ISC DHCP  4.3.1
A reference DHCPv4 and DHCPv6 implementation
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2014 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 #include "trace.h"
21 
22 #ifdef DHCPv6
23 
24 /*
25  * We use print_hex_1() to output DUID values. We could actually output
26  * the DUID with more information... MAC address if using type 1 or 3,
27  * and so on. However, RFC 3315 contains Grave Warnings against actually
28  * attempting to understand a DUID.
29  */
30 
31 /*
32  * TODO: gettext() or other method of localization for the messages
33  * for status codes (and probably for log formats eventually)
34  * TODO: refactoring (simplify, simplify, simplify)
35  * TODO: support multiple shared_networks on each interface (this
36  * will allow the server to issue multiple IPv6 addresses to
37  * a single interface)
38  */
39 
40 /*
41  * DHCPv6 Reply workflow assist. A Reply packet is built by various
42  * different functions; this gives us one location where we keep state
43  * regarding a reply.
44  */
45 struct reply_state {
46  /* root level persistent state */
47  struct shared_network *shared;
48  struct host_decl *host;
49  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
50  struct option_state *opt_state;
51  struct packet *packet;
52  struct data_string client_id;
53 
54  /* IA level persistent state */
55  unsigned ia_count;
56  unsigned pd_count;
57  unsigned client_resources;
58  isc_boolean_t resources_included;
59  isc_boolean_t static_lease;
60  unsigned static_prefixes;
61  struct ia_xx *ia;
62  struct ia_xx *old_ia;
63  struct option_state *reply_ia;
64  struct data_string fixed;
65  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
66 
67  /* IAADDR/PREFIX level persistent state */
68  struct iasubopt *lease;
69 
70  /*
71  * "t1", "t2", preferred, and valid lifetimes records for calculating
72  * t1 and t2 (min/max).
73  */
74  u_int32_t renew, rebind, prefer, valid;
75 
76  /* Client-requested valid and preferred lifetimes. */
77  u_int32_t client_valid, client_prefer;
78 
79  /* Chosen values to transmit for valid and preferred lifetimes. */
80  u_int32_t send_valid, send_prefer;
81 
82  /* Preferred prefix length (-1 is any). */
83  int preflen;
84 
85  /* Index into the data field that has been consumed. */
86  unsigned cursor;
87 
88  /* Space for the on commit statements for a fixed host */
89  struct on_star on_star;
90 
91  union reply_buffer {
92  unsigned char data[65536];
93  struct dhcpv6_packet reply;
94  } buf;
95 };
96 
97 /*
98  * Prototypes local to this file.
99  */
100 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
101  struct data_string *enc_opt_data,
102  struct packet *packet,
103  struct option_cache *oc,
104  int offset);
105 static void build_dhcpv6_reply(struct data_string *, struct packet *);
106 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
107  struct packet *packet);
108 static void seek_shared_host(struct host_decl **hp,
109  struct shared_network *shared);
110 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
111  struct shared_network *shared);
112 static isc_result_t reply_process_ia_na(struct reply_state *reply,
113  struct option_cache *ia);
114 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
115  struct option_cache *ia);
116 static isc_result_t reply_process_addr(struct reply_state *reply,
117  struct option_cache *addr);
118 static isc_boolean_t address_is_owned(struct reply_state *reply,
119  struct iaddr *addr);
120 static isc_boolean_t temporary_is_available(struct reply_state *reply,
121  struct iaddr *addr);
122 static isc_result_t find_client_temporaries(struct reply_state *reply);
123 static isc_result_t reply_process_try_addr(struct reply_state *reply,
124  struct iaddr *addr);
125 static isc_result_t find_client_address(struct reply_state *reply);
126 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
127  struct binding_scope **scope,
128  struct group *group);
129 static isc_result_t reply_process_send_addr(struct reply_state *reply,
130  struct iaddr *addr);
131 static struct iasubopt *lease_compare(struct iasubopt *alpha,
132  struct iasubopt *beta);
133 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
134  struct option_cache *ia_pd);
135 static isc_result_t reply_process_prefix(struct reply_state *reply,
136  struct option_cache *pref);
137 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
138  struct iaddrcidrnet *pref);
139 static isc_result_t find_client_prefix(struct reply_state *reply);
140 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
141  struct iaddrcidrnet *pref);
142 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
143  struct binding_scope **scope,
144  struct group *group);
145 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
146  struct iaddrcidrnet *pref);
147 static struct iasubopt *prefix_compare(struct reply_state *reply,
148  struct iasubopt *alpha,
149  struct iasubopt *beta);
150 static int find_hosts_by_duid_chaddr(struct host_decl **host,
151  const struct data_string *client_id);
152 static void schedule_lease_timeout_reply(struct reply_state *reply);
153 
154 /*
155  * Schedule lease timeouts for all of the iasubopts in the reply.
156  * This is currently used to schedule timeouts for soft leases.
157  */
158 
159 static void
160 schedule_lease_timeout_reply(struct reply_state *reply) {
161  struct iasubopt *tmp;
162  int i;
163 
164  /* sanity check the reply */
165  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
166  return;
167 
168  /* walk through the list, scheduling as we go */
169  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
170  tmp = reply->ia->iasubopt[i];
172  }
173 }
174 
175 /*
176  * This function returns the time since DUID time start for the
177  * given time_t value.
178  */
179 static u_int32_t
180 duid_time(time_t when) {
181  /*
182  * This time is modulo 2^32.
183  */
184  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
185  /* use 2^31 to avoid spurious compiler warnings */
186  when -= 2147483648u;
187  when -= 2147483648u;
188  }
189 
190  return when - DUID_TIME_EPOCH;
191 }
192 
193 
194 /*
195  * Server DUID.
196  *
197  * This must remain the same for the lifetime of this server, because
198  * clients return the server DUID that we sent them in Request packets.
199  *
200  * We pick the server DUID like this:
201  *
202  * 1. Check dhcpd.conf - any value the administrator has configured
203  * overrides any possible values.
204  * 2. Check the leases.txt - we want to use the previous value if
205  * possible.
206  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
207  * and generate that type.
208  * 4. Generate a type 1 (time + hardware address) DUID.
209  */
210 static struct data_string server_duid;
211 
212 /*
213  * Check if the server_duid has been set.
214  */
215 isc_boolean_t
216 server_duid_isset(void) {
217  return (server_duid.data != NULL);
218 }
219 
220 /*
221  * Return the server_duid.
222  */
223 void
224 copy_server_duid(struct data_string *ds, const char *file, int line) {
225  data_string_copy(ds, &server_duid, file, line);
226 }
227 
228 /*
229  * Set the server DUID to a specified value. This is used when
230  * the server DUID is stored in persistent memory (basically the
231  * leases.txt file).
232  */
233 void
234 set_server_duid(struct data_string *new_duid) {
235  /* INSIST(new_duid != NULL); */
236  /* INSIST(new_duid->data != NULL); */
237 
238  if (server_duid_isset()) {
239  data_string_forget(&server_duid, MDL);
240  }
241  data_string_copy(&server_duid, new_duid, MDL);
242 }
243 
244 
245 /*
246  * Set the server DUID based on the D6O_SERVERID option. This handles
247  * the case where the administrator explicitly put it in the dhcpd.conf
248  * file.
249  */
250 isc_result_t
252  struct option_state *opt_state;
253  struct option_cache *oc;
254  struct data_string option_duid;
255  isc_result_t ret_val;
256 
257  opt_state = NULL;
258  if (!option_state_allocate(&opt_state, MDL)) {
259  log_fatal("No memory for server DUID.");
260  }
261 
262  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
263  opt_state, &global_scope, root_group,
264  NULL, NULL);
265 
266  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
267  if (oc == NULL) {
268  ret_val = ISC_R_NOTFOUND;
269  } else {
270  memset(&option_duid, 0, sizeof(option_duid));
271  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
272  opt_state, NULL, &global_scope,
273  oc, MDL)) {
274  ret_val = ISC_R_UNEXPECTED;
275  } else {
276  set_server_duid(&option_duid);
277  data_string_forget(&option_duid, MDL);
278  ret_val = ISC_R_SUCCESS;
279  }
280  }
281 
282  option_state_dereference(&opt_state, MDL);
283 
284  return ret_val;
285 }
286 
287 /*
288  * DUID layout, as defined in RFC 3315, section 9.
289  *
290  * We support type 1 (hardware address plus time) and type 3 (hardware
291  * address).
292  *
293  * We can support type 2 for specific vendors in the future, if they
294  * publish the specification. And of course there may be additional
295  * types later.
296  */
297 static int server_duid_type = DUID_LLT;
298 
299 /*
300  * Set the DUID type.
301  */
302 void
303 set_server_duid_type(int type) {
304  server_duid_type = type;
305 }
306 
307 /*
308  * Generate a new server DUID. This is done if there was no DUID in
309  * the leases.txt or in the dhcpd.conf file.
310  */
311 isc_result_t
313  struct interface_info *p;
314  u_int32_t time_val;
315  struct data_string generated_duid;
316 
317  /*
318  * Verify we have a type that we support.
319  */
320  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
321  log_error("Invalid DUID type %d specified, "
322  "only LL and LLT types supported", server_duid_type);
323  return DHCP_R_INVALIDARG;
324  }
325 
326  /*
327  * Find an interface with a hardware address.
328  * Any will do. :)
329  */
330  for (p = interfaces; p != NULL; p = p->next) {
331  if (p->hw_address.hlen > 0) {
332  break;
333  }
334  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
335  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
336  }
337  }
338  if (p == NULL) {
339  return ISC_R_UNEXPECTED;
340  }
341 
342  /*
343  * Build our DUID.
344  */
345  memset(&generated_duid, 0, sizeof(generated_duid));
346  if (server_duid_type == DUID_LLT) {
347  time_val = duid_time(time(NULL));
348  generated_duid.len = 8 + p->hw_address.hlen - 1;
349  if (!buffer_allocate(&generated_duid.buffer,
350  generated_duid.len, MDL)) {
351  log_fatal("No memory for server DUID.");
352  }
353  generated_duid.data = generated_duid.buffer->data;
354  putUShort(generated_duid.buffer->data, DUID_LLT);
355  putUShort(generated_duid.buffer->data + 2,
356  p->hw_address.hbuf[0]);
357  putULong(generated_duid.buffer->data + 4, time_val);
358  memcpy(generated_duid.buffer->data + 8,
359  p->hw_address.hbuf+1, p->hw_address.hlen-1);
360  } else if (server_duid_type == DUID_LL) {
361  generated_duid.len = 4 + p->hw_address.hlen - 1;
362  if (!buffer_allocate(&generated_duid.buffer,
363  generated_duid.len, MDL)) {
364  log_fatal("No memory for server DUID.");
365  }
366  generated_duid.data = generated_duid.buffer->data;
367  putUShort(generated_duid.buffer->data, DUID_LL);
368  putUShort(generated_duid.buffer->data + 2,
369  p->hw_address.hbuf[0]);
370  memcpy(generated_duid.buffer->data + 4,
371  p->hw_address.hbuf+1, p->hw_address.hlen-1);
372  } else {
373  log_fatal("Unsupported server DUID type %d.", server_duid_type);
374  }
375 
376  set_server_duid(&generated_duid);
377  data_string_forget(&generated_duid, MDL);
378 
379  return ISC_R_SUCCESS;
380 }
381 
382 /*
383  * Is the D6O_UNICAST option defined in dhcpd.conf ?
384  */
385 static isc_boolean_t unicast_option_defined;
386 
387 /*
388  * Did we already search dhcpd.conf for D6O_UNICAST option ?
389  * We need to store it here to not parse dhcpd.conf repeatedly.
390  */
391 static isc_boolean_t unicast_option_parsed = ISC_FALSE;
392 
393 
394 /*
395  * Is the D6O_UNICAST option defined in dhcpd.conf ?
396  */
397 isc_boolean_t
398 is_unicast_option_defined(void) {
399  struct option_state *opt_state;
400  struct option_cache *oc;
401 
402  /*
403  * If we are looking for the unicast option for the first time
404  */
405  if (unicast_option_parsed == ISC_FALSE) {
406  unicast_option_parsed = ISC_TRUE;
407  opt_state = NULL;
408  if (!option_state_allocate(&opt_state, MDL)) {
409  log_fatal("No memory for option state.");
410  }
411 
412  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
413  opt_state, &global_scope, root_group, NULL, NULL);
414 
415  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
416  unicast_option_defined = (oc != NULL);
417 
418  option_state_dereference(&opt_state, MDL);
419  }
420 
421  return (unicast_option_defined);
422 }
423 
424 /*
425  * Get the client identifier from the packet.
426  */
427 isc_result_t
428 get_client_id(struct packet *packet, struct data_string *client_id) {
429  struct option_cache *oc;
430 
431  /*
432  * Verify our client_id structure is empty.
433  */
434  if ((client_id->data != NULL) || (client_id->len != 0)) {
435  return DHCP_R_INVALIDARG;
436  }
437 
439  if (oc == NULL) {
440  return ISC_R_NOTFOUND;
441  }
442 
443  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
444  packet->options, NULL,
445  &global_scope, oc, MDL)) {
446  return ISC_R_FAILURE;
447  }
448 
449  return ISC_R_SUCCESS;
450 }
451 
452 /*
453  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
454  *
455  * Servers MUST discard any Solicit messages that do not include a
456  * Client Identifier option or that do include a Server Identifier
457  * option.
458  */
459 int
460 valid_client_msg(struct packet *packet, struct data_string *client_id) {
461  int ret_val;
462  struct option_cache *oc;
463  struct data_string data;
464 
465  ret_val = 0;
466  memset(client_id, 0, sizeof(*client_id));
467  memset(&data, 0, sizeof(data));
468 
469  switch (get_client_id(packet, client_id)) {
470  case ISC_R_SUCCESS:
471  break;
472  case ISC_R_NOTFOUND:
473  log_debug("Discarding %s from %s; "
474  "client identifier missing",
476  piaddr(packet->client_addr));
477  goto exit;
478  default:
479  log_error("Error processing %s from %s; "
480  "unable to evaluate Client Identifier",
482  piaddr(packet->client_addr));
483  goto exit;
484  }
485 
486  /*
487  * Required by RFC 3315, section 15.
488  */
489  if (packet->unicast) {
490  log_debug("Discarding %s from %s; packet sent unicast "
491  "(CLIENTID %s)",
493  piaddr(packet->client_addr),
494  print_hex_1(client_id->len, client_id->data, 60));
495  goto exit;
496  }
497 
498 
500  if (oc != NULL) {
501  if (evaluate_option_cache(&data, packet, NULL, NULL,
502  packet->options, NULL,
503  &global_scope, oc, MDL)) {
504  log_debug("Discarding %s from %s; "
505  "server identifier found "
506  "(CLIENTID %s, SERVERID %s)",
508  piaddr(packet->client_addr),
509  print_hex_1(client_id->len,
510  client_id->data, 60),
511  print_hex_2(data.len,
512  data.data, 60));
513  } else {
514  log_debug("Discarding %s from %s; "
515  "server identifier found "
516  "(CLIENTID %s)",
518  print_hex_1(client_id->len,
519  client_id->data, 60),
520  piaddr(packet->client_addr));
521  }
522  goto exit;
523  }
524 
525  /* looks good */
526  ret_val = 1;
527 
528 exit:
529  if (data.len > 0) {
531  }
532  if (!ret_val) {
533  if (client_id->len > 0) {
534  data_string_forget(client_id, MDL);
535  }
536  }
537  return ret_val;
538 }
539 
540 /*
541  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
542  * 15.9 (slightly different wording, but same meaning):
543  *
544  * Servers MUST discard any received Request message that meet any of
545  * the following conditions:
546  *
547  * - the message does not include a Server Identifier option.
548  * - the contents of the Server Identifier option do not match the
549  * server's DUID.
550  * - the message does not include a Client Identifier option.
551  */
552 int
553 valid_client_resp(struct packet *packet,
554  struct data_string *client_id,
555  struct data_string *server_id)
556 {
557  int ret_val;
558  struct option_cache *oc;
559 
560  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
561 
562  ret_val = 0;
563  memset(client_id, 0, sizeof(*client_id));
564  memset(server_id, 0, sizeof(*server_id));
565 
566  switch (get_client_id(packet, client_id)) {
567  case ISC_R_SUCCESS:
568  break;
569  case ISC_R_NOTFOUND:
570  log_debug("Discarding %s from %s; "
571  "client identifier missing",
573  piaddr(packet->client_addr));
574  goto exit;
575  default:
576  log_error("Error processing %s from %s; "
577  "unable to evaluate Client Identifier",
579  piaddr(packet->client_addr));
580  goto exit;
581  }
582 
584  if (oc == NULL) {
585  log_debug("Discarding %s from %s: "
586  "server identifier missing (CLIENTID %s)",
588  piaddr(packet->client_addr),
589  print_hex_1(client_id->len, client_id->data, 60));
590  goto exit;
591  }
592  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
593  packet->options, NULL,
594  &global_scope, oc, MDL)) {
595  log_error("Error processing %s from %s; "
596  "unable to evaluate Server Identifier (CLIENTID %s)",
598  piaddr(packet->client_addr),
599  print_hex_1(client_id->len, client_id->data, 60));
600  goto exit;
601  }
602  if ((server_duid.len != server_id->len) ||
603  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
604  log_debug("Discarding %s from %s; "
605  "not our server identifier "
606  "(CLIENTID %s, SERVERID %s, server DUID %s)",
608  piaddr(packet->client_addr),
609  print_hex_1(client_id->len, client_id->data, 60),
610  print_hex_2(server_id->len, server_id->data, 60),
611  print_hex_3(server_duid.len, server_duid.data, 60));
612  goto exit;
613  }
614 
615  /* looks good */
616  ret_val = 1;
617 
618 exit:
619  if (!ret_val) {
620  if (server_id->len > 0) {
621  data_string_forget(server_id, MDL);
622  }
623  if (client_id->len > 0) {
624  data_string_forget(client_id, MDL);
625  }
626  }
627  return ret_val;
628 }
629 
630 /*
631  * Information request validation, defined in RFC 3315, section 15.12:
632  *
633  * Servers MUST discard any received Information-request message that
634  * meets any of the following conditions:
635  *
636  * - The message includes a Server Identifier option and the DUID in
637  * the option does not match the server's DUID.
638  *
639  * - The message includes an IA option.
640  */
641 int
642 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
643  int ret_val;
644  struct option_cache *oc;
645  struct data_string client_id;
646  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
647  plus a few more for extra information */
648 
649  ret_val = 0;
650  memset(server_id, 0, sizeof(*server_id));
651  memset(&client_id, 0, sizeof(client_id));
652 
653  /*
654  * Make a string that we can print out to give more
655  * information about the client if we need to.
656  *
657  * By RFC 3315, Section 18.1.5 clients SHOULD have a
658  * client-id on an Information-request packet, but it
659  * is not strictly necessary.
660  */
661  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
662  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
663  print_hex_1(client_id.len, client_id.data, 60));
664  data_string_forget(&client_id, MDL);
665  } else {
666  client_id_str[0] = '\0';
667  }
668 
669  /*
670  * Required by RFC 3315, section 15.
671  */
672  if (packet->unicast) {
673  log_debug("Discarding %s from %s; packet sent unicast%s",
675  piaddr(packet->client_addr), client_id_str);
676  goto exit;
677  }
678 
680  if (oc != NULL) {
681  log_debug("Discarding %s from %s; "
682  "IA_NA option present%s",
684  piaddr(packet->client_addr), client_id_str);
685  goto exit;
686  }
688  if (oc != NULL) {
689  log_debug("Discarding %s from %s; "
690  "IA_TA option present%s",
692  piaddr(packet->client_addr), client_id_str);
693  goto exit;
694  }
696  if (oc != NULL) {
697  log_debug("Discarding %s from %s; "
698  "IA_PD option present%s",
700  piaddr(packet->client_addr), client_id_str);
701  goto exit;
702  }
703 
705  if (oc != NULL) {
706  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
707  packet->options, NULL,
708  &global_scope, oc, MDL)) {
709  log_error("Error processing %s from %s; "
710  "unable to evaluate Server Identifier%s",
712  piaddr(packet->client_addr), client_id_str);
713  goto exit;
714  }
715  if ((server_duid.len != server_id->len) ||
716  (memcmp(server_duid.data, server_id->data,
717  server_duid.len) != 0)) {
718  log_debug("Discarding %s from %s; "
719  "not our server identifier "
720  "(SERVERID %s, server DUID %s)%s",
722  piaddr(packet->client_addr),
723  print_hex_1(server_id->len,
724  server_id->data, 60),
725  print_hex_2(server_duid.len,
726  server_duid.data, 60),
727  client_id_str);
728  goto exit;
729  }
730  }
731 
732  /* looks good */
733  ret_val = 1;
734 
735 exit:
736  if (!ret_val) {
737  if (server_id->len > 0) {
738  data_string_forget(server_id, MDL);
739  }
740  }
741  return ret_val;
742 }
743 
744 /*
745  * Options that we want to send, in addition to what was requested
746  * via the ORO.
747  */
748 static const int required_opts[] = {
749  D6O_CLIENTID,
750  D6O_SERVERID,
753  0
754 };
755 static const int required_opts_NAA[] = {
756  D6O_CLIENTID,
757  D6O_SERVERID,
759  0
760 };
761 static const int required_opts_solicit[] = {
762  D6O_CLIENTID,
763  D6O_SERVERID,
764  D6O_IA_NA,
765  D6O_IA_TA,
766  D6O_IA_PD,
771  0
772 };
773 static const int required_opts_agent[] = {
776  0
777 };
778 static const int required_opts_IA[] = {
779  D6O_IAADDR,
781  0
782 };
783 static const int required_opts_IA_PD[] = {
784  D6O_IAPREFIX,
786  0
787 };
788 static const int required_opts_STATUS_CODE[] = {
790  0
791 };
792 
793 /*
794  * Extracts from packet contents an IA_* option, storing the IA structure
795  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
796  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
797  * where in the IA_* the DHCPv6 options commence.
798  */
799 static int
800 get_encapsulated_IA_state(struct option_state **enc_opt_state,
801  struct data_string *enc_opt_data,
802  struct packet *packet,
803  struct option_cache *oc,
804  int offset)
805 {
806  /*
807  * Get the raw data for the encapsulated options.
808  */
809  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
810  if (!evaluate_option_cache(enc_opt_data, packet,
811  NULL, NULL, packet->options, NULL,
812  &global_scope, oc, MDL)) {
813  log_error("get_encapsulated_IA_state: "
814  "error evaluating raw option.");
815  return 0;
816  }
817  if (enc_opt_data->len < offset) {
818  log_error("get_encapsulated_IA_state: raw option too small.");
819  data_string_forget(enc_opt_data, MDL);
820  return 0;
821  }
822 
823  /*
824  * Now create the option state structure, and pass it to the
825  * function that parses options.
826  */
827  *enc_opt_state = NULL;
828  if (!option_state_allocate(enc_opt_state, MDL)) {
829  log_error("get_encapsulated_IA_state: no memory for options.");
830  data_string_forget(enc_opt_data, MDL);
831  return 0;
832  }
833  if (!parse_option_buffer(*enc_opt_state,
834  enc_opt_data->data + offset,
835  enc_opt_data->len - offset,
836  &dhcpv6_universe)) {
837  log_error("get_encapsulated_IA_state: error parsing options.");
838  option_state_dereference(enc_opt_state, MDL);
839  data_string_forget(enc_opt_data, MDL);
840  return 0;
841  }
842 
843  return 1;
844 }
845 
846 static int
847 set_status_code(u_int16_t status_code, const char *status_message,
848  struct option_state *opt_state)
849 {
850  struct data_string d;
851  int ret_val;
852 
853  memset(&d, 0, sizeof(d));
854  d.len = sizeof(status_code) + strlen(status_message);
855  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
856  log_fatal("set_status_code: no memory for status code.");
857  }
858  d.data = d.buffer->data;
859  putUShort(d.buffer->data, status_code);
860  memcpy(d.buffer->data + sizeof(status_code),
861  status_message, d.len - sizeof(status_code));
862  if (!save_option_buffer(&dhcpv6_universe, opt_state,
863  d.buffer, (unsigned char *)d.data, d.len,
864  D6O_STATUS_CODE, 0)) {
865  log_error("set_status_code: error saving status code.");
866  ret_val = 0;
867  } else {
868  ret_val = 1;
869  }
870  data_string_forget(&d, MDL);
871  return ret_val;
872 }
873 
874 void check_pool6_threshold(struct reply_state *reply,
875  struct iasubopt *lease)
876 {
877  struct ipv6_pond *pond;
878  int used, count, high_threshold, poolhigh = 0, poollow = 0;
879  char *shared_name = "no name";
880  char tmp_addr[INET6_ADDRSTRLEN];
881 
882  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
883  return;
884  pond = lease->ipv6_pool->ipv6_pond;
885 
886  count = pond->num_total;
887  used = pond->num_active;
888 
889  /* The logged flag indicates if we have already crossed the high
890  * threshold and emitted a log message. If it is set we check to
891  * see if we have re-crossed the low threshold and need to reset
892  * things. When we cross the high threshold we determine what
893  * the low threshold is and save it into the low_threshold value.
894  * When we cross that threshold we reset the logged flag and
895  * the low_threshold to 0 which allows the high threshold message
896  * to be emitted once again.
897  * if we haven't recrossed the boundry we don't need to do anything.
898  */
899  if (pond->logged !=0) {
900  if (used <= pond->low_threshold) {
901  pond->low_threshold = 0;
902  pond->logged = 0;
903  log_error("Pool threshold reset - shared subnet: %s; "
904  "address: %s; low threshold %d/%d.",
905  shared_name,
906  inet_ntop(AF_INET6, &lease->addr,
907  tmp_addr, sizeof(tmp_addr)),
908  used, count);
909  }
910  return;
911  }
912 
913  /* find the high threshold */
914  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
915  NULL, reply->packet->options, reply->opt_state,
916  reply->opt_state, &lease->scope,
917  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
918  /* no threshold bail out */
919  return;
920  }
921 
922  /* We do have a threshold for this pool, see if its valid */
923  if ((poolhigh <= 0) || (poolhigh > 100)) {
924  /* not valid */
925  return;
926  }
927 
928  /* we have a valid value, have we exceeded it */
929  high_threshold = FIND_PERCENT(count, poolhigh);
930  if (used < high_threshold) {
931  /* nope, no more to do */
932  return;
933  }
934 
935  /* we've exceeded it, output a message */
936  if ((pond->shared_network != NULL) &&
937  (pond->shared_network->name != NULL)) {
938  shared_name = pond->shared_network->name;
939  }
940  log_error("Pool threshold exceeded - shared subnet: %s; "
941  "address: %s; high threshold %d%% %d/%d.",
942  shared_name,
943  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
944  poolhigh, used, count);
945 
946  /* handle the low threshold now, if we don't
947  * have one we default to 0. */
948  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
949  NULL, reply->packet->options, reply->opt_state,
950  reply->opt_state, &lease->scope,
951  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
952  (poollow > 100)) {
953  poollow = 0;
954  }
955 
956  /*
957  * If the low theshold is higher than the high threshold we continue to log
958  * If it isn't then we set the flag saying we already logged and determine
959  * what the reset threshold is.
960  */
961  if (poollow < poolhigh) {
962  pond->logged = 1;
963  pond->low_threshold = FIND_PERCENT(count, poollow);
964  }
965 }
966 
967 /*
968  * We have a set of operations we do to set up the reply packet, which
969  * is the same for many message types.
970  */
971 static int
972 start_reply(struct packet *packet,
973  const struct data_string *client_id,
974  const struct data_string *server_id,
975  struct option_state **opt_state,
976  struct dhcpv6_packet *reply)
977 {
978  struct option_cache *oc;
979  const unsigned char *server_id_data;
980  int server_id_len;
981 
982  /*
983  * Build our option state for reply.
