ISC DHCP  4.3.3-P1
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2015 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 #include "trace.h"
21 
22 #ifdef DHCPv6
23 
24 /*
25  * We use print_hex_1() to output DUID values. We could actually output
26  * the DUID with more information... MAC address if using type 1 or 3,
27  * and so on. However, RFC 3315 contains Grave Warnings against actually
28  * attempting to understand a DUID.
29  */
30 
31 /*
32  * TODO: gettext() or other method of localization for the messages
33  * for status codes (and probably for log formats eventually)
34  * TODO: refactoring (simplify, simplify, simplify)
35  * TODO: support multiple shared_networks on each interface (this
36  * will allow the server to issue multiple IPv6 addresses to
37  * a single interface)
38  */
39 
40 /*
41  * DHCPv6 Reply workflow assist. A Reply packet is built by various
42  * different functions; this gives us one location where we keep state
43  * regarding a reply.
44  */
45 struct reply_state {
46  /* root level persistent state */
47  struct shared_network *shared;
48  struct host_decl *host;
49  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
50  struct option_state *opt_state;
51  struct packet *packet;
52  struct data_string client_id;
53 
54  /* IA level persistent state */
55  unsigned ia_count;
56  unsigned pd_count;
57  unsigned client_resources;
58  isc_boolean_t resources_included;
59  isc_boolean_t static_lease;
60  unsigned static_prefixes;
61  struct ia_xx *ia;
62  struct ia_xx *old_ia;
63  struct option_state *reply_ia;
64  struct data_string fixed;
65  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
66 
67  /* IAADDR/PREFIX level persistent state */
68  struct iasubopt *lease;
69 
70  /*
71  * "t1", "t2", preferred, and valid lifetimes records for calculating
72  * t1 and t2 (min/max).
73  */
74  u_int32_t renew, rebind, prefer, valid;
75 
76  /* Client-requested valid and preferred lifetimes. */
77  u_int32_t client_valid, client_prefer;
78 
79  /* Chosen values to transmit for valid and preferred lifetimes. */
80  u_int32_t send_valid, send_prefer;
81 
82  /* Preferred prefix length (-1 is any). */
83  int preflen;
84 
85  /* Index into the data field that has been consumed. */
86  unsigned cursor;
87 
88  /* Space for the on commit statements for a fixed host */
89  struct on_star on_star;
90 
91  union reply_buffer {
92  unsigned char data[65536];
93  struct dhcpv6_packet reply;
94  } buf;
95 };
96 
97 /*
98  * Prototypes local to this file.
99  */
100 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
101  struct data_string *enc_opt_data,
102  struct packet *packet,
103  struct option_cache *oc,
104  int offset);
105 static void build_dhcpv6_reply(struct data_string *, struct packet *);
106 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
107  struct packet *packet);
108 static void seek_shared_host(struct host_decl **hp,
109  struct shared_network *shared);
110 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
111  struct shared_network *shared);
112 static isc_result_t reply_process_ia_na(struct reply_state *reply,
113  struct option_cache *ia);
114 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
115  struct option_cache *ia);
116 static isc_result_t reply_process_addr(struct reply_state *reply,
117  struct option_cache *addr);
118 static isc_boolean_t address_is_owned(struct reply_state *reply,
119  struct iaddr *addr);
120 static isc_boolean_t temporary_is_available(struct reply_state *reply,
121  struct iaddr *addr);
122 static isc_result_t find_client_temporaries(struct reply_state *reply);
123 static isc_result_t reply_process_try_addr(struct reply_state *reply,
124  struct iaddr *addr);
125 static isc_result_t find_client_address(struct reply_state *reply);
126 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
127  struct binding_scope **scope,
128  struct group *group);
129 static isc_result_t reply_process_send_addr(struct reply_state *reply,
130  struct iaddr *addr);
131 static struct iasubopt *lease_compare(struct iasubopt *alpha,
132  struct iasubopt *beta);
133 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
134  struct option_cache *ia_pd);
135 static struct group *find_group_by_prefix(struct reply_state *reply);
136 static isc_result_t reply_process_prefix(struct reply_state *reply,
137  struct option_cache *pref);
138 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
139  struct iaddrcidrnet *pref);
140 static isc_result_t find_client_prefix(struct reply_state *reply);
141 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
142  struct iaddrcidrnet *pref);
143 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
144  struct binding_scope **scope,
145  struct group *group);
146 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
147  struct iaddrcidrnet *pref);
148 static struct iasubopt *prefix_compare(struct reply_state *reply,
149  struct iasubopt *alpha,
150  struct iasubopt *beta);
151 static int find_hosts_by_duid_chaddr(struct host_decl **host,
152  const struct data_string *client_id);
153 static void schedule_lease_timeout_reply(struct reply_state *reply);
154 
155 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
156 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
157  int prefix_mode);
158 
159 static void unicast_reject(struct data_string *reply_ret, struct packet *packet,
160  const struct data_string *client_id,
161  const struct data_string *server_id);
162 
163 static isc_boolean_t is_unicast_option_defined(struct packet *packet);
164 static isc_result_t shared_network_from_requested_addr (struct shared_network
165  **shared,
166  struct packet* packet);
167 static isc_result_t get_first_ia_addr_val (struct packet* packet, int addr_type,
168  struct iaddr* iaddr);
169 
170 /*
171  * Schedule lease timeouts for all of the iasubopts in the reply.
172  * This is currently used to schedule timeouts for soft leases.
173  */
174 
175 static void
176 schedule_lease_timeout_reply(struct reply_state *reply) {
177  struct iasubopt *tmp;
178  int i;
179 
180  /* sanity check the reply */
181  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
182  return;
183 
184  /* walk through the list, scheduling as we go */
185  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
186  tmp = reply->ia->iasubopt[i];
188  }
189 }
190 
191 /*
192  * This function returns the time since DUID time start for the
193  * given time_t value.
194  */
195 static u_int32_t
196 duid_time(time_t when) {
197  /*
198  * This time is modulo 2^32.
199  */
200  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
201  /* use 2^31 to avoid spurious compiler warnings */
202  when -= 2147483648u;
203  when -= 2147483648u;
204  }
205 
206  return when - DUID_TIME_EPOCH;
207 }
208 
209 
210 /*
211  * Server DUID.
212  *
213  * This must remain the same for the lifetime of this server, because
214  * clients return the server DUID that we sent them in Request packets.
215  *
216  * We pick the server DUID like this:
217  *
218  * 1. Check dhcpd.conf - any value the administrator has configured
219  * overrides any possible values.
220  * 2. Check the leases.txt - we want to use the previous value if
221  * possible.
222  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
223  * and generate that type.
224  * 4. Generate a type 1 (time + hardware address) DUID.
225  */
226 static struct data_string server_duid;
227 
228 /*
229  * Check if the server_duid has been set.
230  */
231 isc_boolean_t
232 server_duid_isset(void) {
233  return (server_duid.data != NULL);
234 }
235 
236 /*
237  * Return the server_duid.
238  */
239 void
240 copy_server_duid(struct data_string *ds, const char *file, int line) {
241  data_string_copy(ds, &server_duid, file, line);
242 }
243 
244 /*
245  * Set the server DUID to a specified value. This is used when
246  * the server DUID is stored in persistent memory (basically the
247  * leases.txt file).
248  */
249 void
250 set_server_duid(struct data_string *new_duid) {
251  /* INSIST(new_duid != NULL); */
252  /* INSIST(new_duid->data != NULL); */
253 
254  if (server_duid_isset()) {
255  data_string_forget(&server_duid, MDL);
256  }
257  data_string_copy(&server_duid, new_duid, MDL);
258 }
259 
260 
261 /*
262  * Set the server DUID based on the D6O_SERVERID option. This handles
263  * the case where the administrator explicitly put it in the dhcpd.conf
264  * file.
265  */
266 isc_result_t
268  struct option_state *opt_state;
269  struct option_cache *oc;
270  struct data_string option_duid;
271  isc_result_t ret_val;
272 
273  opt_state = NULL;
274  if (!option_state_allocate(&opt_state, MDL)) {
275  log_fatal("No memory for server DUID.");
276  }
277 
278  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
279  opt_state, &global_scope, root_group,
280  NULL, NULL);
281 
282  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
283  if (oc == NULL) {
284  ret_val = ISC_R_NOTFOUND;
285  } else {
286  memset(&option_duid, 0, sizeof(option_duid));
287  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
288  opt_state, NULL, &global_scope,
289  oc, MDL)) {
290  ret_val = ISC_R_UNEXPECTED;
291  } else {
292  set_server_duid(&option_duid);
293  data_string_forget(&option_duid, MDL);
294  ret_val = ISC_R_SUCCESS;
295  }
296  }
297 
298  option_state_dereference(&opt_state, MDL);
299 
300  return ret_val;
301 }
302 
303 /*
304  * DUID layout, as defined in RFC 3315, section 9.
305  *
306  * We support type 1 (hardware address plus time) and type 3 (hardware
307  * address).
308  *
309  * We can support type 2 for specific vendors in the future, if they
310  * publish the specification. And of course there may be additional
311  * types later.
312  */
313 static int server_duid_type = DUID_LLT;
314 
315 /*
316  * Set the DUID type.
317  */
318 void
319 set_server_duid_type(int type) {
320  server_duid_type = type;
321 }
322 
323 /*
324  * Generate a new server DUID. This is done if there was no DUID in
325  * the leases.txt or in the dhcpd.conf file.
326  */
327 isc_result_t
329  struct interface_info *p;
330  u_int32_t time_val;
331  struct data_string generated_duid;
332 
333  /*
334  * Verify we have a type that we support.
335  */
336  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
337  log_error("Invalid DUID type %d specified, "
338  "only LL and LLT types supported", server_duid_type);
339  return DHCP_R_INVALIDARG;
340  }
341 
342  /*
343  * Find an interface with a hardware address.
344  * Any will do. :)
345  */
346  for (p = interfaces; p != NULL; p = p->next) {
347  if (p->hw_address.hlen > 0) {
348  break;
349  }
350  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
351  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
352  }
353  }
354  if (p == NULL) {
355  return ISC_R_UNEXPECTED;
356  }
357 
358  /*
359  * Build our DUID.
360  */
361  memset(&generated_duid, 0, sizeof(generated_duid));
362  if (server_duid_type == DUID_LLT) {
363  time_val = duid_time(time(NULL));
364  generated_duid.len = 8 + p->hw_address.hlen - 1;
365  if (!buffer_allocate(&generated_duid.buffer,
366  generated_duid.len, MDL)) {
367  log_fatal("No memory for server DUID.");
368  }
369  generated_duid.data = generated_duid.buffer->data;
370  putUShort(generated_duid.buffer->data, DUID_LLT);
371  putUShort(generated_duid.buffer->data + 2,
372  p->hw_address.hbuf[0]);
373  putULong(generated_duid.buffer->data + 4, time_val);
374  memcpy(generated_duid.buffer->data + 8,
375  p->hw_address.hbuf+1, p->hw_address.hlen-1);
376  } else if (server_duid_type == DUID_LL) {
377  generated_duid.len = 4 + p->hw_address.hlen - 1;
378  if (!buffer_allocate(&generated_duid.buffer,
379  generated_duid.len, MDL)) {
380  log_fatal("No memory for server DUID.");
381  }
382  generated_duid.data = generated_duid.buffer->data;
383  putUShort(generated_duid.buffer->data, DUID_LL);
384  putUShort(generated_duid.buffer->data + 2,
385  p->hw_address.hbuf[0]);
386  memcpy(generated_duid.buffer->data + 4,
387  p->hw_address.hbuf+1, p->hw_address.hlen-1);
388  } else {
389  log_fatal("Unsupported server DUID type %d.", server_duid_type);
390  }
391 
392  set_server_duid(&generated_duid);
393  data_string_forget(&generated_duid, MDL);
394 
395  return ISC_R_SUCCESS;
396 }
397 
398 /*
399  * Get the client identifier from the packet.
400  */
401 isc_result_t
402 get_client_id(struct packet *packet, struct data_string *client_id) {
403  struct option_cache *oc;
404 
405  /*
406  * Verify our client_id structure is empty.
407  */
408  if ((client_id->data != NULL) || (client_id->len != 0)) {
409  return DHCP_R_INVALIDARG;
410  }
411 
413  if (oc == NULL) {
414  return ISC_R_NOTFOUND;
415  }
416 
417  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
418  packet->options, NULL,
419  &global_scope, oc, MDL)) {
420  return ISC_R_FAILURE;
421  }
422 
423  return ISC_R_SUCCESS;
424 }
425 
426 /*
427  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
428  *
429  * Servers MUST discard any Solicit messages that do not include a
430  * Client Identifier option or that do include a Server Identifier
431  * option.
432  */
433 int
434 valid_client_msg(struct packet *packet, struct data_string *client_id) {
435  int ret_val;
436  struct option_cache *oc;
437  struct data_string data;
438 
439  ret_val = 0;
440  memset(client_id, 0, sizeof(*client_id));
441  memset(&data, 0, sizeof(data));
442 
443  switch (get_client_id(packet, client_id)) {
444  case ISC_R_SUCCESS:
445  break;
446  case ISC_R_NOTFOUND:
447  log_debug("Discarding %s from %s; "
448  "client identifier missing",
450  piaddr(packet->client_addr));
451  goto exit;
452  default:
453  log_error("Error processing %s from %s; "
454  "unable to evaluate Client Identifier",
456  piaddr(packet->client_addr));
457  goto exit;
458  }
459 
460  /*
461  * Required by RFC 3315, section 15.
462  */
463  if (packet->unicast) {
464  log_debug("Discarding %s from %s; packet sent unicast "
465  "(CLIENTID %s)",
467  piaddr(packet->client_addr),
468  print_hex_1(client_id->len, client_id->data, 60));
469  goto exit;
470  }
471 
472 
474  if (oc != NULL) {
475  if (evaluate_option_cache(&data, packet, NULL, NULL,
476  packet->options, NULL,
477  &global_scope, oc, MDL)) {
478  log_debug("Discarding %s from %s; "
479  "server identifier found "
480  "(CLIENTID %s, SERVERID %s)",
482  piaddr(packet->client_addr),
483  print_hex_1(client_id->len,
484  client_id->data, 60),
485  print_hex_2(data.len,
486  data.data, 60));
487  } else {
488  log_debug("Discarding %s from %s; "
489  "server identifier found "
490  "(CLIENTID %s)",
492  print_hex_1(client_id->len,
493  client_id->data, 60),
494  piaddr(packet->client_addr));
495  }
496  goto exit;
497  }
498 
499  /* looks good */
500  ret_val = 1;
501 
502 exit:
503  if (data.len > 0) {
505  }
506  if (!ret_val) {
507  if (client_id->len > 0) {
508  data_string_forget(client_id, MDL);
509  }
510  }
511  return ret_val;
512 }
513 
514 /*
515  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
516  * 15.9 (slightly different wording, but same meaning):
517  *
518  * Servers MUST discard any received Request message that meet any of
519  * the following conditions:
520  *
521  * - the message does not include a Server Identifier option.
522  * - the contents of the Server Identifier option do not match the
523  * server's DUID.
524  * - the message does not include a Client Identifier option.
525  */
526 int
527 valid_client_resp(struct packet *packet,
528  struct data_string *client_id,
529  struct data_string *server_id)
530 {
531  int ret_val;
532  struct option_cache *oc;
533 
534  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
535 
536  ret_val = 0;
537  memset(client_id, 0, sizeof(*client_id));
538  memset(server_id, 0, sizeof(*server_id));
539 
540  switch (get_client_id(packet, client_id)) {
541  case ISC_R_SUCCESS:
542  break;
543  case ISC_R_NOTFOUND:
544  log_debug("Discarding %s from %s; "
545  "client identifier missing",
547  piaddr(packet->client_addr));
548  goto exit;
549  default:
550  log_error("Error processing %s from %s; "
551  "unable to evaluate Client Identifier",
553  piaddr(packet->client_addr));
554  goto exit;
555  }
556 
558  if (oc == NULL) {
559  log_debug("Discarding %s from %s: "
560  "server identifier missing (CLIENTID %s)",
562  piaddr(packet->client_addr),
563  print_hex_1(client_id->len, client_id->data, 60));
564  goto exit;
565  }
566  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
567  packet->options, NULL,
568  &global_scope, oc, MDL)) {
569  log_error("Error processing %s from %s; "
570  "unable to evaluate Server Identifier (CLIENTID %s)",
572  piaddr(packet->client_addr),
573  print_hex_1(client_id->len, client_id->data, 60));
574  goto exit;
575  }
576  if ((server_duid.len != server_id->len) ||
577  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
578  log_debug("Discarding %s from %s; "
579  "not our server identifier "
580  "(CLIENTID %s, SERVERID %s, server DUID %s)",
582  piaddr(packet->client_addr),
583  print_hex_1(client_id->len, client_id->data, 60),
584  print_hex_2(server_id->len, server_id->data, 60),
585  print_hex_3(server_duid.len, server_duid.data, 60));
586  goto exit;
587  }
588 
589  /* looks good */
590  ret_val = 1;
591 
592 exit:
593  if (!ret_val) {
594  if (server_id->len > 0) {
595  data_string_forget(server_id, MDL);
596  }
597  if (client_id->len > 0) {
598  data_string_forget(client_id, MDL);
599  }
600  }
601  return ret_val;
602 }
603 
604 /*
605  * Information request validation, defined in RFC 3315, section 15.12:
606  *
607  * Servers MUST discard any received Information-request message that
608  * meets any of the following conditions:
609  *
610  * - The message includes a Server Identifier option and the DUID in
611  * the option does not match the server's DUID.
612  *
613  * - The message includes an IA option.
614  */
615 int
616 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
617  int ret_val;
618  struct option_cache *oc;
619  struct data_string client_id;
620  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
621  plus a few more for extra information */
622 
623  ret_val = 0;
624  memset(server_id, 0, sizeof(*server_id));
625  memset(&client_id, 0, sizeof(client_id));
626 
627  /*
628  * Make a string that we can print out to give more
629  * information about the client if we need to.
630  *
631  * By RFC 3315, Section 18.1.5 clients SHOULD have a
632  * client-id on an Information-request packet, but it
633  * is not strictly necessary.
634  */
635  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
636  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
637  print_hex_1(client_id.len, client_id.data, 60));
638  data_string_forget(&client_id, MDL);
639  } else {
640  client_id_str[0] = '\0';
641  }
642 
643  /*
644  * Required by RFC 3315, section 15.
645  */
646  if (packet->unicast) {
647  log_debug("Discarding %s from %s; packet sent unicast%s",
649  piaddr(packet->client_addr), client_id_str);
650  goto exit;
651  }
652 
654  if (oc != NULL) {
655  log_debug("Discarding %s from %s; "
656  "IA_NA option present%s",
658  piaddr(packet->client_addr), client_id_str);
659  goto exit;
660  }
662  if (oc != NULL) {
663  log_debug("Discarding %s from %s; "
664  "IA_TA option present%s",
666  piaddr(packet->client_addr), client_id_str);
667  goto exit;
668  }
670  if (oc != NULL) {
671  log_debug("Discarding %s from %s; "
672  "IA_PD option present%s",
674  piaddr(packet->client_addr), client_id_str);
675  goto exit;
676  }
677 
679  if (oc != NULL) {
680  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
681  packet->options, NULL,
682  &global_scope, oc, MDL)) {
683  log_error("Error processing %s from %s; "
684  "unable to evaluate Server Identifier%s",
686  piaddr(packet->client_addr), client_id_str);
687  goto exit;
688  }
689  if ((server_duid.len != server_id->len) ||
690  (memcmp(server_duid.data, server_id->data,
691  server_duid.len) != 0)) {
692  log_debug("Discarding %s from %s; "
693  "not our server identifier "
694  "(SERVERID %s, server DUID %s)%s",
696  piaddr(packet->client_addr),
697  print_hex_1(server_id->len,
698  server_id->data, 60),
699  print_hex_2(server_duid.len,
700  server_duid.data, 60),
701  client_id_str);
702  goto exit;
703  }
704  }
705 
706  /* looks good */
707  ret_val = 1;
708 
709 exit:
710  if (!ret_val) {
711  if (server_id->len > 0) {
712  data_string_forget(server_id, MDL);
713  }
714  }
715  return ret_val;
716 }
717 
718 /*
719  * Options that we want to send, in addition to what was requested
720  * via the ORO.
721  */
722 static const int required_opts[] = {
723  D6O_CLIENTID,
724  D6O_SERVERID,
727  0
728 };
729 static const int required_opts_solicit[] = {
730  D6O_CLIENTID,
731  D6O_SERVERID,
732  D6O_IA_NA,
733  D6O_IA_TA,
734  D6O_IA_PD,
739  0
740 };
741 static const int required_opts_agent[] = {
744  0
745 };
746 static const int required_opts_IA[] = {
747  D6O_IAADDR,
749  0
750 };
751 static const int required_opts_IA_PD[] = {
752  D6O_IAPREFIX,
754  0
755 };
756 static const int required_opts_STATUS_CODE[] = {
758  0
759 };
760 
761 static const int unicast_reject_opts[] = {
762  D6O_CLIENTID,
763  D6O_SERVERID,
765  0
766 };
767 
768 
769 /*
770  * Extracts from packet contents an IA_* option, storing the IA structure
771  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
772  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
773  * where in the IA_* the DHCPv6 options commence.
774  */
775 static int
776 get_encapsulated_IA_state(struct option_state **enc_opt_state,
777  struct data_string *enc_opt_data,
778  struct packet *packet,
779  struct option_cache *oc,
780  int offset)
781 {
782  /*
783  * Get the raw data for the encapsulated options.
784  */
785  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
786  if (!evaluate_option_cache(enc_opt_data, packet,
787  NULL, NULL, packet->options, NULL,
788  &global_scope, oc, MDL)) {
789  log_error("get_encapsulated_IA_state: "
790  "error evaluating raw option.");
791  return 0;
792  }
793  if (enc_opt_data->len < offset) {
794  log_error("get_encapsulated_IA_state: raw option too small.");
795  data_string_forget(enc_opt_data, MDL);
796  return 0;
797  }
798 
799  /*
800  * Now create the option state structure, and pass it to the
801  * function that parses options.
802  */
803  *enc_opt_state = NULL;
804  if (!option_state_allocate(enc_opt_state, MDL)) {
805  log_error("get_encapsulated_IA_state: no memory for options.");
806  data_string_forget(enc_opt_data, MDL);
807  return 0;
808  }
809  if (!parse_option_buffer(*enc_opt_state,
810  enc_opt_data->data + offset,
811  enc_opt_data->len - offset,
812  &dhcpv6_universe)) {
813  log_error("get_encapsulated_IA_state: error parsing options.");
814  option_state_dereference(enc_opt_state, MDL);
815  data_string_forget(enc_opt_data, MDL);
816  return 0;
817  }
818 
819  return 1;
820 }
821 
822 static int
823 set_status_code(u_int16_t status_code, const char *status_message,
824  struct option_state *opt_state)
825 {
826  struct data_string d;
827  int ret_val;
828 
829  memset(&d, 0, sizeof(d));
830  d.len = sizeof(status_code) + strlen(status_message);
831  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
832  log_fatal("set_status_code: no memory for status code.");
833  }
834  d.data = d.buffer->data;
835  putUShort(d.buffer->data, status_code);
836  memcpy(d.buffer->data + sizeof(status_code),
837  status_message, d.len - sizeof(status_code));
838  if (!save_option_buffer(&dhcpv6_universe, opt_state,
839  d.buffer, (unsigned char *)d.data, d.len,
840  D6O_STATUS_CODE, 0)) {
841  log_error("set_status_code: error saving status code.");
842  ret_val = 0;
843  } else {
844  ret_val = 1;
845  }
846  data_string_forget(&d, MDL);
847  return ret_val;
848 }
849 
850 void check_pool6_threshold(struct reply_state *reply,
851  struct iasubopt *lease)
852 {
853  struct ipv6_pond *pond;
854  isc_uint64_t used, count, high_threshold;
855  int poolhigh = 0, poollow = 0;
856  char *shared_name = "no name";
857  char tmp_addr[INET6_ADDRSTRLEN];
858 
859  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
860  return;
861  pond = lease->ipv6_pool->ipv6_pond;
862 
863  /* If the address range is too large to track, just skip all this. */
864  if (pond->jumbo_range == 1) {
865  return;
866  }
867 
868  count = pond->num_total;
869  used = pond->num_active;
870 
871  /* get network name for logging */
872  if ((pond->shared_network != NULL) &&
873  (pond->shared_network->name != NULL)) {
874  shared_name = pond->shared_network->name;
875  }
876 
877  /* The logged flag indicates if we have already crossed the high
878  * threshold and emitted a log message. If it is set we check to
879  * see if we have re-crossed the low threshold and need to reset
880  * things. When we cross the high threshold we determine what
881  * the low threshold is and save it into the low_threshold value.
882  * When we cross that threshold we reset the logged flag and
883  * the low_threshold to 0 which allows the high threshold message
884  * to be emitted once again.
885  * if we haven't recrossed the boundry we don't need to do anything.
886  */
887  if (pond->logged !=0) {
888  if (used <= pond->low_threshold) {
889  pond->low_threshold = 0;
890  pond->logged = 0;
891  log_error("Pool threshold reset - shared subnet: %s; "
892  "address: %s; low threshold %llu/%llu.",
893  shared_name,
894  inet_ntop(AF_INET6, &lease->addr,
895  tmp_addr, sizeof(tmp_addr)),
896  used, count);
897  }
898  return;
899  }
900 
901  /* find the high threshold */
902  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
903  NULL, reply->packet->options, reply->opt_state,
904  reply->opt_state, &lease->scope,
905  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
906  /* no threshold bail out */
907  return;
908  }
909 
910  /* We do have a threshold for this pool, see if its valid */
911  if ((poolhigh <= 0) || (poolhigh > 100)) {
912  /* not valid */
913  return;
914  }
915 
916  /* we have a valid value, have we exceeded it */
917  high_threshold = FIND_POND6_PERCENT(count, poolhigh);
918  if (used < high_threshold) {
919  /* nope, no more to do */
920  return;
921  }
922 
923  /* we've exceeded it, output a message */
924  log_error("Pool threshold exceeded - shared subnet: %s; "
925  "address: %s; high threshold %d%% %llu/%llu.",
926  shared_name,
927  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
928  poolhigh, used, count);
929 
930  /* handle the low threshold now, if we don't
931  * have one we default to 0. */
932  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
933  NULL, reply->packet->options, reply->opt_state,
934  reply->opt_state, &lease->scope,
935  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
936  (poollow > 100)) {
937  poollow = 0;
938  }
939 
940  /*
941  * If the low theshold is higher than the high threshold we continue to log
942  * If it isn't then we set the flag saying we already logged and determine
943  * what the reset threshold is.
944  */
945  if (poollow < poolhigh) {
946  pond->logged = 1;
947  pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
948  }
949 }
950 
951 /*
952  * We have a set of operations we do to set up the reply packet, which
953  * is the same for many message types.
954  */
955 static int
956 start_reply(struct packet *packet,
957  const struct data_string *client_id,
958  const struct data_string *server_id,
959  struct option_state **opt_state,
960  struct dhcpv6_packet *reply)
961 {
962  struct option_cache *oc;
963  const unsigned char *server_id_data;
964  int server_id_len;
965 
966  /*
967  * Build our option state for reply.
968  */
969  *opt_state = NULL;
970  if (!option_state_allocate(opt_state, MDL)) {
971  log_error("start_reply: no memory for option_state.");
972  return 0;
973  }
974  execute_statements_in_scope(NULL, packet, NULL, NULL,
975  packet->options, *opt_state,
976  &global_scope, root_group, NULL, NULL);
977 
978  /*
979  * A small bit of special handling for Solicit messages.
980  *
981  * We could move the logic into a flag, but for now just check
982  * explicitly.
983  */
984  if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
985  reply->msg_type = DHCPV6_ADVERTISE;
986 
987  /*
988  * If:
989  * - this message type supports rapid commit (Solicit), and
990  * - the server is configured to supply a rapid commit, and
991  * - the client requests a rapid commit,
992  * Then we add a rapid commit option, and send Reply (instead
993  * of an Advertise).
994  */
996  *opt_state, D6O_RAPID_COMMIT);
997  if (oc != NULL) {
999  packet->options, D6O_RAPID_COMMIT);
1000  if (oc != NULL) {
1001  /* Rapid-commit in action. */
1002  reply->msg_type = DHCPV6_REPLY;
1003  } else {
1004  /* Don't want a rapid-commit in advertise. */
1006  *opt_state, D6O_RAPID_COMMIT);
1007  }
1008  }
1009  } else {
1010  reply->msg_type = DHCPV6_REPLY;
1011  /* Delete the rapid-commit from the sent options. */
1013  *opt_state, D6O_RAPID_COMMIT);
1014  if (oc != NULL) {
1016  *opt_state, D6O_RAPID_COMMIT);
1017  }
1018  }
1019 
1020  /*
1021  * Use the client's transaction identifier for the reply.
1022  */
1023  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
1024  sizeof(reply->transaction_id));
1025 
1026  /*
1027  * RFC 3315, section 18.2 says we need server identifier and
1028  * client identifier.
1029  *
1030  * If the server ID is defined via the configuration file, then
1031  * it will already be present in the option state at this point,
1032  * so we don't need to set it.
1033  *
1034  * If we have a server ID passed in from the caller,
1035  * use that, otherwise use the global DUID.
