  if (reply->lease != NULL) {
3874  /* Cached lifetimes */
3875  reply->lease->prefer = reply->send_prefer;
3876  reply->lease->valid = reply->send_valid;
3877 
3878  /* Advance (or rewind) the valid lifetime.
3879  * In the protocol 0xFFFFFFFF is infinite
3880  * when connecting to the lease file MAX_TIME is
3881  */
3882  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3883  if (reply->send_valid == INFINITE_TIME) {
3884  reply->lease->soft_lifetime_end_time = MAX_TIME;
3885  } else {
3886  reply->lease->soft_lifetime_end_time =
3887  cur_time + reply->send_valid;
3888  }
3889  /* Wait before renew! */
3890  }
3891 
3892  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3893  if (status != ISC_R_SUCCESS) {
3894  log_fatal("reply_process_is_addressed: Unable to "
3895  "attach lease to new IA: %s",
3896  isc_result_totext(status));
3897  }
3898 
3899  /*
3900  * If this is a new lease, make sure it is attached somewhere.
3901  */
3902  if (reply->lease->ia == NULL) {
3903  ia_reference(&reply->lease->ia, reply->ia, MDL);
3904  }
3905  }
3906 
3907  /* Bring a copy of the relevant options into the IA scope. */
3908  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3909  reply->packet->options, reply->reply_ia,
3910  scope, group, root_group, NULL);
3911 
3912  /* Execute statements from class scopes. */
3913  for (i = reply->packet->class_count; i > 0; i--) {
3914  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3915  reply->packet->options,
3916  reply->reply_ia, scope,
3917  reply->packet->classes[i - 1]->group,
3918  group, NULL);
3919  }
3920 
3921  /*
3922  * And bring in host record configuration, if any, but not to overlap
3923  * the previous group or its common enclosers.
3924  */
3925  if (reply->host != NULL)
3926  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3927  reply->packet->options,
3928  reply->reply_ia, scope,
3929  reply->host->group, group, NULL);
3930 
3931  cleanup:
3932  if (data.data != NULL)
3933  data_string_forget(&data, MDL);
3934 
3935  if (status == ISC_R_SUCCESS)
3936  reply->client_resources++;
3937 
3938  return status;
3939 }
3940 
3941 /* Simply send an IAADDR within the IA scope as described. */
3942 static isc_result_t
3943 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3944  isc_result_t status = ISC_R_SUCCESS;
3945  struct data_string data;
3946 
3947  memset(&data, 0, sizeof(data));
3948 
3949  /* Now append the lease. */
3950  data.len = IAADDR_OFFSET;
3951  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3952  log_error("reply_process_send_addr: out of memory"
3953  "allocating new IAADDR buffer.");
3954  status = ISC_R_NOMEMORY;
3955  goto cleanup;
3956  }
3957  data.data = data.buffer->data;
3958 
3959  memcpy(data.buffer->data, addr->iabuf, 16);
3960  putULong(data.buffer->data + 16, reply->send_prefer);
3961  putULong(data.buffer->data + 20, reply->send_valid);
3962 
3963  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3964  data.buffer, data.buffer->data,
3965  data.len, D6O_IAADDR, 0)) {
3966  log_error("reply_process_send_addr: unable "
3967  "to save IAADDR option");
3968  status = ISC_R_FAILURE;
3969  goto cleanup;
3970  }
3971 
3972  reply->resources_included = ISC_TRUE;
3973 
3974  cleanup:
3975  if (data.data != NULL)
3977 
3978  return status;
3979 }
3980 
3981 /* Choose the better of two leases. */
3982 static struct iasubopt *
3983 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3984  if (alpha == NULL)
3985  return beta;
3986  if (beta == NULL)
3987  return alpha;
3988 
3989  switch(alpha->state) {
3990  case FTS_ACTIVE:
3991  switch(beta->state) {
3992  case FTS_ACTIVE:
3993  /* Choose the lease with the longest lifetime (most
3994  * likely the most recently allocated).
3995  */
3996  if (alpha->hard_lifetime_end_time <
3997  beta->hard_lifetime_end_time)
3998  return beta;
3999  else
4000  return alpha;
4001 
4002  case FTS_EXPIRED:
4003  case FTS_ABANDONED:
4004  return alpha;
4005 
4006  default:
4007  log_fatal("Impossible condition at %s:%d.", MDL);
4008  }
4009  break;
4010 
4011  case FTS_EXPIRED:
4012  switch (beta->state) {
4013  case FTS_ACTIVE:
4014  return beta;
4015 
4016  case FTS_EXPIRED:
4017  /* Choose the most recently expired lease. */
4018  if (alpha->hard_lifetime_end_time <
4019  beta->hard_lifetime_end_time)
4020  return beta;
4021  else if ((alpha->hard_lifetime_end_time ==
4022  beta->hard_lifetime_end_time) &&
4023  (alpha->soft_lifetime_end_time <
4024  beta->soft_lifetime_end_time))
4025  return beta;
4026  else
4027  return alpha;
4028 
4029  case FTS_ABANDONED:
4030  return alpha;
4031 
4032  default:
4033  log_fatal("Impossible condition at %s:%d.", MDL);
4034  }
4035  break;
4036 
4037  case FTS_ABANDONED:
4038  switch (beta->state) {
4039  case FTS_ACTIVE:
4040  case FTS_EXPIRED:
4041  return alpha;
4042 
4043  case FTS_ABANDONED:
4044  /* Choose the lease that was abandoned longest ago. */
4045  if (alpha->hard_lifetime_end_time <
4046  beta->hard_lifetime_end_time)
4047  return alpha;
4048  else
4049  return beta;
4050 
4051  default:
4052  log_fatal("Impossible condition at %s:%d.", MDL);
4053  }
4054  break;
4055 
4056  default:
4057  log_fatal("Impossible condition at %s:%d.", MDL);
4058  }
4059 
4060  log_fatal("Triple impossible condition at %s:%d.", MDL);
4061  return NULL;
4062 }
4063 
4064 /* Process a client-supplied IA_PD. This may append options to the tail of
4065  * the reply packet being built in the reply_state structure.
4066  */
4067 static isc_result_t
4068 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
4069  isc_result_t status = ISC_R_SUCCESS;
4070  u_int32_t iaid;
4071  unsigned ia_cursor;
4072  struct option_state *packet_ia;
4073  struct option_cache *oc;
4074  struct data_string ia_data, data;
4075 
4076  /* Initialize values that will get cleaned up on return. */
4077  packet_ia = NULL;
4078  memset(&ia_data, 0, sizeof(ia_data));
4079  memset(&data, 0, sizeof(data));
4080  /*
4081  * Note that find_client_prefix() may set reply->lease.
4082  */
4083 
4084  /* Make sure there is at least room for the header. */
4085  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
4086  log_error("reply_process_ia_pd: Reply too long for IA.");
4087  return ISC_R_NOSPACE;
4088  }
4089 
4090 
4091  /* Fetch the IA_PD contents. */
4092  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
4093  ia, IA_PD_OFFSET)) {
4094  log_error("reply_process_ia_pd: error evaluating ia");
4095  status = ISC_R_FAILURE;
4096  goto cleanup;
4097  }
4098 
4099  /* Extract IA_PD header contents. */
4100  iaid = getULong(ia_data.data);
4101  reply->renew = getULong(ia_data.data + 4);
4102  reply->rebind = getULong(ia_data.data + 8);
4103 
4104  /* Create an IA_PD structure. */
4105  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
4106  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
4107  log_error("reply_process_ia_pd: no memory for ia.");
4108  status = ISC_R_NOMEMORY;
4109  goto cleanup;
4110  }
4111  reply->ia->ia_type = D6O_IA_PD;
4112 
4113  /* Cache pre-existing IA_PD, if any. */
4114  ia_hash_lookup(&reply->old_ia, ia_pd_active,
4115  (unsigned char *)reply->ia->iaid_duid.data,
4116  reply->ia->iaid_duid.len, MDL);
4117 
4118  /*
4119  * Create an option cache to carry the IA_PD option contents, and
4120  * execute any user-supplied values into it.
4121  */
4122  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4123  status = ISC_R_NOMEMORY;
4124  goto cleanup;
4125  }
4126 
4127  /* Check & count the fixed prefix host records. */
4128  reply->static_prefixes = 0;
4129  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
4130  struct iaddrcidrnetlist *fp;
4131 
4132  for (fp = reply->host->fixed_prefix; fp != NULL;
4133  fp = fp->next) {
4134  reply->static_prefixes += 1;
4135  }
4136  }
4137 
4138  /*
4139  * Save the cursor position at the start of the IA_PD, so we can
4140  * set length and adjust t1/t2 values later. We write a temporary
4141  * header out now just in case we decide to adjust the packet
4142  * within sub-process functions.
4143  */
4144  ia_cursor = reply->cursor;
4145 
4146  /* Initialize the IA_PD header. First the code. */
4147  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
4148  reply->cursor += 2;
4149 
4150  /* Then option length. */
4151  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
4152  reply->cursor += 2;
4153 
4154  /* Then IA_PD header contents; IAID. */
4155  putULong(reply->buf.data + reply->cursor, iaid);
4156  reply->cursor += 4;
4157 
4158  /* We store the client's t1 for now, and may over-ride it later. */
4159  putULong(reply->buf.data + reply->cursor, reply->renew);
4160  reply->cursor += 4;
4161 
4162  /* We store the client's t2 for now, and may over-ride it later. */
4163  putULong(reply->buf.data + reply->cursor, reply->rebind);
4164  reply->cursor += 4;
4165 
4166  /*
4167  * For each prefix in this IA_PD, decide what to do about it.
4168  */
4169  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
4170  reply->min_valid = reply->min_prefer = INFINITE_TIME;
4171  reply->client_valid = reply->client_prefer = 0;
4172  reply->preflen = -1;
4173  for (; oc != NULL ; oc = oc->next) {
4174  status = reply_process_prefix(reply, oc);
4175 
4176  /*
4177  * Canceled means we did not allocate prefixes to the
4178  * client, but we're "done" with this IA - we set a status
4179  * code. So transmit this reply, e.g., move on to the next
4180  * IA.
4181  */
4182  if (status == ISC_R_CANCELED)
4183  break;
4184 
4185  if ((status != ISC_R_SUCCESS) &&
4186  (status != ISC_R_ADDRINUSE) &&
4187  (status != ISC_R_ADDRNOTAVAIL))
4188  goto cleanup;
4189  }
4190 
4191  reply->pd_count++;
4192 
4193  /*
4194  * If we fell through the above and never gave the client
4195  * a prefix, give it one now.
4196  */
4197  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
4198  status = find_client_prefix(reply);
4199 
4200  if (status == ISC_R_NORESOURCES) {
4201  switch (reply->packet->dhcpv6_msg_type) {
4202  case DHCPV6_SOLICIT:
4203  /*
4204  * No prefix for any IA is handled
4205  * by the caller.
4206  */
4207  /* FALL THROUGH */
4208 
4209  case DHCPV6_REQUEST:
4210  /* Same than for addresses. */
4211  option_state_dereference(&reply->reply_ia, MDL);
4212  if (!option_state_allocate(&reply->reply_ia,
4213  MDL))
4214  {
4215  log_error("reply_process_ia_pd: No "
4216  "memory for option state "
4217  "wipe.");
4218  status = ISC_R_NOMEMORY;
4219  goto cleanup;
4220  }
4221 
4222  if (!set_status_code(STATUS_NoPrefixAvail,
4223  "No prefixes available "
4224  "for this interface.",
4225  reply->reply_ia)) {
4226  log_error("reply_process_ia_pd: "
4227  "Unable to set "
4228  "NoPrefixAvail status "
4229  "code.");
4230  status = ISC_R_FAILURE;
4231  goto cleanup;
4232  }
4233 
4234  status = ISC_R_SUCCESS;
4235  break;
4236 
4237  default:
4238  if (reply->resources_included)
4239  status = ISC_R_SUCCESS;
4240  else
4241  goto cleanup;
4242  break;
4243  }
4244  }
4245 
4246  if (status != ISC_R_SUCCESS)
4247  goto cleanup;
4248  }
4249 
4250  /*
4251  * yes, goto's aren't the best but we also want to avoid extra
4252  * indents
4253  */
4254  if (status == ISC_R_CANCELED) {
4255  /* We're replying with a status code so we still need to
4256  * write it out in wire-format to the outbound buffer */
4257  write_to_packet(reply, ia_cursor);
4258  goto cleanup;
4259  }
4260 
4261  /*
4262  * Handle static prefixes, we always log stuff and if it's
4263  * a hard binding we run any commit statements that we have
4264  */
4265  if (reply->static_prefixes != 0) {
4266  char tmp_addr[INET6_ADDRSTRLEN];
4267  log_info("%s PD: address %s/%d to client with duid %s "
4268  "iaid = %d static",
4269  dhcpv6_type_names[reply->buf.reply.msg_type],
4270  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
4271  tmp_addr, sizeof(tmp_addr)),
4272  reply->fixed_pref.bits,
4273  print_hex_1(reply->client_id.len,
4274  reply->client_id.data, 60),
4275  iaid);
4276 
4277  /* Write the lease out in wire-format to the outbound buffer */
4278  write_to_packet(reply, ia_cursor);
4279 
4280  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4281  (reply->on_star.on_commit != NULL)) {
4282  execute_statements(NULL, reply->packet, NULL, NULL,
4283  reply->packet->options,
4284  reply->opt_state,
4285  NULL, reply->on_star.on_commit,
4286  NULL);
4288  (&reply->on_star.on_commit, MDL);
4289  }
4290  goto cleanup;
4291  }
4292 
4293  /*
4294  * If we have any addresses log what we are doing.
4295  */
4296  if (reply->ia->num_iasubopt != 0) {
4297  struct iasubopt *tmp;
4298  int i;
4299  char tmp_addr[INET6_ADDRSTRLEN];
4300 
4301  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4302  tmp = reply->ia->iasubopt[i];
4303 
4304  log_info("%s PD: address %s/%d to client with duid %s"
4305  " iaid = %d valid for %u seconds",
4306  dhcpv6_type_names[reply->buf.reply.msg_type],
4307  inet_ntop(AF_INET6, &tmp->addr,
4308  tmp_addr, sizeof(tmp_addr)),
4309  (int)tmp->plen,
4310  print_hex_1(reply->client_id.len,
4311  reply->client_id.data, 60),
4312  iaid, tmp->valid);
4313  }
4314  }
4315 
4316  /*
4317  * If this is not a 'soft' binding, consume the new changes into
4318  * the database (if any have been attached to the ia_pd).
4319  *
4320  * Loop through the assigned dynamic prefixes, referencing the
4321  * prefixes onto this IA_PD rather than any old ones, and updating
4322  * prefix pool timers for each (if any).
4323  *
4324  * If a lease can be reused we skip renewing it or checking the
4325  * pool threshold. If it can't we flag that the IA must be commited
4326  * to the db and do the renewal and pool check.
4327  */
4328  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4329  (reply->ia->num_iasubopt != 0)) {
4330  int must_commit = 0;
4331  struct iasubopt *tmp;
4332  struct data_string *ia_id;
4333  int i;
4334 
4335  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4336  tmp = reply->ia->iasubopt[i];
4337 
4338  if (tmp->ia != NULL)
4339  ia_dereference(&tmp->ia, MDL);
4340  ia_reference(&tmp->ia, reply->ia, MDL);
4341 
4342  /* If we have anything to do on commit do it now */
4343  if (tmp->on_star.on_commit != NULL) {
4344  execute_statements(NULL, reply->packet,
4345  NULL, NULL,
4346  reply->packet->options,
4347  reply->opt_state,
4348  &tmp->scope,
4349  tmp->on_star.on_commit,
4350  &tmp->on_star);
4352  (&tmp->on_star.on_commit, MDL);
4353  }
4354 
4355  if (!reuse_lease6(reply, tmp)) {
4356  /* Commit 'hard' bindings. */
4357  must_commit = 1;
4358  renew_lease6(tmp->ipv6_pool, tmp);
4360 
4361  /* Do our threshold check. */
4362  check_pool6_threshold(reply, tmp);
4363  }
4364  }
4365 
4366  /* write the IA_PD in wire-format to the outbound buffer */
4367  write_to_packet(reply, ia_cursor);
4368 
4369  /* Remove any old ia from the hash. */
4370  if (reply->old_ia != NULL) {
4371  if (!release_on_roam(reply)) {
4372  ia_id = &reply->old_ia->iaid_duid;
4373  ia_hash_delete(ia_pd_active,
4374  (unsigned char *)ia_id->data,
4375  ia_id->len, MDL);
4376  }
4377 
4378  ia_dereference(&reply->old_ia, MDL);
4379  }
4380 
4381  /* Put new ia into the hash. */
4382  reply->ia->cltt = cur_time;
4383  ia_id = &reply->ia->iaid_duid;
4384  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4385  ia_id->len, reply->ia, MDL);
4386 
4387  /* If we couldn't reuse all of the iasubopts, we
4388  * must udpate the lease db */
4389  if (must_commit) {
4390  write_ia(reply->ia);
4391  }
4392  } else {
4393  /* write the IA_PD in wire-format to the outbound buffer */
4394  write_to_packet(reply, ia_cursor);
4395  schedule_lease_timeout_reply(reply);
4396  }
4397 
4398  cleanup:
4399  if (packet_ia != NULL)
4400  option_state_dereference(&packet_ia, MDL);
4401  if (reply->reply_ia != NULL)
4402  option_state_dereference(&reply->reply_ia, MDL);
4403  if (ia_data.data != NULL)
4404  data_string_forget(&ia_data, MDL);
4405  if (data.data != NULL)
4407  if (reply->ia != NULL)
4408  ia_dereference(&reply->ia, MDL);
4409  if (reply->old_ia != NULL)
4410  ia_dereference(&reply->old_ia, MDL);
4411  if (reply->lease != NULL)
4412  iasubopt_dereference(&reply->lease, MDL);
4413  if (reply->on_star.on_expiry != NULL)
4415  (&reply->on_star.on_expiry, MDL);
4416  if (reply->on_star.on_release != NULL)
4418  (&reply->on_star.on_release, MDL);
4419 
4420  /*
4421  * ISC_R_CANCELED is a status code used by the prefix processing to
4422  * indicate we're replying with a status code. This is still a
4423  * success at higher layers.
4424  */
4425  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4426 }
4427 
4447 static struct group *
4448 find_group_by_prefix(struct reply_state *reply) {
4449  /* default group if we don't find anything better */
4450  struct group *group = reply->shared->group;
4451  struct subnet *subnet = NULL;
4452  struct iaddr tmp_addr;
4453  struct data_string fixed_addr;
4454 
4455  /* Try with the prefix first */
4456  if (find_grouped_subnet(&subnet, reply->shared,
4457  reply->fixed_pref.lo_addr, MDL) != 0) {
4458  group = subnet->group;
4459  subnet_dereference(&subnet, MDL);
4460  return (group);
4461  }
4462 
4463  /* Didn't find a subnet via prefix, what about fixed address */
4464  /* The caller has already tested reply->host != NULL */
4465 
4466  memset(&fixed_addr, 0, sizeof(fixed_addr));
4467 
4468  if ((reply->host->fixed_addr != NULL) &&
4469  (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4470  NULL, NULL, &global_scope,
4471  reply->host->fixed_addr, MDL))) {
4472  if (fixed_addr.len >= 16) {
4473  tmp_addr.len = 16;
4474  memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4475  if (find_grouped_subnet(&subnet, reply->shared,
4476  tmp_addr, MDL) != 0) {
4477  group = subnet->group;
4478  subnet_dereference(&subnet, MDL);
4479  }
4480  }
4481  data_string_forget(&fixed_addr, MDL);
4482  }
4483 
4484  /* return whatever we got */
4485  return (group);
4486 }
4487 
4488 /*
4489  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4490  * contents into the reply's current ia_pd-scoped option cache. Returns
4491  * ISC_R_CANCELED in the event we are replying with a status code and do
4492  * not wish to process more IAPREFIXes within this IA_PD.
4493  */
4494 static isc_result_t
4495 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4496  u_int32_t pref_life, valid_life;
4497  struct binding_scope **scope;
4498  struct iaddrcidrnet tmp_pref;
4499  struct option_cache *oc;
4500  struct data_string iapref, data;
4501  isc_result_t status = ISC_R_SUCCESS;
4502  struct group *group;
4503 
4504  /* Initializes values that will be cleaned up. */
4505  memset(&iapref, 0, sizeof(iapref));
4506  memset(&data, 0, sizeof(data));
4507  /* Note that reply->lease may be set by prefix_is_owned() */
4508 
4509  /*
4510  * There is no point trying to process an incoming prefix if there
4511  * is no room for an outgoing prefix.
