ISC DHCP  4.3.2
A reference DHCPv4 and DHCPv6 implementation
dhcpv6.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006-2015 by Internet Systems Consortium, Inc. ("ISC")
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10  * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14  * PERFORMANCE OF THIS SOFTWARE.
15  */
16 
19 #include "dhcpd.h"
20 #include "trace.h"
21 
22 #ifdef DHCPv6
23 
24 /*
25  * We use print_hex_1() to output DUID values. We could actually output
26  * the DUID with more information... MAC address if using type 1 or 3,
27  * and so on. However, RFC 3315 contains Grave Warnings against actually
28  * attempting to understand a DUID.
29  */
30 
31 /*
32  * TODO: gettext() or other method of localization for the messages
33  * for status codes (and probably for log formats eventually)
34  * TODO: refactoring (simplify, simplify, simplify)
35  * TODO: support multiple shared_networks on each interface (this
36  * will allow the server to issue multiple IPv6 addresses to
37  * a single interface)
38  */
39 
40 /*
41  * DHCPv6 Reply workflow assist. A Reply packet is built by various
42  * different functions; this gives us one location where we keep state
43  * regarding a reply.
44  */
45 struct reply_state {
46  /* root level persistent state */
47  struct shared_network *shared;
48  struct host_decl *host;
49  struct subnet *subnet; /* Used to match fixed-addrs to subnet scopes. */
50  struct option_state *opt_state;
51  struct packet *packet;
52  struct data_string client_id;
53 
54  /* IA level persistent state */
55  unsigned ia_count;
56  unsigned pd_count;
57  unsigned client_resources;
58  isc_boolean_t resources_included;
59  isc_boolean_t static_lease;
60  unsigned static_prefixes;
61  struct ia_xx *ia;
62  struct ia_xx *old_ia;
63  struct option_state *reply_ia;
64  struct data_string fixed;
65  struct iaddrcidrnet fixed_pref; /* static prefix for logging */
66 
67  /* IAADDR/PREFIX level persistent state */
68  struct iasubopt *lease;
69 
70  /*
71  * "t1", "t2", preferred, and valid lifetimes records for calculating
72  * t1 and t2 (min/max).
73  */
74  u_int32_t renew, rebind, prefer, valid;
75 
76  /* Client-requested valid and preferred lifetimes. */
77  u_int32_t client_valid, client_prefer;
78 
79  /* Chosen values to transmit for valid and preferred lifetimes. */
80  u_int32_t send_valid, send_prefer;
81 
82  /* Preferred prefix length (-1 is any). */
83  int preflen;
84 
85  /* Index into the data field that has been consumed. */
86  unsigned cursor;
87 
88  /* Space for the on commit statements for a fixed host */
89  struct on_star on_star;
90 
91  union reply_buffer {
92  unsigned char data[65536];
93  struct dhcpv6_packet reply;
94  } buf;
95 };
96 
97 /*
98  * Prototypes local to this file.