1036  */
1037  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1038  if (oc == NULL) {
1039  if (server_id == NULL) {
1040  server_id_data = server_duid.data;
1041  server_id_len = server_duid.len;
1042  } else {
1043  server_id_data = server_id->data;
1044  server_id_len = server_id->len;
1045  }
1046  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1047  NULL, (unsigned char *)server_id_data,
1048  server_id_len, D6O_SERVERID, 0)) {
1049  log_error("start_reply: "
1050  "error saving server identifier.");
1051  return 0;
1052  }
1053  }
1054 
1055  if (client_id->buffer != NULL) {
1056  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1057  client_id->buffer,
1058  (unsigned char *)client_id->data,
1059  client_id->len,
1060  D6O_CLIENTID, 0)) {
1061  log_error("start_reply: error saving "
1062  "client identifier.");
1063  return 0;
1064  }
1065  }
1066 
1067  /*
1068  * If the client accepts reconfiguration, let it know that we
1069  * will send them.
1070  *
1071  * Note: we don't actually do this yet, but DOCSIS requires we
1072  * claim to.
1073  */
1074  oc = lookup_option(&dhcpv6_universe, packet->options,
1076  if (oc != NULL) {
1077  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1078  NULL, (unsigned char *)"", 0,
1079  D6O_RECONF_ACCEPT, 0)) {
1080  log_error("start_reply: "
1081  "error saving RECONF_ACCEPT option.");
1082  option_state_dereference(opt_state, MDL);
1083  return 0;
1084  }
1085  }
1086 
1087  return 1;
1088 }
1089 
1090 /*
1091  * Try to get the IPv6 address the client asked for from the
1092  * pool.
1093  *
1094  * addr is the result (should be a pointer to NULL on entry)
1095  * pool is the pool to search in
1096  * requested_addr is the address the client wants
1097  */
1098 static isc_result_t
1099 try_client_v6_address(struct iasubopt **addr,
1100  struct ipv6_pool *pool,
1101  const struct data_string *requested_addr)
1102 {
1103  struct in6_addr tmp_addr;
1104  isc_result_t result;
1105 
1106  if (requested_addr->len < sizeof(tmp_addr)) {
1107  return DHCP_R_INVALIDARG;
1108  }
1109  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1110  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1111  return ISC_R_FAILURE;
1112  }
1113 
1114  /*
1115  * The address is not covered by this (or possibly any) dynamic
1116  * range.
1117  */
1118  if (!ipv6_in_pool(&tmp_addr, pool)) {
1119  return ISC_R_ADDRNOTAVAIL;
1120  }
1121 
1122  if (lease6_exists(pool, &tmp_addr)) {
1123  return ISC_R_ADDRINUSE;
1124  }
1125 
1126  result = iasubopt_allocate(addr, MDL);
1127  if (result != ISC_R_SUCCESS) {
1128  return result;
1129  }
1130  (*addr)->addr = tmp_addr;
1131  (*addr)->plen = 0;
1132 
1133  /* Default is soft binding for 2 minutes. */
1134  result = add_lease6(pool, *addr, cur_time + 120);
1135  if (result != ISC_R_SUCCESS) {
1136  iasubopt_dereference(addr, MDL);
1137  }
1138  return result;
1139 }
1140 
1141 
1163 static isc_result_t
1164 pick_v6_address(struct reply_state *reply)
1165 {
1166  struct ipv6_pool *p = NULL;
1167  struct ipv6_pond *pond;
1168  int i;
1169  int start_pool;
1170  unsigned int attempts;
1171  char tmp_buf[INET6_ADDRSTRLEN];
1172  struct iasubopt **addr = &reply->lease;
1173  isc_uint64_t total = 0;
1174  isc_uint64_t active = 0;
1175  isc_uint64_t abandoned = 0;
1176  int jumbo_range = 0;
1177  char *shared_name = (reply->shared->name ?
1178  reply->shared->name : "(no name)");
1179 
1180  /*
1181  * Do a quick walk through of the ponds and pools
1182  * to see if we have any NA address pools
1183  */
1184  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1185  if (pond->ipv6_pools == NULL)
1186  continue;
1187 
1188  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1189  if (p->pool_type == D6O_IA_NA)
1190  break;
1191  }
1192  if (p != NULL)
1193  break;
1194  }
1195 
1196  /* If we get here and p is NULL we have no useful pools */
1197  if (p == NULL) {
1198  log_debug("Unable to pick client address: "
1199  "no IPv6 pools on this shared network");
1200  return ISC_R_NORESOURCES;
1201  }
1202 
1203  /*
1204  * We have at least one pool that could provide an address
1205  * Now we walk through the ponds and pools again and check
1206  * to see if the client is permitted and if an address is
1207  * available
1208  *
1209  * Within a given pond we start looking at the last pool we
1210  * allocated from, unless it had a collision trying to allocate
1211  * an address. This will tend to move us into less-filled pools.
1212  */
1213 
1214  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1215  isc_result_t result = ISC_R_FAILURE;
1216 
1217  if (((pond->prohibit_list != NULL) &&
1218  (permitted(reply->packet, pond->prohibit_list))) ||
1219  ((pond->permit_list != NULL) &&
1220  (!permitted(reply->packet, pond->permit_list))))
1221  continue;
1222 
1223  start_pool = pond->last_ipv6_pool;
1224  i = start_pool;
1225  do {
1226  p = pond->ipv6_pools[i];
1227  if (p->pool_type == D6O_IA_NA) {
1228  result = create_lease6(p, addr, &attempts,
1229  &reply->ia->iaid_duid,
1230  cur_time + 120);
1231  if (result == ISC_R_SUCCESS) {
1232  /*
1233  * Record the pool used (or next one if
1234  * there was a collision).
1235  */
1236  if (attempts > 1) {
1237  i++;
1238  if (pond->ipv6_pools[i]
1239  == NULL) {
1240  i = 0;
1241  }
1242  }
1243 
1244  pond->last_ipv6_pool = i;
1245 
1246  log_debug("Picking pool address %s",
1247  inet_ntop(AF_INET6,
1248  &((*addr)->addr),
1249  tmp_buf, sizeof(tmp_buf)));
1250  return (ISC_R_SUCCESS);
1251  }
1252  }
1253 
1254  i++;
1255  if (pond->ipv6_pools[i] == NULL) {
1256  i = 0;
1257  }
1258  } while (i != start_pool);
1259 
1260  if (result == ISC_R_NORESOURCES) {
1261  jumbo_range += pond->jumbo_range;
1262  total += pond->num_total;
1263  active += pond->num_active;
1264  abandoned += pond->num_abandoned;
1265  }
1266  }
1267 
1268  /*
1269  * If we failed to pick an IPv6 address from any of the subnets.
1270  * Presumably that means we have no addresses for the client.
1271  */
1272  if (jumbo_range != 0) {
1273  log_debug("Unable to pick client address: "
1274  "no addresses available - shared network %s: "
1275  " 2^64-1 < total, %llu active, %llu abandoned",
1276  shared_name, active - abandoned, abandoned);
1277  } else {
1278  log_debug("Unable to pick client address: "
1279  "no addresses available - shared network %s: "
1280  "%llu total, %llu active, %llu abandoned",
1281  shared_name, total, active - abandoned, abandoned);
1282  }
1283 
1284  return ISC_R_NORESOURCES;
1285 }
1286 
1287 /*
1288  * Try to get the IPv6 prefix the client asked for from the
1289  * prefix pool.
1290  *
1291  * pref is the result (should be a pointer to NULL on entry)
1292  * pool is the prefix pool to search in
1293  * requested_pref is the address the client wants
1294  */
1295 static isc_result_t
1296 try_client_v6_prefix(struct iasubopt **pref,
1297  struct ipv6_pool *pool,
1298  const struct data_string *requested_pref)
1299 {
1300  u_int8_t tmp_plen;
1301  struct in6_addr tmp_pref;
1302  struct iaddr ia;
1303  isc_result_t result;
1304 
1305  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1306  return DHCP_R_INVALIDARG;
1307  }
1308  tmp_plen = (int) requested_pref->data[0];
1309  if ((tmp_plen < 3) || (tmp_plen > 128) ||
1310  ((int)tmp_plen != pool->units)) {
1311  return ISC_R_FAILURE;
1312  }
1313  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1314  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1315  return ISC_R_FAILURE;
1316  }
1317  ia.len = 16;
1318  memcpy(&ia.iabuf, &tmp_pref, 16);
1319  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1320  return ISC_R_FAILURE;
1321  }
1322 
1323  if (!ipv6_in_pool(&tmp_pref, pool)) {
1324  return ISC_R_ADDRNOTAVAIL;
1325  }
1326 
1327  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1328  return ISC_R_ADDRINUSE;
1329  }
1330 
1331  result = iasubopt_allocate(pref, MDL);
1332  if (result != ISC_R_SUCCESS) {
1333  return result;
1334  }
1335  (*pref)->addr = tmp_pref;
1336  (*pref)->plen = tmp_plen;
1337 
1338  /* Default is soft binding for 2 minutes. */
1339  result = add_lease6(pool, *pref, cur_time + 120);
1340  if (result != ISC_R_SUCCESS) {
1341  iasubopt_dereference(pref, MDL);
1342  }
1343  return result;
1344 }
1345 
1385 static isc_result_t
1386 pick_v6_prefix(struct reply_state *reply) {
1387  struct ipv6_pool *p = NULL;
1388  struct ipv6_pond *pond;
1389  int i;
1390  isc_result_t result;
1391 
1392  /*
1393  * Do a quick walk through of the ponds and pools
1394  * to see if we have any prefix pools
1395  */
1396  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1397  if (pond->ipv6_pools == NULL)
1398  continue;
1399 
1400  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1401  if (p->pool_type == D6O_IA_PD)
1402  break;
1403  }
1404  if (p != NULL)
1405  break;
1406  }
1407 
1408  /* If we get here and p is NULL we have no useful pools */
1409  if (p == NULL) {
1410  log_debug("Unable to pick client prefix: "
1411  "no IPv6 pools on this shared network");
1412  return ISC_R_NORESOURCES;
1413  }
1414 
1415  if (reply->preflen <= 0) {
1416  /* If we didn't get a plen (-1) or client plen is 0, then just
1417  * select first available (same as PLM_INGORE) */
1418  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1419  } else {
1420  switch (prefix_length_mode) {
1421  case PLM_PREFER:
1422  /* First we look for an exact match, if not found
1423  * then first available */
1424  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1425  if (result != ISC_R_SUCCESS) {
1426  result = pick_v6_prefix_helper(reply,
1427  PLM_IGNORE);
1428  }
1429  break;
1430 
1431  case PLM_EXACT:
1432  /* Match exactly or fail */
1433  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1434  break;
1435 
1436  case PLM_MINIMUM:
1437  case PLM_MAXIMUM:
1438  /* First we look for an exact match, if not found
1439  * then first available by mode */
1440  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1441  if (result != ISC_R_SUCCESS) {
1442  result = pick_v6_prefix_helper(reply,
1444  }
1445  break;
1446 
1447  default:
1448  /* First available */
1449  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1450  break;
1451  }
1452  }
1453 
1454  if (result == ISC_R_SUCCESS) {
1455  char tmp_buf[INET6_ADDRSTRLEN];
1456 
1457  log_debug("Picking pool prefix %s/%u",
1458  inet_ntop(AF_INET6, &(reply->lease->addr),
1459  tmp_buf, sizeof(tmp_buf)),
1460  (unsigned)(reply->lease->plen));
1461  return (ISC_R_SUCCESS);
1462  }
1463 
1464  /*
1465  * If we failed to pick an IPv6 prefix
1466  * Presumably that means we have no prefixes for the client.
1467  */
1468  log_debug("Unable to pick client prefix: no prefixes available");
1469  return ISC_R_NORESOURCES;
1470 }
1471 
1495 isc_result_t
1496 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1497  struct ipv6_pool *p = NULL;
1498  struct ipv6_pond *pond;
1499  int i;
1500  unsigned int attempts;
1501  struct iasubopt **pref = &reply->lease;
1502 
1503  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1504  if (((pond->prohibit_list != NULL) &&
1505  (permitted(reply->packet, pond->prohibit_list))) ||
1506  ((pond->permit_list != NULL) &&
1507  (!permitted(reply->packet, pond->permit_list))))
1508  continue;
1509 
1510  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1511  if ((p->pool_type == D6O_IA_PD) &&
1512  (eval_prefix_mode(p->units, reply->preflen,
1513  prefix_mode) == 1) &&
1514  (create_prefix6(p, pref, &attempts,
1515  &reply->ia->iaid_duid,
1516  cur_time + 120) == ISC_R_SUCCESS)) {
1517  return (ISC_R_SUCCESS);
1518  }
1519  }
1520  }
1521 
1522  return ISC_R_NORESOURCES;
1523 }
1524 
1539 int
1540 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1541  int use_it = 1;
1542  switch (prefix_mode) {
1543  case PLM_EXACT:
1544  use_it = (len == preflen);
1545  break;
1546  case PLM_MINIMUM:
1547  /* they asked for a prefix length no "shorter" than preflen */
1548  use_it = (len >= preflen);
1549  break;
1550  case PLM_MAXIMUM:
1551  /* they asked for a prefix length no "longer" than preflen */
1552  use_it = (len <= preflen);
1553  break;
1554  default:
1555  /* otherwise use it */
1556  break;
1557  }
1558 
1559 #if defined (DEBUG)
1560  log_debug("eval_prefix_mode: "
1561  "len %d, preflen %d, mode %s, use_it %d",
1562  len, preflen,
1563  prefix_length_modes.values[prefix_mode].name, use_it);
1564 #endif
1565 
1566  return (use_it);
1567 }
1568 
1569 /*
1570  *! \file server/dhcpv6.c
1571  *
1572  * \brief construct a reply containing information about a client's lease
1573  *
1574  * lease_to_client() is called from several messages to construct a
1575  * reply that contains all that we know about the client's correct lease
1576  * (or projected lease).
1577  *
1578  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1579  * send what we "may" give them on a request.
1580  *
1581  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1582  * the client should really use).
1583  *
1584  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1585  * Rebind out any "wrong" addresses the client sends. This means we send
1586  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1587  * possibly send the address with zeroed lifetimes.
1588  *
1589  * Information-Request - No binding.
1590  *
1591  * The basic structure is to traverse the client-supplied data first, and
1592  * validate and echo back any contents that can be. If the client-supplied
1593  * data does not error out (on renew/rebind as above), but we did not send
1594  * any addresses, attempt to allocate one.
1595  *
1596  * At the end of the this function we call commit_leases_timed() to
1597  * fsync and rotate the file as necessary. commit_leases_timed() will
1598  * check that we have written at least one lease to the file and that
1599  * some time has passed before doing any fsync or file rewrite so we
1600  * don't bother tracking if we did a write_ia during this function.
1601  */
1602 /* TODO: look at client hints for lease times */
1603 
1604 static void
1605 lease_to_client(struct data_string *reply_ret,
1606  struct packet *packet,
1607  const struct data_string *client_id,
1608  const struct data_string *server_id)
1609 {
1610  static struct reply_state reply;
1611  struct option_cache *oc;
1612  struct data_string packet_oro;
1613  int i;
1614 
1615  memset(&packet_oro, 0, sizeof(packet_oro));
1616 
1617  /* Locate the client. */
1618  if (shared_network_from_packet6(&reply.shared,
1619  packet) != ISC_R_SUCCESS)
1620  goto exit;
1621 
1622  /*
1623  * Initialize the reply.
1624  */
1625  packet_reference(&reply.packet, packet, MDL);
1626  data_string_copy(&reply.client_id, client_id, MDL);
1627 
1628  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1629  &reply.buf.reply))
1630  goto exit;
1631 
1632  /* Set the write cursor to just past the reply header. */
1633  reply.cursor = REPLY_OPTIONS_INDEX;
1634 
1635  /*
1636  * Get the ORO from the packet, if any.
1637  */
1638  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1639  if (oc != NULL) {
1640  if (!evaluate_option_cache(&packet_oro, packet,
1641  NULL, NULL,
1642  packet->options, NULL,
1643  &global_scope, oc, MDL)) {
1644  log_error("lease_to_client: error evaluating ORO.");
1645  goto exit;
1646  }
1647  }
1648 
1649  /*
1650  * Find a host record that matches from the packet, if any, and is
1651  * valid for the shared network the client is on.
1652  */
1653  if (find_hosts_by_uid(&reply.host, client_id->data, client_id->len,
1654  MDL)) {
1655  packet->known = 1;
1656  seek_shared_host(&reply.host, reply.shared);
1657  }
1658 
1659  if ((reply.host == NULL) &&
1660  find_hosts_by_option(&reply.host, packet, packet->options, MDL)) {
1661  packet->known = 1;
1662  seek_shared_host(&reply.host, reply.shared);
1663  }
1664 
1665  /*
1666  * Check for 'hardware' matches last, as some of the synthesis methods
1667  * are not considered to be as reliable.
1668  */
1669  if ((reply.host == NULL) &&
1670  find_hosts_by_duid_chaddr(&reply.host, client_id)) {
1671  packet->known = 1;
1672  seek_shared_host(&reply.host, reply.shared);
1673  }
1674 
1675  /* Process the client supplied IA's onto the reply buffer. */
1676  reply.ia_count = 0;
1678 
1679  for (; oc != NULL ; oc = oc->next) {
1680  isc_result_t status;
1681 
1682  /* Start counting resources (addresses) offered. */
1683  reply.client_resources = 0;
1684  reply.resources_included = ISC_FALSE;
1685 
1686  status = reply_process_ia_na(&reply, oc);
1687 
1688  /*
1689  * We continue to try other IA's whether we can address
1690  * this one or not. Any other result is an immediate fail.
1691  */
1692  if ((status != ISC_R_SUCCESS) &&
1693  (status != ISC_R_NORESOURCES))
1694  goto exit;
1695  }
1697  for (; oc != NULL ; oc = oc->next) {
1698  isc_result_t status;
1699 
1700  /* Start counting resources (addresses) offered. */
1701  reply.client_resources = 0;
1702  reply.resources_included = ISC_FALSE;
1703 
1704  status = reply_process_ia_ta(&reply, oc);
1705 
1706  /*
1707  * We continue to try other IA's whether we can address
1708  * this one or not. Any other result is an immediate fail.
1709  */
1710  if ((status != ISC_R_SUCCESS) &&
1711  (status != ISC_R_NORESOURCES))
1712  goto exit;
1713  }
1714 
1715  /* Same for IA_PD's. */
1716  reply.pd_count = 0;
1718  for (; oc != NULL ; oc = oc->next) {
1719  isc_result_t status;
1720 
1721  /* Start counting resources (prefixes) offered. */
1722  reply.client_resources = 0;
1723  reply.resources_included = ISC_FALSE;
1724 
1725  status = reply_process_ia_pd(&reply, oc);
1726 
1727  /*
1728  * We continue to try other IA_PD's whether we can address
1729  * this one or not. Any other result is an immediate fail.
1730  */
1731  if ((status != ISC_R_SUCCESS) &&
1732  (status != ISC_R_NORESOURCES))
1733  goto exit;
1734  }
1735 
1736  /*
1737  * Make no reply if we gave no resources and is not
1738  * for Information-Request.
1739  */
1740  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1741  if (reply.packet->dhcpv6_msg_type !=
1743  goto exit;
1744 
1745  /*
1746  * Because we only execute statements on a per-IA basis,
1747  * we need to execute statements in any non-IA reply to
1748  * source configuration.
1749  */
1750  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1751  reply.packet->options,
1752  reply.opt_state, &global_scope,
1753  reply.shared->group, root_group,
1754  NULL);
1755 
1756  /* Execute statements from class scopes. */
1757  for (i = reply.packet->class_count; i > 0; i--) {
1758  execute_statements_in_scope(NULL, reply.packet,
1759  NULL, NULL,
1760  reply.packet->options,
1761  reply.opt_state,
1762  &global_scope,
1763  reply.packet->classes[i - 1]->group,
1764  reply.shared->group, NULL);
1765  }
1766 
1767  /* Bring in any configuration from a host record. */
1768  if (reply.host != NULL)
1769  execute_statements_in_scope(NULL, reply.packet,
1770  NULL, NULL,
1771  reply.packet->options,
1772  reply.opt_state,
1773  &global_scope,
1774  reply.host->group,
1775  reply.shared->group, NULL);
1776  }
1777 
1778  /*
1779  * RFC3315 section 17.2.2 (Solicit):
1780  *
1781  * If the server will not assign any addresses to any IAs in a
1782  * subsequent Request from the client, the server MUST send an
1783  * Advertise message to the client that includes only a Status
1784  * Code option with code NoAddrsAvail and a status message for
1785  * the user, a Server Identifier option with the server's DUID,
1786  * and a Client Identifier option with the client's DUID.
1787  *
1788  * This has been updated by an errata such that the server
1789  * can always send an IA.
1790  *
1791  * Section 18.2.1 (Request):
1792  *
1793  * If the server cannot assign any addresses to an IA in the
1794  * message from the client, the server MUST include the IA in
1795  * the Reply message with no addresses in the IA and a Status
1796  * Code option in the IA containing status code NoAddrsAvail.
1797  *
1798  * Section 18.1.8 (Client Behavior):
1799  *
1800  * Leave unchanged any information about addresses the client has
1801  * recorded in the IA but that were not included in the IA from
1802  * the server.
1803  * Sends a Renew/Rebind if the IA is not in the Reply message.
1804  */
1805 
1806  /*
1807  * Having stored the client's IA's, store any options that
1808  * will fit in the remaining space.
1809  */
1810  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1811  sizeof(reply.buf) - reply.cursor,
1812  reply.opt_state, reply.packet,
1813  required_opts_solicit,
1814  &packet_oro);
1815 
1816  /* Return our reply to the caller. */
1817  reply_ret->len = reply.cursor;
1818  reply_ret->buffer = NULL;
1819  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1820  log_fatal("No memory to store Reply.");
1821  }
1822  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1823  reply_ret->data = reply_ret->buffer->data;
1824 
1825  /* If appropriate commit and rotate the lease file */
1826  (void) commit_leases_timed();
1827 
1828  exit:
1829  /* Cleanup. */
1830  if (reply.shared != NULL)
1831  shared_network_dereference(&reply.shared, MDL);
1832  if (reply.host != NULL)
1833  host_dereference(&reply.host, MDL);
1834  if (reply.opt_state != NULL)
1835  option_state_dereference(&reply.opt_state, MDL);
1836  if (reply.packet != NULL)
1837  packet_dereference(&reply.packet, MDL);
1838  if (reply.client_id.data != NULL)
1839  data_string_forget(&reply.client_id, MDL);
1840  if (packet_oro.buffer != NULL)
1841  data_string_forget(&packet_oro, MDL);
1842  reply.renew = reply.rebind = reply.prefer = reply.valid = 0;
1843  reply.cursor = 0;
1844 }
1845 
1846 /* Process a client-supplied IA_NA. This may append options to the tail of
1847  * the reply packet being built in the reply_state structure.
1848  */
1849 static isc_result_t
1850 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1851  isc_result_t status = ISC_R_SUCCESS;
1852  u_int32_t iaid;
1853  unsigned ia_cursor;
1854  struct option_state *packet_ia;
1855  struct option_cache *oc;
1856  struct data_string ia_data, data;
1857 
1858  /* Initialize values that will get cleaned up on return. */
1859  packet_ia = NULL;
1860  memset(&ia_data, 0, sizeof(ia_data));
1861  memset(&data, 0, sizeof(data));
1862  /*
1863  * Note that find_client_address() may set reply->lease.
1864  */
1865 
1866  /* Make sure there is at least room for the header. */
1867  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
1868  log_error("reply_process_ia_na: Reply too long for IA.");
1869  return ISC_R_NOSPACE;
1870  }
1871 
1872 
1873  /* Fetch the IA_NA contents. */
1874  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
1875  ia, IA_NA_OFFSET)) {
1876  log_error("reply_process_ia_na: error evaluating ia");
1877  status = ISC_R_FAILURE;
1878  goto cleanup;
1879  }
1880 
1881  /* Extract IA_NA header contents. */
1882  iaid = getULong(ia_data.data);
1883  reply->renew = getULong(ia_data.data + 4);
1884  reply->rebind = getULong(ia_data.data + 8);
1885 
1886  /* Create an IA_NA structure. */
1887  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
1888  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
1889  log_error("reply_process_ia_na: no memory for ia.");
1890  status = ISC_R_NOMEMORY;
1891  goto cleanup;
1892  }
1893  reply->ia->ia_type = D6O_IA_NA;
1894 
1895  /* Cache pre-existing IA, if any. */
1896  ia_hash_lookup(&reply->old_ia, ia_na_active,
1897  (unsigned char *)reply->ia->iaid_duid.data,
1898  reply->ia->iaid_duid.len, MDL);
1899 
1900  /*
1901  * Create an option cache to carry the IA_NA option contents, and
1902  * execute any user-supplied values into it.
1903  */
1904  if (!option_state_allocate(&reply->reply_ia, MDL)) {
1905  status = ISC_R_NOMEMORY;
1906  goto cleanup;
1907  }
1908 
1909  /* Check & cache the fixed host record. */
1910  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
1911  struct iaddr tmp_addr;
1912 
1913  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
1914  NULL, NULL, &global_scope,
1915  reply->host->fixed_addr, MDL)) {
1916  log_error("reply_process_ia_na: unable to evaluate "
1917  "fixed address.");
1918  status = ISC_R_FAILURE;
1919  goto cleanup;
1920  }
1921 
1922  if (reply->fixed.len < 16) {
1923  log_error("reply_process_ia_na: invalid fixed address.");
1924  status = DHCP_R_INVALIDARG;
1925  goto cleanup;
1926  }
1927 
1928  /* Find the static lease's subnet. */
1929  tmp_addr.len = 16;
1930  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
1931 
1932  if (find_grouped_subnet(&reply->subnet, reply->shared,
1933  tmp_addr, MDL) == 0)
1934  log_fatal("Impossible condition at %s:%d.", MDL);
1935 
1936  reply->static_lease = ISC_TRUE;
1937  } else
1938  reply->static_lease = ISC_FALSE;
1939 
1940  /*
1941  * Save the cursor position at the start of the IA, so we can
1942  * set length and adjust t1/t2 values later. We write a temporary
1943  * header out now just in case we decide to adjust the packet
1944  * within sub-process functions.
1945  */
1946  ia_cursor = reply->cursor;
1947 
1948  /* Initialize the IA_NA header. First the code. */
1949  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
1950  reply->cursor += 2;
1951 
1952  /* Then option length. */
1953  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
1954  reply->cursor += 2;
1955 
1956  /* Then IA_NA header contents; IAID. */
1957  putULong(reply->buf.data + reply->cursor, iaid);
1958  reply->cursor += 4;
1959 
1960  /* We store the client's t1 for now, and may over-ride it later. */
1961  putULong(reply->buf.data + reply->cursor, reply->renew);
1962  reply->cursor += 4;
1963 
1964  /* We store the client's t2 for now, and may over-ride it later. */
1965  putULong(reply->buf.data + reply->cursor, reply->rebind);
1966  reply->cursor += 4;
1967 
1968  /*
1969  * For each address in this IA_NA, decide what to do about it.
1970  *
1971  * Guidelines:
1972  *
1973  * The client leaves unchanged any information about addresses
1974  * it has recorded but are not included ("cancel/break" below).
1975  * A not included IA ("cleanup" below) could give a Renew/Rebind.
1976  */
1977  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
1978  reply->valid = reply->prefer = 0xffffffff;
1979  reply->client_valid = reply->client_prefer = 0;
1980  for (; oc != NULL ; oc = oc->next) {
1981  status = reply_process_addr(reply, oc);
1982 
1983  /*
1984  * Canceled means we did not allocate addresses to the
1985  * client, but we're "done" with this IA - we set a status
1986  * code. So transmit this reply, e.g., move on to the next
1987  * IA.
1988  */
1989  if (status == ISC_R_CANCELED)
1990  break;
1991 
1992  if ((status != ISC_R_SUCCESS) &&
1993  (status != ISC_R_ADDRINUSE) &&
1994  (status != ISC_R_ADDRNOTAVAIL))
1995  goto cleanup;
1996  }
1997 
1998  reply->ia_count++;
1999 
2000  /*
2001  * If we fell through the above and never gave the client
2002  * an address, give it one now.
2003  */
2004  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2005  status = find_client_address(reply);
2006 
2007  if (status == ISC_R_NORESOURCES) {
2008  switch (reply->packet->dhcpv6_msg_type) {
2009  case DHCPV6_SOLICIT:
2010  /*
2011  * No address for any IA is handled
2012  * by the caller.
2013  */
2014  /* FALL THROUGH */
2015 
2016  case DHCPV6_REQUEST:
2017  /* Section 18.2.1 (Request):
2018  *
2019  * If the server cannot assign any addresses to
2020  * an IA in the message from the client, the
2021  * server MUST include the IA in the Reply
2022  * message with no addresses in the IA and a
2023  * Status Code option in the IA containing
2024  * status code NoAddrsAvail.
2025  */
2026  option_state_dereference(&reply->reply_ia, MDL);
2027  if (!option_state_allocate(&reply->reply_ia,
2028  MDL))
2029  {
2030  log_error("reply_process_ia_na: No "
2031  "memory for option state "
2032  "wipe.");
2033  status = ISC_R_NOMEMORY;
2034  goto cleanup;
2035  }
2036 
2037  if (!set_status_code(STATUS_NoAddrsAvail,
2038  "No addresses available "
2039  "for this interface.",
2040  reply->reply_ia)) {
2041  log_error("reply_process_ia_na: Unable "
2042  "to set NoAddrsAvail status "
2043  "code.");
2044  status = ISC_R_FAILURE;
2045  goto cleanup;
2046  }
2047 
2048  status = ISC_R_SUCCESS;
2049  break;
2050 
2051  default:
2052  /*
2053  * RFC 3315 does not tell us to emit a status
2054  * code in this condition, or anything else.