4512  */
4513  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4514  log_error("reply_process_prefix: Out of room for prefix.");
4515  return ISC_R_NOSPACE;
4516  }
4517 
4518  /* Extract this IAPREFIX option. */
4519  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4520  reply->packet->options, NULL, &global_scope,
4521  pref, MDL) ||
4522  (iapref.len < IAPREFIX_OFFSET)) {
4523  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4524  status = ISC_R_FAILURE;
4525  goto cleanup;
4526  }
4527 
4528  /*
4529  * Layout: preferred and valid lifetimes followed by the prefix
4530  * length and the IPv6 address.
4531  */
4532  pref_life = getULong(iapref.data);
4533  valid_life = getULong(iapref.data + 4);
4534 
4535  if ((reply->client_valid == 0) ||
4536  (reply->client_valid > valid_life))
4537  reply->client_valid = valid_life;
4538 
4539  if ((reply->client_prefer == 0) ||
4540  (reply->client_prefer > pref_life))
4541  reply->client_prefer = pref_life;
4542 
4543  /*
4544  * Clients may choose to send ::/0 as a prefix, with the idea to give
4545  * hints about preferred-lifetime or valid-lifetime.
4546  */
4547  tmp_pref.lo_addr.len = 16;
4548  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4549  if ((iapref.data[8] == 0) &&
4550  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4551  /* Status remains success; we just ignore this one. */
4552  goto cleanup;
4553  }
4554 
4555  /*
4556  * Clients may choose to send ::/X as a prefix to specify a
4557  * preferred/requested prefix length. Note X is never zero here.
4558  */
4559  tmp_pref.bits = (int) iapref.data[8];
4560  if (reply->preflen < 0) {
4561  /* Cache the first preferred prefix length. */
4562  reply->preflen = tmp_pref.bits;
4563  }
4564  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4565  goto cleanup;
4566  }
4567 
4568  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4569 
4570  /* Verify the prefix belongs to the client. */
4571  if (!prefix_is_owned(reply, &tmp_pref)) {
4572  /* Same than for addresses. */
4573  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4574  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4575  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4576  status = reply_process_try_prefix(reply, &tmp_pref);
4577 
4578  /* Either error out or skip this prefix. */
4579  if ((status != ISC_R_SUCCESS) &&
4580  (status != ISC_R_ADDRINUSE) &&
4581  (status != ISC_R_ADDRNOTAVAIL))
4582  goto cleanup;
4583 
4584  if (reply->lease == NULL) {
4585  if (reply->packet->dhcpv6_msg_type ==
4586  DHCPV6_REBIND) {
4587  reply->send_prefer = 0;
4588  reply->send_valid = 0;
4589  goto send_pref;
4590  }
4591 
4592  /* status remains success - ignore */
4593  goto cleanup;
4594  }
4595  /*
4596  * RFC3633 section 18.2.3:
4597  *
4598  * If the delegating router cannot find a binding
4599  * for the requesting router's IA_PD the delegating
4600  * router returns the IA_PD containing no prefixes
4601  * with a Status Code option set to NoBinding in the
4602  * Reply message.
4603  *
4604  * On mismatch we (ab)use this pretending we have not the IA
4605  * as soon as we have not a prefix.
4606  */
4607  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4608  /* Rewind the IA_PD to empty. */
4609  option_state_dereference(&reply->reply_ia, MDL);
4610  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4611  log_error("reply_process_prefix: No memory "
4612  "for option state wipe.");
4613  status = ISC_R_NOMEMORY;
4614  goto cleanup;
4615  }
4616 
4617  /* Append a NoBinding status code. */
4618  if (!set_status_code(STATUS_NoBinding,
4619  "Prefix not bound to this "
4620  "interface.", reply->reply_ia)) {
4621  log_error("reply_process_prefix: Unable to "
4622  "attach status code.");
4623  status = ISC_R_FAILURE;
4624  goto cleanup;
4625  }
4626 
4627  /* Fin (no more IAPREFIXes). */
4628  status = ISC_R_CANCELED;
4629  goto cleanup;
4630  } else {
4631  log_error("It is impossible to lease a client that is "
4632  "not sending a solicit, request, renew, or "
4633  "rebind message.");
4634  status = ISC_R_FAILURE;
4635  goto cleanup;
4636  }
4637  }
4638 
4639  if (reply->static_prefixes > 0) {
4640  if (reply->host == NULL)
4641  log_fatal("Impossible condition at %s:%d.", MDL);
4642 
4643  scope = &global_scope;
4644 
4645  /* Copy the static prefix for logging and finding the group */
4646  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4647 
4648  /* Try to find a group for the static prefix */
4649  group = find_group_by_prefix(reply);
4650  } else {
4651  if (reply->lease == NULL)
4652  log_fatal("Impossible condition at %s:%d.", MDL);
4653 
4654  scope = &reply->lease->scope;
4655  group = reply->lease->ipv6_pool->ipv6_pond->group;
4656  }
4657 
4658  /*
4659  * If client_resources is nonzero, then the reply_process_is_prefixed
4660  * function has executed configuration state into the reply option
4661  * cache. We will use that valid cache to derive configuration for
4662  * whether or not to engage in additional prefixes, and similar.
4663  */
4664  if (reply->client_resources != 0) {
4665  unsigned limit = 1;
4666 
4667  /*
4668  * Does this client have "enough" prefixes already? Default
4669  * to one. Everybody gets one, and one should be enough for
4670  * anybody.
4671  */
4672  oc = lookup_option(&server_universe, reply->opt_state,
4674  if (oc != NULL) {
4675  if (!evaluate_option_cache(&data, reply->packet,
4676  NULL, NULL,
4677  reply->packet->options,
4678  reply->opt_state,
4679  scope, oc, MDL) ||
4680  (data.len != 4)) {
4681  log_error("reply_process_prefix: unable to "
4682  "evaluate prefs-per-ia value.");
4683  status = ISC_R_FAILURE;
4684  goto cleanup;
4685  }
4686 
4687  limit = getULong(data.data);
4688  data_string_forget(&data, MDL);
4689  }
4690 
4691  /*
4692  * If we wish to limit the client to a certain number of
4693  * prefixes, then omit the prefix from the reply.
4694  */
4695  if (reply->client_resources >= limit)
4696  goto cleanup;
4697  }
4698 
4699  status = reply_process_is_prefixed(reply, scope, group);
4700  if (status != ISC_R_SUCCESS)
4701  goto cleanup;
4702 
4703  send_pref:
4704  status = reply_process_send_prefix(reply, &tmp_pref);
4705 
4706  cleanup:
4707  if (iapref.data != NULL)
4708  data_string_forget(&iapref, MDL);
4709  if (data.data != NULL)
4710  data_string_forget(&data, MDL);
4711  if (reply->lease != NULL)
4712  iasubopt_dereference(&reply->lease, MDL);
4713 
4714  return status;
4715 }
4716 
4717 /*
4718  * Verify the prefix belongs to the client. If we've got a host
4719  * record with fixed prefixes, it has to be an assigned prefix
4720  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4721  * that prefix and make sure it belongs to this DUID:IAID pair.
4722  */
4723 static isc_boolean_t
4724 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4725  struct iaddrcidrnetlist *l;
4726  int i;
4727  struct ipv6_pond *pond;
4728 
4729  /*
4730  * This faults out prefixes that don't match fixed prefixes.
4731  */
4732  if (reply->static_prefixes > 0) {
4733  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4734  if ((pref->bits == l->cidrnet.bits) &&
4735  (memcmp(pref->lo_addr.iabuf,
4736  l->cidrnet.lo_addr.iabuf, 16) == 0))
4737  return (ISC_TRUE);
4738  }
4739  return (ISC_FALSE);
4740  }
4741 
4742  if ((reply->old_ia == NULL) ||
4743  (reply->old_ia->num_iasubopt == 0))
4744  return (ISC_FALSE);
4745 
4746  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4747  struct iasubopt *tmp;
4748 
4749  tmp = reply->old_ia->iasubopt[i];
4750 
4751  if ((pref->bits == (int) tmp->plen) &&
4752  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4753  if (lease6_usable(tmp) == ISC_FALSE) {
4754  return (ISC_FALSE);
4755  }
4756 
4757  pond = tmp->ipv6_pool->ipv6_pond;
4758  if (((pond->prohibit_list != NULL) &&
4759  (permitted(reply->packet, pond->prohibit_list))) ||
4760  ((pond->permit_list != NULL) &&
4761  (!permitted(reply->packet, pond->permit_list))))
4762  return (ISC_FALSE);
4763 
4764  iasubopt_reference(&reply->lease, tmp, MDL);
4765  return (ISC_TRUE);
4766  }
4767  }
4768 
4769  return (ISC_FALSE);
4770 }
4771 
4772 /*
4773  * This function only returns failure on 'hard' failures. If it succeeds,
4774  * it will leave a prefix structure behind.
4775  */
4776 static isc_result_t
4777 reply_process_try_prefix(struct reply_state *reply,
4778  struct iaddrcidrnet *pref) {
4779  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4780  struct ipv6_pool *pool = NULL;
4781  struct ipv6_pond *pond = NULL;
4782  int i;
4783  struct data_string data_pref;
4784 
4785  if ((reply == NULL) || (reply->shared == NULL) ||
4786  (pref == NULL) || (reply->lease != NULL))
4787  return (DHCP_R_INVALIDARG);
4788 
4789  /*
4790  * Do a quick walk through of the ponds and pools
4791  * to see if we have any prefix pools
4792  */
4793  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4794  if (pond->ipv6_pools == NULL)
4795  continue;
4796 
4797  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4798  if (pool->pool_type == D6O_IA_PD)
4799  break;
4800  }
4801  if (pool != NULL)
4802  break;
4803  }
4804 
4805  /* If we get here and p is NULL we have no useful pools */
4806  if (pool == NULL) {
4807  return (ISC_R_ADDRNOTAVAIL);
4808  }
4809 
4810  memset(&data_pref, 0, sizeof(data_pref));
4811  data_pref.len = 17;
4812  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4813  log_error("reply_process_try_prefix: out of memory.");
4814  return (ISC_R_NOMEMORY);
4815  }
4816  data_pref.data = data_pref.buffer->data;
4817  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4818  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4819 
4820  /*
4821  * We have at least one pool that could provide a prefix
4822  * Now we walk through the ponds and pools again and check
4823  * to see if the client is permitted and if an prefix is
4824  * available
4825  *
4826  */
4827 
4828  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4829  if (((pond->prohibit_list != NULL) &&
4830  (permitted(reply->packet, pond->prohibit_list))) ||
4831  ((pond->permit_list != NULL) &&
4832  (!permitted(reply->packet, pond->permit_list))))
4833  continue;
4834 
4835  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4836  if (pool->pool_type != D6O_IA_PD) {
4837  continue;
4838  }
4839 
4840  status = try_client_v6_prefix(&reply->lease, pool,
4841  &data_pref);
4842  /* If we found it in this pool (either in use or available),
4843  there is no need to look further. */
4844  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4845  break;
4846  }
4847  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4848  break;
4849  }
4850 
4851  data_string_forget(&data_pref, MDL);
4852  /* Return just the most recent status... */
4853  return (status);
4854 }
4855 
4856 /* Look around for a prefix to give the client. First, look through the old
4857  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4858  * Finally, actually add that prefix into the current reply IA_PD.
4859  */
4860 static isc_result_t
4861 find_client_prefix(struct reply_state *reply) {
4862  struct iaddrcidrnet send_pref;
4863  isc_result_t status = ISC_R_NORESOURCES;
4864  struct iasubopt *prefix, *best_prefix = NULL;
4865  struct binding_scope **scope;
4866  int i;
4867  struct group *group;
4868 
4869  if (reply->static_prefixes > 0) {
4870  struct iaddrcidrnetlist *l;
4871 
4872  if (reply->host == NULL)
4873  return DHCP_R_INVALIDARG;
4874 
4875  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4876  if (l->cidrnet.bits == reply->preflen)
4877  break;
4878  }
4879  if (l == NULL) {
4880  /*
4881  * If no fixed prefix has the preferred length,
4882  * get the first one.
4883  */
4884  l = reply->host->fixed_prefix;
4885  }
4886  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4887 
4888  scope = &global_scope;
4889 
4890  /* Copy the prefix for logging purposes */
4891  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4892 
4893  /* Try to find a group for the static prefix */
4894  group = find_group_by_prefix(reply);
4895 
4896  goto send_pref;
4897  }
4898 
4899  if (reply->old_ia != NULL) {
4900  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4901  struct shared_network *candidate_shared;
4902  struct ipv6_pond *pond;
4903 
4904  prefix = reply->old_ia->iasubopt[i];
4905  candidate_shared = prefix->ipv6_pool->shared_network;
4906  pond = prefix->ipv6_pool->ipv6_pond;
4907 
4908  /*
4909  * Consider this prefix if it is in a global pool or
4910  * if it is scoped in a pool under the client's shared
4911  * network.
4912  */
4913  if (((candidate_shared != NULL) &&
4914  (candidate_shared != reply->shared)) ||
4915  (lease6_usable(prefix) != ISC_TRUE))
4916  continue;
4917 
4918  /*
4919  * And check if the prefix is still permitted
4920  */
4921 
4922  if (((pond->prohibit_list != NULL) &&
4923  (permitted(reply->packet, pond->prohibit_list))) ||
4924  ((pond->permit_list != NULL) &&
4925  (!permitted(reply->packet, pond->permit_list))))
4926  continue;
4927 
4928  best_prefix = prefix_compare(reply, prefix,
4929  best_prefix);
4930  }
4931 
4932  /*
4933  * If we have prefix length hint and we're not igoring them,
4934  * then toss the best match if it doesn't match the hint,
4935  * unless this is in response to a rebind. In the latter
4936  * case we're supposed to return it with zero lifetimes.
4937  * (See rt45780) */
4938  if (best_prefix && (reply->preflen > 0)
4940  && (reply->preflen != best_prefix->plen)
4941  && (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
4942  best_prefix = NULL;
4943  }
4944  }
4945 
4946  /* Try to pick a new prefix if we didn't find one, or if we found an
4947  * abandoned prefix.
4948  */
4949  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4950  status = pick_v6_prefix(reply);
4951  } else if (best_prefix != NULL) {
4952  iasubopt_reference(&reply->lease, best_prefix, MDL);
4953  status = ISC_R_SUCCESS;
4954  }
4955 
4956  /* Pick the abandoned prefix as a last resort. */
4957  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4958  /* I don't see how this is supposed to be done right now. */
4959  log_error("Reclaiming abandoned prefixes is not yet "
4960  "supported. Treating this as an out of space "
4961  "condition.");
4962  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4963  }
4964 
4965  /* Give up now if we didn't find a prefix. */
4966  if (status != ISC_R_SUCCESS)
4967  return status;
4968 
4969  if (reply->lease == NULL)
4970  log_fatal("Impossible condition at %s:%d.", MDL);
4971 
4972  scope = &reply->lease->scope;
4973  group = reply->lease->ipv6_pool->ipv6_pond->group;
4974 
4975  send_pref.lo_addr.len = 16;
4976  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4977  send_pref.bits = (int) reply->lease->plen;
4978 
4979  send_pref:
4980  status = reply_process_is_prefixed(reply, scope, group);
4981  if (status != ISC_R_SUCCESS)
4982  return status;
4983 
4984  status = reply_process_send_prefix(reply, &send_pref);
4985  return status;
4986 }
4987 
4988 /* Once a prefix is found for a client, perform several common functions;
4989  * Calculate and store valid and preferred prefix times, draw client options
4990  * into the option state.
4991  */
4992 static isc_result_t
4993 reply_process_is_prefixed(struct reply_state *reply,
4994  struct binding_scope **scope, struct group *group)
4995 {
4996  isc_result_t status = ISC_R_SUCCESS;
4997  struct data_string data;
4998  struct option_cache *oc;
4999  struct option_state *tmp_options = NULL;
5000  struct on_star *on_star;
5001  int i;
5002 
5003  /* Initialize values we will cleanup. */
5004  memset(&data, 0, sizeof(data));
5005 
5006  /*
5007  * Find the proper on_star block to use. We use the
5008  * one in the lease if we have a lease or the one in
5009  * the reply if we don't have a lease because this is
5010  * a static instance
5011  */
5012  if (reply->lease) {
5013  on_star = &reply->lease->on_star;
5014  } else {
5015  on_star = &reply->on_star;
5016  }
5017 
5018  /*
5019  * Bring in the root configuration. We only do this to bring
5020  * in the on * statements, as we didn't have the lease available
5021  * we we did it the first time.
5022  */
5023  option_state_allocate(&tmp_options, MDL);
5024  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5025  reply->packet->options, tmp_options,
5026  &global_scope, root_group, NULL,
5027  on_star);
5028  if (tmp_options != NULL) {
5029  option_state_dereference(&tmp_options, MDL);
5030  }
5031 
5032  /*
5033  * Bring configured options into the root packet level cache - start
5034  * with the lease's closest enclosing group (passed in by the caller
5035  * as 'group').
5036  */
5037  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5038  reply->packet->options, reply->opt_state,
5039  scope, group, root_group, on_star);
5040 
5041  /* Execute statements from class scopes. */
5042  for (i = reply->packet->class_count; i > 0; i--) {
5043  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5044  reply->packet->options,
5045  reply->opt_state, scope,
5046  reply->packet->classes[i - 1]->group,
5047  group, on_star);
5048  }
5049 
5050  /*
5051  * If there is a host record, over-ride with values configured there,
5052  * without re-evaluating configuration from the previously executed
5053  * group or its common enclosers.
5054  */
5055  if (reply->host != NULL)
5056  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5057  reply->packet->options,
5058  reply->opt_state, scope,
5059  reply->host->group, group,
5060  on_star);
5061 
5062  /* Determine valid lifetime. */
5063  if (reply->client_valid == 0)
5064  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
5065  else
5066  reply->send_valid = reply->client_valid;
5067 
5068  oc = lookup_option(&server_universe, reply->opt_state,
5070  if (oc != NULL) {
5071  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5072  reply->packet->options,
5073  reply->opt_state,
5074  scope, oc, MDL) ||
5075  (data.len != 4)) {
5076  log_error("reply_process_is_prefixed: unable to "
5077  "evaluate default prefix time");
5078  status = ISC_R_FAILURE;
5079  goto cleanup;
5080  }
5081 
5082  reply->send_valid = getULong(data.data);
5083  data_string_forget(&data, MDL);
5084  }
5085 
5086  /* Check to see if the lease time would cause us to wrap
5087  * in which case we make it infinite.
5088  * The following doesn't work on at least some systems:
5089  * (cur_time + reply->send_valid < cur_time)
5090  */
5091  if (reply->send_valid != INFINITE_TIME) {
5092  time_t test_time = cur_time + reply->send_valid;
5093  if (test_time < cur_time)
5094  reply->send_valid = INFINITE_TIME;
5095  }
5096 
5097  if (reply->client_prefer == 0)
5098  reply->send_prefer = reply->send_valid;
5099  else
5100  reply->send_prefer = reply->client_prefer;
5101 
5102  if ((reply->send_prefer >= reply->send_valid) &&
5103  (reply->send_valid != INFINITE_TIME))
5104  reply->send_prefer = (reply->send_valid / 2) +
5105  (reply->send_valid / 8);
5106 
5107  oc = lookup_option(&server_universe, reply->opt_state,
5109  if (oc != NULL) {
5110  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
5111  reply->packet->options,
5112  reply->opt_state,
5113  scope, oc, MDL) ||
5114  (data.len != 4)) {
5115  log_error("reply_process_is_prefixed: unable to "
5116  "evaluate preferred prefix time");
5117  status = ISC_R_FAILURE;
5118  goto cleanup;
5119  }
5120 
5121  reply->send_prefer = getULong(data.data);
5122  data_string_forget(&data, MDL);
5123  }
5124 
5125  /* Note lowest values for later calculation of renew/rebind times. */
5126  if (reply->min_prefer > reply->send_prefer)
5127  reply->min_prefer = reply->send_prefer;
5128 
5129  if (reply->min_valid > reply->send_valid)
5130  reply->min_valid = reply->send_valid;
5131 
5132  /* Perform dynamic prefix related update work. */
5133  if (reply->lease != NULL) {
5134  /* Cached lifetimes */
5135  reply->lease->prefer = reply->send_prefer;
5136  reply->lease->valid = reply->send_valid;
5137 
5138  /* Advance (or rewind) the valid lifetime.