984  */
985  *opt_state = NULL;
986  if (!option_state_allocate(opt_state, MDL)) {
987  log_error("start_reply: no memory for option_state.");
988  return 0;
989  }
990  execute_statements_in_scope(NULL, packet, NULL, NULL,
991  packet->options, *opt_state,
992  &global_scope, root_group, NULL, NULL);
993 
994  /*
995  * A small bit of special handling for Solicit messages.
996  *
997  * We could move the logic into a flag, but for now just check
998  * explicitly.
999  */
1000  if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
1001  reply->msg_type = DHCPV6_ADVERTISE;
1002 
1003  /*
1004  * If:
1005  * - this message type supports rapid commit (Solicit), and
1006  * - the server is configured to supply a rapid commit, and
1007  * - the client requests a rapid commit,
1008  * Then we add a rapid commit option, and send Reply (instead
1009  * of an Advertise).
1010  */
1012  *opt_state, D6O_RAPID_COMMIT);
1013  if (oc != NULL) {
1015  packet->options, D6O_RAPID_COMMIT);
1016  if (oc != NULL) {
1017  /* Rapid-commit in action. */
1018  reply->msg_type = DHCPV6_REPLY;
1019  } else {
1020  /* Don't want a rapid-commit in advertise. */
1022  *opt_state, D6O_RAPID_COMMIT);
1023  }
1024  }
1025  } else {
1026  reply->msg_type = DHCPV6_REPLY;
1027  /* Delete the rapid-commit from the sent options. */
1029  *opt_state, D6O_RAPID_COMMIT);
1030  if (oc != NULL) {
1032  *opt_state, D6O_RAPID_COMMIT);
1033  }
1034  }
1035 
1036  /*
1037  * Use the client's transaction identifier for the reply.
1038  */
1039  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
1040  sizeof(reply->transaction_id));
1041 
1042  /*
1043  * RFC 3315, section 18.2 says we need server identifier and
1044  * client identifier.
1045  *
1046  * If the server ID is defined via the configuration file, then
1047  * it will already be present in the option state at this point,
1048  * so we don't need to set it.
1049  *
1050  * If we have a server ID passed in from the caller,
1051  * use that, otherwise use the global DUID.
1052  */
1053  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1054  if (oc == NULL) {
1055  if (server_id == NULL) {
1056  server_id_data = server_duid.data;
1057  server_id_len = server_duid.len;
1058  } else {
1059  server_id_data = server_id->data;
1060  server_id_len = server_id->len;
1061  }
1062  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1063  NULL, (unsigned char *)server_id_data,
1064  server_id_len, D6O_SERVERID, 0)) {
1065  log_error("start_reply: "
1066  "error saving server identifier.");
1067  return 0;
1068  }
1069  }
1070 
1071  if (client_id->buffer != NULL) {
1072  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1073  client_id->buffer,
1074  (unsigned char *)client_id->data,
1075  client_id->len,
1076  D6O_CLIENTID, 0)) {
1077  log_error("start_reply: error saving "
1078  "client identifier.");
1079  return 0;
1080  }
1081  }
1082 
1083  /*
1084  * If the client accepts reconfiguration, let it know that we
1085  * will send them.
1086  *
1087  * Note: we don't actually do this yet, but DOCSIS requires we
1088  * claim to.
1089  */
1090  oc = lookup_option(&dhcpv6_universe, packet->options,
1092  if (oc != NULL) {
1093  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1094  NULL, (unsigned char *)"", 0,
1095  D6O_RECONF_ACCEPT, 0)) {
1096  log_error("start_reply: "
1097  "error saving RECONF_ACCEPT option.");
1098  option_state_dereference(opt_state, MDL);
1099  return 0;
1100  }
1101  }
1102 
1103  return 1;
1104 }
1105 
1106 /*
1107  * Try to get the IPv6 address the client asked for from the
1108  * pool.
1109  *
1110  * addr is the result (should be a pointer to NULL on entry)
1111  * pool is the pool to search in
1112  * requested_addr is the address the client wants
1113  */
1114 static isc_result_t
1115 try_client_v6_address(struct iasubopt **addr,
1116  struct ipv6_pool *pool,
1117  const struct data_string *requested_addr)
1118 {
1119  struct in6_addr tmp_addr;
1120  isc_result_t result;
1121 
1122  if (requested_addr->len < sizeof(tmp_addr)) {
1123  return DHCP_R_INVALIDARG;
1124  }
1125  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1126  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1127  return ISC_R_FAILURE;
1128  }
1129 
1130  /*
1131  * The address is not covered by this (or possibly any) dynamic
1132  * range.
1133  */
1134  if (!ipv6_in_pool(&tmp_addr, pool)) {
1135  return ISC_R_ADDRNOTAVAIL;
1136  }
1137 
1138  if (lease6_exists(pool, &tmp_addr)) {
1139  return ISC_R_ADDRINUSE;
1140  }
1141 
1142  result = iasubopt_allocate(addr, MDL);
1143  if (result != ISC_R_SUCCESS) {
1144  return result;
1145  }
1146  (*addr)->addr = tmp_addr;
1147  (*addr)->plen = 0;
1148 
1149  /* Default is soft binding for 2 minutes. */
1150  result = add_lease6(pool, *addr, cur_time + 120);
1151  if (result != ISC_R_SUCCESS) {
1152  iasubopt_dereference(addr, MDL);
1153  }
1154  return result;
1155 }
1156 
1157 
1179 static isc_result_t
1180 pick_v6_address(struct reply_state *reply)
1181 {
1182  struct ipv6_pool *p = NULL;
1183  struct ipv6_pond *pond;
1184  int i;
1185  int start_pool;
1186  unsigned int attempts;
1187  char tmp_buf[INET6_ADDRSTRLEN];
1188  struct iasubopt **addr = &reply->lease;
1189 
1190  /*
1191  * Do a quick walk through of the ponds and pools
1192  * to see if we have any NA address pools
1193  */
1194  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1195  if (pond->ipv6_pools == NULL)
1196  continue;
1197 
1198  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1199  if (p->pool_type == D6O_IA_NA)
1200  break;
1201  }
1202  if (p != NULL)
1203  break;
1204  }
1205 
1206  /* If we get here and p is NULL we have no useful pools */
1207  if (p == NULL) {
1208  log_debug("Unable to pick client address: "
1209  "no IPv6 pools on this shared network");
1210  return ISC_R_NORESOURCES;
1211  }
1212 
1213  /*
1214  * We have at least one pool that could provide an address
1215  * Now we walk through the ponds and pools again and check
1216  * to see if the client is permitted and if an address is
1217  * available
1218  *
1219  * Within a given pond we start looking at the last pool we
1220  * allocated from, unless it had a collision trying to allocate
1221  * an address. This will tend to move us into less-filled pools.
1222  */
1223 
1224  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1225  if (((pond->prohibit_list != NULL) &&
1226  (permitted(reply->packet, pond->prohibit_list))) ||
1227  ((pond->permit_list != NULL) &&
1228  (!permitted(reply->packet, pond->permit_list))))
1229  continue;
1230 
1231  start_pool = pond->last_ipv6_pool;
1232  i = start_pool;
1233  do {
1234  p = pond->ipv6_pools[i];
1235  if ((p->pool_type == D6O_IA_NA) &&
1236  (create_lease6(p, addr, &attempts,
1237  &reply->ia->iaid_duid,
1238  cur_time + 120) == ISC_R_SUCCESS)) {
1239  /*
1240  * Record the pool used (or next one if there
1241  * was a collision).
1242  */
1243  if (attempts > 1) {
1244  i++;
1245  if (pond->ipv6_pools[i] == NULL) {
1246  i = 0;
1247  }
1248  }
1249  pond->last_ipv6_pool = i;
1250 
1251  log_debug("Picking pool address %s",
1252  inet_ntop(AF_INET6, &((*addr)->addr),
1253  tmp_buf, sizeof(tmp_buf)));
1254  return (ISC_R_SUCCESS);
1255  }
1256 
1257  i++;
1258  if (pond->ipv6_pools[i] == NULL) {
1259  i = 0;
1260  }
1261  } while (i != start_pool);
1262  }
1263 
1264  /*
1265  * If we failed to pick an IPv6 address from any of the subnets.
1266  * Presumably that means we have no addresses for the client.
1267  */
1268  log_debug("Unable to pick client address: no addresses available");
1269  return ISC_R_NORESOURCES;
1270 }
1271 
1272 /*
1273  * Try to get the IPv6 prefix the client asked for from the
1274  * prefix pool.
1275  *
1276  * pref is the result (should be a pointer to NULL on entry)
1277  * pool is the prefix pool to search in
1278  * requested_pref is the address the client wants
1279  */
1280 static isc_result_t
1281 try_client_v6_prefix(struct iasubopt **pref,
1282  struct ipv6_pool *pool,
1283  const struct data_string *requested_pref)
1284 {
1285  u_int8_t tmp_plen;
1286  struct in6_addr tmp_pref;
1287  struct iaddr ia;
1288  isc_result_t result;
1289 
1290  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1291  return DHCP_R_INVALIDARG;
1292  }
1293  tmp_plen = (int) requested_pref->data[0];
1294  if ((tmp_plen < 3) || (tmp_plen > 128) ||
1295  ((int)tmp_plen != pool->units)) {
1296  return ISC_R_FAILURE;
1297  }
1298  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1299  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1300  return ISC_R_FAILURE;
1301  }
1302  ia.len = 16;
1303  memcpy(&ia.iabuf, &tmp_pref, 16);
1304  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1305  return ISC_R_FAILURE;
1306  }
1307 
1308  if (!ipv6_in_pool(&tmp_pref, pool)) {
1309  return ISC_R_ADDRNOTAVAIL;
1310  }
1311 
1312  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1313  return ISC_R_ADDRINUSE;
1314  }
1315 
1316  result = iasubopt_allocate(pref, MDL);
1317  if (result != ISC_R_SUCCESS) {
1318  return result;
1319  }
1320  (*pref)->addr = tmp_pref;
1321  (*pref)->plen = tmp_plen;
1322 
1323  /* Default is soft binding for 2 minutes. */
1324  result = add_lease6(pool, *pref, cur_time + 120);
1325  if (result != ISC_R_SUCCESS) {
1326  iasubopt_dereference(pref, MDL);
1327  }
1328  return result;
1329 }
1330 
1353 static isc_result_t
1354 pick_v6_prefix(struct reply_state *reply)
1355 {
1356  struct ipv6_pool *p = NULL;
1357  struct ipv6_pond *pond;
1358  int i;
1359  unsigned int attempts;
1360  char tmp_buf[INET6_ADDRSTRLEN];
1361  struct iasubopt **pref = &reply->lease;
1362 
1363  /*
1364  * Do a quick walk through of the ponds and pools
1365  * to see if we have any prefix pools
1366  */
1367  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1368  if (pond->ipv6_pools == NULL)
1369  continue;
1370 
1371  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1372  if (p->pool_type == D6O_IA_PD)
1373  break;
1374  }
1375  if (p != NULL)
1376  break;
1377  }
1378 
1379  /* If we get here and p is NULL we have no useful pools */
1380  if (p == NULL) {
1381  log_debug("Unable to pick client prefix: "
1382  "no IPv6 pools on this shared network");
1383  return ISC_R_NORESOURCES;
1384  }
1385 
1386  /*
1387  * We have at least one pool that could provide a prefix
1388  * Now we walk through the ponds and pools again and check
1389  * to see if the client is permitted and if an prefix is
1390  * available
1391  *
1392  */
1393 
1394  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1395  if (((pond->prohibit_list != NULL) &&
1396  (permitted(reply->packet, pond->prohibit_list))) ||
1397  ((pond->permit_list != NULL) &&
1398  (!permitted(reply->packet, pond->permit_list))))
1399  continue;
1400 
1401  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1402  if (p->pool_type != D6O_IA_PD) {
1403  continue;
1404  }
1405 
1406  /*
1407  * Try only pools with the requested prefix length if any.
1408  */
1409  if ((reply->preflen >= 0) && (p->units != reply->preflen)) {
1410  continue;
1411  }
1412 
1413  if (create_prefix6(p, pref, &attempts, &reply->ia->iaid_duid,
1414  cur_time + 120) == ISC_R_SUCCESS) {
1415  log_debug("Picking pool prefix %s/%u",
1416  inet_ntop(AF_INET6, &((*pref)->addr),
1417  tmp_buf, sizeof(tmp_buf)),
1418  (unsigned) (*pref)->plen);
1419 
1420  return (ISC_R_SUCCESS);
1421  }
1422  }
1423  }
1424 
1425  /*
1426  * If we failed to pick an IPv6 prefix
1427  * Presumably that means we have no prefixes for the client.
1428  */
1429  log_debug("Unable to pick client prefix: no prefixes available");
1430  return ISC_R_NORESOURCES;
1431 }
1432 
1433 /*
1434  *! \file server/dhcpv6.c
1435  *
1436  * \brief construct a reply containing information about a client's lease
1437  *
1438  * lease_to_client() is called from several messages to construct a
1439  * reply that contains all that we know about the client's correct lease
1440  * (or projected lease).
1441  *
1442  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1443  * send what we "may" give them on a request.
1444  *
1445  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1446  * the client should really use).
1447  *
1448  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1449  * Rebind out any "wrong" addresses the client sends. This means we send
1450  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1451  * possibly send the address with zeroed lifetimes.
1452  *
1453  * Information-Request - No binding.
1454  *
1455  * The basic structure is to traverse the client-supplied data first, and
1456  * validate and echo back any contents that can be. If the client-supplied
1457  * data does not error out (on renew/rebind as above), but we did not send
1458  * any addresses, attempt to allocate one.
1459  *
1460  * At the end of the this function we call commit_leases_timed() to
1461  * fsync and rotate the file as necessary. commit_leases_timed() will
1462  * check that we have written at least one lease to the file and that
1463  * some time has passed before doing any fsync or file rewrite so we
1464  * don't bother tracking if we did a write_ia during this function.
1465  */
1466 /* TODO: look at client hints for lease times */
1467 
1468 static void
1469 lease_to_client(struct data_string *reply_ret,
1470  struct packet *packet,
1471  const struct data_string *client_id,
1472  const struct data_string *server_id)
1473 {
1474  static struct reply_state reply;
1475  struct option_cache *oc;
1476  struct data_string packet_oro;
1477  int i;
1478 
1479  memset(&packet_oro, 0, sizeof(packet_oro));
1480 
1481  /* Locate the client. */
1482  if (shared_network_from_packet6(&reply.shared,
1483  packet) != ISC_R_SUCCESS)
1484  goto exit;
1485 
1486  /*
1487  * Initialize the reply.
1488  */
1489  packet_reference(&reply.packet, packet, MDL);
1490  data_string_copy(&reply.client_id, client_id, MDL);
1491 
1492  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1493  &reply.buf.reply))
1494  goto exit;
1495 
1496  /* Set the write cursor to just past the reply header. */
1497  reply.cursor = REPLY_OPTIONS_INDEX;
1498 
1499  /*
1500  * Get the ORO from the packet, if any.
1501  */
1502  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1503  if (oc != NULL) {
1504  if (!evaluate_option_cache(&packet_oro, packet,
1505  NULL, NULL,
1506  packet->options, NULL,
1507  &global_scope, oc, MDL)) {
1508  log_error("lease_to_client: error evaluating ORO.");
1509  goto exit;
1510  }
1511  }
1512 
1513  /*
1514  * Find a host record that matches from the packet, if any, and is
1515  * valid for the shared network the client is on.
1516  */
1517  if (find_hosts_by_uid(&reply.host, client_id->data, client_id->len,
1518  MDL)) {
1519  packet->known = 1;
1520  seek_shared_host(&reply.host, reply.shared);
1521  }
1522 
1523  if ((reply.host == NULL) &&
1524  find_hosts_by_option(&reply.host, packet, packet->options, MDL)) {
1525  packet->known = 1;
1526  seek_shared_host(&reply.host, reply.shared);
1527  }
1528 
1529  /*
1530  * Check for 'hardware' matches last, as some of the synthesis methods
1531  * are not considered to be as reliable.
1532  */
1533  if ((reply.host == NULL) &&
1534  find_hosts_by_duid_chaddr(&reply.host, client_id)) {
1535  packet->known = 1;
1536  seek_shared_host(&reply.host, reply.shared);
1537  }
1538 
1539  /* Process the client supplied IA's onto the reply buffer. */
1540  reply.ia_count = 0;
1542 
1543  for (; oc != NULL ; oc = oc->next) {
1544  isc_result_t status;
1545 
1546  /* Start counting resources (addresses) offered. */
1547  reply.client_resources = 0;
1548  reply.resources_included = ISC_FALSE;
1549 
1550  status = reply_process_ia_na(&reply, oc);
1551 
1552  /*
1553  * We continue to try other IA's whether we can address
1554  * this one or not. Any other result is an immediate fail.
1555  */
1556  if ((status != ISC_R_SUCCESS) &&
1557  (status != ISC_R_NORESOURCES))
1558  goto exit;
1559  }
1561  for (; oc != NULL ; oc = oc->next) {
1562  isc_result_t status;
1563 
1564  /* Start counting resources (addresses) offered. */
1565  reply.client_resources = 0;
1566  reply.resources_included = ISC_FALSE;
1567 
1568  status = reply_process_ia_ta(&reply, oc);
1569 
1570  /*
1571  * We continue to try other IA's whether we can address
1572  * this one or not. Any other result is an immediate fail.
1573  */
1574  if ((status != ISC_R_SUCCESS) &&
1575  (status != ISC_R_NORESOURCES))
1576  goto exit;
1577  }
1578 
1579  /* Same for IA_PD's. */
1580  reply.pd_count = 0;
1582  for (; oc != NULL ; oc = oc->next) {
1583  isc_result_t status;
1584 
1585  /* Start counting resources (prefixes) offered. */
1586  reply.client_resources = 0;
1587  reply.resources_included = ISC_FALSE;
1588 
1589  status = reply_process_ia_pd(&reply, oc);
1590 
1591  /*
1592  * We continue to try other IA_PD's whether we can address
1593  * this one or not. Any other result is an immediate fail.
1594  */
1595  if ((status != ISC_R_SUCCESS) &&
1596  (status != ISC_R_NORESOURCES))
1597  goto exit;
1598  }
1599 
1600  /*
1601  * Make no reply if we gave no resources and is not
1602  * for Information-Request.
1603  */
1604  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1605  if (reply.packet->dhcpv6_msg_type !=
1607  goto exit;
1608 
1609  /*
1610  * Because we only execute statements on a per-IA basis,
1611  * we need to execute statements in any non-IA reply to
1612  * source configuration.
1613  */
1614  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1615  reply.packet->options,
1616  reply.opt_state, &global_scope,
1617  reply.shared->group, root_group,
1618  NULL);
1619 
1620  /* Execute statements from class scopes. */
1621  for (i = reply.packet->class_count; i > 0; i--) {
1622  execute_statements_in_scope(NULL, reply.packet,
1623  NULL, NULL,
1624  reply.packet->options,
1625  reply.opt_state,
1626  &global_scope,
1627  reply.packet->classes[i - 1]->group,
1628  reply.shared->group, NULL);
1629  }
1630 
1631  /* Bring in any configuration from a host record. */
1632  if (reply.host != NULL)
1633  execute_statements_in_scope(NULL, reply.packet,
1634  NULL, NULL,
1635  reply.packet->options,
1636  reply.opt_state,
1637  &global_scope,
1638  reply.host->group,
1639  reply.shared->group, NULL);
1640  }
1641 
1642  /* reject unicast message, unless we set unicast option */
1643  if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined())
1644  /*
1645  * RFC3315 section 18.2.1 (Request):
1646  *
1647  * When the server receives a Request message via unicast from a client
1648  * to which the server has not sent a unicast option, the server
1649  * discards the Request message and responds with a Reply message
1650  * containing a Status Code option with the value UseMulticast, a Server
1651  * Identifier option containing the server's DUID, the Client Identifier
1652  * option from the client message, and no other options.
1653  *
1654  * Section 18.2.3 (Renew):
1655  *
1656  * When the server receives a Renew message via unicast from a client to
1657  * which the server has not sent a unicast option, the server discards
1658  * the Renew message and responds with a Reply message containing a
1659  * Status Code option with the value UseMulticast, a Server Identifier
1660  * option containing the server's DUID, the Client Identifier option
1661  * from the client message, and no other options.
1662  */
1663  {
1664  /* Set the UseMulticast status code. */
1665  if (!set_status_code(STATUS_UseMulticast,
1666  "Unicast not allowed by server.",
1667  reply.opt_state)) {
1668  log_error("lease_to_client: Unable to set "
1669  "UseMulticast status code.");
1670  goto exit;
1671  }
1672 
1673  /* Rewind the cursor to the start. */
1674  reply.cursor = REPLY_OPTIONS_INDEX;
1675 
1676  /*
1677  * Produce an reply that includes only:
1678  *
1679  * Status code.
1680  * Server DUID.
1681  * Client DUID.
1682  */
1683  reply.cursor += store_options6((char *)reply.buf.data +
1684  reply.cursor,
1685  sizeof(reply.buf) -
1686  reply.cursor,
1687  reply.opt_state, reply.packet,
1688  required_opts_NAA,
1689  NULL);
1690  }
1691 
1692  /*
1693  * RFC3315 section 17.2.2 (Solicit):
1694  *
1695  * If the server will not assign any addresses to any IAs in a
1696  * subsequent Request from the client, the server MUST send an
1697  * Advertise message to the client that includes only a Status
1698  * Code option with code NoAddrsAvail and a status message for
1699  * the user, a Server Identifier option with the server's DUID,
1700  * and a Client Identifier option with the client's DUID.
1701  *
1702  * This has been updated by an errata such that the server
1703  * can always send an IA.
1704  *
1705  * Section 18.2.1 (Request):
1706  *
1707  * If the server cannot assign any addresses to an IA in the
1708  * message from the client, the server MUST include the IA in
1709  * the Reply message with no addresses in the IA and a Status
1710  * Code option in the IA containing status code NoAddrsAvail.
1711  *
1712  * Section 18.1.8 (Client Behavior):
1713  *
1714  * Leave unchanged any information about addresses the client has
1715  * recorded in the IA but that were not included in the IA from
1716  * the server.
1717  * Sends a Renew/Rebind if the IA is not in the Reply message.
1718  */
1719 
1720  /*
1721  * Having stored the client's IA's, store any options that
1722  * will fit in the remaining space.
1723  */
1724  else
1725  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1726  sizeof(reply.buf) - reply.cursor,
1727  reply.opt_state, reply.packet,
1728  required_opts_solicit,
1729  &packet_oro);
1730 
1731  /* Return our reply to the caller. */
1732  reply_ret->len = reply.cursor;
1733  reply_ret->buffer = NULL;
1734  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1735  log_fatal("No memory to store Reply.");
1736  }
1737  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1738  reply_ret->data = reply_ret->buffer->data;
1739 
1740  /* If appropriate commit and rotate the lease file */
1741  (void) commit_leases_timed();
1742 
1743  exit:
1744  /* Cleanup. */
1745  if (reply.shared != NULL)
1746  shared_network_dereference(&reply.shared, MDL);
1747  if (reply.host != NULL)
1748  host_dereference(&reply.host, MDL);
1749  if (reply.opt_state != NULL)
1750  option_state_dereference(&reply.opt_state, MDL);
1751  if (reply.packet != NULL)
1752  packet_dereference(&reply.packet, MDL);
1753  if (reply.client_id.data != NULL)
1754  data_string_forget(&reply.client_id, MDL);
1755  if (packet_oro.buffer != NULL)
1756  data_string_forget(&packet_oro, MDL);
1757  reply.renew = reply.rebind = reply.prefer = reply.valid = 0;
1758  reply.cursor = 0;
1759 }
1760 
1761 /* Process a client-supplied IA_NA. This may append options to the tail of
1762  * the reply packet being built in the reply_state structure.
1763  */
1764 static isc_result_t
1765 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1766  isc_result_t status = ISC_R_SUCCESS;
1767  u_int32_t iaid;
1768  unsigned ia_cursor;
1769  struct option_state *packet_ia;
1770  struct option_cache *oc;
1771  struct data_string ia_data, data;
1772 
1773  /* Initialize values that will get cleaned up on return. */
1774  packet_ia = NULL;
1775  memset(&ia_data, 0, sizeof(ia_data));
1776  memset(&data, 0, sizeof(data));
1777  /*
1778  * Note that find_client_address() may set reply->lease.
1779  */
1780 
1781  /* Make sure there is at least room for the header. */
1782  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
1783  log_error("reply_process_ia_na: Reply too long for IA.");
1784  return ISC_R_NOSPACE;
1785  }
1786 
1787 
1788  /* Fetch the IA_NA contents. */
1789  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
1790  ia, IA_NA_OFFSET)) {
1791  log_error("reply_process_ia_na: error evaluating ia");
1792  status = ISC_R_FAILURE;
1793  goto cleanup;
1794  }
1795 
1796  /* Extract IA_NA header contents. */
1797  iaid = getULong(ia_data.data);
1798  reply->renew = getULong(ia_data.data + 4);
1799  reply->rebind = getULong(ia_data.data + 8);
1800 
1801  /* Create an IA_NA structure. */
1802  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
1803  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
1804  log_error("reply_process_ia_na: no memory for ia.");
1805  status = ISC_R_NOMEMORY;
1806  goto cleanup;
1807  }
1808  reply->ia->ia_type = D6O_IA_NA;
1809 
1810  /* Cache pre-existing IA, if any. */
1811  ia_hash_lookup(&reply->old_ia, ia_na_active,
1812  (unsigned char *)reply->ia->iaid_duid.data,
1813  reply->ia->iaid_duid.len, MDL);
1814 
1815  /*
1816  * Create an option cache to carry the IA_NA option contents, and
1817  * execute any user-supplied values into it.
1818  */
1819  if (!option_state_allocate(&reply->reply_ia, MDL)) {
1820  status = ISC_R_NOMEMORY;
1821  goto cleanup;
1822  }
1823 
1824  /* Check & cache the fixed host record. */
1825  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
1826  struct iaddr tmp_addr;
1827 
1828  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
1829  NULL, NULL, &global_scope,
1830  reply->host->fixed_addr, MDL)) {
1831  log_error("reply_process_ia_na: unable to evaluate "
1832  "fixed address.");
1833  status = ISC_R_FAILURE;
1834  goto cleanup;
1835  }
1836 
1837  if (reply->fixed.len < 16) {
1838  log_error("reply_process_ia_na: invalid fixed address.");
1839  status = DHCP_R_INVALIDARG;
1840  goto cleanup;
1841  }
1842 
1843  /* Find the static lease's subnet. */
1844  tmp_addr.len = 16;
1845  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
1846 
1847  if (find_grouped_subnet(&reply->subnet, reply->shared,
1848  tmp_addr, MDL) == 0)
1849  log_fatal("Impossible condition at %s:%d.", MDL);
1850 
1851  reply->static_lease = ISC_TRUE;
1852  } else
1853  reply->static_lease = ISC_FALSE;
1854 
1855  /*
1856  * Save the cursor position at the start of the IA, so we can
1857  * set length and adjust t1/t2 values later. We write a temporary
1858  * header out now just in case we decide to adjust the packet
1859  * within sub-process functions.
1860  */
1861  ia_cursor = reply->cursor;
1862 
1863  /* Initialize the IA_NA header. First the code. */
1864  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
1865  reply->cursor += 2;
1866 
1867  /* Then option length. */
1868  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
1869  reply->cursor += 2;
1870 
1871  /* Then IA_NA header contents; IAID. */
1872  putULong(reply->buf.data + reply->cursor, iaid);
1873  reply->cursor += 4;
1874 
1875  /* We store the client's t1 for now, and may over-ride it later. */
1876  putULong(reply->buf.data + reply->cursor, reply->renew);
1877  reply->cursor += 4;
1878 
1879  /* We store the client's t2 for now, and may over-ride it later. */
1880  putULong(reply->buf.data + reply->cursor, reply->rebind);
1881  reply->cursor += 4;
1882 
1883  /*
1884  * For each address in this IA_NA, decide what to do about it.
1885  *
1886  * Guidelines:
1887  *
1888  * The client leaves unchanged any information about addresses
1889  * it has recorded but are not included ("cancel/break" below).
