ISC DHCP  4.3.6
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2017 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 
21 #ifdef DHCPv6
22 
23 #ifdef DHCP4o6
24 static void forw_dhcpv4_query(struct packet *packet);
25 static void send_dhcpv4_response(struct data_string *raw);
26 
27 static void recv_dhcpv4_query(struct data_string *raw);
28 static void dhcp4o6_dhcpv4_query(struct data_string *reply_ret,
29  struct packet *packet);
30 #endif
31 
32 /*
33  * We use print_hex_1() to output DUID values. We could actually output
34  * the DUID with more information... MAC address if using type 1 or 3,
35  * and so on. However, RFC 3315 contains Grave Warnings against actually
36  * attempting to understand a DUID.
37  */
38 
39 /*
40  * TODO: gettext() or other method of localization for the messages
41  * for status codes (and probably for log formats eventually)
42  * TODO: refactoring (simplify, simplify, simplify)
43  * TODO: support multiple shared_networks on each interface (this
44  * will allow the server to issue multiple IPv6 addresses to
45  * a single interface)
46  */
47 
48 /*
49  * DHCPv6 Reply workflow assist. A Reply packet is built by various
50  * different functions; this gives us one location where we keep state
51  * regarding a reply.
52  */
53 struct reply_state {
54  /* root level persistent state */
55  struct shared_network *shared;
56  struct host_decl *host;
57  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
58  struct option_state *opt_state;
59  struct packet *packet;
60  struct data_string client_id;
61 
62  /* IA level persistent state */
63  unsigned ia_count;
64  unsigned pd_count;
65  unsigned client_resources;
66  isc_boolean_t resources_included;
67  isc_boolean_t static_lease;
68  unsigned static_prefixes;
69  struct ia_xx *ia;
70  struct ia_xx *old_ia;
71  struct option_state *reply_ia;
72  struct data_string fixed;
73  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
74 
75  /* IAADDR/PREFIX level persistent state */
76  struct iasubopt *lease;
77 
78  /*
79  * "t1", "t2", preferred, and valid lifetimes records for calculating
80  * t1 and t2 (min/max).
81  */
82  u_int32_t renew, rebind, min_prefer, min_valid;
83 
84  /* Client-requested valid and preferred lifetimes. */
85  u_int32_t client_valid, client_prefer;
86 
87  /* Chosen values to transmit for valid and preferred lifetimes. */
88  u_int32_t send_valid, send_prefer;
89 
90  /* Preferred prefix length (-1 is any). */
91  int preflen;
92 
93  /* Index into the data field that has been consumed. */
94  unsigned cursor;
95 
96  /* Space for the on commit statements for a fixed host */
97  struct on_star on_star;
98 
99  union reply_buffer {
100  unsigned char data[65536];
101  struct dhcpv6_packet reply;
102  } buf;
103 };
104 
105 /*
106  * Prototypes local to this file.
107  */
108 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
109  struct data_string *enc_opt_data,
110  struct packet *packet,
111  struct option_cache *oc,
112  int offset);
113 static void build_dhcpv6_reply(struct data_string *, struct packet *);
114 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
115  struct packet *packet);
116 static void seek_shared_host(struct host_decl **hp,
117  struct shared_network *shared);
118 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
119  struct shared_network *shared);
120 static isc_result_t reply_process_ia_na(struct reply_state *reply,
121  struct option_cache *ia);
122 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
123  struct option_cache *ia);
124 static isc_result_t reply_process_addr(struct reply_state *reply,
125  struct option_cache *addr);
126 static isc_boolean_t address_is_owned(struct reply_state *reply,
127  struct iaddr *addr);
128 static isc_boolean_t temporary_is_available(struct reply_state *reply,
129  struct iaddr *addr);
130 static isc_result_t find_client_temporaries(struct reply_state *reply);
131 static isc_result_t reply_process_try_addr(struct reply_state *reply,
132  struct iaddr *addr);
133 static isc_result_t find_client_address(struct reply_state *reply);
134 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
135  struct binding_scope **scope,
136  struct group *group);
137 static isc_result_t reply_process_send_addr(struct reply_state *reply,
138  struct iaddr *addr);
139 static struct iasubopt *lease_compare(struct iasubopt *alpha,
140  struct iasubopt *beta);
141 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
142  struct option_cache *ia_pd);
143 static struct group *find_group_by_prefix(struct reply_state *reply);
144 static isc_result_t reply_process_prefix(struct reply_state *reply,
145  struct option_cache *pref);
146 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
147  struct iaddrcidrnet *pref);
148 static isc_result_t find_client_prefix(struct reply_state *reply);
149 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
150  struct iaddrcidrnet *pref);
151 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
152  struct binding_scope **scope,
153  struct group *group);
154 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
155  struct iaddrcidrnet *pref);
156 static struct iasubopt *prefix_compare(struct reply_state *reply,
157  struct iasubopt *alpha,
158  struct iasubopt *beta);
159 static void schedule_lease_timeout_reply(struct reply_state *reply);
160 
161 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
162 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
163  int prefix_mode);
164 
165 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
166  const struct data_string *client_id,
167  const struct data_string *server_id);
168 
169 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
170 static isc_result_t shared_network_from_requested_addr (struct shared_network
171  **shared,
172  struct packet* packet);
173 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
174  struct iaddr* iaddr);
175 
176 static void
177 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor);
178 
179 #ifdef DHCP4o6
180 /*
181  * \brief Omapi I/O handler
182  *
183  * The inter-process communication receive handler.
184  * Get the message, put it into the raw data_string
185  * and call \ref send_dhcpv4_response() (DHCPv6 side) or
186  * \ref recv_dhcpv4_query() (DHCPv4 side)
187  *
188  * \param h the OMAPI object
189  * \return a result for I/O success or error (used by the I/O subsystem)
190  */
191 isc_result_t dhcpv4o6_handler(omapi_object_t *h) {
192  char buf[65536];
193  struct data_string raw;
194  int cc;
195 
196  if (h->type != dhcp4o6_type)
197  return DHCP_R_INVALIDARG;
198 
199  cc = recv(dhcp4o6_fd, buf, sizeof(buf), 0);
200 
201  if (cc < DHCP_FIXED_NON_UDP + 32)
202  return ISC_R_UNEXPECTED;
203  memset(&raw, 0, sizeof(raw));
204  if (!buffer_allocate(&raw.buffer, cc, MDL)) {
205  log_error("dhcpv4o6_handler: no memory buffer.");
206  return ISC_R_NOMEMORY;
207  }
208  raw.data = raw.buffer->data;
209  raw.len = cc;
210  memcpy(raw.buffer->data, buf, cc);
211 
212  if (local_family == AF_INET6) {
213  send_dhcpv4_response(&raw);
214  } else {
215  recv_dhcpv4_query(&raw);
216  }
217 
218  data_string_forget(&raw, MDL);
219 
220  return ISC_R_SUCCESS;
221 }
222 
223 /*
224  * \brief Send the DHCPv4-response back to the DHCPv6 side
225  * (DHCPv6 server function)
226  *
227  * Format: interface:16 + address:16 + DHCPv6 DHCPv4-response message
228  *
229  * \param raw the IPC message content
230  */
231 static void send_dhcpv4_response(struct data_string *raw) {
232  struct interface_info *ip;
233  char name[16 + 1];
234  struct sockaddr_in6 to_addr;
235  char pbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
236  int send_ret;
237 
238  memset(name, 0, sizeof(name));
239  memcpy(name, raw->data, 16);
240  for (ip = interfaces; ip != NULL; ip = ip->next) {
241  if (!strcmp(name, ip->name))
242  break;
243  }
244  if (ip == NULL) {
245  log_error("send_dhcpv4_response: can't find interface %s.",
246  name);
247  return;
248  }
249 
250  memset(&to_addr, 0, sizeof(to_addr));
251  to_addr.sin6_family = AF_INET6;
252  memcpy(&to_addr.sin6_addr, raw->data + 16, 16);
253  if ((raw->data[32] == DHCPV6_RELAY_FORW) ||
254  (raw->data[32] == DHCPV6_RELAY_REPL)) {
255  to_addr.sin6_port = local_port;
256  } else {
257  to_addr.sin6_port = remote_port;
258  }
259 
260  log_info("send_dhcpv4_response(): sending %s on %s to %s port %d",
261  dhcpv6_type_names[raw->data[32]],
262  name,
263  inet_ntop(AF_INET6, raw->data + 16, pbuf, sizeof(pbuf)),
264  ntohs(to_addr.sin6_port));
265 
266  send_ret = send_packet6(ip, raw->data + 32, raw->len - 32, &to_addr);
267  if (send_ret < 0) {
268  log_error("send_dhcpv4_response: send_packet6(): %m");
269  } else if (send_ret != raw->len - 32) {
270  log_error("send_dhcpv4_response: send_packet6() "
271  "sent %d of %d bytes",
272  send_ret, raw->len - 32);
273  }
274 }
275 #endif /* DHCP4o6 */
276 
277 /*
278  * Schedule lease timeouts for all of the iasubopts in the reply.
279  * This is currently used to schedule timeouts for soft leases.
280  */
281 
282 static void
283 schedule_lease_timeout_reply(struct reply_state *reply) {
284  struct iasubopt *tmp;
285  int i;
286 
287  /* sanity check the reply */
288  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
289  return;
290 
291  /* walk through the list, scheduling as we go */
292  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
293  tmp = reply->ia->iasubopt[i];
295  }
296 }
297 
298 /*
299  * This function returns the time since DUID time start for the
300  * given time_t value.
301  */
302 static u_int32_t
303 duid_time(time_t when) {
304  /*
305  * This time is modulo 2^32.
306  */
307  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
308  /* use 2^31 to avoid spurious compiler warnings */
309  when -= 2147483648u;
310  when -= 2147483648u;
311  }
312 
313  return when - DUID_TIME_EPOCH;
314 }
315 
316 
317 /*
318  * Server DUID.
319  *
320  * This must remain the same for the lifetime of this server, because
321  * clients return the server DUID that we sent them in Request packets.
322  *
323  * We pick the server DUID like this:
324  *
325  * 1. Check dhcpd.conf - any value the administrator has configured
326  * overrides any possible values.
327  * 2. Check the leases.txt - we want to use the previous value if
328  * possible.
329  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
330  * and generate that type.
331  * 4. Generate a type 1 (time + hardware address) DUID.
332  */
333 static struct data_string server_duid;
334 
335 /*
336  * Check if the server_duid has been set.
337  */
338 isc_boolean_t
339 server_duid_isset(void) {
340  return (server_duid.data != NULL);
341 }
342 
343 /*
344  * Return the server_duid.
345  */
346 void
347 copy_server_duid(struct data_string *ds, const char *file, int line) {
348  data_string_copy(ds, &server_duid, file, line);
349 }
350 
351 /*
352  * Set the server DUID to a specified value. This is used when
353  * the server DUID is stored in persistent memory (basically the
354  * leases.txt file).
355  */
356 void
357 set_server_duid(struct data_string *new_duid) {
358  /* INSIST(new_duid != NULL); */
359  /* INSIST(new_duid->data != NULL); */
360 
361  if (server_duid_isset()) {
362  data_string_forget(&server_duid, MDL);
363  }
364  data_string_copy(&server_duid, new_duid, MDL);
365 }
366 
367 
368 /*
369  * Set the server DUID based on the D6O_SERVERID option. This handles
370  * the case where the administrator explicitly put it in the dhcpd.conf
371  * file.
372  */
373 isc_result_t
375  struct option_state *opt_state;
376  struct option_cache *oc;
377  struct data_string option_duid;
378  isc_result_t ret_val;
379 
380  opt_state = NULL;
381  if (!option_state_allocate(&opt_state, MDL)) {
382  log_fatal("No memory for server DUID.");
383  }
384 
385  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
386  opt_state, &global_scope, root_group,
387  NULL, NULL);
388 
389  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
390  if (oc == NULL) {
391  ret_val = ISC_R_NOTFOUND;
392  } else {
393  memset(&option_duid, 0, sizeof(option_duid));
394  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
395  opt_state, NULL, &global_scope,
396  oc, MDL)) {
397  ret_val = ISC_R_UNEXPECTED;
398  } else {
399  set_server_duid(&option_duid);
400  data_string_forget(&option_duid, MDL);
401  ret_val = ISC_R_SUCCESS;
402  }
403  }
404 
405  option_state_dereference(&opt_state, MDL);
406 
407  return ret_val;
408 }
409 
410 /*
411  * DUID layout, as defined in RFC 3315, section 9.
412  *
413  * We support type 1 (hardware address plus time) and type 3 (hardware
414  * address).
415  *
416  * We can support type 2 for specific vendors in the future, if they
417  * publish the specification. And of course there may be additional
418  * types later.
419  */
420 static int server_duid_type = DUID_LLT;
421 
422 /*
423  * Set the DUID type.
424  */
425 void
426 set_server_duid_type(int type) {
427  server_duid_type = type;
428 }
429 
430 /*
431  * Generate a new server DUID. This is done if there was no DUID in
432  * the leases.txt or in the dhcpd.conf file.
433  */
434 isc_result_t
436  struct interface_info *p;
437  u_int32_t time_val;
438  struct data_string generated_duid;
439 
440  /*
441  * Verify we have a type that we support.
442  */
443  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
444  log_error("Invalid DUID type %d specified, "
445  "only LL and LLT types supported", server_duid_type);
446  return DHCP_R_INVALIDARG;
447  }
448 
449  /*
450  * Find an interface with a hardware address.
451  * Any will do. :)
452  */
453  for (p = interfaces; p != NULL; p = p->next) {
454  if (p->hw_address.hlen > 0) {
455  break;
456  }
457  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
458  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
459  }
460  }
461  if (p == NULL) {
462  return ISC_R_UNEXPECTED;
463  }
464 
465  /*
466  * Build our DUID.
467  */
468  memset(&generated_duid, 0, sizeof(generated_duid));
469  if (server_duid_type == DUID_LLT) {
470  time_val = duid_time(time(NULL));
471  generated_duid.len = 8 + p->hw_address.hlen - 1;
472  if (!buffer_allocate(&generated_duid.buffer,
473  generated_duid.len, MDL)) {
474  log_fatal("No memory for server DUID.");
475  }
476  generated_duid.data = generated_duid.buffer->data;
477  putUShort(generated_duid.buffer->data, DUID_LLT);
478  putUShort(generated_duid.buffer->data + 2,
479  p->hw_address.hbuf[0]);
480  putULong(generated_duid.buffer->data + 4, time_val);
481  memcpy(generated_duid.buffer->data + 8,
482  p->hw_address.hbuf+1, p->hw_address.hlen-1);
483  } else if (server_duid_type == DUID_LL) {
484  generated_duid.len = 4 + p->hw_address.hlen - 1;
485  if (!buffer_allocate(&generated_duid.buffer,
486  generated_duid.len, MDL)) {
487  log_fatal("No memory for server DUID.");
488  }
489  generated_duid.data = generated_duid.buffer->data;
490  putUShort(generated_duid.buffer->data, DUID_LL);
491  putUShort(generated_duid.buffer->data + 2,
492  p->hw_address.hbuf[0]);
493  memcpy(generated_duid.buffer->data + 4,
494  p->hw_address.hbuf+1, p->hw_address.hlen-1);
495  } else {
496  log_fatal("Unsupported server DUID type %d.", server_duid_type);
497  }
498 
499  set_server_duid(&generated_duid);
500  data_string_forget(&generated_duid, MDL);
501 
502  return ISC_R_SUCCESS;
503 }
504 
505 /*
506  * Get the client identifier from the packet.
507  */
508 isc_result_t
509 get_client_id(struct packet *packet, struct data_string *client_id) {
510  struct option_cache *oc;
511 
512  /*
513  * Verify our client_id structure is empty.
514  */
515  if ((client_id->data != NULL) || (client_id->len != 0)) {
516  return DHCP_R_INVALIDARG;
517  }
518 
520  if (oc == NULL) {
521  return ISC_R_NOTFOUND;
522  }
523 
524  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
525  packet->options, NULL,
526  &global_scope, oc, MDL)) {
527  return ISC_R_FAILURE;
528  }
529 
530  return ISC_R_SUCCESS;
531 }
532 
533 /*
534  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
535  *
536  * Servers MUST discard any Solicit messages that do not include a
537  * Client Identifier option or that do include a Server Identifier
538  * option.
539  */
540 int
541 valid_client_msg(struct packet *packet, struct data_string *client_id) {
542  int ret_val;
543  struct option_cache *oc;
544  struct data_string data;
545 
546  ret_val = 0;
547  memset(client_id, 0, sizeof(*client_id));
548  memset(&data, 0, sizeof(data));
549 
550  switch (get_client_id(packet, client_id)) {
551  case ISC_R_SUCCESS:
552  break;
553  case ISC_R_NOTFOUND:
554  log_debug("Discarding %s from %s; "
555  "client identifier missing",
558  goto exit;
559  default:
560  log_error("Error processing %s from %s; "
561  "unable to evaluate Client Identifier",
564  goto exit;
565  }
566 
567  /*
568  * Required by RFC 3315, section 15.
569  */
570  if (packet->unicast) {
571  log_debug("Discarding %s from %s; packet sent unicast "
572  "(CLIENTID %s)",
575  print_hex_1(client_id->len, client_id->data, 60));
576  goto exit;
577  }
578 
579 
581  if (oc != NULL) {
582  if (evaluate_option_cache(&data, packet, NULL, NULL,
583  packet->options, NULL,
584  &global_scope, oc, MDL)) {
585  log_debug("Discarding %s from %s; "
586  "server identifier found "
587  "(CLIENTID %s, SERVERID %s)",
590  print_hex_1(client_id->len,
591  client_id->data, 60),
592  print_hex_2(data.len,
593  data.data, 60));
594  } else {
595  log_debug("Discarding %s from %s; "
596  "server identifier found "
597  "(CLIENTID %s)",
599  print_hex_1(client_id->len,
600  client_id->data, 60),
602  }
603  goto exit;
604  }
605 
606  /* looks good */
607  ret_val = 1;
608 
609 exit:
610  if (data.len > 0) {
612  }
613  if (!ret_val) {
614  if (client_id->len > 0) {
615  data_string_forget(client_id, MDL);
616  }
617  }
618  return ret_val;
619 }
620 
621 /*
622  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
623  * 15.9 (slightly different wording, but same meaning):
624  *
625  * Servers MUST discard any received Request message that meet any of
626  * the following conditions:
627  *
628  * - the message does not include a Server Identifier option.
629  * - the contents of the Server Identifier option do not match the
630  * server's DUID.
631  * - the message does not include a Client Identifier option.
632  */
633 int
634 valid_client_resp(struct packet *packet,
635  struct data_string *client_id,
636  struct data_string *server_id)
637 {
638  int ret_val;
639  struct option_cache *oc;
640 
641  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
642 
643  ret_val = 0;
644  memset(client_id, 0, sizeof(*client_id));
645  memset(server_id, 0, sizeof(*server_id));
646 
647  switch (get_client_id(packet, client_id)) {
648  case ISC_R_SUCCESS:
649  break;
650  case ISC_R_NOTFOUND:
651  log_debug("Discarding %s from %s; "
652  "client identifier missing",
655  goto exit;
656  default:
657  log_error("Error processing %s from %s; "
658  "unable to evaluate Client Identifier",
661  goto exit;
662  }
663 
665  if (oc == NULL) {
666  log_debug("Discarding %s from %s: "
667  "server identifier missing (CLIENTID %s)",
670  print_hex_1(client_id->len, client_id->data, 60));
671  goto exit;
672  }
673  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
674  packet->options, NULL,
675  &global_scope, oc, MDL)) {
676  log_error("Error processing %s from %s; "
677  "unable to evaluate Server Identifier (CLIENTID %s)",
680  print_hex_1(client_id->len, client_id->data, 60));
681  goto exit;
682  }
683  if ((server_duid.len != server_id->len) ||
684  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
685  log_debug("Discarding %s from %s; "
686  "not our server identifier "
687  "(CLIENTID %s, SERVERID %s, server DUID %s)",
690  print_hex_1(client_id->len, client_id->data, 60),
691  print_hex_2(server_id->len, server_id->data, 60),
692  print_hex_3(server_duid.len, server_duid.data, 60));
693  goto exit;
694  }
695 
696  /* looks good */
697  ret_val = 1;
698 
699 exit:
700  if (!ret_val) {
701  if (server_id->len > 0) {
702  data_string_forget(server_id, MDL);
703  }
704  if (client_id->len > 0) {
705  data_string_forget(client_id, MDL);
706  }
707  }
708  return ret_val;
709 }
710 
711 /*
712  * Information request validation, defined in RFC 3315, section 15.12:
713  *
714  * Servers MUST discard any received Information-request message that
715  * meets any of the following conditions:
716  *
717  * - The message includes a Server Identifier option and the DUID in
718  * the option does not match the server's DUID.
719  *
720  * - The message includes an IA option.
721  */
722 int
723 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
724  int ret_val;
725  struct option_cache *oc;
726  struct data_string client_id;
727  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
728  plus a few more for extra information */
729 
730  ret_val = 0;
731  memset(server_id, 0, sizeof(*server_id));
732  memset(&client_id, 0, sizeof(client_id));
733 
734  /*
735  * Make a string that we can print out to give more
736  * information about the client if we need to.
737  *
738  * By RFC 3315, Section 18.1.5 clients SHOULD have a
739  * client-id on an Information-request packet, but it
740  * is not strictly necessary.
741  */
742  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
743  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
744  print_hex_1(client_id.len, client_id.data, 60));
745  data_string_forget(&client_id, MDL);
746  } else {
747  client_id_str[0] = '\0';
748  }
749 
750  /*
751  * Required by RFC 3315, section 15.
752  */
753  if (packet->unicast) {
754  log_debug("Discarding %s from %s; packet sent unicast%s",
756  piaddr(packet->client_addr), client_id_str);
757  goto exit;
758  }
759 
761  if (oc != NULL) {
762  log_debug("Discarding %s from %s; "
763  "IA_NA option present%s",
765  piaddr(packet->client_addr), client_id_str);
766  goto exit;
767  }
769  if (oc != NULL) {
770  log_debug("Discarding %s from %s; "
771  "IA_TA option present%s",
773  piaddr(packet->client_addr), client_id_str);
774  goto exit;
775  }
777  if (oc != NULL) {
778  log_debug("Discarding %s from %s; "
779  "IA_PD option present%s",
781  piaddr(packet->client_addr), client_id_str);
782  goto exit;
783  }
784 
786  if (oc != NULL) {
787  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
788  packet->options, NULL,
789  &global_scope, oc, MDL)) {
790  log_error("Error processing %s from %s; "
791  "unable to evaluate Server Identifier%s",
793  piaddr(packet->client_addr), client_id_str);
794  goto exit;
795  }
796  if ((server_duid.len != server_id->len) ||
797  (memcmp(server_duid.data, server_id->data,
798  server_duid.len) != 0)) {
799  log_debug("Discarding %s from %s; "
800  "not our server identifier "
801  "(SERVERID %s, server DUID %s)%s",
804  print_hex_1(server_id->len,
805  server_id->data, 60),
806  print_hex_2(server_duid.len,
807  server_duid.data, 60),
808  client_id_str);
809  goto exit;
810  }
811  }
812 
813  /* looks good */
814  ret_val = 1;
815 
816 exit:
817  if (!ret_val) {
818  if (server_id->len > 0) {
819  data_string_forget(server_id, MDL);
820  }
821  }
822  return ret_val;
823 }
824 
825 /*
826  * Options that we want to send, in addition to what was requested
827  * via the ORO.
828  */
829 static const int required_opts[] = {
830  D6O_CLIENTID,
831  D6O_SERVERID,
834  0
835 };
836 static const int required_opts_solicit[] = {
837  D6O_CLIENTID,
838  D6O_SERVERID,
839  D6O_IA_NA,
840  D6O_IA_TA,
841  D6O_IA_PD,
846  0
847 };
848 static const int required_opts_agent[] = {
851  0
852 };
853 static const int required_opts_IA[] = {
854  D6O_IAADDR,
856  0
857 };
858 static const int required_opts_IA_PD[] = {
859  D6O_IAPREFIX,
861  0
862 };
863 static const int required_opts_STATUS_CODE[] = {
865  0
866 };
867 #ifdef DHCP4o6
868 static const int required_opts_4o6[] = {
870  0
871 };
872 #endif
873 
874 static const int unicast_reject_opts[] = {
875  D6O_CLIENTID,
876  D6O_SERVERID,
878  0
879 };
880 
881 
882 /*
883  * Extracts from packet contents an IA_* option, storing the IA structure
884  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
885  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
886  * where in the IA_* the DHCPv6 options commence.
887  */
888 static int
889 get_encapsulated_IA_state(struct option_state **enc_opt_state,
890  struct data_string *enc_opt_data,
891  struct packet *packet,
892  struct option_cache *oc,
893  int offset)
894 {
895  /*
896  * Get the raw data for the encapsulated options.
897  */
898  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
899  if (!evaluate_option_cache(enc_opt_data, packet,
900  NULL, NULL, packet->options, NULL,
901  &global_scope, oc, MDL)) {
902  log_error("get_encapsulated_IA_state: "
903  "error evaluating raw option.");
904  return 0;
905  }
906  if (enc_opt_data->len < offset) {
907  log_error("get_encapsulated_IA_state: raw option too small.");
908  data_string_forget(enc_opt_data, MDL);
909  return 0;
910  }
911 
912  /*
913  * Now create the option state structure, and pass it to the
914  * function that parses options.
915  */
916  *enc_opt_state = NULL;
917  if (!option_state_allocate(enc_opt_state, MDL)) {
918  log_error("get_encapsulated_IA_state: no memory for options.");
919  data_string_forget(enc_opt_data, MDL);
920  return 0;
921  }
922  if (!parse_option_buffer(*enc_opt_state,
923  enc_opt_data->data + offset,
924  enc_opt_data->len - offset,
925  &dhcpv6_universe)) {
926  log_error("get_encapsulated_IA_state: error parsing options.");
927  option_state_dereference(enc_opt_state, MDL);
928  data_string_forget(enc_opt_data, MDL);
929  return 0;
930  }
931 
932  return 1;
933 }
934 
935 static int
936 set_status_code(u_int16_t status_code, const char *status_message,
937  struct option_state *opt_state)
938 {
939  struct data_string d;
940  int ret_val;
941 
942  memset(&d, 0, sizeof(d));
943  d.len = sizeof(status_code) + strlen(status_message);
944  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
945  log_fatal("set_status_code: no memory for status code.");
946  }
947  d.data = d.buffer->data;
948  putUShort(d.buffer->data, status_code);
949  memcpy(d.buffer->data + sizeof(status_code),
950  status_message, d.len - sizeof(status_code));
951  if (!save_option_buffer(&dhcpv6_universe, opt_state,
952  d.buffer, (unsigned char *)d.data, d.len,
953  D6O_STATUS_CODE, 0)) {
954  log_error("set_status_code: error saving status code.");
955  ret_val = 0;
956  } else {
957  ret_val = 1;
958  }
959  data_string_forget(&d, MDL);
960  return ret_val;
961 }
962 
963 void check_pool6_threshold(struct reply_state *reply,
964  struct iasubopt *lease)
965 {
966  struct ipv6_pond *pond;
967  isc_uint64_t used, count, high_threshold;
968  int poolhigh = 0, poollow = 0;
969  char *shared_name = "no name";
970  char tmp_addr[INET6_ADDRSTRLEN];
971 
972  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
973  return;
974  pond = lease->ipv6_pool->ipv6_pond;
975 
976  /* If the address range is too large to track, just skip all this. */
977  if (pond->jumbo_range == 1) {
978  return;
979  }
980 
981  count = pond->num_total;
982  used = pond->num_active;
983 
984  /* get network name for logging */
985  if ((pond->shared_network != NULL) &&
986  (pond->shared_network->name != NULL)) {
987  shared_name = pond->shared_network->name;
988  }
989 
990  /* The logged flag indicates if we have already crossed the high
991  * threshold and emitted a log message. If it is set we check to
992  * see if we have re-crossed the low threshold and need to reset
993  * things. When we cross the high threshold we determine what
994  * the low threshold is and save it into the low_threshold value.
995  * When we cross that threshold we reset the logged flag and
996  * the low_threshold to 0 which allows the high threshold message
997  * to be emitted once again.
998  * if we haven't recrossed the boundry we don't need to do anything.
999  */
1000  if (pond->logged !=0) {
1001  if (used <= pond->low_threshold) {
1002  pond->low_threshold = 0;
1003  pond->logged = 0;
1004  log_error("Pool threshold reset - shared subnet: %s; "
1005  "address: %s; low threshold %llu/%llu.",
1006  shared_name,
1007  inet_ntop(AF_INET6, &lease->addr,
1008  tmp_addr, sizeof(tmp_addr)),
1009  used, count);
1010  }
1011  return;
1012  }
1013 
1014  /* find the high threshold */
1015  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
1016  NULL, reply->packet->options, reply->opt_state,
1017  reply->opt_state, &lease->scope,
1018  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
1019  /* no threshold bail out */
1020  return;
1021  }
1022 
1023  /* We do have a threshold for this pool, see if its valid */
1024  if ((poolhigh <= 0) || (poolhigh > 100)) {
1025  /* not valid */
1026  return;
1027  }
1028 
1029  /* we have a valid value, have we exceeded it */
1030  high_threshold = FIND_POND6_PERCENT(count, poolhigh);
1031  if (used < high_threshold) {
1032  /* nope, no more to do */
1033  return;
1034  }
1035 
1036  /* we've exceeded it, output a message */
1037  log_error("Pool threshold exceeded - shared subnet: %s; "
1038  "address: %s; high threshold %d%% %llu/%llu.",
1039  shared_name,
1040  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
1041  poolhigh, used, count);
1042 
1043  /* handle the low threshold now, if we don't
1044  * have one we default to 0. */
1045  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
1046  NULL, reply->packet->options, reply->opt_state,
1047  reply->opt_state, &lease->scope,
1048  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
1049  (poollow > 100)) {
1050  poollow = 0;
1051  }
1052 
1053  /*
1054  * If the low theshold is higher than the high threshold we continue to log
1055  * If it isn't then we set the flag saying we already logged and determine
1056  * what the reset threshold is.
1057  */
1058  if (poollow < poolhigh) {
1059  pond->logged = 1;
1060  pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
1061  }
1062 }
1063 
1064 /*
1065  * We have a set of operations we do to set up the reply packet, which
1066  * is the same for many message types.
1067  */
1068 static int
1069 start_reply(struct packet *packet,
1070  const struct data_string *client_id,
1071  const struct data_string *server_id,
1072  struct option_state **opt_state,
1073  struct dhcpv6_packet *reply)
1074 {
1075  struct option_cache *oc;
1076  const unsigned char *server_id_data;
1077  int server_id_len;
1078 
1079  /*
1080  * Build our option state for reply.
1081  */
1082  *opt_state = NULL;
1083  if (!option_state_allocate(opt_state, MDL)) {
1084  log_error("start_reply: no memory for option_state.");
1085  return 0;
1086  }
1087  execute_statements_in_scope(NULL, packet, NULL, NULL,
1088  packet->options, *opt_state,
1089  &global_scope, root_group, NULL, NULL);
1090 
1091  /*
1092  * A small bit of special handling for Solicit messages.
1093  *
1094  * We could move the logic into a flag, but for now just check
1095  * explicitly.
1096  */
1098  reply->msg_type = DHCPV6_ADVERTISE;
1099 
1100  /*
1101  * If:
1102  * - this message type supports rapid commit (Solicit), and
1103  * - the server is configured to supply a rapid commit, and
1104  * - the client requests a rapid commit,
1105  * Then we add a rapid commit option, and send Reply (instead
1106  * of an Advertise).
1107  */
1109  *opt_state, D6O_RAPID_COMMIT);
1110  if (oc != NULL) {
1113  if (oc != NULL) {
1114  /* Rapid-commit in action. */
1115  reply->msg_type = DHCPV6_REPLY;
1116  } else {
1117  /* Don't want a rapid-commit in advertise. */
1119  *opt_state, D6O_RAPID_COMMIT);
1120  }
1121  }
1122  } else {
1123  reply->msg_type = DHCPV6_REPLY;
1124  /* Delete the rapid-commit from the sent options. */
1126  *opt_state, D6O_RAPID_COMMIT);
1127  if (oc != NULL) {
1129  *opt_state, D6O_RAPID_COMMIT);
1130  }
1131  }
1132 
1133  /*
1134  * Use the client's transaction identifier for the reply.
1135  */
1137  sizeof(reply->transaction_id));
1138 
1139  /*
1140  * RFC 3315, section 18.2 says we need server identifier and
1141  * client identifier.
1142  *
1143  * If the server ID is defined via the configuration file, then
1144  * it will already be present in the option state at this point,
1145  * so we don't need to set it.