5139  * In the protocol 0xFFFFFFFF is infinite
5140  * when connecting to the lease file MAX_TIME is
5141  */
5142  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
5143  if (reply->send_valid == INFINITE_TIME) {
5144  reply->lease->soft_lifetime_end_time = MAX_TIME;
5145  } else {
5146  reply->lease->soft_lifetime_end_time =
5147  cur_time + reply->send_valid;
5148  }
5149  /* Wait before renew! */
5150  }
5151 
5152  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
5153  if (status != ISC_R_SUCCESS) {
5154  log_fatal("reply_process_is_prefixed: Unable to "
5155  "attach prefix to new IA_PD: %s",
5156  isc_result_totext(status));
5157  }
5158 
5159  /*
5160  * If this is a new prefix, make sure it is attached somewhere.
5161  */
5162  if (reply->lease->ia == NULL) {
5163  ia_reference(&reply->lease->ia, reply->ia, MDL);
5164  }
5165  }
5166 
5167  /* Bring a copy of the relevant options into the IA_PD scope. */
5168  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5169  reply->packet->options, reply->reply_ia,
5170  scope, group, root_group, NULL);
5171 
5172  /* Execute statements from class scopes. */
5173  for (i = reply->packet->class_count; i > 0; i--) {
5174  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5175  reply->packet->options,
5176  reply->reply_ia, scope,
5177  reply->packet->classes[i - 1]->group,
5178  group, NULL);
5179  }
5180 
5181  /*
5182  * And bring in host record configuration, if any, but not to overlap
5183  * the previous group or its common enclosers.
5184  */
5185  if (reply->host != NULL)
5186  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
5187  reply->packet->options,
5188  reply->reply_ia, scope,
5189  reply->host->group, group, NULL);
5190 
5191  cleanup:
5192  if (data.data != NULL)
5193  data_string_forget(&data, MDL);
5194 
5195  if (status == ISC_R_SUCCESS)
5196  reply->client_resources++;
5197 
5198  return status;
5199 }
5200 
5201 /* Simply send an IAPREFIX within the IA_PD scope as described. */
5202 static isc_result_t
5203 reply_process_send_prefix(struct reply_state *reply,
5204  struct iaddrcidrnet *pref) {
5205  isc_result_t status = ISC_R_SUCCESS;
5206  struct data_string data;
5207 
5208  memset(&data, 0, sizeof(data));
5209 
5210  /* Now append the prefix. */
5211  data.len = IAPREFIX_OFFSET;
5212  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
5213  log_error("reply_process_send_prefix: out of memory"
5214  "allocating new IAPREFIX buffer.");
5215  status = ISC_R_NOMEMORY;
5216  goto cleanup;
5217  }
5218  data.data = data.buffer->data;
5219 
5220  putULong(data.buffer->data, reply->send_prefer);
5221  putULong(data.buffer->data + 4, reply->send_valid);
5222  data.buffer->data[8] = pref->bits;
5223  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
5224 
5225  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
5226  data.buffer, data.buffer->data,
5227  data.len, D6O_IAPREFIX, 0)) {
5228  log_error("reply_process_send_prefix: unable "
5229  "to save IAPREFIX option");
5230  status = ISC_R_FAILURE;
5231  goto cleanup;
5232  }
5233 
5234  reply->resources_included = ISC_TRUE;
5235 
5236  cleanup:
5237  if (data.data != NULL)
5239 
5240  return status;
5241 }
5242 
5243 /* Choose the better of two prefixes. */
5244 static struct iasubopt *
5245 prefix_compare(struct reply_state *reply,
5246  struct iasubopt *alpha, struct iasubopt *beta) {
5247  if (alpha == NULL)
5248  return beta;
5249  if (beta == NULL)
5250  return alpha;
5251 
5252  if (reply->preflen >= 0) {
5253  if ((alpha->plen == reply->preflen) &&
5254  (beta->plen != reply->preflen))
5255  return alpha;
5256  if ((beta->plen == reply->preflen) &&
5257  (alpha->plen != reply->preflen))
5258  return beta;
5259  }
5260 
5261  switch(alpha->state) {
5262  case FTS_ACTIVE:
5263  switch(beta->state) {
5264  case FTS_ACTIVE:
5265  /* Choose the prefix with the longest lifetime (most
5266  * likely the most recently allocated).
5267  */
5268  if (alpha->hard_lifetime_end_time <
5269  beta->hard_lifetime_end_time)
5270  return beta;
5271  else
5272  return alpha;
5273 
5274  case FTS_EXPIRED:
5275  case FTS_ABANDONED:
5276  return alpha;
5277 
5278  default:
5279  log_fatal("Impossible condition at %s:%d.", MDL);
5280  }
5281  break;
5282 
5283  case FTS_EXPIRED:
5284  switch (beta->state) {
5285  case FTS_ACTIVE:
5286  return beta;
5287 
5288  case FTS_EXPIRED:
5289  /* Choose the most recently expired prefix. */
5290  if (alpha->hard_lifetime_end_time <
5291  beta->hard_lifetime_end_time)
5292  return beta;
5293  else if ((alpha->hard_lifetime_end_time ==
5294  beta->hard_lifetime_end_time) &&
5295  (alpha->soft_lifetime_end_time <
5296  beta->soft_lifetime_end_time))
5297  return beta;
5298  else
5299  return alpha;
5300 
5301  case FTS_ABANDONED:
5302  return alpha;
5303 
5304  default:
5305  log_fatal("Impossible condition at %s:%d.", MDL);
5306  }
5307  break;
5308 
5309  case FTS_ABANDONED:
5310  switch (beta->state) {
5311  case FTS_ACTIVE:
5312  case FTS_EXPIRED:
5313  return alpha;
5314 
5315  case FTS_ABANDONED:
5316  /* Choose the prefix that was abandoned longest ago. */
5317  if (alpha->hard_lifetime_end_time <
5318  beta->hard_lifetime_end_time)
5319  return alpha;
5320  else
5321  return beta;
5322 
5323  default:
5324  log_fatal("Impossible condition at %s:%d.", MDL);
5325  }
5326  break;
5327 
5328  default:
5329  log_fatal("Impossible condition at %s:%d.", MDL);
5330  }
5331 
5332  log_fatal("Triple impossible condition at %s:%d.", MDL);
5333  return NULL;
5334 }
5335 
5336 /*
5337  * Solicit is how a client starts requesting addresses.
5338  *
5339  * If the client asks for rapid commit, and we support it, we will
5340  * allocate the addresses and reply.
5341  *
5342  * Otherwise we will send an advertise message.
5343  */
5344 
5345 static void
5346 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5347  struct data_string client_id;
5348 
5349  /*
5350  * Validate our input.
5351  */
5352  if (!valid_client_msg(packet, &client_id)) {
5353  return;
5354  }
5355 
5356  lease_to_client(reply_ret, packet, &client_id, NULL);
5357 
5358  /*
5359  * Clean up.
5360  */
5361  data_string_forget(&client_id, MDL);
5362 }
5363 
5364 /*
5365  * Request is how a client actually requests addresses.
5366  *
5367  * Very similar to Solicit handling, except the server DUID is required.
5368  */
5369 
5370 static void
5371 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5372  struct data_string client_id;
5373  struct data_string server_id;
5374 
5375  /*
5376  * Validate our input.
5377  */
5378  if (!valid_client_resp(packet, &client_id, &server_id)) {
5379  return;
5380  }
5381 
5382  /* If the REQUEST arrived via unicast and unicast option isn't set,
5383  * reject it per RFC 3315, Sec 18.2.1 */
5384  if (packet->unicast == ISC_TRUE &&
5385  is_unicast_option_defined(packet) == ISC_FALSE) {
5386  unicast_reject(reply_ret, packet, &client_id, &server_id);
5387  } else {
5388  /*
5389  * Issue our lease.
5390  */
5391  lease_to_client(reply_ret, packet, &client_id, &server_id);
5392  }
5393 
5394  /*
5395  * Cleanup.
5396  */
5397  data_string_forget(&client_id, MDL);
5398  data_string_forget(&server_id, MDL);
5399 }
5400 
5401 /* Find a DHCPv6 packet's shared network from hints in the packet.
5402  */
5403 static isc_result_t
5404 shared_network_from_packet6(struct shared_network **shared,
5405  struct packet *packet)
5406 {
5407  const struct packet *chk_packet;
5408  const struct in6_addr *link_addr, *first_link_addr;
5409  struct iaddr tmp_addr;
5410  struct subnet *subnet;
5411  isc_result_t status;
5412 
5413  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5414  return DHCP_R_INVALIDARG;
5415 
5416  /*
5417  * First, find the link address where the packet from the client
5418  * first appeared (if this packet was relayed).
5419  */
5420  first_link_addr = NULL;
5421  chk_packet = packet->dhcpv6_container_packet;
5422  while (chk_packet != NULL) {
5423  link_addr = &chk_packet->dhcpv6_link_address;
5424  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5425  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5426  first_link_addr = link_addr;
5427  break;
5428  }
5429  chk_packet = chk_packet->dhcpv6_container_packet;
5430  }
5431 
5432  /*
5433  * If there is a relayed link address, find the subnet associated
5434  * with that, and use that to get the appropriate
5435  * shared_network.
5436  */
5437  if (first_link_addr != NULL) {
5438  tmp_addr.len = sizeof(*first_link_addr);
5439  memcpy(tmp_addr.iabuf,
5440  first_link_addr, sizeof(*first_link_addr));
5441  subnet = NULL;
5442  if (!find_subnet(&subnet, tmp_addr, MDL)) {
5443  log_debug("No subnet found for link-address %s.",
5444  piaddr(tmp_addr));
5445  return ISC_R_NOTFOUND;
5446  }
5447  status = shared_network_reference(shared,
5449  subnet_dereference(&subnet, MDL);
5450 
5451  /*
5452  * If there is no link address, we will use the interface
5453  * that this packet came in on to pick the shared_network.
5454  */
5455  } else if (packet->interface != NULL) {
5456  status = shared_network_reference(shared,
5458  MDL);
5459  if (packet->dhcpv6_container_packet != NULL) {
5460  log_info("[L2 Relay] No link address in relay packet "
5461  "assuming L2 relay and using receiving "
5462  "interface");
5463  }
5464 
5465  } else {
5466  /*
5467  * We shouldn't be able to get here but if there is no link
5468  * address and no interface we don't know where to get the
5469  * pool from log an error and return an error.
5470  */
5471  log_error("No interface and no link address "
5472  "can't determine pool");
5473  status = DHCP_R_INVALIDARG;
5474  }
5475 
5476  return status;
5477 }
5478 
5479 /*
5480  * When a client thinks it might be on a new link, it sends a
5481  * Confirm message.
5482  *
5483  * From RFC3315 section 18.2.2:
5484  *
5485  * When the server receives a Confirm message, the server determines
5486  * whether the addresses in the Confirm message are appropriate for the
5487  * link to which the client is attached. If all of the addresses in the
5488  * Confirm message pass this test, the server returns a status of
5489  * Success. If any of the addresses do not pass this test, the server
5490  * returns a status of NotOnLink. If the server is unable to perform
5491  * this test (for example, the server does not have information about
5492  * prefixes on the link to which the client is connected), or there were
5493  * no addresses in any of the IAs sent by the client, the server MUST
5494  * NOT send a reply to the client.
5495  */
5496 
5497 static void
5498 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5499  struct shared_network *shared;
5500  struct subnet *subnet;
5501  struct option_cache *ia, *ta, *oc;
5502  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5503  struct option_state *cli_enc_opt_state, *opt_state;
5504  struct iaddr cli_addr;
5505  int pass;
5506  isc_boolean_t inappropriate, has_addrs;
5507  char reply_data[65536];
5508  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5509  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5510 
5511  /*
5512  * Basic client message validation.
5513  */
5514  memset(&client_id, 0, sizeof(client_id));
5515  if (!valid_client_msg(packet, &client_id)) {
5516  return;
5517  }
5518 
5519  /*
5520  * Do not process Confirms that do not have IA's we do not recognize.
5521  */
5524  if ((ia == NULL) && (ta == NULL))
5525  return;
5526 
5527  /*
5528  * IA_PD's are simply ignored.
5529  */
5531 
5532  /*
5533  * Bit of variable initialization.
5534  */
5535  opt_state = cli_enc_opt_state = NULL;
5536  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5537  memset(&iaaddr, 0, sizeof(iaaddr));
5538  memset(&packet_oro, 0, sizeof(packet_oro));
5539 
5540  /* Determine what shared network the client is connected to. We
5541  * must not respond if we don't have any information about the
5542  * network the client is on.
5543  */
5544  shared = NULL;
5545  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5546  (shared == NULL))
5547  goto exit;
5548 
5549  /* If there are no recorded subnets, then we have no
5550  * information about this subnet - ignore Confirms.
5551  */
5552  subnet = shared->subnets;
5553  if (subnet == NULL)
5554  goto exit;
5555 
5556  /* Are the addresses in all the IA's appropriate for that link? */
5557  has_addrs = inappropriate = ISC_FALSE;
5558  pass = D6O_IA_NA;
5559  while(!inappropriate) {
5560  /* If we've reached the end of the IA_NA pass, move to the
5561  * IA_TA pass.
5562  */
5563  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5564  pass = D6O_IA_TA;
5565  ia = ta;
5566  }
5567 
5568  /* If we've reached the end of all passes, we're done. */
5569  if (ia == NULL)
5570  break;
5571 
5572  if (((pass == D6O_IA_NA) &&
5573  !get_encapsulated_IA_state(&cli_enc_opt_state,
5574  &cli_enc_opt_data,
5575  packet, ia, IA_NA_OFFSET)) ||
5576  ((pass == D6O_IA_TA) &&
5577  !get_encapsulated_IA_state(&cli_enc_opt_state,
5578  &cli_enc_opt_data,
5579  packet, ia, IA_TA_OFFSET))) {
5580  goto exit;
5581  }
5582 
5583  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5584  D6O_IAADDR);
5585 
5586  for ( ; oc != NULL ; oc = oc->next) {
5587  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5588  packet->options, NULL,
5589  &global_scope, oc, MDL) ||
5590  (iaaddr.len < IAADDR_OFFSET)) {
5591  log_error("dhcpv6_confirm: "
5592  "error evaluating IAADDR.");
5593  goto exit;
5594  }
5595 
5596  /* Copy out the IPv6 address for processing. */
5597  cli_addr.len = 16;
5598  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5599 
5600  data_string_forget(&iaaddr, MDL);
5601 
5602  /* Record that we've processed at least one address. */
5603  has_addrs = ISC_TRUE;
5604 
5605  /* Find out if any subnets cover this address. */
5606  for (subnet = shared->subnets ; subnet != NULL ;
5607  subnet = subnet->next_sibling) {
5608  if (addr_eq(subnet_number(cli_addr,
5609  subnet->netmask),
5610  subnet->net))
5611  break;
5612  }
5613 
5614  /* If we reach the end of the subnet list, and no
5615  * subnet matches the client address, then it must
5616  * be inappropriate to the link (so far as our
5617  * configuration says). Once we've found one
5618  * inappropriate address, there is no reason to
5619  * continue searching.
5620  */
5621  if (subnet == NULL) {
5622  inappropriate = ISC_TRUE;
5623  break;
5624  }
5625  }
5626 
5627  option_state_dereference(&cli_enc_opt_state, MDL);
5628  data_string_forget(&cli_enc_opt_data, MDL);
5629 
5630  /* Advance to the next IA_*. */
5631  ia = ia->next;
5632  }
5633 
5634  /* If the client supplied no addresses, do not reply. */
5635  if (!has_addrs)
5636  goto exit;
5637 
5638  /*
5639  * Set up reply.
5640  */
5641  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5642  goto exit;
5643  }
5644 
5645  /*
5646  * Set our status.
5647  */
5648  if (inappropriate) {
5649  if (!set_status_code(STATUS_NotOnLink,
5650  "Some of the addresses are not on link.",
5651  opt_state)) {
5652  goto exit;
5653  }
5654  } else {
5655  if (!set_status_code(STATUS_Success,
5656  "All addresses still on link.",
5657  opt_state)) {
5658  goto exit;
5659  }
5660  }
5661 
5662  /*
5663  * Only one option: add it.
5664  */
5665  reply_ofs += store_options6(reply_data+reply_ofs,
5666  sizeof(reply_data)-reply_ofs,
5667  opt_state, packet,
5668  required_opts, &packet_oro);
5669 
5670  /*
5671  * Return our reply to the caller.
5672  */
5673  reply_ret->len = reply_ofs;
5674  reply_ret->buffer = NULL;
5675  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5676  log_fatal("No memory to store reply.");
5677  }
5678  reply_ret->data = reply_ret->buffer->data;
5679  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5680 
5681 exit:
5682  /* Cleanup any stale data strings. */
5683  if (cli_enc_opt_data.buffer != NULL)
5684  data_string_forget(&cli_enc_opt_data, MDL);
5685  if (iaaddr.buffer != NULL)
5686  data_string_forget(&iaaddr, MDL);
5687  if (client_id.buffer != NULL)
5688  data_string_forget(&client_id, MDL);
5689  if (packet_oro.buffer != NULL)
5690  data_string_forget(&packet_oro, MDL);
5691 
5692  /* Release any stale option states. */
5693  if (cli_enc_opt_state != NULL)
5694  option_state_dereference(&cli_enc_opt_state, MDL);
5695  if (opt_state != NULL)
5696  option_state_dereference(&opt_state, MDL);
5697 }
5698 
5699 /*
5700  * Renew is when a client wants to extend its lease/prefix, at time T1.
5701  *
5702  * We handle this the same as if the client wants a new lease/prefix,
5703  * except for the error code of when addresses don't match.
5704  */
5705 
5706 static void
5707 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5708  struct data_string client_id;
5709  struct data_string server_id;
5710 
5711  /*
5712  * Validate the request.
5713  */
5714  if (!valid_client_resp(packet, &client_id, &server_id)) {
5715  return;
5716  }
5717 
5718  /* If the RENEW arrived via unicast and unicast option isn't set,
5719  * reject it per RFC 3315, Sec 18.2.3 */
5720  if (packet->unicast == ISC_TRUE &&
5721  is_unicast_option_defined(packet) == ISC_FALSE) {
5722  unicast_reject(reply, packet, &client_id, &server_id);
5723  } else {
5724  /*
5725  * Renew our lease.
5726  */
5727  lease_to_client(reply, packet, &client_id, &server_id);
5728  }
5729 
5730  /*
5731  * Cleanup.
5732  */
5733  data_string_forget(&server_id, MDL);
5734  data_string_forget(&client_id, MDL);
5735 }
5736 
5737 /*
5738  * Rebind is when a client wants to extend its lease, at time T2.
5739  *
5740  * We handle this the same as if the client wants a new lease, except
5741  * for the error code of when addresses don't match.
5742  */
5743 
5744 static void
5745 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5746  struct data_string client_id;
5747 
5748  if (!valid_client_msg(packet, &client_id)) {
5749  return;
5750  }
5751 
5752  lease_to_client(reply, packet, &client_id, NULL);
5753 
5754  data_string_forget(&client_id, MDL);
5755 }
5756 
5757 static void
5758 ia_na_match_decline(const struct data_string *client_id,
5759  const struct data_string *iaaddr,
5760  struct iasubopt *lease)
5761 {
5762  char tmp_addr[INET6_ADDRSTRLEN];
5763 
5764  log_error("Client %s reports address %s is "
5765  "already in use by another host!",
5766  print_hex_1(client_id->len, client_id->data, 60),
5767  inet_ntop(AF_INET6, iaaddr->data,
5768  tmp_addr, sizeof(tmp_addr)));
5769  if (lease != NULL) {
5770  decline_lease6(lease->ipv6_pool, lease);
5771  lease->ia->cltt = cur_time;
5772  write_ia(lease->ia);
5773  }
5774 }
5775 
5776 static void
5777 ia_na_nomatch_decline(const struct data_string *client_id,
5778  const struct data_string *iaaddr,
5779  u_int32_t *ia_na_id,
5780  struct packet *packet,
5781  char *reply_data,
5782  int *reply_ofs,
5783  int reply_len)
5784 {
5785  char tmp_addr[INET6_ADDRSTRLEN];
5786  struct option_state *host_opt_state;
5787  int len;
5788 
5789  log_info("Client %s declines address %s, which is not offered to it.",
5790  print_hex_1(client_id->len, client_id->data, 60),
5791  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5792 
5793  /*
5794  * Create state for this IA_NA.