1890  * A not included IA ("cleanup" below) could give a Renew/Rebind.
1891  */
1892  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
1893  reply->valid = reply->prefer = 0xffffffff;
1894  reply->client_valid = reply->client_prefer = 0;
1895  for (; oc != NULL ; oc = oc->next) {
1896  status = reply_process_addr(reply, oc);
1897 
1898  /*
1899  * Canceled means we did not allocate addresses to the
1900  * client, but we're "done" with this IA - we set a status
1901  * code. So transmit this reply, e.g., move on to the next
1902  * IA.
1903  */
1904  if (status == ISC_R_CANCELED)
1905  break;
1906 
1907  if ((status != ISC_R_SUCCESS) &&
1908  (status != ISC_R_ADDRINUSE) &&
1909  (status != ISC_R_ADDRNOTAVAIL))
1910  goto cleanup;
1911  }
1912 
1913  reply->ia_count++;
1914 
1915  /*
1916  * If we fell through the above and never gave the client
1917  * an address, give it one now.
1918  */
1919  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
1920  status = find_client_address(reply);
1921 
1922  if (status == ISC_R_NORESOURCES) {
1923  switch (reply->packet->dhcpv6_msg_type) {
1924  case DHCPV6_SOLICIT:
1925  /*
1926  * No address for any IA is handled
1927  * by the caller.
1928  */
1929  /* FALL THROUGH */
1930 
1931  case DHCPV6_REQUEST:
1932  /* Section 18.2.1 (Request):
1933  *
1934  * If the server cannot assign any addresses to
1935  * an IA in the message from the client, the
1936  * server MUST include the IA in the Reply
1937  * message with no addresses in the IA and a
1938  * Status Code option in the IA containing
1939  * status code NoAddrsAvail.
1940  */
1941  option_state_dereference(&reply->reply_ia, MDL);
1942  if (!option_state_allocate(&reply->reply_ia,
1943  MDL))
1944  {
1945  log_error("reply_process_ia_na: No "
1946  "memory for option state "
1947  "wipe.");
1948  status = ISC_R_NOMEMORY;
1949  goto cleanup;
1950  }
1951 
1952  if (!set_status_code(STATUS_NoAddrsAvail,
1953  "No addresses available "
1954  "for this interface.",
1955  reply->reply_ia)) {
1956  log_error("reply_process_ia_na: Unable "
1957  "to set NoAddrsAvail status "
1958  "code.");
1959  status = ISC_R_FAILURE;
1960  goto cleanup;
1961  }
1962 
1963  status = ISC_R_SUCCESS;
1964  break;
1965 
1966  default:
1967  /*
1968  * RFC 3315 does not tell us to emit a status
1969  * code in this condition, or anything else.
1970  *
1971  * If we included non-allocated addresses
1972  * (zeroed lifetimes) in an IA, then the client
1973  * will deconfigure them.
1974  *
1975  * So we want to include the IA even if we
1976  * can't give it a new address if it includes
1977  * zeroed lifetime addresses.
1978  *
1979  * We don't want to include the IA if we
1980  * provide zero addresses including zeroed
1981  * lifetimes.
1982  */
1983  if (reply->resources_included)
1984  status = ISC_R_SUCCESS;
1985  else
1986  goto cleanup;
1987  break;
1988  }
1989  }
1990 
1991  if (status != ISC_R_SUCCESS)
1992  goto cleanup;
1993  }
1994 
1995  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
1996  sizeof(reply->buf) - reply->cursor,
1997  reply->reply_ia, reply->packet,
1998  required_opts_IA, NULL);
1999 
2000  /* Reset the length of this IA to match what was just written. */
2001  putUShort(reply->buf.data + ia_cursor + 2,
2002  reply->cursor - (ia_cursor + 4));
2003 
2004  /*
2005  * T1/T2 time selection is kind of weird. We actually use DHCP
2006  * (v4) scoped options as handy existing places where these might
2007  * be configured by an administrator. A value of zero tells the
2008  * client it may choose its own renewal time.
2009  */
2010  reply->renew = 0;
2011  oc = lookup_option(&dhcp_universe, reply->opt_state,
2013  if (oc != NULL) {
2014  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
2015  reply->packet->options,
2016  reply->opt_state, &global_scope,
2017  oc, MDL) ||
2018  (data.len != 4)) {
2019  log_error("Invalid renewal time.");
2020  } else {
2021  reply->renew = getULong(data.data);
2022  }
2023 
2024  if (data.data != NULL)
2025  data_string_forget(&data, MDL);
2026  }
2027  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
2028 
2029  /* Now T2. */
2030  reply->rebind = 0;
2031  oc = lookup_option(&dhcp_universe, reply->opt_state,
2033  if (oc != NULL) {
2034  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
2035  reply->packet->options,
2036  reply->opt_state, &global_scope,
2037  oc, MDL) ||
2038  (data.len != 4)) {
2039  log_error("Invalid rebinding time.");
2040  } else {
2041  reply->rebind = getULong(data.data);
2042  }
2043 
2044  if (data.data != NULL)
2045  data_string_forget(&data, MDL);
2046  }
2047  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
2048 
2049  /*
2050  * yes, goto's aren't the best but we also want to avoid extra
2051  * indents
2052  */
2053  if (status == ISC_R_CANCELED)
2054  goto cleanup;
2055 
2056  /*
2057  * Handle static leases, we always log stuff and if it's
2058  * a hard binding we run any commit statements that we have
2059  */
2060  if (reply->static_lease) {
2061  char tmp_addr[INET6_ADDRSTRLEN];
2062  log_info("%s NA: address %s to client with duid %s iaid = %d "
2063  "static",
2064  dhcpv6_type_names[reply->buf.reply.msg_type],
2065  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2066  sizeof(tmp_addr)),
2067  print_hex_1(reply->client_id.len,
2068  reply->client_id.data, 60),
2069  iaid);
2070 
2071  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2072  (reply->on_star.on_commit != NULL)) {
2073  execute_statements(NULL, reply->packet, NULL, NULL,
2074  reply->packet->options,
2075  reply->opt_state, NULL,
2076  reply->on_star.on_commit, NULL);
2078  (&reply->on_star.on_commit, MDL);
2079  }
2080  goto cleanup;
2081  }
2082 
2083  /*
2084  * If we have any addresses log what we are doing.
2085  */
2086  if (reply->ia->num_iasubopt != 0) {
2087  struct iasubopt *tmp;
2088  int i;
2089  char tmp_addr[INET6_ADDRSTRLEN];
2090 
2091  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2092  tmp = reply->ia->iasubopt[i];
2093 
2094  log_info("%s NA: address %s to client with duid %s "
2095  "iaid = %d valid for %d seconds",
2096  dhcpv6_type_names[reply->buf.reply.msg_type],
2097  inet_ntop(AF_INET6, &tmp->addr,
2098  tmp_addr, sizeof(tmp_addr)),
2099  print_hex_1(reply->client_id.len,
2100  reply->client_id.data, 60),
2101  iaid, tmp->valid);
2102  }
2103  }
2104 
2105  /*
2106  * If this is not a 'soft' binding, consume the new changes into
2107  * the database (if any have been attached to the ia_na).
2108  *
2109  * Loop through the assigned dynamic addresses, referencing the
2110  * leases onto this IA_NA rather than any old ones, and updating
2111  * pool timers for each (if any).
2112  */
2113 
2114  if ((reply->ia->num_iasubopt != 0) &&
2115  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2116  struct iasubopt *tmp;
2117  struct data_string *ia_id;
2118  int i;
2119 
2120  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2121  tmp = reply->ia->iasubopt[i];
2122 
2123  if (tmp->ia != NULL)
2124  ia_dereference(&tmp->ia, MDL);
2125  ia_reference(&tmp->ia, reply->ia, MDL);
2126 
2127  /* Commit 'hard' bindings. */
2128  renew_lease6(tmp->ipv6_pool, tmp);
2130 
2131  /* If we have anything to do on commit do it now */
2132  if (tmp->on_star.on_commit != NULL) {
2133  execute_statements(NULL, reply->packet,
2134  NULL, NULL,
2135  reply->packet->options,
2136  reply->opt_state,
2137  &tmp->scope,
2138  tmp->on_star.on_commit,
2139  &tmp->on_star);
2141  (&tmp->on_star.on_commit, MDL);
2142  }
2143 
2144 #if defined (NSUPDATE)
2145  /*
2146  * Perform ddns updates.
2147  */
2148  oc = lookup_option(&server_universe, reply->opt_state,
2149  SV_DDNS_UPDATES);
2150  if ((oc == NULL) ||
2151  evaluate_boolean_option_cache(NULL, reply->packet,
2152  NULL, NULL,
2153  reply->packet->options,
2154  reply->opt_state,
2155  &tmp->scope,
2156  oc, MDL)) {
2157  ddns_updates(reply->packet, NULL, NULL,
2158  tmp, NULL, reply->opt_state);
2159  }
2160 #endif
2161  /* Do our threshold check. */
2162  check_pool6_threshold(reply, tmp);
2163  }
2164 
2165  /* Remove any old ia from the hash. */
2166  if (reply->old_ia != NULL) {
2167  ia_id = &reply->old_ia->iaid_duid;
2168  ia_hash_delete(ia_na_active,
2169  (unsigned char *)ia_id->data,
2170  ia_id->len, MDL);
2171  ia_dereference(&reply->old_ia, MDL);
2172  }
2173 
2174  /* Put new ia into the hash. */
2175  reply->ia->cltt = cur_time;
2176  ia_id = &reply->ia->iaid_duid;
2177  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2178  ia_id->len, reply->ia, MDL);
2179 
2180  write_ia(reply->ia);
2181  } else {
2182  schedule_lease_timeout_reply(reply);
2183  }
2184 
2185  cleanup:
2186  if (packet_ia != NULL)
2187  option_state_dereference(&packet_ia, MDL);
2188  if (reply->reply_ia != NULL)
2189  option_state_dereference(&reply->reply_ia, MDL);
2190  if (ia_data.data != NULL)
2191  data_string_forget(&ia_data, MDL);
2192  if (data.data != NULL)
2194  if (reply->ia != NULL)
2195  ia_dereference(&reply->ia, MDL);
2196  if (reply->old_ia != NULL)
2197  ia_dereference(&reply->old_ia, MDL);
2198  if (reply->lease != NULL)
2199  iasubopt_dereference(&reply->lease, MDL);
2200  if (reply->fixed.data != NULL)
2201  data_string_forget(&reply->fixed, MDL);
2202  if (reply->subnet != NULL)
2203  subnet_dereference(&reply->subnet, MDL);
2204  if (reply->on_star.on_expiry != NULL)
2206  (&reply->on_star.on_expiry, MDL);
2207  if (reply->on_star.on_release != NULL)
2209  (&reply->on_star.on_release, MDL);
2210 
2211  /*
2212  * ISC_R_CANCELED is a status code used by the addr processing to
2213  * indicate we're replying with a status code. This is still a
2214  * success at higher layers.
2215  */
2216  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2217 }
2218 
2219 /*
2220  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2221  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2222  * in the event we are replying with a status code and do not wish to process
2223  * more IAADDRs within this IA.
2224  */
2225 static isc_result_t
2226 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2227  u_int32_t pref_life, valid_life;
2228  struct binding_scope **scope;
2229  struct group *group;
2230  struct subnet *subnet;
2231  struct iaddr tmp_addr;
2232  struct option_cache *oc;
2233  struct data_string iaaddr, data;
2234  isc_result_t status = ISC_R_SUCCESS;
2235 
2236  /* Initializes values that will be cleaned up. */
2237  memset(&iaaddr, 0, sizeof(iaaddr));
2238  memset(&data, 0, sizeof(data));
2239  /* Note that reply->lease may be set by address_is_owned() */
2240 
2241  /*
2242  * There is no point trying to process an incoming address if there
2243  * is no room for an outgoing address.
2244  */
2245  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2246  log_error("reply_process_addr: Out of room for address.");
2247  return ISC_R_NOSPACE;
2248  }
2249 
2250  /* Extract this IAADDR option. */
2251  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2252  reply->packet->options, NULL, &global_scope,
2253  addr, MDL) ||
2254  (iaaddr.len < IAADDR_OFFSET)) {
2255  log_error("reply_process_addr: error evaluating IAADDR.");
2256  status = ISC_R_FAILURE;
2257  goto cleanup;
2258  }
2259 
2260  /* The first 16 bytes are the IPv6 address. */
2261  pref_life = getULong(iaaddr.data + 16);
2262  valid_life = getULong(iaaddr.data + 20);
2263 
2264  if ((reply->client_valid == 0) ||
2265  (reply->client_valid > valid_life))
2266  reply->client_valid = valid_life;
2267 
2268  if ((reply->client_prefer == 0) ||
2269  (reply->client_prefer > pref_life))
2270  reply->client_prefer = pref_life;
2271 
2272  /*
2273  * Clients may choose to send :: as an address, with the idea to give
2274  * hints about preferred-lifetime or valid-lifetime.
2275  */
2276  tmp_addr.len = 16;
2277  memset(tmp_addr.iabuf, 0, 16);
2278  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2279  /* Status remains success; we just ignore this one. */
2280  goto cleanup;
2281  }
2282 
2283  /* tmp_addr len remains 16 */
2284  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2285 
2286  /*
2287  * Verify that this address is on the client's network.
2288  */
2289  for (subnet = reply->shared->subnets ; subnet != NULL ;
2290  subnet = subnet->next_sibling) {
2291  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2292  subnet->net))
2293  break;
2294  }
2295 
2296  /* Address not found on shared network. */
2297  if (subnet == NULL) {
2298  /* Ignore this address on 'soft' bindings. */
2299  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2300  /* disable rapid commit */
2301  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2303  reply->opt_state,
2305  /* status remains success */
2306  goto cleanup;
2307  }
2308 
2309  /*
2310  * RFC3315 section 18.2.1:
2311  *
2312  * If the server finds that the prefix on one or more IP
2313  * addresses in any IA in the message from the client is not
2314  * appropriate for the link to which the client is connected,
2315  * the server MUST return the IA to the client with a Status
2316  * Code option with the value NotOnLink.
2317  */
2318  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2319  /* Rewind the IA_NA to empty. */
2320  option_state_dereference(&reply->reply_ia, MDL);
2321  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2322  log_error("reply_process_addr: No memory for "
2323  "option state wipe.");
2324  status = ISC_R_NOMEMORY;
2325  goto cleanup;
2326  }
2327 
2328  /* Append a NotOnLink status code. */
2329  if (!set_status_code(STATUS_NotOnLink,
2330  "Address not for use on this "
2331  "link.", reply->reply_ia)) {
2332  log_error("reply_process_addr: Failure "
2333  "setting status code.");
2334  status = ISC_R_FAILURE;
2335  goto cleanup;
2336  }
2337 
2338  /* Fin (no more IAADDRs). */
2339  status = ISC_R_CANCELED;
2340  goto cleanup;
2341  }
2342 
2343  /*
2344  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2345  *
2346  * If the server finds that any of the addresses are not
2347  * appropriate for the link to which the client is attached,
2348  * the server returns the address to the client with lifetimes
2349  * of 0.
2350  */
2351  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2352  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2353  log_error("It is impossible to lease a client that is "
2354  "not sending a solicit, request, renew, or "
2355  "rebind.");
2356  status = ISC_R_FAILURE;
2357  goto cleanup;
2358  }
2359 
2360  reply->send_prefer = reply->send_valid = 0;
2361  goto send_addr;
2362  }
2363 
2364  /* Verify the address belongs to the client. */
2365  if (!address_is_owned(reply, &tmp_addr)) {
2366  /*
2367  * For solicit and request, any addresses included are
2368  * 'requested' addresses. For rebind, we actually have
2369  * no direction on what to do from 3315 section 18.2.4!
2370  * So I think the best bet is to try and give it out, and if
2371  * we can't, zero lifetimes.
2372  */
2373  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2374  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2375  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2376  status = reply_process_try_addr(reply, &tmp_addr);
2377 
2378  /*
2379  * If the address is in use, or isn't in any dynamic
2380  * range, continue as normal. If any other error was
2381  * found, error out.
2382  */
2383  if ((status != ISC_R_SUCCESS) &&
2384  (status != ISC_R_ADDRINUSE) &&
2385  (status != ISC_R_ADDRNOTAVAIL))
2386  goto cleanup;
2387 
2388  /*
2389  * If we didn't honor this lease, for solicit and
2390  * request we simply omit it from our answer. For
2391  * rebind, we send it with zeroed lifetimes.
2392  */
2393  if (reply->lease == NULL) {
2394  if (reply->packet->dhcpv6_msg_type ==
2395  DHCPV6_REBIND) {
2396  reply->send_prefer = 0;
2397  reply->send_valid = 0;
2398  goto send_addr;
2399  }
2400 
2401  /* status remains success - ignore */
2402  goto cleanup;
2403  }
2404  /*
2405  * RFC3315 section 18.2.3:
2406  *
2407  * If the server cannot find a client entry for the IA the
2408  * server returns the IA containing no addresses with a Status
2409  * Code option set to NoBinding in the Reply message.
2410  *
2411  * On mismatch we (ab)use this pretending we have not the IA
2412  * as soon as we have not an address.
2413  */
2414  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2415  /* Rewind the IA_NA to empty. */
2416  option_state_dereference(&reply->reply_ia, MDL);
2417  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2418  log_error("reply_process_addr: No memory for "
2419  "option state wipe.");
2420  status = ISC_R_NOMEMORY;
2421  goto cleanup;
2422  }
2423 
2424  /* Append a NoBinding status code. */
2425  if (!set_status_code(STATUS_NoBinding,
2426  "Address not bound to this "
2427  "interface.", reply->reply_ia)) {
2428  log_error("reply_process_addr: Unable to "
2429  "attach status code.");
2430  status = ISC_R_FAILURE;
2431  goto cleanup;
2432  }
2433 
2434  /* Fin (no more IAADDRs). */
2435  status = ISC_R_CANCELED;
2436  goto cleanup;
2437  } else {
2438  log_error("It is impossible to lease a client that is "
2439  "not sending a solicit, request, renew, or "
2440  "rebind message.");
2441  status = ISC_R_FAILURE;
2442  goto cleanup;
2443  }
2444  }
2445 
2446  if (reply->static_lease) {
2447  if (reply->host == NULL)
2448  log_fatal("Impossible condition at %s:%d.", MDL);
2449 
2450  scope = &global_scope;
2451  group = reply->subnet->group;
2452  } else {
2453  if (reply->lease == NULL)
2454  log_fatal("Impossible condition at %s:%d.", MDL);
2455 
2456  scope = &reply->lease->scope;
2457  group = reply->lease->ipv6_pool->ipv6_pond->group;
2458  }
2459 
2460  /*
2461  * If client_resources is nonzero, then the reply_process_is_addressed
2462  * function has executed configuration state into the reply option
2463  * cache. We will use that valid cache to derive configuration for
2464  * whether or not to engage in additional addresses, and similar.
2465  */
2466  if (reply->client_resources != 0) {
2467  unsigned limit = 1;
2468 
2469  /*
2470  * Does this client have "enough" addresses already? Default
2471  * to one. Everybody gets one, and one should be enough for
2472  * anybody.
2473  */
2474  oc = lookup_option(&server_universe, reply->opt_state,
2476  if (oc != NULL) {
2477  if (!evaluate_option_cache(&data, reply->packet,
2478  NULL, NULL,
2479  reply->packet->options,
2480  reply->opt_state,
2481  scope, oc, MDL) ||
2482  (data.len != 4)) {
2483  log_error("reply_process_addr: unable to "
2484  "evaluate addrs-per-ia value.");
2485  status = ISC_R_FAILURE;
2486  goto cleanup;
2487  }
2488 
2489  limit = getULong(data.data);
2491  }
2492 
2493  /*
2494  * If we wish to limit the client to a certain number of
2495  * addresses, then omit the address from the reply.
2496  */
2497  if (reply->client_resources >= limit)
2498  goto cleanup;
2499  }
2500 
2501  status = reply_process_is_addressed(reply, scope, group);
2502  if (status != ISC_R_SUCCESS)
2503  goto cleanup;
2504 
2505  send_addr:
2506  status = reply_process_send_addr(reply, &tmp_addr);
2507 
2508  cleanup:
2509  if (iaaddr.data != NULL)
2510  data_string_forget(&iaaddr, MDL);
2511  if (data.data != NULL)
2513  if (reply->lease != NULL)
2514  iasubopt_dereference(&reply->lease, MDL);
2515 
2516  return status;
2517 }
2518 
2519 /*
2520  * Verify the address belongs to the client. If we've got a host
2521  * record with a fixed address, it has to be the assigned address
2522  * (fault out all else). Otherwise it's a dynamic address, so lookup
2523  * that address and make sure it belongs to this DUID:IAID pair.
2524  */
2525 static isc_boolean_t
2526 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2527  int i;
2528  struct ipv6_pond *pond;
2529 
2530  /*
2531  * This faults out addresses that don't match fixed addresses.
2532  */
2533  if (reply->static_lease) {
2534  if (reply->fixed.data == NULL)
2535  log_fatal("Impossible condition at %s:%d.", MDL);
2536 
2537  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2538  return (ISC_TRUE);
2539 
2540  return (ISC_FALSE);
2541  }
2542 
2543  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2544  return (ISC_FALSE);
2545 
2546  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2547  struct iasubopt *tmp;
2548 
2549  tmp = reply->old_ia->iasubopt[i];
2550 
2551  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2552  if (lease6_usable(tmp) == ISC_FALSE) {
2553  return (ISC_FALSE);
2554  }
2555 
2556  pond = tmp->ipv6_pool->ipv6_pond;
2557  if (((pond->prohibit_list != NULL) &&
2558  (permitted(reply->packet, pond->prohibit_list))) ||
2559  ((pond->permit_list != NULL) &&
2560  (!permitted(reply->packet, pond->permit_list))))
2561  return (ISC_FALSE);
2562 
2563  iasubopt_reference(&reply->lease, tmp, MDL);
2564 
2565  return (ISC_TRUE);
2566  }
2567  }
2568 
2569  return (ISC_FALSE);
2570 }
2571 
2572 /* Process a client-supplied IA_TA. This may append options to the tail of
2573  * the reply packet being built in the reply_state structure.
2574  */
2575 static isc_result_t
2576 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2577  isc_result_t status = ISC_R_SUCCESS;
2578  u_int32_t iaid;
2579  unsigned ia_cursor;
2580  struct option_state *packet_ia;
2581  struct option_cache *oc;
2582  struct data_string ia_data, data;
2583  struct data_string iaaddr;
2584  u_int32_t pref_life, valid_life;
2585  struct iaddr tmp_addr;
2586 
2587  /* Initialize values that will get cleaned up on return. */
2588  packet_ia = NULL;
2589  memset(&ia_data, 0, sizeof(ia_data));
2590  memset(&data, 0, sizeof(data));
2591  memset(&iaaddr, 0, sizeof(iaaddr));
2592 
2593  /* Make sure there is at least room for the header. */
2594  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2595  log_error("reply_process_ia_ta: Reply too long for IA.");
2596  return ISC_R_NOSPACE;
2597  }
2598 
2599 
2600  /* Fetch the IA_TA contents. */
2601  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2602  ia, IA_TA_OFFSET)) {
2603  log_error("reply_process_ia_ta: error evaluating ia");
2604  status = ISC_R_FAILURE;
2605  goto cleanup;
2606  }
2607 
2608  /* Extract IA_TA header contents. */
2609  iaid = getULong(ia_data.data);
2610 
2611  /* Create an IA_TA structure. */
2612  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2613  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2614  log_error("reply_process_ia_ta: no memory for ia.");
2615  status = ISC_R_NOMEMORY;
2616  goto cleanup;
2617  }
2618  reply->ia->ia_type = D6O_IA_TA;
2619 
2620  /* Cache pre-existing IA, if any. */
2621  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2622  (unsigned char *)reply->ia->iaid_duid.data,
2623  reply->ia->iaid_duid.len, MDL);
2624 
2625  /*
2626  * Create an option cache to carry the IA_TA option contents, and
2627  * execute any user-supplied values into it.
2628  */
2629  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2630  status = ISC_R_NOMEMORY;
2631  goto cleanup;
2632  }
2633 
2634  /*
2635  * Temporary leases are dynamic by definition.
2636  */
2637  reply->static_lease = ISC_FALSE;
2638 
2639  /*
2640  * Save the cursor position at the start of the IA, so we can
2641  * set length later. We write a temporary
2642  * header out now just in case we decide to adjust the packet
2643  * within sub-process functions.
2644  */
2645  ia_cursor = reply->cursor;
2646 
2647  /* Initialize the IA_TA header. First the code. */
2648  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2649  reply->cursor += 2;
2650 
2651  /* Then option length. */
2652  putUShort(reply->buf.data + reply->cursor, 0x04u);
2653  reply->cursor += 2;
2654 
2655  /* Then IA_TA header contents; IAID. */
2656  putULong(reply->buf.data + reply->cursor, iaid);
2657  reply->cursor += 4;
2658 
2659  /*
2660  * Deal with an IAADDR for lifetimes.
2661  * For all or none, process IAADDRs as hints.
2662  */
2663  reply->valid = reply->prefer = 0xffffffff;
2664  reply->client_valid = reply->client_prefer = 0;
2665  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2666  for (; oc != NULL; oc = oc->next) {
2667  memset(&iaaddr, 0, sizeof(iaaddr));
2668  if (!evaluate_option_cache(&iaaddr, reply->packet,
2669  NULL, NULL,
2670  reply->packet->options, NULL,
2671  &global_scope, oc, MDL) ||
2672  (iaaddr.len < IAADDR_OFFSET)) {
2673  log_error("reply_process_ia_ta: error "
2674  "evaluating IAADDR.");
2675  status = ISC_R_FAILURE;
2676  goto cleanup;
2677  }
2678  /* The first 16 bytes are the IPv6 address. */
2679  pref_life = getULong(iaaddr.data + 16);
2680  valid_life = getULong(iaaddr.data + 20);
2681 
2682  if ((reply->client_valid == 0) ||
2683  (reply->client_valid > valid_life))
2684  reply->client_valid = valid_life;
2685 
2686  if ((reply->client_prefer == 0) ||
2687  (reply->client_prefer > pref_life))
2688  reply->client_prefer = pref_life;
2689 
2690  /* Nothing more if something has failed. */
2691  if (status == ISC_R_CANCELED)
2692  continue;
2693 
2694  tmp_addr.len = 16;
2695  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2696  if (!temporary_is_available(reply, &tmp_addr))
2697  goto bad_temp;
2698  status = reply_process_is_addressed(reply,
2699  &reply->lease->scope,
2700  reply->lease->ipv6_pool->ipv6_pond->group);
2701  if (status != ISC_R_SUCCESS)
2702  goto bad_temp;
2703  status = reply_process_send_addr(reply, &tmp_addr);
2704  if (status != ISC_R_SUCCESS)
2705  goto bad_temp;
2706  if (reply->lease != NULL)
2707  iasubopt_dereference(&reply->lease, MDL);
2708  continue;
2709 
2710  bad_temp:
2711  /* Rewind the IA_TA to empty. */
2712  option_state_dereference(&reply->reply_ia, MDL);
2713  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2714  status = ISC_R_NOMEMORY;
2715  goto cleanup;
2716  }
2717  status = ISC_R_CANCELED;
2718  reply->client_resources = 0;
2719  reply->resources_included = ISC_FALSE;
2720  if (reply->lease != NULL)
2721  iasubopt_dereference(&reply->lease, MDL);
2722  }
2723  reply->ia_count++;
2724 
2725  /*
2726  * Give the client temporary addresses.
2727  */
2728  if (reply->client_resources != 0)
2729  goto store;
2730  status = find_client_temporaries(reply);
2731  if (status == ISC_R_NORESOURCES) {
2732  switch (reply->packet->dhcpv6_msg_type) {
2733  case DHCPV6_SOLICIT:
2734  /*
2735  * No address for any IA is handled
2736  * by the caller.