1146  *
1147  * If we have a server ID passed in from the caller,
1148  * use that, otherwise use the global DUID.
1149  */
1150  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1151  if (oc == NULL) {
1152  if (server_id == NULL) {
1153  server_id_data = server_duid.data;
1154  server_id_len = server_duid.len;
1155  } else {
1156  server_id_data = server_id->data;
1157  server_id_len = server_id->len;
1158  }
1159  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1160  NULL, (unsigned char *)server_id_data,
1161  server_id_len, D6O_SERVERID, 0)) {
1162  log_error("start_reply: "
1163  "error saving server identifier.");
1164  return 0;
1165  }
1166  }
1167 
1168  if (client_id->buffer != NULL) {
1169  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1170  client_id->buffer,
1171  (unsigned char *)client_id->data,
1172  client_id->len,
1173  D6O_CLIENTID, 0)) {
1174  log_error("start_reply: error saving "
1175  "client identifier.");
1176  return 0;
1177  }
1178  }
1179 
1180  /*
1181  * If the client accepts reconfiguration, let it know that we
1182  * will send them.
1183  *
1184  * Note: we don't actually do this yet, but DOCSIS requires we
1185  * claim to.
1186  */
1189  if (oc != NULL) {
1190  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1191  NULL, (unsigned char *)"", 0,
1192  D6O_RECONF_ACCEPT, 0)) {
1193  log_error("start_reply: "
1194  "error saving RECONF_ACCEPT option.");
1195  option_state_dereference(opt_state, MDL);
1196  return 0;
1197  }
1198  }
1199 
1200  return 1;
1201 }
1202 
1203 /*
1204  * Try to get the IPv6 address the client asked for from the
1205  * pool.
1206  *
1207  * addr is the result (should be a pointer to NULL on entry)
1208  * pool is the pool to search in
1209  * requested_addr is the address the client wants
1210  */
1211 static isc_result_t
1212 try_client_v6_address(struct iasubopt **addr,
1213  struct ipv6_pool *pool,
1214  const struct data_string *requested_addr)
1215 {
1216  struct in6_addr tmp_addr;
1217  isc_result_t result;
1218 
1219  if (requested_addr->len < sizeof(tmp_addr)) {
1220  return DHCP_R_INVALIDARG;
1221  }
1222  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1223  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1224  return ISC_R_FAILURE;
1225  }
1226 
1227  /*
1228  * The address is not covered by this (or possibly any) dynamic
1229  * range.
1230  */
1231  if (!ipv6_in_pool(&tmp_addr, pool)) {
1232  return ISC_R_ADDRNOTAVAIL;
1233  }
1234 
1235  if (lease6_exists(pool, &tmp_addr)) {
1236  return ISC_R_ADDRINUSE;
1237  }
1238 
1239  result = iasubopt_allocate(addr, MDL);
1240  if (result != ISC_R_SUCCESS) {
1241  return result;
1242  }
1243  (*addr)->addr = tmp_addr;
1244  (*addr)->plen = 0;
1245 
1246  /* Default is soft binding for 2 minutes. */
1247  result = add_lease6(pool, *addr, cur_time + 120);
1248  if (result != ISC_R_SUCCESS) {
1249  iasubopt_dereference(addr, MDL);
1250  }
1251  return result;
1252 }
1253 
1254 
1276 static isc_result_t
1277 pick_v6_address(struct reply_state *reply)
1278 {
1279  struct ipv6_pool *p = NULL;
1280  struct ipv6_pond *pond;
1281  int i;
1282  int start_pool;
1283  unsigned int attempts;
1284  char tmp_buf[INET6_ADDRSTRLEN];
1285  struct iasubopt **addr = &reply->lease;
1286  isc_uint64_t total = 0;
1287  isc_uint64_t active = 0;
1288  isc_uint64_t abandoned = 0;
1289  int jumbo_range = 0;
1290  char *shared_name = (reply->shared->name ?
1291  reply->shared->name : "(no name)");
1292 
1293  /*
1294  * Do a quick walk through of the ponds and pools
1295  * to see if we have any NA address pools
1296  */
1297  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1298  if (pond->ipv6_pools == NULL)
1299  continue;
1300 
1301  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1302  if (p->pool_type == D6O_IA_NA)
1303  break;
1304  }
1305  if (p != NULL)
1306  break;
1307  }
1308 
1309  /* If we get here and p is NULL we have no useful pools */
1310  if (p == NULL) {
1311  log_debug("Unable to pick client address: "
1312  "no IPv6 pools on this shared network");
1313  return ISC_R_NORESOURCES;
1314  }
1315 
1316  /*
1317  * We have at least one pool that could provide an address
1318  * Now we walk through the ponds and pools again and check
1319  * to see if the client is permitted and if an address is
1320  * available
1321  *
1322  * Within a given pond we start looking at the last pool we
1323  * allocated from, unless it had a collision trying to allocate
1324  * an address. This will tend to move us into less-filled pools.
1325  */
1326 
1327  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1328  isc_result_t result = ISC_R_FAILURE;
1329 
1330  if (((pond->prohibit_list != NULL) &&
1331  (permitted(reply->packet, pond->prohibit_list))) ||
1332  ((pond->permit_list != NULL) &&
1333  (!permitted(reply->packet, pond->permit_list))))
1334  continue;
1335 
1336  start_pool = pond->last_ipv6_pool;
1337  i = start_pool;
1338  do {
1339  p = pond->ipv6_pools[i];
1340  if (p->pool_type == D6O_IA_NA) {
1341  result = create_lease6(p, addr, &attempts,
1342  &reply->ia->iaid_duid,
1343  cur_time + 120);
1344  if (result == ISC_R_SUCCESS) {
1345  /*
1346  * Record the pool used (or next one if
1347  * there was a collision).
1348  */
1349  if (attempts > 1) {
1350  i++;
1351  if (pond->ipv6_pools[i]
1352  == NULL) {
1353  i = 0;
1354  }
1355  }
1356 
1357  pond->last_ipv6_pool = i;
1358 
1359  log_debug("Picking pool address %s",
1360  inet_ntop(AF_INET6,
1361  &((*addr)->addr),
1362  tmp_buf, sizeof(tmp_buf)));
1363  return (ISC_R_SUCCESS);
1364  }
1365  }
1366 
1367  i++;
1368  if (pond->ipv6_pools[i] == NULL) {
1369  i = 0;
1370  }
1371  } while (i != start_pool);
1372 
1373  if (result == ISC_R_NORESOURCES) {
1374  jumbo_range += pond->jumbo_range;
1375  total += pond->num_total;
1376  active += pond->num_active;
1377  abandoned += pond->num_abandoned;
1378  }
1379  }
1380 
1381  /*
1382  * If we failed to pick an IPv6 address from any of the subnets.
1383  * Presumably that means we have no addresses for the client.
1384  */
1385  if (jumbo_range != 0) {
1386  log_debug("Unable to pick client address: "
1387  "no addresses available - shared network %s: "
1388  " 2^64-1 < total, %llu active, %llu abandoned",
1389  shared_name, active - abandoned, abandoned);
1390  } else {
1391  log_debug("Unable to pick client address: "
1392  "no addresses available - shared network %s: "
1393  "%llu total, %llu active, %llu abandoned",
1394  shared_name, total, active - abandoned, abandoned);
1395  }
1396 
1397  return ISC_R_NORESOURCES;
1398 }
1399 
1400 /*
1401  * Try to get the IPv6 prefix the client asked for from the
1402  * prefix pool.
1403  *
1404  * pref is the result (should be a pointer to NULL on entry)
1405  * pool is the prefix pool to search in
1406  * requested_pref is the address the client wants
1407  */
1408 static isc_result_t
1409 try_client_v6_prefix(struct iasubopt **pref,
1410  struct ipv6_pool *pool,
1411  const struct data_string *requested_pref)
1412 {
1413  u_int8_t tmp_plen;
1414  struct in6_addr tmp_pref;
1415  struct iaddr ia;
1416  isc_result_t result;
1417 
1418  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1419  return DHCP_R_INVALIDARG;
1420  }
1421 
1422  tmp_plen = (int) requested_pref->data[0];
1423  if ((tmp_plen < 3) || (tmp_plen > 128)) {
1424  return ISC_R_FAILURE;
1425  }
1426 
1427  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1428  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1429  return ISC_R_FAILURE;
1430  }
1431 
1432  ia.len = 16;
1433  memcpy(&ia.iabuf, &tmp_pref, 16);
1434  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1435  return ISC_R_FAILURE;
1436  }
1437 
1438  if (!ipv6_in_pool(&tmp_pref, pool) ||
1439  ((int)tmp_plen != pool->units)) {
1440  return ISC_R_ADDRNOTAVAIL;
1441  }
1442 
1443  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1444  return ISC_R_ADDRINUSE;
1445  }
1446 
1447  result = iasubopt_allocate(pref, MDL);
1448  if (result != ISC_R_SUCCESS) {
1449  return result;
1450  }
1451 
1452  (*pref)->addr = tmp_pref;
1453  (*pref)->plen = tmp_plen;
1454 
1455  /* Default is soft binding for 2 minutes. */
1456  result = add_lease6(pool, *pref, cur_time + 120);
1457  if (result != ISC_R_SUCCESS) {
1458  iasubopt_dereference(pref, MDL);
1459  }
1460 
1461  return result;
1462 }
1463 
1503 static isc_result_t
1504 pick_v6_prefix(struct reply_state *reply) {
1505  struct ipv6_pool *p = NULL;
1506  struct ipv6_pond *pond;
1507  int i;
1508  isc_result_t result;
1509 
1510  /*
1511  * Do a quick walk through of the ponds and pools
1512  * to see if we have any prefix pools
1513  */
1514  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1515  if (pond->ipv6_pools == NULL)
1516  continue;
1517 
1518  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1519  if (p->pool_type == D6O_IA_PD)
1520  break;
1521  }
1522  if (p != NULL)
1523  break;
1524  }
1525 
1526  /* If we get here and p is NULL we have no useful pools */
1527  if (p == NULL) {
1528  log_debug("Unable to pick client prefix: "
1529  "no IPv6 pools on this shared network");
1530  return ISC_R_NORESOURCES;
1531  }
1532 
1533  if (reply->preflen <= 0) {
1534  /* If we didn't get a plen (-1) or client plen is 0, then just
1535  * select first available (same as PLM_INGORE) */
1536  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1537  } else {
1538  switch (prefix_length_mode) {
1539  case PLM_PREFER:
1540  /* First we look for an exact match, if not found
1541  * then first available */
1542  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1543  if (result != ISC_R_SUCCESS) {
1544  result = pick_v6_prefix_helper(reply,
1545  PLM_IGNORE);
1546  }
1547  break;
1548 
1549  case PLM_EXACT:
1550  /* Match exactly or fail */
1551  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1552  break;
1553 
1554  case PLM_MINIMUM:
1555  case PLM_MAXIMUM:
1556  /* First we look for an exact match, if not found
1557  * then first available by mode */
1558  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1559  if (result != ISC_R_SUCCESS) {
1560  result = pick_v6_prefix_helper(reply,
1562  }
1563  break;
1564 
1565  default:
1566  /* First available */
1567  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1568  break;
1569  }
1570  }
1571 
1572  if (result == ISC_R_SUCCESS) {
1573  char tmp_buf[INET6_ADDRSTRLEN];
1574 
1575  log_debug("Picking pool prefix %s/%u",
1576  inet_ntop(AF_INET6, &(reply->lease->addr),
1577  tmp_buf, sizeof(tmp_buf)),
1578  (unsigned)(reply->lease->plen));
1579  return (ISC_R_SUCCESS);
1580  }
1581 
1582  /*
1583  * If we failed to pick an IPv6 prefix
1584  * Presumably that means we have no prefixes for the client.
1585  */
1586  log_debug("Unable to pick client prefix: no prefixes available");
1587  return ISC_R_NORESOURCES;
1588 }
1589 
1613 isc_result_t
1614 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1615  struct ipv6_pool *p = NULL;
1616  struct ipv6_pond *pond;
1617  int i;
1618  unsigned int attempts;
1619  struct iasubopt **pref = &reply->lease;
1620 
1621  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1622  if (((pond->prohibit_list != NULL) &&
1623  (permitted(reply->packet, pond->prohibit_list))) ||
1624  ((pond->permit_list != NULL) &&
1625  (!permitted(reply->packet, pond->permit_list))))
1626  continue;
1627 
1628  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1629  if ((p->pool_type == D6O_IA_PD) &&
1630  (eval_prefix_mode(p->units, reply->preflen,
1631  prefix_mode) == 1) &&
1632  (create_prefix6(p, pref, &attempts,
1633  &reply->ia->iaid_duid,
1634  cur_time + 120) == ISC_R_SUCCESS)) {
1635  return (ISC_R_SUCCESS);
1636  }
1637  }
1638  }
1639 
1640  return ISC_R_NORESOURCES;
1641 }
1642 
1657 int
1658 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1659  int use_it = 1;
1660  switch (prefix_mode) {
1661  case PLM_EXACT:
1662  use_it = (len == preflen);
1663  break;
1664  case PLM_MINIMUM:
1665  /* they asked for a prefix length no "shorter" than preflen */
1666  use_it = (len >= preflen);
1667  break;
1668  case PLM_MAXIMUM:
1669  /* they asked for a prefix length no "longer" than preflen */
1670  use_it = (len <= preflen);
1671  break;
1672  default:
1673  /* otherwise use it */
1674  break;
1675  }
1676 
1677  return (use_it);
1678 }
1679 
1680 /*
1681  *! \file server/dhcpv6.c
1682  *
1683  * \brief construct a reply containing information about a client's lease
1684  *
1685  * lease_to_client() is called from several messages to construct a
1686  * reply that contains all that we know about the client's correct lease
1687  * (or projected lease).
1688  *
1689  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1690  * send what we "may" give them on a request.
1691  *
1692  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1693  * the client should really use).
1694  *
1695  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1696  * Rebind out any "wrong" addresses the client sends. This means we send
1697  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1698  * possibly send the address with zeroed lifetimes.
1699  *
1700  * Information-Request - No binding.
1701  *
1702  * The basic structure is to traverse the client-supplied data first, and
1703  * validate and echo back any contents that can be. If the client-supplied
1704  * data does not error out (on renew/rebind as above), but we did not send
1705  * any addresses, attempt to allocate one.
1706  *
1707  * At the end of the this function we call commit_leases_timed() to
1708  * fsync and rotate the file as necessary. commit_leases_timed() will
1709  * check that we have written at least one lease to the file and that
1710  * some time has passed before doing any fsync or file rewrite so we
1711  * don't bother tracking if we did a write_ia during this function.
1712  */
1713 /* TODO: look at client hints for lease times */
1714 
1715 static void
1716 lease_to_client(struct data_string *reply_ret,
1717  struct packet *packet,
1718  const struct data_string *client_id,
1719  const struct data_string *server_id)
1720 {
1721  static struct reply_state reply;
1722  struct option_cache *oc;
1723  struct data_string packet_oro;
1724  int i;
1725 
1726  memset(&packet_oro, 0, sizeof(packet_oro));
1727 
1728  /* Locate the client. */
1729  if (shared_network_from_packet6(&reply.shared,
1730  packet) != ISC_R_SUCCESS)
1731  goto exit;
1732 
1733  /*
1734  * Initialize the reply.
1735  */
1736  packet_reference(&reply.packet, packet, MDL);
1737  data_string_copy(&reply.client_id, client_id, MDL);
1738 
1739  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1740  &reply.buf.reply))
1741  goto exit;
1742 
1743  /* Set the write cursor to just past the reply header. */
1744  reply.cursor = REPLY_OPTIONS_INDEX;
1745 
1746  /*
1747  * Get the ORO from the packet, if any.
1748  */
1750  if (oc != NULL) {
1751  if (!evaluate_option_cache(&packet_oro, packet,
1752  NULL, NULL,
1753  packet->options, NULL,
1754  &global_scope, oc, MDL)) {
1755  log_error("lease_to_client: error evaluating ORO.");
1756  goto exit;
1757  }
1758  }
1759 
1760  /*
1761  * Find a host record that matches the packet, if any, and is
1762  * valid for the shared network the client is on.
1763  */
1764  if (find_hosts6(&reply.host, packet, client_id, MDL)) {
1765  packet->known = 1;
1766  seek_shared_host(&reply.host, reply.shared);
1767  }
1768 
1769  /* Process the client supplied IA's onto the reply buffer. */
1770  reply.ia_count = 0;
1772 
1773  for (; oc != NULL ; oc = oc->next) {
1774  isc_result_t status;
1775 
1776  /* Start counting resources (addresses) offered. */
1777  reply.client_resources = 0;
1778  reply.resources_included = ISC_FALSE;
1779 
1780  status = reply_process_ia_na(&reply, oc);
1781 
1782  /*
1783  * We continue to try other IA's whether we can address
1784  * this one or not. Any other result is an immediate fail.
1785  */
1786  if ((status != ISC_R_SUCCESS) &&
1787  (status != ISC_R_NORESOURCES))
1788  goto exit;
1789  }
1791  for (; oc != NULL ; oc = oc->next) {
1792  isc_result_t status;
1793 
1794  /* Start counting resources (addresses) offered. */
1795  reply.client_resources = 0;
1796  reply.resources_included = ISC_FALSE;
1797 
1798  status = reply_process_ia_ta(&reply, oc);
1799 
1800  /*
1801  * We continue to try other IA's whether we can address
1802  * this one or not. Any other result is an immediate fail.
1803  */
1804  if ((status != ISC_R_SUCCESS) &&
1805  (status != ISC_R_NORESOURCES))
1806  goto exit;
1807  }
1808 
1809  /* Same for IA_PD's. */
1810  reply.pd_count = 0;
1812  for (; oc != NULL ; oc = oc->next) {
1813  isc_result_t status;
1814 
1815  /* Start counting resources (prefixes) offered. */
1816  reply.client_resources = 0;
1817  reply.resources_included = ISC_FALSE;
1818 
1819  status = reply_process_ia_pd(&reply, oc);
1820 
1821  /*
1822  * We continue to try other IA_PD's whether we can address
1823  * this one or not. Any other result is an immediate fail.
1824  */
1825  if ((status != ISC_R_SUCCESS) &&
1826  (status != ISC_R_NORESOURCES))
1827  goto exit;
1828  }
1829 
1830  /*
1831  * Make no reply if we gave no resources and is not
1832  * for Information-Request.
1833  */
1834  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1835  if (reply.packet->dhcpv6_msg_type !=
1837  goto exit;
1838 
1839  /*
1840  * Because we only execute statements on a per-IA basis,
1841  * we need to execute statements in any non-IA reply to
1842  * source configuration.
1843  */
1844  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1845  reply.packet->options,
1846  reply.opt_state, &global_scope,
1847  reply.shared->group, root_group,
1848  NULL);
1849 
1850  /* Execute statements from class scopes. */
1851  for (i = reply.packet->class_count; i > 0; i--) {
1852  execute_statements_in_scope(NULL, reply.packet,
1853  NULL, NULL,
1854  reply.packet->options,
1855  reply.opt_state,
1856  &global_scope,
1857  reply.packet->classes[i - 1]->group,
1858  reply.shared->group, NULL);
1859  }
1860 
1861  /* Bring in any configuration from a host record. */
1862  if (reply.host != NULL)
1863  execute_statements_in_scope(NULL, reply.packet,
1864  NULL, NULL,
1865  reply.packet->options,
1866  reply.opt_state,
1867  &global_scope,
1868  reply.host->group,
1869  reply.shared->group, NULL);
1870  }
1871 
1872  /*
1873  * RFC3315 section 17.2.2 (Solicit):
1874  *
1875  * If the server will not assign any addresses to any IAs in a
1876  * subsequent Request from the client, the server MUST send an
1877  * Advertise message to the client that includes only a Status
1878  * Code option with code NoAddrsAvail and a status message for
1879  * the user, a Server Identifier option with the server's DUID,
1880  * and a Client Identifier option with the client's DUID.
1881  *
1882  * This has been updated by an errata such that the server
1883  * can always send an IA.
1884  *
1885  * Section 18.2.1 (Request):
1886  *
1887  * If the server cannot assign any addresses to an IA in the
1888  * message from the client, the server MUST include the IA in
1889  * the Reply message with no addresses in the IA and a Status
1890  * Code option in the IA containing status code NoAddrsAvail.
1891  *
1892  * Section 18.1.8 (Client Behavior):
1893  *
1894  * Leave unchanged any information about addresses the client has
1895  * recorded in the IA but that were not included in the IA from
1896  * the server.
1897  * Sends a Renew/Rebind if the IA is not in the Reply message.
1898  */
1899 
1900  /*
1901  * Having stored the client's IA's, store any options that
1902  * will fit in the remaining space.
1903  */
1904  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1905  sizeof(reply.buf) - reply.cursor,
1906  reply.opt_state, reply.packet,
1907  required_opts_solicit,
1908  &packet_oro);
1909 
1910  /* Return our reply to the caller. */
1911  reply_ret->len = reply.cursor;
1912  reply_ret->buffer = NULL;
1913  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1914  log_fatal("No memory to store Reply.");
1915  }
1916  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1917  reply_ret->data = reply_ret->buffer->data;
1918 
1919  /* If appropriate commit and rotate the lease file */
1920  (void) commit_leases_timed();
1921 
1922  exit:
1923  /* Cleanup. */
1924  if (reply.shared != NULL)
1925  shared_network_dereference(&reply.shared, MDL);
1926  if (reply.host != NULL)
1927  host_dereference(&reply.host, MDL);
1928  if (reply.opt_state != NULL)
1929  option_state_dereference(&reply.opt_state, MDL);
1930  if (reply.packet != NULL)
1931  packet_dereference(&reply.packet, MDL);
1932  if (reply.client_id.data != NULL)
1933  data_string_forget(&reply.client_id, MDL);
1934  if (packet_oro.buffer != NULL)
1935  data_string_forget(&packet_oro, MDL);
1936  reply.renew = reply.rebind = reply.min_prefer = reply.min_valid = 0;
1937  reply.cursor = 0;
1938 }
1939 
1940 /* Process a client-supplied IA_NA. This may append options to the tail of
1941  * the reply packet being built in the reply_state structure.
1942  */
1943 static isc_result_t
1944 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1945  isc_result_t status = ISC_R_SUCCESS;
1946  u_int32_t iaid;
1947  unsigned ia_cursor;
1948  struct option_state *packet_ia;
1949  struct option_cache *oc;
1950  struct data_string ia_data, data;
1951 
1952  /* Initialize values that will get cleaned up on return. */
1953  packet_ia = NULL;
1954  memset(&ia_data, 0, sizeof(ia_data));
1955  memset(&data, 0, sizeof(data));
1956  /*
1957  * Note that find_client_address() may set reply->lease.
1958  */
1959 
1960  /* Make sure there is at least room for the header. */
1961  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
1962  log_error("reply_process_ia_na: Reply too long for IA.");
1963  return ISC_R_NOSPACE;
1964  }
1965 
1966 
1967  /* Fetch the IA_NA contents. */
1968  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
1969  ia, IA_NA_OFFSET)) {
1970  log_error("reply_process_ia_na: error evaluating ia");
1971  status = ISC_R_FAILURE;
1972  goto cleanup;
1973  }
1974 
1975  /* Extract IA_NA header contents. */
1976  iaid = getULong(ia_data.data);
1977  reply->renew = getULong(ia_data.data + 4);
1978  reply->rebind = getULong(ia_data.data + 8);
1979 
1980  /* Create an IA_NA structure. */
1981  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
1982  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
1983  log_error("reply_process_ia_na: no memory for ia.");
1984  status = ISC_R_NOMEMORY;
1985  goto cleanup;
1986  }
1987  reply->ia->ia_type = D6O_IA_NA;
1988 
1989  /* Cache pre-existing IA, if any. */
1990  ia_hash_lookup(&reply->old_ia, ia_na_active,
1991  (unsigned char *)reply->ia->iaid_duid.data,
1992  reply->ia->iaid_duid.len, MDL);
1993 
1994  /*
1995  * Create an option cache to carry the IA_NA option contents, and
1996  * execute any user-supplied values into it.
1997  */
1998  if (!option_state_allocate(&reply->reply_ia, MDL)) {
1999  status = ISC_R_NOMEMORY;
2000  goto cleanup;
2001  }
2002 
2003  /* Check & cache the fixed host record. */
2004  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
2005  struct iaddr tmp_addr;
2006 
2007  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
2008  NULL, NULL, &global_scope,
2009  reply->host->fixed_addr, MDL)) {
2010  log_error("reply_process_ia_na: unable to evaluate "
2011  "fixed address.");
2012  status = ISC_R_FAILURE;
2013  goto cleanup;
2014  }
2015 
2016  if (reply->fixed.len < 16) {
2017  log_error("reply_process_ia_na: invalid fixed address.");
2018  status = DHCP_R_INVALIDARG;
2019  goto cleanup;
2020  }
2021 
2022  /* Find the static lease's subnet. */
2023  tmp_addr.len = 16;
2024  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2025 
2026  if (find_grouped_subnet(&reply->subnet, reply->shared,
2027  tmp_addr, MDL) == 0)
2028  log_fatal("Impossible condition at %s:%d.", MDL);
2029 
2030  reply->static_lease = ISC_TRUE;
2031  } else
2032  reply->static_lease = ISC_FALSE;
2033 
2034  /*
2035  * Save the cursor position at the start of the IA, so we can
2036  * set length and adjust t1/t2 values later. We write a temporary
2037  * header out now just in case we decide to adjust the packet
2038  * within sub-process functions.
2039  */
2040  ia_cursor = reply->cursor;
2041 
2042  /* Initialize the IA_NA header. First the code. */
2043  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2044  reply->cursor += 2;
2045 
2046  /* Then option length. */
2047  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2048  reply->cursor += 2;
2049 
2050  /* Then IA_NA header contents; IAID. */
2051  putULong(reply->buf.data + reply->cursor, iaid);
2052  reply->cursor += 4;
2053 
2054  /* We store the client's t1 for now, and may over-ride it later. */
2055  putULong(reply->buf.data + reply->cursor, reply->renew);
2056  reply->cursor += 4;
2057 
2058  /* We store the client's t2 for now, and may over-ride it later. */
2059  putULong(reply->buf.data + reply->cursor, reply->rebind);
2060  reply->cursor += 4;
2061 
2062  /*
2063  * For each address in this IA_NA, decide what to do about it.
2064  *
2065  * Guidelines:
2066  *
2067  * The client leaves unchanged any information about addresses
2068  * it has recorded but are not included ("cancel/break" below).
2069  * A not included IA ("cleanup" below) could give a Renew/Rebind.
2070  */
2071  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2072  reply->min_valid = reply->min_prefer = INFINITE_TIME;
2073  reply->client_valid = reply->client_prefer = 0;
2074  for (; oc != NULL ; oc = oc->next) {
2075  status = reply_process_addr(reply, oc);
2076 
2077  /*
2078  * Canceled means we did not allocate addresses to the
2079  * client, but we're "done" with this IA - we set a status
2080  * code. So transmit this reply, e.g., move on to the next
2081  * IA.
2082  */
2083  if (status == ISC_R_CANCELED)
2084  break;
2085 
2086  if ((status != ISC_R_SUCCESS) &&
2087  (status != ISC_R_ADDRINUSE) &&
2088  (status != ISC_R_ADDRNOTAVAIL))
2089  goto cleanup;
2090  }
2091 
2092  reply->ia_count++;
2093 
2094  /*
2095  * If we fell through the above and never gave the client
2096  * an address, give it one now.
2097  */
2098  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2099  status = find_client_address(reply);
2100 
2101  if (status == ISC_R_NORESOURCES) {
2102  switch (reply->packet->dhcpv6_msg_type) {
2103  case DHCPV6_SOLICIT:
2104  /*
2105  * No address for any IA is handled
2106  * by the caller.
2107  */
2108  /* FALL THROUGH */
2109 
2110  case DHCPV6_REQUEST:
2111  /* Section 18.2.1 (Request):
2112  *
2113  * If the server cannot assign any addresses to
2114  * an IA in the message from the client, the
2115  * server MUST include the IA in the Reply
2116  * message with no addresses in the IA and a
2117  * Status Code option in the IA containing
2118  * status code NoAddrsAvail.
2119  */
2120  option_state_dereference(&reply->reply_ia, MDL);
2121  if (!option_state_allocate(&reply->reply_ia,
2122  MDL))
2123  {
2124  log_error("reply_process_ia_na: No "
2125  "memory for option state "
2126  "wipe.");
2127  status = ISC_R_NOMEMORY;
2128  goto cleanup;
2129  }
2130 
2131  if (!set_status_code(STATUS_NoAddrsAvail,
2132  "No addresses available "
2133  "for this interface.",
2134  reply->reply_ia)) {
2135  log_error("reply_process_ia_na: Unable "
2136  "to set NoAddrsAvail status "
2137  "code.");
2138  status = ISC_R_FAILURE;
2139  goto cleanup;
2140  }
2141 
2142  status = ISC_R_SUCCESS;
2143  break;
2144 
2145  default:
2146  /*
2147  * RFC 3315 does not tell us to emit a status
2148  * code in this condition, or anything else.
2149  *
2150  * If we included non-allocated addresses
2151  * (zeroed lifetimes) in an IA, then the client
2152  * will deconfigure them.
2153  *
2154  * So we want to include the IA even if we
2155  * can't give it a new address if it includes
2156  * zeroed lifetime addresses.
2157  *
2158  * We don't want to include the IA if we
2159  * provide zero addresses including zeroed
2160  * lifetimes.
2161  */
2162  if (reply->resources_included)
2163  status = ISC_R_SUCCESS;
2164  else
2165  goto cleanup;
2166  break;
2167  }
2168  }
2169 
2170  if (status != ISC_R_SUCCESS)
2171  goto cleanup;
2172  }
2173 
2174  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2175  sizeof(reply->buf) - reply->cursor,
2176  reply->reply_ia, reply->packet,
2177  required_opts_IA, NULL);
2178 
2179  /* Reset the length of this IA to match what was just written. */
2180  putUShort(reply->buf.data + ia_cursor + 2,
2181  reply->cursor - (ia_cursor + 4));
2182 
2183  /* Calculate T1/T2 and stuff them in the reply */
2184  set_reply_tee_times(reply, ia_cursor);
2185 
2186  /*
2187  * yes, goto's aren't the best but we also want to avoid extra
2188  * indents
2189  */
2190  if (status == ISC_R_CANCELED)
2191  goto cleanup;
2192 
2193  /*
2194  * Handle static leases, we always log stuff and if it's
2195  * a hard binding we run any commit statements that we have
2196  */
2197  if (reply->static_lease) {
2198  char tmp_addr[INET6_ADDRSTRLEN];
2199  log_info("%s NA: address %s to client with duid %s iaid = %d "
2200  "static",
2201  dhcpv6_type_names[reply->buf.reply.msg_type],
2202  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2203  sizeof(tmp_addr)),
2204  print_hex_1(reply->client_id.len,
2205  reply->client_id.data, 60),
2206  iaid);
2207 
2208  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2209  (reply->on_star.on_commit != NULL)) {
2210  execute_statements(NULL, reply->packet, NULL, NULL,
2211  reply->packet->options,
2212  reply->opt_state, NULL,
2213  reply->on_star.on_commit, NULL);
2215  (&reply->on_star.on_commit, MDL);
2216  }
2217  goto cleanup;
2218  }
2219 
2220  /*
2221  * If we have any addresses log what we are doing.
2222  */
2223  if (reply->ia->num_iasubopt != 0) {
2224  struct iasubopt *tmp;
2225  int i;
2226  char tmp_addr[INET6_ADDRSTRLEN];
2227 
2228  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2229  tmp = reply->ia->iasubopt[i];
2230 
2231  log_info("%s NA: address %s to client with duid %s "
2232  "iaid = %d valid for %u seconds",
2233  dhcpv6_type_names[reply->buf.reply.msg_type],
2234  inet_ntop(AF_INET6, &tmp->addr,
2235  tmp_addr, sizeof(tmp_addr)),
2236  print_hex_1(reply->client_id.len,
2237  reply->client_id.data, 60),
2238  iaid, tmp->valid);
2239  }
2240  }
2241 
2242  /*
2243  * If this is not a 'soft' binding, consume the new changes into
2244  * the database (if any have been attached to the ia_na).
2245  *
2246  * Loop through the assigned dynamic addresses, referencing the
2247  * leases onto this IA_NA rather than any old ones, and updating
2248  * pool timers for each (if any).