5795  */
5796  host_opt_state = NULL;
5797  if (!option_state_allocate(&host_opt_state, MDL)) {
5798  log_error("ia_na_nomatch_decline: out of memory "
5799  "allocating option_state.");
5800  goto exit;
5801  }
5802 
5803  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5804  host_opt_state)) {
5805  goto exit;
5806  }
5807 
5808  /*
5809  * Insure we have enough space
5810  */
5811  if (reply_len < (*reply_ofs + 16)) {
5812  log_error("ia_na_nomatch_decline: "
5813  "out of space for reply packet.");
5814  goto exit;
5815  }
5816 
5817  /*
5818  * Put our status code into the reply packet.
5819  */
5820  len = store_options6(reply_data+(*reply_ofs)+16,
5821  reply_len-(*reply_ofs)-16,
5822  host_opt_state, packet,
5823  required_opts_STATUS_CODE, NULL);
5824 
5825  /*
5826  * Store the non-encapsulated option data for this
5827  * IA_NA into our reply packet. Defined in RFC 3315,
5828  * section 22.4.
5829  */
5830  /* option number */
5831  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5832  /* option length */
5833  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5834  /* IA_NA, copied from the client */
5835  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5836  /* t1 and t2, odd that we need them, but here it is */
5837  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5838  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5839 
5840  /*
5841  * Get ready for next IA_NA.
5842  */
5843  *reply_ofs += (len + 16);
5844 
5845 exit:
5846  option_state_dereference(&host_opt_state, MDL);
5847 }
5848 
5849 static void
5850 iterate_over_ia_na(struct data_string *reply_ret,
5851  struct packet *packet,
5852  const struct data_string *client_id,
5853  const struct data_string *server_id,
5854  const char *packet_type,
5855  void (*ia_na_match)(),
5856  void (*ia_na_nomatch)())
5857 {
5858  struct option_state *opt_state;
5859  struct host_decl *packet_host;
5860  struct option_cache *ia;
5861  struct option_cache *oc;
5862  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5863  struct data_string cli_enc_opt_data;
5864  struct option_state *cli_enc_opt_state;
5865  struct host_decl *host;
5866  struct data_string iaaddr;
5867  struct data_string fixed_addr;
5868  char reply_data[65536];
5869  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5870  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5871  char status_msg[32];
5872  struct iasubopt *lease;
5873  struct ia_xx *existing_ia_na;
5874  int i;
5875  struct data_string key;
5876  u_int32_t iaid;
5877 
5878  /*
5879  * Initialize to empty values, in case we have to exit early.
5880  */
5881  opt_state = NULL;
5882  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5883  cli_enc_opt_state = NULL;
5884  memset(&iaaddr, 0, sizeof(iaaddr));
5885  memset(&fixed_addr, 0, sizeof(fixed_addr));
5886  lease = NULL;
5887 
5888  /*
5889  * Find the host record that matches from the packet, if any.
5890  */
5891  packet_host = NULL;
5892  find_hosts6(&packet_host, packet, client_id, MDL);
5893 
5894  /*
5895  * Set our reply information.
5896  */
5897  reply->msg_type = DHCPV6_REPLY;
5899  sizeof(reply->transaction_id));
5900 
5901  /*
5902  * Build our option state for reply.
5903  */
5904  opt_state = NULL;
5905  if (!option_state_allocate(&opt_state, MDL)) {
5906  log_error("iterate_over_ia_na: no memory for option_state.");
5907  goto exit;
5908  }
5909  execute_statements_in_scope(NULL, packet, NULL, NULL,
5910  packet->options, opt_state,
5911  &global_scope, root_group, NULL, NULL);
5912 
5913  /*
5914  * RFC 3315, section 18.2.7 tells us which options to include.
5915  */
5916  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5917  if (oc == NULL) {
5918  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5919  (unsigned char *)server_duid.data,
5920  server_duid.len, D6O_SERVERID, 0)) {
5921  log_error("iterate_over_ia_na: "
5922  "error saving server identifier.");
5923  goto exit;
5924  }
5925  }
5926 
5927  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5928  client_id->buffer,
5929  (unsigned char *)client_id->data,
5930  client_id->len,
5931  D6O_CLIENTID, 0)) {
5932  log_error("iterate_over_ia_na: "
5933  "error saving client identifier.");
5934  goto exit;
5935  }
5936 
5937  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5938  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5939  goto exit;
5940  }
5941 
5942  /*
5943  * Add our options that are not associated with any IA_NA or IA_TA.
5944  */
5945  reply_ofs += store_options6(reply_data+reply_ofs,
5946  sizeof(reply_data)-reply_ofs,
5947  opt_state, packet,
5948  required_opts, NULL);
5949 
5950  /*
5951  * Loop through the IA_NA reported by the client, and deal with
5952  * addresses reported as already in use.
5953  */
5955  ia != NULL; ia = ia->next) {
5956 
5957  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5958  &cli_enc_opt_data,
5959  packet, ia, IA_NA_OFFSET)) {
5960  goto exit;
5961  }
5962 
5963  iaid = getULong(cli_enc_opt_data.data);
5964 
5965  /*
5966  * XXX: It is possible that we can get multiple addresses
5967  * sent by the client. We don't send multiple
5968  * addresses, so this indicates a client error.
5969  * We should check for multiple IAADDR options, log
5970  * if found, and set as an error.
5971  */
5972  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5973  D6O_IAADDR);
5974  if (oc == NULL) {
5975  /* no address given for this IA, ignore */
5976  option_state_dereference(&cli_enc_opt_state, MDL);
5977  data_string_forget(&cli_enc_opt_data, MDL);
5978  continue;
5979  }
5980 
5981  memset(&iaaddr, 0, sizeof(iaaddr));
5982  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5983  packet->options, NULL,
5984  &global_scope, oc, MDL)) {
5985  log_error("iterate_over_ia_na: "
5986  "error evaluating IAADDR.");
5987  goto exit;
5988  }
5989 
5990  /*
5991  * Now we need to figure out which host record matches
5992  * this IA_NA and IAADDR (encapsulated option contents
5993  * matching a host record by option).
5994  *
5995  * XXX: We don't currently track IA_NA separately, but
5996  * we will need to do this!
5997  */
5998  host = NULL;
5999  if (!find_hosts_by_option(&host, packet,
6000  cli_enc_opt_state, MDL)) {
6001  if (packet_host != NULL) {
6002  host = packet_host;
6003  } else {
6004  host = NULL;
6005  }
6006  }
6007  while (host != NULL) {
6008  if (host->fixed_addr != NULL) {
6009  if (!evaluate_option_cache(&fixed_addr, NULL,
6010  NULL, NULL, NULL,
6011  NULL, &global_scope,
6012  host->fixed_addr,
6013  MDL)) {
6014  log_error("iterate_over_ia_na: error "
6015  "evaluating host address.");
6016  goto exit;
6017  }
6018  if ((iaaddr.len >= 16) &&
6019  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
6020  data_string_forget(&fixed_addr, MDL);
6021  break;
6022  }
6023  data_string_forget(&fixed_addr, MDL);
6024  }
6025  host = host->n_ipaddr;
6026  }
6027 
6028  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
6029  /*
6030  * Find existing IA_NA.
6031  */
6032  if (ia_make_key(&key, iaid,
6033  (char *)client_id->data,
6034  client_id->len,
6035  MDL) != ISC_R_SUCCESS) {
6036  log_fatal("iterate_over_ia_na: no memory for "
6037  "key.");
6038  }
6039 
6040  existing_ia_na = NULL;
6041  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
6042  (unsigned char *)key.data,
6043  key.len, MDL)) {
6044  /*
6045  * Make sure this address is in the IA_NA.
6046  */
6047  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
6048  struct iasubopt *tmp;
6049  struct in6_addr *in6_addr;
6050 
6051  tmp = existing_ia_na->iasubopt[i];
6052  in6_addr = &tmp->addr;
6053  if (memcmp(in6_addr,
6054  iaaddr.data, 16) == 0) {
6056  tmp, MDL);
6057  break;
6058  }
6059  }
6060  }
6061 
6062  data_string_forget(&key, MDL);
6063  }
6064 
6065  if ((host != NULL) || (lease != NULL)) {
6066  ia_na_match(client_id, &iaaddr, lease);
6067  } else {
6068  ia_na_nomatch(client_id, &iaaddr,
6069  (u_int32_t *)cli_enc_opt_data.data,
6070  packet, reply_data, &reply_ofs,
6071  sizeof(reply_data));
6072  }
6073 
6074  if (lease != NULL) {
6076  }
6077 
6078  data_string_forget(&iaaddr, MDL);
6079  option_state_dereference(&cli_enc_opt_state, MDL);
6080  data_string_forget(&cli_enc_opt_data, MDL);
6081  }
6082 
6083  /*
6084  * Return our reply to the caller.
6085  */
6086  reply_ret->len = reply_ofs;
6087  reply_ret->buffer = NULL;
6088  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
6089  log_fatal("No memory to store reply.");
6090  }
6091  reply_ret->data = reply_ret->buffer->data;
6092  memcpy(reply_ret->buffer->data, reply, reply_ofs);
6093 
6094 exit:
6095  if (lease != NULL) {
6097  }
6098  if (fixed_addr.buffer != NULL) {
6099  data_string_forget(&fixed_addr, MDL);
6100  }
6101  if (iaaddr.buffer != NULL) {
6102  data_string_forget(&iaaddr, MDL);
6103  }
6104  if (cli_enc_opt_state != NULL) {
6105  option_state_dereference(&cli_enc_opt_state, MDL);
6106  }
6107  if (cli_enc_opt_data.buffer != NULL) {
6108  data_string_forget(&cli_enc_opt_data, MDL);
6109  }
6110  if (opt_state != NULL) {
6111  option_state_dereference(&opt_state, MDL);
6112  }
6113 }
6114 
6115 /*
6116  * Decline means a client has detected that something else is using an
6117  * address we gave it.
6118  *
6119  * Since we're only dealing with fixed leases for now, there's not
6120  * much we can do, other that log the occurrence.
6121  *
6122  * When we start issuing addresses from pools, then we will have to
6123  * record our declined addresses and issue another. In general with
6124  * IPv6 there is no worry about DoS by clients exhausting space, but
6125  * we still need to be aware of this possibility.
6126  */
6127 
6128 /* TODO: IA_TA */
6129 static void
6130 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
6131  struct data_string client_id;
6132  struct data_string server_id;
6133 
6134  /*
6135  * Validate our input.
6136  */
6137  if (!valid_client_resp(packet, &client_id, &server_id)) {
6138  return;
6139  }
6140 
6141  /* If the DECLINE arrived via unicast and unicast option isn't set,
6142  * reject it per RFC 3315, Sec 18.2.7 */
6143  if (packet->unicast == ISC_TRUE &&
6144  is_unicast_option_defined(packet) == ISC_FALSE) {
6145  unicast_reject(reply, packet, &client_id, &server_id);
6146  } else {
6147  /*
6148  * Undefined for IA_PD.
6149  */
6151 
6152  /*
6153  * And operate on each IA_NA in this packet.
6154  */
6155  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6156  "Decline", ia_na_match_decline,
6157  ia_na_nomatch_decline);
6158 
6159  }
6160 
6161  data_string_forget(&server_id, MDL);
6162  data_string_forget(&client_id, MDL);
6163 }
6164 
6165 static void
6166 ia_na_match_release(const struct data_string *client_id,
6167  const struct data_string *iaaddr,
6168  struct iasubopt *lease)
6169 {
6170  char tmp_addr[INET6_ADDRSTRLEN];
6171 
6172  log_info("Client %s releases address %s",
6173  print_hex_1(client_id->len, client_id->data, 60),
6174  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6175  if (lease != NULL) {
6176  release_lease6(lease->ipv6_pool, lease);
6177  lease->ia->cltt = cur_time;
6178  write_ia(lease->ia);
6179  }
6180 }
6181 
6182 static void
6183 ia_na_nomatch_release(const struct data_string *client_id,
6184  const struct data_string *iaaddr,
6185  u_int32_t *ia_na_id,
6186  struct packet *packet,
6187  char *reply_data,
6188  int *reply_ofs,
6189  int reply_len)
6190 {
6191  char tmp_addr[INET6_ADDRSTRLEN];
6192  struct option_state *host_opt_state;
6193  int len;
6194 
6195  log_info("Client %s releases address %s, which is not leased to it.",
6196  print_hex_1(client_id->len, client_id->data, 60),
6197  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
6198 
6199  /*
6200  * Create state for this IA_NA.
6201  */
6202  host_opt_state = NULL;
6203  if (!option_state_allocate(&host_opt_state, MDL)) {
6204  log_error("ia_na_nomatch_release: out of memory "
6205  "allocating option_state.");
6206  goto exit;
6207  }
6208 
6209  if (!set_status_code(STATUS_NoBinding,
6210  "Release for non-leased address.",
6211  host_opt_state)) {
6212  goto exit;
6213  }
6214 
6215  /*
6216  * Insure we have enough space
6217  */
6218  if (reply_len < (*reply_ofs + 16)) {
6219  log_error("ia_na_nomatch_release: "
6220  "out of space for reply packet.");
6221  goto exit;
6222  }
6223 
6224  /*
6225  * Put our status code into the reply packet.
6226  */
6227  len = store_options6(reply_data+(*reply_ofs)+16,
6228  reply_len-(*reply_ofs)-16,
6229  host_opt_state, packet,
6230  required_opts_STATUS_CODE, NULL);
6231 
6232  /*
6233  * Store the non-encapsulated option data for this
6234  * IA_NA into our reply packet. Defined in RFC 3315,
6235  * section 22.4.
6236  */
6237  /* option number */
6238  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
6239  /* option length */
6240  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6241  /* IA_NA, copied from the client */
6242  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
6243  /* t1 and t2, odd that we need them, but here it is */
6244  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6245  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6246 
6247  /*
6248  * Get ready for next IA_NA.
6249  */
6250  *reply_ofs += (len + 16);
6251 
6252 exit:
6253  option_state_dereference(&host_opt_state, MDL);
6254 }
6255 
6256 static void
6257 ia_pd_match_release(const struct data_string *client_id,
6258  const struct data_string *iapref,
6259  struct iasubopt *prefix)
6260 {
6261  char tmp_addr[INET6_ADDRSTRLEN];
6262 
6263  log_info("Client %s releases prefix %s/%u",
6264  print_hex_1(client_id->len, client_id->data, 60),
6265  inet_ntop(AF_INET6, iapref->data + 9,
6266  tmp_addr, sizeof(tmp_addr)),
6267  (unsigned) getUChar(iapref->data + 8));
6268  if (prefix != NULL) {
6269  release_lease6(prefix->ipv6_pool, prefix);
6270  prefix->ia->cltt = cur_time;
6271  write_ia(prefix->ia);
6272  }
6273 }
6274 
6275 static void
6276 ia_pd_nomatch_release(const struct data_string *client_id,
6277  const struct data_string *iapref,
6278  u_int32_t *ia_pd_id,
6279  struct packet *packet,
6280  char *reply_data,
6281  int *reply_ofs,
6282  int reply_len)
6283 {
6284  char tmp_addr[INET6_ADDRSTRLEN];
6285  struct option_state *host_opt_state;
6286  int len;
6287 
6288  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
6289  print_hex_1(client_id->len, client_id->data, 60),
6290  inet_ntop(AF_INET6, iapref->data + 9,
6291  tmp_addr, sizeof(tmp_addr)),
6292  (unsigned) getUChar(iapref->data + 8));
6293 
6294  /*
6295  * Create state for this IA_PD.
6296  */
6297  host_opt_state = NULL;
6298  if (!option_state_allocate(&host_opt_state, MDL)) {
6299  log_error("ia_pd_nomatch_release: out of memory "
6300  "allocating option_state.");
6301  goto exit;
6302  }
6303 
6304  if (!set_status_code(STATUS_NoBinding,
6305  "Release for non-leased prefix.",
6306  host_opt_state)) {
6307  goto exit;
6308  }
6309 
6310  /*
6311  * Insure we have enough space
6312  */
6313  if (reply_len < (*reply_ofs + 16)) {
6314  log_error("ia_pd_nomatch_release: "
6315  "out of space for reply packet.");
6316  goto exit;
6317  }
6318 
6319  /*
6320  * Put our status code into the reply packet.
6321  */
6322  len = store_options6(reply_data+(*reply_ofs)+16,
6323  reply_len-(*reply_ofs)-16,
6324  host_opt_state, packet,
6325  required_opts_STATUS_CODE, NULL);
6326 
6327  /*
6328  * Store the non-encapsulated option data for this
6329  * IA_PD into our reply packet. Defined in RFC 3315,
6330  * section 22.4.
6331  */
6332  /* option number */
6333  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6334  /* option length */
6335  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6336  /* IA_PD, copied from the client */
6337  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6338  /* t1 and t2, odd that we need them, but here it is */
6339  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6340  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6341 
6342  /*
6343  * Get ready for next IA_PD.
6344  */
6345  *reply_ofs += (len + 16);
6346 
6347 exit:
6348  option_state_dereference(&host_opt_state, MDL);
6349 }
6350 
6351 static void
6352 iterate_over_ia_pd(struct data_string *reply_ret,
6353  struct packet *packet,
6354  const struct data_string *client_id,
6355  const struct data_string *server_id,
6356  const char *packet_type,
6357  void (*ia_pd_match)(),
6358  void (*ia_pd_nomatch)())
6359 {
6360  struct data_string reply_new;
6361  int reply_len;
6362  struct option_state *opt_state;
6363  struct host_decl *packet_host;
6364  struct option_cache *ia;
6365  struct option_cache *oc;
6366  /* cli_enc_... variables come from the IA_PD options */
6367  struct data_string cli_enc_opt_data;
6368  struct option_state *cli_enc_opt_state;
6369  struct host_decl *host;
6370  struct data_string iaprefix;
6371  char reply_data[65536];
6372  int reply_ofs;
6373  struct iasubopt *prefix;
6374  struct ia_xx *existing_ia_pd;
6375  int i;
6376  struct data_string key;
6377  u_int32_t iaid;
6378 
6379  /*
6380  * Initialize to empty values, in case we have to exit early.
6381  */
6382  memset(&reply_new, 0, sizeof(reply_new));
6383  opt_state = NULL;
6384  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6385  cli_enc_opt_state = NULL;
6386  memset(&iaprefix, 0, sizeof(iaprefix));
6387  prefix = NULL;
6388 
6389  /*
6390  * Compute the available length for the reply.
6391  */
6392  reply_len = sizeof(reply_data) - reply_ret->len;
6393  reply_ofs = 0;
6394 
6395  /*
6396  * Find the host record that matches from the packet, if any.
6397  */
6398  packet_host = NULL;
6399  find_hosts6(&packet_host, packet, client_id, MDL);
6400 
6401  /*
6402  * Build our option state for reply.
6403  */
6404  opt_state = NULL;
6405  if (!option_state_allocate(&opt_state, MDL)) {
6406  log_error("iterate_over_ia_pd: no memory for option_state.");
6407  goto exit;
6408  }
6409  execute_statements_in_scope(NULL, packet, NULL, NULL,
6410  packet->options, opt_state,
6411  &global_scope, root_group, NULL, NULL);
6412 
6413  /*
6414  * Loop through the IA_PD reported by the client, and deal with
6415  * prefixes reported as already in use.
6416  */
6418  ia != NULL; ia = ia->next) {
6419 
6420  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6421  &cli_enc_opt_data,
6422  packet, ia, IA_PD_OFFSET)) {
6423  goto exit;
6424  }
6425 
6426  iaid = getULong(cli_enc_opt_data.data);
6427 
6428  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6429  D6O_IAPREFIX);
6430  if (oc == NULL) {
6431  /* no prefix given for this IA_PD, ignore */
6432  option_state_dereference(&cli_enc_opt_state, MDL);
6433  data_string_forget(&cli_enc_opt_data, MDL);
6434  continue;
6435  }
6436 
6437  for (; oc != NULL; oc = oc->next) {
6438  memset(&iaprefix, 0, sizeof(iaprefix));
6439  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6440  packet->options, NULL,
6441  &global_scope, oc, MDL)) {
6442  log_error("iterate_over_ia_pd: "
6443  "error evaluating IAPREFIX.");
6444  goto exit;
6445  }
6446 
6447  /*
6448  * Now we need to figure out which host record matches
6449  * this IA_PD and IAPREFIX (encapsulated option contents
6450  * matching a host record by option).
6451  *
6452  * XXX: We don't currently track IA_PD separately, but
6453  * we will need to do this!