2737  */
2738  /* FALL THROUGH */
2739 
2740  case DHCPV6_REQUEST:
2741  /* Section 18.2.1 (Request):
2742  *
2743  * If the server cannot assign any addresses to
2744  * an IA in the message from the client, the
2745  * server MUST include the IA in the Reply
2746  * message with no addresses in the IA and a
2747  * Status Code option in the IA containing
2748  * status code NoAddrsAvail.
2749  */
2750  option_state_dereference(&reply->reply_ia, MDL);
2751  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2752  log_error("reply_process_ia_ta: No "
2753  "memory for option state wipe.");
2754  status = ISC_R_NOMEMORY;
2755  goto cleanup;
2756  }
2757 
2758  if (!set_status_code(STATUS_NoAddrsAvail,
2759  "No addresses available "
2760  "for this interface.",
2761  reply->reply_ia)) {
2762  log_error("reply_process_ia_ta: Unable "
2763  "to set NoAddrsAvail status code.");
2764  status = ISC_R_FAILURE;
2765  goto cleanup;
2766  }
2767 
2768  status = ISC_R_SUCCESS;
2769  break;
2770 
2771  default:
2772  /*
2773  * We don't want to include the IA if we
2774  * provide zero addresses including zeroed
2775  * lifetimes.
2776  */
2777  if (reply->resources_included)
2778  status = ISC_R_SUCCESS;
2779  else
2780  goto cleanup;
2781  break;
2782  }
2783  } else if (status != ISC_R_SUCCESS)
2784  goto cleanup;
2785 
2786  store:
2787  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2788  sizeof(reply->buf) - reply->cursor,
2789  reply->reply_ia, reply->packet,
2790  required_opts_IA, NULL);
2791 
2792  /* Reset the length of this IA to match what was just written. */
2793  putUShort(reply->buf.data + ia_cursor + 2,
2794  reply->cursor - (ia_cursor + 4));
2795 
2796  /*
2797  * yes, goto's aren't the best but we also want to avoid extra
2798  * indents
2799  */
2800  if (status == ISC_R_CANCELED)
2801  goto cleanup;
2802 
2803  /*
2804  * If we have any addresses log what we are doing.
2805  */
2806  if (reply->ia->num_iasubopt != 0) {
2807  struct iasubopt *tmp;
2808  int i;
2809  char tmp_addr[INET6_ADDRSTRLEN];
2810 
2811  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2812  tmp = reply->ia->iasubopt[i];
2813 
2814  log_info("%s TA: address %s to client with duid %s "
2815  "iaid = %d valid for %d seconds",
2816  dhcpv6_type_names[reply->buf.reply.msg_type],
2817  inet_ntop(AF_INET6, &tmp->addr,
2818  tmp_addr, sizeof(tmp_addr)),
2819  print_hex_1(reply->client_id.len,
2820  reply->client_id.data, 60),
2821  iaid,
2822  tmp->valid);
2823  }
2824  }
2825 
2826  /*
2827  * For hard bindings we consume the new changes into
2828  * the database (if any have been attached to the ia_ta).
2829  *
2830  * Loop through the assigned dynamic addresses, referencing the
2831  * leases onto this IA_TA rather than any old ones, and updating
2832  * pool timers for each (if any).
2833  */
2834  if ((reply->ia->num_iasubopt != 0) &&
2835  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2836  struct iasubopt *tmp;
2837  struct data_string *ia_id;
2838  int i;
2839 
2840  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2841  tmp = reply->ia->iasubopt[i];
2842 
2843  if (tmp->ia != NULL)
2844  ia_dereference(&tmp->ia, MDL);
2845  ia_reference(&tmp->ia, reply->ia, MDL);
2846 
2847  /* Commit 'hard' bindings. */
2848  renew_lease6(tmp->ipv6_pool, tmp);
2850 
2851  /* If we have anything to do on commit do it now */
2852  if (tmp->on_star.on_commit != NULL) {
2853  execute_statements(NULL, reply->packet,
2854  NULL, NULL,
2855  reply->packet->options,
2856  reply->opt_state,
2857  &tmp->scope,
2858  tmp->on_star.on_commit,
2859  &tmp->on_star);
2861  (&tmp->on_star.on_commit, MDL);
2862  }
2863 
2864 #if defined (NSUPDATE)
2865  /*
2866  * Perform ddns updates.
2867  */
2868  oc = lookup_option(&server_universe, reply->opt_state,
2869  SV_DDNS_UPDATES);
2870  if ((oc == NULL) ||
2871  evaluate_boolean_option_cache(NULL, reply->packet,
2872  NULL, NULL,
2873  reply->packet->options,
2874  reply->opt_state,
2875  &tmp->scope,
2876  oc, MDL)) {
2877  ddns_updates(reply->packet, NULL, NULL,
2878  tmp, NULL, reply->opt_state);
2879  }
2880 #endif
2881  /* Do our threshold check. */
2882  check_pool6_threshold(reply, tmp);
2883  }
2884 
2885  /* Remove any old ia from the hash. */
2886  if (reply->old_ia != NULL) {
2887  ia_id = &reply->old_ia->iaid_duid;
2888  ia_hash_delete(ia_ta_active,
2889  (unsigned char *)ia_id->data,
2890  ia_id->len, MDL);
2891  ia_dereference(&reply->old_ia, MDL);
2892  }
2893 
2894  /* Put new ia into the hash. */
2895  reply->ia->cltt = cur_time;
2896  ia_id = &reply->ia->iaid_duid;
2897  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
2898  ia_id->len, reply->ia, MDL);
2899 
2900  write_ia(reply->ia);
2901  } else {
2902  schedule_lease_timeout_reply(reply);
2903  }
2904 
2905  cleanup:
2906  if (packet_ia != NULL)
2907  option_state_dereference(&packet_ia, MDL);
2908  if (iaaddr.data != NULL)
2909  data_string_forget(&iaaddr, MDL);
2910  if (reply->reply_ia != NULL)
2911  option_state_dereference(&reply->reply_ia, MDL);
2912  if (ia_data.data != NULL)
2913  data_string_forget(&ia_data, MDL);
2914  if (data.data != NULL)
2916  if (reply->ia != NULL)
2917  ia_dereference(&reply->ia, MDL);
2918  if (reply->old_ia != NULL)
2919  ia_dereference(&reply->old_ia, MDL);
2920  if (reply->lease != NULL)
2921  iasubopt_dereference(&reply->lease, MDL);
2922 
2923  /*
2924  * ISC_R_CANCELED is a status code used by the addr processing to
2925  * indicate we're replying with other addresses. This is still a
2926  * success at higher layers.
2927  */
2928  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2929 }
2930 
2931 /*
2932  * Verify the temporary address is available.
2933  */
2934 static isc_boolean_t
2935 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
2936  struct in6_addr tmp_addr;
2937  struct subnet *subnet;
2938  struct ipv6_pool *pool = NULL;
2939  struct ipv6_pond *pond = NULL;
2940  int i;
2941 
2942  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
2943  /*
2944  * Clients may choose to send :: as an address, with the idea to give
2945  * hints about preferred-lifetime or valid-lifetime.
2946  * So this is not a request for this address.
2947  */
2948  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
2949  return ISC_FALSE;
2950 
2951  /*
2952  * Verify that this address is on the client's network.
2953  */
2954  for (subnet = reply->shared->subnets ; subnet != NULL ;
2955  subnet = subnet->next_sibling) {
2956  if (addr_eq(subnet_number(*addr, subnet->netmask),
2957  subnet->net))
2958  break;
2959  }
2960 
2961  /* Address not found on shared network. */
2962  if (subnet == NULL)
2963  return ISC_FALSE;
2964 
2965  /*
2966  * Check if this address is owned (must be before next step).
2967  */
2968  if (address_is_owned(reply, addr))
2969  return ISC_TRUE;
2970 
2971  /*
2972  * Verify that this address is in a temporary pool and try to get it.
2973  */
2974  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
2975  if (((pond->prohibit_list != NULL) &&
2976  (permitted(reply->packet, pond->prohibit_list))) ||
2977  ((pond->permit_list != NULL) &&
2978  (!permitted(reply->packet, pond->permit_list))))
2979  continue;
2980 
2981  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
2982  if (pool->pool_type != D6O_IA_TA)
2983  continue;
2984 
2985  if (ipv6_in_pool(&tmp_addr, pool))
2986  break;
2987  }
2988 
2989  if (pool != NULL)
2990  break;
2991  }
2992 
2993  if (pool == NULL)
2994  return ISC_FALSE;
2995  if (lease6_exists(pool, &tmp_addr))
2996  return ISC_FALSE;
2997  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
2998  return ISC_FALSE;
2999  reply->lease->addr = tmp_addr;
3000  reply->lease->plen = 0;
3001  /* Default is soft binding for 2 minutes. */
3002  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3003  return ISC_FALSE;
3004 
3005  return ISC_TRUE;
3006 }
3007 
3008 /*
3009  * Get a temporary address per prefix.
3010  */
3011 static isc_result_t
3012 find_client_temporaries(struct reply_state *reply) {
3013  int i;
3014  struct ipv6_pool *p = NULL;
3015  struct ipv6_pond *pond;
3016  isc_result_t status = ISC_R_NORESOURCES;;
3017  unsigned int attempts;
3018  struct iaddr send_addr;
3019 
3020  /*
3021  * Do a quick walk through of the ponds and pools
3022  * to see if we have any prefix pools
3023  */
3024  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3025  if (pond->ipv6_pools == NULL)
3026  continue;
3027 
3028  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3029  if (p->pool_type == D6O_IA_TA)
3030  break;
3031  }
3032  if (p != NULL)
3033  break;
3034  }
3035 
3036  /* If we get here and p is NULL we have no useful pools */
3037  if (p == NULL) {
3038  log_debug("Unable to get client addresses: "
3039  "no IPv6 pools on this shared network");
3040  return ISC_R_NORESOURCES;
3041  }
3042 
3043  /*
3044  * We have at least one pool that could provide an address
3045  * Now we walk through the ponds and pools again and check
3046  * to see if the client is permitted and if an address is
3047  * available
3048  */
3049 
3050  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3051  if (((pond->prohibit_list != NULL) &&
3052  (permitted(reply->packet, pond->prohibit_list))) ||
3053  ((pond->permit_list != NULL) &&
3054  (!permitted(reply->packet, pond->permit_list))))
3055  continue;
3056 
3057  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3058  if (p->pool_type != D6O_IA_TA) {
3059  continue;
3060  }
3061 
3062  /*
3063  * Get an address in this temporary pool.
3064  */
3065  status = create_lease6(p, &reply->lease, &attempts,
3066  &reply->client_id, cur_time + 120);
3067  if (status != ISC_R_SUCCESS) {
3068  log_debug("Unable to get a temporary address.");
3069  goto cleanup;
3070  }
3071 
3072  status = reply_process_is_addressed(reply,
3073  &reply->lease->scope,
3074  pond->group);
3075  if (status != ISC_R_SUCCESS) {
3076  goto cleanup;
3077  }
3078  send_addr.len = 16;
3079  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3080  status = reply_process_send_addr(reply, &send_addr);
3081  if (status != ISC_R_SUCCESS) {
3082  goto cleanup;
3083  }
3084  /*
3085  * reply->lease can't be null as we use it above
3086  * add check if that changes
3087  */
3088  iasubopt_dereference(&reply->lease, MDL);
3089  }
3090  }
3091 
3092  cleanup:
3093  if (reply->lease != NULL) {
3094  iasubopt_dereference(&reply->lease, MDL);
3095  }
3096  return status;
3097 }
3098 
3099 /*
3100  * This function only returns failure on 'hard' failures. If it succeeds,
3101  * it will leave a lease structure behind.
3102  */
3103 static isc_result_t
3104 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3105  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3106  struct ipv6_pool *pool = NULL;
3107  struct ipv6_pond *pond = NULL;
3108  int i;
3109  struct data_string data_addr;
3110 
3111  if ((reply == NULL) || (reply->shared == NULL) ||
3112  (addr == NULL) || (reply->lease != NULL))
3113  return (DHCP_R_INVALIDARG);
3114 
3115  /*
3116  * Do a quick walk through of the ponds and pools
3117  * to see if we have any NA address pools
3118  */
3119  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3120  if (pond->ipv6_pools == NULL)
3121  continue;
3122 
3123  for (i = 0; ; i++) {
3124  pool = pond->ipv6_pools[i];
3125  if ((pool == NULL) ||
3126  (pool->pool_type == D6O_IA_NA))
3127  break;
3128  }
3129  if (pool != NULL)
3130  break;
3131  }
3132 
3133  /* If we get here and p is NULL we have no useful pools */
3134  if (pool == NULL) {
3135  return (ISC_R_ADDRNOTAVAIL);
3136  }
3137 
3138  memset(&data_addr, 0, sizeof(data_addr));
3139  data_addr.len = addr->len;
3140  data_addr.data = addr->iabuf;
3141 
3142  /*
3143  * We have at least one pool that could provide an address
3144  * Now we walk through the ponds and pools again and check
3145  * to see if the client is permitted and if an address is
3146  * available
3147  *
3148  * Within a given pond we start looking at the last pool we
3149  * allocated from, unless it had a collision trying to allocate
3150  * an address. This will tend to move us into less-filled pools.
3151  */
3152 
3153  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3154  if (((pond->prohibit_list != NULL) &&
3155  (permitted(reply->packet, pond->prohibit_list))) ||
3156  ((pond->permit_list != NULL) &&
3157  (!permitted(reply->packet, pond->permit_list))))
3158  continue;
3159 
3160  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3161  if (pool->pool_type != D6O_IA_NA)
3162  continue;
3163 
3164  status = try_client_v6_address(&reply->lease, pool,
3165  &data_addr);
3166  if (status == ISC_R_SUCCESS)
3167  break;
3168  }
3169 
3170  if (status == ISC_R_SUCCESS)
3171  break;
3172  }
3173 
3174  /* Note that this is just pedantry. There is no allocation to free. */
3175  data_string_forget(&data_addr, MDL);
3176  /* Return just the most recent status... */
3177  return (status);
3178 }
3179 
3180 /* Look around for an address to give the client. First, look through the
3181  * old IA for addresses we can extend. Second, try to allocate a new address.
3182  * Finally, actually add that address into the current reply IA.
3183  */
3184 static isc_result_t
3185 find_client_address(struct reply_state *reply) {
3186  struct iaddr send_addr;
3187  isc_result_t status = ISC_R_NORESOURCES;
3188  struct iasubopt *lease, *best_lease = NULL;
3189  struct binding_scope **scope;
3190  struct group *group;
3191  int i;
3192 
3193  if (reply->static_lease) {
3194  if (reply->host == NULL)
3195  return DHCP_R_INVALIDARG;
3196 
3197  send_addr.len = 16;
3198  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3199 
3200  scope = &global_scope;
3201  group = reply->subnet->group;
3202  goto send_addr;
3203  }
3204 
3205  if (reply->old_ia != NULL) {
3206  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3207  struct shared_network *candidate_shared;
3208  struct ipv6_pond *pond;
3209 
3210  lease = reply->old_ia->iasubopt[i];
3211  candidate_shared = lease->ipv6_pool->shared_network;
3212  pond = lease->ipv6_pool->ipv6_pond;
3213 
3214  /*
3215  * Look for the best lease on the client's shared
3216  * network, that is still permitted
3217  */
3218 
3219  if ((candidate_shared != reply->shared) ||
3220  (lease6_usable(lease) != ISC_TRUE))
3221  continue;
3222 
3223  if (((pond->prohibit_list != NULL) &&
3224  (permitted(reply->packet, pond->prohibit_list))) ||
3225  ((pond->permit_list != NULL) &&
3226  (!permitted(reply->packet, pond->permit_list))))
3227  continue;
3228 
3229  best_lease = lease_compare(lease, best_lease);
3230  }
3231  }
3232 
3233  /* Try to pick a new address if we didn't find one, or if we found an
3234  * abandoned lease.
3235  */
3236  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3237  status = pick_v6_address(reply);
3238  } else if (best_lease != NULL) {
3239  iasubopt_reference(&reply->lease, best_lease, MDL);
3240  status = ISC_R_SUCCESS;
3241  }
3242 
3243  /* Pick the abandoned lease as a last resort. */
3244  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3245  /* I don't see how this is supposed to be done right now. */
3246  log_error("Reclaiming abandoned addresses is not yet "
3247  "supported. Treating this as an out of space "
3248  "condition.");
3249  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3250  }
3251 
3252  /* Give up now if we didn't find a lease. */
3253  if (status != ISC_R_SUCCESS)
3254  return status;
3255 
3256  if (reply->lease == NULL)
3257  log_fatal("Impossible condition at %s:%d.", MDL);
3258 
3259  /* Draw binding scopes from the lease's binding scope, and config
3260  * from the lease's containing subnet and higher. Note that it may
3261  * be desirable to place the group attachment directly in the pool.
3262  */
3263  scope = &reply->lease->scope;
3264  group = reply->lease->ipv6_pool->ipv6_pond->group;
3265 
3266  send_addr.len = 16;
3267  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3268 
3269  send_addr:
3270  status = reply_process_is_addressed(reply, scope, group);
3271  if (status != ISC_R_SUCCESS)
3272  return status;
3273 
3274  status = reply_process_send_addr(reply, &send_addr);
3275  return status;
3276 }
3277 
3278 /* Once an address is found for a client, perform several common functions;
3279  * Calculate and store valid and preferred lease times, draw client options
3280  * into the option state.
3281  */
3282 static isc_result_t
3283 reply_process_is_addressed(struct reply_state *reply,
3284  struct binding_scope **scope, struct group *group)
3285 {
3286  isc_result_t status = ISC_R_SUCCESS;
3287  struct data_string data;
3288  struct option_cache *oc;
3289  struct option_state *tmp_options = NULL;
3290  struct on_star *on_star;
3291  int i;
3292 
3293  /* Initialize values we will cleanup. */
3294  memset(&data, 0, sizeof(data));
3295 
3296  /*
3297  * Find the proper on_star block to use. We use the
3298  * one in the lease if we have a lease or the one in
3299  * the reply if we don't have a lease because this is
3300  * a static instance
3301  */
3302  if (reply->lease) {
3303  on_star = &reply->lease->on_star;
3304  } else {
3305  on_star = &reply->on_star;
3306  }
3307 
3308  /*
3309  * Bring in the root configuration. We only do this to bring
3310  * in the on * statements, as we didn't have the lease available
3311  * we did it the first time.
3312  */
3313  option_state_allocate(&tmp_options, MDL);
3314  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3315  reply->packet->options, tmp_options,
3316  &global_scope, root_group, NULL,
3317  on_star);
3318  if (tmp_options != NULL) {
3319  option_state_dereference(&tmp_options, MDL);
3320  }
3321 
3322  /*
3323  * Bring configured options into the root packet level cache - start
3324  * with the lease's closest enclosing group (passed in by the caller
3325  * as 'group').
3326  */
3327  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3328  reply->packet->options, reply->opt_state,
3329  scope, group, root_group, on_star);
3330 
3331  /* Execute statements from class scopes. */
3332  for (i = reply->packet->class_count; i > 0; i--) {
3333  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3334  reply->packet->options,
3335  reply->opt_state, scope,
3336  reply->packet->classes[i - 1]->group,
3337  group, on_star);
3338  }
3339 
3340  /*
3341  * If there is a host record, over-ride with values configured there,
3342  * without re-evaluating configuration from the previously executed
3343  * group or its common enclosers.
3344  */
3345  if (reply->host != NULL)
3346  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3347  reply->packet->options,
3348  reply->opt_state, scope,
3349  reply->host->group, group,
3350  on_star);
3351 
3352  /* Determine valid lifetime. */
3353  if (reply->client_valid == 0)
3354  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3355  else
3356  reply->send_valid = reply->client_valid;
3357 
3358  oc = lookup_option(&server_universe, reply->opt_state,
3360  if (oc != NULL) {
3361  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3362  reply->packet->options,
3363  reply->opt_state,
3364  scope, oc, MDL) ||
3365  (data.len != 4)) {
3366  log_error("reply_process_is_addressed: unable to "
3367  "evaluate default lease time");
3368  status = ISC_R_FAILURE;
3369  goto cleanup;
3370  }
3371 
3372  reply->send_valid = getULong(data.data);
3373  data_string_forget(&data, MDL);
3374  }
3375 
3376  if (reply->client_prefer == 0)
3377  reply->send_prefer = reply->send_valid;
3378  else
3379  reply->send_prefer = reply->client_prefer;
3380 
3381  if (reply->send_prefer >= reply->send_valid)
3382  reply->send_prefer = (reply->send_valid / 2) +
3383  (reply->send_valid / 8);
3384 
3385  oc = lookup_option(&server_universe, reply->opt_state,
3387  if (oc != NULL) {
3388  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3389  reply->packet->options,
3390  reply->opt_state,
3391  scope, oc, MDL) ||
3392  (data.len != 4)) {
3393  log_error("reply_process_is_addressed: unable to "
3394  "evaluate preferred lease time");
3395  status = ISC_R_FAILURE;
3396  goto cleanup;
3397  }
3398 
3399  reply->send_prefer = getULong(data.data);
3400  data_string_forget(&data, MDL);
3401  }
3402 
3403  /* Note lowest values for later calculation of renew/rebind times. */
3404  if (reply->prefer > reply->send_prefer)
3405  reply->prefer = reply->send_prefer;
3406 
3407  if (reply->valid > reply->send_valid)
3408  reply->valid = reply->send_valid;
3409 
3410 #if 0
3411  /*
3412  * XXX: Old 4.0.0 alpha code would change the host {} record
3413  * XXX: uid upon lease assignment. This was intended to cover the
3414  * XXX: case where a client first identifies itself using vendor
3415  * XXX: options in a solicit, or request, but later neglects to include
3416  * XXX: these options in a Renew or Rebind. It is not clear that this
3417  * XXX: is required, and has some startling ramifications (such as
3418  * XXX: how to recover this dynamic host {} state across restarts).
3419  */
3420  if (reply->host != NULL)
3421  change_host_uid(host, reply->client_id->data,
3422  reply->client_id->len);
3423 #endif /* 0 */
3424 
3425  /* Perform dynamic lease related update work. */
3426  if (reply->lease != NULL) {
3427  /* Cached lifetimes */
3428  reply->lease->prefer = reply->send_prefer;
3429  reply->lease->valid = reply->send_valid;
3430 
3431  /* Advance (or rewind) the valid lifetime. */
3432  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3433  reply->lease->soft_lifetime_end_time =
3434  cur_time + reply->send_valid;
3435  /* Wait before renew! */
3436  }
3437 
3438  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3439  if (status != ISC_R_SUCCESS) {
3440  log_fatal("reply_process_is_addressed: Unable to "
3441  "attach lease to new IA: %s",
3442  isc_result_totext(status));
3443  }
3444 
3445  /*
3446  * If this is a new lease, make sure it is attached somewhere.
3447  */
3448  if (reply->lease->ia == NULL) {
3449  ia_reference(&reply->lease->ia, reply->ia, MDL);
3450  }
3451  }
3452 
3453  /* Bring a copy of the relevant options into the IA scope. */
3454  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3455  reply->packet->options, reply->reply_ia,
3456  scope, group, root_group, NULL);
3457 
3458  /* Execute statements from class scopes. */
3459  for (i = reply->packet->class_count; i > 0; i--) {
3460  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3461  reply->packet->options,
3462  reply->reply_ia, scope,
3463  reply->packet->classes[i - 1]->group,
3464  group, NULL);
3465  }
3466 
3467  /*
3468  * And bring in host record configuration, if any, but not to overlap
3469  * the previous group or its common enclosers.
3470  */
3471  if (reply->host != NULL)
3472  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3473  reply->packet->options,
3474  reply->reply_ia, scope,
3475  reply->host->group, group, NULL);
3476 
3477  cleanup:
3478  if (data.data != NULL)
3479  data_string_forget(&data, MDL);
3480 
3481  if (status == ISC_R_SUCCESS)
3482  reply->client_resources++;
3483 
3484  return status;
3485 }
3486 
3487 /* Simply send an IAADDR within the IA scope as described. */
3488 static isc_result_t
3489 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3490  isc_result_t status = ISC_R_SUCCESS;
3491  struct data_string data;
3492 
3493  memset(&data, 0, sizeof(data));
3494 
3495  /* Now append the lease. */
3496  data.len = IAADDR_OFFSET;
3497  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3498  log_error("reply_process_send_addr: out of memory"
3499  "allocating new IAADDR buffer.");
3500  status = ISC_R_NOMEMORY;
3501  goto cleanup;
3502  }
3503  data.data = data.buffer->data;
3504 
3505  memcpy(data.buffer->data, addr->iabuf, 16);
3506  putULong(data.buffer->data + 16, reply->send_prefer);
3507  putULong(data.buffer->data + 20, reply->send_valid);
3508 
3509  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3510  data.buffer, data.buffer->data,
3511  data.len, D6O_IAADDR, 0)) {
3512  log_error("reply_process_send_addr: unable "
3513  "to save IAADDR option");
3514  status = ISC_R_FAILURE;
3515  goto cleanup;
3516  }
3517 
3518  reply->resources_included = ISC_TRUE;
3519 
3520  cleanup:
3521  if (data.data != NULL)
3523 
3524  return status;
3525 }
3526 
3527 /* Choose the better of two leases. */
3528 static struct iasubopt *
3529 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3530  if (alpha == NULL)
3531  return beta;
3532  if (beta == NULL)
3533  return alpha;
3534 
3535  switch(alpha->state) {
3536  case FTS_ACTIVE:
3537  switch(beta->state) {
3538  case FTS_ACTIVE:
3539  /* Choose the lease with the longest lifetime (most
3540  * likely the most recently allocated).
3541  */
3542  if (alpha->hard_lifetime_end_time <
3543  beta->hard_lifetime_end_time)
3544  return beta;
3545  else
3546  return alpha;
3547 
3548  case FTS_EXPIRED:
3549  case FTS_ABANDONED:
3550  return alpha;
3551 
3552  default:
3553  log_fatal("Impossible condition at %s:%d.", MDL);
3554  }
3555  break;
3556 
3557  case FTS_EXPIRED:
3558  switch (beta->state) {
3559  case FTS_ACTIVE:
3560  return beta;
3561 
3562  case FTS_EXPIRED:
3563  /* Choose the most recently expired lease. */
3564  if (alpha->hard_lifetime_end_time <
3565  beta->hard_lifetime_end_time)
3566  return beta;
3567  else if ((alpha->hard_lifetime_end_time ==
3568  beta->hard_lifetime_end_time) &&
3569  (alpha->soft_lifetime_end_time <
3570  beta->soft_lifetime_end_time))
3571  return beta;
3572  else
3573  return alpha;
3574 
3575  case FTS_ABANDONED:
3576  return alpha;
3577 
3578  default:
3579  log_fatal("Impossible condition at %s:%d.", MDL);
3580  }
3581  break;
3582 
3583  case FTS_ABANDONED:
3584  switch (beta->state) {
3585  case FTS_ACTIVE:
3586  case FTS_EXPIRED:
3587  return alpha;
3588 
3589  case FTS_ABANDONED:
3590  /* Choose the lease that was abandoned longest ago. */
3591  if (alpha->hard_lifetime_end_time <
3592  beta->hard_lifetime_end_time)
3593  return alpha;
3594 
3595  default:
3596  log_fatal("Impossible condition at %s:%d.", MDL);
3597  }
3598  break;
3599 
3600  default:
3601  log_fatal("Impossible condition at %s:%d.", MDL);
3602  }
3603 
3604  log_fatal("Triple impossible condition at %s:%d.", MDL);
3605  return NULL;
3606 }
3607 
3608 /* Process a client-supplied IA_PD. This may append options to the tail of
3609  * the reply packet being built in the reply_state structure.
3610  */
3611 static isc_result_t
3612 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
3613  isc_result_t status = ISC_R_SUCCESS;
3614  u_int32_t iaid;
3615  unsigned ia_cursor;
3616  struct option_state *packet_ia;
3617  struct option_cache *oc;
3618  struct data_string ia_data, data;
3619 
3620  /* Initialize values that will get cleaned up on return. */
3621  packet_ia = NULL;
3622  memset(&ia_data, 0, sizeof(ia_data));
3623  memset(&data, 0, sizeof(data));
3624  /*
3625  * Note that find_client_prefix() may set reply->lease.