2055  *
2056  * If we included non-allocated addresses
2057  * (zeroed lifetimes) in an IA, then the client
2058  * will deconfigure them.
2059  *
2060  * So we want to include the IA even if we
2061  * can't give it a new address if it includes
2062  * zeroed lifetime addresses.
2063  *
2064  * We don't want to include the IA if we
2065  * provide zero addresses including zeroed
2066  * lifetimes.
2067  */
2068  if (reply->resources_included)
2069  status = ISC_R_SUCCESS;
2070  else
2071  goto cleanup;
2072  break;
2073  }
2074  }
2075 
2076  if (status != ISC_R_SUCCESS)
2077  goto cleanup;
2078  }
2079 
2080  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2081  sizeof(reply->buf) - reply->cursor,
2082  reply->reply_ia, reply->packet,
2083  required_opts_IA, NULL);
2084 
2085  /* Reset the length of this IA to match what was just written. */
2086  putUShort(reply->buf.data + ia_cursor + 2,
2087  reply->cursor - (ia_cursor + 4));
2088 
2089  /*
2090  * T1/T2 time selection is kind of weird. We actually use DHCP
2091  * (v4) scoped options as handy existing places where these might
2092  * be configured by an administrator. A value of zero tells the
2093  * client it may choose its own renewal time.
2094  */
2095  reply->renew = 0;
2096  oc = lookup_option(&dhcp_universe, reply->opt_state,
2098  if (oc != NULL) {
2099  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
2100  reply->packet->options,
2101  reply->opt_state, &global_scope,
2102  oc, MDL) ||
2103  (data.len != 4)) {
2104  log_error("Invalid renewal time.");
2105  } else {
2106  reply->renew = getULong(data.data);
2107  }
2108 
2109  if (data.data != NULL)
2110  data_string_forget(&data, MDL);
2111  }
2112  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
2113 
2114  /* Now T2. */
2115  reply->rebind = 0;
2116  oc = lookup_option(&dhcp_universe, reply->opt_state,
2118  if (oc != NULL) {
2119  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
2120  reply->packet->options,
2121  reply->opt_state, &global_scope,
2122  oc, MDL) ||
2123  (data.len != 4)) {
2124  log_error("Invalid rebinding time.");
2125  } else {
2126  reply->rebind = getULong(data.data);
2127  }
2128 
2129  if (data.data != NULL)
2130  data_string_forget(&data, MDL);
2131  }
2132  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
2133 
2134  /*
2135  * yes, goto's aren't the best but we also want to avoid extra
2136  * indents
2137  */
2138  if (status == ISC_R_CANCELED)
2139  goto cleanup;
2140 
2141  /*
2142  * Handle static leases, we always log stuff and if it's
2143  * a hard binding we run any commit statements that we have
2144  */
2145  if (reply->static_lease) {
2146  char tmp_addr[INET6_ADDRSTRLEN];
2147  log_info("%s NA: address %s to client with duid %s iaid = %d "
2148  "static",
2149  dhcpv6_type_names[reply->buf.reply.msg_type],
2150  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2151  sizeof(tmp_addr)),
2152  print_hex_1(reply->client_id.len,
2153  reply->client_id.data, 60),
2154  iaid);
2155 
2156  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2157  (reply->on_star.on_commit != NULL)) {
2158  execute_statements(NULL, reply->packet, NULL, NULL,
2159  reply->packet->options,
2160  reply->opt_state, NULL,
2161  reply->on_star.on_commit, NULL);
2163  (&reply->on_star.on_commit, MDL);
2164  }
2165  goto cleanup;
2166  }
2167 
2168  /*
2169  * If we have any addresses log what we are doing.
2170  */
2171  if (reply->ia->num_iasubopt != 0) {
2172  struct iasubopt *tmp;
2173  int i;
2174  char tmp_addr[INET6_ADDRSTRLEN];
2175 
2176  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2177  tmp = reply->ia->iasubopt[i];
2178 
2179  log_info("%s NA: address %s to client with duid %s "
2180  "iaid = %d valid for %d seconds",
2181  dhcpv6_type_names[reply->buf.reply.msg_type],
2182  inet_ntop(AF_INET6, &tmp->addr,
2183  tmp_addr, sizeof(tmp_addr)),
2184  print_hex_1(reply->client_id.len,
2185  reply->client_id.data, 60),
2186  iaid, tmp->valid);
2187  }
2188  }
2189 
2190  /*
2191  * If this is not a 'soft' binding, consume the new changes into
2192  * the database (if any have been attached to the ia_na).
2193  *
2194  * Loop through the assigned dynamic addresses, referencing the
2195  * leases onto this IA_NA rather than any old ones, and updating
2196  * pool timers for each (if any).
2197  */
2198 
2199  if ((reply->ia->num_iasubopt != 0) &&
2200  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2201  struct iasubopt *tmp;
2202  struct data_string *ia_id;
2203  int i;
2204 
2205  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2206  tmp = reply->ia->iasubopt[i];
2207 
2208  if (tmp->ia != NULL)
2209  ia_dereference(&tmp->ia, MDL);
2210  ia_reference(&tmp->ia, reply->ia, MDL);
2211 
2212  /* Commit 'hard' bindings. */
2213  renew_lease6(tmp->ipv6_pool, tmp);
2215 
2216  /* If we have anything to do on commit do it now */
2217  if (tmp->on_star.on_commit != NULL) {
2218  execute_statements(NULL, reply->packet,
2219  NULL, NULL,
2220  reply->packet->options,
2221  reply->opt_state,
2222  &tmp->scope,
2223  tmp->on_star.on_commit,
2224  &tmp->on_star);
2226  (&tmp->on_star.on_commit, MDL);
2227  }
2228 
2229 #if defined (NSUPDATE)
2230  /*
2231  * Perform ddns updates.
2232  */
2233  oc = lookup_option(&server_universe, reply->opt_state,
2234  SV_DDNS_UPDATES);
2235  if ((oc == NULL) ||
2236  evaluate_boolean_option_cache(NULL, reply->packet,
2237  NULL, NULL,
2238  reply->packet->options,
2239  reply->opt_state,
2240  &tmp->scope,
2241  oc, MDL)) {
2242  ddns_updates(reply->packet, NULL, NULL,
2243  tmp, NULL, reply->opt_state);
2244  }
2245 #endif
2246  /* Do our threshold check. */
2247  check_pool6_threshold(reply, tmp);
2248  }
2249 
2250  /* Remove any old ia from the hash. */
2251  if (reply->old_ia != NULL) {
2252  ia_id = &reply->old_ia->iaid_duid;
2253  ia_hash_delete(ia_na_active,
2254  (unsigned char *)ia_id->data,
2255  ia_id->len, MDL);
2256  ia_dereference(&reply->old_ia, MDL);
2257  }
2258 
2259  /* Put new ia into the hash. */
2260  reply->ia->cltt = cur_time;
2261  ia_id = &reply->ia->iaid_duid;
2262  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2263  ia_id->len, reply->ia, MDL);
2264 
2265  write_ia(reply->ia);
2266  } else {
2267  schedule_lease_timeout_reply(reply);
2268  }
2269 
2270  cleanup:
2271  if (packet_ia != NULL)
2272  option_state_dereference(&packet_ia, MDL);
2273  if (reply->reply_ia != NULL)
2274  option_state_dereference(&reply->reply_ia, MDL);
2275  if (ia_data.data != NULL)
2276  data_string_forget(&ia_data, MDL);
2277  if (data.data != NULL)
2279  if (reply->ia != NULL)
2280  ia_dereference(&reply->ia, MDL);
2281  if (reply->old_ia != NULL)
2282  ia_dereference(&reply->old_ia, MDL);
2283  if (reply->lease != NULL)
2284  iasubopt_dereference(&reply->lease, MDL);
2285  if (reply->fixed.data != NULL)
2286  data_string_forget(&reply->fixed, MDL);
2287  if (reply->subnet != NULL)
2288  subnet_dereference(&reply->subnet, MDL);
2289  if (reply->on_star.on_expiry != NULL)
2291  (&reply->on_star.on_expiry, MDL);
2292  if (reply->on_star.on_release != NULL)
2294  (&reply->on_star.on_release, MDL);
2295 
2296  /*
2297  * ISC_R_CANCELED is a status code used by the addr processing to
2298  * indicate we're replying with a status code. This is still a
2299  * success at higher layers.
2300  */
2301  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2302 }
2303 
2304 /*
2305  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2306  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2307  * in the event we are replying with a status code and do not wish to process
2308  * more IAADDRs within this IA.
2309  */
2310 static isc_result_t
2311 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2312  u_int32_t pref_life, valid_life;
2313  struct binding_scope **scope;
2314  struct group *group;
2315  struct subnet *subnet;
2316  struct iaddr tmp_addr;
2317  struct option_cache *oc;
2318  struct data_string iaaddr, data;
2319  isc_result_t status = ISC_R_SUCCESS;
2320 
2321  /* Initializes values that will be cleaned up. */
2322  memset(&iaaddr, 0, sizeof(iaaddr));
2323  memset(&data, 0, sizeof(data));
2324  /* Note that reply->lease may be set by address_is_owned() */
2325 
2326  /*
2327  * There is no point trying to process an incoming address if there
2328  * is no room for an outgoing address.
2329  */
2330  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2331  log_error("reply_process_addr: Out of room for address.");
2332  return ISC_R_NOSPACE;
2333  }
2334 
2335  /* Extract this IAADDR option. */
2336  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2337  reply->packet->options, NULL, &global_scope,
2338  addr, MDL) ||
2339  (iaaddr.len < IAADDR_OFFSET)) {
2340  log_error("reply_process_addr: error evaluating IAADDR.");
2341  status = ISC_R_FAILURE;
2342  goto cleanup;
2343  }
2344 
2345  /* The first 16 bytes are the IPv6 address. */
2346  pref_life = getULong(iaaddr.data + 16);
2347  valid_life = getULong(iaaddr.data + 20);
2348 
2349  if ((reply->client_valid == 0) ||
2350  (reply->client_valid > valid_life))
2351  reply->client_valid = valid_life;
2352 
2353  if ((reply->client_prefer == 0) ||
2354  (reply->client_prefer > pref_life))
2355  reply->client_prefer = pref_life;
2356 
2357  /*
2358  * Clients may choose to send :: as an address, with the idea to give
2359  * hints about preferred-lifetime or valid-lifetime.
2360  */
2361  tmp_addr.len = 16;
2362  memset(tmp_addr.iabuf, 0, 16);
2363  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2364  /* Status remains success; we just ignore this one. */
2365  goto cleanup;
2366  }
2367 
2368  /* tmp_addr len remains 16 */
2369  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2370 
2371  /*
2372  * Verify that this address is on the client's network.
2373  */
2374  for (subnet = reply->shared->subnets ; subnet != NULL ;
2375  subnet = subnet->next_sibling) {
2376  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2377  subnet->net))
2378  break;
2379  }
2380 
2381  /* Address not found on shared network. */
2382  if (subnet == NULL) {
2383  /* Ignore this address on 'soft' bindings. */
2384  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2385  /* disable rapid commit */
2386  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2388  reply->opt_state,
2390  /* status remains success */
2391  goto cleanup;
2392  }
2393 
2394  /*
2395  * RFC3315 section 18.2.1:
2396  *
2397  * If the server finds that the prefix on one or more IP
2398  * addresses in any IA in the message from the client is not
2399  * appropriate for the link to which the client is connected,
2400  * the server MUST return the IA to the client with a Status
2401  * Code option with the value NotOnLink.
2402  */
2403  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2404  /* Rewind the IA_NA to empty. */
2405  option_state_dereference(&reply->reply_ia, MDL);
2406  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2407  log_error("reply_process_addr: No memory for "
2408  "option state wipe.");
2409  status = ISC_R_NOMEMORY;
2410  goto cleanup;
2411  }
2412 
2413  /* Append a NotOnLink status code. */
2414  if (!set_status_code(STATUS_NotOnLink,
2415  "Address not for use on this "
2416  "link.", reply->reply_ia)) {
2417  log_error("reply_process_addr: Failure "
2418  "setting status code.");
2419  status = ISC_R_FAILURE;
2420  goto cleanup;
2421  }
2422 
2423  /* Fin (no more IAADDRs). */
2424  status = ISC_R_CANCELED;
2425  goto cleanup;
2426  }
2427 
2428  /*
2429  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2430  *
2431  * If the server finds that any of the addresses are not
2432  * appropriate for the link to which the client is attached,
2433  * the server returns the address to the client with lifetimes
2434  * of 0.
2435  */
2436  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2437  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2438  log_error("It is impossible to lease a client that is "
2439  "not sending a solicit, request, renew, or "
2440  "rebind.");
2441  status = ISC_R_FAILURE;
2442  goto cleanup;
2443  }
2444 
2445  reply->send_prefer = reply->send_valid = 0;
2446  goto send_addr;
2447  }
2448 
2449  /* Verify the address belongs to the client. */
2450  if (!address_is_owned(reply, &tmp_addr)) {
2451  /*
2452  * For solicit and request, any addresses included are
2453  * 'requested' addresses. For rebind, we actually have
2454  * no direction on what to do from 3315 section 18.2.4!
2455  * So I think the best bet is to try and give it out, and if
2456  * we can't, zero lifetimes.
2457  */
2458  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2459  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2460  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2461  status = reply_process_try_addr(reply, &tmp_addr);
2462 
2463  /*
2464  * If the address is in use, or isn't in any dynamic
2465  * range, continue as normal. If any other error was
2466  * found, error out.
2467  */
2468  if ((status != ISC_R_SUCCESS) &&
2469  (status != ISC_R_ADDRINUSE) &&
2470  (status != ISC_R_ADDRNOTAVAIL))
2471  goto cleanup;
2472 
2473  /*
2474  * If we didn't honor this lease, for solicit and
2475  * request we simply omit it from our answer. For
2476  * rebind, we send it with zeroed lifetimes.
2477  */
2478  if (reply->lease == NULL) {
2479  if (reply->packet->dhcpv6_msg_type ==
2480  DHCPV6_REBIND) {
2481  reply->send_prefer = 0;
2482  reply->send_valid = 0;
2483  goto send_addr;
2484  }
2485 
2486  /* status remains success - ignore */
2487  goto cleanup;
2488  }
2489  /*
2490  * RFC3315 section 18.2.3:
2491  *
2492  * If the server cannot find a client entry for the IA the
2493  * server returns the IA containing no addresses with a Status
2494  * Code option set to NoBinding in the Reply message.
2495  *
2496  * On mismatch we (ab)use this pretending we have not the IA
2497  * as soon as we have not an address.
2498  */
2499  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2500  /* Rewind the IA_NA to empty. */
2501  option_state_dereference(&reply->reply_ia, MDL);
2502  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2503  log_error("reply_process_addr: No memory for "
2504  "option state wipe.");
2505  status = ISC_R_NOMEMORY;
2506  goto cleanup;
2507  }
2508 
2509  /* Append a NoBinding status code. */
2510  if (!set_status_code(STATUS_NoBinding,
2511  "Address not bound to this "
2512  "interface.", reply->reply_ia)) {
2513  log_error("reply_process_addr: Unable to "
2514  "attach status code.");
2515  status = ISC_R_FAILURE;
2516  goto cleanup;
2517  }
2518 
2519  /* Fin (no more IAADDRs). */
2520  status = ISC_R_CANCELED;
2521  goto cleanup;
2522  } else {
2523  log_error("It is impossible to lease a client that is "
2524  "not sending a solicit, request, renew, or "
2525  "rebind message.");
2526  status = ISC_R_FAILURE;
2527  goto cleanup;
2528  }
2529  }
2530 
2531  if (reply->static_lease) {
2532  if (reply->host == NULL)
2533  log_fatal("Impossible condition at %s:%d.", MDL);
2534 
2535  scope = &global_scope;
2536  group = reply->subnet->group;
2537  } else {
2538  if (reply->lease == NULL)
2539  log_fatal("Impossible condition at %s:%d.", MDL);
2540 
2541  scope = &reply->lease->scope;
2542  group = reply->lease->ipv6_pool->ipv6_pond->group;
2543  }
2544 
2545  /*
2546  * If client_resources is nonzero, then the reply_process_is_addressed
2547  * function has executed configuration state into the reply option
2548  * cache. We will use that valid cache to derive configuration for
2549  * whether or not to engage in additional addresses, and similar.
2550  */
2551  if (reply->client_resources != 0) {
2552  unsigned limit = 1;
2553 
2554  /*
2555  * Does this client have "enough" addresses already? Default
2556  * to one. Everybody gets one, and one should be enough for
2557  * anybody.
2558  */
2559  oc = lookup_option(&server_universe, reply->opt_state,
2561  if (oc != NULL) {
2562  if (!evaluate_option_cache(&data, reply->packet,
2563  NULL, NULL,
2564  reply->packet->options,
2565  reply->opt_state,
2566  scope, oc, MDL) ||
2567  (data.len != 4)) {
2568  log_error("reply_process_addr: unable to "
2569  "evaluate addrs-per-ia value.");
2570  status = ISC_R_FAILURE;
2571  goto cleanup;
2572  }
2573 
2574  limit = getULong(data.data);
2576  }
2577 
2578  /*
2579  * If we wish to limit the client to a certain number of
2580  * addresses, then omit the address from the reply.
2581  */
2582  if (reply->client_resources >= limit)
2583  goto cleanup;
2584  }
2585 
2586  status = reply_process_is_addressed(reply, scope, group);
2587  if (status != ISC_R_SUCCESS)
2588  goto cleanup;
2589 
2590  send_addr:
2591  status = reply_process_send_addr(reply, &tmp_addr);
2592 
2593  cleanup:
2594  if (iaaddr.data != NULL)
2595  data_string_forget(&iaaddr, MDL);
2596  if (data.data != NULL)
2598  if (reply->lease != NULL)
2599  iasubopt_dereference(&reply->lease, MDL);
2600 
2601  return status;
2602 }
2603 
2604 /*
2605  * Verify the address belongs to the client. If we've got a host
2606  * record with a fixed address, it has to be the assigned address
2607  * (fault out all else). Otherwise it's a dynamic address, so lookup
2608  * that address and make sure it belongs to this DUID:IAID pair.
2609  */
2610 static isc_boolean_t
2611 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2612  int i;
2613  struct ipv6_pond *pond;
2614 
2615  /*
2616  * This faults out addresses that don't match fixed addresses.
2617  */
2618  if (reply->static_lease) {
2619  if (reply->fixed.data == NULL)
2620  log_fatal("Impossible condition at %s:%d.", MDL);
2621 
2622  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2623  return (ISC_TRUE);
2624 
2625  return (ISC_FALSE);
2626  }
2627 
2628  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2629  return (ISC_FALSE);
2630 
2631  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2632  struct iasubopt *tmp;
2633 
2634  tmp = reply->old_ia->iasubopt[i];
2635 
2636  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2637  if (lease6_usable(tmp) == ISC_FALSE) {
2638  return (ISC_FALSE);
2639  }
2640 
2641  pond = tmp->ipv6_pool->ipv6_pond;
2642  if (((pond->prohibit_list != NULL) &&
2643  (permitted(reply->packet, pond->prohibit_list))) ||
2644  ((pond->permit_list != NULL) &&
2645  (!permitted(reply->packet, pond->permit_list))))
2646  return (ISC_FALSE);
2647 
2648  iasubopt_reference(&reply->lease, tmp, MDL);
2649 
2650  return (ISC_TRUE);
2651  }
2652  }
2653 
2654  return (ISC_FALSE);
2655 }
2656 
2657 /* Process a client-supplied IA_TA. This may append options to the tail of
2658  * the reply packet being built in the reply_state structure.
2659  */
2660 static isc_result_t
2661 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2662  isc_result_t status = ISC_R_SUCCESS;
2663  u_int32_t iaid;
2664  unsigned ia_cursor;
2665  struct option_state *packet_ia;
2666  struct option_cache *oc;
2667  struct data_string ia_data, data;
2668  struct data_string iaaddr;
2669  u_int32_t pref_life, valid_life;
2670  struct iaddr tmp_addr;
2671 
2672  /* Initialize values that will get cleaned up on return. */
2673  packet_ia = NULL;
2674  memset(&ia_data, 0, sizeof(ia_data));
2675  memset(&data, 0, sizeof(data));
2676  memset(&iaaddr, 0, sizeof(iaaddr));
2677 
2678  /* Make sure there is at least room for the header. */
2679  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2680  log_error("reply_process_ia_ta: Reply too long for IA.");
2681  return ISC_R_NOSPACE;
2682  }
2683 
2684 
2685  /* Fetch the IA_TA contents. */
2686  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2687  ia, IA_TA_OFFSET)) {
2688  log_error("reply_process_ia_ta: error evaluating ia");
2689  status = ISC_R_FAILURE;
2690  goto cleanup;
2691  }
2692 
2693  /* Extract IA_TA header contents. */
2694  iaid = getULong(ia_data.data);
2695 
2696  /* Create an IA_TA structure. */
2697  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2698  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2699  log_error("reply_process_ia_ta: no memory for ia.");
2700  status = ISC_R_NOMEMORY;
2701  goto cleanup;
2702  }
2703  reply->ia->ia_type = D6O_IA_TA;
2704 
2705  /* Cache pre-existing IA, if any. */
2706  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2707  (unsigned char *)reply->ia->iaid_duid.data,
2708  reply->ia->iaid_duid.len, MDL);
2709 
2710  /*
2711  * Create an option cache to carry the IA_TA option contents, and
2712  * execute any user-supplied values into it.
2713  */
2714  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2715  status = ISC_R_NOMEMORY;
2716  goto cleanup;
2717  }
2718 
2719  /*
2720  * Temporary leases are dynamic by definition.
2721  */
2722  reply->static_lease = ISC_FALSE;
2723 
2724  /*
2725  * Save the cursor position at the start of the IA, so we can
2726  * set length later. We write a temporary
2727  * header out now just in case we decide to adjust the packet
2728  * within sub-process functions.
2729  */
2730  ia_cursor = reply->cursor;
2731 
2732  /* Initialize the IA_TA header. First the code. */
2733  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2734  reply->cursor += 2;
2735 
2736  /* Then option length. */
2737  putUShort(reply->buf.data + reply->cursor, 0x04u);
2738  reply->cursor += 2;
2739 
2740  /* Then IA_TA header contents; IAID. */
2741  putULong(reply->buf.data + reply->cursor, iaid);
2742  reply->cursor += 4;
2743 
2744  /*
2745  * Deal with an IAADDR for lifetimes.
2746  * For all or none, process IAADDRs as hints.
2747  */
2748  reply->valid = reply->prefer = 0xffffffff;
2749  reply->client_valid = reply->client_prefer = 0;
2750  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2751  for (; oc != NULL; oc = oc->next) {
2752  memset(&iaaddr, 0, sizeof(iaaddr));
2753  if (!evaluate_option_cache(&iaaddr, reply->packet,
2754  NULL, NULL,
2755  reply->packet->options, NULL,
2756  &global_scope, oc, MDL) ||
2757  (iaaddr.len < IAADDR_OFFSET)) {
2758  log_error("reply_process_ia_ta: error "
2759  "evaluating IAADDR.");
2760  status = ISC_R_FAILURE;
2761  goto cleanup;
2762  }
2763  /* The first 16 bytes are the IPv6 address. */
2764  pref_life = getULong(iaaddr.data + 16);
2765  valid_life = getULong(iaaddr.data + 20);
2766 
2767  if ((reply->client_valid == 0) ||
2768  (reply->client_valid > valid_life))
2769  reply->client_valid = valid_life;
2770 
2771  if ((reply->client_prefer == 0) ||
2772  (reply->client_prefer > pref_life))
2773  reply->client_prefer = pref_life;
2774 
2775  /* Nothing more if something has failed. */
2776  if (status == ISC_R_CANCELED)
2777  continue;
2778 
2779  tmp_addr.len = 16;
2780  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2781  if (!temporary_is_available(reply, &tmp_addr))
2782  goto bad_temp;
2783  status = reply_process_is_addressed(reply,
2784  &reply->lease->scope,
2785  reply->lease->ipv6_pool->ipv6_pond->group);
2786  if (status != ISC_R_SUCCESS)
2787  goto bad_temp;
2788  status = reply_process_send_addr(reply, &tmp_addr);
2789  if (status != ISC_R_SUCCESS)
2790  goto bad_temp;
2791  if (reply->lease != NULL)
2792  iasubopt_dereference(&reply->lease, MDL);
2793  continue;
2794 
2795  bad_temp:
2796  /* Rewind the IA_TA to empty. */
2797  option_state_dereference(&reply->reply_ia, MDL);
2798  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2799  status = ISC_R_NOMEMORY;
2800  goto cleanup;
2801  }
2802  status = ISC_R_CANCELED;
2803  reply->client_resources = 0;
2804  reply->resources_included = ISC_FALSE;
2805  if (reply->lease != NULL)
2806  iasubopt_dereference(&reply->lease, MDL);
2807  }
2808  reply->ia_count++;
2809 
2810  /*
2811  * Give the client temporary addresses.
2812  */
2813  if (reply->client_resources != 0)
2814  goto store;
2815  status = find_client_temporaries(reply);
2816  if (status == ISC_R_NORESOURCES) {
2817  switch (reply->packet->dhcpv6_msg_type) {
2818  case DHCPV6_SOLICIT:
2819  /*
2820  * No address for any IA is handled
2821  * by the caller.
2822  */
2823  /* FALL THROUGH */
2824 
2825  case DHCPV6_REQUEST:
2826  /* Section 18.2.1 (Request):
2827  *
2828  * If the server cannot assign any addresses to
2829  * an IA in the message from the client, the
2830  * server MUST include the IA in the Reply
2831  * message with no addresses in the IA and a
2832  * Status Code option in the IA containing
2833  * status code NoAddrsAvail.
2834  */
2835  option_state_dereference(&reply->reply_ia, MDL);
2836  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2837  log_error("reply_process_ia_ta: No "
2838  "memory for option state wipe.");
2839  status = ISC_R_NOMEMORY;
2840  goto cleanup;
2841  }
2842 
2843  if (!set_status_code(STATUS_NoAddrsAvail,
2844  "No addresses available "
2845  "for this interface.",
2846  reply->reply_ia)) {
2847  log_error("reply_process_ia_ta: Unable "
2848  "to set NoAddrsAvail status code.");
2849  status = ISC_R_FAILURE;
2850  goto cleanup;
2851  }
2852 
2853  status = ISC_R_SUCCESS;
2854  break;
2855 
2856  default:
2857  /*
2858  * We don't want to include the IA if we
2859  * provide zero addresses including zeroed
2860  * lifetimes.
2861  */
2862  if (reply->resources_included)
2863  status = ISC_R_SUCCESS;
2864  else
2865  goto cleanup;
2866  break;
2867  }
2868  } else if (status != ISC_R_SUCCESS)
2869  goto cleanup;
2870 
2871  store:
2872  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2873  sizeof(reply->buf) - reply->cursor,
2874  reply->reply_ia, reply->packet,
2875  required_opts_IA, NULL);
2876 
2877  /* Reset the length of this IA to match what was just written. */
2878  putUShort(reply->buf.data + ia_cursor + 2,
2879  reply->cursor - (ia_cursor + 4));
2880 
2881  /*
2882  * yes, goto's aren't the best but we also want to avoid extra
2883  * indents
2884  */
2885  if (status == ISC_R_CANCELED)
2886  goto cleanup;
2887 
2888  /*
2889  * If we have any addresses log what we are doing.
2890  */
2891  if (reply->ia->num_iasubopt != 0) {
2892  struct iasubopt *tmp;
2893  int i;
2894  char tmp_addr[INET6_ADDRSTRLEN];
2895 
2896  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2897  tmp = reply->ia->iasubopt[i];
2898 
2899  log_info("%s TA: address %s to client with duid %s "
2900  "iaid = %d valid for %d seconds",
2901  dhcpv6_type_names[reply->buf.reply.msg_type],
2902  inet_ntop(AF_INET6, &tmp->addr,
2903  tmp_addr, sizeof(tmp_addr)),
2904  print_hex_1(reply->client_id.len,
2905  reply->client_id.data, 60),
2906  iaid,
2907  tmp->valid);
2908  }
2909  }
2910 
2911  /*
2912  * For hard bindings we consume the new changes into
2913  * the database (if any have been attached to the ia_ta).
2914  *
2915  * Loop through the assigned dynamic addresses, referencing the
2916  * leases onto this IA_TA rather than any old ones, and updating
2917  * pool timers for each (if any).
2918  */
2919  if ((reply->ia->num_iasubopt != 0) &&
2920  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2921  struct iasubopt *tmp;
2922  struct data_string *ia_id;
2923  int i;
2924 
2925  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2926  tmp = reply->ia->iasubopt[i];
2927 
2928  if (tmp->ia != NULL)
2929  ia_dereference(&tmp->ia, MDL);
2930  ia_reference(&tmp->ia, reply->ia, MDL);
2931 
2932  /* Commit 'hard' bindings. */
2933  renew_lease6(tmp->ipv6_pool, tmp);
2935 
2936  /* If we have anything to do on commit do it now */
2937  if (tmp->on_star.on_commit != NULL) {
2938  execute_statements(NULL, reply->packet,
2939  NULL, NULL,
2940  reply->packet->options,
2941  reply->opt_state,
2942  &tmp->scope,
2943  tmp->on_star.on_commit,
2944  &tmp->on_star);
2946  (&tmp->on_star.on_commit, MDL);
2947  }
2948 
2949 #if defined (NSUPDATE)
2950  /*
2951  * Perform ddns updates.