2249  */
2250 
2251  if ((reply->ia->num_iasubopt != 0) &&
2252  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2253  struct iasubopt *tmp;
2254  struct data_string *ia_id;
2255  int i;
2256 
2257  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2258  tmp = reply->ia->iasubopt[i];
2259 
2260  if (tmp->ia != NULL)
2261  ia_dereference(&tmp->ia, MDL);
2262  ia_reference(&tmp->ia, reply->ia, MDL);
2263 
2264  /* Commit 'hard' bindings. */
2265  renew_lease6(tmp->ipv6_pool, tmp);
2267 
2268  /* If we have anything to do on commit do it now */
2269  if (tmp->on_star.on_commit != NULL) {
2270  execute_statements(NULL, reply->packet,
2271  NULL, NULL,
2272  reply->packet->options,
2273  reply->opt_state,
2274  &tmp->scope,
2275  tmp->on_star.on_commit,
2276  &tmp->on_star);
2278  (&tmp->on_star.on_commit, MDL);
2279  }
2280 
2281 #if defined (NSUPDATE)
2282  /*
2283  * Perform ddns updates.
2284  */
2285  oc = lookup_option(&server_universe, reply->opt_state,
2286  SV_DDNS_UPDATES);
2287  if ((oc == NULL) ||
2288  evaluate_boolean_option_cache(NULL, reply->packet,
2289  NULL, NULL,
2290  reply->packet->options,
2291  reply->opt_state,
2292  &tmp->scope,
2293  oc, MDL)) {
2294  ddns_updates(reply->packet, NULL, NULL,
2295  tmp, NULL, reply->opt_state);
2296  }
2297 #endif
2298  /* Do our threshold check. */
2299  check_pool6_threshold(reply, tmp);
2300  }
2301 
2302  /* Remove any old ia from the hash. */
2303  if (reply->old_ia != NULL) {
2304  ia_id = &reply->old_ia->iaid_duid;
2305  ia_hash_delete(ia_na_active,
2306  (unsigned char *)ia_id->data,
2307  ia_id->len, MDL);
2308  ia_dereference(&reply->old_ia, MDL);
2309  }
2310 
2311  /* Put new ia into the hash. */
2312  reply->ia->cltt = cur_time;
2313  ia_id = &reply->ia->iaid_duid;
2314  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2315  ia_id->len, reply->ia, MDL);
2316 
2317  write_ia(reply->ia);
2318  } else {
2319  schedule_lease_timeout_reply(reply);
2320  }
2321 
2322  cleanup:
2323  if (packet_ia != NULL)
2324  option_state_dereference(&packet_ia, MDL);
2325  if (reply->reply_ia != NULL)
2326  option_state_dereference(&reply->reply_ia, MDL);
2327  if (ia_data.data != NULL)
2328  data_string_forget(&ia_data, MDL);
2329  if (data.data != NULL)
2331  if (reply->ia != NULL)
2332  ia_dereference(&reply->ia, MDL);
2333  if (reply->old_ia != NULL)
2334  ia_dereference(&reply->old_ia, MDL);
2335  if (reply->lease != NULL)
2336  iasubopt_dereference(&reply->lease, MDL);
2337  if (reply->fixed.data != NULL)
2338  data_string_forget(&reply->fixed, MDL);
2339  if (reply->subnet != NULL)
2340  subnet_dereference(&reply->subnet, MDL);
2341  if (reply->on_star.on_expiry != NULL)
2343  (&reply->on_star.on_expiry, MDL);
2344  if (reply->on_star.on_release != NULL)
2346  (&reply->on_star.on_release, MDL);
2347 
2348  /*
2349  * ISC_R_CANCELED is a status code used by the addr processing to
2350  * indicate we're replying with a status code. This is still a
2351  * success at higher layers.
2352  */
2353  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2354 }
2355 
2356 /*
2357  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2358  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2359  * in the event we are replying with a status code and do not wish to process
2360  * more IAADDRs within this IA.
2361  */
2362 static isc_result_t
2363 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2364  u_int32_t pref_life, valid_life;
2365  struct binding_scope **scope;
2366  struct group *group;
2367  struct subnet *subnet;
2368  struct iaddr tmp_addr;
2369  struct option_cache *oc;
2370  struct data_string iaaddr, data;
2371  isc_result_t status = ISC_R_SUCCESS;
2372 
2373  /* Initializes values that will be cleaned up. */
2374  memset(&iaaddr, 0, sizeof(iaaddr));
2375  memset(&data, 0, sizeof(data));
2376  /* Note that reply->lease may be set by address_is_owned() */
2377 
2378  /*
2379  * There is no point trying to process an incoming address if there
2380  * is no room for an outgoing address.
2381  */
2382  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2383  log_error("reply_process_addr: Out of room for address.");
2384  return ISC_R_NOSPACE;
2385  }
2386 
2387  /* Extract this IAADDR option. */
2388  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2389  reply->packet->options, NULL, &global_scope,
2390  addr, MDL) ||
2391  (iaaddr.len < IAADDR_OFFSET)) {
2392  log_error("reply_process_addr: error evaluating IAADDR.");
2393  status = ISC_R_FAILURE;
2394  goto cleanup;
2395  }
2396 
2397  /* The first 16 bytes are the IPv6 address. */
2398  pref_life = getULong(iaaddr.data + 16);
2399  valid_life = getULong(iaaddr.data + 20);
2400 
2401  if ((reply->client_valid == 0) ||
2402  (reply->client_valid > valid_life))
2403  reply->client_valid = valid_life;
2404 
2405  if ((reply->client_prefer == 0) ||
2406  (reply->client_prefer > pref_life))
2407  reply->client_prefer = pref_life;
2408 
2409  /*
2410  * Clients may choose to send :: as an address, with the idea to give
2411  * hints about preferred-lifetime or valid-lifetime.
2412  */
2413  tmp_addr.len = 16;
2414  memset(tmp_addr.iabuf, 0, 16);
2415  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2416  /* Status remains success; we just ignore this one. */
2417  goto cleanup;
2418  }
2419 
2420  /* tmp_addr len remains 16 */
2421  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2422 
2423  /*
2424  * Verify that this address is on the client's network.
2425  */
2426  for (subnet = reply->shared->subnets ; subnet != NULL ;
2427  subnet = subnet->next_sibling) {
2428  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2429  subnet->net))
2430  break;
2431  }
2432 
2433  /* Address not found on shared network. */
2434  if (subnet == NULL) {
2435  /* Ignore this address on 'soft' bindings. */
2436  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2437  /* disable rapid commit */
2438  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2440  reply->opt_state,
2442  /* status remains success */
2443  goto cleanup;
2444  }
2445 
2446  /*
2447  * RFC3315 section 18.2.1:
2448  *
2449  * If the server finds that the prefix on one or more IP
2450  * addresses in any IA in the message from the client is not
2451  * appropriate for the link to which the client is connected,
2452  * the server MUST return the IA to the client with a Status
2453  * Code option with the value NotOnLink.
2454  */
2455  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2456  /* Rewind the IA_NA to empty. */
2457  option_state_dereference(&reply->reply_ia, MDL);
2458  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2459  log_error("reply_process_addr: No memory for "
2460  "option state wipe.");
2461  status = ISC_R_NOMEMORY;
2462  goto cleanup;
2463  }
2464 
2465  /* Append a NotOnLink status code. */
2466  if (!set_status_code(STATUS_NotOnLink,
2467  "Address not for use on this "
2468  "link.", reply->reply_ia)) {
2469  log_error("reply_process_addr: Failure "
2470  "setting status code.");
2471  status = ISC_R_FAILURE;
2472  goto cleanup;
2473  }
2474 
2475  /* Fin (no more IAADDRs). */
2476  status = ISC_R_CANCELED;
2477  goto cleanup;
2478  }
2479 
2480  /*
2481  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2482  *
2483  * If the server finds that any of the addresses are not
2484  * appropriate for the link to which the client is attached,
2485  * the server returns the address to the client with lifetimes
2486  * of 0.
2487  */
2488  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2489  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2490  log_error("It is impossible to lease a client that is "
2491  "not sending a solicit, request, renew, or "
2492  "rebind.");
2493  status = ISC_R_FAILURE;
2494  goto cleanup;
2495  }
2496 
2497  reply->send_prefer = reply->send_valid = 0;
2498  goto send_addr;
2499  }
2500 
2501  /* Verify the address belongs to the client. */
2502  if (!address_is_owned(reply, &tmp_addr)) {
2503  /*
2504  * For solicit and request, any addresses included are
2505  * 'requested' addresses. For rebind, we actually have
2506  * no direction on what to do from 3315 section 18.2.4!
2507  * So I think the best bet is to try and give it out, and if
2508  * we can't, zero lifetimes.
2509  */
2510  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2511  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2512  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2513  status = reply_process_try_addr(reply, &tmp_addr);
2514 
2515  /*
2516  * If the address is in use, or isn't in any dynamic
2517  * range, continue as normal. If any other error was
2518  * found, error out.
2519  */
2520  if ((status != ISC_R_SUCCESS) &&
2521  (status != ISC_R_ADDRINUSE) &&
2522  (status != ISC_R_ADDRNOTAVAIL))
2523  goto cleanup;
2524 
2525  /*
2526  * If we didn't honor this lease, for solicit and
2527  * request we simply omit it from our answer. For
2528  * rebind, we send it with zeroed lifetimes.
2529  */
2530  if (reply->lease == NULL) {
2531  if (reply->packet->dhcpv6_msg_type ==
2532  DHCPV6_REBIND) {
2533  reply->send_prefer = 0;
2534  reply->send_valid = 0;
2535  goto send_addr;
2536  }
2537 
2538  /* status remains success - ignore */
2539  goto cleanup;
2540  }
2541  /*
2542  * RFC3315 section 18.2.3:
2543  *
2544  * If the server cannot find a client entry for the IA the
2545  * server returns the IA containing no addresses with a Status
2546  * Code option set to NoBinding in the Reply message.
2547  *
2548  * On mismatch we (ab)use this pretending we have not the IA
2549  * as soon as we have not an address.
2550  */
2551  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2552  /* Rewind the IA_NA to empty. */
2553  option_state_dereference(&reply->reply_ia, MDL);
2554  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2555  log_error("reply_process_addr: No memory for "
2556  "option state wipe.");
2557  status = ISC_R_NOMEMORY;
2558  goto cleanup;
2559  }
2560 
2561  /* Append a NoBinding status code. */
2562  if (!set_status_code(STATUS_NoBinding,
2563  "Address not bound to this "
2564  "interface.", reply->reply_ia)) {
2565  log_error("reply_process_addr: Unable to "
2566  "attach status code.");
2567  status = ISC_R_FAILURE;
2568  goto cleanup;
2569  }
2570 
2571  /* Fin (no more IAADDRs). */
2572  status = ISC_R_CANCELED;
2573  goto cleanup;
2574  } else {
2575  log_error("It is impossible to lease a client that is "
2576  "not sending a solicit, request, renew, or "
2577  "rebind message.");
2578  status = ISC_R_FAILURE;
2579  goto cleanup;
2580  }
2581  }
2582 
2583  if (reply->static_lease) {
2584  if (reply->host == NULL)
2585  log_fatal("Impossible condition at %s:%d.", MDL);
2586 
2587  scope = &global_scope;
2588  group = reply->subnet->group;
2589  } else {
2590  if (reply->lease == NULL)
2591  log_fatal("Impossible condition at %s:%d.", MDL);
2592 
2593  scope = &reply->lease->scope;
2594  group = reply->lease->ipv6_pool->ipv6_pond->group;
2595  }
2596 
2597  /*
2598  * If client_resources is nonzero, then the reply_process_is_addressed
2599  * function has executed configuration state into the reply option
2600  * cache. We will use that valid cache to derive configuration for
2601  * whether or not to engage in additional addresses, and similar.
2602  */
2603  if (reply->client_resources != 0) {
2604  unsigned limit = 1;
2605 
2606  /*
2607  * Does this client have "enough" addresses already? Default
2608  * to one. Everybody gets one, and one should be enough for
2609  * anybody.
2610  */
2611  oc = lookup_option(&server_universe, reply->opt_state,
2613  if (oc != NULL) {
2614  if (!evaluate_option_cache(&data, reply->packet,
2615  NULL, NULL,
2616  reply->packet->options,
2617  reply->opt_state,
2618  scope, oc, MDL) ||
2619  (data.len != 4)) {
2620  log_error("reply_process_addr: unable to "
2621  "evaluate addrs-per-ia value.");
2622  status = ISC_R_FAILURE;
2623  goto cleanup;
2624  }
2625 
2626  limit = getULong(data.data);
2628  }
2629 
2630  /*
2631  * If we wish to limit the client to a certain number of
2632  * addresses, then omit the address from the reply.
2633  */
2634  if (reply->client_resources >= limit)
2635  goto cleanup;
2636  }
2637 
2638  status = reply_process_is_addressed(reply, scope, group);
2639  if (status != ISC_R_SUCCESS)
2640  goto cleanup;
2641 
2642  send_addr:
2643  status = reply_process_send_addr(reply, &tmp_addr);
2644 
2645  cleanup:
2646  if (iaaddr.data != NULL)
2647  data_string_forget(&iaaddr, MDL);
2648  if (data.data != NULL)
2650  if (reply->lease != NULL)
2651  iasubopt_dereference(&reply->lease, MDL);
2652 
2653  return status;
2654 }
2655 
2656 /*
2657  * Verify the address belongs to the client. If we've got a host
2658  * record with a fixed address, it has to be the assigned address
2659  * (fault out all else). Otherwise it's a dynamic address, so lookup
2660  * that address and make sure it belongs to this DUID:IAID pair.
2661  */
2662 static isc_boolean_t
2663 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2664  int i;
2665  struct ipv6_pond *pond;
2666 
2667  /*
2668  * This faults out addresses that don't match fixed addresses.
2669  */
2670  if (reply->static_lease) {
2671  if (reply->fixed.data == NULL)
2672  log_fatal("Impossible condition at %s:%d.", MDL);
2673 
2674  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2675  return (ISC_TRUE);
2676 
2677  return (ISC_FALSE);
2678  }
2679 
2680  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2681  return (ISC_FALSE);
2682 
2683  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2684  struct iasubopt *tmp;
2685 
2686  tmp = reply->old_ia->iasubopt[i];
2687 
2688  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2689  if (lease6_usable(tmp) == ISC_FALSE) {
2690  return (ISC_FALSE);
2691  }
2692 
2693  pond = tmp->ipv6_pool->ipv6_pond;
2694  if (((pond->prohibit_list != NULL) &&
2695  (permitted(reply->packet, pond->prohibit_list))) ||
2696  ((pond->permit_list != NULL) &&
2697  (!permitted(reply->packet, pond->permit_list))))
2698  return (ISC_FALSE);
2699 
2700  iasubopt_reference(&reply->lease, tmp, MDL);
2701 
2702  return (ISC_TRUE);
2703  }
2704  }
2705 
2706  return (ISC_FALSE);
2707 }
2708 
2709 /* Process a client-supplied IA_TA. This may append options to the tail of
2710  * the reply packet being built in the reply_state structure.
2711  */
2712 static isc_result_t
2713 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2714  isc_result_t status = ISC_R_SUCCESS;
2715  u_int32_t iaid;
2716  unsigned ia_cursor;
2717  struct option_state *packet_ia;
2718  struct option_cache *oc;
2719  struct data_string ia_data, data;
2720  struct data_string iaaddr;
2721  u_int32_t pref_life, valid_life;
2722  struct iaddr tmp_addr;
2723 
2724  /* Initialize values that will get cleaned up on return. */
2725  packet_ia = NULL;
2726  memset(&ia_data, 0, sizeof(ia_data));
2727  memset(&data, 0, sizeof(data));
2728  memset(&iaaddr, 0, sizeof(iaaddr));
2729 
2730  /* Make sure there is at least room for the header. */
2731  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2732  log_error("reply_process_ia_ta: Reply too long for IA.");
2733  return ISC_R_NOSPACE;
2734  }
2735 
2736 
2737  /* Fetch the IA_TA contents. */
2738  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2739  ia, IA_TA_OFFSET)) {
2740  log_error("reply_process_ia_ta: error evaluating ia");
2741  status = ISC_R_FAILURE;
2742  goto cleanup;
2743  }
2744 
2745  /* Extract IA_TA header contents. */
2746  iaid = getULong(ia_data.data);
2747 
2748  /* Create an IA_TA structure. */
2749  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2750  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2751  log_error("reply_process_ia_ta: no memory for ia.");
2752  status = ISC_R_NOMEMORY;
2753  goto cleanup;
2754  }
2755  reply->ia->ia_type = D6O_IA_TA;
2756 
2757  /* Cache pre-existing IA, if any. */
2758  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2759  (unsigned char *)reply->ia->iaid_duid.data,
2760  reply->ia->iaid_duid.len, MDL);
2761 
2762  /*
2763  * Create an option cache to carry the IA_TA option contents, and
2764  * execute any user-supplied values into it.
2765  */
2766  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2767  status = ISC_R_NOMEMORY;
2768  goto cleanup;
2769  }
2770 
2771  /*
2772  * Temporary leases are dynamic by definition.
2773  */
2774  reply->static_lease = ISC_FALSE;
2775 
2776  /*
2777  * Save the cursor position at the start of the IA, so we can
2778  * set length later. We write a temporary
2779  * header out now just in case we decide to adjust the packet
2780  * within sub-process functions.
2781  */
2782  ia_cursor = reply->cursor;
2783 
2784  /* Initialize the IA_TA header. First the code. */
2785  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2786  reply->cursor += 2;
2787 
2788  /* Then option length. */
2789  putUShort(reply->buf.data + reply->cursor, 0x04u);
2790  reply->cursor += 2;
2791 
2792  /* Then IA_TA header contents; IAID. */
2793  putULong(reply->buf.data + reply->cursor, iaid);
2794  reply->cursor += 4;
2795 
2796  /*
2797  * Deal with an IAADDR for lifetimes.
2798  * For all or none, process IAADDRs as hints.
2799  */
2800  reply->min_valid = reply->min_prefer = INFINITE_TIME;
2801  reply->client_valid = reply->client_prefer = 0;
2802  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2803  for (; oc != NULL; oc = oc->next) {
2804  memset(&iaaddr, 0, sizeof(iaaddr));
2805  if (!evaluate_option_cache(&iaaddr, reply->packet,
2806  NULL, NULL,
2807  reply->packet->options, NULL,
2808  &global_scope, oc, MDL) ||
2809  (iaaddr.len < IAADDR_OFFSET)) {
2810  log_error("reply_process_ia_ta: error "
2811  "evaluating IAADDR.");
2812  status = ISC_R_FAILURE;
2813  goto cleanup;
2814  }
2815  /* The first 16 bytes are the IPv6 address. */
2816  pref_life = getULong(iaaddr.data + 16);
2817  valid_life = getULong(iaaddr.data + 20);
2818 
2819  if ((reply->client_valid == 0) ||
2820  (reply->client_valid > valid_life))
2821  reply->client_valid = valid_life;
2822 
2823  if ((reply->client_prefer == 0) ||
2824  (reply->client_prefer > pref_life))
2825  reply->client_prefer = pref_life;
2826 
2827  /* Nothing more if something has failed. */
2828  if (status == ISC_R_CANCELED)
2829  continue;
2830 
2831  tmp_addr.len = 16;
2832  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2833  if (!temporary_is_available(reply, &tmp_addr))
2834  goto bad_temp;
2835  status = reply_process_is_addressed(reply,
2836  &reply->lease->scope,
2837  reply->lease->ipv6_pool->ipv6_pond->group);
2838  if (status != ISC_R_SUCCESS)
2839  goto bad_temp;
2840  status = reply_process_send_addr(reply, &tmp_addr);
2841  if (status != ISC_R_SUCCESS)
2842  goto bad_temp;
2843  if (reply->lease != NULL)
2844  iasubopt_dereference(&reply->lease, MDL);
2845  continue;
2846 
2847  bad_temp:
2848  /* Rewind the IA_TA to empty. */
2849  option_state_dereference(&reply->reply_ia, MDL);
2850  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2851  status = ISC_R_NOMEMORY;
2852  goto cleanup;
2853  }
2854  status = ISC_R_CANCELED;
2855  reply->client_resources = 0;
2856  reply->resources_included = ISC_FALSE;
2857  if (reply->lease != NULL)
2858  iasubopt_dereference(&reply->lease, MDL);
2859  }
2860  reply->ia_count++;
2861 
2862  /*
2863  * Give the client temporary addresses.
2864  */
2865  if (reply->client_resources != 0)
2866  goto store;
2867  status = find_client_temporaries(reply);
2868  if (status == ISC_R_NORESOURCES) {
2869  switch (reply->packet->dhcpv6_msg_type) {
2870  case DHCPV6_SOLICIT:
2871  /*
2872  * No address for any IA is handled
2873  * by the caller.
2874  */
2875  /* FALL THROUGH */
2876 
2877  case DHCPV6_REQUEST:
2878  /* Section 18.2.1 (Request):
2879  *
2880  * If the server cannot assign any addresses to
2881  * an IA in the message from the client, the
2882  * server MUST include the IA in the Reply
2883  * message with no addresses in the IA and a
2884  * Status Code option in the IA containing
2885  * status code NoAddrsAvail.
2886  */
2887  option_state_dereference(&reply->reply_ia, MDL);
2888  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2889  log_error("reply_process_ia_ta: No "
2890  "memory for option state wipe.");
2891  status = ISC_R_NOMEMORY;
2892  goto cleanup;
2893  }
2894 
2895  if (!set_status_code(STATUS_NoAddrsAvail,
2896  "No addresses available "
2897  "for this interface.",
2898  reply->reply_ia)) {
2899  log_error("reply_process_ia_ta: Unable "
2900  "to set NoAddrsAvail status code.");
2901  status = ISC_R_FAILURE;
2902  goto cleanup;
2903  }
2904 
2905  status = ISC_R_SUCCESS;
2906  break;
2907 
2908  default:
2909  /*
2910  * We don't want to include the IA if we
2911  * provide zero addresses including zeroed
2912  * lifetimes.
2913  */
2914  if (reply->resources_included)
2915  status = ISC_R_SUCCESS;
2916  else
2917  goto cleanup;
2918  break;
2919  }
2920  } else if (status != ISC_R_SUCCESS)
2921  goto cleanup;
2922 
2923  store:
2924  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2925  sizeof(reply->buf) - reply->cursor,
2926  reply->reply_ia, reply->packet,
2927  required_opts_IA, NULL);
2928 
2929  /* Reset the length of this IA to match what was just written. */
2930  putUShort(reply->buf.data + ia_cursor + 2,
2931  reply->cursor - (ia_cursor + 4));
2932 
2933  /*
2934  * yes, goto's aren't the best but we also want to avoid extra
2935  * indents
2936  */
2937  if (status == ISC_R_CANCELED)
2938  goto cleanup;
2939 
2940  /*
2941  * If we have any addresses log what we are doing.
2942  */
2943  if (reply->ia->num_iasubopt != 0) {
2944  struct iasubopt *tmp;
2945  int i;
2946  char tmp_addr[INET6_ADDRSTRLEN];
2947 
2948  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2949  tmp = reply->ia->iasubopt[i];
2950 
2951  log_info("%s TA: address %s to client with duid %s "
2952  "iaid = %d valid for %u seconds",
2953  dhcpv6_type_names[reply->buf.reply.msg_type],
2954  inet_ntop(AF_INET6, &tmp->addr,
2955  tmp_addr, sizeof(tmp_addr)),
2956  print_hex_1(reply->client_id.len,
2957  reply->client_id.data, 60),
2958  iaid,
2959  tmp->valid);
2960  }
2961  }
2962 
2963  /*
2964  * For hard bindings we consume the new changes into
2965  * the database (if any have been attached to the ia_ta).
2966  *
2967  * Loop through the assigned dynamic addresses, referencing the
2968  * leases onto this IA_TA rather than any old ones, and updating
2969  * pool timers for each (if any).
2970  */
2971  if ((reply->ia->num_iasubopt != 0) &&
2972  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2973  struct iasubopt *tmp;
2974  struct data_string *ia_id;
2975  int i;
2976 
2977  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2978  tmp = reply->ia->iasubopt[i];
2979 
2980  if (tmp->ia != NULL)
2981  ia_dereference(&tmp->ia, MDL);
2982  ia_reference(&tmp->ia, reply->ia, MDL);
2983 
2984  /* Commit 'hard' bindings. */
2985  renew_lease6(tmp->ipv6_pool, tmp);
2987 
2988  /* If we have anything to do on commit do it now */
2989  if (tmp->on_star.on_commit != NULL) {
2990  execute_statements(NULL, reply->packet,
2991  NULL, NULL,
2992  reply->packet->options,
2993  reply->opt_state,
2994  &tmp->scope,
2995  tmp->on_star.on_commit,
2996  &tmp->on_star);
2998  (&tmp->on_star.on_commit, MDL);
2999  }
3000 
3001 #if defined (NSUPDATE)
3002  /*
3003  * Perform ddns updates.
3004  */
3005  oc = lookup_option(&server_universe, reply->opt_state,
3006  SV_DDNS_UPDATES);
3007  if ((oc == NULL) ||
3008  evaluate_boolean_option_cache(NULL, reply->packet,
3009  NULL, NULL,
3010  reply->packet->options,
3011  reply->opt_state,
3012  &tmp->scope,
3013  oc, MDL)) {
3014  ddns_updates(reply->packet, NULL, NULL,
3015  tmp, NULL, reply->opt_state);
3016  }
3017 #endif
3018  /* Do our threshold check. */
3019  check_pool6_threshold(reply, tmp);
3020  }
3021 
3022  /* Remove any old ia from the hash. */
3023  if (reply->old_ia != NULL) {
3024  ia_id = &reply->old_ia->iaid_duid;
3025  ia_hash_delete(ia_ta_active,
3026  (unsigned char *)ia_id->data,
3027  ia_id->len, MDL);
3028  ia_dereference(&reply->old_ia, MDL);
3029  }
3030 
3031  /* Put new ia into the hash. */
3032  reply->ia->cltt = cur_time;
3033  ia_id = &reply->ia->iaid_duid;
3034  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3035  ia_id->len, reply->ia, MDL);
3036 
3037  write_ia(reply->ia);
3038  } else {
3039  schedule_lease_timeout_reply(reply);
3040  }
3041 
3042  cleanup:
3043  if (packet_ia != NULL)
3044  option_state_dereference(&packet_ia, MDL);
3045  if (iaaddr.data != NULL)
3046  data_string_forget(&iaaddr, MDL);
3047  if (reply->reply_ia != NULL)
3048  option_state_dereference(&reply->reply_ia, MDL);
3049  if (ia_data.data != NULL)
3050  data_string_forget(&ia_data, MDL);
3051  if (data.data != NULL)
3053  if (reply->ia != NULL)
3054  ia_dereference(&reply->ia, MDL);
3055  if (reply->old_ia != NULL)
3056  ia_dereference(&reply->old_ia, MDL);
3057  if (reply->lease != NULL)
3058  iasubopt_dereference(&reply->lease, MDL);
3059 
3060  /*
3061  * ISC_R_CANCELED is a status code used by the addr processing to
3062  * indicate we're replying with other addresses. This is still a
3063  * success at higher layers.
3064  */
3065  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3066 }
3067 
3068 /*
3069  * Verify the temporary address is available.
3070  */
3071 static isc_boolean_t
3072 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3073  struct in6_addr tmp_addr;
3074  struct subnet *subnet;
3075  struct ipv6_pool *pool = NULL;
3076  struct ipv6_pond *pond = NULL;
3077  int i;
3078 
3079  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3080  /*
3081  * Clients may choose to send :: as an address, with the idea to give
3082  * hints about preferred-lifetime or valid-lifetime.
3083  * So this is not a request for this address.
3084  */
3085  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3086  return ISC_FALSE;
3087 
3088  /*
3089  * Verify that this address is on the client's network.
3090  */
3091  for (subnet = reply->shared->subnets ; subnet != NULL ;
3092  subnet = subnet->next_sibling) {
3093  if (addr_eq(subnet_number(*addr, subnet->netmask),
3094  subnet->net))
3095  break;
3096  }
3097 
3098  /* Address not found on shared network. */
3099  if (subnet == NULL)
3100  return ISC_FALSE;
3101 
3102  /*
3103  * Check if this address is owned (must be before next step).
3104  */
3105  if (address_is_owned(reply, addr))
3106  return ISC_TRUE;
3107 
3108  /*
3109  * Verify that this address is in a temporary pool and try to get it.
3110  */
3111  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3112  if (((pond->prohibit_list != NULL) &&
3113  (permitted(reply->packet, pond->prohibit_list))) ||
3114  ((pond->permit_list != NULL) &&
3115  (!permitted(reply->packet, pond->permit_list))))
3116  continue;
3117 
3118  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3119  if (pool->pool_type != D6O_IA_TA)
3120  continue;
3121 
3122  if (ipv6_in_pool(&tmp_addr, pool))
3123  break;
3124  }
3125 
3126  if (pool != NULL)
3127  break;
3128  }
3129 
3130  if (pool == NULL)
3131  return ISC_FALSE;
3132  if (lease6_exists(pool, &tmp_addr))
3133  return ISC_FALSE;
3134  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3135  return ISC_FALSE;
3136  reply->lease->addr = tmp_addr;
3137  reply->lease->plen = 0;
3138  /* Default is soft binding for 2 minutes. */
3139  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3140  return ISC_FALSE;
3141 
3142  return ISC_TRUE;
3143 }
3144 
3145 /*
3146  * Get a temporary address per prefix.
3147  */
3148 static isc_result_t
3149 find_client_temporaries(struct reply_state *reply) {
3150  int i;
3151  struct ipv6_pool *p = NULL;
3152  struct ipv6_pond *pond;
3153  isc_result_t status = ISC_R_NORESOURCES;;
3154  unsigned int attempts;
3155  struct iaddr send_addr;
3156 
3157  /*
3158  * Do a quick walk through of the ponds and pools
3159  * to see if we have any prefix pools
3160  */
3161  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3162  if (pond->ipv6_pools == NULL)
3163  continue;
3164 
3165  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3166  if (p->pool_type == D6O_IA_TA)
3167  break;
3168  }
3169  if (p != NULL)
3170  break;
3171  }
3172 
3173  /* If we get here and p is NULL we have no useful pools */
3174  if (p == NULL) {
3175  log_debug("Unable to get client addresses: "
3176  "no IPv6 pools on this shared network");
3177  return ISC_R_NORESOURCES;
3178  }
3179 
3180  /*
3181  * We have at least one pool that could provide an address
3182  * Now we walk through the ponds and pools again and check
3183  * to see if the client is permitted and if an address is
3184  * available
3185  */
3186 
3187  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3188  if (((pond->prohibit_list != NULL) &&
3189  (permitted(reply->packet, pond->prohibit_list))) ||
3190  ((pond->permit_list != NULL) &&
3191  (!permitted(reply->packet, pond->permit_list))))
3192  continue;
3193 
3194  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3195  if (p->pool_type != D6O_IA_TA) {
3196  continue;
3197  }
3198 
3199  /*
3200  * Get an address in this temporary pool.
3201  */
3202  status = create_lease6(p, &reply->lease, &attempts,
3203  &reply->client_id, cur_time + 120);
3204  if (status != ISC_R_SUCCESS) {
3205  log_debug("Unable to get a temporary address.");
3206  goto cleanup;
3207  }
3208 
3209  status = reply_process_is_addressed(reply,
3210  &reply->lease->scope,
3211  pond->group);
3212  if (status != ISC_R_SUCCESS) {
3213  goto cleanup;
3214  }
3215  send_addr.len = 16;
3216  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3217  status = reply_process_send_addr(reply, &send_addr);
3218  if (status != ISC_R_SUCCESS) {
3219  goto cleanup;
3220  }
3221  /*
3222  * reply->lease can't be null as we use it above
3223  * add check if that changes
3224  */
3225  iasubopt_dereference(&reply->lease, MDL);
3226  }
3227  }
3228 
3229  cleanup:
3230  if (reply->lease != NULL) {
3231  iasubopt_dereference(&reply->lease, MDL);
3232  }
3233  return status;
3234 }
3235 
3236 /*
3237  * This function only returns failure on 'hard' failures. If it succeeds,
3238  * it will leave a lease structure behind.