3626  */
3627 
3628  /* Make sure there is at least room for the header. */
3629  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
3630  log_error("reply_process_ia_pd: Reply too long for IA.");
3631  return ISC_R_NOSPACE;
3632  }
3633 
3634 
3635  /* Fetch the IA_PD contents. */
3636  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
3637  ia, IA_PD_OFFSET)) {
3638  log_error("reply_process_ia_pd: error evaluating ia");
3639  status = ISC_R_FAILURE;
3640  goto cleanup;
3641  }
3642 
3643  /* Extract IA_PD header contents. */
3644  iaid = getULong(ia_data.data);
3645  reply->renew = getULong(ia_data.data + 4);
3646  reply->rebind = getULong(ia_data.data + 8);
3647 
3648  /* Create an IA_PD structure. */
3649  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
3650  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
3651  log_error("reply_process_ia_pd: no memory for ia.");
3652  status = ISC_R_NOMEMORY;
3653  goto cleanup;
3654  }
3655  reply->ia->ia_type = D6O_IA_PD;
3656 
3657  /* Cache pre-existing IA_PD, if any. */
3658  ia_hash_lookup(&reply->old_ia, ia_pd_active,
3659  (unsigned char *)reply->ia->iaid_duid.data,
3660  reply->ia->iaid_duid.len, MDL);
3661 
3662  /*
3663  * Create an option cache to carry the IA_PD option contents, and
3664  * execute any user-supplied values into it.
3665  */
3666  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3667  status = ISC_R_NOMEMORY;
3668  goto cleanup;
3669  }
3670 
3671  /* Check & count the fixed prefix host records. */
3672  reply->static_prefixes = 0;
3673  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
3674  struct iaddrcidrnetlist *fp;
3675 
3676  for (fp = reply->host->fixed_prefix; fp != NULL;
3677  fp = fp->next) {
3678  reply->static_prefixes += 1;
3679  }
3680  }
3681 
3682  /*
3683  * Save the cursor position at the start of the IA_PD, so we can
3684  * set length and adjust t1/t2 values later. We write a temporary
3685  * header out now just in case we decide to adjust the packet
3686  * within sub-process functions.
3687  */
3688  ia_cursor = reply->cursor;
3689 
3690  /* Initialize the IA_PD header. First the code. */
3691  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
3692  reply->cursor += 2;
3693 
3694  /* Then option length. */
3695  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
3696  reply->cursor += 2;
3697 
3698  /* Then IA_PD header contents; IAID. */
3699  putULong(reply->buf.data + reply->cursor, iaid);
3700  reply->cursor += 4;
3701 
3702  /* We store the client's t1 for now, and may over-ride it later. */
3703  putULong(reply->buf.data + reply->cursor, reply->renew);
3704  reply->cursor += 4;
3705 
3706  /* We store the client's t2 for now, and may over-ride it later. */
3707  putULong(reply->buf.data + reply->cursor, reply->rebind);
3708  reply->cursor += 4;
3709 
3710  /*
3711  * For each prefix in this IA_PD, decide what to do about it.
3712  */
3713  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
3714  reply->valid = reply->prefer = 0xffffffff;
3715  reply->client_valid = reply->client_prefer = 0;
3716  reply->preflen = -1;
3717  for (; oc != NULL ; oc = oc->next) {
3718  status = reply_process_prefix(reply, oc);
3719 
3720  /*
3721  * Canceled means we did not allocate prefixes to the
3722  * client, but we're "done" with this IA - we set a status
3723  * code. So transmit this reply, e.g., move on to the next
3724  * IA.
3725  */
3726  if (status == ISC_R_CANCELED)
3727  break;
3728 
3729  if ((status != ISC_R_SUCCESS) &&
3730  (status != ISC_R_ADDRINUSE) &&
3731  (status != ISC_R_ADDRNOTAVAIL))
3732  goto cleanup;
3733  }
3734 
3735  reply->pd_count++;
3736 
3737  /*
3738  * If we fell through the above and never gave the client
3739  * a prefix, give it one now.
3740  */
3741  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
3742  status = find_client_prefix(reply);
3743 
3744  if (status == ISC_R_NORESOURCES) {
3745  switch (reply->packet->dhcpv6_msg_type) {
3746  case DHCPV6_SOLICIT:
3747  /*
3748  * No prefix for any IA is handled
3749  * by the caller.
3750  */
3751  /* FALL THROUGH */
3752 
3753  case DHCPV6_REQUEST:
3754  /* Same than for addresses. */
3755  option_state_dereference(&reply->reply_ia, MDL);
3756  if (!option_state_allocate(&reply->reply_ia,
3757  MDL))
3758  {
3759  log_error("reply_process_ia_pd: No "
3760  "memory for option state "
3761  "wipe.");
3762  status = ISC_R_NOMEMORY;
3763  goto cleanup;
3764  }
3765 
3766  if (!set_status_code(STATUS_NoPrefixAvail,
3767  "No prefixes available "
3768  "for this interface.",
3769  reply->reply_ia)) {
3770  log_error("reply_process_ia_pd: "
3771  "Unable to set "
3772  "NoPrefixAvail status "
3773  "code.");
3774  status = ISC_R_FAILURE;
3775  goto cleanup;
3776  }
3777 
3778  status = ISC_R_SUCCESS;
3779  break;
3780 
3781  default:
3782  if (reply->resources_included)
3783  status = ISC_R_SUCCESS;
3784  else
3785  goto cleanup;
3786  break;
3787  }
3788  }
3789 
3790  if (status != ISC_R_SUCCESS)
3791  goto cleanup;
3792  }
3793 
3794  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
3795  sizeof(reply->buf) - reply->cursor,
3796  reply->reply_ia, reply->packet,
3797  required_opts_IA_PD, NULL);
3798 
3799  /* Reset the length of this IA_PD to match what was just written. */
3800  putUShort(reply->buf.data + ia_cursor + 2,
3801  reply->cursor - (ia_cursor + 4));
3802 
3803  /*
3804  * T1/T2 time selection is kind of weird. We actually use DHCP
3805  * (v4) scoped options as handy existing places where these might
3806  * be configured by an administrator. A value of zero tells the
3807  * client it may choose its own renewal time.
3808  */
3809  reply->renew = 0;
3810  oc = lookup_option(&dhcp_universe, reply->opt_state,
3812  if (oc != NULL) {
3813  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3814  reply->packet->options,
3815  reply->opt_state, &global_scope,
3816  oc, MDL) ||
3817  (data.len != 4)) {
3818  log_error("Invalid renewal time.");
3819  } else {
3820  reply->renew = getULong(data.data);
3821  }
3822 
3823  if (data.data != NULL)
3824  data_string_forget(&data, MDL);
3825  }
3826  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
3827 
3828  /* Now T2. */
3829  reply->rebind = 0;
3830  oc = lookup_option(&dhcp_universe, reply->opt_state,
3832  if (oc != NULL) {
3833  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3834  reply->packet->options,
3835  reply->opt_state, &global_scope,
3836  oc, MDL) ||
3837  (data.len != 4)) {
3838  log_error("Invalid rebinding time.");
3839  } else {
3840  reply->rebind = getULong(data.data);
3841  }
3842 
3843  if (data.data != NULL)
3844  data_string_forget(&data, MDL);
3845  }
3846  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
3847 
3848  /*
3849  * yes, goto's aren't the best but we also want to avoid extra
3850  * indents
3851  */
3852  if (status == ISC_R_CANCELED)
3853  goto cleanup;
3854 
3855  /*
3856  * Handle static prefixes, we always log stuff and if it's
3857  * a hard binding we run any commit statements that we have
3858  */
3859  if (reply->static_prefixes != 0) {
3860  char tmp_addr[INET6_ADDRSTRLEN];
3861  log_info("%s PD: address %s/%d to client with duid %s "
3862  "iaid = %d static",
3863  dhcpv6_type_names[reply->buf.reply.msg_type],
3864  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
3865  tmp_addr, sizeof(tmp_addr)),
3866  reply->fixed_pref.bits,
3867  print_hex_1(reply->client_id.len,
3868  reply->client_id.data, 60),
3869  iaid);
3870  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3871  (reply->on_star.on_commit != NULL)) {
3872  execute_statements(NULL, reply->packet, NULL, NULL,
3873  reply->packet->options,
3874  reply->opt_state,
3875  NULL, reply->on_star.on_commit,
3876  NULL);
3878  (&reply->on_star.on_commit, MDL);
3879  }
3880  goto cleanup;
3881  }
3882 
3883  /*
3884  * If we have any addresses log what we are doing.
3885  */
3886  if (reply->ia->num_iasubopt != 0) {
3887  struct iasubopt *tmp;
3888  int i;
3889  char tmp_addr[INET6_ADDRSTRLEN];
3890 
3891  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3892  tmp = reply->ia->iasubopt[i];
3893 
3894  log_info("%s PD: address %s/%d to client with duid %s"
3895  " iaid = %d valid for %d seconds",
3896  dhcpv6_type_names[reply->buf.reply.msg_type],
3897  inet_ntop(AF_INET6, &tmp->addr,
3898  tmp_addr, sizeof(tmp_addr)),
3899  (int)tmp->plen,
3900  print_hex_1(reply->client_id.len,
3901  reply->client_id.data, 60),
3902  iaid, tmp->valid);
3903  }
3904  }
3905 
3906  /*
3907  * If this is not a 'soft' binding, consume the new changes into
3908  * the database (if any have been attached to the ia_pd).
3909  *
3910  * Loop through the assigned dynamic prefixes, referencing the
3911  * prefixes onto this IA_PD rather than any old ones, and updating
3912  * prefix pool timers for each (if any).
3913  */
3914  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
3915  (reply->ia->num_iasubopt != 0)) {
3916  struct iasubopt *tmp;
3917  struct data_string *ia_id;
3918  int i;
3919 
3920  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3921  tmp = reply->ia->iasubopt[i];
3922 
3923  if (tmp->ia != NULL)
3924  ia_dereference(&tmp->ia, MDL);
3925  ia_reference(&tmp->ia, reply->ia, MDL);
3926 
3927  /* Commit 'hard' bindings. */
3928  renew_lease6(tmp->ipv6_pool, tmp);
3930 
3931  /* If we have anything to do on commit do it now */
3932  if (tmp->on_star.on_commit != NULL) {
3933  execute_statements(NULL, reply->packet,
3934  NULL, NULL,
3935  reply->packet->options,
3936  reply->opt_state,
3937  &tmp->scope,
3938  tmp->on_star.on_commit,
3939  &tmp->on_star);
3941  (&tmp->on_star.on_commit, MDL);
3942  }
3943 
3944  /* Do our threshold check. */
3945  check_pool6_threshold(reply, tmp);
3946  }
3947 
3948  /* Remove any old ia from the hash. */
3949  if (reply->old_ia != NULL) {
3950  ia_id = &reply->old_ia->iaid_duid;
3951  ia_hash_delete(ia_pd_active,
3952  (unsigned char *)ia_id->data,
3953  ia_id->len, MDL);
3954  ia_dereference(&reply->old_ia, MDL);
3955  }
3956 
3957  /* Put new ia into the hash. */
3958  reply->ia->cltt = cur_time;
3959  ia_id = &reply->ia->iaid_duid;
3960  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
3961  ia_id->len, reply->ia, MDL);
3962 
3963  write_ia(reply->ia);
3964  } else {
3965  schedule_lease_timeout_reply(reply);
3966  }
3967 
3968  cleanup:
3969  if (packet_ia != NULL)
3970  option_state_dereference(&packet_ia, MDL);
3971  if (reply->reply_ia != NULL)
3972  option_state_dereference(&reply->reply_ia, MDL);
3973  if (ia_data.data != NULL)
3974  data_string_forget(&ia_data, MDL);
3975  if (data.data != NULL)
3977  if (reply->ia != NULL)
3978  ia_dereference(&reply->ia, MDL);
3979  if (reply->old_ia != NULL)
3980  ia_dereference(&reply->old_ia, MDL);
3981  if (reply->lease != NULL)
3982  iasubopt_dereference(&reply->lease, MDL);
3983  if (reply->on_star.on_expiry != NULL)
3985  (&reply->on_star.on_expiry, MDL);
3986  if (reply->on_star.on_release != NULL)
3988  (&reply->on_star.on_release, MDL);
3989 
3990  /*
3991  * ISC_R_CANCELED is a status code used by the prefix processing to
3992  * indicate we're replying with a status code. This is still a
3993  * success at higher layers.
3994  */
3995  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3996 }
3997 
3998 /*
3999  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4000  * contents into the reply's current ia_pd-scoped option cache. Returns
4001  * ISC_R_CANCELED in the event we are replying with a status code and do
4002  * not wish to process more IAPREFIXes within this IA_PD.
4003  */
4004 static isc_result_t
4005 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4006  u_int32_t pref_life, valid_life;
4007  struct binding_scope **scope;
4008  struct iaddrcidrnet tmp_pref;
4009  struct option_cache *oc;
4010  struct data_string iapref, data;
4011  isc_result_t status = ISC_R_SUCCESS;
4012  struct group *group;
4013 
4014  /* Initializes values that will be cleaned up. */
4015  memset(&iapref, 0, sizeof(iapref));
4016  memset(&data, 0, sizeof(data));
4017  /* Note that reply->lease may be set by prefix_is_owned() */
4018 
4019  /*
4020  * There is no point trying to process an incoming prefix if there
4021  * is no room for an outgoing prefix.
4022  */
4023  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4024  log_error("reply_process_prefix: Out of room for prefix.");
4025  return ISC_R_NOSPACE;
4026  }
4027 
4028  /* Extract this IAPREFIX option. */
4029  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4030  reply->packet->options, NULL, &global_scope,
4031  pref, MDL) ||
4032  (iapref.len < IAPREFIX_OFFSET)) {
4033  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4034  status = ISC_R_FAILURE;
4035  goto cleanup;
4036  }
4037 
4038  /*
4039  * Layout: preferred and valid lifetimes followed by the prefix
4040  * length and the IPv6 address.
4041  */
4042  pref_life = getULong(iapref.data);
4043  valid_life = getULong(iapref.data + 4);
4044 
4045  if ((reply->client_valid == 0) ||
4046  (reply->client_valid > valid_life))
4047  reply->client_valid = valid_life;
4048 
4049  if ((reply->client_prefer == 0) ||
4050  (reply->client_prefer > pref_life))
4051  reply->client_prefer = pref_life;
4052 
4053  /*
4054  * Clients may choose to send ::/0 as a prefix, with the idea to give
4055  * hints about preferred-lifetime or valid-lifetime.
4056  */
4057  tmp_pref.lo_addr.len = 16;
4058  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4059  if ((iapref.data[8] == 0) &&
4060  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4061  /* Status remains success; we just ignore this one. */
4062  goto cleanup;
4063  }
4064 
4065  /*
4066  * Clients may choose to send ::/X as a prefix to specify a
4067  * preferred/requested prefix length. Note X is never zero here.
4068  */
4069  tmp_pref.bits = (int) iapref.data[8];
4070  if (reply->preflen < 0) {
4071  /* Cache the first preferred prefix length. */
4072  reply->preflen = tmp_pref.bits;
4073  }
4074  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4075  goto cleanup;
4076  }
4077 
4078  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4079 
4080  /* Verify the prefix belongs to the client. */
4081  if (!prefix_is_owned(reply, &tmp_pref)) {
4082  /* Same than for addresses. */
4083  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4084  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4085  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4086  status = reply_process_try_prefix(reply, &tmp_pref);
4087 
4088  /* Either error out or skip this prefix. */
4089  if ((status != ISC_R_SUCCESS) &&
4090  (status != ISC_R_ADDRINUSE) &&
4091  (status != ISC_R_ADDRNOTAVAIL))
4092  goto cleanup;
4093 
4094  if (reply->lease == NULL) {
4095  if (reply->packet->dhcpv6_msg_type ==
4096  DHCPV6_REBIND) {
4097  reply->send_prefer = 0;
4098  reply->send_valid = 0;
4099  goto send_pref;
4100  }
4101 
4102  /* status remains success - ignore */
4103  goto cleanup;
4104  }
4105  /*
4106  * RFC3633 section 18.2.3:
4107  *
4108  * If the delegating router cannot find a binding
4109  * for the requesting router's IA_PD the delegating
4110  * router returns the IA_PD containing no prefixes
4111  * with a Status Code option set to NoBinding in the
4112  * Reply message.
4113  *
4114  * On mismatch we (ab)use this pretending we have not the IA
4115  * as soon as we have not a prefix.
4116  */
4117  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4118  /* Rewind the IA_PD to empty. */
4119  option_state_dereference(&reply->reply_ia, MDL);
4120  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4121  log_error("reply_process_prefix: No memory "
4122  "for option state wipe.");
4123  status = ISC_R_NOMEMORY;
4124  goto cleanup;
4125  }
4126 
4127  /* Append a NoBinding status code. */
4128  if (!set_status_code(STATUS_NoBinding,
4129  "Prefix not bound to this "
4130  "interface.", reply->reply_ia)) {
4131  log_error("reply_process_prefix: Unable to "
4132  "attach status code.");
4133  status = ISC_R_FAILURE;
4134  goto cleanup;
4135  }
4136 
4137  /* Fin (no more IAPREFIXes). */
4138  status = ISC_R_CANCELED;
4139  goto cleanup;
4140  } else {
4141  log_error("It is impossible to lease a client that is "
4142  "not sending a solicit, request, renew, or "
4143  "rebind message.");
4144  status = ISC_R_FAILURE;
4145  goto cleanup;
4146  }
4147  }
4148 
4149  if (reply->static_prefixes > 0) {
4150  if (reply->host == NULL)
4151  log_fatal("Impossible condition at %s:%d.", MDL);
4152 
4153  scope = &global_scope;
4154 
4155  /* Find the static prefixe's subnet. */
4156  if (find_grouped_subnet(&reply->subnet, reply->shared,
4157  tmp_pref.lo_addr, MDL) == 0)
4158  log_fatal("Impossible condition at %s:%d.", MDL);
4159  group = reply->subnet->group;
4160  subnet_dereference(&reply->subnet, MDL);
4161 
4162  /* Copy the static prefix for logging purposes */
4163  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4164  } else {
4165  if (reply->lease == NULL)
4166  log_fatal("Impossible condition at %s:%d.", MDL);
4167 
4168  scope = &reply->lease->scope;
4169  group = reply->lease->ipv6_pool->ipv6_pond->group;
4170  }
4171 
4172  /*
4173  * If client_resources is nonzero, then the reply_process_is_prefixed
4174  * function has executed configuration state into the reply option
4175  * cache. We will use that valid cache to derive configuration for
4176  * whether or not to engage in additional prefixes, and similar.
4177  */
4178  if (reply->client_resources != 0) {
4179  unsigned limit = 1;
4180 
4181  /*
4182  * Does this client have "enough" prefixes already? Default
4183  * to one. Everybody gets one, and one should be enough for
4184  * anybody.
4185  */
4186  oc = lookup_option(&server_universe, reply->opt_state,
4188  if (oc != NULL) {
4189  if (!evaluate_option_cache(&data, reply->packet,
4190  NULL, NULL,
4191  reply->packet->options,
4192  reply->opt_state,
4193  scope, oc, MDL) ||
4194  (data.len != 4)) {
4195  log_error("reply_process_prefix: unable to "
4196  "evaluate prefs-per-ia value.");
4197  status = ISC_R_FAILURE;
4198  goto cleanup;
4199  }
4200 
4201  limit = getULong(data.data);
4202  data_string_forget(&data, MDL);
4203  }
4204 
4205  /*
4206  * If we wish to limit the client to a certain number of
4207  * prefixes, then omit the prefix from the reply.
4208  */
4209  if (reply->client_resources >= limit)
4210  goto cleanup;
4211  }
4212 
4213  status = reply_process_is_prefixed(reply, scope, group);
4214  if (status != ISC_R_SUCCESS)
4215  goto cleanup;
4216 
4217  send_pref:
4218  status = reply_process_send_prefix(reply, &tmp_pref);
4219 
4220  cleanup:
4221  if (iapref.data != NULL)
4222  data_string_forget(&iapref, MDL);
4223  if (data.data != NULL)
4224  data_string_forget(&data, MDL);
4225  if (reply->lease != NULL)
4226  iasubopt_dereference(&reply->lease, MDL);
4227 
4228  return status;
4229 }
4230 
4231 /*
4232  * Verify the prefix belongs to the client. If we've got a host
4233  * record with fixed prefixes, it has to be an assigned prefix
4234  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4235  * that prefix and make sure it belongs to this DUID:IAID pair.
4236  */
4237 static isc_boolean_t
4238 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4239  struct iaddrcidrnetlist *l;
4240  int i;
4241  struct ipv6_pond *pond;
4242 
4243  /*
4244  * This faults out prefixes that don't match fixed prefixes.
4245  */
4246  if (reply->static_prefixes > 0) {
4247  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4248  if ((pref->bits == l->cidrnet.bits) &&
4249  (memcmp(pref->lo_addr.iabuf,
4250  l->cidrnet.lo_addr.iabuf, 16) == 0))
4251  return (ISC_TRUE);
4252  }
4253  return (ISC_FALSE);
4254  }
4255 
4256  if ((reply->old_ia == NULL) ||
4257  (reply->old_ia->num_iasubopt == 0))
4258  return (ISC_FALSE);
4259 
4260  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4261  struct iasubopt *tmp;
4262 
4263  tmp = reply->old_ia->iasubopt[i];
4264 
4265  if ((pref->bits == (int) tmp->plen) &&
4266  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4267  if (lease6_usable(tmp) == ISC_FALSE) {
4268  return (ISC_FALSE);
4269  }
4270 
4271  pond = tmp->ipv6_pool->ipv6_pond;
4272  if (((pond->prohibit_list != NULL) &&
4273  (permitted(reply->packet, pond->prohibit_list))) ||
4274  ((pond->permit_list != NULL) &&
4275  (!permitted(reply->packet, pond->permit_list))))
4276  return (ISC_FALSE);
4277 
4278  iasubopt_reference(&reply->lease, tmp, MDL);
4279  return (ISC_TRUE);
4280  }
4281  }
4282 
4283  return (ISC_FALSE);
4284 }
4285 
4286 /*
4287  * This function only returns failure on 'hard' failures. If it succeeds,
4288  * it will leave a prefix structure behind.
4289  */
4290 static isc_result_t
4291 reply_process_try_prefix(struct reply_state *reply,
4292  struct iaddrcidrnet *pref) {
4293  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4294  struct ipv6_pool *pool = NULL;
4295  struct ipv6_pond *pond = NULL;
4296  int i;
4297  struct data_string data_pref;
4298 
4299  if ((reply == NULL) || (reply->shared == NULL) ||
4300  (pref == NULL) || (reply->lease != NULL))
4301  return (DHCP_R_INVALIDARG);
4302 
4303  /*
4304  * Do a quick walk through of the ponds and pools
4305  * to see if we have any prefix pools
4306  */
4307  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4308  if (pond->ipv6_pools == NULL)
4309  continue;
4310 
4311  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4312  if (pool->pool_type == D6O_IA_PD)
4313  break;
4314  }
4315  if (pool != NULL)
4316  break;
4317  }
4318 
4319  /* If we get here and p is NULL we have no useful pools */
4320  if (pool == NULL) {
4321  return (ISC_R_ADDRNOTAVAIL);
4322  }
4323 
4324  memset(&data_pref, 0, sizeof(data_pref));
4325  data_pref.len = 17;
4326  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4327  log_error("reply_process_try_prefix: out of memory.");
4328  return (ISC_R_NOMEMORY);
4329  }
4330  data_pref.data = data_pref.buffer->data;
4331  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4332  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4333 
4334  /*
4335  * We have at least one pool that could provide a prefix
4336  * Now we walk through the ponds and pools again and check
4337  * to see if the client is permitted and if an prefix is
4338  * available
4339  *
4340  */
4341 
4342  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4343  if (((pond->prohibit_list != NULL) &&
4344  (permitted(reply->packet, pond->prohibit_list))) ||
4345  ((pond->permit_list != NULL) &&
4346  (!permitted(reply->packet, pond->permit_list))))
4347  continue;
4348 
4349  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4350  if (pool->pool_type != D6O_IA_PD) {
4351  continue;
4352  }
4353 
4354  status = try_client_v6_prefix(&reply->lease, pool,
4355  &data_pref);
4356  /* If we found it in this pool (either in use or available),
4357  there is no need to look further. */
4358  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4359  break;
4360  }
4361  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4362  break;
4363  }
4364 
4365  data_string_forget(&data_pref, MDL);
4366  /* Return just the most recent status... */
4367  return (status);
4368 }
4369 
4370 /* Look around for a prefix to give the client. First, look through the old
4371  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4372  * Finally, actually add that prefix into the current reply IA_PD.
4373  */
4374 static isc_result_t
4375 find_client_prefix(struct reply_state *reply) {
4376  struct iaddrcidrnet send_pref;
4377  isc_result_t status = ISC_R_NORESOURCES;
4378  struct iasubopt *prefix, *best_prefix = NULL;
4379  struct binding_scope **scope;
4380  int i;
4381  struct group *group;
4382 
4383  if (reply->static_prefixes > 0) {
4384  struct iaddrcidrnetlist *l;
4385 
4386  if (reply->host == NULL)
4387  return DHCP_R_INVALIDARG;
4388 
4389  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4390  if (l->cidrnet.bits == reply->preflen)
4391  break;
4392  }
4393  if (l == NULL) {
4394  /*
4395  * If no fixed prefix has the preferred length,
4396  * get the first one.
4397  */
4398  l = reply->host->fixed_prefix;
4399  }
4400  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4401 
4402  scope = &global_scope;
4403 
4404  /* Find the static prefixe's subnet. */
4405  if (find_grouped_subnet(&reply->subnet, reply->shared,
4406  send_pref.lo_addr, MDL) == 0)
4407  log_fatal("Impossible condition at %s:%d.", MDL);
4408  group = reply->subnet->group;
4409  subnet_dereference(&reply->subnet, MDL);
4410 
4411  /* Copy the prefix for logging purposes */
4412  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4413 
4414  goto send_pref;
4415  }
4416 
4417  if (reply->old_ia != NULL) {
4418  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4419  struct shared_network *candidate_shared;
4420  struct ipv6_pond *pond;
4421 
4422  prefix = reply->old_ia->iasubopt[i];
4423  candidate_shared = prefix->ipv6_pool->shared_network;
4424  pond = prefix->ipv6_pool->ipv6_pond;
4425 
4426  /*
4427  * Consider this prefix if it is in a global pool or
4428  * if it is scoped in a pool under the client's shared
4429  * network.
4430  */
4431  if (((candidate_shared != NULL) &&
4432  (candidate_shared != reply->shared)) ||
4433  (lease6_usable(prefix) != ISC_TRUE))
4434  continue;
4435 
4436  /*
4437  * And check if the prefix is still permitted
4438  */
4439 
4440  if (((pond->prohibit_list != NULL) &&
4441  (permitted(reply->packet, pond->prohibit_list))) ||
4442  ((pond->permit_list != NULL) &&
4443  (!permitted(reply->packet, pond->permit_list))))
4444  continue;
4445 
4446  best_prefix = prefix_compare(reply, prefix,
4447  best_prefix);
4448  }
4449  }
4450 
4451  /* Try to pick a new prefix if we didn't find one, or if we found an
4452  * abandoned prefix.