2952  */
2953  oc = lookup_option(&server_universe, reply->opt_state,
2954  SV_DDNS_UPDATES);
2955  if ((oc == NULL) ||
2956  evaluate_boolean_option_cache(NULL, reply->packet,
2957  NULL, NULL,
2958  reply->packet->options,
2959  reply->opt_state,
2960  &tmp->scope,
2961  oc, MDL)) {
2962  ddns_updates(reply->packet, NULL, NULL,
2963  tmp, NULL, reply->opt_state);
2964  }
2965 #endif
2966  /* Do our threshold check. */
2967  check_pool6_threshold(reply, tmp);
2968  }
2969 
2970  /* Remove any old ia from the hash. */
2971  if (reply->old_ia != NULL) {
2972  ia_id = &reply->old_ia->iaid_duid;
2973  ia_hash_delete(ia_ta_active,
2974  (unsigned char *)ia_id->data,
2975  ia_id->len, MDL);
2976  ia_dereference(&reply->old_ia, MDL);
2977  }
2978 
2979  /* Put new ia into the hash. */
2980  reply->ia->cltt = cur_time;
2981  ia_id = &reply->ia->iaid_duid;
2982  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
2983  ia_id->len, reply->ia, MDL);
2984 
2985  write_ia(reply->ia);
2986  } else {
2987  schedule_lease_timeout_reply(reply);
2988  }
2989 
2990  cleanup:
2991  if (packet_ia != NULL)
2992  option_state_dereference(&packet_ia, MDL);
2993  if (iaaddr.data != NULL)
2994  data_string_forget(&iaaddr, MDL);
2995  if (reply->reply_ia != NULL)
2996  option_state_dereference(&reply->reply_ia, MDL);
2997  if (ia_data.data != NULL)
2998  data_string_forget(&ia_data, MDL);
2999  if (data.data != NULL)
3001  if (reply->ia != NULL)
3002  ia_dereference(&reply->ia, MDL);
3003  if (reply->old_ia != NULL)
3004  ia_dereference(&reply->old_ia, MDL);
3005  if (reply->lease != NULL)
3006  iasubopt_dereference(&reply->lease, MDL);
3007 
3008  /*
3009  * ISC_R_CANCELED is a status code used by the addr processing to
3010  * indicate we're replying with other addresses. This is still a
3011  * success at higher layers.
3012  */
3013  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3014 }
3015 
3016 /*
3017  * Verify the temporary address is available.
3018  */
3019 static isc_boolean_t
3020 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3021  struct in6_addr tmp_addr;
3022  struct subnet *subnet;
3023  struct ipv6_pool *pool = NULL;
3024  struct ipv6_pond *pond = NULL;
3025  int i;
3026 
3027  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3028  /*
3029  * Clients may choose to send :: as an address, with the idea to give
3030  * hints about preferred-lifetime or valid-lifetime.
3031  * So this is not a request for this address.
3032  */
3033  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3034  return ISC_FALSE;
3035 
3036  /*
3037  * Verify that this address is on the client's network.
3038  */
3039  for (subnet = reply->shared->subnets ; subnet != NULL ;
3040  subnet = subnet->next_sibling) {
3041  if (addr_eq(subnet_number(*addr, subnet->netmask),
3042  subnet->net))
3043  break;
3044  }
3045 
3046  /* Address not found on shared network. */
3047  if (subnet == NULL)
3048  return ISC_FALSE;
3049 
3050  /*
3051  * Check if this address is owned (must be before next step).
3052  */
3053  if (address_is_owned(reply, addr))
3054  return ISC_TRUE;
3055 
3056  /*
3057  * Verify that this address is in a temporary pool and try to get it.
3058  */
3059  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3060  if (((pond->prohibit_list != NULL) &&
3061  (permitted(reply->packet, pond->prohibit_list))) ||
3062  ((pond->permit_list != NULL) &&
3063  (!permitted(reply->packet, pond->permit_list))))
3064  continue;
3065 
3066  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3067  if (pool->pool_type != D6O_IA_TA)
3068  continue;
3069 
3070  if (ipv6_in_pool(&tmp_addr, pool))
3071  break;
3072  }
3073 
3074  if (pool != NULL)
3075  break;
3076  }
3077 
3078  if (pool == NULL)
3079  return ISC_FALSE;
3080  if (lease6_exists(pool, &tmp_addr))
3081  return ISC_FALSE;
3082  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3083  return ISC_FALSE;
3084  reply->lease->addr = tmp_addr;
3085  reply->lease->plen = 0;
3086  /* Default is soft binding for 2 minutes. */
3087  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3088  return ISC_FALSE;
3089 
3090  return ISC_TRUE;
3091 }
3092 
3093 /*
3094  * Get a temporary address per prefix.
3095  */
3096 static isc_result_t
3097 find_client_temporaries(struct reply_state *reply) {
3098  int i;
3099  struct ipv6_pool *p = NULL;
3100  struct ipv6_pond *pond;
3101  isc_result_t status = ISC_R_NORESOURCES;;
3102  unsigned int attempts;
3103  struct iaddr send_addr;
3104 
3105  /*
3106  * Do a quick walk through of the ponds and pools
3107  * to see if we have any prefix pools
3108  */
3109  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3110  if (pond->ipv6_pools == NULL)
3111  continue;
3112 
3113  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3114  if (p->pool_type == D6O_IA_TA)
3115  break;
3116  }
3117  if (p != NULL)
3118  break;
3119  }
3120 
3121  /* If we get here and p is NULL we have no useful pools */
3122  if (p == NULL) {
3123  log_debug("Unable to get client addresses: "
3124  "no IPv6 pools on this shared network");
3125  return ISC_R_NORESOURCES;
3126  }
3127 
3128  /*
3129  * We have at least one pool that could provide an address
3130  * Now we walk through the ponds and pools again and check
3131  * to see if the client is permitted and if an address is
3132  * available
3133  */
3134 
3135  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3136  if (((pond->prohibit_list != NULL) &&
3137  (permitted(reply->packet, pond->prohibit_list))) ||
3138  ((pond->permit_list != NULL) &&
3139  (!permitted(reply->packet, pond->permit_list))))
3140  continue;
3141 
3142  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3143  if (p->pool_type != D6O_IA_TA) {
3144  continue;
3145  }
3146 
3147  /*
3148  * Get an address in this temporary pool.
3149  */
3150  status = create_lease6(p, &reply->lease, &attempts,
3151  &reply->client_id, cur_time + 120);
3152  if (status != ISC_R_SUCCESS) {
3153  log_debug("Unable to get a temporary address.");
3154  goto cleanup;
3155  }
3156 
3157  status = reply_process_is_addressed(reply,
3158  &reply->lease->scope,
3159  pond->group);
3160  if (status != ISC_R_SUCCESS) {
3161  goto cleanup;
3162  }
3163  send_addr.len = 16;
3164  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3165  status = reply_process_send_addr(reply, &send_addr);
3166  if (status != ISC_R_SUCCESS) {
3167  goto cleanup;
3168  }
3169  /*
3170  * reply->lease can't be null as we use it above
3171  * add check if that changes
3172  */
3173  iasubopt_dereference(&reply->lease, MDL);
3174  }
3175  }
3176 
3177  cleanup:
3178  if (reply->lease != NULL) {
3179  iasubopt_dereference(&reply->lease, MDL);
3180  }
3181  return status;
3182 }
3183 
3184 /*
3185  * This function only returns failure on 'hard' failures. If it succeeds,
3186  * it will leave a lease structure behind.
3187  */
3188 static isc_result_t
3189 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3190  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3191  struct ipv6_pool *pool = NULL;
3192  struct ipv6_pond *pond = NULL;
3193  int i;
3194  struct data_string data_addr;
3195 
3196  if ((reply == NULL) || (reply->shared == NULL) ||
3197  (addr == NULL) || (reply->lease != NULL))
3198  return (DHCP_R_INVALIDARG);
3199 
3200  /*
3201  * Do a quick walk through of the ponds and pools
3202  * to see if we have any NA address pools
3203  */
3204  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3205  if (pond->ipv6_pools == NULL)
3206  continue;
3207 
3208  for (i = 0; ; i++) {
3209  pool = pond->ipv6_pools[i];
3210  if ((pool == NULL) ||
3211  (pool->pool_type == D6O_IA_NA))
3212  break;
3213  }
3214  if (pool != NULL)
3215  break;
3216  }
3217 
3218  /* If we get here and p is NULL we have no useful pools */
3219  if (pool == NULL) {
3220  return (ISC_R_ADDRNOTAVAIL);
3221  }
3222 
3223  memset(&data_addr, 0, sizeof(data_addr));
3224  data_addr.len = addr->len;
3225  data_addr.data = addr->iabuf;
3226 
3227  /*
3228  * We have at least one pool that could provide an address
3229  * Now we walk through the ponds and pools again and check
3230  * to see if the client is permitted and if an address is
3231  * available
3232  *
3233  * Within a given pond we start looking at the last pool we
3234  * allocated from, unless it had a collision trying to allocate
3235  * an address. This will tend to move us into less-filled pools.
3236  */
3237 
3238  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3239  if (((pond->prohibit_list != NULL) &&
3240  (permitted(reply->packet, pond->prohibit_list))) ||
3241  ((pond->permit_list != NULL) &&
3242  (!permitted(reply->packet, pond->permit_list))))
3243  continue;
3244 
3245  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3246  if (pool->pool_type != D6O_IA_NA)
3247  continue;
3248 
3249  status = try_client_v6_address(&reply->lease, pool,
3250  &data_addr);
3251  if (status == ISC_R_SUCCESS)
3252  break;
3253  }
3254 
3255  if (status == ISC_R_SUCCESS)
3256  break;
3257  }
3258 
3259  /* Note that this is just pedantry. There is no allocation to free. */
3260  data_string_forget(&data_addr, MDL);
3261  /* Return just the most recent status... */
3262  return (status);
3263 }
3264 
3265 /* Look around for an address to give the client. First, look through the
3266  * old IA for addresses we can extend. Second, try to allocate a new address.
3267  * Finally, actually add that address into the current reply IA.
3268  */
3269 static isc_result_t
3270 find_client_address(struct reply_state *reply) {
3271  struct iaddr send_addr;
3272  isc_result_t status = ISC_R_NORESOURCES;
3273  struct iasubopt *lease, *best_lease = NULL;
3274  struct binding_scope **scope;
3275  struct group *group;
3276  int i;
3277 
3278  if (reply->static_lease) {
3279  if (reply->host == NULL)
3280  return DHCP_R_INVALIDARG;
3281 
3282  send_addr.len = 16;
3283  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3284 
3285  scope = &global_scope;
3286  group = reply->subnet->group;
3287  goto send_addr;
3288  }
3289 
3290  if (reply->old_ia != NULL) {
3291  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3292  struct shared_network *candidate_shared;
3293  struct ipv6_pond *pond;
3294 
3295  lease = reply->old_ia->iasubopt[i];
3296  candidate_shared = lease->ipv6_pool->shared_network;
3297  pond = lease->ipv6_pool->ipv6_pond;
3298 
3299  /*
3300  * Look for the best lease on the client's shared
3301  * network, that is still permitted
3302  */
3303 
3304  if ((candidate_shared != reply->shared) ||
3305  (lease6_usable(lease) != ISC_TRUE))
3306  continue;
3307 
3308  if (((pond->prohibit_list != NULL) &&
3309  (permitted(reply->packet, pond->prohibit_list))) ||
3310  ((pond->permit_list != NULL) &&
3311  (!permitted(reply->packet, pond->permit_list))))
3312  continue;
3313 
3314  best_lease = lease_compare(lease, best_lease);
3315  }
3316  }
3317 
3318  /* Try to pick a new address if we didn't find one, or if we found an
3319  * abandoned lease.
3320  */
3321  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3322  status = pick_v6_address(reply);
3323  } else if (best_lease != NULL) {
3324  iasubopt_reference(&reply->lease, best_lease, MDL);
3325  status = ISC_R_SUCCESS;
3326  }
3327 
3328  /* Pick the abandoned lease as a last resort. */
3329  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3330  /* I don't see how this is supposed to be done right now. */
3331  log_error("Best match for DUID %s is an abandoned address,"
3332  " This may be a result of multiple clients attempting"
3333  " to use this DUID",
3334  print_hex_1(reply->client_id.len,
3335  reply->client_id.data, 60));
3336  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3337  }
3338 
3339  /* Give up now if we didn't find a lease. */
3340  if (status != ISC_R_SUCCESS)
3341  return status;
3342 
3343  if (reply->lease == NULL)
3344  log_fatal("Impossible condition at %s:%d.", MDL);
3345 
3346  /* Draw binding scopes from the lease's binding scope, and config
3347  * from the lease's containing subnet and higher. Note that it may
3348  * be desirable to place the group attachment directly in the pool.
3349  */
3350  scope = &reply->lease->scope;
3351  group = reply->lease->ipv6_pool->ipv6_pond->group;
3352 
3353  send_addr.len = 16;
3354  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3355 
3356  send_addr:
3357  status = reply_process_is_addressed(reply, scope, group);
3358  if (status != ISC_R_SUCCESS)
3359  return status;
3360 
3361  status = reply_process_send_addr(reply, &send_addr);
3362  return status;
3363 }
3364 
3365 /* Once an address is found for a client, perform several common functions;
3366  * Calculate and store valid and preferred lease times, draw client options
3367  * into the option state.
3368  */
3369 static isc_result_t
3370 reply_process_is_addressed(struct reply_state *reply,
3371  struct binding_scope **scope, struct group *group)
3372 {
3373  isc_result_t status = ISC_R_SUCCESS;
3374  struct data_string data;
3375  struct option_cache *oc;
3376  struct option_state *tmp_options = NULL;
3377  struct on_star *on_star;
3378  int i;
3379 
3380  /* Initialize values we will cleanup. */
3381  memset(&data, 0, sizeof(data));
3382 
3383  /*
3384  * Find the proper on_star block to use. We use the
3385  * one in the lease if we have a lease or the one in
3386  * the reply if we don't have a lease because this is
3387  * a static instance
3388  */
3389  if (reply->lease) {
3390  on_star = &reply->lease->on_star;
3391  } else {
3392  on_star = &reply->on_star;
3393  }
3394 
3395  /*
3396  * Bring in the root configuration. We only do this to bring
3397  * in the on * statements, as we didn't have the lease available
3398  * we did it the first time.
3399  */
3400  option_state_allocate(&tmp_options, MDL);
3401  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3402  reply->packet->options, tmp_options,
3403  &global_scope, root_group, NULL,
3404  on_star);
3405  if (tmp_options != NULL) {
3406  option_state_dereference(&tmp_options, MDL);
3407  }
3408 
3409  /*
3410  * Bring configured options into the root packet level cache - start
3411  * with the lease's closest enclosing group (passed in by the caller
3412  * as 'group').
3413  */
3414  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3415  reply->packet->options, reply->opt_state,
3416  scope, group, root_group, on_star);
3417 
3418  /* Execute statements from class scopes. */
3419  for (i = reply->packet->class_count; i > 0; i--) {
3420  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3421  reply->packet->options,
3422  reply->opt_state, scope,
3423  reply->packet->classes[i - 1]->group,
3424  group, on_star);
3425  }
3426 
3427  /*
3428  * If there is a host record, over-ride with values configured there,
3429  * without re-evaluating configuration from the previously executed
3430  * group or its common enclosers.
3431  */
3432  if (reply->host != NULL)
3433  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3434  reply->packet->options,
3435  reply->opt_state, scope,
3436  reply->host->group, group,
3437  on_star);
3438 
3439  /* Determine valid lifetime. */
3440  if (reply->client_valid == 0)
3441  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3442  else
3443  reply->send_valid = reply->client_valid;
3444 
3445  oc = lookup_option(&server_universe, reply->opt_state,
3447  if (oc != NULL) {
3448  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3449  reply->packet->options,
3450  reply->opt_state,
3451  scope, oc, MDL) ||
3452  (data.len != 4)) {
3453  log_error("reply_process_is_addressed: unable to "
3454  "evaluate default lease time");
3455  status = ISC_R_FAILURE;
3456  goto cleanup;
3457  }
3458 
3459  reply->send_valid = getULong(data.data);
3460  data_string_forget(&data, MDL);
3461  }
3462 
3463  if (reply->client_prefer == 0)
3464  reply->send_prefer = reply->send_valid;
3465  else
3466  reply->send_prefer = reply->client_prefer;
3467 
3468  if (reply->send_prefer >= reply->send_valid)
3469  reply->send_prefer = (reply->send_valid / 2) +
3470  (reply->send_valid / 8);
3471 
3472  oc = lookup_option(&server_universe, reply->opt_state,
3474  if (oc != NULL) {
3475  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3476  reply->packet->options,
3477  reply->opt_state,
3478  scope, oc, MDL) ||
3479  (data.len != 4)) {
3480  log_error("reply_process_is_addressed: unable to "
3481  "evaluate preferred lease time");
3482  status = ISC_R_FAILURE;
3483  goto cleanup;
3484  }
3485 
3486  reply->send_prefer = getULong(data.data);
3487  data_string_forget(&data, MDL);
3488  }
3489 
3490  /* Note lowest values for later calculation of renew/rebind times. */
3491  if (reply->prefer > reply->send_prefer)
3492  reply->prefer = reply->send_prefer;
3493 
3494  if (reply->valid > reply->send_valid)
3495  reply->valid = reply->send_valid;
3496 
3497 #if 0
3498  /*
3499  * XXX: Old 4.0.0 alpha code would change the host {} record
3500  * XXX: uid upon lease assignment. This was intended to cover the
3501  * XXX: case where a client first identifies itself using vendor
3502  * XXX: options in a solicit, or request, but later neglects to include
3503  * XXX: these options in a Renew or Rebind. It is not clear that this
3504  * XXX: is required, and has some startling ramifications (such as
3505  * XXX: how to recover this dynamic host {} state across restarts).
3506  */
3507  if (reply->host != NULL)
3508  change_host_uid(host, reply->client_id->data,
3509  reply->client_id->len);
3510 #endif /* 0 */
3511 
3512  /* Perform dynamic lease related update work. */
3513  if (reply->lease != NULL) {
3514  /* Cached lifetimes */
3515  reply->lease->prefer = reply->send_prefer;
3516  reply->lease->valid = reply->send_valid;
3517 
3518  /* Advance (or rewind) the valid lifetime. */
3519  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3520  reply->lease->soft_lifetime_end_time =
3521  cur_time + reply->send_valid;
3522  /* Wait before renew! */
3523  }
3524 
3525  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3526  if (status != ISC_R_SUCCESS) {
3527  log_fatal("reply_process_is_addressed: Unable to "
3528  "attach lease to new IA: %s",
3529  isc_result_totext(status));
3530  }
3531 
3532  /*
3533  * If this is a new lease, make sure it is attached somewhere.
3534  */
3535  if (reply->lease->ia == NULL) {
3536  ia_reference(&reply->lease->ia, reply->ia, MDL);
3537  }
3538  }
3539 
3540  /* Bring a copy of the relevant options into the IA scope. */
3541  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3542  reply->packet->options, reply->reply_ia,
3543  scope, group, root_group, NULL);
3544 
3545  /* Execute statements from class scopes. */
3546  for (i = reply->packet->class_count; i > 0; i--) {
3547  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3548  reply->packet->options,
3549  reply->reply_ia, scope,
3550  reply->packet->classes[i - 1]->group,
3551  group, NULL);
3552  }
3553 
3554  /*
3555  * And bring in host record configuration, if any, but not to overlap
3556  * the previous group or its common enclosers.
3557  */
3558  if (reply->host != NULL)
3559  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3560  reply->packet->options,
3561  reply->reply_ia, scope,
3562  reply->host->group, group, NULL);
3563 
3564  cleanup:
3565  if (data.data != NULL)
3566  data_string_forget(&data, MDL);
3567 
3568  if (status == ISC_R_SUCCESS)
3569  reply->client_resources++;
3570 
3571  return status;
3572 }
3573 
3574 /* Simply send an IAADDR within the IA scope as described. */
3575 static isc_result_t
3576 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3577  isc_result_t status = ISC_R_SUCCESS;
3578  struct data_string data;
3579 
3580  memset(&data, 0, sizeof(data));
3581 
3582  /* Now append the lease. */
3583  data.len = IAADDR_OFFSET;
3584  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3585  log_error("reply_process_send_addr: out of memory"
3586  "allocating new IAADDR buffer.");
3587  status = ISC_R_NOMEMORY;
3588  goto cleanup;
3589  }
3590  data.data = data.buffer->data;
3591 
3592  memcpy(data.buffer->data, addr->iabuf, 16);
3593  putULong(data.buffer->data + 16, reply->send_prefer);
3594  putULong(data.buffer->data + 20, reply->send_valid);
3595 
3596  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3597  data.buffer, data.buffer->data,
3598  data.len, D6O_IAADDR, 0)) {
3599  log_error("reply_process_send_addr: unable "
3600  "to save IAADDR option");
3601  status = ISC_R_FAILURE;
3602  goto cleanup;
3603  }
3604 
3605  reply->resources_included = ISC_TRUE;
3606 
3607  cleanup:
3608  if (data.data != NULL)
3610 
3611  return status;
3612 }
3613 
3614 /* Choose the better of two leases. */
3615 static struct iasubopt *
3616 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3617  if (alpha == NULL)
3618  return beta;
3619  if (beta == NULL)
3620  return alpha;
3621 
3622  switch(alpha->state) {
3623  case FTS_ACTIVE:
3624  switch(beta->state) {
3625  case FTS_ACTIVE:
3626  /* Choose the lease with the longest lifetime (most
3627  * likely the most recently allocated).
3628  */
3629  if (alpha->hard_lifetime_end_time <
3630  beta->hard_lifetime_end_time)
3631  return beta;
3632  else
3633  return alpha;
3634 
3635  case FTS_EXPIRED:
3636  case FTS_ABANDONED:
3637  return alpha;
3638 
3639  default:
3640  log_fatal("Impossible condition at %s:%d.", MDL);
3641  }
3642  break;
3643 
3644  case FTS_EXPIRED:
3645  switch (beta->state) {
3646  case FTS_ACTIVE:
3647  return beta;
3648 
3649  case FTS_EXPIRED:
3650  /* Choose the most recently expired lease. */
3651  if (alpha->hard_lifetime_end_time <
3652  beta->hard_lifetime_end_time)
3653  return beta;
3654  else if ((alpha->hard_lifetime_end_time ==
3655  beta->hard_lifetime_end_time) &&
3656  (alpha->soft_lifetime_end_time <
3657  beta->soft_lifetime_end_time))
3658  return beta;
3659  else
3660  return alpha;
3661 
3662  case FTS_ABANDONED:
3663  return alpha;
3664 
3665  default:
3666  log_fatal("Impossible condition at %s:%d.", MDL);
3667  }
3668  break;
3669 
3670  case FTS_ABANDONED:
3671  switch (beta->state) {
3672  case FTS_ACTIVE:
3673  case FTS_EXPIRED:
3674  return alpha;
3675 
3676  case FTS_ABANDONED:
3677  /* Choose the lease that was abandoned longest ago. */
3678  if (alpha->hard_lifetime_end_time <
3679  beta->hard_lifetime_end_time)
3680  return alpha;
3681  else
3682  return beta;
3683 
3684  default:
3685  log_fatal("Impossible condition at %s:%d.", MDL);
3686  }
3687  break;
3688 
3689  default:
3690  log_fatal("Impossible condition at %s:%d.", MDL);
3691  }
3692 
3693  log_fatal("Triple impossible condition at %s:%d.", MDL);
3694  return NULL;
3695 }
3696 
3697 /* Process a client-supplied IA_PD. This may append options to the tail of
3698  * the reply packet being built in the reply_state structure.
3699  */
3700 static isc_result_t
3701 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
3702  isc_result_t status = ISC_R_SUCCESS;
3703  u_int32_t iaid;
3704  unsigned ia_cursor;
3705  struct option_state *packet_ia;
3706  struct option_cache *oc;
3707  struct data_string ia_data, data;
3708 
3709  /* Initialize values that will get cleaned up on return. */
3710  packet_ia = NULL;
3711  memset(&ia_data, 0, sizeof(ia_data));
3712  memset(&data, 0, sizeof(data));
3713  /*
3714  * Note that find_client_prefix() may set reply->lease.
3715  */
3716 
3717  /* Make sure there is at least room for the header. */
3718  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
3719  log_error("reply_process_ia_pd: Reply too long for IA.");
3720  return ISC_R_NOSPACE;
3721  }
3722 
3723 
3724  /* Fetch the IA_PD contents. */
3725  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
3726  ia, IA_PD_OFFSET)) {
3727  log_error("reply_process_ia_pd: error evaluating ia");
3728  status = ISC_R_FAILURE;
3729  goto cleanup;
3730  }
3731 
3732  /* Extract IA_PD header contents. */
3733  iaid = getULong(ia_data.data);
3734  reply->renew = getULong(ia_data.data + 4);
3735  reply->rebind = getULong(ia_data.data + 8);
3736 
3737  /* Create an IA_PD structure. */
3738  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
3739  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
3740  log_error("reply_process_ia_pd: no memory for ia.");
3741  status = ISC_R_NOMEMORY;
3742  goto cleanup;
3743  }
3744  reply->ia->ia_type = D6O_IA_PD;
3745 
3746  /* Cache pre-existing IA_PD, if any. */
3747  ia_hash_lookup(&reply->old_ia, ia_pd_active,
3748  (unsigned char *)reply->ia->iaid_duid.data,
3749  reply->ia->iaid_duid.len, MDL);
3750 
3751  /*
3752  * Create an option cache to carry the IA_PD option contents, and
3753  * execute any user-supplied values into it.
3754  */
3755  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3756  status = ISC_R_NOMEMORY;
3757  goto cleanup;
3758  }
3759 
3760  /* Check & count the fixed prefix host records. */
3761  reply->static_prefixes = 0;
3762  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
3763  struct iaddrcidrnetlist *fp;
3764 
3765  for (fp = reply->host->fixed_prefix; fp != NULL;
3766  fp = fp->next) {
3767  reply->static_prefixes += 1;
3768  }
3769  }
3770 
3771  /*
3772  * Save the cursor position at the start of the IA_PD, so we can
3773  * set length and adjust t1/t2 values later. We write a temporary
3774  * header out now just in case we decide to adjust the packet
3775  * within sub-process functions.
3776  */
3777  ia_cursor = reply->cursor;
3778 
3779  /* Initialize the IA_PD header. First the code. */
3780  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
3781  reply->cursor += 2;
3782 
3783  /* Then option length. */
3784  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
3785  reply->cursor += 2;
3786 
3787  /* Then IA_PD header contents; IAID. */
3788  putULong(reply->buf.data + reply->cursor, iaid);
3789  reply->cursor += 4;
3790 
3791  /* We store the client's t1 for now, and may over-ride it later. */
3792  putULong(reply->buf.data + reply->cursor, reply->renew);
3793  reply->cursor += 4;
3794 
3795  /* We store the client's t2 for now, and may over-ride it later. */
3796  putULong(reply->buf.data + reply->cursor, reply->rebind);
3797  reply->cursor += 4;
3798 
3799  /*
3800  * For each prefix in this IA_PD, decide what to do about it.
3801  */
3802  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
3803  reply->valid = reply->prefer = 0xffffffff;
3804  reply->client_valid = reply->client_prefer = 0;
3805  reply->preflen = -1;
3806  for (; oc != NULL ; oc = oc->next) {
3807  status = reply_process_prefix(reply, oc);
3808 
3809  /*
3810  * Canceled means we did not allocate prefixes to the
3811  * client, but we're "done" with this IA - we set a status
3812  * code. So transmit this reply, e.g., move on to the next
3813  * IA.
3814  */
3815  if (status == ISC_R_CANCELED)
3816  break;
3817 
3818  if ((status != ISC_R_SUCCESS) &&
3819  (status != ISC_R_ADDRINUSE) &&
3820  (status != ISC_R_ADDRNOTAVAIL))
3821  goto cleanup;
3822  }
3823 
3824  reply->pd_count++;
3825 
3826  /*
3827  * If we fell through the above and never gave the client
3828  * a prefix, give it one now.
3829  */
3830  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
3831  status = find_client_prefix(reply);
3832 
3833  if (status == ISC_R_NORESOURCES) {
3834  switch (reply->packet->dhcpv6_msg_type) {
3835  case DHCPV6_SOLICIT:
3836  /*
3837  * No prefix for any IA is handled
3838  * by the caller.