3239  */
3240 static isc_result_t
3241 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3242  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3243  struct ipv6_pool *pool = NULL;
3244  struct ipv6_pond *pond = NULL;
3245  int i;
3246  struct data_string data_addr;
3247 
3248  if ((reply == NULL) || (reply->shared == NULL) ||
3249  (addr == NULL) || (reply->lease != NULL))
3250  return (DHCP_R_INVALIDARG);
3251 
3252  /*
3253  * Do a quick walk through of the ponds and pools
3254  * to see if we have any NA address pools
3255  */
3256  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3257  if (pond->ipv6_pools == NULL)
3258  continue;
3259 
3260  for (i = 0; ; i++) {
3261  pool = pond->ipv6_pools[i];
3262  if ((pool == NULL) ||
3263  (pool->pool_type == D6O_IA_NA))
3264  break;
3265  }
3266  if (pool != NULL)
3267  break;
3268  }
3269 
3270  /* If we get here and p is NULL we have no useful pools */
3271  if (pool == NULL) {
3272  return (ISC_R_ADDRNOTAVAIL);
3273  }
3274 
3275  memset(&data_addr, 0, sizeof(data_addr));
3276  data_addr.len = addr->len;
3277  data_addr.data = addr->iabuf;
3278 
3279  /*
3280  * We have at least one pool that could provide an address
3281  * Now we walk through the ponds and pools again and check
3282  * to see if the client is permitted and if an address is
3283  * available
3284  *
3285  * Within a given pond we start looking at the last pool we
3286  * allocated from, unless it had a collision trying to allocate
3287  * an address. This will tend to move us into less-filled pools.
3288  */
3289 
3290  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3291  if (((pond->prohibit_list != NULL) &&
3292  (permitted(reply->packet, pond->prohibit_list))) ||
3293  ((pond->permit_list != NULL) &&
3294  (!permitted(reply->packet, pond->permit_list))))
3295  continue;
3296 
3297  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3298  if (pool->pool_type != D6O_IA_NA)
3299  continue;
3300 
3301  status = try_client_v6_address(&reply->lease, pool,
3302  &data_addr);
3303  if (status == ISC_R_SUCCESS)
3304  break;
3305  }
3306 
3307  if (status == ISC_R_SUCCESS)
3308  break;
3309  }
3310 
3311  /* Note that this is just pedantry. There is no allocation to free. */
3312  data_string_forget(&data_addr, MDL);
3313  /* Return just the most recent status... */
3314  return (status);
3315 }
3316 
3317 /* Look around for an address to give the client. First, look through the
3318  * old IA for addresses we can extend. Second, try to allocate a new address.
3319  * Finally, actually add that address into the current reply IA.
3320  */
3321 static isc_result_t
3322 find_client_address(struct reply_state *reply) {
3323  struct iaddr send_addr;
3324  isc_result_t status = ISC_R_NORESOURCES;
3325  struct iasubopt *lease, *best_lease = NULL;
3326  struct binding_scope **scope;
3327  struct group *group;
3328  int i;
3329 
3330  if (reply->static_lease) {
3331  if (reply->host == NULL)
3332  return DHCP_R_INVALIDARG;
3333 
3334  send_addr.len = 16;
3335  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3336 
3337  scope = &global_scope;
3338  group = reply->subnet->group;
3339  goto send_addr;
3340  }
3341 
3342  if (reply->old_ia != NULL) {
3343  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3344  struct shared_network *candidate_shared;
3345  struct ipv6_pond *pond;
3346 
3347  lease = reply->old_ia->iasubopt[i];
3348  candidate_shared = lease->ipv6_pool->shared_network;
3349  pond = lease->ipv6_pool->ipv6_pond;
3350 
3351  /*
3352  * Look for the best lease on the client's shared
3353  * network, that is still permitted
3354  */
3355 
3356  if ((candidate_shared != reply->shared) ||
3357  (lease6_usable(lease) != ISC_TRUE))
3358  continue;
3359 
3360  if (((pond->prohibit_list != NULL) &&
3361  (permitted(reply->packet, pond->prohibit_list))) ||
3362  ((pond->permit_list != NULL) &&
3363  (!permitted(reply->packet, pond->permit_list))))
3364  continue;
3365 
3366  best_lease = lease_compare(lease, best_lease);
3367  }
3368  }
3369 
3370  /* Try to pick a new address if we didn't find one, or if we found an
3371  * abandoned lease.
3372  */
3373  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3374  status = pick_v6_address(reply);
3375  } else if (best_lease != NULL) {
3376  iasubopt_reference(&reply->lease, best_lease, MDL);
3377  status = ISC_R_SUCCESS;
3378  }
3379 
3380  /* Pick the abandoned lease as a last resort. */
3381  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3382  /* I don't see how this is supposed to be done right now. */
3383  log_error("Best match for DUID %s is an abandoned address,"
3384  " This may be a result of multiple clients attempting"
3385  " to use this DUID",
3386  print_hex_1(reply->client_id.len,
3387  reply->client_id.data, 60));
3388  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3389  }
3390 
3391  /* Give up now if we didn't find a lease. */
3392  if (status != ISC_R_SUCCESS)
3393  return status;
3394 
3395  if (reply->lease == NULL)
3396  log_fatal("Impossible condition at %s:%d.", MDL);
3397 
3398  /* Draw binding scopes from the lease's binding scope, and config
3399  * from the lease's containing subnet and higher. Note that it may
3400  * be desirable to place the group attachment directly in the pool.
3401  */
3402  scope = &reply->lease->scope;
3403  group = reply->lease->ipv6_pool->ipv6_pond->group;
3404 
3405  send_addr.len = 16;
3406  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3407 
3408  send_addr:
3409  status = reply_process_is_addressed(reply, scope, group);
3410  if (status != ISC_R_SUCCESS)
3411  return status;
3412 
3413  status = reply_process_send_addr(reply, &send_addr);
3414  return status;
3415 }
3416 
3417 /* Once an address is found for a client, perform several common functions;
3418  * Calculate and store valid and preferred lease times, draw client options
3419  * into the option state.
3420  */
3421 static isc_result_t
3422 reply_process_is_addressed(struct reply_state *reply,
3423  struct binding_scope **scope, struct group *group)
3424 {
3425  isc_result_t status = ISC_R_SUCCESS;
3426  struct data_string data;
3427  struct option_cache *oc;
3428  struct option_state *tmp_options = NULL;
3429  struct on_star *on_star;
3430  int i;
3431 
3432  /* Initialize values we will cleanup. */
3433  memset(&data, 0, sizeof(data));
3434 
3435  /*
3436  * Find the proper on_star block to use. We use the
3437  * one in the lease if we have a lease or the one in
3438  * the reply if we don't have a lease because this is
3439  * a static instance
3440  */
3441  if (reply->lease) {
3442  on_star = &reply->lease->on_star;
3443  } else {
3444  on_star = &reply->on_star;
3445  }
3446 
3447  /*
3448  * Bring in the root configuration. We only do this to bring
3449  * in the on * statements, as we didn't have the lease available
3450  * we did it the first time.
3451  */
3452  option_state_allocate(&tmp_options, MDL);
3453  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3454  reply->packet->options, tmp_options,
3455  &global_scope, root_group, NULL,
3456  on_star);
3457  if (tmp_options != NULL) {
3458  option_state_dereference(&tmp_options, MDL);
3459  }
3460 
3461  /*
3462  * Bring configured options into the root packet level cache - start
3463  * with the lease's closest enclosing group (passed in by the caller
3464  * as 'group').
3465  */
3466  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3467  reply->packet->options, reply->opt_state,
3468  scope, group, root_group, on_star);
3469 
3470  /* Execute statements from class scopes. */
3471  for (i = reply->packet->class_count; i > 0; i--) {
3472  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3473  reply->packet->options,
3474  reply->opt_state, scope,
3475  reply->packet->classes[i - 1]->group,
3476  group, on_star);
3477  }
3478 
3479  /*
3480  * If there is a host record, over-ride with values configured there,
3481  * without re-evaluating configuration from the previously executed
3482  * group or its common enclosers.
3483  */
3484  if (reply->host != NULL)
3485  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3486  reply->packet->options,
3487  reply->opt_state, scope,
3488  reply->host->group, group,
3489  on_star);
3490 
3491  /* Determine valid lifetime. */
3492  if (reply->client_valid == 0)
3493  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3494  else
3495  reply->send_valid = reply->client_valid;
3496 
3497  oc = lookup_option(&server_universe, reply->opt_state,
3499  if (oc != NULL) {
3500  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3501  reply->packet->options,
3502  reply->opt_state,
3503  scope, oc, MDL) ||
3504  (data.len != 4)) {
3505  log_error("reply_process_is_addressed: unable to "
3506  "evaluate default lease time");
3507  status = ISC_R_FAILURE;
3508  goto cleanup;
3509  }
3510 
3511  reply->send_valid = getULong(data.data);
3512  data_string_forget(&data, MDL);
3513  }
3514 
3515  /* Check to see if the lease time would cause us to wrap
3516  * in which case we make it infinite.
3517  * The following doesn't work on at least some systems:
3518  * (cur_time + reply->send_valid < cur_time)
3519  */
3520  if (reply->send_valid != INFINITE_TIME) {
3521  time_t test_time = cur_time + reply->send_valid;
3522  if (test_time < cur_time)
3523  reply->send_valid = INFINITE_TIME;
3524  }
3525 
3526  if (reply->client_prefer == 0)
3527  reply->send_prefer = reply->send_valid;
3528  else
3529  reply->send_prefer = reply->client_prefer;
3530 
3531  if ((reply->send_prefer >= reply->send_valid) &&
3532  (reply->send_valid != INFINITE_TIME))
3533  reply->send_prefer = (reply->send_valid / 2) +
3534  (reply->send_valid / 8);
3535 
3536  oc = lookup_option(&server_universe, reply->opt_state,
3538  if (oc != NULL) {
3539  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3540  reply->packet->options,
3541  reply->opt_state,
3542  scope, oc, MDL) ||
3543  (data.len != 4)) {
3544  log_error("reply_process_is_addressed: unable to "
3545  "evaluate preferred lease time");
3546  status = ISC_R_FAILURE;
3547  goto cleanup;
3548  }
3549 
3550  reply->send_prefer = getULong(data.data);
3551  data_string_forget(&data, MDL);
3552  }
3553 
3554  /* Note lowest values for later calculation of renew/rebind times. */
3555  if (reply->min_prefer > reply->send_prefer)
3556  reply->min_prefer = reply->send_prefer;
3557 
3558  if (reply->min_valid > reply->send_valid)
3559  reply->min_valid = reply->send_valid;
3560 
3561 #if 0
3562  /*
3563  * XXX: Old 4.0.0 alpha code would change the host {} record
3564  * XXX: uid upon lease assignment. This was intended to cover the
3565  * XXX: case where a client first identifies itself using vendor
3566  * XXX: options in a solicit, or request, but later neglects to include
3567  * XXX: these options in a Renew or Rebind. It is not clear that this
3568  * XXX: is required, and has some startling ramifications (such as
3569  * XXX: how to recover this dynamic host {} state across restarts).
3570  */
3571  if (reply->host != NULL)
3572  change_host_uid(host, reply->client_id->data,
3573  reply->client_id->len);
3574 #endif /* 0 */
3575 
3576  /* Perform dynamic lease related update work. */
3577  if (reply->lease != NULL) {
3578  /* Cached lifetimes */
3579  reply->lease->prefer = reply->send_prefer;
3580  reply->lease->valid = reply->send_valid;
3581 
3582  /* Advance (or rewind) the valid lifetime.
3583  * In the protocol 0xFFFFFFFF is infinite
3584  * when connecting to the lease file MAX_TIME is
3585  */
3586  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3587  if (reply->send_valid == INFINITE_TIME) {
3588  reply->lease->soft_lifetime_end_time = MAX_TIME;
3589  } else {
3590  reply->lease->soft_lifetime_end_time =
3591  cur_time + reply->send_valid;
3592  }
3593  /* Wait before renew! */
3594  }
3595 
3596  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3597  if (status != ISC_R_SUCCESS) {
3598  log_fatal("reply_process_is_addressed: Unable to "
3599  "attach lease to new IA: %s",
3600  isc_result_totext(status));
3601  }
3602 
3603  /*
3604  * If this is a new lease, make sure it is attached somewhere.
3605  */
3606  if (reply->lease->ia == NULL) {
3607  ia_reference(&reply->lease->ia, reply->ia, MDL);
3608  }
3609  }
3610 
3611  /* Bring a copy of the relevant options into the IA scope. */
3612  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3613  reply->packet->options, reply->reply_ia,
3614  scope, group, root_group, NULL);
3615 
3616  /* Execute statements from class scopes. */
3617  for (i = reply->packet->class_count; i > 0; i--) {
3618  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3619  reply->packet->options,
3620  reply->reply_ia, scope,
3621  reply->packet->classes[i - 1]->group,
3622  group, NULL);
3623  }
3624 
3625  /*
3626  * And bring in host record configuration, if any, but not to overlap
3627  * the previous group or its common enclosers.
3628  */
3629  if (reply->host != NULL)
3630  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3631  reply->packet->options,
3632  reply->reply_ia, scope,
3633  reply->host->group, group, NULL);
3634 
3635  cleanup:
3636  if (data.data != NULL)
3637  data_string_forget(&data, MDL);
3638 
3639  if (status == ISC_R_SUCCESS)
3640  reply->client_resources++;
3641 
3642  return status;
3643 }
3644 
3645 /* Simply send an IAADDR within the IA scope as described. */
3646 static isc_result_t
3647 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3648  isc_result_t status = ISC_R_SUCCESS;
3649  struct data_string data;
3650 
3651  memset(&data, 0, sizeof(data));
3652 
3653  /* Now append the lease. */
3654  data.len = IAADDR_OFFSET;
3655  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3656  log_error("reply_process_send_addr: out of memory"
3657  "allocating new IAADDR buffer.");
3658  status = ISC_R_NOMEMORY;
3659  goto cleanup;
3660  }
3661  data.data = data.buffer->data;
3662 
3663  memcpy(data.buffer->data, addr->iabuf, 16);
3664  putULong(data.buffer->data + 16, reply->send_prefer);
3665  putULong(data.buffer->data + 20, reply->send_valid);
3666 
3667  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3668  data.buffer, data.buffer->data,
3669  data.len, D6O_IAADDR, 0)) {
3670  log_error("reply_process_send_addr: unable "
3671  "to save IAADDR option");
3672  status = ISC_R_FAILURE;
3673  goto cleanup;
3674  }
3675 
3676  reply->resources_included = ISC_TRUE;
3677 
3678  cleanup:
3679  if (data.data != NULL)
3681 
3682  return status;
3683 }
3684 
3685 /* Choose the better of two leases. */
3686 static struct iasubopt *
3687 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3688  if (alpha == NULL)
3689  return beta;
3690  if (beta == NULL)
3691  return alpha;
3692 
3693  switch(alpha->state) {
3694  case FTS_ACTIVE:
3695  switch(beta->state) {
3696  case FTS_ACTIVE:
3697  /* Choose the lease with the longest lifetime (most
3698  * likely the most recently allocated).
3699  */
3700  if (alpha->hard_lifetime_end_time <
3701  beta->hard_lifetime_end_time)
3702  return beta;
3703  else
3704  return alpha;
3705 
3706  case FTS_EXPIRED:
3707  case FTS_ABANDONED:
3708  return alpha;
3709 
3710  default:
3711  log_fatal("Impossible condition at %s:%d.", MDL);
3712  }
3713  break;
3714 
3715  case FTS_EXPIRED:
3716  switch (beta->state) {
3717  case FTS_ACTIVE:
3718  return beta;
3719 
3720  case FTS_EXPIRED:
3721  /* Choose the most recently expired lease. */
3722  if (alpha->hard_lifetime_end_time <
3723  beta->hard_lifetime_end_time)
3724  return beta;
3725  else if ((alpha->hard_lifetime_end_time ==
3726  beta->hard_lifetime_end_time) &&
3727  (alpha->soft_lifetime_end_time <
3728  beta->soft_lifetime_end_time))
3729  return beta;
3730  else
3731  return alpha;
3732 
3733  case FTS_ABANDONED:
3734  return alpha;
3735 
3736  default:
3737  log_fatal("Impossible condition at %s:%d.", MDL);
3738  }
3739  break;
3740 
3741  case FTS_ABANDONED:
3742  switch (beta->state) {
3743  case FTS_ACTIVE:
3744  case FTS_EXPIRED:
3745  return alpha;
3746 
3747  case FTS_ABANDONED:
3748  /* Choose the lease that was abandoned longest ago. */
3749  if (alpha->hard_lifetime_end_time <
3750  beta->hard_lifetime_end_time)
3751  return alpha;
3752  else
3753  return beta;
3754 
3755  default:
3756  log_fatal("Impossible condition at %s:%d.", MDL);
3757  }
3758  break;
3759 
3760  default:
3761  log_fatal("Impossible condition at %s:%d.", MDL);
3762  }
3763 
3764  log_fatal("Triple impossible condition at %s:%d.", MDL);
3765  return NULL;
3766 }
3767 
3768 /* Process a client-supplied IA_PD. This may append options to the tail of
3769  * the reply packet being built in the reply_state structure.
3770  */
3771 static isc_result_t
3772 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
3773  isc_result_t status = ISC_R_SUCCESS;
3774  u_int32_t iaid;
3775  unsigned ia_cursor;
3776  struct option_state *packet_ia;
3777  struct option_cache *oc;
3778  struct data_string ia_data, data;
3779 
3780  /* Initialize values that will get cleaned up on return. */
3781  packet_ia = NULL;
3782  memset(&ia_data, 0, sizeof(ia_data));
3783  memset(&data, 0, sizeof(data));
3784  /*
3785  * Note that find_client_prefix() may set reply->lease.
3786  */
3787 
3788  /* Make sure there is at least room for the header. */
3789  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
3790  log_error("reply_process_ia_pd: Reply too long for IA.");
3791  return ISC_R_NOSPACE;
3792  }
3793 
3794 
3795  /* Fetch the IA_PD contents. */
3796  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
3797  ia, IA_PD_OFFSET)) {
3798  log_error("reply_process_ia_pd: error evaluating ia");
3799  status = ISC_R_FAILURE;
3800  goto cleanup;
3801  }
3802 
3803  /* Extract IA_PD header contents. */
3804  iaid = getULong(ia_data.data);
3805  reply->renew = getULong(ia_data.data + 4);
3806  reply->rebind = getULong(ia_data.data + 8);
3807 
3808  /* Create an IA_PD structure. */
3809  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
3810  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
3811  log_error("reply_process_ia_pd: no memory for ia.");
3812  status = ISC_R_NOMEMORY;
3813  goto cleanup;
3814  }
3815  reply->ia->ia_type = D6O_IA_PD;
3816 
3817  /* Cache pre-existing IA_PD, if any. */
3818  ia_hash_lookup(&reply->old_ia, ia_pd_active,
3819  (unsigned char *)reply->ia->iaid_duid.data,
3820  reply->ia->iaid_duid.len, MDL);
3821 
3822  /*
3823  * Create an option cache to carry the IA_PD option contents, and
3824  * execute any user-supplied values into it.
3825  */
3826  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3827  status = ISC_R_NOMEMORY;
3828  goto cleanup;
3829  }
3830 
3831  /* Check & count the fixed prefix host records. */
3832  reply->static_prefixes = 0;
3833  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
3834  struct iaddrcidrnetlist *fp;
3835 
3836  for (fp = reply->host->fixed_prefix; fp != NULL;
3837  fp = fp->next) {
3838  reply->static_prefixes += 1;
3839  }
3840  }
3841 
3842  /*
3843  * Save the cursor position at the start of the IA_PD, so we can
3844  * set length and adjust t1/t2 values later. We write a temporary
3845  * header out now just in case we decide to adjust the packet
3846  * within sub-process functions.
3847  */
3848  ia_cursor = reply->cursor;
3849 
3850  /* Initialize the IA_PD header. First the code. */
3851  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
3852  reply->cursor += 2;
3853 
3854  /* Then option length. */
3855  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
3856  reply->cursor += 2;
3857 
3858  /* Then IA_PD header contents; IAID. */
3859  putULong(reply->buf.data + reply->cursor, iaid);
3860  reply->cursor += 4;
3861 
3862  /* We store the client's t1 for now, and may over-ride it later. */
3863  putULong(reply->buf.data + reply->cursor, reply->renew);
3864  reply->cursor += 4;
3865 
3866  /* We store the client's t2 for now, and may over-ride it later. */
3867  putULong(reply->buf.data + reply->cursor, reply->rebind);
3868  reply->cursor += 4;
3869 
3870  /*
3871  * For each prefix in this IA_PD, decide what to do about it.
3872  */
3873  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
3874  reply->min_valid = reply->min_prefer = INFINITE_TIME;
3875  reply->client_valid = reply->client_prefer = 0;
3876  reply->preflen = -1;
3877  for (; oc != NULL ; oc = oc->next) {
3878  status = reply_process_prefix(reply, oc);
3879 
3880  /*
3881  * Canceled means we did not allocate prefixes to the
3882  * client, but we're "done" with this IA - we set a status
3883  * code. So transmit this reply, e.g., move on to the next
3884  * IA.
3885  */
3886  if (status == ISC_R_CANCELED)
3887  break;
3888 
3889  if ((status != ISC_R_SUCCESS) &&
3890  (status != ISC_R_ADDRINUSE) &&
3891  (status != ISC_R_ADDRNOTAVAIL))
3892  goto cleanup;
3893  }
3894 
3895  reply->pd_count++;
3896 
3897  /*
3898  * If we fell through the above and never gave the client
3899  * a prefix, give it one now.
3900  */
3901  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
3902  status = find_client_prefix(reply);
3903 
3904  if (status == ISC_R_NORESOURCES) {
3905  switch (reply->packet->dhcpv6_msg_type) {
3906  case DHCPV6_SOLICIT:
3907  /*
3908  * No prefix for any IA is handled
3909  * by the caller.
3910  */
3911  /* FALL THROUGH */
3912 
3913  case DHCPV6_REQUEST:
3914  /* Same than for addresses. */
3915  option_state_dereference(&reply->reply_ia, MDL);
3916  if (!option_state_allocate(&reply->reply_ia,
3917  MDL))
3918  {
3919  log_error("reply_process_ia_pd: No "
3920  "memory for option state "
3921  "wipe.");
3922  status = ISC_R_NOMEMORY;
3923  goto cleanup;
3924  }
3925 
3926  if (!set_status_code(STATUS_NoPrefixAvail,
3927  "No prefixes available "
3928  "for this interface.",
3929  reply->reply_ia)) {
3930  log_error("reply_process_ia_pd: "
3931  "Unable to set "
3932  "NoPrefixAvail status "
3933  "code.");
3934  status = ISC_R_FAILURE;
3935  goto cleanup;
3936  }
3937 
3938  status = ISC_R_SUCCESS;
3939  break;
3940 
3941  default:
3942  if (reply->resources_included)
3943  status = ISC_R_SUCCESS;
3944  else
3945  goto cleanup;
3946  break;
3947  }
3948  }
3949 
3950  if (status != ISC_R_SUCCESS)
3951  goto cleanup;
3952  }
3953 
3954  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
3955  sizeof(reply->buf) - reply->cursor,
3956  reply->reply_ia, reply->packet,
3957  required_opts_IA_PD, NULL);
3958 
3959  /* Reset the length of this IA_PD to match what was just written. */
3960  putUShort(reply->buf.data + ia_cursor + 2,
3961  reply->cursor - (ia_cursor + 4));
3962 
3963  /* Calculate T1/T2 and stuff them in the reply */
3964  set_reply_tee_times(reply, ia_cursor);
3965 
3966  /*
3967  * yes, goto's aren't the best but we also want to avoid extra
3968  * indents
3969  */
3970  if (status == ISC_R_CANCELED)
3971  goto cleanup;
3972 
3973  /*
3974  * Handle static prefixes, we always log stuff and if it's
3975  * a hard binding we run any commit statements that we have
3976  */
3977  if (reply->static_prefixes != 0) {
3978  char tmp_addr[INET6_ADDRSTRLEN];
3979  log_info("%s PD: address %s/%d to client with duid %s "
3980  "iaid = %d static",
3981  dhcpv6_type_names[reply->buf.reply.msg_type],
3982  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
3983  tmp_addr, sizeof(tmp_addr)),
3984  reply->fixed_pref.bits,
3985  print_hex_1(reply->client_id.len,
3986  reply->client_id.data, 60),
3987  iaid);
3988  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3989  (reply->on_star.on_commit != NULL)) {
3990  execute_statements(NULL, reply->packet, NULL, NULL,
3991  reply->packet->options,
3992  reply->opt_state,
3993  NULL, reply->on_star.on_commit,
3994  NULL);
3996  (&reply->on_star.on_commit, MDL);
3997  }
3998  goto cleanup;
3999  }
4000 
4001  /*
4002  * If we have any addresses log what we are doing.
4003  */
4004  if (reply->ia->num_iasubopt != 0) {
4005  struct iasubopt *tmp;
4006  int i;
4007  char tmp_addr[INET6_ADDRSTRLEN];
4008 
4009  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4010  tmp = reply->ia->iasubopt[i];
4011 
4012  log_info("%s PD: address %s/%d to client with duid %s"
4013  " iaid = %d valid for %u seconds",
4014  dhcpv6_type_names[reply->buf.reply.msg_type],
4015  inet_ntop(AF_INET6, &tmp->addr,
4016  tmp_addr, sizeof(tmp_addr)),
4017  (int)tmp->plen,
4018  print_hex_1(reply->client_id.len,
4019  reply->client_id.data, 60),
4020  iaid, tmp->valid);
4021  }
4022  }
4023 
4024  /*
4025  * If this is not a 'soft' binding, consume the new changes into
4026  * the database (if any have been attached to the ia_pd).
4027  *
4028  * Loop through the assigned dynamic prefixes, referencing the
4029  * prefixes onto this IA_PD rather than any old ones, and updating
4030  * prefix pool timers for each (if any).
4031  */
4032  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4033  (reply->ia->num_iasubopt != 0)) {
4034  struct iasubopt *tmp;
4035  struct data_string *ia_id;
4036  int i;
4037 
4038  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4039  tmp = reply->ia->iasubopt[i];
4040 
4041  if (tmp->ia != NULL)
4042  ia_dereference(&tmp->ia, MDL);
4043  ia_reference(&tmp->ia, reply->ia, MDL);
4044 
4045  /* Commit 'hard' bindings. */
4046  renew_lease6(tmp->ipv6_pool, tmp);
4048 
4049  /* If we have anything to do on commit do it now */
4050  if (tmp->on_star.on_commit != NULL) {
4051  execute_statements(NULL, reply->packet,
4052  NULL, NULL,
4053  reply->packet->options,
4054  reply->opt_state,
4055  &tmp->scope,
4056  tmp->on_star.on_commit,
4057  &tmp->on_star);
4059  (&tmp->on_star.on_commit, MDL);
4060  }
4061 
4062  /* Do our threshold check. */
4063  check_pool6_threshold(reply, tmp);
4064  }
4065 
4066  /* Remove any old ia from the hash. */
4067  if (reply->old_ia != NULL) {
4068  ia_id = &reply->old_ia->iaid_duid;
4069  ia_hash_delete(ia_pd_active,
4070  (unsigned char *)ia_id->data,
4071  ia_id->len, MDL);
4072  ia_dereference(&reply->old_ia, MDL);
4073  }
4074 
4075  /* Put new ia into the hash. */
4076  reply->ia->cltt = cur_time;
4077  ia_id = &reply->ia->iaid_duid;
4078  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4079  ia_id->len, reply->ia, MDL);
4080 
4081  write_ia(reply->ia);
4082  } else {
4083  schedule_lease_timeout_reply(reply);
4084  }
4085 
4086  cleanup:
4087  if (packet_ia != NULL)
4088  option_state_dereference(&packet_ia, MDL);
4089  if (reply->reply_ia != NULL)
4090  option_state_dereference(&reply->reply_ia, MDL);
4091  if (ia_data.data != NULL)
4092  data_string_forget(&ia_data, MDL);
4093  if (data.data != NULL)
4095  if (reply->ia != NULL)
4096  ia_dereference(&reply->ia, MDL);
4097  if (reply->old_ia != NULL)
4098  ia_dereference(&reply->old_ia, MDL);
4099  if (reply->lease != NULL)
4100  iasubopt_dereference(&reply->lease, MDL);
4101  if (reply->on_star.on_expiry != NULL)
4103  (&reply->on_star.on_expiry, MDL);
4104  if (reply->on_star.on_release != NULL)
4106  (&reply->on_star.on_release, MDL);
4107 
4108  /*
4109  * ISC_R_CANCELED is a status code used by the prefix processing to
4110  * indicate we're replying with a status code. This is still a
4111  * success at higher layers.
4112  */
4113  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4114 }
4115 
4135 static struct group *
4136 find_group_by_prefix(struct reply_state *reply) {
4137  /* default group if we don't find anything better */
4138  struct group *group = reply->shared->group;
4139  struct subnet *subnet = NULL;
4140  struct iaddr tmp_addr;
4141  struct data_string fixed_addr;
4142 
4143  /* Try with the prefix first */
4144  if (find_grouped_subnet(&subnet, reply->shared,
4145  reply->fixed_pref.lo_addr, MDL) != 0) {
4146  group = subnet->group;
4147  subnet_dereference(&subnet, MDL);
4148  return (group);
4149  }
4150 
4151  /* Didn't find a subnet via prefix, what about fixed address */
4152  /* The caller has already tested reply->host != NULL */
4153 
4154  memset(&fixed_addr, 0, sizeof(fixed_addr));
4155 
4156  if ((reply->host->fixed_addr != NULL) &&
4157  (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4158  NULL, NULL, &global_scope,
4159  reply->host->fixed_addr, MDL))) {
4160  if (fixed_addr.len >= 16) {
4161  tmp_addr.len = 16;
4162  memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4163  if (find_grouped_subnet(&subnet, reply->shared,
4164  tmp_addr, MDL) != 0) {
4165  group = subnet->group;
4166  subnet_dereference(&subnet, MDL);
4167  }
4168  }
4169  data_string_forget(&fixed_addr, MDL);
4170  }
4171 
4172  /* return whatever we got */
4173  return (group);
4174 }
4175 
4176 /*
4177  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4178  * contents into the reply's current ia_pd-scoped option cache. Returns
4179  * ISC_R_CANCELED in the event we are replying with a status code and do
4180  * not wish to process more IAPREFIXes within this IA_PD.
4181  */
4182 static isc_result_t
4183 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4184  u_int32_t pref_life, valid_life;
4185  struct binding_scope **scope;
4186  struct iaddrcidrnet tmp_pref;
4187  struct option_cache *oc;
4188  struct data_string iapref, data;
4189  isc_result_t status = ISC_R_SUCCESS;
4190  struct group *group;
4191 
4192  /* Initializes values that will be cleaned up. */
4193  memset(&iapref, 0, sizeof(iapref));
4194  memset(&data, 0, sizeof(data));
4195  /* Note that reply->lease may be set by prefix_is_owned() */
4196 
4197  /*
4198  * There is no point trying to process an incoming prefix if there
4199  * is no room for an outgoing prefix.
4200  */
4201  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4202  log_error("reply_process_prefix: Out of room for prefix.");
4203  return ISC_R_NOSPACE;
4204  }
4205 
4206  /* Extract this IAPREFIX option. */
4207  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4208  reply->packet->options, NULL, &global_scope,
4209  pref, MDL) ||
4210  (iapref.len < IAPREFIX_OFFSET)) {
4211  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4212  status = ISC_R_FAILURE;
4213  goto cleanup;
4214  }
4215 
4216  /*
4217  * Layout: preferred and valid lifetimes followed by the prefix
4218  * length and the IPv6 address.
4219  */
4220  pref_life = getULong(iapref.data);
4221  valid_life = getULong(iapref.data + 4);
4222 
4223  if ((reply->client_valid == 0) ||
4224  (reply->client_valid > valid_life))
4225  reply->client_valid = valid_life;
4226 
4227  if ((reply->client_prefer == 0) ||
4228  (reply->client_prefer > pref_life))
4229  reply->client_prefer = pref_life;
4230 
4231  /*
4232  * Clients may choose to send ::/0 as a prefix, with the idea to give
4233  * hints about preferred-lifetime or valid-lifetime.
4234  */
4235  tmp_pref.lo_addr.len = 16;
4236  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4237  if ((iapref.data[8] == 0) &&
4238  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4239  /* Status remains success; we just ignore this one. */
4240  goto cleanup;
4241  }
4242 
4243  /*
4244  * Clients may choose to send ::/X as a prefix to specify a
4245  * preferred/requested prefix length. Note X is never zero here.