4453  */
4454  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4455  status = pick_v6_prefix(reply);
4456  } else if (best_prefix != NULL) {
4457  iasubopt_reference(&reply->lease, best_prefix, MDL);
4458  status = ISC_R_SUCCESS;
4459  }
4460 
4461  /* Pick the abandoned prefix as a last resort. */
4462  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4463  /* I don't see how this is supposed to be done right now. */
4464  log_error("Reclaiming abandoned prefixes is not yet "
4465  "supported. Treating this as an out of space "
4466  "condition.");
4467  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4468  }
4469 
4470  /* Give up now if we didn't find a prefix. */
4471  if (status != ISC_R_SUCCESS)
4472  return status;
4473 
4474  if (reply->lease == NULL)
4475  log_fatal("Impossible condition at %s:%d.", MDL);
4476 
4477  scope = &reply->lease->scope;
4478  group = reply->lease->ipv6_pool->ipv6_pond->group;
4479 
4480  send_pref.lo_addr.len = 16;
4481  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4482  send_pref.bits = (int) reply->lease->plen;
4483 
4484  send_pref:
4485  status = reply_process_is_prefixed(reply, scope, group);
4486  if (status != ISC_R_SUCCESS)
4487  return status;
4488 
4489  status = reply_process_send_prefix(reply, &send_pref);
4490  return status;
4491 }
4492 
4493 /* Once a prefix is found for a client, perform several common functions;
4494  * Calculate and store valid and preferred prefix times, draw client options
4495  * into the option state.
4496  */
4497 static isc_result_t
4498 reply_process_is_prefixed(struct reply_state *reply,
4499  struct binding_scope **scope, struct group *group)
4500 {
4501  isc_result_t status = ISC_R_SUCCESS;
4502  struct data_string data;
4503  struct option_cache *oc;
4504  struct option_state *tmp_options = NULL;
4505  struct on_star *on_star;
4506  int i;
4507 
4508  /* Initialize values we will cleanup. */
4509  memset(&data, 0, sizeof(data));
4510 
4511  /*
4512  * Find the proper on_star block to use. We use the
4513  * one in the lease if we have a lease or the one in
4514  * the reply if we don't have a lease because this is
4515  * a static instance
4516  */
4517  if (reply->lease) {
4518  on_star = &reply->lease->on_star;
4519  } else {
4520  on_star = &reply->on_star;
4521  }
4522 
4523  /*
4524  * Bring in the root configuration. We only do this to bring
4525  * in the on * statements, as we didn't have the lease available
4526  * we we did it the first time.
4527  */
4528  option_state_allocate(&tmp_options, MDL);
4529  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4530  reply->packet->options, tmp_options,
4531  &global_scope, root_group, NULL,
4532  on_star);
4533  if (tmp_options != NULL) {
4534  option_state_dereference(&tmp_options, MDL);
4535  }
4536 
4537  /*
4538  * Bring configured options into the root packet level cache - start
4539  * with the lease's closest enclosing group (passed in by the caller
4540  * as 'group').
4541  */
4542  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4543  reply->packet->options, reply->opt_state,
4544  scope, group, root_group, on_star);
4545 
4546  /* Execute statements from class scopes. */
4547  for (i = reply->packet->class_count; i > 0; i--) {
4548  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4549  reply->packet->options,
4550  reply->opt_state, scope,
4551  reply->packet->classes[i - 1]->group,
4552  group, on_star);
4553  }
4554 
4555  /*
4556  * If there is a host record, over-ride with values configured there,
4557  * without re-evaluating configuration from the previously executed
4558  * group or its common enclosers.
4559  */
4560  if (reply->host != NULL)
4561  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4562  reply->packet->options,
4563  reply->opt_state, scope,
4564  reply->host->group, group,
4565  on_star);
4566 
4567  /* Determine valid lifetime. */
4568  if (reply->client_valid == 0)
4569  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
4570  else
4571  reply->send_valid = reply->client_valid;
4572 
4573  oc = lookup_option(&server_universe, reply->opt_state,
4575  if (oc != NULL) {
4576  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4577  reply->packet->options,
4578  reply->opt_state,
4579  scope, oc, MDL) ||
4580  (data.len != 4)) {
4581  log_error("reply_process_is_prefixed: unable to "
4582  "evaluate default prefix time");
4583  status = ISC_R_FAILURE;
4584  goto cleanup;
4585  }
4586 
4587  reply->send_valid = getULong(data.data);
4588  data_string_forget(&data, MDL);
4589  }
4590 
4591  if (reply->client_prefer == 0)
4592  reply->send_prefer = reply->send_valid;
4593  else
4594  reply->send_prefer = reply->client_prefer;
4595 
4596  if (reply->send_prefer >= reply->send_valid)
4597  reply->send_prefer = (reply->send_valid / 2) +
4598  (reply->send_valid / 8);
4599 
4600  oc = lookup_option(&server_universe, reply->opt_state,
4602  if (oc != NULL) {
4603  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4604  reply->packet->options,
4605  reply->opt_state,
4606  scope, oc, MDL) ||
4607  (data.len != 4)) {
4608  log_error("reply_process_is_prefixed: unable to "
4609  "evaluate preferred prefix time");
4610  status = ISC_R_FAILURE;
4611  goto cleanup;
4612  }
4613 
4614  reply->send_prefer = getULong(data.data);
4615  data_string_forget(&data, MDL);
4616  }
4617 
4618  /* Note lowest values for later calculation of renew/rebind times. */
4619  if (reply->prefer > reply->send_prefer)
4620  reply->prefer = reply->send_prefer;
4621 
4622  if (reply->valid > reply->send_valid)
4623  reply->valid = reply->send_valid;
4624 
4625  /* Perform dynamic prefix related update work. */
4626  if (reply->lease != NULL) {
4627  /* Cached lifetimes */
4628  reply->lease->prefer = reply->send_prefer;
4629  reply->lease->valid = reply->send_valid;
4630 
4631  /* Advance (or rewind) the valid lifetime. */
4632  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
4633  reply->lease->soft_lifetime_end_time =
4634  cur_time + reply->send_valid;
4635  /* Wait before renew! */
4636  }
4637 
4638  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
4639  if (status != ISC_R_SUCCESS) {
4640  log_fatal("reply_process_is_prefixed: Unable to "
4641  "attach prefix to new IA_PD: %s",
4642  isc_result_totext(status));
4643  }
4644 
4645  /*
4646  * If this is a new prefix, make sure it is attached somewhere.
4647  */
4648  if (reply->lease->ia == NULL) {
4649  ia_reference(&reply->lease->ia, reply->ia, MDL);
4650  }
4651  }
4652 
4653  /* Bring a copy of the relevant options into the IA_PD scope. */
4654  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4655  reply->packet->options, reply->reply_ia,
4656  scope, group, root_group, NULL);
4657 
4658  /* Execute statements from class scopes. */
4659  for (i = reply->packet->class_count; i > 0; i--) {
4660  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4661  reply->packet->options,
4662  reply->reply_ia, scope,
4663  reply->packet->classes[i - 1]->group,
4664  group, NULL);
4665  }
4666 
4667  /*
4668  * And bring in host record configuration, if any, but not to overlap
4669  * the previous group or its common enclosers.
4670  */
4671  if (reply->host != NULL)
4672  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4673  reply->packet->options,
4674  reply->reply_ia, scope,
4675  reply->host->group, group, NULL);
4676 
4677  cleanup:
4678  if (data.data != NULL)
4679  data_string_forget(&data, MDL);
4680 
4681  if (status == ISC_R_SUCCESS)
4682  reply->client_resources++;
4683 
4684  return status;
4685 }
4686 
4687 /* Simply send an IAPREFIX within the IA_PD scope as described. */
4688 static isc_result_t
4689 reply_process_send_prefix(struct reply_state *reply,
4690  struct iaddrcidrnet *pref) {
4691  isc_result_t status = ISC_R_SUCCESS;
4692  struct data_string data;
4693 
4694  memset(&data, 0, sizeof(data));
4695 
4696  /* Now append the prefix. */
4697  data.len = IAPREFIX_OFFSET;
4698  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
4699  log_error("reply_process_send_prefix: out of memory"
4700  "allocating new IAPREFIX buffer.");
4701  status = ISC_R_NOMEMORY;
4702  goto cleanup;
4703  }
4704  data.data = data.buffer->data;
4705 
4706  putULong(data.buffer->data, reply->send_prefer);
4707  putULong(data.buffer->data + 4, reply->send_valid);
4708  data.buffer->data[8] = pref->bits;
4709  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
4710 
4711  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
4712  data.buffer, data.buffer->data,
4713  data.len, D6O_IAPREFIX, 0)) {
4714  log_error("reply_process_send_prefix: unable "
4715  "to save IAPREFIX option");
4716  status = ISC_R_FAILURE;
4717  goto cleanup;
4718  }
4719 
4720  reply->resources_included = ISC_TRUE;
4721 
4722  cleanup:
4723  if (data.data != NULL)
4725 
4726  return status;
4727 }
4728 
4729 /* Choose the better of two prefixes. */
4730 static struct iasubopt *
4731 prefix_compare(struct reply_state *reply,
4732  struct iasubopt *alpha, struct iasubopt *beta) {
4733  if (alpha == NULL)
4734  return beta;
4735  if (beta == NULL)
4736  return alpha;
4737 
4738  if (reply->preflen >= 0) {
4739  if ((alpha->plen == reply->preflen) &&
4740  (beta->plen != reply->preflen))
4741  return alpha;
4742  if ((beta->plen == reply->preflen) &&
4743  (alpha->plen != reply->preflen))
4744  return beta;
4745  }
4746 
4747  switch(alpha->state) {
4748  case FTS_ACTIVE:
4749  switch(beta->state) {
4750  case FTS_ACTIVE:
4751  /* Choose the prefix with the longest lifetime (most
4752  * likely the most recently allocated).
4753  */
4754  if (alpha->hard_lifetime_end_time <
4755  beta->hard_lifetime_end_time)
4756  return beta;
4757  else
4758  return alpha;
4759 
4760  case FTS_EXPIRED:
4761  case FTS_ABANDONED:
4762  return alpha;
4763 
4764  default:
4765  log_fatal("Impossible condition at %s:%d.", MDL);
4766  }
4767  break;
4768 
4769  case FTS_EXPIRED:
4770  switch (beta->state) {
4771  case FTS_ACTIVE:
4772  return beta;
4773 
4774  case FTS_EXPIRED:
4775  /* Choose the most recently expired prefix. */
4776  if (alpha->hard_lifetime_end_time <
4777  beta->hard_lifetime_end_time)
4778  return beta;
4779  else if ((alpha->hard_lifetime_end_time ==
4780  beta->hard_lifetime_end_time) &&
4781  (alpha->soft_lifetime_end_time <
4782  beta->soft_lifetime_end_time))
4783  return beta;
4784  else
4785  return alpha;
4786 
4787  case FTS_ABANDONED:
4788  return alpha;
4789 
4790  default:
4791  log_fatal("Impossible condition at %s:%d.", MDL);
4792  }
4793  break;
4794 
4795  case FTS_ABANDONED:
4796  switch (beta->state) {
4797  case FTS_ACTIVE:
4798  case FTS_EXPIRED:
4799  return alpha;
4800 
4801  case FTS_ABANDONED:
4802  /* Choose the prefix that was abandoned longest ago. */
4803  if (alpha->hard_lifetime_end_time <
4804  beta->hard_lifetime_end_time)
4805  return alpha;
4806 
4807  default:
4808  log_fatal("Impossible condition at %s:%d.", MDL);
4809  }
4810  break;
4811 
4812  default:
4813  log_fatal("Impossible condition at %s:%d.", MDL);
4814  }
4815 
4816  log_fatal("Triple impossible condition at %s:%d.", MDL);
4817  return NULL;
4818 }
4819 
4820 /*
4821  * Solicit is how a client starts requesting addresses.
4822  *
4823  * If the client asks for rapid commit, and we support it, we will
4824  * allocate the addresses and reply.
4825  *
4826  * Otherwise we will send an advertise message.
4827  */
4828 
4829 static void
4830 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
4831  struct data_string client_id;
4832 
4834 
4835  /*
4836  * Validate our input.
4837  */
4838  if (!valid_client_msg(packet, &client_id)) {
4839  return;
4840  }
4841 
4842  lease_to_client(reply_ret, packet, &client_id, NULL);
4843 
4844  /*
4845  * Clean up.
4846  */
4847  data_string_forget(&client_id, MDL);
4848 
4850 }
4851 
4852 /*
4853  * Request is how a client actually requests addresses.
4854  *
4855  * Very similar to Solicit handling, except the server DUID is required.
4856  */
4857 
4858 static void
4859 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
4860  struct data_string client_id;
4861  struct data_string server_id;
4862 
4864 
4865  /*
4866  * Validate our input.
4867  */
4868  if (!valid_client_resp(packet, &client_id, &server_id)) {
4869  return;
4870  }
4871 
4872  /*
4873  * Issue our lease.
4874  */
4875  lease_to_client(reply_ret, packet, &client_id, &server_id);
4876 
4877  /*
4878  * Cleanup.
4879  */
4880  data_string_forget(&client_id, MDL);
4881  data_string_forget(&server_id, MDL);
4882 
4884 }
4885 
4886 /* Find a DHCPv6 packet's shared network from hints in the packet.
4887  */
4888 static isc_result_t
4889 shared_network_from_packet6(struct shared_network **shared,
4890  struct packet *packet)
4891 {
4892  const struct packet *chk_packet;
4893  const struct in6_addr *link_addr, *first_link_addr;
4894  struct iaddr tmp_addr;
4895  struct subnet *subnet;
4896  isc_result_t status;
4897 
4898  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
4899  return DHCP_R_INVALIDARG;
4900 
4901  /*
4902  * First, find the link address where the packet from the client
4903  * first appeared (if this packet was relayed).
4904  */
4905  first_link_addr = NULL;
4906  chk_packet = packet->dhcpv6_container_packet;
4907  while (chk_packet != NULL) {
4908  link_addr = &chk_packet->dhcpv6_link_address;
4909  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
4910  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
4911  first_link_addr = link_addr;
4912  break;
4913  }
4914  chk_packet = chk_packet->dhcpv6_container_packet;
4915  }
4916 
4917  /*
4918  * If there is a relayed link address, find the subnet associated
4919  * with that, and use that to get the appropriate
4920  * shared_network.
4921  */
4922  if (first_link_addr != NULL) {
4923  tmp_addr.len = sizeof(*first_link_addr);
4924  memcpy(tmp_addr.iabuf,
4925  first_link_addr, sizeof(*first_link_addr));
4926  subnet = NULL;
4927  if (!find_subnet(&subnet, tmp_addr, MDL)) {
4928  log_debug("No subnet found for link-address %s.",
4929  piaddr(tmp_addr));
4930  return ISC_R_NOTFOUND;
4931  }
4932  status = shared_network_reference(shared,
4933  subnet->shared_network, MDL);
4934  subnet_dereference(&subnet, MDL);
4935 
4936  /*
4937  * If there is no link address, we will use the interface
4938  * that this packet came in on to pick the shared_network.
4939  */
4940  } else if (packet->interface != NULL) {
4941  status = shared_network_reference(shared,
4942  packet->interface->shared_network,
4943  MDL);
4944  if (packet->dhcpv6_container_packet != NULL) {
4945  log_info("[L2 Relay] No link address in relay packet "
4946  "assuming L2 relay and using receiving "
4947  "interface");
4948  }
4949 
4950  } else {
4951  /*
4952  * We shouldn't be able to get here but if there is no link
4953  * address and no interface we don't know where to get the
4954  * pool from log an error and return an error.
4955  */
4956  log_error("No interface and no link address "
4957  "can't determine pool");
4958  status = DHCP_R_INVALIDARG;
4959  }
4960 
4961  return status;
4962 }
4963 
4964 /*
4965  * When a client thinks it might be on a new link, it sends a
4966  * Confirm message.
4967  *
4968  * From RFC3315 section 18.2.2:
4969  *
4970  * When the server receives a Confirm message, the server determines
4971  * whether the addresses in the Confirm message are appropriate for the
4972  * link to which the client is attached. If all of the addresses in the
4973  * Confirm message pass this test, the server returns a status of
4974  * Success. If any of the addresses do not pass this test, the server
4975  * returns a status of NotOnLink. If the server is unable to perform
4976  * this test (for example, the server does not have information about
4977  * prefixes on the link to which the client is connected), or there were
4978  * no addresses in any of the IAs sent by the client, the server MUST
4979  * NOT send a reply to the client.
4980  */
4981 
4982 static void
4983 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
4984  struct shared_network *shared;
4985  struct subnet *subnet;
4986  struct option_cache *ia, *ta, *oc;
4987  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
4988  struct option_state *cli_enc_opt_state, *opt_state;
4989  struct iaddr cli_addr;
4990  int pass;
4991  isc_boolean_t inappropriate, has_addrs;
4992  char reply_data[65536];
4993  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
4994  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
4995 
4997 
4998  /*
4999  * Basic client message validation.
5000  */
5001  memset(&client_id, 0, sizeof(client_id));
5002  if (!valid_client_msg(packet, &client_id)) {
5003  return;
5004  }
5005 
5006  /*
5007  * Do not process Confirms that do not have IA's we do not recognize.
5008  */
5011  if ((ia == NULL) && (ta == NULL))
5012  return;
5013 
5014  /*
5015  * IA_PD's are simply ignored.
5016  */
5018 
5019  /*
5020  * Bit of variable initialization.
5021  */
5022  opt_state = cli_enc_opt_state = NULL;
5023  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5024  memset(&iaaddr, 0, sizeof(iaaddr));
5025  memset(&packet_oro, 0, sizeof(packet_oro));
5026 
5027  /* Determine what shared network the client is connected to. We
5028  * must not respond if we don't have any information about the
5029  * network the client is on.
5030  */
5031  shared = NULL;
5032  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5033  (shared == NULL))
5034  goto exit;
5035 
5036  /* If there are no recorded subnets, then we have no
5037  * information about this subnet - ignore Confirms.
5038  */
5039  subnet = shared->subnets;
5040  if (subnet == NULL)
5041  goto exit;
5042 
5043  /* Are the addresses in all the IA's appropriate for that link? */
5044  has_addrs = inappropriate = ISC_FALSE;
5045  pass = D6O_IA_NA;
5046  while(!inappropriate) {
5047  /* If we've reached the end of the IA_NA pass, move to the
5048  * IA_TA pass.
5049  */
5050  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5051  pass = D6O_IA_TA;
5052  ia = ta;
5053  }
5054 
5055  /* If we've reached the end of all passes, we're done. */
5056  if (ia == NULL)
5057  break;
5058 
5059  if (((pass == D6O_IA_NA) &&
5060  !get_encapsulated_IA_state(&cli_enc_opt_state,
5061  &cli_enc_opt_data,
5062  packet, ia, IA_NA_OFFSET)) ||
5063  ((pass == D6O_IA_TA) &&
5064  !get_encapsulated_IA_state(&cli_enc_opt_state,
5065  &cli_enc_opt_data,
5066  packet, ia, IA_TA_OFFSET))) {
5067  goto exit;
5068  }
5069 
5070  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5071  D6O_IAADDR);
5072 
5073  for ( ; oc != NULL ; oc = oc->next) {
5074  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5075  packet->options, NULL,
5076  &global_scope, oc, MDL) ||
5077  (iaaddr.len < IAADDR_OFFSET)) {
5078  log_error("dhcpv6_confirm: "
5079  "error evaluating IAADDR.");
5080  goto exit;
5081  }
5082 
5083  /* Copy out the IPv6 address for processing. */
5084  cli_addr.len = 16;
5085  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5086 
5087  data_string_forget(&iaaddr, MDL);
5088 
5089  /* Record that we've processed at least one address. */
5090  has_addrs = ISC_TRUE;
5091 
5092  /* Find out if any subnets cover this address. */
5093  for (subnet = shared->subnets ; subnet != NULL ;
5094  subnet = subnet->next_sibling) {
5095  if (addr_eq(subnet_number(cli_addr,
5096  subnet->netmask),
5097  subnet->net))
5098  break;
5099  }
5100 
5101  /* If we reach the end of the subnet list, and no
5102  * subnet matches the client address, then it must
5103  * be inappropriate to the link (so far as our
5104  * configuration says). Once we've found one
5105  * inappropriate address, there is no reason to
5106  * continue searching.
5107  */
5108  if (subnet == NULL) {
5109  inappropriate = ISC_TRUE;
5110  break;
5111  }
5112  }
5113 
5114  option_state_dereference(&cli_enc_opt_state, MDL);
5115  data_string_forget(&cli_enc_opt_data, MDL);
5116 
5117  /* Advance to the next IA_*. */
5118  ia = ia->next;
5119  }
5120 
5121  /* If the client supplied no addresses, do not reply. */
5122  if (!has_addrs)
5123  goto exit;
5124 
5125  /*
5126  * Set up reply.
5127  */
5128  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5129  goto exit;
5130  }
5131 
5132  /*
5133  * Set our status.
5134  */
5135  if (inappropriate) {
5136  if (!set_status_code(STATUS_NotOnLink,
5137  "Some of the addresses are not on link.",
5138  opt_state)) {
5139  goto exit;
5140  }
5141  } else {
5142  if (!set_status_code(STATUS_Success,
5143  "All addresses still on link.",
5144  opt_state)) {
5145  goto exit;
5146  }
5147  }
5148 
5149  /*
5150  * Only one option: add it.
5151  */
5152  reply_ofs += store_options6(reply_data+reply_ofs,
5153  sizeof(reply_data)-reply_ofs,
5154  opt_state, packet,
5155  required_opts, &packet_oro);
5156 
5157  /*
5158  * Return our reply to the caller.
5159  */
5160  reply_ret->len = reply_ofs;
5161  reply_ret->buffer = NULL;
5162  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5163  log_fatal("No memory to store reply.");
5164  }
5165  reply_ret->data = reply_ret->buffer->data;
5166  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5167 
5168 exit:
5169  /* Cleanup any stale data strings. */
5170  if (cli_enc_opt_data.buffer != NULL)
5171  data_string_forget(&cli_enc_opt_data, MDL);
5172  if (iaaddr.buffer != NULL)
5173  data_string_forget(&iaaddr, MDL);
5174  if (client_id.buffer != NULL)
5175  data_string_forget(&client_id, MDL);
5176  if (packet_oro.buffer != NULL)
5177  data_string_forget(&packet_oro, MDL);
5178 
5179  /* Release any stale option states. */
5180  if (cli_enc_opt_state != NULL)
5181  option_state_dereference(&cli_enc_opt_state, MDL);
5182  if (opt_state != NULL)
5183  option_state_dereference(&opt_state, MDL);
5184 
5186 }
5187 
5188 /*
5189  * Renew is when a client wants to extend its lease/prefix, at time T1.
5190  *
5191  * We handle this the same as if the client wants a new lease/prefix,
5192  * except for the error code of when addresses don't match.
5193  */
5194 
5195 static void
5196 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5197  struct data_string client_id;
5198  struct data_string server_id;
5199 
5201 
5202  /*
5203  * Validate the request.
5204  */
5205  if (!valid_client_resp(packet, &client_id, &server_id)) {
5206  return;
5207  }
5208 
5209  /*
5210  * Renew our lease.
5211  */
5212  lease_to_client(reply, packet, &client_id, &server_id);
5213 
5214  /*
5215  * Cleanup.
5216  */
5217  data_string_forget(&server_id, MDL);
5218  data_string_forget(&client_id, MDL);
5219 
5221 }
5222 
5223 /*
5224  * Rebind is when a client wants to extend its lease, at time T2.
5225  *
5226  * We handle this the same as if the client wants a new lease, except
5227  * for the error code of when addresses don't match.
5228  */
5229 
5230 static void
5231 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5232  struct data_string client_id;
5233 
5235 
5236  if (!valid_client_msg(packet, &client_id)) {
5237  return;
5238  }
5239 
5240  lease_to_client(reply, packet, &client_id, NULL);
5241 
5242  data_string_forget(&client_id, MDL);
5243 
5245 }
5246 
5247 static void
5248 ia_na_match_decline(const struct data_string *client_id,
5249  const struct data_string *iaaddr,
5250  struct iasubopt *lease)
5251 {
5252  char tmp_addr[INET6_ADDRSTRLEN];
5253 
5254  log_error("Client %s reports address %s is "
5255  "already in use by another host!",
5256  print_hex_1(client_id->len, client_id->data, 60),
5257  inet_ntop(AF_INET6, iaaddr->data,
5258  tmp_addr, sizeof(tmp_addr)));
5259  if (lease != NULL) {
5260  decline_lease6(lease->ipv6_pool, lease);
5261  lease->ia->cltt = cur_time;
5262  write_ia(lease->ia);
5263  }
5264 }
5265 
5266 static void
5267 ia_na_nomatch_decline(const struct data_string *client_id,
5268  const struct data_string *iaaddr,
5269  u_int32_t *ia_na_id,
5270  struct packet *packet,
5271  char *reply_data,
5272  int *reply_ofs,
5273  int reply_len)
5274 {
5275  char tmp_addr[INET6_ADDRSTRLEN];
5276  struct option_state *host_opt_state;
5277  int len;
5278 
5279  log_info("Client %s declines address %s, which is not offered to it.",
5280  print_hex_1(client_id->len, client_id->data, 60),
5281  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5282 
5283  /*
5284  * Create state for this IA_NA.
5285  */
5286  host_opt_state = NULL;
5287  if (!option_state_allocate(&host_opt_state, MDL)) {
5288  log_error("ia_na_nomatch_decline: out of memory "
5289  "allocating option_state.");
5290  goto exit;
5291  }
5292 
5293  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5294  host_opt_state)) {
5295  goto exit;
5296  }
5297 
5298  /*
5299  * Insure we have enough space
5300  */
5301  if (reply_len < (*reply_ofs + 16)) {
5302  log_error("ia_na_nomatch_decline: "
5303  "out of space for reply packet.");
5304  goto exit;
5305  }
5306 
5307  /*
5308  * Put our status code into the reply packet.
5309  */
5310  len = store_options6(reply_data+(*reply_ofs)+16,
5311  reply_len-(*reply_ofs)-16,
5312  host_opt_state, packet,
5313  required_opts_STATUS_CODE, NULL);
5314 
5315  /*
5316  * Store the non-encapsulated option data for this
5317  * IA_NA into our reply packet. Defined in RFC 3315,
5318  * section 22.4.
5319  */
5320  /* option number */
5321  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5322  /* option length */
5323  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5324  /* IA_NA, copied from the client */
5325  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5326  /* t1 and t2, odd that we need them, but here it is */
5327  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5328  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5329 
5330  /*
5331  * Get ready for next IA_NA.
5332  */
5333  *reply_ofs += (len + 16);
5334 
5335 exit:
5336  option_state_dereference(&host_opt_state, MDL);
5337 }
5338 
5339 static void
5340 iterate_over_ia_na(struct data_string *reply_ret,
5341  struct packet *packet,
5342  const struct data_string *client_id,
5343  const struct data_string *server_id,
5344  const char *packet_type,
5345  void (*ia_na_match)(),
5346  void (*ia_na_nomatch)())
5347 {
5348  struct option_state *opt_state;
5349  struct host_decl *packet_host;
5350  struct option_cache *ia;
5351  struct option_cache *oc;
5352  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5353  struct data_string cli_enc_opt_data;
5354  struct option_state *cli_enc_opt_state;
5355  struct host_decl *host;
5356  struct option_state *host_opt_state;
5357  struct data_string iaaddr;
5358  struct data_string fixed_addr;
5359  char reply_data[65536];
5360  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5361  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5362  char status_msg[32];
5363  struct iasubopt *lease;
5364  struct ia_xx *existing_ia_na;
5365  int i;
5366  struct data_string key;
5367  u_int32_t iaid;
5368 
5369  /*
5370  * Initialize to empty values, in case we have to exit early.
5371  */
5372  opt_state = NULL;
5373  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5374  cli_enc_opt_state = NULL;
5375  memset(&iaaddr, 0, sizeof(iaaddr));
5376  memset(&fixed_addr, 0, sizeof(fixed_addr));
5377  host_opt_state = NULL;
5378  lease = NULL;
5379 
5380  /*
5381  * Find the host record that matches from the packet, if any.
5382  */
5383  packet_host = NULL;
5384  if (!find_hosts_by_uid(&packet_host,
5385  client_id->data, client_id->len, MDL)) {
5386  packet_host = NULL;
5387  /*
5388  * Note: In general, we don't expect a client to provide
5389  * enough information to match by option for these
5390  * types of messages, but if we don't have a UID
5391  * match we can check anyway.