99  */
100 static int get_encapsulated_IA_state(struct option_state **enc_opt_state,
101  struct data_string *enc_opt_data,
102  struct packet *packet,
103  struct option_cache *oc,
104  int offset);
105 static void build_dhcpv6_reply(struct data_string *, struct packet *);
106 static isc_result_t shared_network_from_packet6(struct shared_network **shared,
107  struct packet *packet);
108 static void seek_shared_host(struct host_decl **hp,
109  struct shared_network *shared);
110 static isc_boolean_t fixed_matches_shared(struct host_decl *host,
111  struct shared_network *shared);
112 static isc_result_t reply_process_ia_na(struct reply_state *reply,
113  struct option_cache *ia);
114 static isc_result_t reply_process_ia_ta(struct reply_state *reply,
115  struct option_cache *ia);
116 static isc_result_t reply_process_addr(struct reply_state *reply,
117  struct option_cache *addr);
118 static isc_boolean_t address_is_owned(struct reply_state *reply,
119  struct iaddr *addr);
120 static isc_boolean_t temporary_is_available(struct reply_state *reply,
121  struct iaddr *addr);
122 static isc_result_t find_client_temporaries(struct reply_state *reply);
123 static isc_result_t reply_process_try_addr(struct reply_state *reply,
124  struct iaddr *addr);
125 static isc_result_t find_client_address(struct reply_state *reply);
126 static isc_result_t reply_process_is_addressed(struct reply_state *reply,
127  struct binding_scope **scope,
128  struct group *group);
129 static isc_result_t reply_process_send_addr(struct reply_state *reply,
130  struct iaddr *addr);
131 static struct iasubopt *lease_compare(struct iasubopt *alpha,
132  struct iasubopt *beta);
133 static isc_result_t reply_process_ia_pd(struct reply_state *reply,
134  struct option_cache *ia_pd);
135 static isc_result_t reply_process_prefix(struct reply_state *reply,
136  struct option_cache *pref);
137 static isc_boolean_t prefix_is_owned(struct reply_state *reply,
138  struct iaddrcidrnet *pref);
139 static isc_result_t find_client_prefix(struct reply_state *reply);
140 static isc_result_t reply_process_try_prefix(struct reply_state *reply,
141  struct iaddrcidrnet *pref);
142 static isc_result_t reply_process_is_prefixed(struct reply_state *reply,
143  struct binding_scope **scope,
144  struct group *group);
145 static isc_result_t reply_process_send_prefix(struct reply_state *reply,
146  struct iaddrcidrnet *pref);
147 static struct iasubopt *prefix_compare(struct reply_state *reply,
148  struct iasubopt *alpha,
149  struct iasubopt *beta);
150 static int find_hosts_by_duid_chaddr(struct host_decl **host,
151  const struct data_string *client_id);
152 static void schedule_lease_timeout_reply(struct reply_state *reply);
153 
154 static int eval_prefix_mode(int thislen, int preflen, int prefix_mode);
155 static isc_result_t pick_v6_prefix_helper(struct reply_state *reply,
156  int prefix_mode);
157 
158 /*
159  * Schedule lease timeouts for all of the iasubopts in the reply.
160  * This is currently used to schedule timeouts for soft leases.
161  */
162 
163 static void
164 schedule_lease_timeout_reply(struct reply_state *reply) {
165  struct iasubopt *tmp;
166  int i;
167 
168  /* sanity check the reply */
169  if ((reply == NULL) || (reply->ia == NULL) || (reply->ia->iasubopt == NULL))
170  return;
171 
172  /* walk through the list, scheduling as we go */
173  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
174  tmp = reply->ia->iasubopt[i];
176  }
177 }
178 
179 /*
180  * This function returns the time since DUID time start for the
181  * given time_t value.
182  */
183 static u_int32_t
184 duid_time(time_t when) {
185  /*
186  * This time is modulo 2^32.
187  */
188  while ((when - DUID_TIME_EPOCH) > 4294967295u) {
189  /* use 2^31 to avoid spurious compiler warnings */
190  when -= 2147483648u;
191  when -= 2147483648u;
192  }
193 
194  return when - DUID_TIME_EPOCH;
195 }
196 
197 
198 /*
199  * Server DUID.
200  *
201  * This must remain the same for the lifetime of this server, because
202  * clients return the server DUID that we sent them in Request packets.
203  *
204  * We pick the server DUID like this:
205  *
206  * 1. Check dhcpd.conf - any value the administrator has configured
207  * overrides any possible values.
208  * 2. Check the leases.txt - we want to use the previous value if
209  * possible.
210  * 3. Check if dhcpd.conf specifies a type of server DUID to use,
211  * and generate that type.
212  * 4. Generate a type 1 (time + hardware address) DUID.
213  */
214 static struct data_string server_duid;
215 
216 /*
217  * Check if the server_duid has been set.
218  */
219 isc_boolean_t
220 server_duid_isset(void) {
221  return (server_duid.data != NULL);
222 }
223 
224 /*
225  * Return the server_duid.