4246  */
4247  tmp_pref.bits = (int) iapref.data[8];
4248  if (reply->preflen < 0) {
4249  /* Cache the first preferred prefix length. */
4250  reply->preflen = tmp_pref.bits;
4251  }
4252  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4253  goto cleanup;
4254  }
4255 
4256  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4257 
4258  /* Verify the prefix belongs to the client. */
4259  if (!prefix_is_owned(reply, &tmp_pref)) {
4260  /* Same than for addresses. */
4261  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4262  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4263  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4264  status = reply_process_try_prefix(reply, &tmp_pref);
4265 
4266  /* Either error out or skip this prefix. */
4267  if ((status != ISC_R_SUCCESS) &&
4268  (status != ISC_R_ADDRINUSE) &&
4269  (status != ISC_R_ADDRNOTAVAIL))
4270  goto cleanup;
4271 
4272  if (reply->lease == NULL) {
4273  if (reply->packet->dhcpv6_msg_type ==
4274  DHCPV6_REBIND) {
4275  reply->send_prefer = 0;
4276  reply->send_valid = 0;
4277  goto send_pref;
4278  }
4279 
4280  /* status remains success - ignore */
4281  goto cleanup;
4282  }
4283  /*
4284  * RFC3633 section 18.2.3:
4285  *
4286  * If the delegating router cannot find a binding
4287  * for the requesting router's IA_PD the delegating
4288  * router returns the IA_PD containing no prefixes
4289  * with a Status Code option set to NoBinding in the
4290  * Reply message.
4291  *
4292  * On mismatch we (ab)use this pretending we have not the IA
4293  * as soon as we have not a prefix.
4294  */
4295  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4296  /* Rewind the IA_PD to empty. */
4297  option_state_dereference(&reply->reply_ia, MDL);
4298  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4299  log_error("reply_process_prefix: No memory "
4300  "for option state wipe.");
4301  status = ISC_R_NOMEMORY;
4302  goto cleanup;
4303  }
4304 
4305  /* Append a NoBinding status code. */
4306  if (!set_status_code(STATUS_NoBinding,
4307  "Prefix not bound to this "
4308  "interface.", reply->reply_ia)) {
4309  log_error("reply_process_prefix: Unable to "
4310  "attach status code.");
4311  status = ISC_R_FAILURE;
4312  goto cleanup;
4313  }
4314 
4315  /* Fin (no more IAPREFIXes). */
4316  status = ISC_R_CANCELED;
4317  goto cleanup;
4318  } else {
4319  log_error("It is impossible to lease a client that is "
4320  "not sending a solicit, request, renew, or "
4321  "rebind message.");
4322  status = ISC_R_FAILURE;
4323  goto cleanup;
4324  }
4325  }
4326 
4327  if (reply->static_prefixes > 0) {
4328  if (reply->host == NULL)
4329  log_fatal("Impossible condition at %s:%d.", MDL);
4330 
4331  scope = &global_scope;
4332 
4333  /* Copy the static prefix for logging and finding the group */
4334  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4335 
4336  /* Try to find a group for the static prefix */
4337  group = find_group_by_prefix(reply);
4338  } else {
4339  if (reply->lease == NULL)
4340  log_fatal("Impossible condition at %s:%d.", MDL);
4341 
4342  scope = &reply->lease->scope;
4343  group = reply->lease->ipv6_pool->ipv6_pond->group;
4344  }
4345 
4346  /*
4347  * If client_resources is nonzero, then the reply_process_is_prefixed
4348  * function has executed configuration state into the reply option
4349  * cache. We will use that valid cache to derive configuration for
4350  * whether or not to engage in additional prefixes, and similar.
4351  */
4352  if (reply->client_resources != 0) {
4353  unsigned limit = 1;
4354 
4355  /*
4356  * Does this client have "enough" prefixes already? Default
4357  * to one. Everybody gets one, and one should be enough for
4358  * anybody.
4359  */
4360  oc = lookup_option(&server_universe, reply->opt_state,
4362  if (oc != NULL) {
4363  if (!evaluate_option_cache(&data, reply->packet,
4364  NULL, NULL,
4365  reply->packet->options,
4366  reply->opt_state,
4367  scope, oc, MDL) ||
4368  (data.len != 4)) {
4369  log_error("reply_process_prefix: unable to "
4370  "evaluate prefs-per-ia value.");
4371  status = ISC_R_FAILURE;
4372  goto cleanup;
4373  }
4374 
4375  limit = getULong(data.data);
4376  data_string_forget(&data, MDL);
4377  }
4378 
4379  /*
4380  * If we wish to limit the client to a certain number of
4381  * prefixes, then omit the prefix from the reply.
4382  */
4383  if (reply->client_resources >= limit)
4384  goto cleanup;
4385  }
4386 
4387  status = reply_process_is_prefixed(reply, scope, group);
4388  if (status != ISC_R_SUCCESS)
4389  goto cleanup;
4390 
4391  send_pref:
4392  status = reply_process_send_prefix(reply, &tmp_pref);
4393 
4394  cleanup:
4395  if (iapref.data != NULL)
4396  data_string_forget(&iapref, MDL);
4397  if (data.data != NULL)
4398  data_string_forget(&data, MDL);
4399  if (reply->lease != NULL)
4400  iasubopt_dereference(&reply->lease, MDL);
4401 
4402  return status;
4403 }
4404 
4405 /*
4406  * Verify the prefix belongs to the client. If we've got a host
4407  * record with fixed prefixes, it has to be an assigned prefix
4408  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4409  * that prefix and make sure it belongs to this DUID:IAID pair.
4410  */
4411 static isc_boolean_t
4412 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4413  struct iaddrcidrnetlist *l;
4414  int i;
4415  struct ipv6_pond *pond;
4416 
4417  /*
4418  * This faults out prefixes that don't match fixed prefixes.
4419  */
4420  if (reply->static_prefixes > 0) {
4421  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4422  if ((pref->bits == l->cidrnet.bits) &&
4423  (memcmp(pref->lo_addr.iabuf,
4424  l->cidrnet.lo_addr.iabuf, 16) == 0))
4425  return (ISC_TRUE);
4426  }
4427  return (ISC_FALSE);
4428  }
4429 
4430  if ((reply->old_ia == NULL) ||
4431  (reply->old_ia->num_iasubopt == 0))
4432  return (ISC_FALSE);
4433 
4434  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4435  struct iasubopt *tmp;
4436 
4437  tmp = reply->old_ia->iasubopt[i];
4438 
4439  if ((pref->bits == (int) tmp->plen) &&
4440  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4441  if (lease6_usable(tmp) == ISC_FALSE) {
4442  return (ISC_FALSE);
4443  }
4444 
4445  pond = tmp->ipv6_pool->ipv6_pond;
4446  if (((pond->prohibit_list != NULL) &&
4447  (permitted(reply->packet, pond->prohibit_list))) ||
4448  ((pond->permit_list != NULL) &&
4449  (!permitted(reply->packet, pond->permit_list))))
4450  return (ISC_FALSE);
4451 
4452  iasubopt_reference(&reply->lease, tmp, MDL);
4453  return (ISC_TRUE);
4454  }
4455  }
4456 
4457  return (ISC_FALSE);
4458 }
4459 
4460 /*
4461  * This function only returns failure on 'hard' failures. If it succeeds,
4462  * it will leave a prefix structure behind.
4463  */
4464 static isc_result_t
4465 reply_process_try_prefix(struct reply_state *reply,
4466  struct iaddrcidrnet *pref) {
4467  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4468  struct ipv6_pool *pool = NULL;
4469  struct ipv6_pond *pond = NULL;
4470  int i;
4471  struct data_string data_pref;
4472 
4473  if ((reply == NULL) || (reply->shared == NULL) ||
4474  (pref == NULL) || (reply->lease != NULL))
4475  return (DHCP_R_INVALIDARG);
4476 
4477  /*
4478  * Do a quick walk through of the ponds and pools
4479  * to see if we have any prefix pools
4480  */
4481  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4482  if (pond->ipv6_pools == NULL)
4483  continue;
4484 
4485  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4486  if (pool->pool_type == D6O_IA_PD)
4487  break;
4488  }
4489  if (pool != NULL)
4490  break;
4491  }
4492 
4493  /* If we get here and p is NULL we have no useful pools */
4494  if (pool == NULL) {
4495  return (ISC_R_ADDRNOTAVAIL);
4496  }
4497 
4498  memset(&data_pref, 0, sizeof(data_pref));
4499  data_pref.len = 17;
4500  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4501  log_error("reply_process_try_prefix: out of memory.");
4502  return (ISC_R_NOMEMORY);
4503  }
4504  data_pref.data = data_pref.buffer->data;
4505  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4506  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4507 
4508  /*
4509  * We have at least one pool that could provide a prefix
4510  * Now we walk through the ponds and pools again and check
4511  * to see if the client is permitted and if an prefix is
4512  * available
4513  *
4514  */
4515 
4516  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4517  if (((pond->prohibit_list != NULL) &&
4518  (permitted(reply->packet, pond->prohibit_list))) ||
4519  ((pond->permit_list != NULL) &&
4520  (!permitted(reply->packet, pond->permit_list))))
4521  continue;
4522 
4523  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4524  if (pool->pool_type != D6O_IA_PD) {
4525  continue;
4526  }
4527 
4528  status = try_client_v6_prefix(&reply->lease, pool,
4529  &data_pref);
4530  /* If we found it in this pool (either in use or available),
4531  there is no need to look further. */
4532  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4533  break;
4534  }
4535  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4536  break;
4537  }
4538 
4539  data_string_forget(&data_pref, MDL);
4540  /* Return just the most recent status... */
4541  return (status);
4542 }
4543 
4544 /* Look around for a prefix to give the client. First, look through the old
4545  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4546  * Finally, actually add that prefix into the current reply IA_PD.
4547  */
4548 static isc_result_t
4549 find_client_prefix(struct reply_state *reply) {
4550  struct iaddrcidrnet send_pref;
4551  isc_result_t status = ISC_R_NORESOURCES;
4552  struct iasubopt *prefix, *best_prefix = NULL;
4553  struct binding_scope **scope;
4554  int i;
4555  struct group *group;
4556 
4557  if (reply->static_prefixes > 0) {
4558  struct iaddrcidrnetlist *l;
4559 
4560  if (reply->host == NULL)
4561  return DHCP_R_INVALIDARG;
4562 
4563  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4564  if (l->cidrnet.bits == reply->preflen)
4565  break;
4566  }
4567  if (l == NULL) {
4568  /*
4569  * If no fixed prefix has the preferred length,
4570  * get the first one.
4571  */
4572  l = reply->host->fixed_prefix;
4573  }
4574  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4575 
4576  scope = &global_scope;
4577 
4578  /* Copy the prefix for logging purposes */
4579  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4580 
4581  /* Try to find a group for the static prefix */
4582  group = find_group_by_prefix(reply);
4583 
4584  goto send_pref;
4585  }
4586 
4587  if (reply->old_ia != NULL) {
4588  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4589  struct shared_network *candidate_shared;
4590  struct ipv6_pond *pond;
4591 
4592  prefix = reply->old_ia->iasubopt[i];
4593  candidate_shared = prefix->ipv6_pool->shared_network;
4594  pond = prefix->ipv6_pool->ipv6_pond;
4595 
4596  /*
4597  * Consider this prefix if it is in a global pool or
4598  * if it is scoped in a pool under the client's shared
4599  * network.
4600  */
4601  if (((candidate_shared != NULL) &&
4602  (candidate_shared != reply->shared)) ||
4603  (lease6_usable(prefix) != ISC_TRUE))
4604  continue;
4605 
4606  /*
4607  * And check if the prefix is still permitted
4608  */
4609 
4610  if (((pond->prohibit_list != NULL) &&
4611  (permitted(reply->packet, pond->prohibit_list))) ||
4612  ((pond->permit_list != NULL) &&
4613  (!permitted(reply->packet, pond->permit_list))))
4614  continue;
4615 
4616  best_prefix = prefix_compare(reply, prefix,
4617  best_prefix);
4618  }
4619  }
4620 
4621  /* Try to pick a new prefix if we didn't find one, or if we found an
4622  * abandoned prefix.
4623  */
4624  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4625  status = pick_v6_prefix(reply);
4626  } else if (best_prefix != NULL) {
4627  iasubopt_reference(&reply->lease, best_prefix, MDL);
4628  status = ISC_R_SUCCESS;
4629  }
4630 
4631  /* Pick the abandoned prefix as a last resort. */
4632  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4633  /* I don't see how this is supposed to be done right now. */
4634  log_error("Reclaiming abandoned prefixes is not yet "
4635  "supported. Treating this as an out of space "
4636  "condition.");
4637  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4638  }
4639 
4640  /* Give up now if we didn't find a prefix. */
4641  if (status != ISC_R_SUCCESS)
4642  return status;
4643 
4644  if (reply->lease == NULL)
4645  log_fatal("Impossible condition at %s:%d.", MDL);
4646 
4647  scope = &reply->lease->scope;
4648  group = reply->lease->ipv6_pool->ipv6_pond->group;
4649 
4650  send_pref.lo_addr.len = 16;
4651  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4652  send_pref.bits = (int) reply->lease->plen;
4653 
4654  send_pref:
4655  status = reply_process_is_prefixed(reply, scope, group);
4656  if (status != ISC_R_SUCCESS)
4657  return status;
4658 
4659  status = reply_process_send_prefix(reply, &send_pref);
4660  return status;
4661 }
4662 
4663 /* Once a prefix is found for a client, perform several common functions;
4664  * Calculate and store valid and preferred prefix times, draw client options
4665  * into the option state.
4666  */
4667 static isc_result_t
4668 reply_process_is_prefixed(struct reply_state *reply,
4669  struct binding_scope **scope, struct group *group)
4670 {
4671  isc_result_t status = ISC_R_SUCCESS;
4672  struct data_string data;
4673  struct option_cache *oc;
4674  struct option_state *tmp_options = NULL;
4675  struct on_star *on_star;
4676  int i;
4677 
4678  /* Initialize values we will cleanup. */
4679  memset(&data, 0, sizeof(data));
4680 
4681  /*
4682  * Find the proper on_star block to use. We use the
4683  * one in the lease if we have a lease or the one in
4684  * the reply if we don't have a lease because this is
4685  * a static instance
4686  */
4687  if (reply->lease) {
4688  on_star = &reply->lease->on_star;
4689  } else {
4690  on_star = &reply->on_star;
4691  }
4692 
4693  /*
4694  * Bring in the root configuration. We only do this to bring
4695  * in the on * statements, as we didn't have the lease available
4696  * we we did it the first time.
4697  */
4698  option_state_allocate(&tmp_options, MDL);
4699  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4700  reply->packet->options, tmp_options,
4701  &global_scope, root_group, NULL,
4702  on_star);
4703  if (tmp_options != NULL) {
4704  option_state_dereference(&tmp_options, MDL);
4705  }
4706 
4707  /*
4708  * Bring configured options into the root packet level cache - start
4709  * with the lease's closest enclosing group (passed in by the caller
4710  * as 'group').
4711  */
4712  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4713  reply->packet->options, reply->opt_state,
4714  scope, group, root_group, on_star);
4715 
4716  /* Execute statements from class scopes. */
4717  for (i = reply->packet->class_count; i > 0; i--) {
4718  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4719  reply->packet->options,
4720  reply->opt_state, scope,
4721  reply->packet->classes[i - 1]->group,
4722  group, on_star);
4723  }
4724 
4725  /*
4726  * If there is a host record, over-ride with values configured there,
4727  * without re-evaluating configuration from the previously executed
4728  * group or its common enclosers.
4729  */
4730  if (reply->host != NULL)
4731  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4732  reply->packet->options,
4733  reply->opt_state, scope,
4734  reply->host->group, group,
4735  on_star);
4736 
4737  /* Determine valid lifetime. */
4738  if (reply->client_valid == 0)
4739  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
4740  else
4741  reply->send_valid = reply->client_valid;
4742 
4743  oc = lookup_option(&server_universe, reply->opt_state,
4745  if (oc != NULL) {
4746  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4747  reply->packet->options,
4748  reply->opt_state,
4749  scope, oc, MDL) ||
4750  (data.len != 4)) {
4751  log_error("reply_process_is_prefixed: unable to "
4752  "evaluate default prefix time");
4753  status = ISC_R_FAILURE;
4754  goto cleanup;
4755  }
4756 
4757  reply->send_valid = getULong(data.data);
4758  data_string_forget(&data, MDL);
4759  }
4760 
4761  /* Check to see if the lease time would cause us to wrap
4762  * in which case we make it infinite.
4763  * The following doesn't work on at least some systems:
4764  * (cur_time + reply->send_valid < cur_time)
4765  */
4766  if (reply->send_valid != INFINITE_TIME) {
4767  time_t test_time = cur_time + reply->send_valid;
4768  if (test_time < cur_time)
4769  reply->send_valid = INFINITE_TIME;
4770  }
4771 
4772  if (reply->client_prefer == 0)
4773  reply->send_prefer = reply->send_valid;
4774  else
4775  reply->send_prefer = reply->client_prefer;
4776 
4777  if ((reply->send_prefer >= reply->send_valid) &&
4778  (reply->send_valid != INFINITE_TIME))
4779  reply->send_prefer = (reply->send_valid / 2) +
4780  (reply->send_valid / 8);
4781 
4782  oc = lookup_option(&server_universe, reply->opt_state,
4784  if (oc != NULL) {
4785  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4786  reply->packet->options,
4787  reply->opt_state,
4788  scope, oc, MDL) ||
4789  (data.len != 4)) {
4790  log_error("reply_process_is_prefixed: unable to "
4791  "evaluate preferred prefix time");
4792  status = ISC_R_FAILURE;
4793  goto cleanup;
4794  }
4795 
4796  reply->send_prefer = getULong(data.data);
4797  data_string_forget(&data, MDL);
4798  }
4799 
4800  /* Note lowest values for later calculation of renew/rebind times. */
4801  if (reply->min_prefer > reply->send_prefer)
4802  reply->min_prefer = reply->send_prefer;
4803 
4804  if (reply->min_valid > reply->send_valid)
4805  reply->min_valid = reply->send_valid;
4806 
4807  /* Perform dynamic prefix related update work. */
4808  if (reply->lease != NULL) {
4809  /* Cached lifetimes */
4810  reply->lease->prefer = reply->send_prefer;
4811  reply->lease->valid = reply->send_valid;
4812 
4813  /* Advance (or rewind) the valid lifetime.
4814  * In the protocol 0xFFFFFFFF is infinite
4815  * when connecting to the lease file MAX_TIME is
4816  */
4817  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
4818  if (reply->send_valid == INFINITE_TIME) {
4819  reply->lease->soft_lifetime_end_time = MAX_TIME;
4820  } else {
4821  reply->lease->soft_lifetime_end_time =
4822  cur_time + reply->send_valid;
4823  }
4824  /* Wait before renew! */
4825  }
4826 
4827  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
4828  if (status != ISC_R_SUCCESS) {
4829  log_fatal("reply_process_is_prefixed: Unable to "
4830  "attach prefix to new IA_PD: %s",
4831  isc_result_totext(status));
4832  }
4833 
4834  /*
4835  * If this is a new prefix, make sure it is attached somewhere.
4836  */
4837  if (reply->lease->ia == NULL) {
4838  ia_reference(&reply->lease->ia, reply->ia, MDL);
4839  }
4840  }
4841 
4842  /* Bring a copy of the relevant options into the IA_PD scope. */
4843  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4844  reply->packet->options, reply->reply_ia,
4845  scope, group, root_group, NULL);
4846 
4847  /* Execute statements from class scopes. */
4848  for (i = reply->packet->class_count; i > 0; i--) {
4849  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4850  reply->packet->options,
4851  reply->reply_ia, scope,
4852  reply->packet->classes[i - 1]->group,
4853  group, NULL);
4854  }
4855 
4856  /*
4857  * And bring in host record configuration, if any, but not to overlap
4858  * the previous group or its common enclosers.
4859  */
4860  if (reply->host != NULL)
4861  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4862  reply->packet->options,
4863  reply->reply_ia, scope,
4864  reply->host->group, group, NULL);
4865 
4866  cleanup:
4867  if (data.data != NULL)
4868  data_string_forget(&data, MDL);
4869 
4870  if (status == ISC_R_SUCCESS)
4871  reply->client_resources++;
4872 
4873  return status;
4874 }
4875 
4876 /* Simply send an IAPREFIX within the IA_PD scope as described. */
4877 static isc_result_t
4878 reply_process_send_prefix(struct reply_state *reply,
4879  struct iaddrcidrnet *pref) {
4880  isc_result_t status = ISC_R_SUCCESS;
4881  struct data_string data;
4882 
4883  memset(&data, 0, sizeof(data));
4884 
4885  /* Now append the prefix. */
4886  data.len = IAPREFIX_OFFSET;
4887  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
4888  log_error("reply_process_send_prefix: out of memory"
4889  "allocating new IAPREFIX buffer.");
4890  status = ISC_R_NOMEMORY;
4891  goto cleanup;
4892  }
4893  data.data = data.buffer->data;
4894 
4895  putULong(data.buffer->data, reply->send_prefer);
4896  putULong(data.buffer->data + 4, reply->send_valid);
4897  data.buffer->data[8] = pref->bits;
4898  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
4899 
4900  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
4901  data.buffer, data.buffer->data,
4902  data.len, D6O_IAPREFIX, 0)) {
4903  log_error("reply_process_send_prefix: unable "
4904  "to save IAPREFIX option");
4905  status = ISC_R_FAILURE;
4906  goto cleanup;
4907  }
4908 
4909  reply->resources_included = ISC_TRUE;
4910 
4911  cleanup:
4912  if (data.data != NULL)
4914 
4915  return status;
4916 }
4917 
4918 /* Choose the better of two prefixes. */
4919 static struct iasubopt *
4920 prefix_compare(struct reply_state *reply,
4921  struct iasubopt *alpha, struct iasubopt *beta) {
4922  if (alpha == NULL)
4923  return beta;
4924  if (beta == NULL)
4925  return alpha;
4926 
4927  if (reply->preflen >= 0) {
4928  if ((alpha->plen == reply->preflen) &&
4929  (beta->plen != reply->preflen))
4930  return alpha;
4931  if ((beta->plen == reply->preflen) &&
4932  (alpha->plen != reply->preflen))
4933  return beta;
4934  }
4935 
4936  switch(alpha->state) {
4937  case FTS_ACTIVE:
4938  switch(beta->state) {
4939  case FTS_ACTIVE:
4940  /* Choose the prefix with the longest lifetime (most
4941  * likely the most recently allocated).
4942  */
4943  if (alpha->hard_lifetime_end_time <
4944  beta->hard_lifetime_end_time)
4945  return beta;
4946  else
4947  return alpha;
4948 
4949  case FTS_EXPIRED:
4950  case FTS_ABANDONED:
4951  return alpha;
4952 
4953  default:
4954  log_fatal("Impossible condition at %s:%d.", MDL);
4955  }
4956  break;
4957 
4958  case FTS_EXPIRED:
4959  switch (beta->state) {
4960  case FTS_ACTIVE:
4961  return beta;
4962 
4963  case FTS_EXPIRED:
4964  /* Choose the most recently expired prefix. */
4965  if (alpha->hard_lifetime_end_time <
4966  beta->hard_lifetime_end_time)
4967  return beta;
4968  else if ((alpha->hard_lifetime_end_time ==
4969  beta->hard_lifetime_end_time) &&
4970  (alpha->soft_lifetime_end_time <
4971  beta->soft_lifetime_end_time))
4972  return beta;
4973  else
4974  return alpha;
4975 
4976  case FTS_ABANDONED:
4977  return alpha;
4978 
4979  default:
4980  log_fatal("Impossible condition at %s:%d.", MDL);
4981  }
4982  break;
4983 
4984  case FTS_ABANDONED:
4985  switch (beta->state) {
4986  case FTS_ACTIVE:
4987  case FTS_EXPIRED:
4988  return alpha;
4989 
4990  case FTS_ABANDONED:
4991  /* Choose the prefix that was abandoned longest ago. */
4992  if (alpha->hard_lifetime_end_time <
4993  beta->hard_lifetime_end_time)
4994  return alpha;
4995  else
4996  return beta;
4997 
4998  default:
4999  log_fatal("Impossible condition at %s:%d.", MDL);
5000  }
5001  break;
5002 
5003  default:
5004  log_fatal("Impossible condition at %s:%d.", MDL);
5005  }
5006 
5007  log_fatal("Triple impossible condition at %s:%d.", MDL);
5008  return NULL;
5009 }
5010 
5011 /*
5012  * Solicit is how a client starts requesting addresses.
5013  *
5014  * If the client asks for rapid commit, and we support it, we will
5015  * allocate the addresses and reply.
5016  *
5017  * Otherwise we will send an advertise message.
5018  */
5019 
5020 static void
5021 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5022  struct data_string client_id;
5023 
5024  /*
5025  * Validate our input.
5026  */
5027  if (!valid_client_msg(packet, &client_id)) {
5028  return;
5029  }
5030 
5031  lease_to_client(reply_ret, packet, &client_id, NULL);
5032 
5033  /*
5034  * Clean up.
5035  */
5036  data_string_forget(&client_id, MDL);
5037 }
5038 
5039 /*
5040  * Request is how a client actually requests addresses.
5041  *
5042  * Very similar to Solicit handling, except the server DUID is required.
5043  */
5044 
5045 static void
5046 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5047  struct data_string client_id;
5048  struct data_string server_id;
5049 
5050  /*
5051  * Validate our input.
5052  */
5053  if (!valid_client_resp(packet, &client_id, &server_id)) {
5054  return;
5055  }
5056 
5057  /* If the REQUEST arrived via unicast and unicast option isn't set,
5058  * reject it per RFC 3315, Sec 18.2.1 */
5059  if (packet->unicast == ISC_TRUE &&
5060  is_unicast_option_defined(packet) == ISC_FALSE) {
5061  unicast_reject(reply_ret, packet, &client_id, &server_id);
5062  } else {
5063  /*
5064  * Issue our lease.
5065  */
5066  lease_to_client(reply_ret, packet, &client_id, &server_id);
5067  }
5068 
5069  /*
5070  * Cleanup.
5071  */
5072  data_string_forget(&client_id, MDL);
5073  data_string_forget(&server_id, MDL);
5074 }
5075 
5076 /* Find a DHCPv6 packet's shared network from hints in the packet.
5077  */
5078 static isc_result_t
5079 shared_network_from_packet6(struct shared_network **shared,
5080  struct packet *packet)
5081 {
5082  const struct packet *chk_packet;
5083  const struct in6_addr *link_addr, *first_link_addr;
5084  struct iaddr tmp_addr;
5085  struct subnet *subnet;
5086  isc_result_t status;
5087 
5088  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5089  return DHCP_R_INVALIDARG;
5090 
5091  /*
5092  * First, find the link address where the packet from the client
5093  * first appeared (if this packet was relayed).
5094  */
5095  first_link_addr = NULL;
5096  chk_packet = packet->dhcpv6_container_packet;
5097  while (chk_packet != NULL) {
5098  link_addr = &chk_packet->dhcpv6_link_address;
5099  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5100  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5101  first_link_addr = link_addr;
5102  break;
5103  }
5104  chk_packet = chk_packet->dhcpv6_container_packet;
5105  }
5106 
5107  /*
5108  * If there is a relayed link address, find the subnet associated
5109  * with that, and use that to get the appropriate
5110  * shared_network.
5111  */
5112  if (first_link_addr != NULL) {
5113  tmp_addr.len = sizeof(*first_link_addr);
5114  memcpy(tmp_addr.iabuf,
5115  first_link_addr, sizeof(*first_link_addr));
5116  subnet = NULL;
5117  if (!find_subnet(&subnet, tmp_addr, MDL)) {
5118  log_debug("No subnet found for link-address %s.",
5119  piaddr(tmp_addr));
5120  return ISC_R_NOTFOUND;
5121  }
5122  status = shared_network_reference(shared,
5124  subnet_dereference(&subnet, MDL);
5125 
5126  /*
5127  * If there is no link address, we will use the interface
5128  * that this packet came in on to pick the shared_network.
5129  */
5130  } else if (packet->interface != NULL) {
5131  status = shared_network_reference(shared,
5133  MDL);
5134  if (packet->dhcpv6_container_packet != NULL) {
5135  log_info("[L2 Relay] No link address in relay packet "
5136  "assuming L2 relay and using receiving "
5137  "interface");
5138  }
5139 
5140  } else {
5141  /*
5142  * We shouldn't be able to get here but if there is no link
5143  * address and no interface we don't know where to get the
5144  * pool from log an error and return an error.
5145  */
5146  log_error("No interface and no link address "
5147  "can't determine pool");
5148  status = DHCP_R_INVALIDARG;
5149  }
5150 
5151  return status;
5152 }
5153 
5154 /*
5155  * When a client thinks it might be on a new link, it sends a
5156  * Confirm message.
5157  *
5158  * From RFC3315 section 18.2.2:
5159  *
5160  * When the server receives a Confirm message, the server determines
5161  * whether the addresses in the Confirm message are appropriate for the
5162  * link to which the client is attached. If all of the addresses in the
5163  * Confirm message pass this test, the server returns a status of
5164  * Success. If any of the addresses do not pass this test, the server
5165  * returns a status of NotOnLink. If the server is unable to perform
5166  * this test (for example, the server does not have information about
5167  * prefixes on the link to which the client is connected), or there were
5168  * no addresses in any of the IAs sent by the client, the server MUST
5169  * NOT send a reply to the client.
5170  */
5171 
5172 static void
5173 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5174  struct shared_network *shared;
5175  struct subnet *subnet;
5176  struct option_cache *ia, *ta, *oc;
5177  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5178  struct option_state *cli_enc_opt_state, *opt_state;
5179  struct iaddr cli_addr;
5180  int pass;
5181  isc_boolean_t inappropriate, has_addrs;
5182  char reply_data[65536];
5183  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5184  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5185 
5186  /*
5187  * Basic client message validation.
5188  */
5189  memset(&client_id, 0, sizeof(client_id));
5190  if (!valid_client_msg(packet, &client_id)) {
5191  return;
5192  }
5193 
5194  /*
5195  * Do not process Confirms that do not have IA's we do not recognize.
5196  */
5199  if ((ia == NULL) && (ta == NULL))
5200  return;
5201 
5202  /*
5203  * IA_PD's are simply ignored.
5204  */
5206 
5207  /*
5208  * Bit of variable initialization.
5209  */
5210  opt_state = cli_enc_opt_state = NULL;
5211  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5212  memset(&iaaddr, 0, sizeof(iaaddr));
5213  memset(&packet_oro, 0, sizeof(packet_oro));
5214 
5215  /* Determine what shared network the client is connected to. We
5216  * must not respond if we don't have any information about the
5217  * network the client is on.
5218  */
5219  shared = NULL;
5220  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5221  (shared == NULL))
5222  goto exit;
5223 
5224  /* If there are no recorded subnets, then we have no
5225  * information about this subnet - ignore Confirms.
5226  */
5227  subnet = shared->subnets;
5228  if (subnet == NULL)
5229  goto exit;
5230 
5231  /* Are the addresses in all the IA's appropriate for that link? */
5232  has_addrs = inappropriate = ISC_FALSE;
5233  pass = D6O_IA_NA;
5234  while(!inappropriate) {
5235  /* If we've reached the end of the IA_NA pass, move to the
5236  * IA_TA pass.
5237  */
5238  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5239  pass = D6O_IA_TA;
5240  ia = ta;
5241  }
5242 
5243  /* If we've reached the end of all passes, we're done. */
5244  if (ia == NULL)
5245  break;
5246 
5247  if (((pass == D6O_IA_NA) &&
5248  !get_encapsulated_IA_state(&cli_enc_opt_state,
5249  &cli_enc_opt_data,
5250  packet, ia, IA_NA_OFFSET)) ||
5251  ((pass == D6O_IA_TA) &&
5252  !get_encapsulated_IA_state(&cli_enc_opt_state,
5253  &cli_enc_opt_data,
5254  packet, ia, IA_TA_OFFSET))) {
5255  goto exit;
5256  }
5257 
5258  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5259  D6O_IAADDR);
5260 
5261  for ( ; oc != NULL ; oc = oc->next) {
5262  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5263  packet->options, NULL,
5264  &global_scope, oc, MDL) ||
5265  (iaaddr.len < IAADDR_OFFSET)) {
5266  log_error("dhcpv6_confirm: "
5267  "error evaluating IAADDR.");
5268  goto exit;
5269  }
5270 
5271  /* Copy out the IPv6 address for processing. */
5272  cli_addr.len = 16;
5273  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5274 
5275  data_string_forget(&iaaddr, MDL);
5276 
5277  /* Record that we've processed at least one address. */
5278  has_addrs = ISC_TRUE;
5279 
5280  /* Find out if any subnets cover this address. */
5281  for (subnet = shared->subnets ; subnet != NULL ;
5282  subnet = subnet->next_sibling) {
5283  if (addr_eq(subnet_number(cli_addr,
5284  subnet->netmask),
5285  subnet->net))
5286  break;
5287  }
5288 
5289  /* If we reach the end of the subnet list, and no
5290  * subnet matches the client address, then it must
5291  * be inappropriate to the link (so far as our
5292  * configuration says). Once we've found one
5293  * inappropriate address, there is no reason to
5294  * continue searching.