3839  */
3840  /* FALL THROUGH */
3841 
3842  case DHCPV6_REQUEST:
3843  /* Same than for addresses. */
3844  option_state_dereference(&reply->reply_ia, MDL);
3845  if (!option_state_allocate(&reply->reply_ia,
3846  MDL))
3847  {
3848  log_error("reply_process_ia_pd: No "
3849  "memory for option state "
3850  "wipe.");
3851  status = ISC_R_NOMEMORY;
3852  goto cleanup;
3853  }
3854 
3855  if (!set_status_code(STATUS_NoPrefixAvail,
3856  "No prefixes available "
3857  "for this interface.",
3858  reply->reply_ia)) {
3859  log_error("reply_process_ia_pd: "
3860  "Unable to set "
3861  "NoPrefixAvail status "
3862  "code.");
3863  status = ISC_R_FAILURE;
3864  goto cleanup;
3865  }
3866 
3867  status = ISC_R_SUCCESS;
3868  break;
3869 
3870  default:
3871  if (reply->resources_included)
3872  status = ISC_R_SUCCESS;
3873  else
3874  goto cleanup;
3875  break;
3876  }
3877  }
3878 
3879  if (status != ISC_R_SUCCESS)
3880  goto cleanup;
3881  }
3882 
3883  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
3884  sizeof(reply->buf) - reply->cursor,
3885  reply->reply_ia, reply->packet,
3886  required_opts_IA_PD, NULL);
3887 
3888  /* Reset the length of this IA_PD to match what was just written. */
3889  putUShort(reply->buf.data + ia_cursor + 2,
3890  reply->cursor - (ia_cursor + 4));
3891 
3892  /*
3893  * T1/T2 time selection is kind of weird. We actually use DHCP
3894  * (v4) scoped options as handy existing places where these might
3895  * be configured by an administrator. A value of zero tells the
3896  * client it may choose its own renewal time.
3897  */
3898  reply->renew = 0;
3899  oc = lookup_option(&dhcp_universe, reply->opt_state,
3901  if (oc != NULL) {
3902  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3903  reply->packet->options,
3904  reply->opt_state, &global_scope,
3905  oc, MDL) ||
3906  (data.len != 4)) {
3907  log_error("Invalid renewal time.");
3908  } else {
3909  reply->renew = getULong(data.data);
3910  }
3911 
3912  if (data.data != NULL)
3913  data_string_forget(&data, MDL);
3914  }
3915  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
3916 
3917  /* Now T2. */
3918  reply->rebind = 0;
3919  oc = lookup_option(&dhcp_universe, reply->opt_state,
3921  if (oc != NULL) {
3922  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3923  reply->packet->options,
3924  reply->opt_state, &global_scope,
3925  oc, MDL) ||
3926  (data.len != 4)) {
3927  log_error("Invalid rebinding time.");
3928  } else {
3929  reply->rebind = getULong(data.data);
3930  }
3931 
3932  if (data.data != NULL)
3933  data_string_forget(&data, MDL);
3934  }
3935  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
3936 
3937  /*
3938  * yes, goto's aren't the best but we also want to avoid extra
3939  * indents
3940  */
3941  if (status == ISC_R_CANCELED)
3942  goto cleanup;
3943 
3944  /*
3945  * Handle static prefixes, we always log stuff and if it's
3946  * a hard binding we run any commit statements that we have
3947  */
3948  if (reply->static_prefixes != 0) {
3949  char tmp_addr[INET6_ADDRSTRLEN];
3950  log_info("%s PD: address %s/%d to client with duid %s "
3951  "iaid = %d static",
3952  dhcpv6_type_names[reply->buf.reply.msg_type],
3953  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
3954  tmp_addr, sizeof(tmp_addr)),
3955  reply->fixed_pref.bits,
3956  print_hex_1(reply->client_id.len,
3957  reply->client_id.data, 60),
3958  iaid);
3959  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3960  (reply->on_star.on_commit != NULL)) {
3961  execute_statements(NULL, reply->packet, NULL, NULL,
3962  reply->packet->options,
3963  reply->opt_state,
3964  NULL, reply->on_star.on_commit,
3965  NULL);
3967  (&reply->on_star.on_commit, MDL);
3968  }
3969  goto cleanup;
3970  }
3971 
3972  /*
3973  * If we have any addresses log what we are doing.
3974  */
3975  if (reply->ia->num_iasubopt != 0) {
3976  struct iasubopt *tmp;
3977  int i;
3978  char tmp_addr[INET6_ADDRSTRLEN];
3979 
3980  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3981  tmp = reply->ia->iasubopt[i];
3982 
3983  log_info("%s PD: address %s/%d to client with duid %s"
3984  " iaid = %d valid for %d seconds",
3985  dhcpv6_type_names[reply->buf.reply.msg_type],
3986  inet_ntop(AF_INET6, &tmp->addr,
3987  tmp_addr, sizeof(tmp_addr)),
3988  (int)tmp->plen,
3989  print_hex_1(reply->client_id.len,
3990  reply->client_id.data, 60),
3991  iaid, tmp->valid);
3992  }
3993  }
3994 
3995  /*
3996  * If this is not a 'soft' binding, consume the new changes into
3997  * the database (if any have been attached to the ia_pd).
3998  *
3999  * Loop through the assigned dynamic prefixes, referencing the
4000  * prefixes onto this IA_PD rather than any old ones, and updating
4001  * prefix pool timers for each (if any).
4002  */
4003  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4004  (reply->ia->num_iasubopt != 0)) {
4005  struct iasubopt *tmp;
4006  struct data_string *ia_id;
4007  int i;
4008 
4009  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4010  tmp = reply->ia->iasubopt[i];
4011 
4012  if (tmp->ia != NULL)
4013  ia_dereference(&tmp->ia, MDL);
4014  ia_reference(&tmp->ia, reply->ia, MDL);
4015 
4016  /* Commit 'hard' bindings. */
4017  renew_lease6(tmp->ipv6_pool, tmp);
4019 
4020  /* If we have anything to do on commit do it now */
4021  if (tmp->on_star.on_commit != NULL) {
4022  execute_statements(NULL, reply->packet,
4023  NULL, NULL,
4024  reply->packet->options,
4025  reply->opt_state,
4026  &tmp->scope,
4027  tmp->on_star.on_commit,
4028  &tmp->on_star);
4030  (&tmp->on_star.on_commit, MDL);
4031  }
4032 
4033  /* Do our threshold check. */
4034  check_pool6_threshold(reply, tmp);
4035  }
4036 
4037  /* Remove any old ia from the hash. */
4038  if (reply->old_ia != NULL) {
4039  ia_id = &reply->old_ia->iaid_duid;
4040  ia_hash_delete(ia_pd_active,
4041  (unsigned char *)ia_id->data,
4042  ia_id->len, MDL);
4043  ia_dereference(&reply->old_ia, MDL);
4044  }
4045 
4046  /* Put new ia into the hash. */
4047  reply->ia->cltt = cur_time;
4048  ia_id = &reply->ia->iaid_duid;
4049  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4050  ia_id->len, reply->ia, MDL);
4051 
4052  write_ia(reply->ia);
4053  } else {
4054  schedule_lease_timeout_reply(reply);
4055  }
4056 
4057  cleanup:
4058  if (packet_ia != NULL)
4059  option_state_dereference(&packet_ia, MDL);
4060  if (reply->reply_ia != NULL)
4061  option_state_dereference(&reply->reply_ia, MDL);
4062  if (ia_data.data != NULL)
4063  data_string_forget(&ia_data, MDL);
4064  if (data.data != NULL)
4066  if (reply->ia != NULL)
4067  ia_dereference(&reply->ia, MDL);
4068  if (reply->old_ia != NULL)
4069  ia_dereference(&reply->old_ia, MDL);
4070  if (reply->lease != NULL)
4071  iasubopt_dereference(&reply->lease, MDL);
4072  if (reply->on_star.on_expiry != NULL)
4074  (&reply->on_star.on_expiry, MDL);
4075  if (reply->on_star.on_release != NULL)
4077  (&reply->on_star.on_release, MDL);
4078 
4079  /*
4080  * ISC_R_CANCELED is a status code used by the prefix processing to
4081  * indicate we're replying with a status code. This is still a
4082  * success at higher layers.
4083  */
4084  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4085 }
4086 
4106 static struct group *
4107 find_group_by_prefix(struct reply_state *reply) {
4108  /* default group if we don't find anything better */
4109  struct group *group = reply->shared->group;
4110  struct subnet *subnet = NULL;
4111  struct iaddr tmp_addr;
4112  struct data_string fixed_addr;
4113 
4114  /* Try with the prefix first */
4115  if (find_grouped_subnet(&subnet, reply->shared,
4116  reply->fixed_pref.lo_addr, MDL) != 0) {
4117  group = subnet->group;
4118  subnet_dereference(&subnet, MDL);
4119  return (group);
4120  }
4121 
4122  /* Didn't find a subnet via prefix, what about fixed address */
4123  /* The caller has already tested reply->host != NULL */
4124 
4125  memset(&fixed_addr, 0, sizeof(fixed_addr));
4126 
4127  if ((reply->host->fixed_addr != NULL) &&
4128  (evaluate_option_cache(&fixed_addr, NULL, NULL, NULL,
4129  NULL, NULL, &global_scope,
4130  reply->host->fixed_addr, MDL))) {
4131  if (fixed_addr.len >= 16) {
4132  tmp_addr.len = 16;
4133  memcpy(tmp_addr.iabuf, fixed_addr.data, 16);
4134  if (find_grouped_subnet(&subnet, reply->shared,
4135  tmp_addr, MDL) != 0) {
4136  group = subnet->group;
4137  subnet_dereference(&subnet, MDL);
4138  }
4139  }
4140  data_string_forget(&fixed_addr, MDL);
4141  }
4142 
4143  /* return whatever we got */
4144  return (group);
4145 }
4146 
4147 /*
4148  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4149  * contents into the reply's current ia_pd-scoped option cache. Returns
4150  * ISC_R_CANCELED in the event we are replying with a status code and do
4151  * not wish to process more IAPREFIXes within this IA_PD.
4152  */
4153 static isc_result_t
4154 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4155  u_int32_t pref_life, valid_life;
4156  struct binding_scope **scope;
4157  struct iaddrcidrnet tmp_pref;
4158  struct option_cache *oc;
4159  struct data_string iapref, data;
4160  isc_result_t status = ISC_R_SUCCESS;
4161  struct group *group;
4162 
4163  /* Initializes values that will be cleaned up. */
4164  memset(&iapref, 0, sizeof(iapref));
4165  memset(&data, 0, sizeof(data));
4166  /* Note that reply->lease may be set by prefix_is_owned() */
4167 
4168  /*
4169  * There is no point trying to process an incoming prefix if there
4170  * is no room for an outgoing prefix.
4171  */
4172  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4173  log_error("reply_process_prefix: Out of room for prefix.");
4174  return ISC_R_NOSPACE;
4175  }
4176 
4177  /* Extract this IAPREFIX option. */
4178  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4179  reply->packet->options, NULL, &global_scope,
4180  pref, MDL) ||
4181  (iapref.len < IAPREFIX_OFFSET)) {
4182  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4183  status = ISC_R_FAILURE;
4184  goto cleanup;
4185  }
4186 
4187  /*
4188  * Layout: preferred and valid lifetimes followed by the prefix
4189  * length and the IPv6 address.
4190  */
4191  pref_life = getULong(iapref.data);
4192  valid_life = getULong(iapref.data + 4);
4193 
4194  if ((reply->client_valid == 0) ||
4195  (reply->client_valid > valid_life))
4196  reply->client_valid = valid_life;
4197 
4198  if ((reply->client_prefer == 0) ||
4199  (reply->client_prefer > pref_life))
4200  reply->client_prefer = pref_life;
4201 
4202  /*
4203  * Clients may choose to send ::/0 as a prefix, with the idea to give
4204  * hints about preferred-lifetime or valid-lifetime.
4205  */
4206  tmp_pref.lo_addr.len = 16;
4207  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4208  if ((iapref.data[8] == 0) &&
4209  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4210  /* Status remains success; we just ignore this one. */
4211  goto cleanup;
4212  }
4213 
4214  /*
4215  * Clients may choose to send ::/X as a prefix to specify a
4216  * preferred/requested prefix length. Note X is never zero here.
4217  */
4218  tmp_pref.bits = (int) iapref.data[8];
4219  if (reply->preflen < 0) {
4220  /* Cache the first preferred prefix length. */
4221  reply->preflen = tmp_pref.bits;
4222  }
4223  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4224  goto cleanup;
4225  }
4226 
4227  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4228 
4229  /* Verify the prefix belongs to the client. */
4230  if (!prefix_is_owned(reply, &tmp_pref)) {
4231  /* Same than for addresses. */
4232  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4233  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4234  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4235  status = reply_process_try_prefix(reply, &tmp_pref);
4236 
4237  /* Either error out or skip this prefix. */
4238  if ((status != ISC_R_SUCCESS) &&
4239  (status != ISC_R_ADDRINUSE) &&
4240  (status != ISC_R_ADDRNOTAVAIL))
4241  goto cleanup;
4242 
4243  if (reply->lease == NULL) {
4244  if (reply->packet->dhcpv6_msg_type ==
4245  DHCPV6_REBIND) {
4246  reply->send_prefer = 0;
4247  reply->send_valid = 0;
4248  goto send_pref;
4249  }
4250 
4251  /* status remains success - ignore */
4252  goto cleanup;
4253  }
4254  /*
4255  * RFC3633 section 18.2.3:
4256  *
4257  * If the delegating router cannot find a binding
4258  * for the requesting router's IA_PD the delegating
4259  * router returns the IA_PD containing no prefixes
4260  * with a Status Code option set to NoBinding in the
4261  * Reply message.
4262  *
4263  * On mismatch we (ab)use this pretending we have not the IA
4264  * as soon as we have not a prefix.
4265  */
4266  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4267  /* Rewind the IA_PD to empty. */
4268  option_state_dereference(&reply->reply_ia, MDL);
4269  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4270  log_error("reply_process_prefix: No memory "
4271  "for option state wipe.");
4272  status = ISC_R_NOMEMORY;
4273  goto cleanup;
4274  }
4275 
4276  /* Append a NoBinding status code. */
4277  if (!set_status_code(STATUS_NoBinding,
4278  "Prefix not bound to this "
4279  "interface.", reply->reply_ia)) {
4280  log_error("reply_process_prefix: Unable to "
4281  "attach status code.");
4282  status = ISC_R_FAILURE;
4283  goto cleanup;
4284  }
4285 
4286  /* Fin (no more IAPREFIXes). */
4287  status = ISC_R_CANCELED;
4288  goto cleanup;
4289  } else {
4290  log_error("It is impossible to lease a client that is "
4291  "not sending a solicit, request, renew, or "
4292  "rebind message.");
4293  status = ISC_R_FAILURE;
4294  goto cleanup;
4295  }
4296  }
4297 
4298  if (reply->static_prefixes > 0) {
4299  if (reply->host == NULL)
4300  log_fatal("Impossible condition at %s:%d.", MDL);
4301 
4302  scope = &global_scope;
4303 
4304  /* Copy the static prefix for logging and finding the group */
4305  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4306 
4307  /* Try to find a group for the static prefix */
4308  group = find_group_by_prefix(reply);
4309  } else {
4310  if (reply->lease == NULL)
4311  log_fatal("Impossible condition at %s:%d.", MDL);
4312 
4313  scope = &reply->lease->scope;
4314  group = reply->lease->ipv6_pool->ipv6_pond->group;
4315  }
4316 
4317  /*
4318  * If client_resources is nonzero, then the reply_process_is_prefixed
4319  * function has executed configuration state into the reply option
4320  * cache. We will use that valid cache to derive configuration for
4321  * whether or not to engage in additional prefixes, and similar.
4322  */
4323  if (reply->client_resources != 0) {
4324  unsigned limit = 1;
4325 
4326  /*
4327  * Does this client have "enough" prefixes already? Default
4328  * to one. Everybody gets one, and one should be enough for
4329  * anybody.
4330  */
4331  oc = lookup_option(&server_universe, reply->opt_state,
4333  if (oc != NULL) {
4334  if (!evaluate_option_cache(&data, reply->packet,
4335  NULL, NULL,
4336  reply->packet->options,
4337  reply->opt_state,
4338  scope, oc, MDL) ||
4339  (data.len != 4)) {
4340  log_error("reply_process_prefix: unable to "
4341  "evaluate prefs-per-ia value.");
4342  status = ISC_R_FAILURE;
4343  goto cleanup;
4344  }
4345 
4346  limit = getULong(data.data);
4347  data_string_forget(&data, MDL);
4348  }
4349 
4350  /*
4351  * If we wish to limit the client to a certain number of
4352  * prefixes, then omit the prefix from the reply.
4353  */
4354  if (reply->client_resources >= limit)
4355  goto cleanup;
4356  }
4357 
4358  status = reply_process_is_prefixed(reply, scope, group);
4359  if (status != ISC_R_SUCCESS)
4360  goto cleanup;
4361 
4362  send_pref:
4363  status = reply_process_send_prefix(reply, &tmp_pref);
4364 
4365  cleanup:
4366  if (iapref.data != NULL)
4367  data_string_forget(&iapref, MDL);
4368  if (data.data != NULL)
4369  data_string_forget(&data, MDL);
4370  if (reply->lease != NULL)
4371  iasubopt_dereference(&reply->lease, MDL);
4372 
4373  return status;
4374 }
4375 
4376 /*
4377  * Verify the prefix belongs to the client. If we've got a host
4378  * record with fixed prefixes, it has to be an assigned prefix
4379  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4380  * that prefix and make sure it belongs to this DUID:IAID pair.
4381  */
4382 static isc_boolean_t
4383 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4384  struct iaddrcidrnetlist *l;
4385  int i;
4386  struct ipv6_pond *pond;
4387 
4388  /*
4389  * This faults out prefixes that don't match fixed prefixes.
4390  */
4391  if (reply->static_prefixes > 0) {
4392  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4393  if ((pref->bits == l->cidrnet.bits) &&
4394  (memcmp(pref->lo_addr.iabuf,
4395  l->cidrnet.lo_addr.iabuf, 16) == 0))
4396  return (ISC_TRUE);
4397  }
4398  return (ISC_FALSE);
4399  }
4400 
4401  if ((reply->old_ia == NULL) ||
4402  (reply->old_ia->num_iasubopt == 0))
4403  return (ISC_FALSE);
4404 
4405  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4406  struct iasubopt *tmp;
4407 
4408  tmp = reply->old_ia->iasubopt[i];
4409 
4410  if ((pref->bits == (int) tmp->plen) &&
4411  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4412  if (lease6_usable(tmp) == ISC_FALSE) {
4413  return (ISC_FALSE);
4414  }
4415 
4416  pond = tmp->ipv6_pool->ipv6_pond;
4417  if (((pond->prohibit_list != NULL) &&
4418  (permitted(reply->packet, pond->prohibit_list))) ||
4419  ((pond->permit_list != NULL) &&
4420  (!permitted(reply->packet, pond->permit_list))))
4421  return (ISC_FALSE);
4422 
4423  iasubopt_reference(&reply->lease, tmp, MDL);
4424  return (ISC_TRUE);
4425  }
4426  }
4427 
4428  return (ISC_FALSE);
4429 }
4430 
4431 /*
4432  * This function only returns failure on 'hard' failures. If it succeeds,
4433  * it will leave a prefix structure behind.
4434  */
4435 static isc_result_t
4436 reply_process_try_prefix(struct reply_state *reply,
4437  struct iaddrcidrnet *pref) {
4438  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4439  struct ipv6_pool *pool = NULL;
4440  struct ipv6_pond *pond = NULL;
4441  int i;
4442  struct data_string data_pref;
4443 
4444  if ((reply == NULL) || (reply->shared == NULL) ||
4445  (pref == NULL) || (reply->lease != NULL))
4446  return (DHCP_R_INVALIDARG);
4447 
4448  /*
4449  * Do a quick walk through of the ponds and pools
4450  * to see if we have any prefix pools
4451  */
4452  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4453  if (pond->ipv6_pools == NULL)
4454  continue;
4455 
4456  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4457  if (pool->pool_type == D6O_IA_PD)
4458  break;
4459  }
4460  if (pool != NULL)
4461  break;
4462  }
4463 
4464  /* If we get here and p is NULL we have no useful pools */
4465  if (pool == NULL) {
4466  return (ISC_R_ADDRNOTAVAIL);
4467  }
4468 
4469  memset(&data_pref, 0, sizeof(data_pref));
4470  data_pref.len = 17;
4471  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4472  log_error("reply_process_try_prefix: out of memory.");
4473  return (ISC_R_NOMEMORY);
4474  }
4475  data_pref.data = data_pref.buffer->data;
4476  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4477  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4478 
4479  /*
4480  * We have at least one pool that could provide a prefix
4481  * Now we walk through the ponds and pools again and check
4482  * to see if the client is permitted and if an prefix is
4483  * available
4484  *
4485  */
4486 
4487  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4488  if (((pond->prohibit_list != NULL) &&
4489  (permitted(reply->packet, pond->prohibit_list))) ||
4490  ((pond->permit_list != NULL) &&
4491  (!permitted(reply->packet, pond->permit_list))))
4492  continue;
4493 
4494  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4495  if (pool->pool_type != D6O_IA_PD) {
4496  continue;
4497  }
4498 
4499  status = try_client_v6_prefix(&reply->lease, pool,
4500  &data_pref);
4501  /* If we found it in this pool (either in use or available),
4502  there is no need to look further. */
4503  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4504  break;
4505  }
4506  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4507  break;
4508  }
4509 
4510  data_string_forget(&data_pref, MDL);
4511  /* Return just the most recent status... */
4512  return (status);
4513 }
4514 
4515 /* Look around for a prefix to give the client. First, look through the old
4516  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4517  * Finally, actually add that prefix into the current reply IA_PD.
4518  */
4519 static isc_result_t
4520 find_client_prefix(struct reply_state *reply) {
4521  struct iaddrcidrnet send_pref;
4522  isc_result_t status = ISC_R_NORESOURCES;
4523  struct iasubopt *prefix, *best_prefix = NULL;
4524  struct binding_scope **scope;
4525  int i;
4526  struct group *group;
4527 
4528  if (reply->static_prefixes > 0) {
4529  struct iaddrcidrnetlist *l;
4530 
4531  if (reply->host == NULL)
4532  return DHCP_R_INVALIDARG;
4533 
4534  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4535  if (l->cidrnet.bits == reply->preflen)
4536  break;
4537  }
4538  if (l == NULL) {
4539  /*
4540  * If no fixed prefix has the preferred length,
4541  * get the first one.
4542  */
4543  l = reply->host->fixed_prefix;
4544  }
4545  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4546 
4547  scope = &global_scope;
4548 
4549  /* Copy the prefix for logging purposes */
4550  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4551 
4552  /* Try to find a group for the static prefix */
4553  group = find_group_by_prefix(reply);
4554 
4555  goto send_pref;
4556  }
4557 
4558  if (reply->old_ia != NULL) {
4559  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4560  struct shared_network *candidate_shared;
4561  struct ipv6_pond *pond;
4562 
4563  prefix = reply->old_ia->iasubopt[i];
4564  candidate_shared = prefix->ipv6_pool->shared_network;
4565  pond = prefix->ipv6_pool->ipv6_pond;
4566 
4567  /*
4568  * Consider this prefix if it is in a global pool or
4569  * if it is scoped in a pool under the client's shared
4570  * network.
4571  */
4572  if (((candidate_shared != NULL) &&
4573  (candidate_shared != reply->shared)) ||
4574  (lease6_usable(prefix) != ISC_TRUE))
4575  continue;
4576 
4577  /*
4578  * And check if the prefix is still permitted
4579  */
4580 
4581  if (((pond->prohibit_list != NULL) &&
4582  (permitted(reply->packet, pond->prohibit_list))) ||
4583  ((pond->permit_list != NULL) &&
4584  (!permitted(reply->packet, pond->permit_list))))
4585  continue;
4586 
4587  best_prefix = prefix_compare(reply, prefix,
4588  best_prefix);
4589  }
4590  }
4591 
4592  /* Try to pick a new prefix if we didn't find one, or if we found an
4593  * abandoned prefix.
4594  */
4595  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4596  status = pick_v6_prefix(reply);
4597  } else if (best_prefix != NULL) {
4598  iasubopt_reference(&reply->lease, best_prefix, MDL);
4599  status = ISC_R_SUCCESS;
4600  }
4601 
4602  /* Pick the abandoned prefix as a last resort. */
4603  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4604  /* I don't see how this is supposed to be done right now. */
4605  log_error("Reclaiming abandoned prefixes is not yet "
4606  "supported. Treating this as an out of space "
4607  "condition.");
4608  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4609  }
4610 
4611  /* Give up now if we didn't find a prefix. */
4612  if (status != ISC_R_SUCCESS)
4613  return status;
4614 
4615  if (reply->lease == NULL)
4616  log_fatal("Impossible condition at %s:%d.", MDL);
4617 
4618  scope = &reply->lease->scope;
4619  group = reply->lease->ipv6_pool->ipv6_pond->group;
4620 
4621  send_pref.lo_addr.len = 16;
4622  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4623  send_pref.bits = (int) reply->lease->plen;
4624 
4625  send_pref:
4626  status = reply_process_is_prefixed(reply, scope, group);
4627  if (status != ISC_R_SUCCESS)
4628  return status;
4629 
4630  status = reply_process_send_prefix(reply, &send_pref);
4631  return status;
4632 }
4633 
4634 /* Once a prefix is found for a client, perform several common functions;
4635  * Calculate and store valid and preferred prefix times, draw client options
4636  * into the option state.
4637  */
4638 static isc_result_t
4639 reply_process_is_prefixed(struct reply_state *reply,
4640  struct binding_scope **scope, struct group *group)
4641 {
4642  isc_result_t status = ISC_R_SUCCESS;
4643  struct data_string data;
4644  struct option_cache *oc;
4645  struct option_state *tmp_options = NULL;
4646  struct on_star *on_star;
4647  int i;
4648 
4649  /* Initialize values we will cleanup. */
4650  memset(&data, 0, sizeof(data));
4651 
4652  /*
4653  * Find the proper on_star block to use. We use the
4654  * one in the lease if we have a lease or the one in
4655  * the reply if we don't have a lease because this is
4656  * a static instance
4657  */
4658  if (reply->lease) {
4659  on_star = &reply->lease->on_star;
4660  } else {
4661  on_star = &reply->on_star;
4662  }
4663 
4664  /*
4665  * Bring in the root configuration. We only do this to bring
4666  * in the on * statements, as we didn't have the lease available
4667  * we we did it the first time.
4668  */
4669  option_state_allocate(&tmp_options, MDL);
4670  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4671  reply->packet->options, tmp_options,
4672  &global_scope, root_group, NULL,
4673  on_star);
4674  if (tmp_options != NULL) {
4675  option_state_dereference(&tmp_options, MDL);
4676  }
4677 
4678  /*
4679  * Bring configured options into the root packet level cache - start
4680  * with the lease's closest enclosing group (passed in by the caller
4681  * as 'group').
4682  */
4683  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4684  reply->packet->options, reply->opt_state,
4685  scope, group, root_group, on_star);
4686 
4687  /* Execute statements from class scopes. */
4688  for (i = reply->packet->class_count; i > 0; i--) {
4689  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4690  reply->packet->options,
4691  reply->opt_state, scope,
4692  reply->packet->classes[i - 1]->group,
4693  group, on_star);
4694  }
4695 
4696  /*
4697  * If there is a host record, over-ride with values configured there,
4698  * without re-evaluating configuration from the previously executed
4699  * group or its common enclosers.
4700  */
4701  if (reply->host != NULL)
4702  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4703  reply->packet->options,
4704  reply->opt_state, scope,
4705  reply->host->group, group,
4706  on_star);
4707 
4708  /* Determine valid lifetime. */
4709  if (reply->client_valid == 0)
4710  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
4711  else
4712  reply->send_valid = reply->client_valid;
4713 
4714  oc = lookup_option(&server_universe, reply->opt_state,
4716  if (oc != NULL) {
4717  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4718  reply->packet->options,
4719  reply->opt_state,
4720  scope, oc, MDL) ||
4721  (data.len != 4)) {
4722  log_error("reply_process_is_prefixed: unable to "
4723  "evaluate default prefix time");
4724  status = ISC_R_FAILURE;
4725  goto cleanup;
4726  }
4727 
4728  reply->send_valid = getULong(data.data);
4729  data_string_forget(&data, MDL);
4730  }
4731 
4732  if (reply->client_prefer == 0)
4733  reply->send_prefer = reply->send_valid;
4734  else
4735  reply->send_prefer = reply->client_prefer;
4736 
4737  if (reply->send_prefer >= reply->send_valid)
4738  reply->send_prefer = (reply->send_valid / 2) +
4739  (reply->send_valid / 8);
4740 
4741  oc = lookup_option(&server_universe, reply->opt_state,
4743  if (oc != NULL) {
4744  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4745  reply->packet->options,
4746  reply->opt_state,
4747  scope, oc, MDL) ||
4748  (data.len != 4)) {
4749  log_error("reply_process_is_prefixed: unable to "
4750  "evaluate preferred prefix time");
4751  status = ISC_R_FAILURE;
4752  goto cleanup;
4753  }
4754 
4755  reply->send_prefer = getULong(data.data);
4756  data_string_forget(&data, MDL);
4757  }
4758 
4759  /* Note lowest values for later calculation of renew/rebind times. */
4760  if (reply->prefer > reply->send_prefer)
4761  reply->prefer = reply->send_prefer;
4762 
4763  if (reply->valid > reply->send_valid)
4764  reply->valid = reply->send_valid;
4765 
4766  /* Perform dynamic prefix related update work. */
4767  if (reply->lease != NULL) {
4768  /* Cached lifetimes */
4769  reply->lease->prefer = reply->send_prefer;
4770  reply->lease->valid = reply->send_valid;
4771 
4772  /* Advance (or rewind) the valid lifetime. */
4773  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
4774  reply->lease->soft_lifetime_end_time =
4775  cur_time + reply->send_valid;
4776  /* Wait before renew! */
4777  }
4778 
4779  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
4780  if (status != ISC_R_SUCCESS) {
4781  log_fatal("reply_process_is_prefixed: Unable to "
4782  "attach prefix to new IA_PD: %s",
4783  isc_result_totext(status));
4784  }
4785 
4786  /*
4787  * If this is a new prefix, make sure it is attached somewhere.