226  */
227 void
228 copy_server_duid(struct data_string *ds, const char *file, int line) {
229  data_string_copy(ds, &server_duid, file, line);
230 }
231 
232 /*
233  * Set the server DUID to a specified value. This is used when
234  * the server DUID is stored in persistent memory (basically the
235  * leases.txt file).
236  */
237 void
238 set_server_duid(struct data_string *new_duid) {
239  /* INSIST(new_duid != NULL); */
240  /* INSIST(new_duid->data != NULL); */
241 
242  if (server_duid_isset()) {
243  data_string_forget(&server_duid, MDL);
244  }
245  data_string_copy(&server_duid, new_duid, MDL);
246 }
247 
248 
249 /*
250  * Set the server DUID based on the D6O_SERVERID option. This handles
251  * the case where the administrator explicitly put it in the dhcpd.conf
252  * file.
253  */
254 isc_result_t
256  struct option_state *opt_state;
257  struct option_cache *oc;
258  struct data_string option_duid;
259  isc_result_t ret_val;
260 
261  opt_state = NULL;
262  if (!option_state_allocate(&opt_state, MDL)) {
263  log_fatal("No memory for server DUID.");
264  }
265 
266  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
267  opt_state, &global_scope, root_group,
268  NULL, NULL);
269 
270  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
271  if (oc == NULL) {
272  ret_val = ISC_R_NOTFOUND;
273  } else {
274  memset(&option_duid, 0, sizeof(option_duid));
275  if (!evaluate_option_cache(&option_duid, NULL, NULL, NULL,
276  opt_state, NULL, &global_scope,
277  oc, MDL)) {
278  ret_val = ISC_R_UNEXPECTED;
279  } else {
280  set_server_duid(&option_duid);
281  data_string_forget(&option_duid, MDL);
282  ret_val = ISC_R_SUCCESS;
283  }
284  }
285 
286  option_state_dereference(&opt_state, MDL);
287 
288  return ret_val;
289 }
290 
291 /*
292  * DUID layout, as defined in RFC 3315, section 9.
293  *
294  * We support type 1 (hardware address plus time) and type 3 (hardware
295  * address).
296  *
297  * We can support type 2 for specific vendors in the future, if they
298  * publish the specification. And of course there may be additional
299  * types later.
300  */
301 static int server_duid_type = DUID_LLT;
302 
303 /*
304  * Set the DUID type.
305  */
306 void
307 set_server_duid_type(int type) {
308  server_duid_type = type;
309 }
310 
311 /*
312  * Generate a new server DUID. This is done if there was no DUID in
313  * the leases.txt or in the dhcpd.conf file.
314  */
315 isc_result_t
317  struct interface_info *p;
318  u_int32_t time_val;
319  struct data_string generated_duid;
320 
321  /*
322  * Verify we have a type that we support.
323  */
324  if ((server_duid_type != DUID_LL) && (server_duid_type != DUID_LLT)) {
325  log_error("Invalid DUID type %d specified, "
326  "only LL and LLT types supported", server_duid_type);
327  return DHCP_R_INVALIDARG;
328  }
329 
330  /*
331  * Find an interface with a hardware address.
332  * Any will do. :)
333  */
334  for (p = interfaces; p != NULL; p = p->next) {
335  if (p->hw_address.hlen > 0) {
336  break;
337  }
338  if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) {
339  log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!");
340  }
341  }
342  if (p == NULL) {
343  return ISC_R_UNEXPECTED;
344  }
345 
346  /*
347  * Build our DUID.