6454  */
6455  host = NULL;
6456  if (!find_hosts_by_option(&host, packet,
6457  cli_enc_opt_state, MDL)) {
6458  if (packet_host != NULL) {
6459  host = packet_host;
6460  } else {
6461  host = NULL;
6462  }
6463  }
6464  while (host != NULL) {
6465  if (host->fixed_prefix != NULL) {
6466  struct iaddrcidrnetlist *l;
6467  int plen = (int) getUChar(iaprefix.data + 8);
6468 
6469  for (l = host->fixed_prefix; l != NULL;
6470  l = l->next) {
6471  if (plen != l->cidrnet.bits)
6472  continue;
6473  if (memcmp(iaprefix.data + 9,
6474  l->cidrnet.lo_addr.iabuf,
6475  16) == 0)
6476  break;
6477  }
6478  if ((l != NULL) && (iaprefix.len >= 17))
6479  break;
6480  }
6481  host = host->n_ipaddr;
6482  }
6483 
6484  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6485  /*
6486  * Find existing IA_PD.
6487  */
6488  if (ia_make_key(&key, iaid,
6489  (char *)client_id->data,
6490  client_id->len,
6491  MDL) != ISC_R_SUCCESS) {
6492  log_fatal("iterate_over_ia_pd: no memory for "
6493  "key.");
6494  }
6495 
6496  existing_ia_pd = NULL;
6497  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6498  (unsigned char *)key.data,
6499  key.len, MDL)) {
6500  /*
6501  * Make sure this prefix is in the IA_PD.
6502  */
6503  for (i = 0;
6504  i < existing_ia_pd->num_iasubopt;
6505  i++) {
6506  struct iasubopt *tmp;
6507  u_int8_t plen;
6508 
6509  plen = getUChar(iaprefix.data + 8);
6510  tmp = existing_ia_pd->iasubopt[i];
6511  if ((tmp->plen == plen) &&
6512  (memcmp(&tmp->addr,
6513  iaprefix.data + 9,
6514  16) == 0)) {
6515  iasubopt_reference(&prefix,
6516  tmp, MDL);
6517  break;
6518  }
6519  }
6520  }
6521 
6522  data_string_forget(&key, MDL);
6523  }
6524 
6525  if ((host != NULL) || (prefix != NULL)) {
6526  ia_pd_match(client_id, &iaprefix, prefix);
6527  } else {
6528  ia_pd_nomatch(client_id, &iaprefix,
6529  (u_int32_t *)cli_enc_opt_data.data,
6530  packet, reply_data, &reply_ofs,
6531  reply_len - reply_ofs);
6532  }
6533 
6534  if (prefix != NULL) {
6535  iasubopt_dereference(&prefix, MDL);
6536  }
6537 
6538  data_string_forget(&iaprefix, MDL);
6539  }
6540 
6541  option_state_dereference(&cli_enc_opt_state, MDL);
6542  data_string_forget(&cli_enc_opt_data, MDL);
6543  }
6544 
6545  /*
6546  * Return our reply to the caller.
6547  * The IA_NA routine has already filled at least the header.
6548  */
6549  reply_new.len = reply_ret->len + reply_ofs;
6550  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6551  log_fatal("No memory to store reply.");
6552  }
6553  reply_new.data = reply_new.buffer->data;
6554  memcpy(reply_new.buffer->data,
6555  reply_ret->buffer->data, reply_ret->len);
6556  memcpy(reply_new.buffer->data + reply_ret->len,
6557  reply_data, reply_ofs);
6558  data_string_forget(reply_ret, MDL);
6559  data_string_copy(reply_ret, &reply_new, MDL);
6560  data_string_forget(&reply_new, MDL);
6561 
6562 exit:
6563  if (prefix != NULL) {
6564  iasubopt_dereference(&prefix, MDL);
6565  }
6566  if (iaprefix.buffer != NULL) {
6567  data_string_forget(&iaprefix, MDL);
6568  }
6569  if (cli_enc_opt_state != NULL) {
6570  option_state_dereference(&cli_enc_opt_state, MDL);
6571  }
6572  if (cli_enc_opt_data.buffer != NULL) {
6573  data_string_forget(&cli_enc_opt_data, MDL);
6574  }
6575  if (opt_state != NULL) {
6576  option_state_dereference(&opt_state, MDL);
6577  }
6578 }
6579 
6580 /*
6581  * Release means a client is done with the leases.
6582  */
6583 
6584 static void
6585 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6586  struct data_string client_id;
6587  struct data_string server_id;
6588 
6589  /*
6590  * Validate our input.
6591  */
6592  if (!valid_client_resp(packet, &client_id, &server_id)) {
6593  return;
6594  }
6595 
6596  /* If the RELEASE arrived via unicast and unicast option isn't set,
6597  * reject it per RFC 3315, Sec 18.2.6 */
6598  if (packet->unicast == ISC_TRUE &&
6599  is_unicast_option_defined(packet) == ISC_FALSE) {
6600  unicast_reject(reply, packet, &client_id, &server_id);
6601  } else {
6602  /*
6603  * And operate on each IA_NA in this packet.
6604  */
6605  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6606  "Release", ia_na_match_release,
6607  ia_na_nomatch_release);
6608 
6609  /*
6610  * And operate on each IA_PD in this packet.
6611  */
6612  iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6613  "Release", ia_pd_match_release,
6614  ia_pd_nomatch_release);
6615  }
6616 
6617  data_string_forget(&server_id, MDL);
6618  data_string_forget(&client_id, MDL);
6619 }
6620 
6621 /*
6622  * Information-Request is used by clients who have obtained an address
6623  * from other means, but want configuration information from the server.
6624  */
6625 
6626 static void
6627 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6628  struct data_string client_id;
6629  struct data_string server_id;
6630 
6631  /*
6632  * Validate our input.
6633  */
6634  if (!valid_client_info_req(packet, &server_id)) {
6635  return;
6636  }
6637 
6638  /*
6639  * Get our client ID, if there is one.
6640  */
6641  memset(&client_id, 0, sizeof(client_id));
6642  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6643  data_string_forget(&client_id, MDL);
6644  }
6645 
6646  /*
6647  * Use the lease_to_client() function. This will work fine,
6648  * because the valid_client_info_req() insures that we
6649  * don't have any IA that would cause us to allocate
6650  * resources to the client.
6651  */
6652  lease_to_client(reply, packet, &client_id,
6653  server_id.data != NULL ? &server_id : NULL);
6654 
6655  /*
6656  * Cleanup.
6657  */
6658  if (client_id.data != NULL) {
6659  data_string_forget(&client_id, MDL);
6660  }
6661  data_string_forget(&server_id, MDL);
6662 }
6663 
6664 /*
6665  * The Relay-forw message is sent by relays. It typically contains a
6666  * single option, which encapsulates an entire packet.
6667  *
6668  * We need to build an encapsulated reply.
6669  */
6670 
6671 /* XXX: this is very, very similar to do_packet6(), and should probably
6672  be combined in a clever way */
6673 /* DHCPv6 server side */
6674 static void
6675 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6676  struct option_cache *oc;
6677  struct data_string enc_opt_data;
6678  struct packet *enc_packet;
6679  unsigned char msg_type;
6680  const struct dhcpv6_packet *msg;
6681  const struct dhcpv6_relay_packet *relay;
6682  struct data_string enc_reply;
6683  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6684  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6685  struct data_string a_opt, packet_ero;
6686  struct option_state *opt_state;
6687  static char reply_data[65536];
6688  struct dhcpv6_relay_packet *reply;
6689  int reply_ofs;
6690 
6691  /*
6692  * Initialize variables for early exit.
6693  */
6694  opt_state = NULL;
6695  memset(&a_opt, 0, sizeof(a_opt));
6696  memset(&packet_ero, 0, sizeof(packet_ero));
6697  memset(&enc_reply, 0, sizeof(enc_reply));
6698  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6699  enc_packet = NULL;
6700 
6701  /*
6702  * Get our encapsulated relay message.
6703  */
6705  if (oc == NULL) {
6706  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6707  link_addr, sizeof(link_addr));
6708  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6709  peer_addr, sizeof(peer_addr));
6710  log_info("Relay-forward from %s with link address=%s and "
6711  "peer address=%s missing Relay Message option.",
6712  piaddr(packet->client_addr), link_addr, peer_addr);
6713  goto exit;
6714  }
6715 
6716  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6717  NULL, NULL, &global_scope, oc, MDL)) {
6718  /* should be dhcpv6_relay_forw */
6719  log_error("dhcpv6_forw_relay: error evaluating "
6720  "relayed message.");
6721  goto exit;
6722  }
6723 
6724  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6725  /* should be dhcpv6_relay_forw */
6726  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6727  goto exit;
6728  }
6729 
6730  /*
6731  * Build a packet structure from this encapsulated packet.
6732  */
6733  enc_packet = NULL;
6734  if (!packet_allocate(&enc_packet, MDL)) {
6735  /* should be dhcpv6_relay_forw */
6736  log_error("dhcpv6_forw_relay: "
6737  "no memory for encapsulated packet.");
6738  goto exit;
6739  }
6740 
6741  if (!option_state_allocate(&enc_packet->options, MDL)) {
6742  /* should be dhcpv6_relay_forw */
6743  log_error("dhcpv6_forw_relay: "
6744  "no memory for encapsulated packet's options.");
6745  goto exit;
6746  }
6747 
6748  enc_packet->client_port = packet->client_port;
6749  enc_packet->client_addr = packet->client_addr;
6750  interface_reference(&enc_packet->interface, packet->interface, MDL);
6751  enc_packet->dhcpv6_container_packet = packet;
6752 
6753  msg_type = enc_opt_data.data[0];
6754  if ((msg_type == DHCPV6_RELAY_FORW) ||
6755  (msg_type == DHCPV6_RELAY_REPL)) {
6756  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6757  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6758  enc_packet->dhcpv6_msg_type = relay->msg_type;
6759 
6760  /* relay-specific data */
6761  enc_packet->dhcpv6_hop_count = relay->hop_count;
6762  memcpy(&enc_packet->dhcpv6_link_address,
6763  relay->link_address, sizeof(relay->link_address));
6764  memcpy(&enc_packet->dhcpv6_peer_address,
6765  relay->peer_address, sizeof(relay->peer_address));
6766 
6767  if (!parse_option_buffer(enc_packet->options,
6768  relay->options,
6769  enc_opt_data.len - relaylen,
6770  &dhcpv6_universe)) {
6771  /* no logging here, as parse_option_buffer() logs all
6772  cases where it fails */
6773  goto exit;
6774  }
6775  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6777 #ifdef DHCP4o6
6778  if (!dhcpv4_over_dhcpv6 ||
6780  log_error("dhcpv6_relay_forw: "
6781  "unsupported %s message type.",
6783  goto exit;
6784  }
6785  forw_dhcpv4_query(packet);
6786  goto exit;
6787 #else /* DHCP4o6 */
6788  log_error("dhcpv6_relay_forw: unsupported %s message type.",
6790  goto exit;
6791 #endif /* DHCP4o6 */
6792  } else {
6793  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6794  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6795  enc_packet->dhcpv6_msg_type = msg->msg_type;
6796 
6797  /* message-specific data */
6798  memcpy(enc_packet->dhcpv6_transaction_id,
6799  msg->transaction_id,
6800  sizeof(enc_packet->dhcpv6_transaction_id));
6801 
6802  if (!parse_option_buffer(enc_packet->options,
6803  msg->options,
6804  enc_opt_data.len - msglen,
6805  &dhcpv6_universe)) {
6806  /* no logging here, as parse_option_buffer() logs all
6807  cases where it fails */
6808  goto exit;
6809  }
6810  }
6811 
6812  /*
6813  * This is recursive. It is possible to exceed maximum packet size.
6814  * XXX: This will cause the packet send to fail.
6815  */
6816  build_dhcpv6_reply(&enc_reply, enc_packet);
6817 
6818  /*
6819  * If we got no encapsulated data, then it is discarded, and
6820  * our reply-forw is also discarded.
6821  */
6822  if (enc_reply.data == NULL) {
6823  goto exit;
6824  }
6825 
6826  /*
6827  * Now we can use the reply_data buffer.
6828  * Packet header stuff all comes from the forward message.
6829  */
6830  reply = (struct dhcpv6_relay_packet *)reply_data;
6831  reply->msg_type = DHCPV6_RELAY_REPL;
6832  reply->hop_count = packet->dhcpv6_hop_count;
6833  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6834  sizeof(reply->link_address));
6835  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6836  sizeof(reply->peer_address));
6837  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6838 
6839  /*
6840  * Get the reply option state.
6841  */
6842  opt_state = NULL;
6843  if (!option_state_allocate(&opt_state, MDL)) {
6844  log_error("dhcpv6_relay_forw: no memory for option state.");
6845  goto exit;
6846  }
6847 
6848  /*
6849  * Append the interface-id if present.
6850  */
6853  if (oc != NULL) {
6854  if (!evaluate_option_cache(&a_opt, packet,
6855  NULL, NULL,
6856  packet->options, NULL,
6857  &global_scope, oc, MDL)) {
6858  log_error("dhcpv6_relay_forw: error evaluating "
6859  "Interface ID.");
6860  goto exit;
6861  }
6862  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6863  (unsigned char *)a_opt.data,
6864  a_opt.len,
6865  D6O_INTERFACE_ID, 0)) {
6866  log_error("dhcpv6_relay_forw: error saving "
6867  "Interface ID.");
6868  goto exit;
6869  }
6870  data_string_forget(&a_opt, MDL);
6871  }
6872 
6873 #if defined(RELAY_PORT)
6874  /*
6875  * Append the relay_source_port option if present.
6876  */
6879  if (oc != NULL) {
6880  if (!evaluate_option_cache(&a_opt, packet,
6881  NULL, NULL,
6882  packet->options, NULL,
6883  &global_scope, oc, MDL)) {
6884  log_error("dhcpv6_relay_forw: error evaluating "
6885  "Relay Source Port.");
6886  goto exit;
6887  }
6888  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6889  (unsigned char *)a_opt.data,
6890  a_opt.len,
6891  D6O_RELAY_SOURCE_PORT, 0)) {
6892  log_error("dhcpv6_relay_forw: error saving "
6893  "Relay Source Port.");
6894  goto exit;
6895  }
6896  data_string_forget(&a_opt, MDL);
6897 
6899  }
6900 #endif
6901 
6902  /*
6903  * Append our encapsulated stuff for caller.
6904  */
6905  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6906  (unsigned char *)enc_reply.data,
6907  enc_reply.len,
6908  D6O_RELAY_MSG, 0)) {
6909  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6910  goto exit;
6911  }
6912 
6913  /*
6914  * Get the ERO if any.
6915  */
6917  if (oc != NULL) {
6918  unsigned req;
6919  int i;
6920 
6921  if (!evaluate_option_cache(&packet_ero, packet,
6922  NULL, NULL,
6923  packet->options, NULL,
6924  &global_scope, oc, MDL) ||
6925  (packet_ero.len & 1)) {
6926  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6927  goto exit;
6928  }
6929 
6930  /* Decode and apply the ERO. */
6931  for (i = 0; i < packet_ero.len; i += 2) {
6932  req = getUShort(packet_ero.data + i);
6933  /* Already in the reply? */
6934  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6935  if (oc != NULL)
6936  continue;
6937  /* Get it from the packet if present. */
6939  packet->options,
6940  req);
6941  if (oc == NULL)
6942  continue;
6943  if (!evaluate_option_cache(&a_opt, packet,
6944  NULL, NULL,
6945  packet->options, NULL,
6946  &global_scope, oc, MDL)) {
6947  log_error("dhcpv6_relay_forw: error "
6948  "evaluating option %u.", req);
6949  goto exit;
6950  }
6952  opt_state,
6953  NULL,
6954  (unsigned char *)a_opt.data,
6955  a_opt.len,
6956  req,
6957  0)) {
6958  log_error("dhcpv6_relay_forw: error saving "
6959  "option %u.", req);
6960  goto exit;
6961  }
6962  data_string_forget(&a_opt, MDL);
6963  }
6964  }
6965 
6966  reply_ofs += store_options6(reply_data + reply_ofs,
6967  sizeof(reply_data) - reply_ofs,
6968  opt_state, packet,
6969  required_opts_agent, &packet_ero);
6970 
6971  /*
6972  * Return our reply to the caller.
6973  */
6974  reply_ret->len = reply_ofs;
6975  reply_ret->buffer = NULL;
6976  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6977  log_fatal("No memory to store reply.");
6978  }
6979  reply_ret->data = reply_ret->buffer->data;
6980  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6981 
6982 exit:
6983  if (opt_state != NULL)
6984  option_state_dereference(&opt_state, MDL);
6985  if (a_opt.data != NULL) {
6986  data_string_forget(&a_opt, MDL);
6987  }
6988  if (packet_ero.data != NULL) {
6989  data_string_forget(&packet_ero, MDL);
6990  }
6991  if (enc_reply.data != NULL) {
6992  data_string_forget(&enc_reply, MDL);
6993  }
6994  if (enc_opt_data.data != NULL) {
6995  data_string_forget(&enc_opt_data, MDL);
6996  }
6997  if (enc_packet != NULL) {
6998  packet_dereference(&enc_packet, MDL);
6999  }
7000 }
7001 
7002 #ifdef DHCP4o6
7003 /* \brief Internal processing of a relayed DHCPv4-query
7004  * (DHCPv4 server side)
7005  *
7006  * Code copied from \ref dhcpv6_relay_forw() which itself is
7007  * from \ref do_packet6().
7008  *
7009  * \param reply_ret pointer to the response
7010  * \param packet the query
7011  */
7012 static void
7013 dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
7014  struct option_cache *oc;
7015  struct data_string enc_opt_data;
7016  struct packet *enc_packet;
7017  unsigned char msg_type;
7018  const struct dhcpv6_relay_packet *relay;
7019  const struct dhcpv4_over_dhcpv6_packet *msg;
7020  struct data_string enc_reply;
7021  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7022  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
7023  struct data_string a_opt, packet_ero;
7024  struct option_state *opt_state;
7025  static char reply_data[65536];
7026  struct dhcpv6_relay_packet *reply;
7027  int reply_ofs;
7028 
7029  /*
7030  * Initialize variables for early exit.
7031  */
7032  opt_state = NULL;
7033  memset(&a_opt, 0, sizeof(a_opt));
7034  memset(&packet_ero, 0, sizeof(packet_ero));
7035  memset(&enc_reply, 0, sizeof(enc_reply));
7036  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7037  enc_packet = NULL;
7038 
7039  /*
7040  * Get our encapsulated relay message.
7041  */
7043  if (oc == NULL) {
7044  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
7045  link_addr, sizeof(link_addr));
7046  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
7047  peer_addr, sizeof(peer_addr));
7048  log_info("Relay-forward from %s with link address=%s and "
7049  "peer address=%s missing Relay Message option.",
7050  piaddr(packet->client_addr), link_addr, peer_addr);
7051  goto exit;
7052  }
7053 
7054  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7055  NULL, NULL, &global_scope, oc, MDL)) {
7056  log_error("dhcp4o6_relay_forw: error evaluating "
7057  "relayed message.");
7058  goto exit;
7059  }
7060 
7061  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
7062  log_error("dhcp4o6_relay_forw: "
7063  "encapsulated packet too short.");
7064  goto exit;
7065  }
7066 
7067  /*
7068  * Build a packet structure from this encapsulated packet.