4788  */
4789  if (reply->lease->ia == NULL) {
4790  ia_reference(&reply->lease->ia, reply->ia, MDL);
4791  }
4792  }
4793 
4794  /* Bring a copy of the relevant options into the IA_PD scope. */
4795  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4796  reply->packet->options, reply->reply_ia,
4797  scope, group, root_group, NULL);
4798 
4799  /* Execute statements from class scopes. */
4800  for (i = reply->packet->class_count; i > 0; i--) {
4801  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4802  reply->packet->options,
4803  reply->reply_ia, scope,
4804  reply->packet->classes[i - 1]->group,
4805  group, NULL);
4806  }
4807 
4808  /*
4809  * And bring in host record configuration, if any, but not to overlap
4810  * the previous group or its common enclosers.
4811  */
4812  if (reply->host != NULL)
4813  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4814  reply->packet->options,
4815  reply->reply_ia, scope,
4816  reply->host->group, group, NULL);
4817 
4818  cleanup:
4819  if (data.data != NULL)
4820  data_string_forget(&data, MDL);
4821 
4822  if (status == ISC_R_SUCCESS)
4823  reply->client_resources++;
4824 
4825  return status;
4826 }
4827 
4828 /* Simply send an IAPREFIX within the IA_PD scope as described. */
4829 static isc_result_t
4830 reply_process_send_prefix(struct reply_state *reply,
4831  struct iaddrcidrnet *pref) {
4832  isc_result_t status = ISC_R_SUCCESS;
4833  struct data_string data;
4834 
4835  memset(&data, 0, sizeof(data));
4836 
4837  /* Now append the prefix. */
4838  data.len = IAPREFIX_OFFSET;
4839  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
4840  log_error("reply_process_send_prefix: out of memory"
4841  "allocating new IAPREFIX buffer.");
4842  status = ISC_R_NOMEMORY;
4843  goto cleanup;
4844  }
4845  data.data = data.buffer->data;
4846 
4847  putULong(data.buffer->data, reply->send_prefer);
4848  putULong(data.buffer->data + 4, reply->send_valid);
4849  data.buffer->data[8] = pref->bits;
4850  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
4851 
4852  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
4853  data.buffer, data.buffer->data,
4854  data.len, D6O_IAPREFIX, 0)) {
4855  log_error("reply_process_send_prefix: unable "
4856  "to save IAPREFIX option");
4857  status = ISC_R_FAILURE;
4858  goto cleanup;
4859  }
4860 
4861  reply->resources_included = ISC_TRUE;
4862 
4863  cleanup:
4864  if (data.data != NULL)
4866 
4867  return status;
4868 }
4869 
4870 /* Choose the better of two prefixes. */
4871 static struct iasubopt *
4872 prefix_compare(struct reply_state *reply,
4873  struct iasubopt *alpha, struct iasubopt *beta) {
4874  if (alpha == NULL)
4875  return beta;
4876  if (beta == NULL)
4877  return alpha;
4878 
4879  if (reply->preflen >= 0) {
4880  if ((alpha->plen == reply->preflen) &&
4881  (beta->plen != reply->preflen))
4882  return alpha;
4883  if ((beta->plen == reply->preflen) &&
4884  (alpha->plen != reply->preflen))
4885  return beta;
4886  }
4887 
4888  switch(alpha->state) {
4889  case FTS_ACTIVE:
4890  switch(beta->state) {
4891  case FTS_ACTIVE:
4892  /* Choose the prefix with the longest lifetime (most
4893  * likely the most recently allocated).
4894  */
4895  if (alpha->hard_lifetime_end_time <
4896  beta->hard_lifetime_end_time)
4897  return beta;
4898  else
4899  return alpha;
4900 
4901  case FTS_EXPIRED:
4902  case FTS_ABANDONED:
4903  return alpha;
4904 
4905  default:
4906  log_fatal("Impossible condition at %s:%d.", MDL);
4907  }
4908  break;
4909 
4910  case FTS_EXPIRED:
4911  switch (beta->state) {
4912  case FTS_ACTIVE:
4913  return beta;
4914 
4915  case FTS_EXPIRED:
4916  /* Choose the most recently expired prefix. */
4917  if (alpha->hard_lifetime_end_time <
4918  beta->hard_lifetime_end_time)
4919  return beta;
4920  else if ((alpha->hard_lifetime_end_time ==
4921  beta->hard_lifetime_end_time) &&
4922  (alpha->soft_lifetime_end_time <
4923  beta->soft_lifetime_end_time))
4924  return beta;
4925  else
4926  return alpha;
4927 
4928  case FTS_ABANDONED:
4929  return alpha;
4930 
4931  default:
4932  log_fatal("Impossible condition at %s:%d.", MDL);
4933  }
4934  break;
4935 
4936  case FTS_ABANDONED:
4937  switch (beta->state) {
4938  case FTS_ACTIVE:
4939  case FTS_EXPIRED:
4940  return alpha;
4941 
4942  case FTS_ABANDONED:
4943  /* Choose the prefix that was abandoned longest ago. */
4944  if (alpha->hard_lifetime_end_time <
4945  beta->hard_lifetime_end_time)
4946  return alpha;
4947  else
4948  return beta;
4949 
4950  default:
4951  log_fatal("Impossible condition at %s:%d.", MDL);
4952  }
4953  break;
4954 
4955  default:
4956  log_fatal("Impossible condition at %s:%d.", MDL);
4957  }
4958 
4959  log_fatal("Triple impossible condition at %s:%d.", MDL);
4960  return NULL;
4961 }
4962 
4963 /*
4964  * Solicit is how a client starts requesting addresses.
4965  *
4966  * If the client asks for rapid commit, and we support it, we will
4967  * allocate the addresses and reply.
4968  *
4969  * Otherwise we will send an advertise message.
4970  */
4971 
4972 static void
4973 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
4974  struct data_string client_id;
4975 
4977 
4978  /*
4979  * Validate our input.
4980  */
4981  if (!valid_client_msg(packet, &client_id)) {
4982  return;
4983  }
4984 
4985  lease_to_client(reply_ret, packet, &client_id, NULL);
4986 
4987  /*
4988  * Clean up.
4989  */
4990  data_string_forget(&client_id, MDL);
4991 
4993 }
4994 
4995 /*
4996  * Request is how a client actually requests addresses.
4997  *
4998  * Very similar to Solicit handling, except the server DUID is required.
4999  */
5000 
5001 static void
5002 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5003  struct data_string client_id;
5004  struct data_string server_id;
5005 
5007 
5008  /*
5009  * Validate our input.
5010  */
5011  if (!valid_client_resp(packet, &client_id, &server_id)) {
5012  return;
5013  }
5014 
5015  /* If the REQUEST arrived via unicast and unicast option isn't set,
5016  * reject it per RFC 3315, Sec 18.2.1 */
5017  if (packet->unicast == ISC_TRUE &&
5018  is_unicast_option_defined(packet) == ISC_FALSE) {
5019  unicast_reject(reply_ret, packet, &client_id, &server_id);
5020  } else {
5021  /*
5022  * Issue our lease.
5023  */
5024  lease_to_client(reply_ret, packet, &client_id, &server_id);
5025  }
5026 
5027  /*
5028  * Cleanup.
5029  */
5030  data_string_forget(&client_id, MDL);
5031  data_string_forget(&server_id, MDL);
5032 
5034 }
5035 
5036 /* Find a DHCPv6 packet's shared network from hints in the packet.
5037  */
5038 static isc_result_t
5039 shared_network_from_packet6(struct shared_network **shared,
5040  struct packet *packet)
5041 {
5042  const struct packet *chk_packet;
5043  const struct in6_addr *link_addr, *first_link_addr;
5044  struct iaddr tmp_addr;
5045  struct subnet *subnet;
5046  isc_result_t status;
5047 
5048  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5049  return DHCP_R_INVALIDARG;
5050 
5051  /*
5052  * First, find the link address where the packet from the client
5053  * first appeared (if this packet was relayed).
5054  */
5055  first_link_addr = NULL;
5056  chk_packet = packet->dhcpv6_container_packet;
5057  while (chk_packet != NULL) {
5058  link_addr = &chk_packet->dhcpv6_link_address;
5059  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5060  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5061  first_link_addr = link_addr;
5062  break;
5063  }
5064  chk_packet = chk_packet->dhcpv6_container_packet;
5065  }
5066 
5067  /*
5068  * If there is a relayed link address, find the subnet associated
5069  * with that, and use that to get the appropriate
5070  * shared_network.
5071  */
5072  if (first_link_addr != NULL) {
5073  tmp_addr.len = sizeof(*first_link_addr);
5074  memcpy(tmp_addr.iabuf,
5075  first_link_addr, sizeof(*first_link_addr));
5076  subnet = NULL;
5077  if (!find_subnet(&subnet, tmp_addr, MDL)) {
5078  log_debug("No subnet found for link-address %s.",
5079  piaddr(tmp_addr));
5080  return ISC_R_NOTFOUND;
5081  }
5082  status = shared_network_reference(shared,
5083  subnet->shared_network, MDL);
5084  subnet_dereference(&subnet, MDL);
5085 
5086  /*
5087  * If there is no link address, we will use the interface
5088  * that this packet came in on to pick the shared_network.
5089  */
5090  } else if (packet->interface != NULL) {
5091  status = shared_network_reference(shared,
5092  packet->interface->shared_network,
5093  MDL);
5094  if (packet->dhcpv6_container_packet != NULL) {
5095  log_info("[L2 Relay] No link address in relay packet "
5096  "assuming L2 relay and using receiving "
5097  "interface");
5098  }
5099 
5100  } else {
5101  /*
5102  * We shouldn't be able to get here but if there is no link
5103  * address and no interface we don't know where to get the
5104  * pool from log an error and return an error.
5105  */
5106  log_error("No interface and no link address "
5107  "can't determine pool");
5108  status = DHCP_R_INVALIDARG;
5109  }
5110 
5111  return status;
5112 }
5113 
5114 /*
5115  * When a client thinks it might be on a new link, it sends a
5116  * Confirm message.
5117  *
5118  * From RFC3315 section 18.2.2:
5119  *
5120  * When the server receives a Confirm message, the server determines
5121  * whether the addresses in the Confirm message are appropriate for the
5122  * link to which the client is attached. If all of the addresses in the
5123  * Confirm message pass this test, the server returns a status of
5124  * Success. If any of the addresses do not pass this test, the server
5125  * returns a status of NotOnLink. If the server is unable to perform
5126  * this test (for example, the server does not have information about
5127  * prefixes on the link to which the client is connected), or there were
5128  * no addresses in any of the IAs sent by the client, the server MUST
5129  * NOT send a reply to the client.
5130  */
5131 
5132 static void
5133 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5134  struct shared_network *shared;
5135  struct subnet *subnet;
5136  struct option_cache *ia, *ta, *oc;
5137  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5138  struct option_state *cli_enc_opt_state, *opt_state;
5139  struct iaddr cli_addr;
5140  int pass;
5141  isc_boolean_t inappropriate, has_addrs;
5142  char reply_data[65536];
5143  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5144  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5145 
5147 
5148  /*
5149  * Basic client message validation.
5150  */
5151  memset(&client_id, 0, sizeof(client_id));
5152  if (!valid_client_msg(packet, &client_id)) {
5153  return;
5154  }
5155 
5156  /*
5157  * Do not process Confirms that do not have IA's we do not recognize.
5158  */
5161  if ((ia == NULL) && (ta == NULL))
5162  return;
5163 
5164  /*
5165  * IA_PD's are simply ignored.
5166  */
5168 
5169  /*
5170  * Bit of variable initialization.
5171  */
5172  opt_state = cli_enc_opt_state = NULL;
5173  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5174  memset(&iaaddr, 0, sizeof(iaaddr));
5175  memset(&packet_oro, 0, sizeof(packet_oro));
5176 
5177  /* Determine what shared network the client is connected to. We
5178  * must not respond if we don't have any information about the
5179  * network the client is on.
5180  */
5181  shared = NULL;
5182  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5183  (shared == NULL))
5184  goto exit;
5185 
5186  /* If there are no recorded subnets, then we have no
5187  * information about this subnet - ignore Confirms.
5188  */
5189  subnet = shared->subnets;
5190  if (subnet == NULL)
5191  goto exit;
5192 
5193  /* Are the addresses in all the IA's appropriate for that link? */
5194  has_addrs = inappropriate = ISC_FALSE;
5195  pass = D6O_IA_NA;
5196  while(!inappropriate) {
5197  /* If we've reached the end of the IA_NA pass, move to the
5198  * IA_TA pass.
5199  */
5200  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5201  pass = D6O_IA_TA;
5202  ia = ta;
5203  }
5204 
5205  /* If we've reached the end of all passes, we're done. */
5206  if (ia == NULL)
5207  break;
5208 
5209  if (((pass == D6O_IA_NA) &&
5210  !get_encapsulated_IA_state(&cli_enc_opt_state,
5211  &cli_enc_opt_data,
5212  packet, ia, IA_NA_OFFSET)) ||
5213  ((pass == D6O_IA_TA) &&
5214  !get_encapsulated_IA_state(&cli_enc_opt_state,
5215  &cli_enc_opt_data,
5216  packet, ia, IA_TA_OFFSET))) {
5217  goto exit;
5218  }
5219 
5220  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5221  D6O_IAADDR);
5222 
5223  for ( ; oc != NULL ; oc = oc->next) {
5224  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5225  packet->options, NULL,
5226  &global_scope, oc, MDL) ||
5227  (iaaddr.len < IAADDR_OFFSET)) {
5228  log_error("dhcpv6_confirm: "
5229  "error evaluating IAADDR.");
5230  goto exit;
5231  }
5232 
5233  /* Copy out the IPv6 address for processing. */
5234  cli_addr.len = 16;
5235  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5236 
5237  data_string_forget(&iaaddr, MDL);
5238 
5239  /* Record that we've processed at least one address. */
5240  has_addrs = ISC_TRUE;
5241 
5242  /* Find out if any subnets cover this address. */
5243  for (subnet = shared->subnets ; subnet != NULL ;
5244  subnet = subnet->next_sibling) {
5245  if (addr_eq(subnet_number(cli_addr,
5246  subnet->netmask),
5247  subnet->net))
5248  break;
5249  }
5250 
5251  /* If we reach the end of the subnet list, and no
5252  * subnet matches the client address, then it must
5253  * be inappropriate to the link (so far as our
5254  * configuration says). Once we've found one
5255  * inappropriate address, there is no reason to
5256  * continue searching.
5257  */
5258  if (subnet == NULL) {
5259  inappropriate = ISC_TRUE;
5260  break;
5261  }
5262  }
5263 
5264  option_state_dereference(&cli_enc_opt_state, MDL);
5265  data_string_forget(&cli_enc_opt_data, MDL);
5266 
5267  /* Advance to the next IA_*. */
5268  ia = ia->next;
5269  }
5270 
5271  /* If the client supplied no addresses, do not reply. */
5272  if (!has_addrs)
5273  goto exit;
5274 
5275  /*
5276  * Set up reply.
5277  */
5278  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5279  goto exit;
5280  }
5281 
5282  /*
5283  * Set our status.
5284  */
5285  if (inappropriate) {
5286  if (!set_status_code(STATUS_NotOnLink,
5287  "Some of the addresses are not on link.",
5288  opt_state)) {
5289  goto exit;
5290  }
5291  } else {
5292  if (!set_status_code(STATUS_Success,
5293  "All addresses still on link.",
5294  opt_state)) {
5295  goto exit;
5296  }
5297  }
5298 
5299  /*
5300  * Only one option: add it.
5301  */
5302  reply_ofs += store_options6(reply_data+reply_ofs,
5303  sizeof(reply_data)-reply_ofs,
5304  opt_state, packet,
5305  required_opts, &packet_oro);
5306 
5307  /*
5308  * Return our reply to the caller.
5309  */
5310  reply_ret->len = reply_ofs;
5311  reply_ret->buffer = NULL;
5312  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5313  log_fatal("No memory to store reply.");
5314  }
5315  reply_ret->data = reply_ret->buffer->data;
5316  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5317 
5318 exit:
5319  /* Cleanup any stale data strings. */
5320  if (cli_enc_opt_data.buffer != NULL)
5321  data_string_forget(&cli_enc_opt_data, MDL);
5322  if (iaaddr.buffer != NULL)
5323  data_string_forget(&iaaddr, MDL);
5324  if (client_id.buffer != NULL)
5325  data_string_forget(&client_id, MDL);
5326  if (packet_oro.buffer != NULL)
5327  data_string_forget(&packet_oro, MDL);
5328 
5329  /* Release any stale option states. */
5330  if (cli_enc_opt_state != NULL)
5331  option_state_dereference(&cli_enc_opt_state, MDL);
5332  if (opt_state != NULL)
5333  option_state_dereference(&opt_state, MDL);
5334 
5336 }
5337 
5338 /*
5339  * Renew is when a client wants to extend its lease/prefix, at time T1.
5340  *
5341  * We handle this the same as if the client wants a new lease/prefix,
5342  * except for the error code of when addresses don't match.
5343  */
5344 
5345 static void
5346 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5347  struct data_string client_id;
5348  struct data_string server_id;
5349 
5351 
5352  /*
5353  * Validate the request.
5354  */
5355  if (!valid_client_resp(packet, &client_id, &server_id)) {
5356  return;
5357  }
5358 
5359  /* If the RENEW arrived via unicast and unicast option isn't set,
5360  * reject it per RFC 3315, Sec 18.2.3 */
5361  if (packet->unicast == ISC_TRUE &&
5362  is_unicast_option_defined(packet) == ISC_FALSE) {
5363  unicast_reject(reply, packet, &client_id, &server_id);
5364  } else {
5365  /*
5366  * Renew our lease.
5367  */
5368  lease_to_client(reply, packet, &client_id, &server_id);
5369  }
5370 
5371  /*
5372  * Cleanup.
5373  */
5374  data_string_forget(&server_id, MDL);
5375  data_string_forget(&client_id, MDL);
5376 
5378 }
5379 
5380 /*
5381  * Rebind is when a client wants to extend its lease, at time T2.
5382  *
5383  * We handle this the same as if the client wants a new lease, except
5384  * for the error code of when addresses don't match.
5385  */
5386 
5387 static void
5388 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5389  struct data_string client_id;
5390 
5392 
5393  if (!valid_client_msg(packet, &client_id)) {
5394  return;
5395  }
5396 
5397  lease_to_client(reply, packet, &client_id, NULL);
5398 
5399  data_string_forget(&client_id, MDL);
5400 
5402 }
5403 
5404 static void
5405 ia_na_match_decline(const struct data_string *client_id,
5406  const struct data_string *iaaddr,
5407  struct iasubopt *lease)
5408 {
5409  char tmp_addr[INET6_ADDRSTRLEN];
5410 
5411  log_error("Client %s reports address %s is "
5412  "already in use by another host!",
5413  print_hex_1(client_id->len, client_id->data, 60),
5414  inet_ntop(AF_INET6, iaaddr->data,
5415  tmp_addr, sizeof(tmp_addr)));
5416  if (lease != NULL) {
5417  decline_lease6(lease->ipv6_pool, lease);
5418  lease->ia->cltt = cur_time;
5419  write_ia(lease->ia);
5420  }
5421 }
5422 
5423 static void
5424 ia_na_nomatch_decline(const struct data_string *client_id,
5425  const struct data_string *iaaddr,
5426  u_int32_t *ia_na_id,
5427  struct packet *packet,
5428  char *reply_data,
5429  int *reply_ofs,
5430  int reply_len)
5431 {
5432  char tmp_addr[INET6_ADDRSTRLEN];
5433  struct option_state *host_opt_state;
5434  int len;
5435 
5436  log_info("Client %s declines address %s, which is not offered to it.",
5437  print_hex_1(client_id->len, client_id->data, 60),
5438  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5439 
5440  /*
5441  * Create state for this IA_NA.
5442  */
5443  host_opt_state = NULL;
5444  if (!option_state_allocate(&host_opt_state, MDL)) {
5445  log_error("ia_na_nomatch_decline: out of memory "
5446  "allocating option_state.");
5447  goto exit;
5448  }
5449 
5450  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5451  host_opt_state)) {
5452  goto exit;
5453  }
5454 
5455  /*
5456  * Insure we have enough space
5457  */
5458  if (reply_len < (*reply_ofs + 16)) {
5459  log_error("ia_na_nomatch_decline: "
5460  "out of space for reply packet.");
5461  goto exit;
5462  }
5463 
5464  /*
5465  * Put our status code into the reply packet.
5466  */
5467  len = store_options6(reply_data+(*reply_ofs)+16,
5468  reply_len-(*reply_ofs)-16,
5469  host_opt_state, packet,
5470  required_opts_STATUS_CODE, NULL);
5471 
5472  /*
5473  * Store the non-encapsulated option data for this
5474  * IA_NA into our reply packet. Defined in RFC 3315,
5475  * section 22.4.
5476  */
5477  /* option number */
5478  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5479  /* option length */
5480  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5481  /* IA_NA, copied from the client */
5482  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5483  /* t1 and t2, odd that we need them, but here it is */
5484  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5485  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5486 
5487  /*
5488  * Get ready for next IA_NA.
5489  */
5490  *reply_ofs += (len + 16);
5491 
5492 exit:
5493  option_state_dereference(&host_opt_state, MDL);
5494 }
5495 
5496 static void
5497 iterate_over_ia_na(struct data_string *reply_ret,
5498  struct packet *packet,
5499  const struct data_string *client_id,
5500  const struct data_string *server_id,
5501  const char *packet_type,
5502  void (*ia_na_match)(),
5503  void (*ia_na_nomatch)())
5504 {
5505  struct option_state *opt_state;
5506  struct host_decl *packet_host;
5507  struct option_cache *ia;
5508  struct option_cache *oc;
5509  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5510  struct data_string cli_enc_opt_data;
5511  struct option_state *cli_enc_opt_state;
5512  struct host_decl *host;
5513  struct option_state *host_opt_state;
5514  struct data_string iaaddr;
5515  struct data_string fixed_addr;
5516  char reply_data[65536];
5517  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5518  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5519  char status_msg[32];
5520  struct iasubopt *lease;
5521  struct ia_xx *existing_ia_na;
5522  int i;
5523  struct data_string key;
5524  u_int32_t iaid;
5525 
5526  /*
5527  * Initialize to empty values, in case we have to exit early.
5528  */
5529  opt_state = NULL;
5530  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5531  cli_enc_opt_state = NULL;
5532  memset(&iaaddr, 0, sizeof(iaaddr));
5533  memset(&fixed_addr, 0, sizeof(fixed_addr));
5534  host_opt_state = NULL;
5535  lease = NULL;
5536 
5537  /*
5538  * Find the host record that matches from the packet, if any.
5539  */
5540  packet_host = NULL;
5541  if (!find_hosts_by_uid(&packet_host,
5542  client_id->data, client_id->len, MDL)) {
5543  packet_host = NULL;
5544  /*
5545  * Note: In general, we don't expect a client to provide
5546  * enough information to match by option for these
5547  * types of messages, but if we don't have a UID
5548  * match we can check anyway.
5549  */
5550  if (!find_hosts_by_option(&packet_host,
5551  packet, packet->options, MDL)) {
5552  packet_host = NULL;
5553 
5554  if (!find_hosts_by_duid_chaddr(&packet_host,
5555  client_id))
5556  packet_host = NULL;
5557  }
5558  }
5559 
5560  /*
5561  * Set our reply information.
5562  */
5563  reply->msg_type = DHCPV6_REPLY;
5564  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5565  sizeof(reply->transaction_id));
5566 
5567  /*
5568  * Build our option state for reply.
5569  */
5570  opt_state = NULL;
5571  if (!option_state_allocate(&opt_state, MDL)) {
5572  log_error("iterate_over_ia_na: no memory for option_state.");
5573  goto exit;
5574  }
5575  execute_statements_in_scope(NULL, packet, NULL, NULL,
5576  packet->options, opt_state,
5577  &global_scope, root_group, NULL, NULL);
5578 
5579  /*
5580  * RFC 3315, section 18.2.7 tells us which options to include.
5581  */
5582  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5583  if (oc == NULL) {
5584  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5585  (unsigned char *)server_duid.data,
5586  server_duid.len, D6O_SERVERID, 0)) {
5587  log_error("iterate_over_ia_na: "
5588  "error saving server identifier.");
5589  goto exit;
5590  }
5591  }
5592 
5593  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5594  client_id->buffer,
5595  (unsigned char *)client_id->data,
5596  client_id->len,
5597  D6O_CLIENTID, 0)) {
5598  log_error("iterate_over_ia_na: "
5599  "error saving client identifier.");
5600  goto exit;
5601  }
5602 
5603  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5604  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5605  goto exit;
5606  }
5607 
5608  /*
5609  * Add our options that are not associated with any IA_NA or IA_TA.
5610  */
5611  reply_ofs += store_options6(reply_data+reply_ofs,
5612  sizeof(reply_data)-reply_ofs,
5613  opt_state, packet,
5614  required_opts, NULL);
5615 
5616  /*
5617  * Loop through the IA_NA reported by the client, and deal with
5618  * addresses reported as already in use.
5619  */
5620  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5621  ia != NULL; ia = ia->next) {
5622 
5623  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5624  &cli_enc_opt_data,
5625  packet, ia, IA_NA_OFFSET)) {
5626  goto exit;
5627  }
5628 
5629  iaid = getULong(cli_enc_opt_data.data);
5630 
5631  /*
5632  * XXX: It is possible that we can get multiple addresses
5633  * sent by the client. We don't send multiple
5634  * addresses, so this indicates a client error.
5635  * We should check for multiple IAADDR options, log
5636  * if found, and set as an error.
5637  */
5638  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5639  D6O_IAADDR);
5640  if (oc == NULL) {
5641  /* no address given for this IA, ignore */
5642  option_state_dereference(&cli_enc_opt_state, MDL);
5643  data_string_forget(&cli_enc_opt_data, MDL);
5644  continue;
5645  }
5646 
5647  memset(&iaaddr, 0, sizeof(iaaddr));
5648  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5649  packet->options, NULL,
5650  &global_scope, oc, MDL)) {
5651  log_error("iterate_over_ia_na: "
5652  "error evaluating IAADDR.");
5653  goto exit;
5654  }
5655 
5656  /*
5657  * Now we need to figure out which host record matches
5658  * this IA_NA and IAADDR (encapsulated option contents
5659  * matching a host record by option).
5660  *
5661  * XXX: We don't currently track IA_NA separately, but
5662  * we will need to do this!
5663  */
5664  host = NULL;
5665  if (!find_hosts_by_option(&host, packet,
5666  cli_enc_opt_state, MDL)) {
5667  if (packet_host != NULL) {
5668  host = packet_host;
5669  } else {
5670  host = NULL;
5671  }
5672  }
5673  while (host != NULL) {
5674  if (host->fixed_addr != NULL) {
5675  if (!evaluate_option_cache(&fixed_addr, NULL,
5676  NULL, NULL, NULL,
5677  NULL, &global_scope,
5678  host->fixed_addr,
5679  MDL)) {
5680  log_error("iterate_over_ia_na: error "
5681  "evaluating host address.");
5682  goto exit;
5683  }
5684  if ((iaaddr.len >= 16) &&
5685  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
5686  data_string_forget(&fixed_addr, MDL);
5687  break;
5688  }
5689  data_string_forget(&fixed_addr, MDL);
5690  }
5691  host = host->n_ipaddr;
5692  }
5693 
5694  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
5695  /*
5696  * Find existing IA_NA.
5697  */
5698  if (ia_make_key(&key, iaid,
5699  (char *)client_id->data,
5700  client_id->len,
5701  MDL) != ISC_R_SUCCESS) {
5702  log_fatal("iterate_over_ia_na: no memory for "
5703  "key.");
5704  }
5705 
5706  existing_ia_na = NULL;
5707  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
5708  (unsigned char *)key.data,
5709  key.len, MDL)) {
5710  /*
5711  * Make sure this address is in the IA_NA.
5712  */
5713  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
5714  struct iasubopt *tmp;
5715  struct in6_addr *in6_addr;
5716 
5717  tmp = existing_ia_na->iasubopt[i];
5718  in6_addr = &tmp->addr;
5719  if (memcmp(in6_addr,
5720  iaaddr.data, 16) == 0) {
5721  iasubopt_reference(&lease,
5722  tmp, MDL);
5723  break;
5724  }
5725  }
5726  }
5727 
5728  data_string_forget(&key, MDL);
5729  }
5730 
5731  if ((host != NULL) || (lease != NULL)) {
5732  ia_na_match(client_id, &iaaddr, lease);
5733  } else {
5734  ia_na_nomatch(client_id, &iaaddr,
5735  (u_int32_t *)cli_enc_opt_data.data,
5736  packet, reply_data, &reply_ofs,
5737  sizeof(reply_data));
5738  }
5739 
5740  if (lease != NULL) {
5741  iasubopt_dereference(&lease, MDL);
5742  }
5743 
5744  data_string_forget(&iaaddr, MDL);
5745  option_state_dereference(&cli_enc_opt_state, MDL);
5746  data_string_forget(&cli_enc_opt_data, MDL);
5747  }
5748 
5749  /*
5750  * Return our reply to the caller.