5295  */
5296  if (subnet == NULL) {
5297  inappropriate = ISC_TRUE;
5298  break;
5299  }
5300  }
5301 
5302  option_state_dereference(&cli_enc_opt_state, MDL);
5303  data_string_forget(&cli_enc_opt_data, MDL);
5304 
5305  /* Advance to the next IA_*. */
5306  ia = ia->next;
5307  }
5308 
5309  /* If the client supplied no addresses, do not reply. */
5310  if (!has_addrs)
5311  goto exit;
5312 
5313  /*
5314  * Set up reply.
5315  */
5316  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5317  goto exit;
5318  }
5319 
5320  /*
5321  * Set our status.
5322  */
5323  if (inappropriate) {
5324  if (!set_status_code(STATUS_NotOnLink,
5325  "Some of the addresses are not on link.",
5326  opt_state)) {
5327  goto exit;
5328  }
5329  } else {
5330  if (!set_status_code(STATUS_Success,
5331  "All addresses still on link.",
5332  opt_state)) {
5333  goto exit;
5334  }
5335  }
5336 
5337  /*
5338  * Only one option: add it.
5339  */
5340  reply_ofs += store_options6(reply_data+reply_ofs,
5341  sizeof(reply_data)-reply_ofs,
5342  opt_state, packet,
5343  required_opts, &packet_oro);
5344 
5345  /*
5346  * Return our reply to the caller.
5347  */
5348  reply_ret->len = reply_ofs;
5349  reply_ret->buffer = NULL;
5350  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5351  log_fatal("No memory to store reply.");
5352  }
5353  reply_ret->data = reply_ret->buffer->data;
5354  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5355 
5356 exit:
5357  /* Cleanup any stale data strings. */
5358  if (cli_enc_opt_data.buffer != NULL)
5359  data_string_forget(&cli_enc_opt_data, MDL);
5360  if (iaaddr.buffer != NULL)
5361  data_string_forget(&iaaddr, MDL);
5362  if (client_id.buffer != NULL)
5363  data_string_forget(&client_id, MDL);
5364  if (packet_oro.buffer != NULL)
5365  data_string_forget(&packet_oro, MDL);
5366 
5367  /* Release any stale option states. */
5368  if (cli_enc_opt_state != NULL)
5369  option_state_dereference(&cli_enc_opt_state, MDL);
5370  if (opt_state != NULL)
5371  option_state_dereference(&opt_state, MDL);
5372 }
5373 
5374 /*
5375  * Renew is when a client wants to extend its lease/prefix, at time T1.
5376  *
5377  * We handle this the same as if the client wants a new lease/prefix,
5378  * except for the error code of when addresses don't match.
5379  */
5380 
5381 static void
5382 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5383  struct data_string client_id;
5384  struct data_string server_id;
5385 
5386  /*
5387  * Validate the request.
5388  */
5389  if (!valid_client_resp(packet, &client_id, &server_id)) {
5390  return;
5391  }
5392 
5393  /* If the RENEW arrived via unicast and unicast option isn't set,
5394  * reject it per RFC 3315, Sec 18.2.3 */
5395  if (packet->unicast == ISC_TRUE &&
5396  is_unicast_option_defined(packet) == ISC_FALSE) {
5397  unicast_reject(reply, packet, &client_id, &server_id);
5398  } else {
5399  /*
5400  * Renew our lease.
5401  */
5402  lease_to_client(reply, packet, &client_id, &server_id);
5403  }
5404 
5405  /*
5406  * Cleanup.
5407  */
5408  data_string_forget(&server_id, MDL);
5409  data_string_forget(&client_id, MDL);
5410 }
5411 
5412 /*
5413  * Rebind is when a client wants to extend its lease, at time T2.
5414  *
5415  * We handle this the same as if the client wants a new lease, except
5416  * for the error code of when addresses don't match.
5417  */
5418 
5419 static void
5420 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5421  struct data_string client_id;
5422 
5423  if (!valid_client_msg(packet, &client_id)) {
5424  return;
5425  }
5426 
5427  lease_to_client(reply, packet, &client_id, NULL);
5428 
5429  data_string_forget(&client_id, MDL);
5430 }
5431 
5432 static void
5433 ia_na_match_decline(const struct data_string *client_id,
5434  const struct data_string *iaaddr,
5435  struct iasubopt *lease)
5436 {
5437  char tmp_addr[INET6_ADDRSTRLEN];
5438 
5439  log_error("Client %s reports address %s is "
5440  "already in use by another host!",
5441  print_hex_1(client_id->len, client_id->data, 60),
5442  inet_ntop(AF_INET6, iaaddr->data,
5443  tmp_addr, sizeof(tmp_addr)));
5444  if (lease != NULL) {
5445  decline_lease6(lease->ipv6_pool, lease);
5446  lease->ia->cltt = cur_time;
5447  write_ia(lease->ia);
5448  }
5449 }
5450 
5451 static void
5452 ia_na_nomatch_decline(const struct data_string *client_id,
5453  const struct data_string *iaaddr,
5454  u_int32_t *ia_na_id,
5455  struct packet *packet,
5456  char *reply_data,
5457  int *reply_ofs,
5458  int reply_len)
5459 {
5460  char tmp_addr[INET6_ADDRSTRLEN];
5461  struct option_state *host_opt_state;
5462  int len;
5463 
5464  log_info("Client %s declines address %s, which is not offered to it.",
5465  print_hex_1(client_id->len, client_id->data, 60),
5466  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5467 
5468  /*
5469  * Create state for this IA_NA.
5470  */
5471  host_opt_state = NULL;
5472  if (!option_state_allocate(&host_opt_state, MDL)) {
5473  log_error("ia_na_nomatch_decline: out of memory "
5474  "allocating option_state.");
5475  goto exit;
5476  }
5477 
5478  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5479  host_opt_state)) {
5480  goto exit;
5481  }
5482 
5483  /*
5484  * Insure we have enough space
5485  */
5486  if (reply_len < (*reply_ofs + 16)) {
5487  log_error("ia_na_nomatch_decline: "
5488  "out of space for reply packet.");
5489  goto exit;
5490  }
5491 
5492  /*
5493  * Put our status code into the reply packet.
5494  */
5495  len = store_options6(reply_data+(*reply_ofs)+16,
5496  reply_len-(*reply_ofs)-16,
5497  host_opt_state, packet,
5498  required_opts_STATUS_CODE, NULL);
5499 
5500  /*
5501  * Store the non-encapsulated option data for this
5502  * IA_NA into our reply packet. Defined in RFC 3315,
5503  * section 22.4.
5504  */
5505  /* option number */
5506  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5507  /* option length */
5508  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5509  /* IA_NA, copied from the client */
5510  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5511  /* t1 and t2, odd that we need them, but here it is */
5512  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5513  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5514 
5515  /*
5516  * Get ready for next IA_NA.
5517  */
5518  *reply_ofs += (len + 16);
5519 
5520 exit:
5521  option_state_dereference(&host_opt_state, MDL);
5522 }
5523 
5524 static void
5525 iterate_over_ia_na(struct data_string *reply_ret,
5526  struct packet *packet,
5527  const struct data_string *client_id,
5528  const struct data_string *server_id,
5529  const char *packet_type,
5530  void (*ia_na_match)(),
5531  void (*ia_na_nomatch)())
5532 {
5533  struct option_state *opt_state;
5534  struct host_decl *packet_host;
5535  struct option_cache *ia;
5536  struct option_cache *oc;
5537  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5538  struct data_string cli_enc_opt_data;
5539  struct option_state *cli_enc_opt_state;
5540  struct host_decl *host;
5541  struct data_string iaaddr;
5542  struct data_string fixed_addr;
5543  char reply_data[65536];
5544  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5545  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5546  char status_msg[32];
5547  struct iasubopt *lease;
5548  struct ia_xx *existing_ia_na;
5549  int i;
5550  struct data_string key;
5551  u_int32_t iaid;
5552 
5553  /*
5554  * Initialize to empty values, in case we have to exit early.
5555  */
5556  opt_state = NULL;
5557  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5558  cli_enc_opt_state = NULL;
5559  memset(&iaaddr, 0, sizeof(iaaddr));
5560  memset(&fixed_addr, 0, sizeof(fixed_addr));
5561  lease = NULL;
5562 
5563  /*
5564  * Find the host record that matches from the packet, if any.
5565  */
5566  packet_host = NULL;
5567  find_hosts6(&packet_host, packet, client_id, MDL);
5568 
5569  /*
5570  * Set our reply information.
5571  */
5572  reply->msg_type = DHCPV6_REPLY;
5574  sizeof(reply->transaction_id));
5575 
5576  /*
5577  * Build our option state for reply.
5578  */
5579  opt_state = NULL;
5580  if (!option_state_allocate(&opt_state, MDL)) {
5581  log_error("iterate_over_ia_na: no memory for option_state.");
5582  goto exit;
5583  }
5584  execute_statements_in_scope(NULL, packet, NULL, NULL,
5585  packet->options, opt_state,
5586  &global_scope, root_group, NULL, NULL);
5587 
5588  /*
5589  * RFC 3315, section 18.2.7 tells us which options to include.
5590  */
5591  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5592  if (oc == NULL) {
5593  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5594  (unsigned char *)server_duid.data,
5595  server_duid.len, D6O_SERVERID, 0)) {
5596  log_error("iterate_over_ia_na: "
5597  "error saving server identifier.");
5598  goto exit;
5599  }
5600  }
5601 
5602  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5603  client_id->buffer,
5604  (unsigned char *)client_id->data,
5605  client_id->len,
5606  D6O_CLIENTID, 0)) {
5607  log_error("iterate_over_ia_na: "
5608  "error saving client identifier.");
5609  goto exit;
5610  }
5611 
5612  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5613  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5614  goto exit;
5615  }
5616 
5617  /*
5618  * Add our options that are not associated with any IA_NA or IA_TA.
5619  */
5620  reply_ofs += store_options6(reply_data+reply_ofs,
5621  sizeof(reply_data)-reply_ofs,
5622  opt_state, packet,
5623  required_opts, NULL);
5624 
5625  /*
5626  * Loop through the IA_NA reported by the client, and deal with
5627  * addresses reported as already in use.
5628  */
5630  ia != NULL; ia = ia->next) {
5631 
5632  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5633  &cli_enc_opt_data,
5634  packet, ia, IA_NA_OFFSET)) {
5635  goto exit;
5636  }
5637 
5638  iaid = getULong(cli_enc_opt_data.data);
5639 
5640  /*
5641  * XXX: It is possible that we can get multiple addresses
5642  * sent by the client. We don't send multiple
5643  * addresses, so this indicates a client error.
5644  * We should check for multiple IAADDR options, log
5645  * if found, and set as an error.
5646  */
5647  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5648  D6O_IAADDR);
5649  if (oc == NULL) {
5650  /* no address given for this IA, ignore */
5651  option_state_dereference(&cli_enc_opt_state, MDL);
5652  data_string_forget(&cli_enc_opt_data, MDL);
5653  continue;
5654  }
5655 
5656  memset(&iaaddr, 0, sizeof(iaaddr));
5657  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5658  packet->options, NULL,
5659  &global_scope, oc, MDL)) {
5660  log_error("iterate_over_ia_na: "
5661  "error evaluating IAADDR.");
5662  goto exit;
5663  }
5664 
5665  /*
5666  * Now we need to figure out which host record matches
5667  * this IA_NA and IAADDR (encapsulated option contents
5668  * matching a host record by option).
5669  *
5670  * XXX: We don't currently track IA_NA separately, but
5671  * we will need to do this!
5672  */
5673  host = NULL;
5674  if (!find_hosts_by_option(&host, packet,
5675  cli_enc_opt_state, MDL)) {
5676  if (packet_host != NULL) {
5677  host = packet_host;
5678  } else {
5679  host = NULL;
5680  }
5681  }
5682  while (host != NULL) {
5683  if (host->fixed_addr != NULL) {
5684  if (!evaluate_option_cache(&fixed_addr, NULL,
5685  NULL, NULL, NULL,
5686  NULL, &global_scope,
5687  host->fixed_addr,
5688  MDL)) {
5689  log_error("iterate_over_ia_na: error "
5690  "evaluating host address.");
5691  goto exit;
5692  }
5693  if ((iaaddr.len >= 16) &&
5694  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
5695  data_string_forget(&fixed_addr, MDL);
5696  break;
5697  }
5698  data_string_forget(&fixed_addr, MDL);
5699  }
5700  host = host->n_ipaddr;
5701  }
5702 
5703  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
5704  /*
5705  * Find existing IA_NA.
5706  */
5707  if (ia_make_key(&key, iaid,
5708  (char *)client_id->data,
5709  client_id->len,
5710  MDL) != ISC_R_SUCCESS) {
5711  log_fatal("iterate_over_ia_na: no memory for "
5712  "key.");
5713  }
5714 
5715  existing_ia_na = NULL;
5716  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
5717  (unsigned char *)key.data,
5718  key.len, MDL)) {
5719  /*
5720  * Make sure this address is in the IA_NA.
5721  */
5722  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
5723  struct iasubopt *tmp;
5724  struct in6_addr *in6_addr;
5725 
5726  tmp = existing_ia_na->iasubopt[i];
5727  in6_addr = &tmp->addr;
5728  if (memcmp(in6_addr,
5729  iaaddr.data, 16) == 0) {
5731  tmp, MDL);
5732  break;
5733  }
5734  }
5735  }
5736 
5737  data_string_forget(&key, MDL);
5738  }
5739 
5740  if ((host != NULL) || (lease != NULL)) {
5741  ia_na_match(client_id, &iaaddr, lease);
5742  } else {
5743  ia_na_nomatch(client_id, &iaaddr,
5744  (u_int32_t *)cli_enc_opt_data.data,
5745  packet, reply_data, &reply_ofs,
5746  sizeof(reply_data));
5747  }
5748 
5749  if (lease != NULL) {
5751  }
5752 
5753  data_string_forget(&iaaddr, MDL);
5754  option_state_dereference(&cli_enc_opt_state, MDL);
5755  data_string_forget(&cli_enc_opt_data, MDL);
5756  }
5757 
5758  /*
5759  * Return our reply to the caller.
5760  */
5761  reply_ret->len = reply_ofs;
5762  reply_ret->buffer = NULL;
5763  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5764  log_fatal("No memory to store reply.");
5765  }
5766  reply_ret->data = reply_ret->buffer->data;
5767  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5768 
5769 exit:
5770  if (lease != NULL) {
5772  }
5773  if (fixed_addr.buffer != NULL) {
5774  data_string_forget(&fixed_addr, MDL);
5775  }
5776  if (iaaddr.buffer != NULL) {
5777  data_string_forget(&iaaddr, MDL);
5778  }
5779  if (cli_enc_opt_state != NULL) {
5780  option_state_dereference(&cli_enc_opt_state, MDL);
5781  }
5782  if (cli_enc_opt_data.buffer != NULL) {
5783  data_string_forget(&cli_enc_opt_data, MDL);
5784  }
5785  if (opt_state != NULL) {
5786  option_state_dereference(&opt_state, MDL);
5787  }
5788 }
5789 
5790 /*
5791  * Decline means a client has detected that something else is using an
5792  * address we gave it.
5793  *
5794  * Since we're only dealing with fixed leases for now, there's not
5795  * much we can do, other that log the occurrence.
5796  *
5797  * When we start issuing addresses from pools, then we will have to
5798  * record our declined addresses and issue another. In general with
5799  * IPv6 there is no worry about DoS by clients exhausting space, but
5800  * we still need to be aware of this possibility.
5801  */
5802 
5803 /* TODO: IA_TA */
5804 static void
5805 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
5806  struct data_string client_id;
5807  struct data_string server_id;
5808 
5809  /*
5810  * Validate our input.
5811  */
5812  if (!valid_client_resp(packet, &client_id, &server_id)) {
5813  return;
5814  }
5815 
5816  /* If the DECLINE arrived via unicast and unicast option isn't set,
5817  * reject it per RFC 3315, Sec 18.2.7 */
5818  if (packet->unicast == ISC_TRUE &&
5819  is_unicast_option_defined(packet) == ISC_FALSE) {
5820  unicast_reject(reply, packet, &client_id, &server_id);
5821  } else {
5822  /*
5823  * Undefined for IA_PD.
5824  */
5826 
5827  /*
5828  * And operate on each IA_NA in this packet.
5829  */
5830  iterate_over_ia_na(reply, packet, &client_id, &server_id,
5831  "Decline", ia_na_match_decline,
5832  ia_na_nomatch_decline);
5833 
5834  }
5835 
5836  data_string_forget(&server_id, MDL);
5837  data_string_forget(&client_id, MDL);
5838 }
5839 
5840 static void
5841 ia_na_match_release(const struct data_string *client_id,
5842  const struct data_string *iaaddr,
5843  struct iasubopt *lease)
5844 {
5845  char tmp_addr[INET6_ADDRSTRLEN];
5846 
5847  log_info("Client %s releases address %s",
5848  print_hex_1(client_id->len, client_id->data, 60),
5849  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5850  if (lease != NULL) {
5851  release_lease6(lease->ipv6_pool, lease);
5852  lease->ia->cltt = cur_time;
5853  write_ia(lease->ia);
5854  }
5855 }
5856 
5857 static void
5858 ia_na_nomatch_release(const struct data_string *client_id,
5859  const struct data_string *iaaddr,
5860  u_int32_t *ia_na_id,
5861  struct packet *packet,
5862  char *reply_data,
5863  int *reply_ofs,
5864  int reply_len)
5865 {
5866  char tmp_addr[INET6_ADDRSTRLEN];
5867  struct option_state *host_opt_state;
5868  int len;
5869 
5870  log_info("Client %s releases address %s, which is not leased to it.",
5871  print_hex_1(client_id->len, client_id->data, 60),
5872  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5873 
5874  /*
5875  * Create state for this IA_NA.
5876  */
5877  host_opt_state = NULL;
5878  if (!option_state_allocate(&host_opt_state, MDL)) {
5879  log_error("ia_na_nomatch_release: out of memory "
5880  "allocating option_state.");
5881  goto exit;
5882  }
5883 
5884  if (!set_status_code(STATUS_NoBinding,
5885  "Release for non-leased address.",
5886  host_opt_state)) {
5887  goto exit;
5888  }
5889 
5890  /*
5891  * Insure we have enough space
5892  */
5893  if (reply_len < (*reply_ofs + 16)) {
5894  log_error("ia_na_nomatch_release: "
5895  "out of space for reply packet.");
5896  goto exit;
5897  }
5898 
5899  /*
5900  * Put our status code into the reply packet.
5901  */
5902  len = store_options6(reply_data+(*reply_ofs)+16,
5903  reply_len-(*reply_ofs)-16,
5904  host_opt_state, packet,
5905  required_opts_STATUS_CODE, NULL);
5906 
5907  /*
5908  * Store the non-encapsulated option data for this
5909  * IA_NA into our reply packet. Defined in RFC 3315,
5910  * section 22.4.
5911  */
5912  /* option number */
5913  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5914  /* option length */
5915  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5916  /* IA_NA, copied from the client */
5917  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5918  /* t1 and t2, odd that we need them, but here it is */
5919  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5920  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5921 
5922  /*
5923  * Get ready for next IA_NA.
5924  */
5925  *reply_ofs += (len + 16);
5926 
5927 exit:
5928  option_state_dereference(&host_opt_state, MDL);
5929 }
5930 
5931 static void
5932 ia_pd_match_release(const struct data_string *client_id,
5933  const struct data_string *iapref,
5934  struct iasubopt *prefix)
5935 {
5936  char tmp_addr[INET6_ADDRSTRLEN];
5937 
5938  log_info("Client %s releases prefix %s/%u",
5939  print_hex_1(client_id->len, client_id->data, 60),
5940  inet_ntop(AF_INET6, iapref->data + 9,
5941  tmp_addr, sizeof(tmp_addr)),
5942  (unsigned) getUChar(iapref->data + 8));
5943  if (prefix != NULL) {
5944  release_lease6(prefix->ipv6_pool, prefix);
5945  prefix->ia->cltt = cur_time;
5946  write_ia(prefix->ia);
5947  }
5948 }
5949 
5950 static void
5951 ia_pd_nomatch_release(const struct data_string *client_id,
5952  const struct data_string *iapref,
5953  u_int32_t *ia_pd_id,
5954  struct packet *packet,
5955  char *reply_data,
5956  int *reply_ofs,
5957  int reply_len)
5958 {
5959  char tmp_addr[INET6_ADDRSTRLEN];
5960  struct option_state *host_opt_state;
5961  int len;
5962 
5963  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
5964  print_hex_1(client_id->len, client_id->data, 60),
5965  inet_ntop(AF_INET6, iapref->data + 9,
5966  tmp_addr, sizeof(tmp_addr)),
5967  (unsigned) getUChar(iapref->data + 8));
5968 
5969  /*
5970  * Create state for this IA_PD.
5971  */
5972  host_opt_state = NULL;
5973  if (!option_state_allocate(&host_opt_state, MDL)) {
5974  log_error("ia_pd_nomatch_release: out of memory "
5975  "allocating option_state.");
5976  goto exit;
5977  }
5978 
5979  if (!set_status_code(STATUS_NoBinding,
5980  "Release for non-leased prefix.",
5981  host_opt_state)) {
5982  goto exit;
5983  }
5984 
5985  /*
5986  * Insure we have enough space
5987  */
5988  if (reply_len < (*reply_ofs + 16)) {
5989  log_error("ia_pd_nomatch_release: "
5990  "out of space for reply packet.");
5991  goto exit;
5992  }
5993 
5994  /*
5995  * Put our status code into the reply packet.
5996  */
5997  len = store_options6(reply_data+(*reply_ofs)+16,
5998  reply_len-(*reply_ofs)-16,
5999  host_opt_state, packet,
6000  required_opts_STATUS_CODE, NULL);
6001 
6002  /*
6003  * Store the non-encapsulated option data for this
6004  * IA_PD into our reply packet. Defined in RFC 3315,
6005  * section 22.4.
6006  */
6007  /* option number */
6008  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6009  /* option length */
6010  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6011  /* IA_PD, copied from the client */
6012  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6013  /* t1 and t2, odd that we need them, but here it is */
6014  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6015  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6016 
6017  /*
6018  * Get ready for next IA_PD.
6019  */
6020  *reply_ofs += (len + 16);
6021 
6022 exit:
6023  option_state_dereference(&host_opt_state, MDL);
6024 }
6025 
6026 static void
6027 iterate_over_ia_pd(struct data_string *reply_ret,
6028  struct packet *packet,
6029  const struct data_string *client_id,
6030  const struct data_string *server_id,
6031  const char *packet_type,
6032  void (*ia_pd_match)(),
6033  void (*ia_pd_nomatch)())
6034 {
6035  struct data_string reply_new;
6036  int reply_len;
6037  struct option_state *opt_state;
6038  struct host_decl *packet_host;
6039  struct option_cache *ia;
6040  struct option_cache *oc;
6041  /* cli_enc_... variables come from the IA_PD options */
6042  struct data_string cli_enc_opt_data;
6043  struct option_state *cli_enc_opt_state;
6044  struct host_decl *host;
6045  struct data_string iaprefix;
6046  char reply_data[65536];
6047  int reply_ofs;
6048  struct iasubopt *prefix;
6049  struct ia_xx *existing_ia_pd;
6050  int i;
6051  struct data_string key;
6052  u_int32_t iaid;
6053 
6054  /*
6055  * Initialize to empty values, in case we have to exit early.
6056  */
6057  memset(&reply_new, 0, sizeof(reply_new));
6058  opt_state = NULL;
6059  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6060  cli_enc_opt_state = NULL;
6061  memset(&iaprefix, 0, sizeof(iaprefix));
6062  prefix = NULL;
6063 
6064  /*
6065  * Compute the available length for the reply.
6066  */
6067  reply_len = sizeof(reply_data) - reply_ret->len;
6068  reply_ofs = 0;
6069 
6070  /*
6071  * Find the host record that matches from the packet, if any.
6072  */
6073  packet_host = NULL;
6074  find_hosts6(&packet_host, packet, client_id, MDL);
6075 
6076  /*
6077  * Build our option state for reply.
6078  */
6079  opt_state = NULL;
6080  if (!option_state_allocate(&opt_state, MDL)) {
6081  log_error("iterate_over_ia_pd: no memory for option_state.");
6082  goto exit;
6083  }
6084  execute_statements_in_scope(NULL, packet, NULL, NULL,
6085  packet->options, opt_state,
6086  &global_scope, root_group, NULL, NULL);
6087 
6088  /*
6089  * Loop through the IA_PD reported by the client, and deal with
6090  * prefixes reported as already in use.
6091  */
6093  ia != NULL; ia = ia->next) {
6094 
6095  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6096  &cli_enc_opt_data,
6097  packet, ia, IA_PD_OFFSET)) {
6098  goto exit;
6099  }
6100 
6101  iaid = getULong(cli_enc_opt_data.data);
6102 
6103  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6104  D6O_IAPREFIX);
6105  if (oc == NULL) {
6106  /* no prefix given for this IA_PD, ignore */
6107  option_state_dereference(&cli_enc_opt_state, MDL);
6108  data_string_forget(&cli_enc_opt_data, MDL);
6109  continue;
6110  }
6111 
6112  for (; oc != NULL; oc = oc->next) {
6113  memset(&iaprefix, 0, sizeof(iaprefix));
6114  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6115  packet->options, NULL,
6116  &global_scope, oc, MDL)) {
6117  log_error("iterate_over_ia_pd: "
6118  "error evaluating IAPREFIX.");
6119  goto exit;
6120  }
6121 
6122  /*
6123  * Now we need to figure out which host record matches
6124  * this IA_PD and IAPREFIX (encapsulated option contents
6125  * matching a host record by option).
6126  *
6127  * XXX: We don't currently track IA_PD separately, but
6128  * we will need to do this!
6129  */
6130  host = NULL;
6131  if (!find_hosts_by_option(&host, packet,
6132  cli_enc_opt_state, MDL)) {
6133  if (packet_host != NULL) {
6134  host = packet_host;
6135  } else {
6136  host = NULL;
6137  }
6138  }
6139  while (host != NULL) {
6140  if (host->fixed_prefix != NULL) {
6141  struct iaddrcidrnetlist *l;
6142  int plen = (int) getUChar(iaprefix.data + 8);
6143 
6144  for (l = host->fixed_prefix; l != NULL;
6145  l = l->next) {
6146  if (plen != l->cidrnet.bits)
6147  continue;
6148  if (memcmp(iaprefix.data + 9,
6149  l->cidrnet.lo_addr.iabuf,
6150  16) == 0)
6151  break;
6152  }
6153  if ((l != NULL) && (iaprefix.len >= 17))
6154  break;
6155  }
6156  host = host->n_ipaddr;
6157  }
6158 
6159  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6160  /*
6161  * Find existing IA_PD.
6162  */
6163  if (ia_make_key(&key, iaid,
6164  (char *)client_id->data,
6165  client_id->len,
6166  MDL) != ISC_R_SUCCESS) {
6167  log_fatal("iterate_over_ia_pd: no memory for "
6168  "key.");
6169  }
6170 
6171  existing_ia_pd = NULL;
6172  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6173  (unsigned char *)key.data,
6174  key.len, MDL)) {
6175  /*
6176  * Make sure this prefix is in the IA_PD.
6177  */
6178  for (i = 0;
6179  i < existing_ia_pd->num_iasubopt;
6180  i++) {
6181  struct iasubopt *tmp;
6182  u_int8_t plen;
6183 
6184  plen = getUChar(iaprefix.data + 8);
6185  tmp = existing_ia_pd->iasubopt[i];
6186  if ((tmp->plen == plen) &&
6187  (memcmp(&tmp->addr,
6188  iaprefix.data + 9,
6189  16) == 0)) {
6190  iasubopt_reference(&prefix,
6191  tmp, MDL);
6192  break;
6193  }
6194  }
6195  }
6196 
6197  data_string_forget(&key, MDL);
6198  }
6199 
6200  if ((host != NULL) || (prefix != NULL)) {
6201  ia_pd_match(client_id, &iaprefix, prefix);
6202  } else {
6203  ia_pd_nomatch(client_id, &iaprefix,
6204  (u_int32_t *)cli_enc_opt_data.data,
6205  packet, reply_data, &reply_ofs,
6206  reply_len - reply_ofs);
6207  }
6208 
6209  if (prefix != NULL) {
6210  iasubopt_dereference(&prefix, MDL);
6211  }
6212 
6213  data_string_forget(&iaprefix, MDL);
6214  }
6215 
6216  option_state_dereference(&cli_enc_opt_state, MDL);
6217  data_string_forget(&cli_enc_opt_data, MDL);
6218  }
6219 
6220  /*
6221  * Return our reply to the caller.
6222  * The IA_NA routine has already filled at least the header.
6223  */
6224  reply_new.len = reply_ret->len + reply_ofs;
6225  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6226  log_fatal("No memory to store reply.");
6227  }
6228  reply_new.data = reply_new.buffer->data;
6229  memcpy(reply_new.buffer->data,
6230  reply_ret->buffer->data, reply_ret->len);
6231  memcpy(reply_new.buffer->data + reply_ret->len,
6232  reply_data, reply_ofs);
6233  data_string_forget(reply_ret, MDL);
6234  data_string_copy(reply_ret, &reply_new, MDL);
6235  data_string_forget(&reply_new, MDL);
6236 
6237 exit:
6238  if (prefix != NULL) {
6239  iasubopt_dereference(&prefix, MDL);
6240  }
6241  if (iaprefix.buffer != NULL) {
6242  data_string_forget(&iaprefix, MDL);
6243  }
6244  if (cli_enc_opt_state != NULL) {
6245  option_state_dereference(&cli_enc_opt_state, MDL);
6246  }
6247  if (cli_enc_opt_data.buffer != NULL) {
6248  data_string_forget(&cli_enc_opt_data, MDL);
6249  }
6250  if (opt_state != NULL) {
6251  option_state_dereference(&opt_state, MDL);
6252  }
6253 }
6254 
6255 /*
6256  * Release means a client is done with the leases.
6257  */
6258 
6259 static void
6260 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6261  struct data_string client_id;
6262  struct data_string server_id;
6263 
6264  /*
6265  * Validate our input.
6266  */
6267  if (!valid_client_resp(packet, &client_id, &server_id)) {
6268  return;
6269  }
6270 
6271  /* If the RELEASE arrived via unicast and unicast option isn't set,
6272  * reject it per RFC 3315, Sec 18.2.6 */
6273  if (packet->unicast == ISC_TRUE &&
6274  is_unicast_option_defined(packet) == ISC_FALSE) {
6275  unicast_reject(reply, packet, &client_id, &server_id);
6276  } else {
6277  /*
6278  * And operate on each IA_NA in this packet.
6279  */
6280  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6281  "Release", ia_na_match_release,
6282  ia_na_nomatch_release);
6283 
6284  /*
6285  * And operate on each IA_PD in this packet.
6286  */
6287  iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6288  "Release", ia_pd_match_release,
6289  ia_pd_nomatch_release);
6290  }
6291 
6292  data_string_forget(&server_id, MDL);
6293  data_string_forget(&client_id, MDL);
6294 }
6295 
6296 /*
6297  * Information-Request is used by clients who have obtained an address
6298  * from other means, but want configuration information from the server.
6299  */
6300 
6301 static void
6302 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6303  struct data_string client_id;
6304  struct data_string server_id;
6305 
6306  /*
6307  * Validate our input.
6308  */
6309  if (!valid_client_info_req(packet, &server_id)) {
6310  return;
6311  }
6312 
6313  /*
6314  * Get our client ID, if there is one.
6315  */
6316  memset(&client_id, 0, sizeof(client_id));
6317  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6318  data_string_forget(&client_id, MDL);
6319  }
6320 
6321  /*
6322  * Use the lease_to_client() function. This will work fine,
6323  * because the valid_client_info_req() insures that we
6324  * don't have any IA that would cause us to allocate
6325  * resources to the client.
6326  */
6327  lease_to_client(reply, packet, &client_id,
6328  server_id.data != NULL ? &server_id : NULL);
6329 
6330  /*
6331  * Cleanup.
6332  */
6333  if (client_id.data != NULL) {
6334  data_string_forget(&client_id, MDL);
6335  }
6336  data_string_forget(&server_id, MDL);
6337 }
6338 
6339 /*
6340  * The Relay-forw message is sent by relays. It typically contains a
6341  * single option, which encapsulates an entire packet.
6342  *
6343  * We need to build an encapsulated reply.
6344  */
6345 
6346 /* XXX: this is very, very similar to do_packet6(), and should probably
6347  be combined in a clever way */
6348 /* DHCPv6 server side */
6349 static void
6350 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6351  struct option_cache *oc;
6352  struct data_string enc_opt_data;
6353  struct packet *enc_packet;
6354  unsigned char msg_type;
6355  const struct dhcpv6_packet *msg;
6356  const struct dhcpv6_relay_packet *relay;
6357  struct data_string enc_reply;
6358  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6359  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6360  struct data_string a_opt, packet_ero;
6361  struct option_state *opt_state;
6362  static char reply_data[65536];
6363  struct dhcpv6_relay_packet *reply;
6364  int reply_ofs;
6365 
6366  /*
6367  * Initialize variables for early exit.