7069  */
7070  if (!packet_allocate(&enc_packet, MDL)) {
7071  log_error("dhcp4o6_relay_forw: "
7072  "no memory for encapsulated packet.");
7073  goto exit;
7074  }
7075 
7076  if (!option_state_allocate(&enc_packet->options, MDL)) {
7077  log_error("dhcp4o6_relay_forw: "
7078  "no memory for encapsulated packet's options.");
7079  goto exit;
7080  }
7081 
7082  enc_packet->client_port = packet->client_port;
7083  enc_packet->client_addr = packet->client_addr;
7084  interface_reference(&enc_packet->interface, packet->interface, MDL);
7085  enc_packet->dhcpv6_container_packet = packet;
7086 
7087  msg_type = enc_opt_data.data[0];
7088  if ((msg_type == DHCPV6_RELAY_FORW) ||
7089  (msg_type == DHCPV6_RELAY_REPL)) {
7090  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
7091  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
7092  enc_packet->dhcpv6_msg_type = relay->msg_type;
7093 
7094  /* relay-specific data */
7095  enc_packet->dhcpv6_hop_count = relay->hop_count;
7096  memcpy(&enc_packet->dhcpv6_link_address,
7097  relay->link_address, sizeof(relay->link_address));
7098  memcpy(&enc_packet->dhcpv6_peer_address,
7099  relay->peer_address, sizeof(relay->peer_address));
7100 
7101  if (!parse_option_buffer(enc_packet->options,
7102  relay->options,
7103  enc_opt_data.len - relaylen,
7104  &dhcpv6_universe)) {
7105  /* no logging here, as parse_option_buffer() logs all
7106  cases where it fails */
7107  goto exit;
7108  }
7109  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7111  int msglen =
7112  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7113  msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
7114  enc_packet->dhcpv6_msg_type = msg->msg_type;
7115 
7116  /* message-specific data */
7117  memcpy(enc_packet->dhcp4o6_flags,
7118  msg->flags,
7119  sizeof(enc_packet->dhcp4o6_flags));
7120 
7121  if (!parse_option_buffer(enc_packet->options,
7122  msg->options,
7123  enc_opt_data.len - msglen,
7124  &dhcpv6_universe)) {
7125  /* no logging here, as parse_option_buffer() logs all
7126  cases where it fails */
7127  goto exit;
7128  }
7129  } else {
7130  log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
7131  (int)msg_type);
7132  goto exit;
7133  }
7134 
7135  /*
7136  * This is recursive. It is possible to exceed maximum packet size.
7137  * XXX: This will cause the packet send to fail.
7138  */
7139  build_dhcpv6_reply(&enc_reply, enc_packet);
7140 
7141  /*
7142  * If we got no encapsulated data, then it is discarded, and
7143  * our reply-forw is also discarded.
7144  */
7145  if (enc_reply.data == NULL) {
7146  goto exit;
7147  }
7148 
7149  /*
7150  * Now we can use the reply_data buffer.
7151  * Packet header stuff all comes from the forward message.
7152  */
7153  reply = (struct dhcpv6_relay_packet *)reply_data;
7154  reply->msg_type = DHCPV6_RELAY_REPL;
7155  reply->hop_count = packet->dhcpv6_hop_count;
7156  memcpy(reply->link_address, &packet->dhcpv6_link_address,
7157  sizeof(reply->link_address));
7158  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
7159  sizeof(reply->peer_address));
7160  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
7161 
7162  /*
7163  * Get the reply option state.
7164  */
7165  if (!option_state_allocate(&opt_state, MDL)) {
7166  log_error("dhcp4o6_relay_forw: no memory for option state.");
7167  goto exit;
7168  }
7169 
7170  /*
7171  * Append the interface-id if present.
7172  */
7175  if (oc != NULL) {
7176  if (!evaluate_option_cache(&a_opt, packet,
7177  NULL, NULL,
7178  packet->options, NULL,
7179  &global_scope, oc, MDL)) {
7180  log_error("dhcp4o6_relay_forw: error evaluating "
7181  "Interface ID.");
7182  goto exit;
7183  }
7184  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7185  (unsigned char *)a_opt.data,
7186  a_opt.len,
7187  D6O_INTERFACE_ID, 0)) {
7188  log_error("dhcp4o6_relay_forw: error saving "
7189  "Interface ID.");
7190  goto exit;
7191  }
7192  data_string_forget(&a_opt, MDL);
7193  }
7194 
7195 #if defined(RELAY_PORT)
7196  /*
7197  * Append the relay_source_port option if present.
7198  */
7201  if (oc != NULL) {
7202  if (!evaluate_option_cache(&a_opt, packet,
7203  NULL, NULL,
7204  packet->options, NULL,
7205  &global_scope, oc, MDL)) {
7206  log_error("dhcpv4o6_relay_forw: error evaluating "
7207  "Relay Source Port.");
7208  goto exit;
7209  }
7210  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7211  (unsigned char *)a_opt.data,
7212  a_opt.len,
7213  D6O_RELAY_SOURCE_PORT, 0)) {
7214  log_error("dhcpv4o6_relay_forw: error saving "
7215  "Relay Source Port.");
7216  goto exit;
7217  }
7218  data_string_forget(&a_opt, MDL);
7219 
7221  }
7222 #endif
7223 
7224  /*
7225  * Append our encapsulated stuff for caller.
7226  */
7227  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7228  (unsigned char *)enc_reply.data,
7229  enc_reply.len,
7230  D6O_RELAY_MSG, 0)) {
7231  log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
7232  goto exit;
7233  }
7234 
7235  /*
7236  * Get the ERO if any.
7237  */
7239  if (oc != NULL) {
7240  unsigned req;
7241  int i;
7242 
7243  if (!evaluate_option_cache(&packet_ero, packet,
7244  NULL, NULL,
7245  packet->options, NULL,
7246  &global_scope, oc, MDL) ||
7247  (packet_ero.len & 1)) {
7248  log_error("dhcp4o6_relay_forw: error evaluating ERO.");
7249  goto exit;
7250  }
7251 
7252  /* Decode and apply the ERO. */
7253  for (i = 0; i < packet_ero.len; i += 2) {
7254  req = getUShort(packet_ero.data + i);
7255  /* Already in the reply? */
7256  oc = lookup_option(&dhcpv6_universe, opt_state, req);
7257  if (oc != NULL)
7258  continue;
7259  /* Get it from the packet if present. */
7261  packet->options,
7262  req);
7263  if (oc == NULL)
7264  continue;
7265  if (!evaluate_option_cache(&a_opt, packet,
7266  NULL, NULL,
7267  packet->options, NULL,
7268  &global_scope, oc, MDL)) {
7269  log_error("dhcp4o6_relay_forw: error "
7270  "evaluating option %u.", req);
7271  goto exit;
7272  }
7274  opt_state,
7275  NULL,
7276  (unsigned char *)a_opt.data,
7277  a_opt.len,
7278  req,
7279  0)) {
7280  log_error("dhcp4o6_relay_forw: error saving "
7281  "option %u.", req);
7282  goto exit;
7283  }
7284  data_string_forget(&a_opt, MDL);
7285  }
7286  }
7287 
7288  reply_ofs += store_options6(reply_data + reply_ofs,
7289  sizeof(reply_data) - reply_ofs,
7290  opt_state, packet,
7291  required_opts_agent, &packet_ero);
7292 
7293  /*
7294  * Return our reply to the caller.
7295  */
7296  reply_ret->len = reply_ofs;
7297  reply_ret->buffer = NULL;
7298  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7299  log_fatal("No memory to store reply.");
7300  }
7301  reply_ret->data = reply_ret->buffer->data;
7302  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
7303 
7304 exit:
7305  if (opt_state != NULL)
7306  option_state_dereference(&opt_state, MDL);
7307  if (a_opt.data != NULL) {
7308  data_string_forget(&a_opt, MDL);
7309  }
7310  if (packet_ero.data != NULL) {
7311  data_string_forget(&packet_ero, MDL);
7312  }
7313  if (enc_reply.data != NULL) {
7314  data_string_forget(&enc_reply, MDL);
7315  }
7316  if (enc_opt_data.data != NULL) {
7317  data_string_forget(&enc_opt_data, MDL);
7318  }
7319  if (enc_packet != NULL) {
7320  packet_dereference(&enc_packet, MDL);
7321  }
7322 }
7323 
7324 /*
7325  * \brief Internal processing of a DHCPv4-query
7326  * (DHCPv4 server function)
7327  *
7328  * Code copied from \ref do_packet().
7329  *
7330  * \param reply_ret pointer to the response
7331  * \param packet the query
7332  */
7333 static void
7334 dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
7335  struct option_cache *oc;
7336  struct data_string enc_opt_data;
7337  struct packet *enc_packet;
7338  struct data_string enc_response;
7339  struct option_state *opt_state;
7340  static char response_data[65536];
7341  struct dhcpv4_over_dhcpv6_packet *response;
7342  int response_ofs;
7343 
7344  /*
7345  * Initialize variables for early exit.
7346  */
7347  opt_state = NULL;
7348  memset(&enc_response, 0, sizeof(enc_response));
7349  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
7350  enc_packet = NULL;
7351 
7352  /*
7353  * Get our encapsulated relay message.
7354  */
7356  if (oc == NULL) {
7357  log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
7359  goto exit;
7360  }
7361 
7362  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
7363  NULL, NULL, &global_scope, oc, MDL)) {
7364  log_error("dhcp4o6_dhcpv4_query: error evaluating "
7365  "DHCPv4 message.");
7366  goto exit;
7367  }
7368 
7369  if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
7370  log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
7371  goto exit;
7372  }
7373 
7374  /*
7375  * Build a packet structure from this encapsulated packet.
7376  */
7377  if (!packet_allocate(&enc_packet, MDL)) {
7378  log_error("dhcp4o6_dhcpv4_query: "
7379  "no memory for encapsulated packet.");
7380  goto exit;
7381  }
7382 
7383  enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7384  enc_packet->packet_length = enc_opt_data.len;
7385  enc_packet->dhcp4o6_response = &enc_response;
7386  enc_packet->client_port = packet->client_port;
7387  enc_packet->client_addr = packet->client_addr;
7388  interface_reference(&enc_packet->interface, packet->interface, MDL);
7389  enc_packet->dhcpv6_container_packet = packet;
7391  enc_packet->unicast = 1;
7392 
7393  if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7394  log_info("dhcp4o6_dhcpv4_query: "
7395  "discarding packet with bogus hlen.");
7396  goto exit;
7397  }
7398 
7399  /* Allocate packet->options now so it is non-null for all packets */
7400  if (!option_state_allocate (&enc_packet->options, MDL)) {
7401  log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7402  goto exit;
7403  }
7404 
7405  /* If there's an option buffer, try to parse it. */
7406  if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7407  struct option_cache *op;
7408  if (!parse_options(enc_packet)) {
7409  if (enc_packet->options)
7411  (&enc_packet->options, MDL);
7412  packet_dereference (&enc_packet, MDL);
7413  goto exit;
7414  }
7415 
7416  if (enc_packet->options_valid &&
7418  enc_packet->options,
7420  struct data_string dp;
7421  memset(&dp, 0, sizeof dp);
7422  evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7423  enc_packet->options, NULL,
7424  NULL, op, MDL);
7425  if (dp.len > 0)
7426  enc_packet->packet_type = dp.data[0];
7427  else
7428  enc_packet->packet_type = 0;
7429  data_string_forget(&dp, MDL);
7430  }
7431  }
7432 
7433  if (validate_packet(enc_packet) != 0) {
7434  if (enc_packet->packet_type)
7435  dhcp(enc_packet);
7436  else
7437  bootp(enc_packet);
7438  }
7439 
7440  /* If the caller kept the packet, they'll have upped the refcnt. */
7441  packet_dereference(&enc_packet, MDL);
7442 
7443  /*
7444  * If we got no response data, then it is discarded, and
7445  * our DHCPv4-response is also discarded.
7446  */
7447  if (enc_response.data == NULL) {
7448  goto exit;
7449  }
7450 
7451  /*
7452  * Now we can use the response_data buffer.
7453  */
7454  response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7455  response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7456  response->flags[0] = response->flags[1] = response->flags[2] = 0;
7457  response_ofs =
7458  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7459 
7460  /*
7461  * Get the response option state.
7462  */
7463  if (!option_state_allocate(&opt_state, MDL)) {
7464  log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7465  goto exit;
7466  }
7467 
7468  /*
7469  * Append our encapsulated stuff for caller.
7470  */
7471  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7472  (unsigned char *)enc_response.data,
7473  enc_response.len,
7474  D6O_DHCPV4_MSG, 0)) {
7475  log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7476  goto exit;
7477  }
7478 
7479  response_ofs += store_options6(response_data + response_ofs,
7480  sizeof(response_data) - response_ofs,
7481  opt_state, packet,
7482  required_opts_4o6, NULL);
7483 
7484  /*
7485  * Return our response to the caller.
7486  */
7487  reply_ret->len = response_ofs;
7488  reply_ret->buffer = NULL;
7489  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7490  log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7491  }
7492  reply_ret->data = reply_ret->buffer->data;
7493  memcpy(reply_ret->buffer->data, response_data, response_ofs);
7494 
7495 exit:
7496  if (opt_state != NULL)
7497  option_state_dereference(&opt_state, MDL);
7498  if (enc_response.data != NULL) {
7499  data_string_forget(&enc_response, MDL);
7500  }
7501  if (enc_opt_data.data != NULL) {
7502  data_string_forget(&enc_opt_data, MDL);
7503  }
7504  if (enc_packet != NULL) {
7505  packet_dereference(&enc_packet, MDL);
7506  }
7507 }
7508 
7509 /*
7510  * \brief Forward a DHCPv4-query message to the DHCPv4 side
7511  * (DHCPv6 server function)
7512  *
7513  * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7514  *
7515  * \brief packet the DHCPv6 DHCPv4-query message
7516  */
7517 static void forw_dhcpv4_query(struct packet *packet) {
7518  struct data_string ds;
7519  struct udp_data4o6 udp_data;
7520  unsigned len;
7521  int cc;
7522 
7523  /* Get the initial message. */
7524  while (packet->dhcpv6_container_packet != NULL)
7526 
7527  /* Check the initial message. */
7528  if ((packet->raw == NULL) ||
7529  (packet->client_addr.len != 16) ||
7530  (packet->interface == NULL)) {
7531  log_error("forw_dhcpv4_query: can't find initial message.");
7532  return;
7533  }
7534 
7535  /* Get a buffer. */
7536  len = packet->packet_length + 36;
7537  memset(&ds, 0, sizeof(ds));
7538  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7539  log_error("forw_dhcpv4_query: "
7540  "no memory for encapsulating packet.");
7541  return;
7542  }
7543  ds.data = ds.buffer->data;
7544  ds.len = len;
7545 
7546  /* Fill the buffer. */
7547  strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7548  memcpy(ds.buffer->data + 16,
7549  packet->client_addr.iabuf, 16);
7550  memset(&udp_data, 0, sizeof(udp_data));
7551  udp_data.src_port = packet->client_port;
7552  memcpy(ds.buffer->data + 32, &udp_data, 4);
7553  memcpy(ds.buffer->data + 36,
7554  (unsigned char *)packet->raw,
7556 
7557  /* Forward to the DHCPv4 server. */
7558  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7559  if (cc < 0)
7560  log_error("forw_dhcpv4_query: send(): %m");
7561  data_string_forget(&ds, MDL);
7562 }
7563 #endif
7564 
7565 static void
7566 dhcpv6_discard(struct packet *packet) {
7567  /* INSIST(packet->msg_type > 0); */
7568  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7569 
7570  log_debug("Discarding %s from %s; message type not handled by server",
7573 }
7574 
7575 static void
7576 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7577  memset(reply, 0, sizeof(*reply));
7578 
7579  /* I would like to classify the client once here, but
7580  * as I don't want to classify all of the incoming packets
7581  * I need to do it before handling specific types.
7582  * We don't need to classify if we are tossing the packet
7583  * or if it is a relay - the classification step will get
7584  * done when we process the inner client packet.
7585  */
7586 
7587  switch (packet->dhcpv6_msg_type) {
7588  case DHCPV6_SOLICIT:
7590  dhcpv6_solicit(reply, packet);
7591  break;
7592  case DHCPV6_ADVERTISE:
7593  dhcpv6_discard(packet);
7594  break;
7595  case DHCPV6_REQUEST:
7597  dhcpv6_request(reply, packet);
7598  break;
7599  case DHCPV6_CONFIRM:
7601  dhcpv6_confirm(reply, packet);
7602  break;
7603  case DHCPV6_RENEW:
7605  dhcpv6_renew(reply, packet);
7606  break;
7607  case DHCPV6_REBIND:
7609  dhcpv6_rebind(reply, packet);
7610  break;
7611  case DHCPV6_REPLY:
7612  dhcpv6_discard(packet);
7613  break;
7614  case DHCPV6_RELEASE:
7616  dhcpv6_release(reply, packet);
7617  break;
7618  case DHCPV6_DECLINE:
7620  dhcpv6_decline(reply, packet);
7621  break;
7622  case DHCPV6_RECONFIGURE:
7623  dhcpv6_discard(packet);
7624  break;
7627  dhcpv6_information_request(reply, packet);
7628  break;
7629  case DHCPV6_RELAY_FORW:
7630 #ifdef DHCP4o6
7631  if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7632  dhcp4o6_relay_forw(reply, packet);
7633  else
7634 #endif /* DHCP4o6 */
7635  dhcpv6_relay_forw(reply, packet);
7636  break;
7637  case DHCPV6_RELAY_REPL:
7638  dhcpv6_discard(packet);
7639  break;
7640  case DHCPV6_LEASEQUERY:
7642  dhcpv6_leasequery(reply, packet);
7643  break;
7645  dhcpv6_discard(packet);
7646  break;
7647  case DHCPV6_DHCPV4_QUERY:
7648 #ifdef DHCP4o6
7649  if (dhcpv4_over_dhcpv6) {
7650  if (local_family == AF_INET6) {
7651  forw_dhcpv4_query(packet);
7652  } else {
7653  dhcp4o6_dhcpv4_query(reply, packet);
7654  }
7655  } else
7656 #endif /* DHCP4o6 */
7657  dhcpv6_discard(packet);
7658  break;
7660  dhcpv6_discard(packet);
7661  break;
7662  default:
7663  /* XXX: would be nice if we had "notice" level,
7664  as syslog, for this */
7665  log_info("Discarding unknown DHCPv6 message type %d "
7666  "from %s", packet->dhcpv6_msg_type,
7668  }
7669 }
7670 
7671 static void
7672 log_packet_in(const struct packet *packet) {
7673  struct data_string s;
7674  u_int32_t tid;
7675  char tmp_addr[INET6_ADDRSTRLEN];
7676  const void *addr;
7677 
7678  memset(&s, 0, sizeof(s));
7679 
7681  data_string_sprintfa(&s, "%s message from %s port %d",
7684  ntohs(packet->client_port));
7685  } else {
7687  "Unknown message type %d from %s port %d",
7690  ntohs(packet->client_port));
7691  }
7694  addr = &packet->dhcpv6_link_address;
7695  data_string_sprintfa(&s, ", link address %s",
7696  inet_ntop(AF_INET6, addr,
7697  tmp_addr, sizeof(tmp_addr)));
7698  addr = &packet->dhcpv6_peer_address;
7699  data_string_sprintfa(&s, ", peer address %s",
7700  inet_ntop(AF_INET6, addr,
7701  tmp_addr, sizeof(tmp_addr)));
7702  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7704  tid = 0;
7705  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7706  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7707 
7708 /*
7709  oc = lookup_option(&dhcpv6_universe, packet->options,
7710  D6O_CLIENTID);
7711  if (oc != NULL) {
7712  memset(&tmp_ds, 0, sizeof(tmp_ds_));
7713  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7714  packet->options, NULL,
7715  &global_scope, oc, MDL)) {
7716  log_error("Error evaluating Client Identifier");
7717  } else {
7718  data_strint_sprintf(&s, ", client ID %s",
7719 
7720  data_string_forget(&tmp_ds, MDL);
7721  }
7722  }
7723 */
7724 
7725  }
7726  log_info("%s", s.data);
7727 
7728  data_string_forget(&s, MDL);
7729 }
7730 
7731 void
7732 dhcpv6(struct packet *packet) {
7733  struct data_string reply;
7734  struct sockaddr_in6 to_addr;
7735  int send_ret;
7736 
7737  /*
7738  * Log a message that we received this packet.
7739  */
7740  log_packet_in(packet);
7741 
7742  /*
7743  * Build our reply packet.
7744  */
7745  build_dhcpv6_reply(&reply, packet);
7746 
7747  if (reply.data != NULL) {
7748  /*
7749  * Send our reply, if we have one.
7750  */
7751  memset(&to_addr, 0, sizeof(to_addr));
7752  to_addr.sin6_family = AF_INET6;
7755  to_addr.sin6_port = local_port;
7756  } else {
7757  to_addr.sin6_port = remote_port;
7758  }
7759 
7760 #if defined (REPLY_TO_SOURCE_PORT)
7761  /*
7762  * This appears to have been included for testing so we would
7763  * not need a root client, but was accidently left in the
7764  * final code. We continue to include it in case
7765  * some users have come to rely upon it, but leave
7766  * it off by default as it's a bad idea.
7767  */
7768  to_addr.sin6_port = packet->client_port;
7769 #endif
7770 
7771 #if defined(RELAY_PORT)
7772  /*
7773  * Check relay source port.