5751  */
5752  reply_ret->len = reply_ofs;
5753  reply_ret->buffer = NULL;
5754  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5755  log_fatal("No memory to store reply.");
5756  }
5757  reply_ret->data = reply_ret->buffer->data;
5758  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5759 
5760 exit:
5761  if (lease != NULL) {
5762  iasubopt_dereference(&lease, MDL);
5763  }
5764  if (host_opt_state != NULL) {
5765  option_state_dereference(&host_opt_state, MDL);
5766  }
5767  if (fixed_addr.buffer != NULL) {
5768  data_string_forget(&fixed_addr, MDL);
5769  }
5770  if (iaaddr.buffer != NULL) {
5771  data_string_forget(&iaaddr, MDL);
5772  }
5773  if (cli_enc_opt_state != NULL) {
5774  option_state_dereference(&cli_enc_opt_state, MDL);
5775  }
5776  if (cli_enc_opt_data.buffer != NULL) {
5777  data_string_forget(&cli_enc_opt_data, MDL);
5778  }
5779  if (opt_state != NULL) {
5780  option_state_dereference(&opt_state, MDL);
5781  }
5782 }
5783 
5784 /*
5785  * Decline means a client has detected that something else is using an
5786  * address we gave it.
5787  *
5788  * Since we're only dealing with fixed leases for now, there's not
5789  * much we can do, other that log the occurrence.
5790  *
5791  * When we start issuing addresses from pools, then we will have to
5792  * record our declined addresses and issue another. In general with
5793  * IPv6 there is no worry about DoS by clients exhausting space, but
5794  * we still need to be aware of this possibility.
5795  */
5796 
5797 /* TODO: IA_TA */
5798 static void
5799 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
5800  struct data_string client_id;
5801  struct data_string server_id;
5802 
5804 
5805  /*
5806  * Validate our input.
5807  */
5808  if (!valid_client_resp(packet, &client_id, &server_id)) {
5809  return;
5810  }
5811 
5812  /* If the DECLINE arrived via unicast and unicast option isn't set,
5813  * reject it per RFC 3315, Sec 18.2.7 */
5814  if (packet->unicast == ISC_TRUE &&
5815  is_unicast_option_defined(packet) == ISC_FALSE) {
5816  unicast_reject(reply, packet, &client_id, &server_id);
5817  } else {
5818  /*
5819  * Undefined for IA_PD.
5820  */
5822 
5823  /*
5824  * And operate on each IA_NA in this packet.
5825  */
5826  iterate_over_ia_na(reply, packet, &client_id, &server_id,
5827  "Decline", ia_na_match_decline,
5828  ia_na_nomatch_decline);
5829 
5830  }
5831 
5832  data_string_forget(&server_id, MDL);
5833  data_string_forget(&client_id, MDL);
5834 
5836 }
5837 
5838 static void
5839 ia_na_match_release(const struct data_string *client_id,
5840  const struct data_string *iaaddr,
5841  struct iasubopt *lease)
5842 {
5843  char tmp_addr[INET6_ADDRSTRLEN];
5844 
5845  log_info("Client %s releases address %s",
5846  print_hex_1(client_id->len, client_id->data, 60),
5847  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5848  if (lease != NULL) {
5849  release_lease6(lease->ipv6_pool, lease);
5850  lease->ia->cltt = cur_time;
5851  write_ia(lease->ia);
5852  }
5853 }
5854 
5855 static void
5856 ia_na_nomatch_release(const struct data_string *client_id,
5857  const struct data_string *iaaddr,
5858  u_int32_t *ia_na_id,
5859  struct packet *packet,
5860  char *reply_data,
5861  int *reply_ofs,
5862  int reply_len)
5863 {
5864  char tmp_addr[INET6_ADDRSTRLEN];
5865  struct option_state *host_opt_state;
5866  int len;
5867 
5868  log_info("Client %s releases address %s, which is not leased to it.",
5869  print_hex_1(client_id->len, client_id->data, 60),
5870  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5871 
5872  /*
5873  * Create state for this IA_NA.
5874  */
5875  host_opt_state = NULL;
5876  if (!option_state_allocate(&host_opt_state, MDL)) {
5877  log_error("ia_na_nomatch_release: out of memory "
5878  "allocating option_state.");
5879  goto exit;
5880  }
5881 
5882  if (!set_status_code(STATUS_NoBinding,
5883  "Release for non-leased address.",
5884  host_opt_state)) {
5885  goto exit;
5886  }
5887 
5888  /*
5889  * Insure we have enough space
5890  */
5891  if (reply_len < (*reply_ofs + 16)) {
5892  log_error("ia_na_nomatch_release: "
5893  "out of space for reply packet.");
5894  goto exit;
5895  }
5896 
5897  /*
5898  * Put our status code into the reply packet.
5899  */
5900  len = store_options6(reply_data+(*reply_ofs)+16,
5901  reply_len-(*reply_ofs)-16,
5902  host_opt_state, packet,
5903  required_opts_STATUS_CODE, NULL);
5904 
5905  /*
5906  * Store the non-encapsulated option data for this
5907  * IA_NA into our reply packet. Defined in RFC 3315,
5908  * section 22.4.
5909  */
5910  /* option number */
5911  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5912  /* option length */
5913  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5914  /* IA_NA, copied from the client */
5915  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5916  /* t1 and t2, odd that we need them, but here it is */
5917  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5918  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5919 
5920  /*
5921  * Get ready for next IA_NA.
5922  */
5923  *reply_ofs += (len + 16);
5924 
5925 exit:
5926  option_state_dereference(&host_opt_state, MDL);
5927 }
5928 
5929 static void
5930 ia_pd_match_release(const struct data_string *client_id,
5931  const struct data_string *iapref,
5932  struct iasubopt *prefix)
5933 {
5934  char tmp_addr[INET6_ADDRSTRLEN];
5935 
5936  log_info("Client %s releases prefix %s/%u",
5937  print_hex_1(client_id->len, client_id->data, 60),
5938  inet_ntop(AF_INET6, iapref->data + 9,
5939  tmp_addr, sizeof(tmp_addr)),
5940  (unsigned) getUChar(iapref->data + 8));
5941  if (prefix != NULL) {
5942  release_lease6(prefix->ipv6_pool, prefix);
5943  prefix->ia->cltt = cur_time;
5944  write_ia(prefix->ia);
5945  }
5946 }
5947 
5948 static void
5949 ia_pd_nomatch_release(const struct data_string *client_id,
5950  const struct data_string *iapref,
5951  u_int32_t *ia_pd_id,
5952  struct packet *packet,
5953  char *reply_data,
5954  int *reply_ofs,
5955  int reply_len)
5956 {
5957  char tmp_addr[INET6_ADDRSTRLEN];
5958  struct option_state *host_opt_state;
5959  int len;
5960 
5961  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
5962  print_hex_1(client_id->len, client_id->data, 60),
5963  inet_ntop(AF_INET6, iapref->data + 9,
5964  tmp_addr, sizeof(tmp_addr)),
5965  (unsigned) getUChar(iapref->data + 8));
5966 
5967  /*
5968  * Create state for this IA_PD.
5969  */
5970  host_opt_state = NULL;
5971  if (!option_state_allocate(&host_opt_state, MDL)) {
5972  log_error("ia_pd_nomatch_release: out of memory "
5973  "allocating option_state.");
5974  goto exit;
5975  }
5976 
5977  if (!set_status_code(STATUS_NoBinding,
5978  "Release for non-leased prefix.",
5979  host_opt_state)) {
5980  goto exit;
5981  }
5982 
5983  /*
5984  * Insure we have enough space
5985  */
5986  if (reply_len < (*reply_ofs + 16)) {
5987  log_error("ia_pd_nomatch_release: "
5988  "out of space for reply packet.");
5989  goto exit;
5990  }
5991 
5992  /*
5993  * Put our status code into the reply packet.
5994  */
5995  len = store_options6(reply_data+(*reply_ofs)+16,
5996  reply_len-(*reply_ofs)-16,
5997  host_opt_state, packet,
5998  required_opts_STATUS_CODE, NULL);
5999 
6000  /*
6001  * Store the non-encapsulated option data for this
6002  * IA_PD into our reply packet. Defined in RFC 3315,
6003  * section 22.4.
6004  */
6005  /* option number */
6006  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6007  /* option length */
6008  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6009  /* IA_PD, copied from the client */
6010  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6011  /* t1 and t2, odd that we need them, but here it is */
6012  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6013  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6014 
6015  /*
6016  * Get ready for next IA_PD.
6017  */
6018  *reply_ofs += (len + 16);
6019 
6020 exit:
6021  option_state_dereference(&host_opt_state, MDL);
6022 }
6023 
6024 static void
6025 iterate_over_ia_pd(struct data_string *reply_ret,
6026  struct packet *packet,
6027  const struct data_string *client_id,
6028  const struct data_string *server_id,
6029  const char *packet_type,
6030  void (*ia_pd_match)(),
6031  void (*ia_pd_nomatch)())
6032 {
6033  struct data_string reply_new;
6034  int reply_len;
6035  struct option_state *opt_state;
6036  struct host_decl *packet_host;
6037  struct option_cache *ia;
6038  struct option_cache *oc;
6039  /* cli_enc_... variables come from the IA_PD options */
6040  struct data_string cli_enc_opt_data;
6041  struct option_state *cli_enc_opt_state;
6042  struct host_decl *host;
6043  struct option_state *host_opt_state;
6044  struct data_string iaprefix;
6045  char reply_data[65536];
6046  int reply_ofs;
6047  struct iasubopt *prefix;
6048  struct ia_xx *existing_ia_pd;
6049  int i;
6050  struct data_string key;
6051  u_int32_t iaid;
6052 
6053  /*
6054  * Initialize to empty values, in case we have to exit early.
6055  */
6056  memset(&reply_new, 0, sizeof(reply_new));
6057  opt_state = NULL;
6058  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6059  cli_enc_opt_state = NULL;
6060  memset(&iaprefix, 0, sizeof(iaprefix));
6061  host_opt_state = NULL;
6062  prefix = NULL;
6063 
6064  /*
6065  * Compute the available length for the reply.
6066  */
6067  reply_len = sizeof(reply_data) - reply_ret->len;
6068  reply_ofs = 0;
6069 
6070  /*
6071  * Find the host record that matches from the packet, if any.
6072  */
6073  packet_host = NULL;
6074  if (!find_hosts_by_uid(&packet_host,
6075  client_id->data, client_id->len, MDL)) {
6076  packet_host = NULL;
6077  /*
6078  * Note: In general, we don't expect a client to provide
6079  * enough information to match by option for these
6080  * types of messages, but if we don't have a UID
6081  * match we can check anyway.
6082  */
6083  if (!find_hosts_by_option(&packet_host,
6084  packet, packet->options, MDL)) {
6085  packet_host = NULL;
6086 
6087  if (!find_hosts_by_duid_chaddr(&packet_host,
6088  client_id))
6089  packet_host = NULL;
6090  }
6091  }
6092 
6093  /*
6094  * Build our option state for reply.
6095  */
6096  opt_state = NULL;
6097  if (!option_state_allocate(&opt_state, MDL)) {
6098  log_error("iterate_over_ia_pd: no memory for option_state.");
6099  goto exit;
6100  }
6101  execute_statements_in_scope(NULL, packet, NULL, NULL,
6102  packet->options, opt_state,
6103  &global_scope, root_group, NULL, NULL);
6104 
6105  /*
6106  * Loop through the IA_PD reported by the client, and deal with
6107  * prefixes reported as already in use.
6108  */
6109  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6110  ia != NULL; ia = ia->next) {
6111 
6112  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6113  &cli_enc_opt_data,
6114  packet, ia, IA_PD_OFFSET)) {
6115  goto exit;
6116  }
6117 
6118  iaid = getULong(cli_enc_opt_data.data);
6119 
6120  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6121  D6O_IAPREFIX);
6122  if (oc == NULL) {
6123  /* no prefix given for this IA_PD, ignore */
6124  option_state_dereference(&cli_enc_opt_state, MDL);
6125  data_string_forget(&cli_enc_opt_data, MDL);
6126  continue;
6127  }
6128 
6129  for (; oc != NULL; oc = oc->next) {
6130  memset(&iaprefix, 0, sizeof(iaprefix));
6131  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6132  packet->options, NULL,
6133  &global_scope, oc, MDL)) {
6134  log_error("iterate_over_ia_pd: "
6135  "error evaluating IAPREFIX.");
6136  goto exit;
6137  }
6138 
6139  /*
6140  * Now we need to figure out which host record matches
6141  * this IA_PD and IAPREFIX (encapsulated option contents
6142  * matching a host record by option).
6143  *
6144  * XXX: We don't currently track IA_PD separately, but
6145  * we will need to do this!
6146  */
6147  host = NULL;
6148  if (!find_hosts_by_option(&host, packet,
6149  cli_enc_opt_state, MDL)) {
6150  if (packet_host != NULL) {
6151  host = packet_host;
6152  } else {
6153  host = NULL;
6154  }
6155  }
6156  while (host != NULL) {
6157  if (host->fixed_prefix != NULL) {
6158  struct iaddrcidrnetlist *l;
6159  int plen = (int) getUChar(iaprefix.data + 8);
6160 
6161  for (l = host->fixed_prefix; l != NULL;
6162  l = l->next) {
6163  if (plen != l->cidrnet.bits)
6164  continue;
6165  if (memcmp(iaprefix.data + 9,
6166  l->cidrnet.lo_addr.iabuf,
6167  16) == 0)
6168  break;
6169  }
6170  if ((l != NULL) && (iaprefix.len >= 17))
6171  break;
6172  }
6173  host = host->n_ipaddr;
6174  }
6175 
6176  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6177  /*
6178  * Find existing IA_PD.
6179  */
6180  if (ia_make_key(&key, iaid,
6181  (char *)client_id->data,
6182  client_id->len,
6183  MDL) != ISC_R_SUCCESS) {
6184  log_fatal("iterate_over_ia_pd: no memory for "
6185  "key.");
6186  }
6187 
6188  existing_ia_pd = NULL;
6189  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6190  (unsigned char *)key.data,
6191  key.len, MDL)) {
6192  /*
6193  * Make sure this prefix is in the IA_PD.
6194  */
6195  for (i = 0;
6196  i < existing_ia_pd->num_iasubopt;
6197  i++) {
6198  struct iasubopt *tmp;
6199  u_int8_t plen;
6200 
6201  plen = getUChar(iaprefix.data + 8);
6202  tmp = existing_ia_pd->iasubopt[i];
6203  if ((tmp->plen == plen) &&
6204  (memcmp(&tmp->addr,
6205  iaprefix.data + 9,
6206  16) == 0)) {
6207  iasubopt_reference(&prefix,
6208  tmp, MDL);
6209  break;
6210  }
6211  }
6212  }
6213 
6214  data_string_forget(&key, MDL);
6215  }
6216 
6217  if ((host != NULL) || (prefix != NULL)) {
6218  ia_pd_match(client_id, &iaprefix, prefix);
6219  } else {
6220  ia_pd_nomatch(client_id, &iaprefix,
6221  (u_int32_t *)cli_enc_opt_data.data,
6222  packet, reply_data, &reply_ofs,
6223  reply_len - reply_ofs);
6224  }
6225 
6226  if (prefix != NULL) {
6227  iasubopt_dereference(&prefix, MDL);
6228  }
6229 
6230  data_string_forget(&iaprefix, MDL);
6231  }
6232 
6233  option_state_dereference(&cli_enc_opt_state, MDL);
6234  data_string_forget(&cli_enc_opt_data, MDL);
6235  }
6236 
6237  /*
6238  * Return our reply to the caller.
6239  * The IA_NA routine has already filled at least the header.
6240  */
6241  reply_new.len = reply_ret->len + reply_ofs;
6242  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6243  log_fatal("No memory to store reply.");
6244  }
6245  reply_new.data = reply_new.buffer->data;
6246  memcpy(reply_new.buffer->data,
6247  reply_ret->buffer->data, reply_ret->len);
6248  memcpy(reply_new.buffer->data + reply_ret->len,
6249  reply_data, reply_ofs);
6250  data_string_forget(reply_ret, MDL);
6251  data_string_copy(reply_ret, &reply_new, MDL);
6252  data_string_forget(&reply_new, MDL);
6253 
6254 exit:
6255  if (prefix != NULL) {
6256  iasubopt_dereference(&prefix, MDL);
6257  }
6258  if (host_opt_state != NULL) {
6259  option_state_dereference(&host_opt_state, MDL);
6260  }
6261  if (iaprefix.buffer != NULL) {
6262  data_string_forget(&iaprefix, MDL);
6263  }
6264  if (cli_enc_opt_state != NULL) {
6265  option_state_dereference(&cli_enc_opt_state, MDL);
6266  }
6267  if (cli_enc_opt_data.buffer != NULL) {
6268  data_string_forget(&cli_enc_opt_data, MDL);
6269  }
6270  if (opt_state != NULL) {
6271  option_state_dereference(&opt_state, MDL);
6272  }
6273 }
6274 
6275 /*
6276  * Release means a client is done with the leases.
6277  */
6278 
6279 static void
6280 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6281  struct data_string client_id;
6282  struct data_string server_id;
6283 
6285 
6286  /*
6287  * Validate our input.
6288  */
6289  if (!valid_client_resp(packet, &client_id, &server_id)) {
6290  return;
6291  }
6292 
6293  /* If the RELEASE arrived via unicast and unicast option isn't set,
6294  * reject it per RFC 3315, Sec 18.2.6 */
6295  if (packet->unicast == ISC_TRUE &&
6296  is_unicast_option_defined(packet) == ISC_FALSE) {
6297  unicast_reject(reply, packet, &client_id, &server_id);
6298  } else {
6299  /*
6300  * And operate on each IA_NA in this packet.
6301  */
6302  iterate_over_ia_na(reply, packet, &client_id, &server_id,
6303  "Release", ia_na_match_release,
6304  ia_na_nomatch_release);
6305 
6306  /*
6307  * And operate on each IA_PD in this packet.
6308  */
6309  iterate_over_ia_pd(reply, packet, &client_id, &server_id,
6310  "Release", ia_pd_match_release,
6311  ia_pd_nomatch_release);
6312  }
6313 
6314  data_string_forget(&server_id, MDL);
6315  data_string_forget(&client_id, MDL);
6316 
6318 }
6319 
6320 /*
6321  * Information-Request is used by clients who have obtained an address
6322  * from other means, but want configuration information from the server.
6323  */
6324 
6325 static void
6326 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6327  struct data_string client_id;
6328  struct data_string server_id;
6329 
6331 
6332  /*
6333  * Validate our input.
6334  */
6335  if (!valid_client_info_req(packet, &server_id)) {
6336  return;
6337  }
6338 
6339  /*
6340  * Get our client ID, if there is one.
6341  */
6342  memset(&client_id, 0, sizeof(client_id));
6343  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6344  data_string_forget(&client_id, MDL);
6345  }
6346 
6347  /*
6348  * Use the lease_to_client() function. This will work fine,
6349  * because the valid_client_info_req() insures that we
6350  * don't have any IA that would cause us to allocate
6351  * resources to the client.
6352  */
6353  lease_to_client(reply, packet, &client_id,
6354  server_id.data != NULL ? &server_id : NULL);
6355 
6356  /*
6357  * Cleanup.
6358  */
6359  if (client_id.data != NULL) {
6360  data_string_forget(&client_id, MDL);
6361  }
6362  data_string_forget(&server_id, MDL);
6363 
6365 }
6366 
6367 /*
6368  * The Relay-forw message is sent by relays. It typically contains a
6369  * single option, which encapsulates an entire packet.
6370  *
6371  * We need to build an encapsulated reply.
6372  */
6373 
6374 /* XXX: this is very, very similar to do_packet6(), and should probably
6375  be combined in a clever way */
6376 static void
6377 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6378  struct option_cache *oc;
6379  struct data_string enc_opt_data;
6380  struct packet *enc_packet;
6381  unsigned char msg_type;
6382  const struct dhcpv6_packet *msg;
6383  const struct dhcpv6_relay_packet *relay;
6384  struct data_string enc_reply;
6385  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6386  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6387  struct data_string a_opt, packet_ero;
6388  struct option_state *opt_state;
6389  static char reply_data[65536];
6390  struct dhcpv6_relay_packet *reply;
6391  int reply_ofs;
6392 
6394 
6395  /*
6396  * Initialize variables for early exit.
6397  */
6398  opt_state = NULL;
6399  memset(&a_opt, 0, sizeof(a_opt));
6400  memset(&packet_ero, 0, sizeof(packet_ero));
6401  memset(&enc_reply, 0, sizeof(enc_reply));
6402  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6403  enc_packet = NULL;
6404 
6405  /*
6406  * Get our encapsulated relay message.
6407  */
6409  if (oc == NULL) {
6410  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6411  link_addr, sizeof(link_addr));
6412  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6413  peer_addr, sizeof(peer_addr));
6414  log_info("Relay-forward from %s with link address=%s and "
6415  "peer address=%s missing Relay Message option.",
6416  piaddr(packet->client_addr), link_addr, peer_addr);
6417  goto exit;
6418  }
6419 
6420  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6421  NULL, NULL, &global_scope, oc, MDL)) {
6422  log_error("dhcpv6_forw_relay: error evaluating "
6423  "relayed message.");
6424  goto exit;
6425  }
6426 
6427  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6428  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6429  goto exit;
6430  }
6431 
6432  /*
6433  * Build a packet structure from this encapsulated packet.
6434  */
6435  enc_packet = NULL;
6436  if (!packet_allocate(&enc_packet, MDL)) {
6437  log_error("dhcpv6_forw_relay: "
6438  "no memory for encapsulated packet.");
6439  goto exit;
6440  }
6441 
6442  if (!option_state_allocate(&enc_packet->options, MDL)) {
6443  log_error("dhcpv6_forw_relay: "
6444  "no memory for encapsulated packet's options.");
6445  goto exit;
6446  }
6447 
6448  enc_packet->client_port = packet->client_port;
6449  enc_packet->client_addr = packet->client_addr;
6450  interface_reference(&enc_packet->interface, packet->interface, MDL);
6451  enc_packet->dhcpv6_container_packet = packet;
6452 
6453  msg_type = enc_opt_data.data[0];
6454  if ((msg_type == DHCPV6_RELAY_FORW) ||
6455  (msg_type == DHCPV6_RELAY_REPL)) {
6456  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6457  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6458  enc_packet->dhcpv6_msg_type = relay->msg_type;
6459 
6460  /* relay-specific data */
6461  enc_packet->dhcpv6_hop_count = relay->hop_count;
6462  memcpy(&enc_packet->dhcpv6_link_address,
6463  relay->link_address, sizeof(relay->link_address));
6464  memcpy(&enc_packet->dhcpv6_peer_address,
6465  relay->peer_address, sizeof(relay->peer_address));
6466 
6467  if (!parse_option_buffer(enc_packet->options,
6468  relay->options,
6469  enc_opt_data.len - relaylen,
6470  &dhcpv6_universe)) {
6471  /* no logging here, as parse_option_buffer() logs all
6472  cases where it fails */
6473  goto exit;
6474  }
6475  } else {
6476  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6477  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6478  enc_packet->dhcpv6_msg_type = msg->msg_type;
6479 
6480  /* message-specific data */
6481  memcpy(enc_packet->dhcpv6_transaction_id,
6482  msg->transaction_id,
6483  sizeof(enc_packet->dhcpv6_transaction_id));
6484 
6485  if (!parse_option_buffer(enc_packet->options,
6486  msg->options,
6487  enc_opt_data.len - msglen,
6488  &dhcpv6_universe)) {
6489  /* no logging here, as parse_option_buffer() logs all
6490  cases where it fails */
6491  goto exit;
6492  }
6493  }
6494 
6495  /*
6496  * This is recursive. It is possible to exceed maximum packet size.
6497  * XXX: This will cause the packet send to fail.
6498  */
6499  build_dhcpv6_reply(&enc_reply, enc_packet);
6500 
6501  /*
6502  * If we got no encapsulated data, then it is discarded, and
6503  * our reply-forw is also discarded.
6504  */
6505  if (enc_reply.data == NULL) {
6506  goto exit;
6507  }
6508 
6509  /*
6510  * Now we can use the reply_data buffer.
6511  * Packet header stuff all comes from the forward message.
6512  */
6513  reply = (struct dhcpv6_relay_packet *)reply_data;
6514  reply->msg_type = DHCPV6_RELAY_REPL;
6515  reply->hop_count = packet->dhcpv6_hop_count;
6516  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6517  sizeof(reply->link_address));
6518  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6519  sizeof(reply->peer_address));
6520  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6521 
6522  /*
6523  * Get the reply option state.
6524  */
6525  opt_state = NULL;
6526  if (!option_state_allocate(&opt_state, MDL)) {
6527  log_error("dhcpv6_relay_forw: no memory for option state.");
6528  goto exit;
6529  }
6530 
6531  /*
6532  * Append the interface-id if present.
6533  */
6534  oc = lookup_option(&dhcpv6_universe, packet->options,
6536  if (oc != NULL) {
6537  if (!evaluate_option_cache(&a_opt, packet,
6538  NULL, NULL,
6539  packet->options, NULL,
6540  &global_scope, oc, MDL)) {
6541  log_error("dhcpv6_relay_forw: error evaluating "
6542  "Interface ID.");
6543  goto exit;
6544  }
6545  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6546  (unsigned char *)a_opt.data,
6547  a_opt.len,
6548  D6O_INTERFACE_ID, 0)) {
6549  log_error("dhcpv6_relay_forw: error saving "
6550  "Interface ID.");
6551  goto exit;
6552  }
6553  data_string_forget(&a_opt, MDL);
6554  }
6555 
6556  /*
6557  * Append our encapsulated stuff for caller.
6558  */
6559  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6560  (unsigned char *)enc_reply.data,
6561  enc_reply.len,
6562  D6O_RELAY_MSG, 0)) {
6563  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6564  goto exit;
6565  }
6566 
6567  /*
6568  * Get the ERO if any.
6569  */
6570  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6571  if (oc != NULL) {
6572  unsigned req;
6573  int i;
6574 
6575  if (!evaluate_option_cache(&packet_ero, packet,
6576  NULL, NULL,
6577  packet->options, NULL,
6578  &global_scope, oc, MDL) ||
6579  (packet_ero.len & 1)) {
6580  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6581  goto exit;
6582  }
6583 
6584  /* Decode and apply the ERO. */
6585  for (i = 0; i < packet_ero.len; i += 2) {
6586  req = getUShort(packet_ero.data + i);
6587  /* Already in the reply? */
6588  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6589  if (oc != NULL)
6590  continue;
6591  /* Get it from the packet if present. */
6593  packet->options,
6594  req);
6595  if (oc == NULL)
6596  continue;
6597  if (!evaluate_option_cache(&a_opt, packet,
6598  NULL, NULL,
6599  packet->options, NULL,
6600  &global_scope, oc, MDL)) {
6601  log_error("dhcpv6_relay_forw: error "
6602  "evaluating option %u.", req);
6603  goto exit;
6604  }
6606  opt_state,
6607  NULL,
6608  (unsigned char *)a_opt.data,
6609  a_opt.len,
6610  req,
6611  0)) {
6612  log_error("dhcpv6_relay_forw: error saving "
6613  "option %u.", req);
6614  goto exit;
6615  }
6616  data_string_forget(&a_opt, MDL);
6617  }
6618  }
6619 
6620  reply_ofs += store_options6(reply_data + reply_ofs,
6621  sizeof(reply_data) - reply_ofs,
6622  opt_state, packet,
6623  required_opts_agent, &packet_ero);
6624 
6625  /*
6626  * Return our reply to the caller.
6627  */
6628  reply_ret->len = reply_ofs;
6629  reply_ret->buffer = NULL;
6630  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6631  log_fatal("No memory to store reply.");
6632  }
6633  reply_ret->data = reply_ret->buffer->data;
6634  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6635 
6636 exit:
6637  if (opt_state != NULL)
6638  option_state_dereference(&opt_state, MDL);
6639  if (a_opt.data != NULL) {
6640  data_string_forget(&a_opt, MDL);
6641  }
6642  if (packet_ero.data != NULL) {
6643  data_string_forget(&packet_ero, MDL);
6644  }
6645  if (enc_reply.data != NULL) {
6646  data_string_forget(&enc_reply, MDL);
6647  }
6648  if (enc_opt_data.data != NULL) {
6649  data_string_forget(&enc_opt_data, MDL);
6650  }
6651  if (enc_packet != NULL) {
6652  packet_dereference(&enc_packet, MDL);
6653  }
6654 
6656 }
6657 
6658 static void
6659 dhcpv6_discard(struct packet *packet) {
6660  /* INSIST(packet->msg_type > 0); */
6661  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
6662 
6663  log_debug("Discarding %s from %s; message type not handled by server",
6665  piaddr(packet->client_addr));
6666 }
6667 
6668 static void
6669 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
6670  memset(reply, 0, sizeof(*reply));
6671 
6672  /* I would like to classify the client once here, but
6673  * as I don't want to classify all of the incoming packets
6674  * I need to do it before handling specific types.
6675  * We don't need to classify if we are tossing the packet
6676  * or if it is a relay - the classification step will get
6677  * done when we process the inner client packet.