5392  */
5393  if (!find_hosts_by_option(&packet_host,
5394  packet, packet->options, MDL)) {
5395  packet_host = NULL;
5396 
5397  if (!find_hosts_by_duid_chaddr(&packet_host,
5398  client_id))
5399  packet_host = NULL;
5400  }
5401  }
5402 
5403  /*
5404  * Set our reply information.
5405  */
5406  reply->msg_type = DHCPV6_REPLY;
5407  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5408  sizeof(reply->transaction_id));
5409 
5410  /*
5411  * Build our option state for reply.
5412  */
5413  opt_state = NULL;
5414  if (!option_state_allocate(&opt_state, MDL)) {
5415  log_error("iterate_over_ia_na: no memory for option_state.");
5416  goto exit;
5417  }
5418  execute_statements_in_scope(NULL, packet, NULL, NULL,
5419  packet->options, opt_state,
5420  &global_scope, root_group, NULL, NULL);
5421 
5422  /*
5423  * RFC 3315, section 18.2.7 tells us which options to include.
5424  */
5425  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5426  if (oc == NULL) {
5427  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5428  (unsigned char *)server_duid.data,
5429  server_duid.len, D6O_SERVERID, 0)) {
5430  log_error("iterate_over_ia_na: "
5431  "error saving server identifier.");
5432  goto exit;
5433  }
5434  }
5435 
5436  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5437  client_id->buffer,
5438  (unsigned char *)client_id->data,
5439  client_id->len,
5440  D6O_CLIENTID, 0)) {
5441  log_error("iterate_over_ia_na: "
5442  "error saving client identifier.");
5443  goto exit;
5444  }
5445 
5446  /* reject unicast message, unless we set unicast option */
5447  if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) {
5448  /*
5449  * RFC3315 section 18.2.6 (Release):
5450  *
5451  * When the server receives a Release message via unicast from a client
5452  * to which the server has not sent a unicast option, the server
5453  * discards the Release message and responds with a Reply message
5454  * containing a Status Code option with value UseMulticast, a Server
5455  * Identifier option containing the server's DUID, the Client Identifier
5456  * option from the client message, and no other options.
5457  *
5458  * Section 18.2.7 (Decline):
5459  *
5460  * When the server receives a Decline message via unicast from a client
5461  * to which the server has not sent a unicast option, the server
5462  * discards the Decline message and responds with a Reply message
5463  * containing a Status Code option with the value UseMulticast, a Server
5464  * Identifier option containing the server's DUID, the Client Identifier
5465  * option from the client message, and no other options.
5466  */
5467  snprintf(status_msg, sizeof(status_msg),
5468  "%s received unicast.", packet_type);
5469  if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) {
5470  goto exit;
5471  }
5472 
5473  /*
5474  * Produce an reply that includes only:
5475  *
5476  * Status code.
5477  * Server DUID.
5478  * Client DUID.
5479  */
5480  reply_ofs += store_options6(reply_data+reply_ofs,
5481  sizeof(reply_data)-reply_ofs,
5482  opt_state, packet,
5483  required_opts_NAA, NULL);
5484 
5485  goto return_reply;
5486  } else {
5487  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5488  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5489  goto exit;
5490  }
5491 
5492  /*
5493  * Add our options that are not associated with any IA_NA or IA_TA.
5494  */
5495  reply_ofs += store_options6(reply_data+reply_ofs,
5496  sizeof(reply_data)-reply_ofs,
5497  opt_state, packet,
5498  required_opts, NULL);
5499  }
5500 
5501  /*
5502  * Loop through the IA_NA reported by the client, and deal with
5503  * addresses reported as already in use.
5504  */
5505  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5506  ia != NULL; ia = ia->next) {
5507 
5508  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5509  &cli_enc_opt_data,
5510  packet, ia, IA_NA_OFFSET)) {
5511  goto exit;
5512  }
5513 
5514  iaid = getULong(cli_enc_opt_data.data);
5515 
5516  /*
5517  * XXX: It is possible that we can get multiple addresses
5518  * sent by the client. We don't send multiple
5519  * addresses, so this indicates a client error.
5520  * We should check for multiple IAADDR options, log
5521  * if found, and set as an error.
5522  */
5523  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5524  D6O_IAADDR);
5525  if (oc == NULL) {
5526  /* no address given for this IA, ignore */
5527  option_state_dereference(&cli_enc_opt_state, MDL);
5528  data_string_forget(&cli_enc_opt_data, MDL);
5529  continue;
5530  }
5531 
5532  memset(&iaaddr, 0, sizeof(iaaddr));
5533  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5534  packet->options, NULL,
5535  &global_scope, oc, MDL)) {
5536  log_error("iterate_over_ia_na: "
5537  "error evaluating IAADDR.");
5538  goto exit;
5539  }
5540 
5541  /*
5542  * Now we need to figure out which host record matches
5543  * this IA_NA and IAADDR (encapsulated option contents
5544  * matching a host record by option).
5545  *
5546  * XXX: We don't currently track IA_NA separately, but
5547  * we will need to do this!
5548  */
5549  host = NULL;
5550  if (!find_hosts_by_option(&host, packet,
5551  cli_enc_opt_state, MDL)) {
5552  if (packet_host != NULL) {
5553  host = packet_host;
5554  } else {
5555  host = NULL;
5556  }
5557  }
5558  while (host != NULL) {
5559  if (host->fixed_addr != NULL) {
5560  if (!evaluate_option_cache(&fixed_addr, NULL,
5561  NULL, NULL, NULL,
5562  NULL, &global_scope,
5563  host->fixed_addr,
5564  MDL)) {
5565  log_error("iterate_over_ia_na: error "
5566  "evaluating host address.");
5567  goto exit;
5568  }
5569  if ((iaaddr.len >= 16) &&
5570  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
5571  data_string_forget(&fixed_addr, MDL);
5572  break;
5573  }
5574  data_string_forget(&fixed_addr, MDL);
5575  }
5576  host = host->n_ipaddr;
5577  }
5578 
5579  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
5580  /*
5581  * Find existing IA_NA.
5582  */
5583  if (ia_make_key(&key, iaid,
5584  (char *)client_id->data,
5585  client_id->len,
5586  MDL) != ISC_R_SUCCESS) {
5587  log_fatal("iterate_over_ia_na: no memory for "
5588  "key.");
5589  }
5590 
5591  existing_ia_na = NULL;
5592  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
5593  (unsigned char *)key.data,
5594  key.len, MDL)) {
5595  /*
5596  * Make sure this address is in the IA_NA.
5597  */
5598  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
5599  struct iasubopt *tmp;
5600  struct in6_addr *in6_addr;
5601 
5602  tmp = existing_ia_na->iasubopt[i];
5603  in6_addr = &tmp->addr;
5604  if (memcmp(in6_addr,
5605  iaaddr.data, 16) == 0) {
5606  iasubopt_reference(&lease,
5607  tmp, MDL);
5608  break;
5609  }
5610  }
5611  }
5612 
5613  data_string_forget(&key, MDL);
5614  }
5615 
5616  if ((host != NULL) || (lease != NULL)) {
5617  ia_na_match(client_id, &iaaddr, lease);
5618  } else {
5619  ia_na_nomatch(client_id, &iaaddr,
5620  (u_int32_t *)cli_enc_opt_data.data,
5621  packet, reply_data, &reply_ofs,
5622  sizeof(reply_data));
5623  }
5624 
5625  if (lease != NULL) {
5626  iasubopt_dereference(&lease, MDL);
5627  }
5628 
5629  data_string_forget(&iaaddr, MDL);
5630  option_state_dereference(&cli_enc_opt_state, MDL);
5631  data_string_forget(&cli_enc_opt_data, MDL);
5632  }
5633 
5634  /*
5635  * Return our reply to the caller.
5636  */
5637 return_reply:
5638  reply_ret->len = reply_ofs;
5639  reply_ret->buffer = NULL;
5640  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5641  log_fatal("No memory to store reply.");
5642  }
5643  reply_ret->data = reply_ret->buffer->data;
5644  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5645 
5646 exit:
5647  if (lease != NULL) {
5648  iasubopt_dereference(&lease, MDL);
5649  }
5650  if (host_opt_state != NULL) {
5651  option_state_dereference(&host_opt_state, MDL);
5652  }
5653  if (fixed_addr.buffer != NULL) {
5654  data_string_forget(&fixed_addr, MDL);
5655  }
5656  if (iaaddr.buffer != NULL) {
5657  data_string_forget(&iaaddr, MDL);
5658  }
5659  if (cli_enc_opt_state != NULL) {
5660  option_state_dereference(&cli_enc_opt_state, MDL);
5661  }
5662  if (cli_enc_opt_data.buffer != NULL) {
5663  data_string_forget(&cli_enc_opt_data, MDL);
5664  }
5665  if (opt_state != NULL) {
5666  option_state_dereference(&opt_state, MDL);
5667  }
5668 }
5669 
5670 /*
5671  * Decline means a client has detected that something else is using an
5672  * address we gave it.
5673  *
5674  * Since we're only dealing with fixed leases for now, there's not
5675  * much we can do, other that log the occurrence.
5676  *
5677  * When we start issuing addresses from pools, then we will have to
5678  * record our declined addresses and issue another. In general with
5679  * IPv6 there is no worry about DoS by clients exhausting space, but
5680  * we still need to be aware of this possibility.
5681  */
5682 
5683 /* TODO: IA_TA */
5684 static void
5685 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
5686  struct data_string client_id;
5687  struct data_string server_id;
5688 
5690 
5691  /*
5692  * Validate our input.
5693  */
5694  if (!valid_client_resp(packet, &client_id, &server_id)) {
5695  return;
5696  }
5697 
5698  /*
5699  * Undefined for IA_PD.
5700  */
5702 
5703  /*
5704  * And operate on each IA_NA in this packet.
5705  */
5706  iterate_over_ia_na(reply, packet, &client_id, &server_id, "Decline",
5707  ia_na_match_decline, ia_na_nomatch_decline);
5708 
5709  data_string_forget(&server_id, MDL);
5710  data_string_forget(&client_id, MDL);
5711 
5713 }
5714 
5715 static void
5716 ia_na_match_release(const struct data_string *client_id,
5717  const struct data_string *iaaddr,
5718  struct iasubopt *lease)
5719 {
5720  char tmp_addr[INET6_ADDRSTRLEN];
5721 
5722  log_info("Client %s releases address %s",
5723  print_hex_1(client_id->len, client_id->data, 60),
5724  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5725  if (lease != NULL) {
5726  release_lease6(lease->ipv6_pool, lease);
5727  lease->ia->cltt = cur_time;
5728  write_ia(lease->ia);
5729  }
5730 }
5731 
5732 static void
5733 ia_na_nomatch_release(const struct data_string *client_id,
5734  const struct data_string *iaaddr,
5735  u_int32_t *ia_na_id,
5736  struct packet *packet,
5737  char *reply_data,
5738  int *reply_ofs,
5739  int reply_len)
5740 {
5741  char tmp_addr[INET6_ADDRSTRLEN];
5742  struct option_state *host_opt_state;
5743  int len;
5744 
5745  log_info("Client %s releases address %s, which is not leased to it.",
5746  print_hex_1(client_id->len, client_id->data, 60),
5747  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5748 
5749  /*
5750  * Create state for this IA_NA.
5751  */
5752  host_opt_state = NULL;
5753  if (!option_state_allocate(&host_opt_state, MDL)) {
5754  log_error("ia_na_nomatch_release: out of memory "
5755  "allocating option_state.");
5756  goto exit;
5757  }
5758 
5759  if (!set_status_code(STATUS_NoBinding,
5760  "Release for non-leased address.",
5761  host_opt_state)) {
5762  goto exit;
5763  }
5764 
5765  /*
5766  * Insure we have enough space
5767  */
5768  if (reply_len < (*reply_ofs + 16)) {
5769  log_error("ia_na_nomatch_release: "
5770  "out of space for reply packet.");
5771  goto exit;
5772  }
5773 
5774  /*
5775  * Put our status code into the reply packet.
5776  */
5777  len = store_options6(reply_data+(*reply_ofs)+16,
5778  reply_len-(*reply_ofs)-16,
5779  host_opt_state, packet,
5780  required_opts_STATUS_CODE, NULL);
5781 
5782  /*
5783  * Store the non-encapsulated option data for this
5784  * IA_NA into our reply packet. Defined in RFC 3315,
5785  * section 22.4.
5786  */
5787  /* option number */
5788  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5789  /* option length */
5790  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5791  /* IA_NA, copied from the client */
5792  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5793  /* t1 and t2, odd that we need them, but here it is */
5794  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5795  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5796 
5797  /*
5798  * Get ready for next IA_NA.
5799  */
5800  *reply_ofs += (len + 16);
5801 
5802 exit:
5803  option_state_dereference(&host_opt_state, MDL);
5804 }
5805 
5806 static void
5807 ia_pd_match_release(const struct data_string *client_id,
5808  const struct data_string *iapref,
5809  struct iasubopt *prefix)
5810 {
5811  char tmp_addr[INET6_ADDRSTRLEN];
5812 
5813  log_info("Client %s releases prefix %s/%u",
5814  print_hex_1(client_id->len, client_id->data, 60),
5815  inet_ntop(AF_INET6, iapref->data + 9,
5816  tmp_addr, sizeof(tmp_addr)),
5817  (unsigned) getUChar(iapref->data + 8));
5818  if (prefix != NULL) {
5819  release_lease6(prefix->ipv6_pool, prefix);
5820  prefix->ia->cltt = cur_time;
5821  write_ia(prefix->ia);
5822  }
5823 }
5824 
5825 static void
5826 ia_pd_nomatch_release(const struct data_string *client_id,
5827  const struct data_string *iapref,
5828  u_int32_t *ia_pd_id,
5829  struct packet *packet,
5830  char *reply_data,
5831  int *reply_ofs,
5832  int reply_len)
5833 {
5834  char tmp_addr[INET6_ADDRSTRLEN];
5835  struct option_state *host_opt_state;
5836  int len;
5837 
5838  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
5839  print_hex_1(client_id->len, client_id->data, 60),
5840  inet_ntop(AF_INET6, iapref->data + 9,
5841  tmp_addr, sizeof(tmp_addr)),
5842  (unsigned) getUChar(iapref->data + 8));
5843 
5844  /*
5845  * Create state for this IA_PD.
5846  */
5847  host_opt_state = NULL;
5848  if (!option_state_allocate(&host_opt_state, MDL)) {
5849  log_error("ia_pd_nomatch_release: out of memory "
5850  "allocating option_state.");
5851  goto exit;
5852  }
5853 
5854  if (!set_status_code(STATUS_NoBinding,
5855  "Release for non-leased prefix.",
5856  host_opt_state)) {
5857  goto exit;
5858  }
5859 
5860  /*
5861  * Insure we have enough space
5862  */
5863  if (reply_len < (*reply_ofs + 16)) {
5864  log_error("ia_pd_nomatch_release: "
5865  "out of space for reply packet.");
5866  goto exit;
5867  }
5868 
5869  /*
5870  * Put our status code into the reply packet.
5871  */
5872  len = store_options6(reply_data+(*reply_ofs)+16,
5873  reply_len-(*reply_ofs)-16,
5874  host_opt_state, packet,
5875  required_opts_STATUS_CODE, NULL);
5876 
5877  /*
5878  * Store the non-encapsulated option data for this
5879  * IA_PD into our reply packet. Defined in RFC 3315,
5880  * section 22.4.
5881  */
5882  /* option number */
5883  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
5884  /* option length */
5885  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5886  /* IA_PD, copied from the client */
5887  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
5888  /* t1 and t2, odd that we need them, but here it is */
5889  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5890  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5891 
5892  /*
5893  * Get ready for next IA_PD.
5894  */
5895  *reply_ofs += (len + 16);
5896 
5897 exit:
5898  option_state_dereference(&host_opt_state, MDL);
5899 }
5900 
5901 static void
5902 iterate_over_ia_pd(struct data_string *reply_ret,
5903  struct packet *packet,
5904  const struct data_string *client_id,
5905  const struct data_string *server_id,
5906  const char *packet_type,
5907  void (*ia_pd_match)(),
5908  void (*ia_pd_nomatch)())
5909 {
5910  struct data_string reply_new;
5911  int reply_len;
5912  struct option_state *opt_state;
5913  struct host_decl *packet_host;
5914  struct option_cache *ia;
5915  struct option_cache *oc;
5916  /* cli_enc_... variables come from the IA_PD options */
5917  struct data_string cli_enc_opt_data;
5918  struct option_state *cli_enc_opt_state;
5919  struct host_decl *host;
5920  struct option_state *host_opt_state;
5921  struct data_string iaprefix;
5922  char reply_data[65536];
5923  int reply_ofs;
5924  struct iasubopt *prefix;
5925  struct ia_xx *existing_ia_pd;
5926  int i;
5927  struct data_string key;
5928  u_int32_t iaid;
5929 
5930  /*
5931  * Initialize to empty values, in case we have to exit early.
5932  */
5933  memset(&reply_new, 0, sizeof(reply_new));
5934  opt_state = NULL;
5935  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5936  cli_enc_opt_state = NULL;
5937  memset(&iaprefix, 0, sizeof(iaprefix));
5938  host_opt_state = NULL;
5939  prefix = NULL;
5940 
5941  /*
5942  * Compute the available length for the reply.
5943  */
5944  reply_len = sizeof(reply_data) - reply_ret->len;
5945  reply_ofs = 0;
5946 
5947  /*
5948  * Find the host record that matches from the packet, if any.
5949  */
5950  packet_host = NULL;
5951  if (!find_hosts_by_uid(&packet_host,
5952  client_id->data, client_id->len, MDL)) {
5953  packet_host = NULL;
5954  /*
5955  * Note: In general, we don't expect a client to provide
5956  * enough information to match by option for these
5957  * types of messages, but if we don't have a UID
5958  * match we can check anyway.
5959  */
5960  if (!find_hosts_by_option(&packet_host,
5961  packet, packet->options, MDL)) {
5962  packet_host = NULL;
5963 
5964  if (!find_hosts_by_duid_chaddr(&packet_host,
5965  client_id))
5966  packet_host = NULL;
5967  }
5968  }
5969 
5970  /*
5971  * Build our option state for reply.
5972  */
5973  opt_state = NULL;
5974  if (!option_state_allocate(&opt_state, MDL)) {
5975  log_error("iterate_over_ia_pd: no memory for option_state.");
5976  goto exit;
5977  }
5978  execute_statements_in_scope(NULL, packet, NULL, NULL,
5979  packet->options, opt_state,
5980  &global_scope, root_group, NULL, NULL);
5981 
5982  /*
5983  * Loop through the IA_PD reported by the client, and deal with
5984  * prefixes reported as already in use.
5985  */
5986  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
5987  ia != NULL; ia = ia->next) {
5988 
5989  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5990  &cli_enc_opt_data,
5991  packet, ia, IA_PD_OFFSET)) {
5992  goto exit;
5993  }
5994 
5995  iaid = getULong(cli_enc_opt_data.data);
5996 
5997  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5998  D6O_IAPREFIX);
5999  if (oc == NULL) {
6000  /* no prefix given for this IA_PD, ignore */
6001  option_state_dereference(&cli_enc_opt_state, MDL);
6002  data_string_forget(&cli_enc_opt_data, MDL);
6003  continue;
6004  }
6005 
6006  for (; oc != NULL; oc = oc->next) {
6007  memset(&iaprefix, 0, sizeof(iaprefix));
6008  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6009  packet->options, NULL,
6010  &global_scope, oc, MDL)) {
6011  log_error("iterate_over_ia_pd: "
6012  "error evaluating IAPREFIX.");
6013  goto exit;
6014  }
6015 
6016  /*
6017  * Now we need to figure out which host record matches
6018  * this IA_PD and IAPREFIX (encapsulated option contents
6019  * matching a host record by option).
6020  *
6021  * XXX: We don't currently track IA_PD separately, but
6022  * we will need to do this!
6023  */
6024  host = NULL;
6025  if (!find_hosts_by_option(&host, packet,
6026  cli_enc_opt_state, MDL)) {
6027  if (packet_host != NULL) {
6028  host = packet_host;
6029  } else {
6030  host = NULL;
6031  }
6032  }
6033  while (host != NULL) {
6034  if (host->fixed_prefix != NULL) {
6035  struct iaddrcidrnetlist *l;
6036  int plen = (int) getUChar(iaprefix.data + 8);
6037 
6038  for (l = host->fixed_prefix; l != NULL;
6039  l = l->next) {
6040  if (plen != l->cidrnet.bits)
6041  continue;
6042  if (memcmp(iaprefix.data + 9,
6043  l->cidrnet.lo_addr.iabuf,
6044  16) == 0)
6045  break;
6046  }
6047  if ((l != NULL) && (iaprefix.len >= 17))
6048  break;
6049  }
6050  host = host->n_ipaddr;
6051  }
6052 
6053  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6054  /*
6055  * Find existing IA_PD.
6056  */
6057  if (ia_make_key(&key, iaid,
6058  (char *)client_id->data,
6059  client_id->len,
6060  MDL) != ISC_R_SUCCESS) {
6061  log_fatal("iterate_over_ia_pd: no memory for "
6062  "key.");
6063  }
6064 
6065  existing_ia_pd = NULL;
6066  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6067  (unsigned char *)key.data,
6068  key.len, MDL)) {
6069  /*
6070  * Make sure this prefix is in the IA_PD.
6071  */
6072  for (i = 0;
6073  i < existing_ia_pd->num_iasubopt;
6074  i++) {
6075  struct iasubopt *tmp;
6076  u_int8_t plen;
6077 
6078  plen = getUChar(iaprefix.data + 8);
6079  tmp = existing_ia_pd->iasubopt[i];
6080  if ((tmp->plen == plen) &&
6081  (memcmp(&tmp->addr,
6082  iaprefix.data + 9,
6083  16) == 0)) {
6084  iasubopt_reference(&prefix,
6085  tmp, MDL);
6086  break;
6087  }
6088  }
6089  }
6090 
6091  data_string_forget(&key, MDL);
6092  }
6093 
6094  if ((host != NULL) || (prefix != NULL)) {
6095  ia_pd_match(client_id, &iaprefix, prefix);
6096  } else {
6097  ia_pd_nomatch(client_id, &iaprefix,
6098  (u_int32_t *)cli_enc_opt_data.data,
6099  packet, reply_data, &reply_ofs,
6100  reply_len - reply_ofs);
6101  }
6102 
6103  if (prefix != NULL) {
6104  iasubopt_dereference(&prefix, MDL);
6105  }
6106 
6107  data_string_forget(&iaprefix, MDL);
6108  }
6109 
6110  option_state_dereference(&cli_enc_opt_state, MDL);
6111  data_string_forget(&cli_enc_opt_data, MDL);
6112  }
6113 
6114  /*
6115  * Return our reply to the caller.
6116  * The IA_NA routine has already filled at least the header.
6117  */
6118  reply_new.len = reply_ret->len + reply_ofs;
6119  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6120  log_fatal("No memory to store reply.");
6121  }
6122  reply_new.data = reply_new.buffer->data;
6123  memcpy(reply_new.buffer->data,
6124  reply_ret->buffer->data, reply_ret->len);
6125  memcpy(reply_new.buffer->data + reply_ret->len,
6126  reply_data, reply_ofs);
6127  data_string_forget(reply_ret, MDL);
6128  data_string_copy(reply_ret, &reply_new, MDL);
6129  data_string_forget(&reply_new, MDL);
6130 
6131 exit:
6132  if (prefix != NULL) {
6133  iasubopt_dereference(&prefix, MDL);
6134  }
6135  if (host_opt_state != NULL) {
6136  option_state_dereference(&host_opt_state, MDL);
6137  }
6138  if (iaprefix.buffer != NULL) {
6139  data_string_forget(&iaprefix, MDL);
6140  }
6141  if (cli_enc_opt_state != NULL) {
6142  option_state_dereference(&cli_enc_opt_state, MDL);
6143  }
6144  if (cli_enc_opt_data.buffer != NULL) {
6145  data_string_forget(&cli_enc_opt_data, MDL);
6146  }
6147  if (opt_state != NULL) {
6148  option_state_dereference(&opt_state, MDL);
6149  }
6150 }
6151 
6152 /*
6153  * Release means a client is done with the leases.
6154  */
6155 
6156 static void
6157 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6158  struct data_string client_id;
6159  struct data_string server_id;
6160 
6162 
6163  /*
6164  * Validate our input.
6165  */
6166  if (!valid_client_resp(packet, &client_id, &server_id)) {
6167  return;
6168  }
6169 
6170  /*
6171  * And operate on each IA_NA in this packet.
6172  */
6173  iterate_over_ia_na(reply, packet, &client_id, &server_id, "Release",
6174  ia_na_match_release, ia_na_nomatch_release);
6175 
6176  /*
6177  * And operate on each IA_PD in this packet.
6178  */
6179  iterate_over_ia_pd(reply, packet, &client_id, &server_id, "Release",
6180  ia_pd_match_release, ia_pd_nomatch_release);
6181 
6182  data_string_forget(&server_id, MDL);
6183  data_string_forget(&client_id, MDL);
6184 
6186 }
6187 
6188 /*
6189  * Information-Request is used by clients who have obtained an address
6190  * from other means, but want configuration information from the server.
6191  */
6192 
6193 static void
6194 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6195  struct data_string client_id;
6196  struct data_string server_id;
6197 
6199 
6200  /*
6201  * Validate our input.
6202  */
6203  if (!valid_client_info_req(packet, &server_id)) {
6204  return;
6205  }
6206 
6207  /*
6208  * Get our client ID, if there is one.
6209  */
6210  memset(&client_id, 0, sizeof(client_id));
6211  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6212  data_string_forget(&client_id, MDL);
6213  }
6214 
6215  /*
6216  * Use the lease_to_client() function. This will work fine,
6217  * because the valid_client_info_req() insures that we
6218  * don't have any IA that would cause us to allocate
6219  * resources to the client.
6220  */
6221  lease_to_client(reply, packet, &client_id,
6222  server_id.data != NULL ? &server_id : NULL);
6223 
6224  /*
6225  * Cleanup.
6226  */
6227  if (client_id.data != NULL) {
6228  data_string_forget(&client_id, MDL);
6229  }
6230  data_string_forget(&server_id, MDL);
6231 
6233 }
6234 
6235 /*
6236  * The Relay-forw message is sent by relays. It typically contains a
6237  * single option, which encapsulates an entire packet.
6238  *
6239  * We need to build an encapsulated reply.
6240  */
6241 
6242 /* XXX: this is very, very similar to do_packet6(), and should probably
6243  be combined in a clever way */
6244 static void
6245 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6246  struct option_cache *oc;
6247  struct data_string enc_opt_data;
6248  struct packet *enc_packet;
6249  unsigned char msg_type;
6250  const struct dhcpv6_packet *msg;
6251  const struct dhcpv6_relay_packet *relay;
6252  struct data_string enc_reply;
6253  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6254  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6255  struct data_string a_opt, packet_ero;
6256  struct option_state *opt_state;
6257  static char reply_data[65536];
6258  struct dhcpv6_relay_packet *reply;
6259  int reply_ofs;
6260 
6262 
6263  /*
6264  * Initialize variables for early exit.
6265  */
6266  opt_state = NULL;
6267  memset(&a_opt, 0, sizeof(a_opt));
6268  memset(&packet_ero, 0, sizeof(packet_ero));
6269  memset(&enc_reply, 0, sizeof(enc_reply));
6270  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6271  enc_packet = NULL;
6272 
6273  /*
6274  * Get our encapsulated relay message.
6275  */
6277  if (oc == NULL) {
6278  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6279  link_addr, sizeof(link_addr));
6280  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6281  peer_addr, sizeof(peer_addr));
6282  log_info("Relay-forward from %s with link address=%s and "
6283  "peer address=%s missing Relay Message option.",
6284  piaddr(packet->client_addr), link_addr, peer_addr);
6285  goto exit;
6286  }
6287 
6288  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6289  NULL, NULL, &global_scope, oc, MDL)) {
6290  log_error("dhcpv6_forw_relay: error evaluating "
6291  "relayed message.");
6292  goto exit;
6293  }
6294 
6295  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6296  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6297  goto exit;
6298  }
6299 
6300  /*
6301  * Build a packet structure from this encapsulated packet.