7774  */
7775  if (packet->relay_source_port) {
7776  to_addr.sin6_port = packet->client_port;
7777  }
7778 #endif
7779 
7780  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7781  sizeof(to_addr.sin6_addr));
7782 
7783  log_info("Sending %s to %s port %d",
7784  dhcpv6_type_names[reply.data[0]],
7786  ntohs(to_addr.sin6_port));
7787 
7788  send_ret = send_packet6(packet->interface,
7789  reply.data, reply.len, &to_addr);
7790  if (send_ret != reply.len) {
7791  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7792  send_ret, reply.len);
7793  }
7794  data_string_forget(&reply, MDL);
7795  }
7796 }
7797 
7798 #ifdef DHCP4o6
7799 /*
7800  * \brief Receive a DHCPv4-query message from the DHCPv6 side
7801  * (DHCPv4 server function)
7802  *
7803  * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7804  * (code copied from \ref do_packet6() \ref and dhcpv6())
7805  *
7806  * Format: interface:16 + address:16 + udp:4 + DHCPv6 DHCPv4-query message
7807  *
7808  * \param raw the DHCPv6 DHCPv4-query message raw content
7809  */
7810 static void recv_dhcpv4_query(struct data_string *raw) {
7811  struct interface_info *ip;
7812  char name[16 + 1];
7813  struct iaddr iaddr;
7814  struct packet *packet;
7815  unsigned char msg_type;
7816  const struct dhcpv6_relay_packet *relay;
7817  const struct dhcpv4_over_dhcpv6_packet *msg;
7818  struct data_string reply;
7819  struct data_string ds;
7820  struct udp_data4o6 udp_data;
7821  unsigned len;
7822  int cc;
7823 
7824  memset(name, 0, sizeof(name));
7825  memcpy(name, raw->data, 16);
7826  for (ip = interfaces; ip != NULL; ip = ip->next) {
7827  if (!strcmp(name, ip->name))
7828  break;
7829  }
7830  if (ip == NULL) {
7831  log_error("recv_dhcpv4_query: can't find interface %s.",
7832  name);
7833  return;
7834  }
7835 
7836  iaddr.len = 16;
7837  memcpy(iaddr.iabuf, raw->data + 16, 16);
7838 
7839  memset(&udp_data, 0, sizeof(udp_data));
7840  memcpy(&udp_data, raw->data + 32, 4);
7841 
7842  /*
7843  * From do_packet6().
7844  */
7845 
7846  if (!packet6_len_okay((char *)raw->data + 36, raw->len - 36)) {
7847  log_error("recv_dhcpv4_query: "
7848  "short packet from %s, len %d, dropped",
7849  piaddr(iaddr), raw->len - 36);
7850  return;
7851  }
7852 
7853  /*
7854  * Build a packet structure.
7855  */
7856  packet = NULL;
7857  if (!packet_allocate(&packet, MDL)) {
7858  log_error("recv_dhcpv4_query: no memory for packet.");
7859  return;
7860  }
7861 
7863  log_error("recv_dhcpv4_query: no memory for options.");
7865  return;
7866  }
7867 
7868  packet->raw = (struct dhcp_packet *)(raw->data + 36);
7869  packet->packet_length = raw->len - 36;
7870  packet->client_port = udp_data.src_port;
7872  interface_reference(&packet->interface, ip, MDL);
7873 
7874  msg_type = raw->data[36];
7875  if ((msg_type == DHCPV6_RELAY_FORW) ||
7876  (msg_type == DHCPV6_RELAY_REPL)) {
7877  int relaylen =
7878  (int)(offsetof(struct dhcpv6_relay_packet, options));
7879  relay = (const struct dhcpv6_relay_packet *)(raw->data + 36);
7880  packet->dhcpv6_msg_type = relay->msg_type;
7881 
7882  /* relay-specific data */
7883  packet->dhcpv6_hop_count = relay->hop_count;
7884  memcpy(&packet->dhcpv6_link_address,
7885  relay->link_address, sizeof(relay->link_address));
7886  memcpy(&packet->dhcpv6_peer_address,
7887  relay->peer_address, sizeof(relay->peer_address));
7888 
7890  relay->options,
7891  raw->len - 36 - relaylen,
7892  &dhcpv6_universe)) {
7893  /* no logging here, as parse_option_buffer() logs all
7894  cases where it fails */
7896  return;
7897  }
7898  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7900  int msglen =
7901  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7902  msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 36);
7904 
7905  /* message-specific data */
7906  memcpy(packet->dhcp4o6_flags, msg->flags,
7907  sizeof(packet->dhcp4o6_flags));
7908 
7910  msg->options,
7911  raw->len - 36 - msglen,
7912  &dhcpv6_universe)) {
7913  /* no logging here, as parse_option_buffer() logs all
7914  cases where it fails */
7916  return;
7917  }
7918  } else {
7919  log_error("recv_dhcpv4_query: unexpected message of type %d.",
7920  (int)msg_type);
7922  return;
7923  }
7924 
7925  /*
7926  * From dhcpv6().
7927  */
7928 
7929  /*
7930  * Log a message that we received this packet.
7931  */
7932  /* log_packet_in(packet); */
7933  memset(&ds, 0, sizeof(ds));
7935  data_string_sprintfa(&ds, "%s message from %s",
7938  } else {
7940  "Unknown message type %d from %s",
7943  }
7946  char tmp_addr[INET6_ADDRSTRLEN];
7947  const void *addr;
7948 
7949  addr = &packet->dhcpv6_link_address;
7950  data_string_sprintfa(&ds, ", link address %s",
7951  inet_ntop(AF_INET6, addr,
7952  tmp_addr, sizeof(tmp_addr)));
7953  addr = &packet->dhcpv6_peer_address;
7954  data_string_sprintfa(&ds, ", peer address %s",
7955  inet_ntop(AF_INET6, addr,
7956  tmp_addr, sizeof(tmp_addr)));
7957  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7959  u_int32_t tid = 0;
7960 
7961  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7962  data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7963  }
7964  log_info("%s", ds.data);
7965  data_string_forget(&ds, MDL);
7966 
7967  /*
7968  * Build our reply packet.
7969  */
7970  build_dhcpv6_reply(&reply, packet);
7971 
7972  if (reply.data == NULL) {
7974  return;
7975  }
7976 
7977  /*
7978  * Forward the response.
7979  */
7980  len = reply.len + 36;
7981  memset(&ds, 0, sizeof(ds));
7982  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7983  log_error("recv_dhcpv4_query: no memory.");
7985  return;
7986  }
7987  ds.data = ds.buffer->data;
7988  ds.len = len;
7989 
7990  memcpy(ds.buffer->data, name, 16);
7991  memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7992  udp_data.rsp_opt_exist = packet->relay_source_port ? 1 : 0;
7993  memcpy(ds.buffer->data + 32, &udp_data, 4);
7994  memcpy(ds.buffer->data + 36, reply.data, reply.len);
7995 
7996  /*
7997  * Now we can release the packet.
7998  */
8000 
8001  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
8002  if (cc < 0)
8003  log_error("recv_dhcpv4_query: send(): %m");
8004  data_string_forget(&ds, MDL);
8005 }
8006 #endif /* DHCP4o6 */
8007 
8008 static void
8009 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
8010  struct host_decl *nofixed = NULL;
8011  struct host_decl *seek, *hold = NULL;
8012 
8013  /*
8014  * Seek forward through fixed addresses for the right link.
8015  *
8016  * Note: how to do this for fixed prefixes???
8017  */
8018  host_reference(&hold, *hp, MDL);
8019  host_dereference(hp, MDL);
8020  seek = hold;
8021  while (seek != NULL) {
8022  if (seek->fixed_addr == NULL)
8023  nofixed = seek;
8024  else if (fixed_matches_shared(seek, shared))
8025  break;
8026 
8027  seek = seek->n_ipaddr;
8028  }
8029 
8030  if ((seek == NULL) && (nofixed != NULL))
8031  seek = nofixed;
8032 
8033  if (seek != NULL)
8034  host_reference(hp, seek, MDL);
8035 }
8036 
8037 static isc_boolean_t
8038 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
8039  struct subnet *subnet;
8040  struct data_string addr;
8041  isc_boolean_t matched;
8042  struct iaddr fixed;
8043 
8044  if (host->fixed_addr == NULL)
8045  return ISC_FALSE;
8046 
8047  memset(&addr, 0, sizeof(addr));
8048  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
8049  &global_scope, host->fixed_addr, MDL))
8050  return ISC_FALSE;
8051 
8052  if (addr.len < 16) {
8053  data_string_forget(&addr, MDL);
8054  return ISC_FALSE;
8055  }
8056 
8057  fixed.len = 16;
8058  memcpy(fixed.iabuf, addr.data, 16);
8059 
8060  matched = ISC_FALSE;
8061  for (subnet = shared->subnets ; subnet != NULL ;
8062  subnet = subnet->next_sibling) {
8063  if (addr_eq(subnet_number(fixed, subnet->netmask),
8064  subnet->net)) {
8065  matched = ISC_TRUE;
8066  break;
8067  }
8068  }
8069 
8070  data_string_forget(&addr, MDL);
8071  return matched;
8072 }
8073 
8090 void
8091 unicast_reject(struct data_string *reply_ret,
8092  struct packet *packet,
8093  const struct data_string *client_id,
8094  const struct data_string *server_id)
8095 {
8096  struct reply_state reply;
8097  memset(&reply, 0x0, sizeof(struct reply_state));
8098 
8099  /* Locate the client. */
8100  if (shared_network_from_packet6(&reply.shared, packet)
8101  != ISC_R_SUCCESS) {
8102  log_error("unicast_reject: could not locate client.");
8103  return;
8104  }
8105 
8106  /* Initialize the reply. */
8107  packet_reference(&reply.packet, packet, MDL);
8108  data_string_copy(&reply.client_id, client_id, MDL);
8109 
8110  if (start_reply(packet, client_id, server_id, &reply.opt_state,
8111  &reply.buf.reply)) {
8112  /* Set the UseMulticast status code. */
8113  if (!set_status_code(STATUS_UseMulticast,
8114  "Unicast not allowed by server.",
8115  reply.opt_state)) {
8116  log_error("unicast_reject: Unable to set status code.");
8117  } else {
8118  /* Set write cursor to just past the reply header. */
8119  reply.cursor = REPLY_OPTIONS_INDEX;
8120  reply.cursor += store_options6(((char *)reply.buf.data
8121  + reply.cursor),
8122  (sizeof(reply.buf)
8123  - reply.cursor),
8124  reply.opt_state,
8125  reply.packet,
8126  unicast_reject_opts,
8127  NULL);
8128 
8129  /* Return our reply to the caller. */
8130  reply_ret->len = reply.cursor;
8131  reply_ret->buffer = NULL;
8132  if (!buffer_allocate(&reply_ret->buffer,
8133  reply.cursor, MDL)) {
8134  log_fatal("unicast_reject:"
8135  "No memory to store Reply.");
8136  }
8137 
8138  memcpy(reply_ret->buffer->data, reply.buf.data,
8139  reply.cursor);
8140  reply_ret->data = reply_ret->buffer->data;
8141  }
8142 
8143  }
8144 
8145  /* Cleanup. */
8146  if (reply.shared != NULL)
8147  shared_network_dereference(&reply.shared, MDL);
8148  if (reply.opt_state != NULL)
8149  option_state_dereference(&reply.opt_state, MDL);
8150  if (reply.packet != NULL)
8151  packet_dereference(&reply.packet, MDL);
8152  if (reply.client_id.data != NULL)
8153  data_string_forget(&reply.client_id, MDL);
8154 }
8155 
8175 is_unicast_option_defined(struct packet *packet) {
8176  isc_boolean_t is_defined = ISC_FALSE;
8177  struct option_state *opt_state = NULL;
8178  struct option_cache *oc = NULL;
8179  struct shared_network *shared = NULL;
8180 
8181  if (!option_state_allocate(&opt_state, MDL)) {
8182  log_fatal("is_unicast_option_defined:"
8183  "No memory for option state.");
8184  }
8185 
8186  /* We try to map the packet to a network first by an IA_XX value.
8187  * If that fails, we try by packet source. */
8188  if (((shared_network_from_requested_addr(&shared, packet)
8189  != ISC_R_SUCCESS) &&
8190  (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
8191  || (shared == NULL)) {
8192  /* @todo what would this really mean? I think wrong network
8193  * logic will catch it */
8194  log_error("is_unicast_option_defined:"
8195  "cannot attribute packet to a network.");
8196  return (ISC_FALSE);
8197  }
8198 
8199  /* Now that we've mapped it to a network, execute statments to that
8200  * scope, looking for the unicast option. We don't care about the
8201  * value of the option, only whether or not it is defined. */
8202  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
8203  &global_scope, shared->group, NULL, NULL);
8204 
8205  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
8206  is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
8207  log_debug("is_unicast_option_defined: option found : %d", is_defined);
8208 
8209  if (shared != NULL) {
8210  shared_network_dereference(&shared, MDL);
8211  }
8212 
8213  if (opt_state != NULL) {
8214  option_state_dereference(&opt_state, MDL);
8215  }
8216 
8217  return (is_defined);
8218 }
8219 
8235 static isc_result_t
8236 shared_network_from_requested_addr (struct shared_network **shared,
8237  struct packet* packet) {
8238  struct iaddr iaddr;
8239  struct subnet* subnet = NULL;
8240  isc_result_t status = ISC_R_FAILURE;
8241 
8242  /* Try to match first IA_ address or prefix we find to a subnet. In
8243  * theory all IA_ values in a given request are supposed to be in the
8244  * same subnet so we only need to try one right? */
8245  if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
8246  && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
8247  != ISC_R_SUCCESS)
8248  && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
8249  != ISC_R_SUCCESS)) {
8250  /* we found nothing to match against */
8251  log_debug("share_network_from_request_addr: nothing to match");
8252  return (ISC_R_FAILURE);
8253  }
8254 
8255  if (!find_subnet(&subnet, iaddr, MDL)) {
8256  log_debug("shared_network_from_requested_addr:"
8257  "No subnet found for addr %s.", piaddr(iaddr));
8258  } else {
8259  status = shared_network_reference(shared,
8261  subnet_dereference(&subnet, MDL);
8262  log_debug("shared_network_from_requested_addr:"
8263  " found shared network %s for address %s.",
8264  ((*shared)->name ? (*shared)->name : "unnamed"),
8265  piaddr(iaddr));
8266  return (status);
8267  }
8268 
8269  return (ISC_R_FAILURE);
8270 }
8271 
8290 static isc_result_t
8291 get_first_ia_addr_val (struct packet* packet, int addr_type,
8292  struct iaddr* iaddr) {
8293  struct option_cache *ia;
8294  struct option_cache *oc = NULL;
8295  struct data_string cli_enc_opt_data;
8296  struct option_state *cli_enc_opt_state;
8297  int addr_opt_offset;
8298  int addr_opt;
8299  int addr_opt_data_len;
8300  int ip_addr_offset;
8301 
8302  isc_result_t status = ISC_R_FAILURE;
8303  memset(iaddr, 0, sizeof(struct iaddr));
8304 
8305  /* Set up address type specifics */
8306  switch (addr_type) {
8307  case D6O_IA_NA:
8308  addr_opt_offset = IA_NA_OFFSET;
8309  addr_opt = D6O_IAADDR;
8310  addr_opt_data_len = 24;
8311  ip_addr_offset = 0;
8312  break;
8313  case D6O_IA_TA:
8314  addr_opt_offset = IA_TA_OFFSET;
8315  addr_opt = D6O_IAADDR;
8316  addr_opt_data_len = 24;
8317  ip_addr_offset = 0;
8318  break;
8319  case D6O_IA_PD:
8320  addr_opt_offset = IA_PD_OFFSET;
8321  addr_opt = D6O_IAPREFIX;
8322  addr_opt_data_len = 25;
8323  ip_addr_offset = 9;
8324  break;
8325  default:
8326  /* shouldn't be here */
8327  log_error ("get_first_ia_addr_val: invalid opt type %d",
8328  addr_type);
8329  return (ISC_R_FAILURE);
8330  }
8331 
8332  /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
8333  for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
8334  ia != NULL && oc == NULL; ia = ia->next) {
8335  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
8336  &cli_enc_opt_data,
8337  packet, ia, addr_opt_offset)) {
8338  log_debug ("get_first_ia_addr_val:"
8339  " couldn't unroll enclosing option");
8340  return (ISC_R_FAILURE);
8341  }
8342 
8343  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
8344  addr_opt);
8345  if (oc == NULL) {
8346  /* no address given for this IA, ignore */
8347  option_state_dereference(&cli_enc_opt_state, MDL);
8348  data_string_forget(&cli_enc_opt_data, MDL);
8349  }
8350  }
8351 
8352  /* If we found a non-blank IA_XX then extract its ip address. */
8353  if (oc != NULL) {
8354  struct data_string iaddr_str;
8355 
8356  memset(&iaddr_str, 0, sizeof(iaddr_str));
8357  if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
8358  packet->options, NULL, &global_scope,
8359  oc, MDL)) {
8360  log_error("get_first_ia_addr_val: "
8361  "error evaluating IA_XX option.");
8362  } else {
8363  if (iaddr_str.len != addr_opt_data_len) {
8364  log_error("shared_network_from_requested_addr:"
8365  " invalid length %d, expected %d",
8366  iaddr_str.len, addr_opt_data_len);
8367  } else {
8368  iaddr->len = 16;
8369  memcpy (iaddr->iabuf,
8370  iaddr_str.data + ip_addr_offset, 16);
8371  status = ISC_R_SUCCESS;
8372  }
8373  data_string_forget(&iaddr_str, MDL);
8374  }
8375 
8376  option_state_dereference(&cli_enc_opt_state, MDL);
8377  data_string_forget(&cli_enc_opt_data, MDL);
8378  }
8379 
8380  return (status);
8381 }
8382 
8383 /*
8384 * \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
8385 *
8386 * T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
8387 * options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
8388 * where these can be configured by an administrator. A value of zero tells the
8389 * client it may choose its own value.
8390 *
8391 * When those options are not defined, the values will be set to zero unless
8392 * the global option, dhcpv6-set-tee-times is enabled. When this option is
8393 * enabled the values are calculated as recommended by RFC 3315, Section 22.4:
8394 *
8395 * T1 will be set to 0.5 times the shortest preferred lifetime
8396 * in the IA_XX option. If the "shortest" preferred lifetime is
8397 * 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
8398 *
8399 * T2 will be set to 0.8 times the shortest preferred lifetime
8400 * in the IA_XX option. If the "shortest" preferred lifetime is
8401 * 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
8402 *
8403 * Note that dhcpv6-set-tee-times is intended to be transitional and will
8404 * likely be removed in 4.4.0, leaving the behavior as getting the values
8405 * either from the configured parameters (if you want zeros, define them as
8406 * zeros) or by calculating them per the RFC.
8407 *
8408 * \param reply - pointer to the reply_state structure
8409 * \param ia_cursor - offset of the beginning of the IA_XX option within the
8410 * reply's outbound data buffer
8411 */
8412 static void
8413 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8414 {
8415  struct option_cache *oc;
8416  int set_tee_times;
8417 
8418  /* Found out if calculated values are enabled. */
8419  oc = lookup_option(&server_universe, reply->opt_state,
8421  set_tee_times = (oc &&
8422  evaluate_boolean_option_cache(NULL, reply->packet,
8423  NULL, NULL,
8424  reply->packet->options,
8425  reply->opt_state,
8426  &global_scope, oc, MDL));
8427 
8428  oc = lookup_option(&dhcp_universe, reply->opt_state,
8430  if (oc != NULL) {
8431  /* dhcp-renewal-time is defined, use it */
8432  struct data_string data;
8433  memset(&data, 0x00, sizeof(data));
8434 
8435  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8436  reply->packet->options,
8437  reply->opt_state, &global_scope,
8438  oc, MDL) ||
8439  (data.len != 4)) {
8440  log_error("Invalid renewal time.");
8441  reply->renew = 0;
8442  } else {
8443  reply->renew = getULong(data.data);
8444  }
8445 
8446  if (data.data != NULL)
8448  } else if (set_tee_times) {
8449  /* Setting them is enabled so T1 is either infinite or
8450  * 0.5 * the shortest preferred lifetime in the IA_XX */
8451  if (reply->min_prefer == INFINITE_TIME)
8452  reply->renew = INFINITE_TIME;
8453  else
8454  reply->renew = reply->min_prefer / 2;
8455  } else {
8456  /* Default is to let the client choose */
8457  reply->renew = 0;
8458  }
8459 
8460  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8461 
8462  /* Now T2. */
8463  oc = lookup_option(&dhcp_universe, reply->opt_state,
8465  if (oc != NULL) {
8466  /* dhcp-rebinding-time is defined, use it */
8467  struct data_string data;
8468  memset(&data, 0x00, sizeof(data));
8469 
8470  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8471  reply->packet->options,
8472  reply->opt_state, &global_scope,
8473  oc, MDL) ||
8474  (data.len != 4)) {
8475  log_error("Invalid rebinding time.");
8476  reply->rebind = 0;
8477  } else {
8478  reply->rebind = getULong(data.data);
8479  }
8480 
8481  if (data.data != NULL)
8483  } else if (set_tee_times) {
8484  /* Setting them is enabled so T2 is either infinite or
8485  * 0.8 * the shortest preferred lifetime in the reply */
8486  if (reply->min_prefer == INFINITE_TIME)
8487  reply->rebind = INFINITE_TIME;
8488  else
8489  reply->rebind = (reply->min_prefer / 5) * 4;
8490  } else {
8491  /* Default is to let the client choose */
8492  reply->rebind = 0;
8493  }
8494 
8495  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8496 }
8497 
8498 /*
8499  * Releases the iasubopts in the pre-existing IA, if they are not in
8500  * the same shared-network as the new IA.