6368  */
6369  opt_state = NULL;
6370  memset(&a_opt, 0, sizeof(a_opt));
6371  memset(&packet_ero, 0, sizeof(packet_ero));
6372  memset(&enc_reply, 0, sizeof(enc_reply));
6373  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6374  enc_packet = NULL;
6375 
6376  /*
6377  * Get our encapsulated relay message.
6378  */
6380  if (oc == NULL) {
6381  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6382  link_addr, sizeof(link_addr));
6383  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6384  peer_addr, sizeof(peer_addr));
6385  log_info("Relay-forward from %s with link address=%s and "
6386  "peer address=%s missing Relay Message option.",
6387  piaddr(packet->client_addr), link_addr, peer_addr);
6388  goto exit;
6389  }
6390 
6391  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6392  NULL, NULL, &global_scope, oc, MDL)) {
6393  /* should be dhcpv6_relay_forw */
6394  log_error("dhcpv6_forw_relay: error evaluating "
6395  "relayed message.");
6396  goto exit;
6397  }
6398 
6399  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6400  /* should be dhcpv6_relay_forw */
6401  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6402  goto exit;
6403  }
6404 
6405  /*
6406  * Build a packet structure from this encapsulated packet.
6407  */
6408  enc_packet = NULL;
6409  if (!packet_allocate(&enc_packet, MDL)) {
6410  /* should be dhcpv6_relay_forw */
6411  log_error("dhcpv6_forw_relay: "
6412  "no memory for encapsulated packet.");
6413  goto exit;
6414  }
6415 
6416  if (!option_state_allocate(&enc_packet->options, MDL)) {
6417  /* should be dhcpv6_relay_forw */
6418  log_error("dhcpv6_forw_relay: "
6419  "no memory for encapsulated packet's options.");
6420  goto exit;
6421  }
6422 
6423  enc_packet->client_port = packet->client_port;
6424  enc_packet->client_addr = packet->client_addr;
6425  interface_reference(&enc_packet->interface, packet->interface, MDL);
6426  enc_packet->dhcpv6_container_packet = packet;
6427 
6428  msg_type = enc_opt_data.data[0];
6429  if ((msg_type == DHCPV6_RELAY_FORW) ||
6430  (msg_type == DHCPV6_RELAY_REPL)) {
6431  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6432  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6433  enc_packet->dhcpv6_msg_type = relay->msg_type;
6434 
6435  /* relay-specific data */
6436  enc_packet->dhcpv6_hop_count = relay->hop_count;
6437  memcpy(&enc_packet->dhcpv6_link_address,
6438  relay->link_address, sizeof(relay->link_address));
6439  memcpy(&enc_packet->dhcpv6_peer_address,
6440  relay->peer_address, sizeof(relay->peer_address));
6441 
6442  if (!parse_option_buffer(enc_packet->options,
6443  relay->options,
6444  enc_opt_data.len - relaylen,
6445  &dhcpv6_universe)) {
6446  /* no logging here, as parse_option_buffer() logs all
6447  cases where it fails */
6448  goto exit;
6449  }
6450  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6452 #ifdef DHCP4o6
6453  if (!dhcpv4_over_dhcpv6 ||
6455  log_error("dhcpv6_relay_forw: "
6456  "unsupported %s message type.",
6458  goto exit;
6459  }
6460  forw_dhcpv4_query(packet);
6461  goto exit;
6462 #else /* DHCP4o6 */
6463  log_error("dhcpv6_relay_forw: unsupported %s message type.",
6465  goto exit;
6466 #endif /* DHCP4o6 */
6467  } else {
6468  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6469  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6470  enc_packet->dhcpv6_msg_type = msg->msg_type;
6471 
6472  /* message-specific data */
6473  memcpy(enc_packet->dhcpv6_transaction_id,
6474  msg->transaction_id,
6475  sizeof(enc_packet->dhcpv6_transaction_id));
6476 
6477  if (!parse_option_buffer(enc_packet->options,
6478  msg->options,
6479  enc_opt_data.len - msglen,
6480  &dhcpv6_universe)) {
6481  /* no logging here, as parse_option_buffer() logs all
6482  cases where it fails */
6483  goto exit;
6484  }
6485  }
6486 
6487  /*
6488  * This is recursive. It is possible to exceed maximum packet size.
6489  * XXX: This will cause the packet send to fail.
6490  */
6491  build_dhcpv6_reply(&enc_reply, enc_packet);
6492 
6493  /*
6494  * If we got no encapsulated data, then it is discarded, and
6495  * our reply-forw is also discarded.
6496  */
6497  if (enc_reply.data == NULL) {
6498  goto exit;
6499  }
6500 
6501  /*
6502  * Now we can use the reply_data buffer.
6503  * Packet header stuff all comes from the forward message.
6504  */
6505  reply = (struct dhcpv6_relay_packet *)reply_data;
6506  reply->msg_type = DHCPV6_RELAY_REPL;
6507  reply->hop_count = packet->dhcpv6_hop_count;
6508  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6509  sizeof(reply->link_address));
6510  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6511  sizeof(reply->peer_address));
6512  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6513 
6514  /*
6515  * Get the reply option state.
6516  */
6517  opt_state = NULL;
6518  if (!option_state_allocate(&opt_state, MDL)) {
6519  log_error("dhcpv6_relay_forw: no memory for option state.");
6520  goto exit;
6521  }
6522 
6523  /*
6524  * Append the interface-id if present.
6525  */
6528  if (oc != NULL) {
6529  if (!evaluate_option_cache(&a_opt, packet,
6530  NULL, NULL,
6531  packet->options, NULL,
6532  &global_scope, oc, MDL)) {
6533  log_error("dhcpv6_relay_forw: error evaluating "
6534  "Interface ID.");
6535  goto exit;
6536  }
6537  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6538  (unsigned char *)a_opt.data,
6539  a_opt.len,
6540  D6O_INTERFACE_ID, 0)) {
6541  log_error("dhcpv6_relay_forw: error saving "
6542  "Interface ID.");
6543  goto exit;
6544  }
6545  data_string_forget(&a_opt, MDL);
6546  }
6547 
6548  /*
6549  * Append our encapsulated stuff for caller.
6550  */
6551  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6552  (unsigned char *)enc_reply.data,
6553  enc_reply.len,
6554  D6O_RELAY_MSG, 0)) {
6555  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6556  goto exit;
6557  }
6558 
6559  /*
6560  * Get the ERO if any.
6561  */
6563  if (oc != NULL) {
6564  unsigned req;
6565  int i;
6566 
6567  if (!evaluate_option_cache(&packet_ero, packet,
6568  NULL, NULL,
6569  packet->options, NULL,
6570  &global_scope, oc, MDL) ||
6571  (packet_ero.len & 1)) {
6572  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6573  goto exit;
6574  }
6575 
6576  /* Decode and apply the ERO. */
6577  for (i = 0; i < packet_ero.len; i += 2) {
6578  req = getUShort(packet_ero.data + i);
6579  /* Already in the reply? */
6580  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6581  if (oc != NULL)
6582  continue;
6583  /* Get it from the packet if present. */
6585  packet->options,
6586  req);
6587  if (oc == NULL)
6588  continue;
6589  if (!evaluate_option_cache(&a_opt, packet,
6590  NULL, NULL,
6591  packet->options, NULL,
6592  &global_scope, oc, MDL)) {
6593  log_error("dhcpv6_relay_forw: error "
6594  "evaluating option %u.", req);
6595  goto exit;
6596  }
6598  opt_state,
6599  NULL,
6600  (unsigned char *)a_opt.data,
6601  a_opt.len,
6602  req,
6603  0)) {
6604  log_error("dhcpv6_relay_forw: error saving "
6605  "option %u.", req);
6606  goto exit;
6607  }
6608  data_string_forget(&a_opt, MDL);
6609  }
6610  }
6611 
6612  reply_ofs += store_options6(reply_data + reply_ofs,
6613  sizeof(reply_data) - reply_ofs,
6614  opt_state, packet,
6615  required_opts_agent, &packet_ero);
6616 
6617  /*
6618  * Return our reply to the caller.
6619  */
6620  reply_ret->len = reply_ofs;
6621  reply_ret->buffer = NULL;
6622  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6623  log_fatal("No memory to store reply.");
6624  }
6625  reply_ret->data = reply_ret->buffer->data;
6626  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6627 
6628 exit:
6629  if (opt_state != NULL)
6630  option_state_dereference(&opt_state, MDL);
6631  if (a_opt.data != NULL) {
6632  data_string_forget(&a_opt, MDL);
6633  }
6634  if (packet_ero.data != NULL) {
6635  data_string_forget(&packet_ero, MDL);
6636  }
6637  if (enc_reply.data != NULL) {
6638  data_string_forget(&enc_reply, MDL);
6639  }
6640  if (enc_opt_data.data != NULL) {
6641  data_string_forget(&enc_opt_data, MDL);
6642  }
6643  if (enc_packet != NULL) {
6644  packet_dereference(&enc_packet, MDL);
6645  }
6646 }
6647 
6648 #ifdef DHCP4o6
6649 /* \brief Internal processing of a relayed DHCPv4-query
6650  * (DHCPv4 server side)
6651  *
6652  * Code copied from \ref dhcpv6_relay_forw() which itself is
6653  * from \ref do_packet6().
6654  *
6655  * \param reply_ret pointer to the response
6656  * \param packet the query
6657  */
6658 static void
6659 dhcp4o6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6660  struct option_cache *oc;
6661  struct data_string enc_opt_data;
6662  struct packet *enc_packet;
6663  unsigned char msg_type;
6664  const struct dhcpv6_relay_packet *relay;
6665  const struct dhcpv4_over_dhcpv6_packet *msg;
6666  struct data_string enc_reply;
6667  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6668  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6669  struct data_string a_opt, packet_ero;
6670  struct option_state *opt_state;
6671  static char reply_data[65536];
6672  struct dhcpv6_relay_packet *reply;
6673  int reply_ofs;
6674 
6675  /*
6676  * Initialize variables for early exit.
6677  */
6678  opt_state = NULL;
6679  memset(&a_opt, 0, sizeof(a_opt));
6680  memset(&packet_ero, 0, sizeof(packet_ero));
6681  memset(&enc_reply, 0, sizeof(enc_reply));
6682  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6683  enc_packet = NULL;
6684 
6685  /*
6686  * Get our encapsulated relay message.
6687  */
6689  if (oc == NULL) {
6690  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6691  link_addr, sizeof(link_addr));
6692  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6693  peer_addr, sizeof(peer_addr));
6694  log_info("Relay-forward from %s with link address=%s and "
6695  "peer address=%s missing Relay Message option.",
6696  piaddr(packet->client_addr), link_addr, peer_addr);
6697  goto exit;
6698  }
6699 
6700  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6701  NULL, NULL, &global_scope, oc, MDL)) {
6702  log_error("dhcp4o6_relay_forw: error evaluating "
6703  "relayed message.");
6704  goto exit;
6705  }
6706 
6707  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6708  log_error("dhcp4o6_relay_forw: "
6709  "encapsulated packet too short.");
6710  goto exit;
6711  }
6712 
6713  /*
6714  * Build a packet structure from this encapsulated packet.
6715  */
6716  if (!packet_allocate(&enc_packet, MDL)) {
6717  log_error("dhcp4o6_relay_forw: "
6718  "no memory for encapsulated packet.");
6719  goto exit;
6720  }
6721 
6722  if (!option_state_allocate(&enc_packet->options, MDL)) {
6723  log_error("dhcp4o6_relay_forw: "
6724  "no memory for encapsulated packet's options.");
6725  goto exit;
6726  }
6727 
6728  enc_packet->client_port = packet->client_port;
6729  enc_packet->client_addr = packet->client_addr;
6730  interface_reference(&enc_packet->interface, packet->interface, MDL);
6731  enc_packet->dhcpv6_container_packet = packet;
6732 
6733  msg_type = enc_opt_data.data[0];
6734  if ((msg_type == DHCPV6_RELAY_FORW) ||
6735  (msg_type == DHCPV6_RELAY_REPL)) {
6736  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6737  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6738  enc_packet->dhcpv6_msg_type = relay->msg_type;
6739 
6740  /* relay-specific data */
6741  enc_packet->dhcpv6_hop_count = relay->hop_count;
6742  memcpy(&enc_packet->dhcpv6_link_address,
6743  relay->link_address, sizeof(relay->link_address));
6744  memcpy(&enc_packet->dhcpv6_peer_address,
6745  relay->peer_address, sizeof(relay->peer_address));
6746 
6747  if (!parse_option_buffer(enc_packet->options,
6748  relay->options,
6749  enc_opt_data.len - relaylen,
6750  &dhcpv6_universe)) {
6751  /* no logging here, as parse_option_buffer() logs all
6752  cases where it fails */
6753  goto exit;
6754  }
6755  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
6757  int msglen =
6758  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
6759  msg = (struct dhcpv4_over_dhcpv6_packet *)enc_opt_data.data;
6760  enc_packet->dhcpv6_msg_type = msg->msg_type;
6761 
6762  /* message-specific data */
6763  memcpy(enc_packet->dhcp4o6_flags,
6764  msg->flags,
6765  sizeof(enc_packet->dhcp4o6_flags));
6766 
6767  if (!parse_option_buffer(enc_packet->options,
6768  msg->options,
6769  enc_opt_data.len - msglen,
6770  &dhcpv6_universe)) {
6771  /* no logging here, as parse_option_buffer() logs all
6772  cases where it fails */
6773  goto exit;
6774  }
6775  } else {
6776  log_error("dhcp4o6_relay_forw: unexpected message of type %d.",
6777  (int)msg_type);
6778  goto exit;
6779  }
6780 
6781  /*
6782  * This is recursive. It is possible to exceed maximum packet size.
6783  * XXX: This will cause the packet send to fail.
6784  */
6785  build_dhcpv6_reply(&enc_reply, enc_packet);
6786 
6787  /*
6788  * If we got no encapsulated data, then it is discarded, and
6789  * our reply-forw is also discarded.
6790  */
6791  if (enc_reply.data == NULL) {
6792  goto exit;
6793  }
6794 
6795  /*
6796  * Now we can use the reply_data buffer.
6797  * Packet header stuff all comes from the forward message.
6798  */
6799  reply = (struct dhcpv6_relay_packet *)reply_data;
6800  reply->msg_type = DHCPV6_RELAY_REPL;
6801  reply->hop_count = packet->dhcpv6_hop_count;
6802  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6803  sizeof(reply->link_address));
6804  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6805  sizeof(reply->peer_address));
6806  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6807 
6808  /*
6809  * Get the reply option state.
6810  */
6811  if (!option_state_allocate(&opt_state, MDL)) {
6812  log_error("dhcp4o6_relay_forw: no memory for option state.");
6813  goto exit;
6814  }
6815 
6816  /*
6817  * Append the interface-id if present.
6818  */
6821  if (oc != NULL) {
6822  if (!evaluate_option_cache(&a_opt, packet,
6823  NULL, NULL,
6824  packet->options, NULL,
6825  &global_scope, oc, MDL)) {
6826  log_error("dhcp4o6_relay_forw: error evaluating "
6827  "Interface ID.");
6828  goto exit;
6829  }
6830  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6831  (unsigned char *)a_opt.data,
6832  a_opt.len,
6833  D6O_INTERFACE_ID, 0)) {
6834  log_error("dhcp4o6_relay_forw: error saving "
6835  "Interface ID.");
6836  goto exit;
6837  }
6838  data_string_forget(&a_opt, MDL);
6839  }
6840 
6841  /*
6842  * Append our encapsulated stuff for caller.
6843  */
6844  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6845  (unsigned char *)enc_reply.data,
6846  enc_reply.len,
6847  D6O_RELAY_MSG, 0)) {
6848  log_error("dhcp4o6_relay_forw: error saving Relay MSG.");
6849  goto exit;
6850  }
6851 
6852  /*
6853  * Get the ERO if any.
6854  */
6856  if (oc != NULL) {
6857  unsigned req;
6858  int i;
6859 
6860  if (!evaluate_option_cache(&packet_ero, packet,
6861  NULL, NULL,
6862  packet->options, NULL,
6863  &global_scope, oc, MDL) ||
6864  (packet_ero.len & 1)) {
6865  log_error("dhcp4o6_relay_forw: error evaluating ERO.");
6866  goto exit;
6867  }
6868 
6869  /* Decode and apply the ERO. */
6870  for (i = 0; i < packet_ero.len; i += 2) {
6871  req = getUShort(packet_ero.data + i);
6872  /* Already in the reply? */
6873  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6874  if (oc != NULL)
6875  continue;
6876  /* Get it from the packet if present. */
6878  packet->options,
6879  req);
6880  if (oc == NULL)
6881  continue;
6882  if (!evaluate_option_cache(&a_opt, packet,
6883  NULL, NULL,
6884  packet->options, NULL,
6885  &global_scope, oc, MDL)) {
6886  log_error("dhcp4o6_relay_forw: error "
6887  "evaluating option %u.", req);
6888  goto exit;
6889  }
6891  opt_state,
6892  NULL,
6893  (unsigned char *)a_opt.data,
6894  a_opt.len,
6895  req,
6896  0)) {
6897  log_error("dhcp4o6_relay_forw: error saving "
6898  "option %u.", req);
6899  goto exit;
6900  }
6901  data_string_forget(&a_opt, MDL);
6902  }
6903  }
6904 
6905  reply_ofs += store_options6(reply_data + reply_ofs,
6906  sizeof(reply_data) - reply_ofs,
6907  opt_state, packet,
6908  required_opts_agent, &packet_ero);
6909 
6910  /*
6911  * Return our reply to the caller.
6912  */
6913  reply_ret->len = reply_ofs;
6914  reply_ret->buffer = NULL;
6915  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6916  log_fatal("No memory to store reply.");
6917  }
6918  reply_ret->data = reply_ret->buffer->data;
6919  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6920 
6921 exit:
6922  if (opt_state != NULL)
6923  option_state_dereference(&opt_state, MDL);
6924  if (a_opt.data != NULL) {
6925  data_string_forget(&a_opt, MDL);
6926  }
6927  if (packet_ero.data != NULL) {
6928  data_string_forget(&packet_ero, MDL);
6929  }
6930  if (enc_reply.data != NULL) {
6931  data_string_forget(&enc_reply, MDL);
6932  }
6933  if (enc_opt_data.data != NULL) {
6934  data_string_forget(&enc_opt_data, MDL);
6935  }
6936  if (enc_packet != NULL) {
6937  packet_dereference(&enc_packet, MDL);
6938  }
6939 }
6940 
6941 /*
6942  * \brief Internal processing of a DHCPv4-query
6943  * (DHCPv4 server function)
6944  *
6945  * Code copied from \ref do_packet().
6946  *
6947  * \param reply_ret pointer to the response
6948  * \param packet the query
6949  */
6950 static void
6951 dhcp4o6_dhcpv4_query(struct data_string *reply_ret, struct packet *packet) {
6952  struct option_cache *oc;
6953  struct data_string enc_opt_data;
6954  struct packet *enc_packet;
6955  struct data_string enc_response;
6956  struct option_state *opt_state;
6957  static char response_data[65536];
6958  struct dhcpv4_over_dhcpv6_packet *response;
6959  int response_ofs;
6960 
6961  /*
6962  * Initialize variables for early exit.
6963  */
6964  opt_state = NULL;
6965  memset(&enc_response, 0, sizeof(enc_response));
6966  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6967  enc_packet = NULL;
6968 
6969  /*
6970  * Get our encapsulated relay message.
6971  */
6973  if (oc == NULL) {
6974  log_info("DHCPv4-query from %s missing DHCPv4 Message option.",
6976  goto exit;
6977  }
6978 
6979  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6980  NULL, NULL, &global_scope, oc, MDL)) {
6981  log_error("dhcp4o6_dhcpv4_query: error evaluating "
6982  "DHCPv4 message.");
6983  goto exit;
6984  }
6985 
6986  if (enc_opt_data.len < DHCP_FIXED_NON_UDP) {
6987  log_error("dhcp4o6_dhcpv4_query: DHCPv4 packet too short.");
6988  goto exit;
6989  }
6990 
6991  /*
6992  * Build a packet structure from this encapsulated packet.
6993  */
6994  if (!packet_allocate(&enc_packet, MDL)) {
6995  log_error("dhcp4o6_dhcpv4_query: "
6996  "no memory for encapsulated packet.");
6997  goto exit;
6998  }
6999 
7000  enc_packet->raw = (struct dhcp_packet *)enc_opt_data.data;
7001  enc_packet->packet_length = enc_opt_data.len;
7002  enc_packet->dhcp4o6_response = &enc_response;
7003  enc_packet->client_port = packet->client_port;
7004  enc_packet->client_addr = packet->client_addr;
7005  interface_reference(&enc_packet->interface, packet->interface, MDL);
7006  enc_packet->dhcpv6_container_packet = packet;
7008  enc_packet->unicast = 1;
7009 
7010  if (enc_packet->raw->hlen > sizeof(enc_packet->raw->chaddr)) {
7011  log_info("dhcp4o6_dhcpv4_query: "
7012  "discarding packet with bogus hlen.");
7013  goto exit;
7014  }
7015 
7016  /* Allocate packet->options now so it is non-null for all packets */
7017  if (!option_state_allocate (&enc_packet->options, MDL)) {
7018  log_error("dhcp4o6_dhcpv4_query: no memory for options.");
7019  goto exit;
7020  }
7021 
7022  /* If there's an option buffer, try to parse it. */
7023  if (enc_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) {
7024  struct option_cache *op;
7025  if (!parse_options(enc_packet)) {
7026  if (enc_packet->options)
7028  (&enc_packet->options, MDL);
7029  packet_dereference (&enc_packet, MDL);
7030  goto exit;
7031  }
7032 
7033  if (enc_packet->options_valid &&
7035  enc_packet->options,
7037  struct data_string dp;
7038  memset(&dp, 0, sizeof dp);
7039  evaluate_option_cache(&dp, enc_packet, NULL, NULL,
7040  enc_packet->options, NULL,
7041  NULL, op, MDL);
7042  if (dp.len > 0)
7043  enc_packet->packet_type = dp.data[0];
7044  else
7045  enc_packet->packet_type = 0;
7046  data_string_forget(&dp, MDL);
7047  }
7048  }
7049 
7050  if (validate_packet(enc_packet) != 0) {
7051  if (enc_packet->packet_type)
7052  dhcp(enc_packet);
7053  else
7054  bootp(enc_packet);
7055  }
7056 
7057  /* If the caller kept the packet, they'll have upped the refcnt. */
7058  packet_dereference(&enc_packet, MDL);
7059 
7060  /*
7061  * If we got no response data, then it is discarded, and
7062  * our DHCPv4-response is also discarded.
7063  */
7064  if (enc_response.data == NULL) {
7065  goto exit;
7066  }
7067 
7068  /*
7069  * Now we can use the response_data buffer.
7070  */
7071  response = (struct dhcpv4_over_dhcpv6_packet *)response_data;
7072  response->msg_type = DHCPV6_DHCPV4_RESPONSE;
7073  response->flags[0] = response->flags[1] = response->flags[2] = 0;
7074  response_ofs =
7075  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7076 
7077  /*
7078  * Get the response option state.
7079  */
7080  if (!option_state_allocate(&opt_state, MDL)) {
7081  log_error("dhcp4o6_dhcpv4_query: no memory for option state.");
7082  goto exit;
7083  }
7084 
7085  /*
7086  * Append our encapsulated stuff for caller.
7087  */
7088  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
7089  (unsigned char *)enc_response.data,
7090  enc_response.len,
7091  D6O_DHCPV4_MSG, 0)) {
7092  log_error("dhcp4o6_dhcpv4_query: error saving DHCPv4 MSG.");
7093  goto exit;
7094  }
7095 
7096  response_ofs += store_options6(response_data + response_ofs,
7097  sizeof(response_data) - response_ofs,
7098  opt_state, packet,
7099  required_opts_4o6, NULL);
7100 
7101  /*
7102  * Return our response to the caller.
7103  */
7104  reply_ret->len = response_ofs;
7105  reply_ret->buffer = NULL;
7106  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
7107  log_fatal("dhcp4o6_dhcpv4_query: no memory to store reply.");
7108  }
7109  reply_ret->data = reply_ret->buffer->data;
7110  memcpy(reply_ret->buffer->data, response_data, response_ofs);
7111 
7112 exit:
7113  if (opt_state != NULL)
7114  option_state_dereference(&opt_state, MDL);
7115  if (enc_response.data != NULL) {
7116  data_string_forget(&enc_response, MDL);
7117  }
7118  if (enc_opt_data.data != NULL) {
7119  data_string_forget(&enc_opt_data, MDL);
7120  }
7121  if (enc_packet != NULL) {
7122  packet_dereference(&enc_packet, MDL);
7123  }
7124 }
7125 
7126 /*
7127  * \brief Forward a DHCPv4-query message to the DHCPv4 side
7128  * (DHCPv6 server function)
7129  *
7130  * Format: interface:16 + address:16 + DHCPv6 DHCPv4-query message
7131  *
7132  * \brief packet the DHCPv6 DHCPv4-query message
7133  */
7134 static void forw_dhcpv4_query(struct packet *packet) {
7135  struct data_string ds;
7136  unsigned len;
7137  int cc;
7138 
7139  /* Get the initial message. */
7140  while (packet->dhcpv6_container_packet != NULL)
7142 
7143  /* Check the initial message. */
7144  if ((packet->raw == NULL) ||
7145  (packet->client_addr.len != 16) ||
7146  (packet->interface == NULL)) {
7147  log_error("forw_dhcpv4_query: can't find initial message.");
7148  return;
7149  }
7150 
7151  /* Get a buffer. */
7152  len = packet->packet_length + 32;
7153  memset(&ds, 0, sizeof(ds));
7154  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7155  log_error("forw_dhcpv4_query: "
7156  "no memory for encapsulating packet.");
7157  return;
7158  }
7159  ds.data = ds.buffer->data;
7160  ds.len = len;
7161 
7162  /* Fill the buffer. */
7163  strncpy((char *)ds.buffer->data, packet->interface->name, 16);
7164  memcpy(ds.buffer->data + 16,
7165  packet->client_addr.iabuf, 16);
7166  memcpy(ds.buffer->data + 32,
7167  (unsigned char *)packet->raw,
7169 
7170  /* Forward to the DHCPv4 server. */
7171  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7172  if (cc < 0)
7173  log_error("forw_dhcpv4_query: send(): %m");
7174  data_string_forget(&ds, MDL);
7175 }
7176 #endif
7177 
7178 static void
7179 dhcpv6_discard(struct packet *packet) {
7180  /* INSIST(packet->msg_type > 0); */
7181  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
7182 
7183  log_debug("Discarding %s from %s; message type not handled by server",
7186 }
7187 
7188 static void
7189 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
7190  memset(reply, 0, sizeof(*reply));
7191 
7192  /* I would like to classify the client once here, but
7193  * as I don't want to classify all of the incoming packets
7194  * I need to do it before handling specific types.
7195  * We don't need to classify if we are tossing the packet
7196  * or if it is a relay - the classification step will get
7197  * done when we process the inner client packet.
7198  */
7199 
7200  switch (packet->dhcpv6_msg_type) {
7201  case DHCPV6_SOLICIT:
7203  dhcpv6_solicit(reply, packet);
7204  break;
7205  case DHCPV6_ADVERTISE:
7206  dhcpv6_discard(packet);
7207  break;
7208  case DHCPV6_REQUEST:
7210  dhcpv6_request(reply, packet);
7211  break;
7212  case DHCPV6_CONFIRM:
7214  dhcpv6_confirm(reply, packet);
7215  break;
7216  case DHCPV6_RENEW:
7218  dhcpv6_renew(reply, packet);
7219  break;
7220  case DHCPV6_REBIND:
7222  dhcpv6_rebind(reply, packet);
7223  break;
7224  case DHCPV6_REPLY:
7225  dhcpv6_discard(packet);
7226  break;
7227  case DHCPV6_RELEASE:
7229  dhcpv6_release(reply, packet);
7230  break;
7231  case DHCPV6_DECLINE:
7233  dhcpv6_decline(reply, packet);
7234  break;
7235  case DHCPV6_RECONFIGURE:
7236  dhcpv6_discard(packet);
7237  break;
7240  dhcpv6_information_request(reply, packet);
7241  break;
7242  case DHCPV6_RELAY_FORW:
7243 #ifdef DHCP4o6
7244  if (dhcpv4_over_dhcpv6 && (local_family == AF_INET))
7245  dhcp4o6_relay_forw(reply, packet);
7246  else
7247 #endif /* DHCP4o6 */
7248  dhcpv6_relay_forw(reply, packet);
7249  break;
7250  case DHCPV6_RELAY_REPL:
7251  dhcpv6_discard(packet);
7252  break;
7253  case DHCPV6_LEASEQUERY:
7255  dhcpv6_leasequery(reply, packet);
7256  break;
7258  dhcpv6_discard(packet);
7259  break;
7260  case DHCPV6_DHCPV4_QUERY:
7261 #ifdef DHCP4o6
7262  if (dhcpv4_over_dhcpv6) {
7263  if (local_family == AF_INET6) {
7264  forw_dhcpv4_query(packet);
7265  } else {
7266  dhcp4o6_dhcpv4_query(reply, packet);
7267  }
7268  } else
7269 #endif /* DHCP4o6 */
7270  dhcpv6_discard(packet);
7271  break;
7273  dhcpv6_discard(packet);
7274  break;
7275  default:
7276  /* XXX: would be nice if we had "notice" level,
7277  as syslog, for this */
7278  log_info("Discarding unknown DHCPv6 message type %d "
7279  "from %s", packet->dhcpv6_msg_type,
7281  }
7282 }
7283 
7284 static void
7285 log_packet_in(const struct packet *packet) {
7286  struct data_string s;
7287  u_int32_t tid;
7288  char tmp_addr[INET6_ADDRSTRLEN];
7289  const void *addr;
7290 
7291  memset(&s, 0, sizeof(s));
7292 
7294  data_string_sprintfa(&s, "%s message from %s port %d",
7297  ntohs(packet->client_port));
7298  } else {
7300  "Unknown message type %d from %s port %d",
7303  ntohs(packet->client_port));
7304  }
7307  addr = &packet->dhcpv6_link_address;
7308  data_string_sprintfa(&s, ", link address %s",
7309  inet_ntop(AF_INET6, addr,
7310  tmp_addr, sizeof(tmp_addr)));
7311  addr = &packet->dhcpv6_peer_address;
7312  data_string_sprintfa(&s, ", peer address %s",
7313  inet_ntop(AF_INET6, addr,
7314  tmp_addr, sizeof(tmp_addr)));
7315  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7317  tid = 0;
7318  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7319  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
7320 
7321 /*
7322  oc = lookup_option(&dhcpv6_universe, packet->options,
7323  D6O_CLIENTID);
7324  if (oc != NULL) {
7325  memset(&tmp_ds, 0, sizeof(tmp_ds_));
7326  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
7327  packet->options, NULL,
7328  &global_scope, oc, MDL)) {
7329  log_error("Error evaluating Client Identifier");
7330  } else {
7331  data_strint_sprintf(&s, ", client ID %s",
7332 
7333  data_string_forget(&tmp_ds, MDL);
7334  }
7335  }
7336 */
7337 
7338  }
7339  log_info("%s", s.data);
7340 
7341  data_string_forget(&s, MDL);
7342 }
7343 
7344 void
7345 dhcpv6(struct packet *packet) {
7346  struct data_string reply;
7347  struct sockaddr_in6 to_addr;
7348  int send_ret;
7349 
7350  /*
7351  * Log a message that we received this packet.
7352  */
7353  log_packet_in(packet);
7354 
7355  /*
7356  * Build our reply packet.
7357  */
7358  build_dhcpv6_reply(&reply, packet);
7359 
7360  if (reply.data != NULL) {
7361  /*
7362  * Send our reply, if we have one.
7363  */
7364  memset(&to_addr, 0, sizeof(to_addr));
7365  to_addr.sin6_family = AF_INET6;
7368  to_addr.sin6_port = local_port;
7369  } else {
7370  to_addr.sin6_port = remote_port;
7371  }
7372 
7373 #if defined (REPLY_TO_SOURCE_PORT)
7374  /*
7375  * This appears to have been included for testing so we would
7376  * not need a root client, but was accidently left in the
7377  * final code. We continue to include it in case
7378  * some users have come to rely upon it, but leave
7379  * it off by default as it's a bad idea.