348  */
349  memset(&generated_duid, 0, sizeof(generated_duid));
350  if (server_duid_type == DUID_LLT) {
351  time_val = duid_time(time(NULL));
352  generated_duid.len = 8 + p->hw_address.hlen - 1;
353  if (!buffer_allocate(&generated_duid.buffer,
354  generated_duid.len, MDL)) {
355  log_fatal("No memory for server DUID.");
356  }
357  generated_duid.data = generated_duid.buffer->data;
358  putUShort(generated_duid.buffer->data, DUID_LLT);
359  putUShort(generated_duid.buffer->data + 2,
360  p->hw_address.hbuf[0]);
361  putULong(generated_duid.buffer->data + 4, time_val);
362  memcpy(generated_duid.buffer->data + 8,
363  p->hw_address.hbuf+1, p->hw_address.hlen-1);
364  } else if (server_duid_type == DUID_LL) {
365  generated_duid.len = 4 + p->hw_address.hlen - 1;
366  if (!buffer_allocate(&generated_duid.buffer,
367  generated_duid.len, MDL)) {
368  log_fatal("No memory for server DUID.");
369  }
370  generated_duid.data = generated_duid.buffer->data;
371  putUShort(generated_duid.buffer->data, DUID_LL);
372  putUShort(generated_duid.buffer->data + 2,
373  p->hw_address.hbuf[0]);
374  memcpy(generated_duid.buffer->data + 4,
375  p->hw_address.hbuf+1, p->hw_address.hlen-1);
376  } else {
377  log_fatal("Unsupported server DUID type %d.", server_duid_type);
378  }
379 
380  set_server_duid(&generated_duid);
381  data_string_forget(&generated_duid, MDL);
382 
383  return ISC_R_SUCCESS;
384 }
385 
386 /*
387  * Is the D6O_UNICAST option defined in dhcpd.conf ?
388  */
389 static isc_boolean_t unicast_option_defined;
390 
391 /*
392  * Did we already search dhcpd.conf for D6O_UNICAST option ?
393  * We need to store it here to not parse dhcpd.conf repeatedly.
394  */
395 static isc_boolean_t unicast_option_parsed = ISC_FALSE;
396 
397 
398 /*
399  * Is the D6O_UNICAST option defined in dhcpd.conf ?
400  */
401 isc_boolean_t
402 is_unicast_option_defined(void) {
403  struct option_state *opt_state;
404  struct option_cache *oc;
405 
406  /*
407  * If we are looking for the unicast option for the first time
408  */
409  if (unicast_option_parsed == ISC_FALSE) {
410  unicast_option_parsed = ISC_TRUE;
411  opt_state = NULL;
412  if (!option_state_allocate(&opt_state, MDL)) {
413  log_fatal("No memory for option state.");
414  }
415 
416  execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL,
417  opt_state, &global_scope, root_group, NULL, NULL);
418 
419  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
420  unicast_option_defined = (oc != NULL);
421 
422  option_state_dereference(&opt_state, MDL);
423  }
424 
425  return (unicast_option_defined);
426 }
427 
428 /*
429  * Get the client identifier from the packet.
430  */
431 isc_result_t
432 get_client_id(struct packet *packet, struct data_string *client_id) {
433  struct option_cache *oc;
434 
435  /*
436  * Verify our client_id structure is empty.
437  */
438  if ((client_id->data != NULL) || (client_id->len != 0)) {
439  return DHCP_R_INVALIDARG;
440  }
441 
443  if (oc == NULL) {
444  return ISC_R_NOTFOUND;
445  }
446 
447  if (!evaluate_option_cache(client_id, packet, NULL, NULL,
448  packet->options, NULL,
449  &global_scope, oc, MDL)) {
450  return ISC_R_FAILURE;
451  }
452 
453  return ISC_R_SUCCESS;
454 }
455 
456 /*
457  * Message validation, defined in RFC 3315, sections 15.2, 15.5, 15.7:
458  *
459  * Servers MUST discard any Solicit messages that do not include a
460  * Client Identifier option or that do include a Server Identifier
461  * option.