8501  *
8502  * returns 1 if the release was done, 0 otherwise
8503  */
8504 int
8505 release_on_roam(struct reply_state* reply) {
8506  struct ia_xx* old_ia = reply->old_ia;
8507  struct iasubopt *lease = NULL;
8508  int i;
8509 
8510  if ((!do_release_on_roam) || old_ia == NULL
8511  || old_ia->num_iasubopt <= 0) {
8512  return(0);
8513  }
8514 
8515  /* If the old shared-network and new are the same, client hasn't
8516  * roamed, nothing to do. We only check the first one because you
8517  * cannot have iasubopts on different shared-networks within a
8518  * single ia. */
8519  lease = old_ia->iasubopt[0];
8520  if (lease->ipv6_pool->shared_network == reply->shared) {
8521  return (0);
8522  }
8523 
8524  /* Old and new are on different shared networks so the client must
8525  * roamed. Release the old leases. */
8526  for (i = 0; i < old_ia->num_iasubopt; i++) {
8527  lease = old_ia->iasubopt[i];
8528 
8529  log_info("Client: %s roamed to new network,"
8530  " releasing lease: %s%s",
8531  print_hex_1(reply->client_id.len,
8532  reply->client_id.data, 60),
8533  pin6_addr(&lease->addr), iasubopt_plen_str(lease));
8534 
8535  release_lease6(lease->ipv6_pool, lease);
8536  lease->ia->cltt = cur_time;
8537  write_ia(lease->ia);
8538  }
8539 
8540  return (1);
8541 }
8542 
8543 /*
8544  * Convenience function which returns a string (static buffer)
8545  * containing either a "/" followed by the prefix length or an
8546  * empty string depending on the lease type
8547  */
8548 const char *iasubopt_plen_str(struct iasubopt *lease) {
8549  static char prefix_buf[16];
8550  *prefix_buf = 0;
8551  if ((lease->ia) && (lease->ia->ia_type == D6O_IA_PD)) {
8552  sprintf(prefix_buf, "/%-d", lease->plen);
8553  }
8554 
8555  return (prefix_buf);
8556 }
8557 
8558 #ifdef NSUPDATE
8559 /*
8560  * Initiates DDNS updates for static v6 leases if configured to do so.
8561  *
8562  * The function, which must be called after the IA has been written to the
8563  * packet, adds an iasubopt to the IA for static lease. This is done so we
8564  * have an iasubopt to pass into ddns_updates(). A reference to the IA is
8565  * added to the DDNS control block to ensure it and it's iasubopt remain in
8566  * scope until the update is complete.
8567  *
8568  */
8569 void ddns_update_static6(struct reply_state* reply) {
8570  struct iasubopt *iasub = NULL;
8571  struct binding_scope *scope = NULL;
8572  struct option_cache *oc = NULL;
8573 
8574  oc = lookup_option(&server_universe, reply->opt_state, SV_DDNS_UPDATES);
8575  if ((oc != NULL) &&
8576  (evaluate_boolean_option_cache(NULL, reply->packet, NULL, NULL,
8577  reply->packet->options,
8578  reply->opt_state, NULL,
8579  oc, MDL) == 0)) {
8580  return;
8581  }
8582 
8583  oc = lookup_option(&server_universe, reply->opt_state,
8585  if ((oc == NULL) ||
8586  (evaluate_boolean_option_cache(NULL, reply->packet,
8587  NULL, NULL,
8588  reply->packet->options,
8589  reply->opt_state, NULL,
8590  oc, MDL) == 0)) {
8591  return;
8592  }
8593 
8594  if (iasubopt_allocate(&iasub, MDL) != ISC_R_SUCCESS) {
8595  log_fatal("No memory for iasubopt.");
8596  }
8597 
8598  if (ia_add_iasubopt(reply->ia, iasub, MDL) != ISC_R_SUCCESS) {
8599  log_fatal("Could not add iasubopt.");
8600  }
8601 
8602  ia_reference(&iasub->ia, reply->ia, MDL);
8603 
8604  memcpy(iasub->addr.s6_addr, reply->fixed.data, 16);
8605  iasub->plen = 0;
8606  iasub->prefer = MAX_TIME;
8607  iasub->valid = MAX_TIME;
8608  iasub->static_lease = 1;
8609 
8610  if (!binding_scope_allocate(&scope, MDL)) {
8611  log_fatal("Out of memory for binding scope.");
8612  }
8613 
8614  binding_scope_reference(&iasub->scope, scope, MDL);
8615 
8616  ddns_updates(reply->packet, NULL, NULL, iasub, NULL, reply->opt_state);
8617 }
8618 #endif /* NSUPDATE */
8619 
8620 #endif /* DHCPv6 */
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:679
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1339
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:846
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:911
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1053
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1081
int binding_scope_reference(struct binding_scope **ptr, struct binding_scope *bp, const char *file, int line)
Definition: alloc.c:1227
int binding_scope_allocate(struct binding_scope **ptr, const char *file, int line)
Definition: alloc.c:1194
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1323
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1015
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2906
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2503
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2569
int parse_options(struct packet *packet)
Definition: options.c:49
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2545
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2358
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:1048
int packet6_len_okay(const char *packet, int len)
Definition: options.c:4135
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:119
int validate_packet(struct packet *packet)
Definition: options.c:4538
u_int32_t getUShort(const unsigned char *)
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
u_int32_t getULong(const unsigned char *)
u_int32_t getUChar(const unsigned char *)
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
isc_boolean_t
Definition: data.h:150
#define ISC_TRUE
Definition: data.h:153
#define ISC_FALSE
Definition: data.h:152
void bootp(struct packet *packet)
Definition: dhclient.c:2256
void dhcp(struct packet *packet)
Definition: dhclient.c:2289
u_int16_t remote_port
Definition: discover.c:49
u_int16_t local_port
Definition: discover.c:48
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1567
#define DHCPV6_DECLINE
Definition: dhcp6.h:148
#define D6O_RELAY_MSG
Definition: dhcp6.h:38
#define IASUBOPT_NA_PREF_OFFSET
Definition: dhcp6.h:287
#define D6O_CLIENTID
Definition: dhcp6.h:30
#define D6O_IAPREFIX
Definition: dhcp6.h:55
#define D6O_STATUS_CODE
Definition: dhcp6.h:42
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:152
#define D6O_IAADDR
Definition: dhcp6.h:34
#define DHCPV6_RENEW
Definition: dhcp6.h:144
#define D6O_RELAY_SOURCE_PORT
Definition: dhcp6.h:119
#define IASUBOPT_PD_PREFLEN_OFFSET
Definition: dhcp6.h:294
#define DHCPV6_REQUEST
Definition: dhcp6.h:142
#define DHCP4O6_QUERY_UNICAST
Definition: dhcp6.h:256
#define DHCPV6_REPLY
Definition: dhcp6.h:146
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:151
#define DHCPV6_CONFIRM
Definition: dhcp6.h:143
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:49
#define STATUS_Success
Definition: dhcp6.h:124
#define IASUBOPT_NA_VALID_OFFSET
Definition: dhcp6.h:288
#define D6O_ERO
Definition: dhcp6.h:72
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:43
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:234
#define D6O_SERVERID
Definition: dhcp6.h:31
#define D6O_DHCPV4_MSG
Definition: dhcp6.h:116
#define IAID_LEN
Definition: dhcp6.h:283
#define D6O_IA_PD
Definition: dhcp6.h:54
#define IASUBOPT_PD_PREF_OFFSET
Definition: dhcp6.h:292
#define IASUBOPT_NA_LEN
Definition: dhcp6.h:289
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:153
#define DUID_LL
Definition: dhcp6.h:169
#define DHCPV6_DHCPV4_QUERY
Definition: dhcp6.h:159
#define IA_NA_OFFSET
Definition: dhcp6.h:173
#define IASUBOPT_PD_PREFIX_OFFSET
Definition: dhcp6.h:295
#define IASUBOPT_NA_ADDR_OFFSET
Definition: dhcp6.h:286
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:150
#define IASUBOPT_PD_LEN
Definition: dhcp6.h:296
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:126
#define IAADDR_OFFSET
Definition: dhcp6.h:178
#define DUID_TIME_EPOCH
Definition: dhcp6.h:275
#define DUID_LLT
Definition: dhcp6.h:167
#define IA_PD_OFFSET
Definition: dhcp6.h:175
#define IAPREFIX_OFFSET
Definition: dhcp6.h:181
#define D6O_ORO
Definition: dhcp6.h:35
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:149
#define D6O_INTERFACE_ID
Definition: dhcp6.h:47
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:141
#define D6O_UNICAST
Definition: dhcp6.h:41
#define DHCPV6_REBIND
Definition: dhcp6.h:145
#define DHCPV6_RELEASE
Definition: dhcp6.h:147
#define STATUS_UseMulticast
Definition: dhcp6.h:129
#define STATUS_NotOnLink
Definition: dhcp6.h:128
#define D6O_IA_TA
Definition: dhcp6.h:33
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:130
#define D6O_IA_NA
Definition: dhcp6.h:32
#define IA_TA_OFFSET
Definition: dhcp6.h:174
#define IASUBOPT_PD_VALID_OFFSET
Definition: dhcp6.h:293
#define DHCPV6_SOLICIT
Definition: dhcp6.h:140
#define STATUS_NoBinding
Definition: dhcp6.h:127
#define DHCPV6_DHCPV4_RESPONSE
Definition: dhcp6.h:160
#define D6O_PREFERENCE
Definition: dhcp6.h:36
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:154
#define HTYPE_RESERVED
Definition: dhcp.h:81
#define DHCP_FIXED_NON_UDP
Definition: dhcp.h:36
#define DHO_DHCP_MESSAGE_TYPE
Definition: dhcp.h:142
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:147
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:148
#define SV_UPDATE_STATIC_LEASES
Definition: dhcpd.h:753
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:858
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:439
#define SV_DHCPV6_SET_TEE_TIMES
Definition: dhcpd.h:807
#define DEFAULT_CACHE_THRESHOLD
Definition: dhcpd.h:854
void dhcpv6_leasequery(struct data_string *, struct packet *)
#define FIND_POND6_PERCENT(count, percent)
Definition: dhcpd.h:3923
#define PLM_PREFER
Definition: dhcpd.h:889
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2273
isc_result_t get_client_id(struct packet *, struct data_string *)
ia_hash_t * ia_na_active
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:802
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:234
isc_result_t generate_new_server_duid(void)
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2640
struct timeval cur_tv
Definition: dispatch.c:35
int find_hosts6(struct host_decl **host, struct packet *packet, const struct data_string *client_id, char *file, int line)
Definition: mdb6.c:3015
ia_hash_t * ia_ta_active
const char * pin6_addr(const struct in6_addr *)
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1776
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1554
void set_server_duid(struct data_string *new_duid)
#define MAX_TIME
Definition: dhcpd.h:1631
void copy_server_duid(struct data_string *ds, const char *file, int line)
int do_release_on_roam
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:339
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:2165
#define cur_time
Definition: dhcpd.h:2126
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:767
#define PLM_MINIMUM
Definition: dhcpd.h:891
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1894
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:953
void set_server_duid_type(int type)
int prefix_length_mode
#define SV_CACHE_THRESHOLD
Definition: dhcpd.h:797
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:184
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int commit_leases_timed(void)
Definition: db.c:1064
#define PLM_IGNORE
Definition: dhcpd.h:888
struct universe server_universe
Definition: stables.c:176
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:403
struct universe dhcp_universe
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:766
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:311
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1526
#define PLM_EXACT
Definition: dhcpd.h:890
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1032
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:660
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1625
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:803
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1801
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2639
ia_hash_t * ia_pd_active
#define FTS_ACTIVE
Definition: dhcpd.h:538
isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type, const struct in6_addr *addr)
Definition: mdb6.c:2291
const char int line
Definition: dhcpd.h:3802
int write_ia(const struct ia_xx *)
Definition: db.c:518
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
isc_boolean_t server_duid_isset(void)
void classify_client(struct packet *)
Definition: class.c:55
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:261
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1983
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:763
#define PLM_MAXIMUM
Definition: dhcpd.h:892
#define INFINITE_TIME
Definition: dhcpd.h:1630
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1416
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:5178
void dhcpv6(struct packet *)
#define FTS_ABANDONED
Definition: dhcpd.h:541
#define SV_DDNS_UPDATES
Definition: dhcpd.h:740
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:711
void cleanup(void)
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:377
const char * file
Definition: dhcpd.h:3802
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2638
#define FTS_EXPIRED
Definition: dhcpd.h:539
int local_family
Definition: discover.c:59
struct interface_info * interfaces
Definition: discover.c:42
int dhcpv4_over_dhcpv6
Definition: discover.c:51
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:570
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:630
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:303
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:166
const char * piaddr(const struct iaddr addr)
Definition: inet.c:579
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:34
#define ISC_R_SUCCESS
@ pass
Definition: keama.h:37
struct group * root_group
Definition: memory.c:31
#define MDL
Definition: omapip.h:567
const char int
Definition: omapip.h:442
int log_error(const char *,...) __attribute__((__format__(__printf__
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
void log_fatal(const char *,...) __attribute__((__format__(__printf__
int int log_info(const char *,...) __attribute__((__format__(__printf__
#define DHCP_R_INVALIDARG
Definition: result.h:49
unsigned char data[1]
Definition: tree.h:62
struct buffer * buffer
Definition: tree.h:77
const unsigned char * data
Definition: tree.h:78
unsigned len
Definition: tree.h:79
unsigned char options[DHCP_MAX_OPTION_LEN]
Definition: dhcp.h:62
u_int8_t hlen
Definition: dhcp.h:50
unsigned char chaddr[16]
Definition: dhcp.h:59
unsigned char msg_type
Definition: dhcp6.h:252
unsigned char flags[3]
Definition: dhcp6.h:253
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:254
unsigned char transaction_id[3]
Definition: dhcp6.h:229
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:230
unsigned char msg_type
Definition: dhcp6.h:228
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:244
unsigned char link_address[16]
Definition: dhcp6.h:242
unsigned char hop_count
Definition: dhcp6.h:241
unsigned char msg_type
Definition: dhcp6.h:240
unsigned char peer_address[16]
Definition: dhcp6.h:243
Definition: dhcpd.h:962
struct subnet * subnet
Definition: dhcpd.h:967
u_int8_t hlen
Definition: dhcpd.h:492
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:493
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:987
struct option_cache * fixed_addr
Definition: dhcpd.h:986
struct host_decl * n_ipaddr
Definition: dhcpd.h:976
Definition: dhcpd.h:1681
int num_iasubopt
Definition: dhcpd.h:1685
time_t cltt
Definition: dhcpd.h:1687
struct iasubopt ** iasubopt
Definition: dhcpd.h:1688
Definition: inet.h:31
unsigned char iabuf[16]
Definition: inet.h:33
unsigned len
Definition: inet.h:32
struct iaddr lo_addr
Definition: inet.h:71
int bits
Definition: inet.h:72
struct iaddrcidrnet cidrnet
Definition: inet.h:77
struct iaddrcidrnetlist * next
Definition: inet.h:76
u_int8_t plen
Definition: dhcpd.h:1649
int static_lease
Definition: dhcpd.h:1678
binding_state_t state
Definition: dhcpd.h:1650
time_t hard_lifetime_end_time
Definition: dhcpd.h:1652
u_int32_t prefer
Definition: dhcpd.h:1654
struct in6_addr addr
Definition: dhcpd.h:1648
u_int32_t valid
Definition: dhcpd.h:1655
struct ia_xx * ia
Definition: dhcpd.h:1656
struct binding_scope * scope
Definition: dhcpd.h:1651
struct on_star on_star
Definition: dhcpd.h:1677
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1657
time_t soft_lifetime_end_time
Definition: dhcpd.h:1653
char name[IFNAMSIZ]
Definition: dhcpd.h:1408
struct interface_info * next
Definition: dhcpd.h:1383
struct hardware hw_address
Definition: dhcpd.h:1386
struct shared_network * shared_network
Definition: dhcpd.h:1384
Definition: ip.h:47
ipv6_pond structure
Definition: dhcpd.h:1745
struct permit * permit_list
Definition: dhcpd.h:1751
struct shared_network * shared_network
Definition: dhcpd.h:1749
isc_uint64_t num_abandoned
Definition: dhcpd.h:1761
int logged
Definition: dhcpd.h:1762
int jumbo_range
Definition: dhcpd.h:1764
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1756
isc_uint64_t num_total
Definition: dhcpd.h:1759
struct group * group
Definition: dhcpd.h:1748
isc_uint64_t low_threshold
Definition: dhcpd.h:1763
int last_ipv6_pool
Definition: dhcpd.h:1757
isc_uint64_t num_active
Definition: dhcpd.h:1760
struct permit * prohibit_list
Definition: dhcpd.h:1752
struct ipv6_pond * next
Definition: dhcpd.h:1747
ipv6_pool structure
Definition: dhcpd.h:1715
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1731
u_int16_t pool_type
Definition: dhcpd.h:1717
struct shared_network * shared_network
Definition: dhcpd.h:1728
int units
Definition: dhcpd.h:1720
Definition: dhcpd.h:560
struct lease_state * state
Definition: dhcpd.h:628
struct dhcp_ddns_cb * ddns_cb
Definition: dhcpd.h:650
struct binding_scope * scope
Definition: dhcpd.h:575
TIME cltt
Definition: dhcpd.h:640
Definition: dhcpd.h:553
struct executable_statement * on_commit
Definition: dhcpd.h:555
struct data_string data
Definition: dhcpd.h:390
struct option_cache * next
Definition: dhcpd.h:387
Definition: dhcpd.h:405
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:418
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:422
int client_port
Definition: dhcpd.h:431
struct dhcp_packet * raw
Definition: dhcpd.h:406
unsigned char dhcp4o6_flags[3]
Definition: dhcpd.h:425
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:411
isc_boolean_t unicast
Definition: dhcpd.h:470
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:417
struct interface_info * interface
Definition: dhcpd.h:433
isc_boolean_t relay_source_port
Definition: dhcpd.h:477
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:419
int known
Definition: dhcpd.h:457
struct option_state * options
Definition: dhcpd.h:449
unsigned packet_length
Definition: dhcpd.h:408
struct data_string * dhcp4o6_response
Definition: dhcpd.h:428
int options_valid
Definition: dhcpd.h:430
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:414
int packet_type
Definition: dhcpd.h:409
struct iaddr client_addr
Definition: dhcpd.h:432
Definition: dhcpd.h:1029
struct group * group
Definition: dhcpd.h:1069
struct subnet * subnets
Definition: dhcpd.h:1065
char * name
Definition: dhcpd.h:1060
Definition: dhcpd.h:1075
struct group * group
Definition: dhcpd.h:1085
struct iaddr netmask
Definition: dhcpd.h:1083
struct iaddr net
Definition: dhcpd.h:1082
struct subnet * next_sibling
Definition: dhcpd.h:1078
struct shared_network * shared_network
Definition: dhcpd.h:1079
struct element * subnet
Definition: confparse.c:57
const int dhcpv6_type_name_max
Definition: tables.c:692
const char * dhcpv6_type_names[]
Definition: tables.c:668
struct universe dhcpv6_universe
Definition: tables.c:351
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2699
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2733
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:56
struct binding_scope * global_scope
Definition: tree.c:38