7380  */
7381  to_addr.sin6_port = packet->client_port;
7382 #endif
7383 
7384  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
7385  sizeof(to_addr.sin6_addr));
7386 
7387  log_info("Sending %s to %s port %d",
7388  dhcpv6_type_names[reply.data[0]],
7390  ntohs(to_addr.sin6_port));
7391 
7392  send_ret = send_packet6(packet->interface,
7393  reply.data, reply.len, &to_addr);
7394  if (send_ret != reply.len) {
7395  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
7396  send_ret, reply.len);
7397  }
7398  data_string_forget(&reply, MDL);
7399  }
7400 }
7401 
7402 #ifdef DHCP4o6
7403 /*
7404  * \brief Receive a DHCPv4-query message from the DHCPv6 side
7405  * (DHCPv4 server function)
7406  *
7407  * Receive a message with a DHCPv4-query inside from the DHCPv6 server.
7408  * (code copied from \ref do_packet6() \ref and dhcpv6())
7409  *
7410  * Format: interface:16 + address:16 + DHCPv6 DHCPv4-query message
7411  *
7412  * \param raw the DHCPv6 DHCPv4-query message raw content
7413  */
7414 static void recv_dhcpv4_query(struct data_string *raw) {
7415  struct interface_info *ip;
7416  char name[16 + 1];
7417  struct iaddr iaddr;
7418  struct packet *packet;
7419  unsigned char msg_type;
7420  const struct dhcpv6_relay_packet *relay;
7421  const struct dhcpv4_over_dhcpv6_packet *msg;
7422  struct data_string reply;
7423  struct data_string ds;
7424  unsigned len;
7425  int cc;
7426 
7427  memset(name, 0, sizeof(name));
7428  memcpy(name, raw->data, 16);
7429  for (ip = interfaces; ip != NULL; ip = ip->next) {
7430  if (!strcmp(name, ip->name))
7431  break;
7432  }
7433  if (ip == NULL) {
7434  log_error("recv_dhcpv4_query: can't find interface %s.",
7435  name);
7436  return;
7437  }
7438 
7439  iaddr.len = 16;
7440  memcpy(iaddr.iabuf, raw->data + 16, 16);
7441 
7442  /*
7443  * From do_packet6().
7444  */
7445 
7446  if (!packet6_len_okay((char *)raw->data + 32, raw->len - 32)) {
7447  log_error("recv_dhcpv4_query: "
7448  "short packet from %s, len %d, dropped",
7449  piaddr(iaddr), raw->len - 32);
7450  return;
7451  }
7452 
7453  /*
7454  * Build a packet structure.
7455  */
7456  packet = NULL;
7457  if (!packet_allocate(&packet, MDL)) {
7458  log_error("recv_dhcpv4_query: no memory for packet.");
7459  return;
7460  }
7461 
7463  log_error("recv_dhcpv4_query: no memory for options.");
7465  return;
7466  }
7467 
7468  packet->raw = (struct dhcp_packet *)(raw->data + 32);
7469  packet->packet_length = raw->len - 32;
7472  interface_reference(&packet->interface, ip, MDL);
7473 
7474  msg_type = raw->data[32];
7475  if ((msg_type == DHCPV6_RELAY_FORW) ||
7476  (msg_type == DHCPV6_RELAY_REPL)) {
7477  int relaylen =
7478  (int)(offsetof(struct dhcpv6_relay_packet, options));
7479  relay = (const struct dhcpv6_relay_packet *)(raw->data + 32);
7480  packet->dhcpv6_msg_type = relay->msg_type;
7481 
7482  /* relay-specific data */
7483  packet->dhcpv6_hop_count = relay->hop_count;
7484  memcpy(&packet->dhcpv6_link_address,
7485  relay->link_address, sizeof(relay->link_address));
7486  memcpy(&packet->dhcpv6_peer_address,
7487  relay->peer_address, sizeof(relay->peer_address));
7488 
7490  relay->options,
7491  raw->len - 32 - relaylen,
7492  &dhcpv6_universe)) {
7493  /* no logging here, as parse_option_buffer() logs all
7494  cases where it fails */
7496  return;
7497  }
7498  } else if ((msg_type == DHCPV6_DHCPV4_QUERY) ||
7500  int msglen =
7501  (int)(offsetof(struct dhcpv4_over_dhcpv6_packet, options));
7502  msg = (struct dhcpv4_over_dhcpv6_packet *)(raw->data + 32);
7504 
7505  /* message-specific data */
7506  memcpy(packet->dhcp4o6_flags, msg->flags,
7507  sizeof(packet->dhcp4o6_flags));
7508 
7510  msg->options,
7511  raw->len - 32 - msglen,
7512  &dhcpv6_universe)) {
7513  /* no logging here, as parse_option_buffer() logs all
7514  cases where it fails */
7516  return;
7517  }
7518  } else {
7519  log_error("recv_dhcpv4_query: unexpected message of type %d.",
7520  (int)msg_type);
7522  return;
7523  }
7524 
7525  /*
7526  * From dhcpv6().
7527  */
7528 
7529  /*
7530  * Log a message that we received this packet.
7531  */
7532  /* log_packet_in(packet); */
7533  memset(&ds, 0, sizeof(ds));
7535  data_string_sprintfa(&ds, "%s message from %s",
7538  } else {
7540  "Unknown message type %d from %s",
7543  }
7546  char tmp_addr[INET6_ADDRSTRLEN];
7547  const void *addr;
7548 
7549  addr = &packet->dhcpv6_link_address;
7550  data_string_sprintfa(&ds, ", link address %s",
7551  inet_ntop(AF_INET6, addr,
7552  tmp_addr, sizeof(tmp_addr)));
7553  addr = &packet->dhcpv6_peer_address;
7554  data_string_sprintfa(&ds, ", peer address %s",
7555  inet_ntop(AF_INET6, addr,
7556  tmp_addr, sizeof(tmp_addr)));
7557  } else if ((packet->dhcpv6_msg_type != DHCPV6_DHCPV4_QUERY) &&
7559  u_int32_t tid = 0;
7560 
7561  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
7562  data_string_sprintfa(&ds, ", transaction ID 0x%06X", tid);
7563  }
7564  log_info("%s", ds.data);
7565  data_string_forget(&ds, MDL);
7566 
7567  /*
7568  * Build our reply packet.
7569  */
7570  build_dhcpv6_reply(&reply, packet);
7571 
7573 
7574  if (reply.data == NULL)
7575  return;
7576 
7577  /*
7578  * Forward the response.
7579  */
7580  len = reply.len + 32;
7581  memset(&ds, 0, sizeof(ds));
7582  if (!buffer_allocate(&ds.buffer, len, MDL)) {
7583  log_error("recv_dhcpv4_query: no memory.");
7584  return;
7585  }
7586  ds.data = ds.buffer->data;
7587  ds.len = len;
7588 
7589  memcpy(ds.buffer->data, name, 16);
7590  memcpy(ds.buffer->data + 16, iaddr.iabuf, 16);
7591  memcpy(ds.buffer->data + 32, reply.data, reply.len);
7592  cc = send(dhcp4o6_fd, ds.data, ds.len, 0);
7593  if (cc < 0)
7594  log_error("recv_dhcpv4_query: send(): %m");
7595  data_string_forget(&ds, MDL);
7596 }
7597 #endif /* DHCP4o6 */
7598 
7599 static void
7600 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
7601  struct host_decl *nofixed = NULL;
7602  struct host_decl *seek, *hold = NULL;
7603 
7604  /*
7605  * Seek forward through fixed addresses for the right link.
7606  *
7607  * Note: how to do this for fixed prefixes???
7608  */
7609  host_reference(&hold, *hp, MDL);
7610  host_dereference(hp, MDL);
7611  seek = hold;
7612  while (seek != NULL) {
7613  if (seek->fixed_addr == NULL)
7614  nofixed = seek;
7615  else if (fixed_matches_shared(seek, shared))
7616  break;
7617 
7618  seek = seek->n_ipaddr;
7619  }
7620 
7621  if ((seek == NULL) && (nofixed != NULL))
7622  seek = nofixed;
7623 
7624  if (seek != NULL)
7625  host_reference(hp, seek, MDL);
7626 }
7627 
7628 static isc_boolean_t
7629 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
7630  struct subnet *subnet;
7631  struct data_string addr;
7632  isc_boolean_t matched;
7633  struct iaddr fixed;
7634 
7635  if (host->fixed_addr == NULL)
7636  return ISC_FALSE;
7637 
7638  memset(&addr, 0, sizeof(addr));
7639  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
7640  &global_scope, host->fixed_addr, MDL))
7641  return ISC_FALSE;
7642 
7643  if (addr.len < 16) {
7644  data_string_forget(&addr, MDL);
7645  return ISC_FALSE;
7646  }
7647 
7648  fixed.len = 16;
7649  memcpy(fixed.iabuf, addr.data, 16);
7650 
7651  matched = ISC_FALSE;
7652  for (subnet = shared->subnets ; subnet != NULL ;
7653  subnet = subnet->next_sibling) {
7654  if (addr_eq(subnet_number(fixed, subnet->netmask),
7655  subnet->net)) {
7656  matched = ISC_TRUE;
7657  break;
7658  }
7659  }
7660 
7661  data_string_forget(&addr, MDL);
7662  return matched;
7663 }
7664 
7681 void
7682 unicast_reject(struct data_string *reply_ret,
7683  struct packet *packet,
7684  const struct data_string *client_id,
7685  const struct data_string *server_id)
7686 {
7687  struct reply_state reply;
7688  memset(&reply, 0x0, sizeof(struct reply_state));
7689 
7690  /* Locate the client. */
7691  if (shared_network_from_packet6(&reply.shared, packet)
7692  != ISC_R_SUCCESS) {
7693  log_error("unicast_reject: could not locate client.");
7694  return;
7695  }
7696 
7697  /* Initialize the reply. */
7698  packet_reference(&reply.packet, packet, MDL);
7699  data_string_copy(&reply.client_id, client_id, MDL);
7700 
7701  if (start_reply(packet, client_id, server_id, &reply.opt_state,
7702  &reply.buf.reply)) {
7703  /* Set the UseMulticast status code. */
7704  if (!set_status_code(STATUS_UseMulticast,
7705  "Unicast not allowed by server.",
7706  reply.opt_state)) {
7707  log_error("unicast_reject: Unable to set status code.");
7708  } else {
7709  /* Set write cursor to just past the reply header. */
7710  reply.cursor = REPLY_OPTIONS_INDEX;
7711  reply.cursor += store_options6(((char *)reply.buf.data
7712  + reply.cursor),
7713  (sizeof(reply.buf)
7714  - reply.cursor),
7715  reply.opt_state,
7716  reply.packet,
7717  unicast_reject_opts,
7718  NULL);
7719 
7720  /* Return our reply to the caller. */
7721  reply_ret->len = reply.cursor;
7722  reply_ret->buffer = NULL;
7723  if (!buffer_allocate(&reply_ret->buffer,
7724  reply.cursor, MDL)) {
7725  log_fatal("unicast_reject:"
7726  "No memory to store Reply.");
7727  }
7728 
7729  memcpy(reply_ret->buffer->data, reply.buf.data,
7730  reply.cursor);
7731  reply_ret->data = reply_ret->buffer->data;
7732  }
7733 
7734  }
7735 
7736  /* Cleanup. */
7737  if (reply.shared != NULL)
7738  shared_network_dereference(&reply.shared, MDL);
7739  if (reply.opt_state != NULL)
7740  option_state_dereference(&reply.opt_state, MDL);
7741  if (reply.packet != NULL)
7742  packet_dereference(&reply.packet, MDL);
7743  if (reply.client_id.data != NULL)
7744  data_string_forget(&reply.client_id, MDL);
7745 }
7746 
7765 isc_boolean_t
7766 is_unicast_option_defined(struct packet *packet) {
7767  isc_boolean_t is_defined = ISC_FALSE;
7768  struct option_state *opt_state = NULL;
7769  struct option_cache *oc = NULL;
7770  struct shared_network *shared = NULL;
7771 
7772  if (!option_state_allocate(&opt_state, MDL)) {
7773  log_fatal("is_unicast_option_defined:"
7774  "No memory for option state.");
7775  }
7776 
7777  /* We try to map the packet to a network first by an IA_XX value.
7778  * If that fails, we try by packet source. */
7779  if (((shared_network_from_requested_addr(&shared, packet)
7780  != ISC_R_SUCCESS) &&
7781  (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
7782  || (shared == NULL)) {
7783  /* @todo what would this really mean? I think wrong network
7784  * logic will catch it */
7785  log_error("is_unicast_option_defined:"
7786  "cannot attribute packet to a network.");
7787  return (ISC_FALSE);
7788  }
7789 
7790  /* Now that we've mapped it to a network, execute statments to that
7791  * scope, looking for the unicast option. We don't care about the
7792  * value of the option, only whether or not it is defined. */
7793  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
7794  &global_scope, shared->group, NULL, NULL);
7795 
7796  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
7797  is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
7798  log_debug("is_unicast_option_defined: option found : %d", is_defined);
7799 
7800  if (shared != NULL) {
7801  shared_network_dereference(&shared, MDL);
7802  }
7803 
7804  if (opt_state != NULL) {
7805  option_state_dereference(&opt_state, MDL);
7806  }
7807 
7808  return (is_defined);
7809 }
7810 
7826 static isc_result_t
7827 shared_network_from_requested_addr (struct shared_network **shared,
7828  struct packet* packet) {
7829  struct iaddr iaddr;
7830  struct subnet* subnet = NULL;
7831  isc_result_t status = ISC_R_FAILURE;
7832 
7833  /* Try to match first IA_ address or prefix we find to a subnet. In
7834  * theory all IA_ values in a given request are supposed to be in the
7835  * same subnet so we only need to try one right? */
7836  if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
7837  && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
7838  != ISC_R_SUCCESS)
7839  && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
7840  != ISC_R_SUCCESS)) {
7841  /* we found nothing to match against */
7842  log_debug("share_network_from_request_addr: nothing to match");
7843  return (ISC_R_FAILURE);
7844  }
7845 
7846  if (!find_subnet(&subnet, iaddr, MDL)) {
7847  log_debug("shared_network_from_requested_addr:"
7848  "No subnet found for addr %s.", piaddr(iaddr));
7849  } else {
7850  status = shared_network_reference(shared,
7852  subnet_dereference(&subnet, MDL);
7853  log_debug("shared_network_from_requested_addr:"
7854  " found shared network %s for address %s.",
7855  ((*shared)->name ? (*shared)->name : "unnamed"),
7856  piaddr(iaddr));
7857  return (status);
7858  }
7859 
7860  return (ISC_R_FAILURE);
7861 }
7862 
7881 static isc_result_t
7882 get_first_ia_addr_val (struct packet* packet, int addr_type,
7883  struct iaddr* iaddr) {
7884  struct option_cache *ia;
7885  struct option_cache *oc = NULL;
7886  struct data_string cli_enc_opt_data;
7887  struct option_state *cli_enc_opt_state;
7888  int addr_opt_offset;
7889  int addr_opt;
7890  int addr_opt_data_len;
7891  int ip_addr_offset;
7892 
7893  isc_result_t status = ISC_R_FAILURE;
7894  memset(iaddr, 0, sizeof(struct iaddr));
7895 
7896  /* Set up address type specifics */
7897  switch (addr_type) {
7898  case D6O_IA_NA:
7899  addr_opt_offset = IA_NA_OFFSET;
7900  addr_opt = D6O_IAADDR;
7901  addr_opt_data_len = 24;
7902  ip_addr_offset = 0;
7903  break;
7904  case D6O_IA_TA:
7905  addr_opt_offset = IA_TA_OFFSET;
7906  addr_opt = D6O_IAADDR;
7907  addr_opt_data_len = 24;
7908  ip_addr_offset = 0;
7909  break;
7910  case D6O_IA_PD:
7911  addr_opt_offset = IA_PD_OFFSET;
7912  addr_opt = D6O_IAPREFIX;
7913  addr_opt_data_len = 25;
7914  ip_addr_offset = 9;
7915  break;
7916  default:
7917  /* shouldn't be here */
7918  log_error ("get_first_ia_addr_val: invalid opt type %d",
7919  addr_type);
7920  return (ISC_R_FAILURE);
7921  }
7922 
7923  /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
7924  for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
7925  ia != NULL && oc == NULL; ia = ia->next) {
7926  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
7927  &cli_enc_opt_data,
7928  packet, ia, addr_opt_offset)) {
7929  log_debug ("get_first_ia_addr_val:"
7930  " couldn't unroll enclosing option");
7931  return (ISC_R_FAILURE);
7932  }
7933 
7934  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
7935  addr_opt);
7936  if (oc == NULL) {
7937  /* no address given for this IA, ignore */
7938  option_state_dereference(&cli_enc_opt_state, MDL);
7939  data_string_forget(&cli_enc_opt_data, MDL);
7940  }
7941  }
7942 
7943  /* If we found a non-blank IA_XX then extract its ip address. */
7944  if (oc != NULL) {
7945  struct data_string iaddr_str;
7946 
7947  memset(&iaddr_str, 0, sizeof(iaddr_str));
7948  if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
7949  packet->options, NULL, &global_scope,
7950  oc, MDL)) {
7951  log_error("get_first_ia_addr_val: "
7952  "error evaluating IA_XX option.");
7953  } else {
7954  if (iaddr_str.len != addr_opt_data_len) {
7955  log_error("shared_network_from_requested_addr:"
7956  " invalid length %d, expected %d",
7957  iaddr_str.len, addr_opt_data_len);
7958  } else {
7959  iaddr->len = 16;
7960  memcpy (iaddr->iabuf,
7961  iaddr_str.data + ip_addr_offset, 16);
7962  status = ISC_R_SUCCESS;
7963  }
7964  data_string_forget(&iaddr_str, MDL);
7965  }
7966 
7967  option_state_dereference(&cli_enc_opt_state, MDL);
7968  data_string_forget(&cli_enc_opt_data, MDL);
7969  }
7970 
7971  return (status);
7972 }
7973 
7974 /*
7975 * \brief Calculates the reply T1/T2 times and stuffs them in outbound buffer
7976 *
7977 * T1/T2 time selection is kind of weird. We actually use DHCP * (v4) scoped
7978 * options, dhcp-renewal-time and dhcp-rebinding-time, as handy existing places
7979 * where these can be configured by an administrator. A value of zero tells the
7980 * client it may choose its own value.
7981 *
7982 * When those options are not defined, the values will be set to zero unless
7983 * the global option, dhcpv6-set-tee-times is enabled. When this option is
7984 * enabled the values are calculated as recommended by RFC 3315, Section 22.4:
7985 *
7986 * T1 will be set to 0.5 times the shortest preferred lifetime
7987 * in the IA_XX option. If the "shortest" preferred lifetime is
7988 * 0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
7989 *
7990 * T2 will be set to 0.8 times the shortest preferred lifetime
7991 * in the IA_XX option. If the "shortest" preferred lifetime is
7992 * 0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
7993 *
7994 * Note that dhcpv6-set-tee-times is intended to be transitional and will
7995 * likely be removed in 4.4.0, leaving the behavior as getting the values
7996 * either from the configured parameters (if you want zeros, define them as
7997 * zeros) or by calculating them per the RFC.
7998 *
7999 * \param reply - pointer to the reply_state structure
8000 * \param ia_cursor - offset of the beginning of the IA_XX option within the
8001 * reply's outbound data buffer
8002 */
8003 static void
8004 set_reply_tee_times(struct reply_state* reply, unsigned ia_cursor)
8005 {
8006  struct option_cache *oc;
8007  int set_tee_times;
8008 
8009  /* Found out if calculated values are enabled. */
8010  oc = lookup_option(&server_universe, reply->opt_state,
8012  set_tee_times = (oc &&
8013  evaluate_boolean_option_cache(NULL, reply->packet,
8014  NULL, NULL,
8015  reply->packet->options,
8016  reply->opt_state,
8017  &global_scope, oc, MDL));
8018 
8019  oc = lookup_option(&dhcp_universe, reply->opt_state,
8021  if (oc != NULL) {
8022  /* dhcp-renewal-time is defined, use it */
8023  struct data_string data;
8024  memset(&data, 0x00, sizeof(data));
8025 
8026  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8027  reply->packet->options,
8028  reply->opt_state, &global_scope,
8029  oc, MDL) ||
8030  (data.len != 4)) {
8031  log_error("Invalid renewal time.");
8032  reply->renew = 0;
8033  } else {
8034  reply->renew = getULong(data.data);
8035  }
8036 
8037  if (data.data != NULL)
8039  } else if (set_tee_times) {
8040  /* Setting them is enabled so T1 is either infinite or
8041  * 0.5 * the shortest preferred lifetime in the IA_XX */
8042  if (reply->min_prefer == INFINITE_TIME)
8043  reply->renew = INFINITE_TIME;
8044  else
8045  reply->renew = reply->min_prefer / 2;
8046  } else {
8047  /* Default is to let the client choose */
8048  reply->renew = 0;
8049  }
8050 
8051  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
8052 
8053  /* Now T2. */
8054  oc = lookup_option(&dhcp_universe, reply->opt_state,
8056  if (oc != NULL) {
8057  /* dhcp-rebinding-time is defined, use it */
8058  struct data_string data;
8059  memset(&data, 0x00, sizeof(data));
8060 
8061  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
8062  reply->packet->options,
8063  reply->opt_state, &global_scope,
8064  oc, MDL) ||
8065  (data.len != 4)) {
8066  log_error("Invalid rebinding time.");
8067  reply->rebind = 0;
8068  } else {
8069  reply->rebind = getULong(data.data);
8070  }
8071 
8072  if (data.data != NULL)
8074  } else if (set_tee_times) {
8075  /* Setting them is enabled so T2 is either infinite or
8076  * 0.8 * the shortest preferred lifetime in the reply */
8077  if (reply->min_prefer == INFINITE_TIME)
8078  reply->rebind = INFINITE_TIME;
8079  else
8080  reply->rebind = (reply->min_prefer / 5) * 4;
8081  } else {
8082  /* Default is to let the client choose */
8083  reply->rebind = 0;
8084  }
8085 
8086  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
8087 }
8088 
8089 
8090 #endif /* DHCPv6 */
#define FTS_ABANDONED
Definition: dhcpd.h:537
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define DHCP_FIXED_NON_UDP
Definition: dhcp.h:37
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1444
struct ipv6_pond * next
Definition: dhcpd.h:1711
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:931
unsigned char peer_address[16]
Definition: dhcp6.h:241
const char int line
Definition: dhcpd.h:3723
#define D6O_IAADDR
Definition: dhcp6.h:34
struct binding_scope * global_scope
Definition: tree.c:38
#define STATUS_NoBinding
Definition: dhcp6.h:125
#define DHCPV6_RELEASE
Definition: dhcp6.h:145
struct subnet * subnets
Definition: dhcpd.h:1034
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1234
Definition: dhcpd.h:556
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:310
unsigned len
Definition: tree.h:80
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:623
isc_uint64_t num_active
Definition: dhcpd.h:1724
struct shared_network * shared_network
Definition: dhcpd.h:1351
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:579
u_int8_t hlen
Definition: dhcpd.h:489
Definition: dhcpd.h:1645
#define D6O_STATUS_CODE
Definition: dhcp6.h:42
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:414
char name[IFNAMSIZ]
Definition: dhcpd.h:1375
isc_boolean_t server_duid_isset(void)
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:242
int units
Definition: dhcpd.h:1684
int prefix_length_mode
Definition: dhcpd.c:81
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:402
#define PLM_EXACT
Definition: dhcpd.h:859
unsigned char msg_type
Definition: dhcp6.h:226
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:56
Definition: dhcpd.h:1044
struct universe server_universe
Definition: stables.c:175
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
#define HTYPE_RESERVED
Definition: dhcp.h:84
#define MDL
Definition: omapip.h:568
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1372
#define D6O_PREFERENCE
Definition: dhcp6.h:36
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:638
unsigned char iabuf[16]
Definition: inet.h:33
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2575
#define IA_PD_OFFSET
Definition: dhcp6.h:173
u_int8_t hlen
Definition: dhcp.h:51
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:124
const char * dhcpv6_type_names[]
Definition: tables.c:656
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:144
#define DHCPV6_REQUEST
Definition: dhcp6.h:140
int last_ipv6_pool
Definition: dhcpd.h:1721
unsigned char msg_type
Definition: dhcp6.h:250
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:147
#define IAADDR_OFFSET
Definition: dhcp6.h:176
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:759
struct group * group
Definition: dhcpd.h:1038
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:43
#define PLM_PREFER
Definition: dhcpd.h:858
struct universe dhcp_universe
int dhcpv4_over_dhcpv6
Definition: discover.c:47
#define D6O_SERVERID
Definition: dhcp6.h:31
#define STATUS_NotOnLink
Definition: dhcp6.h:126
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1339
struct option_cache * next
Definition: dhcpd.h:387
void bootp(struct packet *packet)
Definition: dhclient.c:2014
struct shared_network * shared_network
Definition: dhcpd.h:1713
#define D6O_INTERFACE_ID
Definition: dhcp6.h:47
struct option_cache * fixed_addr
Definition: dhcpd.h:955
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:238
#define DUID_LL
Definition: dhcp6.h:167
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2852
u_int32_t valid
Definition: dhcpd.h:1621
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1651
#define FTS_EXPIRED
Definition: dhcpd.h:535
struct on_star on_star
Definition: dhcpd.h:1642
int known
Definition: dhcpd.h:457
struct binding_scope * scope
Definition: dhcpd.h:1617
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1695
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:151
#define STATUS_Success
Definition: dhcp6.h:122
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:171
#define DHCPV6_DHCPV4_QUERY
Definition: dhcp6.h:157
#define D6O_DHCPV4_MSG
Definition: dhcp6.h:116
unsigned char flags[3]
Definition: dhcp6.h:251
int logged
Definition: dhcpd.h:1726
#define D6O_CLIENTID
Definition: dhcp6.h:30
struct permit * prohibit_list
Definition: dhcpd.h:1716
Definition: dhcpd.h:549
struct option_state * options
Definition: dhcpd.h:449
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:417
unsigned char link_address[16]
Definition: dhcp6.h:240
#define INFINITE_TIME
Definition: dhcpd.h:1596
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:411
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1344
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:150
int client_port
Definition: dhcpd.h:431
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:151
#define D6O_IA_TA
Definition: dhcp6.h:33
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:117
#define PLM_MINIMUM
Definition: dhcpd.h:860
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:799
#define D6O_UNICAST
Definition: dhcp6.h:41
struct dhcp_packet * raw
Definition: dhcpd.h:406
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1597
int find_hosts6(struct host_decl **host, struct packet *packet, const struct data_string *client_id, char *file, int line)
Definition: mdb6.c:2771
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:34
#define SV_DDNS_UPDATES
Definition: dhcpd.h:736
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1434
#define D6O_IAPREFIX
Definition: dhcp6.h:55
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:563
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:184
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1622
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:1986
#define DUID_TIME_EPOCH
Definition: dhcp6.h:273
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:846
time_t hard_lifetime_end_time
Definition: dhcpd.h:1618
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2699
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:128
#define DHCPV6_DHCPV4_RESPONSE
Definition: dhcp6.h:158
unsigned char chaddr[16]
Definition: dhcp.h:60
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1053
Definition: dhcpd.h:998
#define DHCPV6_RENEW
Definition: dhcp6.h:142
int options_valid
Definition: dhcpd.h:430
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1623
struct iaddr net
Definition: dhcpd.h:1051
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:679
struct interface_info * interface
Definition: dhcpd.h:433
#define PLM_IGNORE
Definition: dhcpd.h:857
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
#define PLM_MAXIMUM
Definition: dhcpd.h:861
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:143
u_int16_t local_port
Definition: dhclient.c:92
Definition: dhcpd.h:405
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:831
u_int8_t plen
Definition: dhcpd.h:1615
#define cur_time
Definition: dhcpd.h:2077
Definition: ip.h:47
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:149
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2491
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:72
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:953
struct host_decl * n_ipaddr
Definition: dhcpd.h:945
#define SV_DHCPV6_SET_TEE_TIMES
Definition: dhcpd.h:803
int jumbo_range
Definition: dhcpd.h:1728
struct hardware hw_address
Definition: dhcpd.h:1353
int packet_type
Definition: dhcpd.h:409
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2449
#define IA_TA_OFFSET
Definition: dhcp6.h:172
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2577
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:5023
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1649
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1720
binding_state_t state
Definition: dhcpd.h:1616
int packet6_len_okay(const char *packet, int len)
Definition: options.c:4083
int parse_options(struct packet *packet)
Definition: options.c:47
struct interface_info * interfaces
Definition: discover.c:42
unsigned char dhcp4o6_flags[3]
Definition: dhcpd.h:425
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:1048
int validate_packet(struct packet *packet)
Definition: options.c:4429
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:166
struct group * group
Definition: dhcpd.h:1054
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2094
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:152
TIME cltt
Definition: dhcpd.h:636
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:179
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1679
#define DHCP4O6_QUERY_UNICAST
Definition: dhcp6.h:254
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:1029
int local_family
Definition: discover.c:55
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2515
#define FIND_POND6_PERCENT(count, percent)
Definition: dhcpd.h:3835
u_int32_t getUChar(const unsigned char *)
struct data_string * dhcp4o6_response
Definition: dhcpd.h:428
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:956
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:911
ia_hash_t * ia_pd_active
Definition: dhcpd.h:931
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1043
const int dhcpv6_type_name_max
Definition: tables.c:680
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:303
unsigned char hop_count
Definition: dhcp6.h:239
isc_uint64_t low_threshold
Definition: dhcpd.h:1727
struct interface_info * next
Definition: dhcpd.h:1350
struct universe dhcpv6_universe
Definition: tables.c:343
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1804
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2733
#define D6O_IA_NA
Definition: dhcp6.h:32
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2576
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1081
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1015
const char int
Definition: omapip.h:443
struct iaddr netmask
Definition: dhcpd.h:1052
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:260
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:139
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:798
isc_uint64_t num_abandoned
Definition: dhcpd.h:1725
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:338
#define D6O_ORO
Definition: dhcp6.h:35
struct subnet * next_sibling
Definition: dhcpd.h:1047
isc_boolean_t unicast
Definition: dhcpd.h:470
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:438
unsigned char data[1]
Definition: tree.h:63
unsigned char transaction_id[3]
Definition: dhcp6.h:227
time_t soft_lifetime_end_time
Definition: dhcpd.h:1619
struct iaddr lo_addr
Definition: inet.h:71
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:707
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:490
#define MAX_TIME
Definition: dhcpd.h:1597
#define DHCPV6_CONFIRM
Definition: dhcp6.h:141
struct iaddr client_addr
Definition: dhcpd.h:432
ipv6_pond structure
Definition: dhcpd.h:1709
isc_uint64_t num_total
Definition: dhcpd.h:1723
#define D6O_IA_PD
Definition: dhcp6.h:54
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:232
#define DUID_LLT
Definition: dhcp6.h:165
void dhcp(struct packet *packet)
Definition: dhclient.c:2047
struct iasubopt ** iasubopt
Definition: dhcpd.h:1652
int write_ia(const struct ia_xx *)
Definition: db.c:518
struct ia_xx * ia
Definition: dhcpd.h:1622
u_int16_t remote_port
Definition: dhclient.c:93
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:150
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:419
const char * file
Definition: dhcpd.h:3723
char * name
Definition: dhcpd.h:1029
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1715
struct shared_network * shared_network
Definition: dhcpd.h:1692
struct in6_addr addr
Definition: dhcpd.h:1614
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:376
struct executable_statement * on_commit
Definition: dhcpd.h:551
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:762
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:252
const unsigned char * data
Definition: tree.h:79
#define DHO_DHCP_MESSAGE_TYPE
Definition: dhcp.h:145
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2304
isc_result_t generate_new_server_duid(void)
struct binding_scope * scope
Definition: dhcpd.h:571
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1323
unsigned packet_length
Definition: dhcpd.h:408
#define D6O_RELAY_MSG
Definition: dhcp6.h:38
struct permit * permit_list
Definition: dhcpd.h:1715
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:49
u_int16_t pool_type
Definition: dhcpd.h:1681
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:148
#define DHCPV6_DECLINE
Definition: dhcp6.h:146
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:418
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:228
void classify_client(struct packet *)
Definition: class.c:63
struct group * group
Definition: dhcpd.h:1712
#define DHCPV6_SOLICIT
Definition: dhcp6.h:138
struct buffer * buffer
Definition: tree.h:78
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:763
unsigned char options[DHCP_MAX_OPTION_LEN]
Definition: dhcp.h:63
#define STATUS_UseMulticast
Definition: dhcp6.h:127
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:422
#define FTS_ACTIVE
Definition: dhcpd.h:534
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:233