6678  */
6679 
6680  switch (packet->dhcpv6_msg_type) {
6681  case DHCPV6_SOLICIT:
6682  classify_client(packet);
6683  dhcpv6_solicit(reply, packet);
6684  break;
6685  case DHCPV6_ADVERTISE:
6686  dhcpv6_discard(packet);
6687  break;
6688  case DHCPV6_REQUEST:
6689  classify_client(packet);
6690  dhcpv6_request(reply, packet);
6691  break;
6692  case DHCPV6_CONFIRM:
6693  classify_client(packet);
6694  dhcpv6_confirm(reply, packet);
6695  break;
6696  case DHCPV6_RENEW:
6697  classify_client(packet);
6698  dhcpv6_renew(reply, packet);
6699  break;
6700  case DHCPV6_REBIND:
6701  classify_client(packet);
6702  dhcpv6_rebind(reply, packet);
6703  break;
6704  case DHCPV6_REPLY:
6705  dhcpv6_discard(packet);
6706  break;
6707  case DHCPV6_RELEASE:
6708  classify_client(packet);
6709  dhcpv6_release(reply, packet);
6710  break;
6711  case DHCPV6_DECLINE:
6712  classify_client(packet);
6713  dhcpv6_decline(reply, packet);
6714  break;
6715  case DHCPV6_RECONFIGURE:
6716  dhcpv6_discard(packet);
6717  break;
6719  classify_client(packet);
6720  dhcpv6_information_request(reply, packet);
6721  break;
6722  case DHCPV6_RELAY_FORW:
6723  dhcpv6_relay_forw(reply, packet);
6724  break;
6725  case DHCPV6_RELAY_REPL:
6726  dhcpv6_discard(packet);
6727  break;
6728  case DHCPV6_LEASEQUERY:
6729  classify_client(packet);
6730  dhcpv6_leasequery(reply, packet);
6731  break;
6733  dhcpv6_discard(packet);
6734  break;
6735  default:
6736  /* XXX: would be nice if we had "notice" level,
6737  as syslog, for this */
6738  log_info("Discarding unknown DHCPv6 message type %d "
6739  "from %s", packet->dhcpv6_msg_type,
6740  piaddr(packet->client_addr));
6741  }
6742 }
6743 
6744 static void
6745 log_packet_in(const struct packet *packet) {
6746  struct data_string s;
6747  u_int32_t tid;
6748  char tmp_addr[INET6_ADDRSTRLEN];
6749  const void *addr;
6750 
6751  memset(&s, 0, sizeof(s));
6752 
6753  if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
6754  data_string_sprintfa(&s, "%s message from %s port %d",
6756  piaddr(packet->client_addr),
6757  ntohs(packet->client_port));
6758  } else {
6760  "Unknown message type %d from %s port %d",
6761  packet->dhcpv6_msg_type,
6762  piaddr(packet->client_addr),
6763  ntohs(packet->client_port));
6764  }
6765  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6766  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6767  addr = &packet->dhcpv6_link_address;
6768  data_string_sprintfa(&s, ", link address %s",
6769  inet_ntop(AF_INET6, addr,
6770  tmp_addr, sizeof(tmp_addr)));
6771  addr = &packet->dhcpv6_peer_address;
6772  data_string_sprintfa(&s, ", peer address %s",
6773  inet_ntop(AF_INET6, addr,
6774  tmp_addr, sizeof(tmp_addr)));
6775  } else {
6776  tid = 0;
6777  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
6778  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
6779 
6780 /*
6781  oc = lookup_option(&dhcpv6_universe, packet->options,
6782  D6O_CLIENTID);
6783  if (oc != NULL) {
6784  memset(&tmp_ds, 0, sizeof(tmp_ds_));
6785  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
6786  packet->options, NULL,
6787  &global_scope, oc, MDL)) {
6788  log_error("Error evaluating Client Identifier");
6789  } else {
6790  data_strint_sprintf(&s, ", client ID %s",
6791 
6792  data_string_forget(&tmp_ds, MDL);
6793  }
6794  }
6795 */
6796 
6797  }
6798  log_info("%s", s.data);
6799 
6800  data_string_forget(&s, MDL);
6801 }
6802 
6803 void
6804 dhcpv6(struct packet *packet) {
6805  struct data_string reply;
6806  struct sockaddr_in6 to_addr;
6807  int send_ret;
6808 
6809  /*
6810  * Log a message that we received this packet.
6811  */
6812  log_packet_in(packet);
6813 
6814  /*
6815  * Build our reply packet.
6816  */
6817  build_dhcpv6_reply(&reply, packet);
6818 
6819  if (reply.data != NULL) {
6820  /*
6821  * Send our reply, if we have one.
6822  */
6823  memset(&to_addr, 0, sizeof(to_addr));
6824  to_addr.sin6_family = AF_INET6;
6825  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6826  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6827  to_addr.sin6_port = local_port;
6828  } else {
6829  to_addr.sin6_port = remote_port;
6830  }
6831 
6832 #if defined (REPLY_TO_SOURCE_PORT)
6833  /*
6834  * This appears to have been included for testing so we would
6835  * not need a root client, but was accidently left in the
6836  * final code. We continue to include it in case
6837  * some users have come to rely upon it, but leave
6838  * it off by default as it's a bad idea.
6839  */
6840  to_addr.sin6_port = packet->client_port;
6841 #endif
6842 
6843  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
6844  sizeof(to_addr.sin6_addr));
6845 
6846  log_info("Sending %s to %s port %d",
6847  dhcpv6_type_names[reply.data[0]],
6848  piaddr(packet->client_addr),
6849  ntohs(to_addr.sin6_port));
6850 
6851  send_ret = send_packet6(packet->interface,
6852  reply.data, reply.len, &to_addr);
6853  if (send_ret != reply.len) {
6854  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
6855  send_ret, reply.len);
6856  }
6857  data_string_forget(&reply, MDL);
6858  }
6859 }
6860 
6861 static void
6862 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
6863  struct host_decl *nofixed = NULL;
6864  struct host_decl *seek, *hold = NULL;
6865 
6866  /*
6867  * Seek forward through fixed addresses for the right link.
6868  *
6869  * Note: how to do this for fixed prefixes???
6870  */
6871  host_reference(&hold, *hp, MDL);
6872  host_dereference(hp, MDL);
6873  seek = hold;
6874  while (seek != NULL) {
6875  if (seek->fixed_addr == NULL)
6876  nofixed = seek;
6877  else if (fixed_matches_shared(seek, shared))
6878  break;
6879 
6880  seek = seek->n_ipaddr;
6881  }
6882 
6883  if ((seek == NULL) && (nofixed != NULL))
6884  seek = nofixed;
6885 
6886  if (seek != NULL)
6887  host_reference(hp, seek, MDL);
6888 }
6889 
6890 static isc_boolean_t
6891 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
6892  struct subnet *subnet;
6893  struct data_string addr;
6894  isc_boolean_t matched;
6895  struct iaddr fixed;
6896 
6897  if (host->fixed_addr == NULL)
6898  return ISC_FALSE;
6899 
6900  memset(&addr, 0, sizeof(addr));
6901  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
6902  &global_scope, host->fixed_addr, MDL))
6903  return ISC_FALSE;
6904 
6905  if (addr.len < 16) {
6906  data_string_forget(&addr, MDL);
6907  return ISC_FALSE;
6908  }
6909 
6910  fixed.len = 16;
6911  memcpy(fixed.iabuf, addr.data, 16);
6912 
6913  matched = ISC_FALSE;
6914  for (subnet = shared->subnets ; subnet != NULL ;
6915  subnet = subnet->next_sibling) {
6916  if (addr_eq(subnet_number(fixed, subnet->netmask),
6917  subnet->net)) {
6918  matched = ISC_TRUE;
6919  break;
6920  }
6921  }
6922 
6923  data_string_forget(&addr, MDL);
6924  return matched;
6925 }
6926 
6927 /*
6928  * find_host_by_duid_chaddr() synthesizes a DHCPv4-like 'hardware'
6929  * parameter from a DHCPv6 supplied DUID (client-identifier option),
6930  * and may seek to use client or relay supplied hardware addresses.
6931  */
6932 static int
6933 find_hosts_by_duid_chaddr(struct host_decl **host,
6934  const struct data_string *client_id) {
6935  static int once_htype;
6936  int htype, hlen;
6937  const unsigned char *chaddr;
6938 
6939  /*
6940  * The DUID-LL and DUID-LLT must have a 2-byte DUID type and 2-byte
6941  * htype.
6942  */
6943  if (client_id->len < 4)
6944  return 0;
6945 
6946  /*
6947  * The third and fourth octets of the DUID-LL and DUID-LLT
6948  * is the hardware type, but in 16 bits.
6949  */
6950  htype = getUShort(client_id->data + 2);
6951  hlen = 0;
6952  chaddr = NULL;
6953 
6954  /* The first two octets of the DUID identify the type. */
6955  switch(getUShort(client_id->data)) {
6956  case DUID_LLT:
6957  if (client_id->len > 8) {
6958  hlen = client_id->len - 8;
6959  chaddr = client_id->data + 8;
6960  }
6961  break;
6962 
6963  case DUID_LL:
6964  /*
6965  * Note that client_id->len must be greater than or equal
6966  * to four to get to this point in the function.
6967  */
6968  hlen = client_id->len - 4;
6969  chaddr = client_id->data + 4;
6970  break;
6971 
6972  default:
6973  break;
6974  }
6975 
6976  if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN))
6977  return 0;
6978 
6979  /*
6980  * XXX: DHCPv6 gives a 16-bit field for the htype. DHCPv4 gives an
6981  * 8-bit field. To change the semantics of the generic 'hardware'
6982  * structure, we would have to adjust many DHCPv4 sources (from
6983  * interface to DHCPv4 lease code), and we would have to update the
6984  * 'hardware' config directive (probably being reverse compatible and
6985  * providing a new upgrade/replacement primitive). This is a little
6986  * too much to change for now. Hopefully we will revisit this before
6987  * hardware types exceeding 8 bits are assigned.
6988  */
6989  if ((htype & 0xFF00) && !once_htype) {
6990  once_htype = 1;
6991  log_error("Attention: At least one client advertises a "
6992  "hardware type of %d, which exceeds the software "
6993  "limitation of 255.", htype);
6994  }
6995 
6996  return find_hosts_by_haddr(host, htype, chaddr, hlen, MDL);
6997 }
6998 
6999 
7016 void
7017 unicast_reject(struct data_string *reply_ret,
7018  struct packet *packet,
7019  const struct data_string *client_id,
7020  const struct data_string *server_id)
7021 {
7022  struct reply_state reply;
7023  memset(&reply, 0x0, sizeof(struct reply_state));
7024 
7025  /* Locate the client. */
7026  if (shared_network_from_packet6(&reply.shared, packet)
7027  != ISC_R_SUCCESS) {
7028  log_error("unicast_reject: could not locate client.");
7029  return;
7030  }
7031 
7032  /* Initialize the reply. */
7033  packet_reference(&reply.packet, packet, MDL);
7034  data_string_copy(&reply.client_id, client_id, MDL);
7035 
7036  if (start_reply(packet, client_id, server_id, &reply.opt_state,
7037  &reply.buf.reply)) {
7038  /* Set the UseMulticast status code. */
7039  if (!set_status_code(STATUS_UseMulticast,
7040  "Unicast not allowed by server.",
7041  reply.opt_state)) {
7042  log_error("unicast_reject: Unable to set status code.");
7043  } else {
7044  /* Set write cursor to just past the reply header. */
7045  reply.cursor = REPLY_OPTIONS_INDEX;
7046  reply.cursor += store_options6(((char *)reply.buf.data
7047  + reply.cursor),
7048  (sizeof(reply.buf)
7049  - reply.cursor),
7050  reply.opt_state,
7051  reply.packet,
7052  unicast_reject_opts,
7053  NULL);
7054 
7055  /* Return our reply to the caller. */
7056  reply_ret->len = reply.cursor;
7057  reply_ret->buffer = NULL;
7058  if (!buffer_allocate(&reply_ret->buffer,
7059  reply.cursor, MDL)) {
7060  log_fatal("unicast_reject:"
7061  "No memory to store Reply.");
7062  }
7063 
7064  memcpy(reply_ret->buffer->data, reply.buf.data,
7065  reply.cursor);
7066  reply_ret->data = reply_ret->buffer->data;
7067  }
7068 
7069  }
7070 
7071  /* Cleanup. */
7072  if (reply.shared != NULL)
7073  shared_network_dereference(&reply.shared, MDL);
7074  if (reply.opt_state != NULL)
7075  option_state_dereference(&reply.opt_state, MDL);
7076  if (reply.packet != NULL)
7077  packet_dereference(&reply.packet, MDL);
7078  if (reply.client_id.data != NULL)
7079  data_string_forget(&reply.client_id, MDL);
7080 }
7081 
7100 isc_boolean_t
7101 is_unicast_option_defined(struct packet *packet) {
7102  isc_boolean_t is_defined = ISC_FALSE;
7103  struct option_state *opt_state = NULL;
7104  struct option_cache *oc = NULL;
7105  struct shared_network *shared = NULL;
7106 
7107  if (!option_state_allocate(&opt_state, MDL)) {
7108  log_fatal("is_unicast_option_defined:"
7109  "No memory for option state.");
7110  }
7111 
7112  /* We try to map the packet to a network first by an IA_XX value.
7113  * If that fails, we try by packet source. */
7114  if (((shared_network_from_requested_addr(&shared, packet)
7115  != ISC_R_SUCCESS) &&
7116  (shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS))
7117  || (shared == NULL)) {
7118  /* @todo what would this really mean? I think wrong network
7119  * logic will catch it */
7120  log_error("is_unicast_option_defined:"
7121  "cannot attribute packet to a network.");
7122  return (ISC_FALSE);
7123  }
7124 
7125  /* Now that we've mapped it to a network, execute statments to that
7126  * scope, looking for the unicast option. We don't care about the
7127  * value of the option, only whether or not it is defined. */
7128  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, opt_state,
7129  &global_scope, shared->group, NULL, NULL);
7130 
7131  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
7132  is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
7133  log_debug("is_unicast_option_defined: option found : %d", is_defined);
7134 
7135  if (shared != NULL) {
7136  shared_network_dereference(&shared, MDL);
7137  }
7138 
7139  if (opt_state != NULL) {
7140  option_state_dereference(&opt_state, MDL);
7141  }
7142 
7143  return (is_defined);
7144 }
7145 
7161 static isc_result_t
7162 shared_network_from_requested_addr (struct shared_network **shared,
7163  struct packet* packet) {
7164  struct iaddr iaddr;
7165  struct subnet* subnet = NULL;
7166  isc_result_t status = ISC_R_FAILURE;
7167 
7168  /* Try to match first IA_ address or prefix we find to a subnet. In
7169  * theory all IA_ values in a given request are supposed to be in the
7170  * same subnet so we only need to try one right? */
7171  if ((get_first_ia_addr_val(packet, D6O_IA_NA, &iaddr) != ISC_R_SUCCESS)
7172  && (get_first_ia_addr_val(packet, D6O_IA_PD, &iaddr)
7173  != ISC_R_SUCCESS)
7174  && (get_first_ia_addr_val(packet, D6O_IA_TA, &iaddr)
7175  != ISC_R_SUCCESS)) {
7176  /* we found nothing to match against */
7177  log_debug("share_network_from_request_addr: nothing to match");
7178  return (ISC_R_FAILURE);
7179  }
7180 
7181  if (!find_subnet(&subnet, iaddr, MDL)) {
7182  log_debug("shared_network_from_requested_addr:"
7183  "No subnet found for addr %s.", piaddr(iaddr));
7184  } else {
7185  status = shared_network_reference(shared,
7186  subnet->shared_network, MDL);
7187  subnet_dereference(&subnet, MDL);
7188  log_debug("shared_network_from_requested_addr:"
7189  " found shared network %s for address %s.",
7190  ((*shared)->name ? (*shared)->name : "unnamed"),
7191  piaddr(iaddr));
7192  return (status);
7193  }
7194 
7195  return (ISC_R_FAILURE);
7196 }
7197 
7216 static isc_result_t
7217 get_first_ia_addr_val (struct packet* packet, int addr_type,
7218  struct iaddr* iaddr) {
7219  struct option_cache *ia;
7220  struct option_cache *oc = NULL;
7221  struct data_string cli_enc_opt_data;
7222  struct option_state *cli_enc_opt_state;
7223  int addr_opt_offset;
7224  int addr_opt;
7225  int addr_opt_data_len;
7226  int ip_addr_offset;
7227 
7228  isc_result_t status = ISC_R_FAILURE;
7229  memset(iaddr, 0, sizeof(struct iaddr));
7230 
7231  /* Set up address type specifics */
7232  switch (addr_type) {
7233  case D6O_IA_NA:
7234  addr_opt_offset = IA_NA_OFFSET;
7235  addr_opt = D6O_IAADDR;
7236  addr_opt_data_len = 24;
7237  ip_addr_offset = 0;
7238  break;
7239  case D6O_IA_TA:
7240  addr_opt_offset = IA_TA_OFFSET;
7241  addr_opt = D6O_IAADDR;
7242  addr_opt_data_len = 24;
7243  ip_addr_offset = 0;
7244  break;
7245  case D6O_IA_PD:
7246  addr_opt_offset = IA_PD_OFFSET;
7247  addr_opt = D6O_IAPREFIX;
7248  addr_opt_data_len = 25;
7249  ip_addr_offset = 9;
7250  break;
7251  default:
7252  /* shouldn't be here */
7253  log_error ("get_first_ia_addr_val: invalid opt type %d",
7254  addr_type);
7255  return (ISC_R_FAILURE);
7256  }
7257 
7258  /* Find the first, non-blank IA_XX value within an D6O_IA_XX option. */
7259  for (ia = lookup_option(&dhcpv6_universe, packet->options, addr_type);
7260  ia != NULL && oc == NULL; ia = ia->next) {
7261  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
7262  &cli_enc_opt_data,
7263  packet, ia, addr_opt_offset)) {
7264  log_debug ("get_first_ia_addr_val:"
7265  " couldn't unroll enclosing option");
7266  return (ISC_R_FAILURE);
7267  }
7268 
7269  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
7270  addr_opt);
7271  if (oc == NULL) {
7272  /* no address given for this IA, ignore */
7273  option_state_dereference(&cli_enc_opt_state, MDL);
7274  data_string_forget(&cli_enc_opt_data, MDL);
7275  }
7276  }
7277 
7278  /* If we found a non-blank IA_XX then extract its ip address. */
7279  if (oc != NULL) {
7280  struct data_string iaddr_str;
7281 
7282  memset(&iaddr_str, 0, sizeof(iaddr_str));
7283  if (!evaluate_option_cache(&iaddr_str, packet, NULL, NULL,
7284  packet->options, NULL, &global_scope,
7285  oc, MDL)) {
7286  log_error("get_first_ia_addr_val: "
7287  "error evaluating IA_XX option.");
7288  } else {
7289  if (iaddr_str.len != addr_opt_data_len) {
7290  log_error("shared_network_from_requested_addr:"
7291  " invalid length %d, expected %d",
7292  iaddr_str.len, addr_opt_data_len);
7293  } else {
7294  iaddr->len = 16;
7295  memcpy (iaddr->iabuf,
7296  iaddr_str.data + ip_addr_offset, 16);
7297  status = ISC_R_SUCCESS;
7298  }
7299  data_string_forget(&iaddr_str, MDL);
7300  }
7301 
7302  option_state_dereference(&cli_enc_opt_state, MDL);
7303  data_string_forget(&cli_enc_opt_data, MDL);
7304  }
7305 
7306  return (status);
7307 }
7308 
7309 #endif /* DHCPv6 */
7310 
#define FTS_ABANDONED
Definition: dhcpd.h:531
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define DHCPD_SIX_RELAY_FORW_DONE()
Definition: probes.h:416
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1444
struct ipv6_pond * next
Definition: dhcpd.h:1686
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:928
unsigned char peer_address[16]
Definition: dhcp6.h:194
#define DHCPD_SIX_INFORMATION_REQUEST_START()
Definition: probes.h:383
const char int line
Definition: dhcpd.h:3676
#define D6O_IAADDR
Definition: dhcp6.h:35
struct binding_scope * global_scope
Definition: tree.c:39
#define STATUS_NoBinding
Definition: dhcp6.h:86
#define DHCPV6_RELEASE
Definition: dhcp6.h:105
struct subnet * subnets
Definition: dhcpd.h:1021
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1234
#define DHCPD_SIX_SOLICIT_DONE()
Definition: probes.h:240
Definition: dhcpd.h:550
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:310
unsigned len
Definition: tree.h:80
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:623
isc_uint64_t num_active
Definition: dhcpd.h:1699
struct shared_network * shared_network
Definition: dhcpd.h:1327
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:581
u_int8_t hlen
Definition: dhcpd.h:483
Definition: dhcpd.h:1620
#define D6O_STATUS_CODE
Definition: dhcp6.h:43
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:414
isc_boolean_t server_duid_isset(void)
const char * name
Definition: tree.h:42
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:195
int units
Definition: dhcpd.h:1659
int prefix_length_mode
Definition: dhcpd.c:86
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:402
#define PLM_EXACT
Definition: dhcpd.h:846
#define DHCPD_SIX_RELAY_FORW_START()
Definition: probes.h:405
unsigned char msg_type
Definition: dhcp6.h:179
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:57
Definition: dhcpd.h:1031
struct universe server_universe
Definition: stables.c:175
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
#define HTYPE_RESERVED
Definition: dhcp.h:84
#define MDL
Definition: omapip.h:568
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1372
#define D6O_PREFERENCE
Definition: dhcp6.h:37
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:639
unsigned char iabuf[16]
Definition: inet.h:33
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2533
#define IA_PD_OFFSET
Definition: dhcp6.h:126
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:85
#define DHCPD_SIX_RELEASE_DONE()
Definition: probes.h:372
const char * dhcpv6_type_names[]
Definition: tables.c:619
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:104
#define DHCPV6_REQUEST
Definition: dhcp6.h:100
int last_ipv6_pool
Definition: dhcpd.h:1696
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:107
#define IAADDR_OFFSET
Definition: dhcp6.h:129
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:752
struct group * group
Definition: dhcpd.h:1025
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:44
#define PLM_PREFER
Definition: dhcpd.h:845
struct universe dhcp_universe
#define D6O_SERVERID
Definition: dhcp6.h:32
#define STATUS_NotOnLink
Definition: dhcp6.h:87
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1340
struct option_cache * next
Definition: dhcpd.h:387
struct shared_network * shared_network
Definition: dhcpd.h:1688
#define DHCPD_SIX_RENEW_DONE()
Definition: probes.h:306
#define D6O_INTERFACE_ID
Definition: dhcp6.h:48
#define DHCPD_SIX_DECLINE_DONE()
Definition: probes.h:350
struct option_cache * fixed_addr
Definition: dhcpd.h:942
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:191
#define DUID_LL
Definition: dhcp6.h:121
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2751
u_int32_t valid
Definition: dhcpd.h:1596
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1626
#define FTS_EXPIRED
Definition: dhcpd.h:529
struct on_star on_star
Definition: dhcpd.h:1617
int known
Definition: dhcpd.h:451
struct binding_scope * scope
Definition: dhcpd.h:1592
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1670
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:151
#define STATUS_Success
Definition: dhcp6.h:83
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:124
int find_hosts_by_haddr(struct host_decl **, int, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:611
#define DHCPD_SIX_RENEW_START()
Definition: probes.h:295
int logged
Definition: dhcpd.h:1701
#define DHCPD_SIX_SOLICIT_START()
Definition: probes.h:229
#define D6O_CLIENTID
Definition: dhcp6.h:31
struct permit * prohibit_list
Definition: dhcpd.h:1691
Definition: dhcpd.h:543
#define DHCPD_SIX_REBIND_DONE()
Definition: probes.h:328
struct option_state * options
Definition: dhcpd.h:443
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:417
unsigned char link_address[16]
Definition: dhcp6.h:193
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:411
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1344
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:110
int client_port
Definition: dhcpd.h:425
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:111
#define D6O_IA_TA
Definition: dhcp6.h:34
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:117
#define PLM_MINIMUM
Definition: dhcpd.h:847
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:792
#define DHCPD_SIX_DECLINE_START()
Definition: probes.h:339
#define D6O_UNICAST
Definition: dhcp6.h:42
#define DHCPD_SIX_REQUEST_DONE()
Definition: probes.h:262
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1597
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:36
#define SV_DDNS_UPDATES
Definition: dhcpd.h:729
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1289
#define D6O_IAPREFIX
Definition: dhcp6.h:56
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:563
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:185
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1622
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:1986
#define DUID_TIME_EPOCH
Definition: dhcp6.h:209
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:847
time_t hard_lifetime_end_time
Definition: dhcpd.h:1593
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2688
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:89
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1054
Definition: dhcpd.h:985
#define DHCPV6_RENEW
Definition: dhcp6.h:102
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1598
struct iaddr net
Definition: dhcpd.h:1038
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:680
struct interface_info * interface
Definition: dhcpd.h:427
#define PLM_IGNORE
Definition: dhcpd.h:844
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
#define PLM_MAXIMUM
Definition: dhcpd.h:848
struct enumeration_value * values
Definition: tree.h:50
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:103
u_int16_t local_port
Definition: dhclient.c:88
Definition: dhcpd.h:405
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:822
u_int8_t plen
Definition: dhcpd.h:1590
#define cur_time
Definition: dhcpd.h:2041
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:109
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2390
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:73
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:953
u_int32_t prefer
Definition: dhcpd.h:1595
struct host_decl * n_ipaddr
Definition: dhcpd.h:932
int jumbo_range
Definition: dhcpd.h:1703
struct hardware hw_address
Definition: dhcpd.h:1329
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2348
#define IA_TA_OFFSET
Definition: dhcp6.h:125
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2535
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:4807
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1624
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1695
binding_state_t state
Definition: dhcpd.h:1591
int packet6_len_okay(const char *packet, int len)
Definition: options.c:3977
struct interface_info * interfaces
Definition: discover.c:43
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:1035
int find_hosts_by_uid(struct host_decl **, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:631
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:168
struct group * group
Definition: dhcpd.h:1041
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2094
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:112
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:132
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1654
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:931
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2414
#define FIND_POND6_PERCENT(count, percent)
Definition: dhcpd.h:3786
u_int32_t getUChar(const unsigned char *)
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:943
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:912
ia_hash_t * ia_pd_active
Definition: dhcpd.h:918
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1039
const int dhcpv6_type_name_max
Definition: tables.c:637
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:305
unsigned char hop_count
Definition: dhcp6.h:192
#define DHCPD_SIX_CONFIRM_START()
Definition: probes.h:273
isc_uint64_t low_threshold
Definition: dhcpd.h:1702
struct interface_info * next
Definition: dhcpd.h:1326
struct universe dhcpv6_universe
Definition: tables.c:329
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1804
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2722
#define D6O_IA_NA
Definition: dhcp6.h:33
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2534
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1082
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1016
const char int
Definition: omapip.h:443
struct iaddr netmask
Definition: dhcpd.h:1039
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:260
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:99
#define DHCPD_SIX_REQUEST_START()
Definition: probes.h:251
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:791
isc_uint64_t num_abandoned
Definition: dhcpd.h:1700
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:338
#define D6O_ORO
Definition: dhcp6.h:36
struct subnet * next_sibling
Definition: dhcpd.h:1034
isc_boolean_t unicast
Definition: dhcpd.h:464
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:438
unsigned char data[1]
Definition: tree.h:63
unsigned char transaction_id[3]
Definition: dhcp6.h:180
time_t soft_lifetime_end_time
Definition: dhcpd.h:1594
struct iaddr lo_addr
Definition: inet.h:71
#define DHCPD_SIX_INFORMATION_REQUEST_DONE()
Definition: probes.h:394
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:700
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:484
#define DHCPV6_CONFIRM
Definition: dhcp6.h:101
struct iaddr client_addr
Definition: dhcpd.h:426
ipv6_pond structure
Definition: dhcpd.h:1684
#define HARDWARE_ADDR_LEN
Definition: dhcpd.h:477
#define DHCPD_SIX_CONFIRM_DONE()
Definition: probes.h:284
isc_uint64_t num_total
Definition: dhcpd.h:1698
#define D6O_IA_PD
Definition: dhcp6.h:55
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:185
#define DUID_LLT
Definition: dhcp6.h:119
struct iasubopt ** iasubopt
Definition: dhcpd.h:1627
int write_ia(const struct ia_xx *)
Definition: db.c:515
struct ia_xx * ia
Definition: dhcpd.h:1597
u_int16_t remote_port
Definition: dhclient.c:89
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:150
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:419
const char * file
Definition: dhcpd.h:3676
char * name
Definition: dhcpd.h:1016
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1715
#define DHCPD_SIX_RELEASE_START()
Definition: probes.h:361
#define DHCPD_SIX_REBIND_START()
Definition: probes.h:317
struct shared_network * shared_network
Definition: dhcpd.h:1667
struct in6_addr addr
Definition: dhcpd.h:1589
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:376
struct executable_statement * on_commit
Definition: dhcpd.h:545
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:755
const unsigned char * data
Definition: tree.h:79
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2203
isc_result_t generate_new_server_duid(void)
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1324
#define D6O_RELAY_MSG
Definition: dhcp6.h:39
struct permit * permit_list
Definition: dhcpd.h:1690
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:50
struct enumeration prefix_length_modes
Definition: stables.c:360
u_int16_t pool_type
Definition: dhcpd.h:1656
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:108
#define DHCPV6_DECLINE
Definition: dhcp6.h:106
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:418
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:181
void classify_client(struct packet *)
Definition: class.c:63
struct group * group
Definition: dhcpd.h:1687
#define DHCPV6_SOLICIT
Definition: dhcp6.h:98
struct buffer * buffer
Definition: tree.h:78
#define TRACE(probe)
Definition: trace.h:10
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:756
#define STATUS_UseMulticast
Definition: dhcp6.h:88
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:422
#define FTS_ACTIVE
Definition: dhcpd.h:528
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:233