6302  */
6303  enc_packet = NULL;
6304  if (!packet_allocate(&enc_packet, MDL)) {
6305  log_error("dhcpv6_forw_relay: "
6306  "no memory for encapsulated packet.");
6307  goto exit;
6308  }
6309 
6310  if (!option_state_allocate(&enc_packet->options, MDL)) {
6311  log_error("dhcpv6_forw_relay: "
6312  "no memory for encapsulated packet's options.");
6313  goto exit;
6314  }
6315 
6316  enc_packet->client_port = packet->client_port;
6317  enc_packet->client_addr = packet->client_addr;
6318  interface_reference(&enc_packet->interface, packet->interface, MDL);
6319  enc_packet->dhcpv6_container_packet = packet;
6320 
6321  msg_type = enc_opt_data.data[0];
6322  if ((msg_type == DHCPV6_RELAY_FORW) ||
6323  (msg_type == DHCPV6_RELAY_REPL)) {
6324  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6325  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6326  enc_packet->dhcpv6_msg_type = relay->msg_type;
6327 
6328  /* relay-specific data */
6329  enc_packet->dhcpv6_hop_count = relay->hop_count;
6330  memcpy(&enc_packet->dhcpv6_link_address,
6331  relay->link_address, sizeof(relay->link_address));
6332  memcpy(&enc_packet->dhcpv6_peer_address,
6333  relay->peer_address, sizeof(relay->peer_address));
6334 
6335  if (!parse_option_buffer(enc_packet->options,
6336  relay->options,
6337  enc_opt_data.len - relaylen,
6338  &dhcpv6_universe)) {
6339  /* no logging here, as parse_option_buffer() logs all
6340  cases where it fails */
6341  goto exit;
6342  }
6343  } else {
6344  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6345  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6346  enc_packet->dhcpv6_msg_type = msg->msg_type;
6347 
6348  /* message-specific data */
6349  memcpy(enc_packet->dhcpv6_transaction_id,
6350  msg->transaction_id,
6351  sizeof(enc_packet->dhcpv6_transaction_id));
6352 
6353  if (!parse_option_buffer(enc_packet->options,
6354  msg->options,
6355  enc_opt_data.len - msglen,
6356  &dhcpv6_universe)) {
6357  /* no logging here, as parse_option_buffer() logs all
6358  cases where it fails */
6359  goto exit;
6360  }
6361  }
6362 
6363  /*
6364  * This is recursive. It is possible to exceed maximum packet size.
6365  * XXX: This will cause the packet send to fail.
6366  */
6367  build_dhcpv6_reply(&enc_reply, enc_packet);
6368 
6369  /*
6370  * If we got no encapsulated data, then it is discarded, and
6371  * our reply-forw is also discarded.
6372  */
6373  if (enc_reply.data == NULL) {
6374  goto exit;
6375  }
6376 
6377  /*
6378  * Now we can use the reply_data buffer.
6379  * Packet header stuff all comes from the forward message.
6380  */
6381  reply = (struct dhcpv6_relay_packet *)reply_data;
6382  reply->msg_type = DHCPV6_RELAY_REPL;
6383  reply->hop_count = packet->dhcpv6_hop_count;
6384  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6385  sizeof(reply->link_address));
6386  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6387  sizeof(reply->peer_address));
6388  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6389 
6390  /*
6391  * Get the reply option state.
6392  */
6393  opt_state = NULL;
6394  if (!option_state_allocate(&opt_state, MDL)) {
6395  log_error("dhcpv6_relay_forw: no memory for option state.");
6396  goto exit;
6397  }
6398 
6399  /*
6400  * Append the interface-id if present.
6401  */
6402  oc = lookup_option(&dhcpv6_universe, packet->options,
6404  if (oc != NULL) {
6405  if (!evaluate_option_cache(&a_opt, packet,
6406  NULL, NULL,
6407  packet->options, NULL,
6408  &global_scope, oc, MDL)) {
6409  log_error("dhcpv6_relay_forw: error evaluating "
6410  "Interface ID.");
6411  goto exit;
6412  }
6413  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6414  (unsigned char *)a_opt.data,
6415  a_opt.len,
6416  D6O_INTERFACE_ID, 0)) {
6417  log_error("dhcpv6_relay_forw: error saving "
6418  "Interface ID.");
6419  goto exit;
6420  }
6421  data_string_forget(&a_opt, MDL);
6422  }
6423 
6424  /*
6425  * Append our encapsulated stuff for caller.
6426  */
6427  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6428  (unsigned char *)enc_reply.data,
6429  enc_reply.len,
6430  D6O_RELAY_MSG, 0)) {
6431  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6432  goto exit;
6433  }
6434 
6435  /*
6436  * Get the ERO if any.
6437  */
6438  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6439  if (oc != NULL) {
6440  unsigned req;
6441  int i;
6442 
6443  if (!evaluate_option_cache(&packet_ero, packet,
6444  NULL, NULL,
6445  packet->options, NULL,
6446  &global_scope, oc, MDL) ||
6447  (packet_ero.len & 1)) {
6448  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6449  goto exit;
6450  }
6451 
6452  /* Decode and apply the ERO. */
6453  for (i = 0; i < packet_ero.len; i += 2) {
6454  req = getUShort(packet_ero.data + i);
6455  /* Already in the reply? */
6456  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6457  if (oc != NULL)
6458  continue;
6459  /* Get it from the packet if present. */
6461  packet->options,
6462  req);
6463  if (oc == NULL)
6464  continue;
6465  if (!evaluate_option_cache(&a_opt, packet,
6466  NULL, NULL,
6467  packet->options, NULL,
6468  &global_scope, oc, MDL)) {
6469  log_error("dhcpv6_relay_forw: error "
6470  "evaluating option %u.", req);
6471  goto exit;
6472  }
6474  opt_state,
6475  NULL,
6476  (unsigned char *)a_opt.data,
6477  a_opt.len,
6478  req,
6479  0)) {
6480  log_error("dhcpv6_relay_forw: error saving "
6481  "option %u.", req);
6482  goto exit;
6483  }
6484  data_string_forget(&a_opt, MDL);
6485  }
6486  }
6487 
6488  reply_ofs += store_options6(reply_data + reply_ofs,
6489  sizeof(reply_data) - reply_ofs,
6490  opt_state, packet,
6491  required_opts_agent, &packet_ero);
6492 
6493  /*
6494  * Return our reply to the caller.
6495  */
6496  reply_ret->len = reply_ofs;
6497  reply_ret->buffer = NULL;
6498  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6499  log_fatal("No memory to store reply.");
6500  }
6501  reply_ret->data = reply_ret->buffer->data;
6502  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6503 
6504 exit:
6505  if (opt_state != NULL)
6506  option_state_dereference(&opt_state, MDL);
6507  if (a_opt.data != NULL) {
6508  data_string_forget(&a_opt, MDL);
6509  }
6510  if (packet_ero.data != NULL) {
6511  data_string_forget(&packet_ero, MDL);
6512  }
6513  if (enc_reply.data != NULL) {
6514  data_string_forget(&enc_reply, MDL);
6515  }
6516  if (enc_opt_data.data != NULL) {
6517  data_string_forget(&enc_opt_data, MDL);
6518  }
6519  if (enc_packet != NULL) {
6520  packet_dereference(&enc_packet, MDL);
6521  }
6522 
6524 }
6525 
6526 static void
6527 dhcpv6_discard(struct packet *packet) {
6528  /* INSIST(packet->msg_type > 0); */
6529  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
6530 
6531  log_debug("Discarding %s from %s; message type not handled by server",
6533  piaddr(packet->client_addr));
6534 }
6535 
6536 static void
6537 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
6538  memset(reply, 0, sizeof(*reply));
6539 
6540  /* I would like to classify the client once here, but
6541  * as I don't want to classify all of the incoming packets
6542  * I need to do it before handling specific types.
6543  * We don't need to classify if we are tossing the packet
6544  * or if it is a relay - the classification step will get
6545  * done when we process the inner client packet.
6546  */
6547 
6548  switch (packet->dhcpv6_msg_type) {
6549  case DHCPV6_SOLICIT:
6550  classify_client(packet);
6551  dhcpv6_solicit(reply, packet);
6552  break;
6553  case DHCPV6_ADVERTISE:
6554  dhcpv6_discard(packet);
6555  break;
6556  case DHCPV6_REQUEST:
6557  classify_client(packet);
6558  dhcpv6_request(reply, packet);
6559  break;
6560  case DHCPV6_CONFIRM:
6561  classify_client(packet);
6562  dhcpv6_confirm(reply, packet);
6563  break;
6564  case DHCPV6_RENEW:
6565  classify_client(packet);
6566  dhcpv6_renew(reply, packet);
6567  break;
6568  case DHCPV6_REBIND:
6569  classify_client(packet);
6570  dhcpv6_rebind(reply, packet);
6571  break;
6572  case DHCPV6_REPLY:
6573  dhcpv6_discard(packet);
6574  break;
6575  case DHCPV6_RELEASE:
6576  classify_client(packet);
6577  dhcpv6_release(reply, packet);
6578  break;
6579  case DHCPV6_DECLINE:
6580  classify_client(packet);
6581  dhcpv6_decline(reply, packet);
6582  break;
6583  case DHCPV6_RECONFIGURE:
6584  dhcpv6_discard(packet);
6585  break;
6587  classify_client(packet);
6588  dhcpv6_information_request(reply, packet);
6589  break;
6590  case DHCPV6_RELAY_FORW:
6591  dhcpv6_relay_forw(reply, packet);
6592  break;
6593  case DHCPV6_RELAY_REPL:
6594  dhcpv6_discard(packet);
6595  break;
6596  case DHCPV6_LEASEQUERY:
6597  classify_client(packet);
6598  dhcpv6_leasequery(reply, packet);
6599  break;
6601  dhcpv6_discard(packet);
6602  break;
6603  default:
6604  /* XXX: would be nice if we had "notice" level,
6605  as syslog, for this */
6606  log_info("Discarding unknown DHCPv6 message type %d "
6607  "from %s", packet->dhcpv6_msg_type,
6608  piaddr(packet->client_addr));
6609  }
6610 }
6611 
6612 static void
6613 log_packet_in(const struct packet *packet) {
6614  struct data_string s;
6615  u_int32_t tid;
6616  char tmp_addr[INET6_ADDRSTRLEN];
6617  const void *addr;
6618 
6619  memset(&s, 0, sizeof(s));
6620 
6621  if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
6622  data_string_sprintfa(&s, "%s message from %s port %d",
6624  piaddr(packet->client_addr),
6625  ntohs(packet->client_port));
6626  } else {
6628  "Unknown message type %d from %s port %d",
6629  packet->dhcpv6_msg_type,
6630  piaddr(packet->client_addr),
6631  ntohs(packet->client_port));
6632  }
6633  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6634  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6635  addr = &packet->dhcpv6_link_address;
6636  data_string_sprintfa(&s, ", link address %s",
6637  inet_ntop(AF_INET6, addr,
6638  tmp_addr, sizeof(tmp_addr)));
6639  addr = &packet->dhcpv6_peer_address;
6640  data_string_sprintfa(&s, ", peer address %s",
6641  inet_ntop(AF_INET6, addr,
6642  tmp_addr, sizeof(tmp_addr)));
6643  } else {
6644  tid = 0;
6645  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
6646  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
6647 
6648 /*
6649  oc = lookup_option(&dhcpv6_universe, packet->options,
6650  D6O_CLIENTID);
6651  if (oc != NULL) {
6652  memset(&tmp_ds, 0, sizeof(tmp_ds_));
6653  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
6654  packet->options, NULL,
6655  &global_scope, oc, MDL)) {
6656  log_error("Error evaluating Client Identifier");
6657  } else {
6658  data_strint_sprintf(&s, ", client ID %s",
6659 
6660  data_string_forget(&tmp_ds, MDL);
6661  }
6662  }
6663 */
6664 
6665  }
6666  log_info("%s", s.data);
6667 
6668  data_string_forget(&s, MDL);
6669 }
6670 
6671 void
6672 dhcpv6(struct packet *packet) {
6673  struct data_string reply;
6674  struct sockaddr_in6 to_addr;
6675  int send_ret;
6676 
6677  /*
6678  * Log a message that we received this packet.
6679  */
6680  log_packet_in(packet);
6681 
6682  /*
6683  * Build our reply packet.
6684  */
6685  build_dhcpv6_reply(&reply, packet);
6686 
6687  if (reply.data != NULL) {
6688  /*
6689  * Send our reply, if we have one.
6690  */
6691  memset(&to_addr, 0, sizeof(to_addr));
6692  to_addr.sin6_family = AF_INET6;
6693  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6694  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6695  to_addr.sin6_port = local_port;
6696  } else {
6697  to_addr.sin6_port = remote_port;
6698  }
6699 
6700 #if defined (REPLY_TO_SOURCE_PORT)
6701  /*
6702  * This appears to have been included for testing so we would
6703  * not need a root client, but was accidently left in the
6704  * final code. We continue to include it in case
6705  * some users have come to rely upon it, but leave
6706  * it off by default as it's a bad idea.
6707  */
6708  to_addr.sin6_port = packet->client_port;
6709 #endif
6710 
6711  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
6712  sizeof(to_addr.sin6_addr));
6713 
6714  log_info("Sending %s to %s port %d",
6715  dhcpv6_type_names[reply.data[0]],
6716  piaddr(packet->client_addr),
6717  ntohs(to_addr.sin6_port));
6718 
6719  send_ret = send_packet6(packet->interface,
6720  reply.data, reply.len, &to_addr);
6721  if (send_ret != reply.len) {
6722  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
6723  send_ret, reply.len);
6724  }
6725  data_string_forget(&reply, MDL);
6726  }
6727 }
6728 
6729 static void
6730 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
6731  struct host_decl *nofixed = NULL;
6732  struct host_decl *seek, *hold = NULL;
6733 
6734  /*
6735  * Seek forward through fixed addresses for the right link.
6736  *
6737  * Note: how to do this for fixed prefixes???
6738  */
6739  host_reference(&hold, *hp, MDL);
6740  host_dereference(hp, MDL);
6741  seek = hold;
6742  while (seek != NULL) {
6743  if (seek->fixed_addr == NULL)
6744  nofixed = seek;
6745  else if (fixed_matches_shared(seek, shared))
6746  break;
6747 
6748  seek = seek->n_ipaddr;
6749  }
6750 
6751  if ((seek == NULL) && (nofixed != NULL))
6752  seek = nofixed;
6753 
6754  if (seek != NULL)
6755  host_reference(hp, seek, MDL);
6756 }
6757 
6758 static isc_boolean_t
6759 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
6760  struct subnet *subnet;
6761  struct data_string addr;
6762  isc_boolean_t matched;
6763  struct iaddr fixed;
6764 
6765  if (host->fixed_addr == NULL)
6766  return ISC_FALSE;
6767 
6768  memset(&addr, 0, sizeof(addr));
6769  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
6770  &global_scope, host->fixed_addr, MDL))
6771  return ISC_FALSE;
6772 
6773  if (addr.len < 16) {
6774  data_string_forget(&addr, MDL);
6775  return ISC_FALSE;
6776  }
6777 
6778  fixed.len = 16;
6779  memcpy(fixed.iabuf, addr.data, 16);
6780 
6781  matched = ISC_FALSE;
6782  for (subnet = shared->subnets ; subnet != NULL ;
6783  subnet = subnet->next_sibling) {
6784  if (addr_eq(subnet_number(fixed, subnet->netmask),
6785  subnet->net)) {
6786  matched = ISC_TRUE;
6787  break;
6788  }
6789  }
6790 
6791  data_string_forget(&addr, MDL);
6792  return matched;
6793 }
6794 
6795 /*
6796  * find_host_by_duid_chaddr() synthesizes a DHCPv4-like 'hardware'
6797  * parameter from a DHCPv6 supplied DUID (client-identifier option),
6798  * and may seek to use client or relay supplied hardware addresses.
6799  */
6800 static int
6801 find_hosts_by_duid_chaddr(struct host_decl **host,
6802  const struct data_string *client_id) {
6803  static int once_htype;
6804  int htype, hlen;
6805  const unsigned char *chaddr;
6806 
6807  /*
6808  * The DUID-LL and DUID-LLT must have a 2-byte DUID type and 2-byte
6809  * htype.
6810  */
6811  if (client_id->len < 4)
6812  return 0;
6813 
6814  /*
6815  * The third and fourth octets of the DUID-LL and DUID-LLT
6816  * is the hardware type, but in 16 bits.
6817  */
6818  htype = getUShort(client_id->data + 2);
6819  hlen = 0;
6820  chaddr = NULL;
6821 
6822  /* The first two octets of the DUID identify the type. */
6823  switch(getUShort(client_id->data)) {
6824  case DUID_LLT:
6825  if (client_id->len > 8) {
6826  hlen = client_id->len - 8;
6827  chaddr = client_id->data + 8;
6828  }
6829  break;
6830 
6831  case DUID_LL:
6832  /*
6833  * Note that client_id->len must be greater than or equal
6834  * to four to get to this point in the function.
6835  */
6836  hlen = client_id->len - 4;
6837  chaddr = client_id->data + 4;
6838  break;
6839 
6840  default:
6841  break;
6842  }
6843 
6844  if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN))
6845  return 0;
6846 
6847  /*
6848  * XXX: DHCPv6 gives a 16-bit field for the htype. DHCPv4 gives an
6849  * 8-bit field. To change the semantics of the generic 'hardware'
6850  * structure, we would have to adjust many DHCPv4 sources (from
6851  * interface to DHCPv4 lease code), and we would have to update the
6852  * 'hardware' config directive (probably being reverse compatible and
6853  * providing a new upgrade/replacement primitive). This is a little
6854  * too much to change for now. Hopefully we will revisit this before
6855  * hardware types exceeding 8 bits are assigned.
6856  */
6857  if ((htype & 0xFF00) && !once_htype) {
6858  once_htype = 1;
6859  log_error("Attention: At least one client advertises a "
6860  "hardware type of %d, which exceeds the software "
6861  "limitation of 255.", htype);
6862  }
6863 
6864  return find_hosts_by_haddr(host, htype, chaddr, hlen, MDL);
6865 }
6866 
6867 #endif /* DHCPv6 */
6868 
#define FTS_ABANDONED
Definition: dhcpd.h:488
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define DHCPD_SIX_RELAY_FORW_DONE()
Definition: probes.h:416
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1425
struct ipv6_pond * next
Definition: dhcpd.h:1606
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:900
unsigned char peer_address[16]
Definition: dhcp6.h:194
#define DHCPD_SIX_INFORMATION_REQUEST_START()
Definition: probes.h:383
const char int line
Definition: dhcpd.h:3557
#define D6O_IAADDR
Definition: dhcp6.h:35
struct binding_scope * global_scope
Definition: tree.c:39
#define STATUS_NoBinding
Definition: dhcp6.h:86
#define DHCPV6_RELEASE
Definition: dhcp6.h:105
int low_threshold
Definition: dhcpd.h:1621
struct subnet * subnets
Definition: dhcpd.h:942
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1228
#define DHCPD_SIX_SOLICIT_DONE()
Definition: probes.h:240
Definition: dhcpd.h:507
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:310
unsigned len
Definition: tree.h:80
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:615
struct shared_network * shared_network
Definition: dhcpd.h:1248
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:581
u_int8_t hlen
Definition: dhcpd.h:440
Definition: dhcpd.h:1541
#define D6O_STATUS_CODE
Definition: dhcp6.h:43
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:378
isc_boolean_t server_duid_isset(void)
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:195
int units
Definition: dhcpd.h:1580
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:402
#define DHCPD_SIX_RELAY_FORW_START()
Definition: probes.h:405
unsigned char msg_type
Definition: dhcp6.h:179
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:57
Definition: dhcpd.h:952
struct universe server_universe
Definition: stables.c:175
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
#define HTYPE_RESERVED
Definition: dhcp.h:84
#define MDL
Definition: omapip.h:568
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1354
#define D6O_PREFERENCE
Definition: dhcp6.h:37
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:638
unsigned char iabuf[16]
Definition: inet.h:33
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2424
#define IA_PD_OFFSET
Definition: dhcp6.h:126
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:85
#define DHCPD_SIX_RELEASE_DONE()
Definition: probes.h:372
const char * dhcpv6_type_names[]
Definition: tables.c:618
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:104
#define DHCPV6_REQUEST
Definition: dhcp6.h:100
int last_ipv6_pool
Definition: dhcpd.h:1616
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:107
#define IAADDR_OFFSET
Definition: dhcp6.h:129
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:699
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:44
struct universe dhcp_universe
#define D6O_SERVERID
Definition: dhcp6.h:32
#define STATUS_NotOnLink
Definition: dhcp6.h:87
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1276
struct option_cache * next
Definition: dhcpd.h:351
#define FIND_PERCENT(count, percent)
Definition: dhcpd.h:3648
struct shared_network * shared_network
Definition: dhcpd.h:1608
#define DHCPD_SIX_RENEW_DONE()
Definition: probes.h:306
#define D6O_INTERFACE_ID
Definition: dhcp6.h:48
#define DHCPD_SIX_DECLINE_DONE()
Definition: probes.h:350
struct option_cache * fixed_addr
Definition: dhcpd.h:875
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:191
#define DUID_LL
Definition: dhcp6.h:121
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2706
u_int32_t valid
Definition: dhcpd.h:1517
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1547
#define FTS_EXPIRED
Definition: dhcpd.h:486
struct on_star on_star
Definition: dhcpd.h:1538
int known
Definition: dhcpd.h:415
struct binding_scope * scope
Definition: dhcpd.h:1513
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1590
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:151
#define STATUS_Success
Definition: dhcp6.h:83
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:124
int find_hosts_by_haddr(struct host_decl **, int, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:610
#define DHCPD_SIX_RENEW_START()
Definition: probes.h:295
int logged
Definition: dhcpd.h:1620
#define DHCPD_SIX_SOLICIT_START()
Definition: probes.h:229
#define D6O_CLIENTID
Definition: dhcp6.h:31
struct permit * prohibit_list
Definition: dhcpd.h:1611
Definition: dhcpd.h:500
#define DHCPD_SIX_REBIND_DONE()
Definition: probes.h:328
struct option_state * options
Definition: dhcpd.h:407
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:381
unsigned char link_address[16]
Definition: dhcp6.h:193
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:375
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1326
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:110
int client_port
Definition: dhcpd.h:389
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:111
#define D6O_IA_TA
Definition: dhcp6.h:34
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:123
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:734
#define DHCPD_SIX_DECLINE_START()
Definition: probes.h:339
#define D6O_UNICAST
Definition: dhcp6.h:42
#define DHCPD_SIX_REQUEST_DONE()
Definition: probes.h:262
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1567
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:36
#define SV_DDNS_UPDATES
Definition: dhcpd.h:676
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1278
#define D6O_IAPREFIX
Definition: dhcp6.h:56
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:555
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:184
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1587
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:1951
#define DUID_TIME_EPOCH
Definition: dhcp6.h:209
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:847
time_t hard_lifetime_end_time
Definition: dhcpd.h:1514
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2643
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:89
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1054
Definition: dhcpd.h:906
#define DHCPV6_RENEW
Definition: dhcp6.h:102
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1519
struct iaddr net
Definition: dhcpd.h:959
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:680
struct interface_info * interface
Definition: dhcpd.h:391
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:103
u_int16_t local_port
Definition: dhclient.c:88
Definition: dhcpd.h:369
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:761
u_int8_t plen
Definition: dhcpd.h:1511
#define cur_time
Definition: dhcpd.h:1946
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:109
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2345
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:73
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:953
u_int32_t prefer
Definition: dhcpd.h:1516
struct host_decl * n_ipaddr
Definition: dhcpd.h:865
struct hardware hw_address
Definition: dhcpd.h:1250
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2303
#define IA_TA_OFFSET
Definition: dhcp6.h:125
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2426
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:4710
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1545
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1615
binding_state_t state
Definition: dhcpd.h:1512
int packet6_len_okay(const char *packet, int len)
Definition: options.c:3929
struct interface_info * interfaces
Definition: discover.c:43
int num_active
Definition: dhcpd.h:1619
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:956
int find_hosts_by_uid(struct host_decl **, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:630
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:168
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2059
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:112
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:132
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1575
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:928
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2369
u_int32_t getUChar(const unsigned char *)
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:876
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:912
ia_hash_t * ia_pd_active
Definition: dhcpd.h:851
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1046
const int dhcpv6_type_name_max
Definition: tables.c:636
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:305
unsigned char hop_count
Definition: dhcp6.h:192
#define DHCPD_SIX_CONFIRM_START()
Definition: probes.h:273
struct interface_info * next
Definition: dhcpd.h:1247
struct universe dhcpv6_universe
Definition: tables.c:328
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1769
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2670
#define D6O_IA_NA
Definition: dhcp6.h:33
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2425
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1082
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1016
const char int
Definition: omapip.h:443
struct iaddr netmask
Definition: dhcpd.h:960
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:260
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:99
#define DHCPD_SIX_REQUEST_START()
Definition: probes.h:251
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:733
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:338
#define D6O_ORO
Definition: dhcp6.h:36
struct subnet * next_sibling
Definition: dhcpd.h:955
isc_boolean_t unicast
Definition: dhcpd.h:428
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:438
unsigned char data[1]
Definition: tree.h:63
unsigned char transaction_id[3]
Definition: dhcp6.h:180
time_t soft_lifetime_end_time
Definition: dhcpd.h:1515
struct iaddr lo_addr
Definition: inet.h:71
#define DHCPD_SIX_INFORMATION_REQUEST_DONE()
Definition: probes.h:394
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:647
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:441
int num_total
Definition: dhcpd.h:1618
#define DHCPV6_CONFIRM
Definition: dhcp6.h:101
struct iaddr client_addr
Definition: dhcpd.h:390
ipv6_pond structure
Definition: dhcpd.h:1604
#define HARDWARE_ADDR_LEN
Definition: dhcpd.h:437
#define DHCPD_SIX_CONFIRM_DONE()
Definition: probes.h:284
#define D6O_IA_PD
Definition: dhcp6.h:55
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:185
#define DUID_LLT
Definition: dhcp6.h:119
struct iasubopt ** iasubopt
Definition: dhcpd.h:1548
int write_ia(const struct ia_xx *)
Definition: db.c:519
struct ia_xx * ia
Definition: dhcpd.h:1518
u_int16_t remote_port
Definition: dhclient.c:89
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:150
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:383
const char * file
Definition: dhcpd.h:3557
char * name
Definition: dhcpd.h:937
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1680
#define DHCPD_SIX_RELEASE_START()
Definition: probes.h:361
#define DHCPD_SIX_REBIND_START()
Definition: probes.h:317
struct shared_network * shared_network
Definition: dhcpd.h:1587
struct in6_addr addr
Definition: dhcpd.h:1510
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:376
struct executable_statement * on_commit
Definition: dhcpd.h:502
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:702
const unsigned char * data
Definition: tree.h:79
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2182
isc_result_t generate_new_server_duid(void)
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1260
#define D6O_RELAY_MSG
Definition: dhcp6.h:39
struct permit * permit_list
Definition: dhcpd.h:1610
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:50
u_int16_t pool_type
Definition: dhcpd.h:1577
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:108
#define DHCPV6_DECLINE
Definition: dhcp6.h:106
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:382
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:181
void classify_client(struct packet *)
Definition: class.c:63
struct group * group
Definition: dhcpd.h:1607
#define DHCPV6_SOLICIT
Definition: dhcp6.h:98
struct buffer * buffer
Definition: tree.h:78
#define TRACE(probe)
Definition: trace.h:10
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:703
#define STATUS_UseMulticast
Definition: dhcp6.h:88
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:386
#define FTS_ACTIVE
Definition: dhcpd.h:485
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:233