462  */
463 int
464 valid_client_msg(struct packet *packet, struct data_string *client_id) {
465  int ret_val;
466  struct option_cache *oc;
467  struct data_string data;
468 
469  ret_val = 0;
470  memset(client_id, 0, sizeof(*client_id));
471  memset(&data, 0, sizeof(data));
472 
473  switch (get_client_id(packet, client_id)) {
474  case ISC_R_SUCCESS:
475  break;
476  case ISC_R_NOTFOUND:
477  log_debug("Discarding %s from %s; "
478  "client identifier missing",
480  piaddr(packet->client_addr));
481  goto exit;
482  default:
483  log_error("Error processing %s from %s; "
484  "unable to evaluate Client Identifier",
486  piaddr(packet->client_addr));
487  goto exit;
488  }
489 
490  /*
491  * Required by RFC 3315, section 15.
492  */
493  if (packet->unicast) {
494  log_debug("Discarding %s from %s; packet sent unicast "
495  "(CLIENTID %s)",
497  piaddr(packet->client_addr),
498  print_hex_1(client_id->len, client_id->data, 60));
499  goto exit;
500  }
501 
502 
504  if (oc != NULL) {
505  if (evaluate_option_cache(&data, packet, NULL, NULL,
506  packet->options, NULL,
507  &global_scope, oc, MDL)) {
508  log_debug("Discarding %s from %s; "
509  "server identifier found "
510  "(CLIENTID %s, SERVERID %s)",
512  piaddr(packet->client_addr),
513  print_hex_1(client_id->len,
514  client_id->data, 60),
515  print_hex_2(data.len,
516  data.data, 60));
517  } else {
518  log_debug("Discarding %s from %s; "
519  "server identifier found "
520  "(CLIENTID %s)",
522  print_hex_1(client_id->len,
523  client_id->data, 60),
524  piaddr(packet->client_addr));
525  }
526  goto exit;
527  }
528 
529  /* looks good */
530  ret_val = 1;
531 
532 exit:
533  if (data.len > 0) {
535  }
536  if (!ret_val) {
537  if (client_id->len > 0) {
538  data_string_forget(client_id, MDL);
539  }
540  }
541  return ret_val;
542 }
543 
544 /*
545  * Response validation, defined in RFC 3315, sections 15.4, 15.6, 15.8,
546  * 15.9 (slightly different wording, but same meaning):
547  *
548  * Servers MUST discard any received Request message that meet any of
549  * the following conditions:
550  *
551  * - the message does not include a Server Identifier option.
552  * - the contents of the Server Identifier option do not match the
553  * server's DUID.
554  * - the message does not include a Client Identifier option.
555  */
556 int
557 valid_client_resp(struct packet *packet,
558  struct data_string *client_id,
559  struct data_string *server_id)
560 {
561  int ret_val;
562  struct option_cache *oc;
563 
564  /* INSIST((duid.data != NULL) && (duid.len > 0)); */
565 
566  ret_val = 0;
567  memset(client_id, 0, sizeof(*client_id));
568  memset(server_id, 0, sizeof(*server_id));
569 
570  switch (get_client_id(packet, client_id)) {
571  case ISC_R_SUCCESS:
572  break;
573  case ISC_R_NOTFOUND:
574  log_debug("Discarding %s from %s; "
575  "client identifier missing",
577  piaddr(packet->client_addr));
578  goto exit;
579  default:
580  log_error("Error processing %s from %s; "
581  "unable to evaluate Client Identifier",
583  piaddr(packet->client_addr));
584  goto exit;
585  }
586 
588  if (oc == NULL) {
589  log_debug("Discarding %s from %s: "
590  "server identifier missing (CLIENTID %s)",
592  piaddr(packet->client_addr),
593  print_hex_1(client_id->len, client_id->data, 60));
594  goto exit;
595  }
596  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
597  packet->options, NULL,
598  &global_scope, oc, MDL)) {
599  log_error("Error processing %s from %s; "
600  "unable to evaluate Server Identifier (CLIENTID %s)",
602  piaddr(packet->client_addr),
603  print_hex_1(client_id->len, client_id->data, 60));
604  goto exit;
605  }
606  if ((server_duid.len != server_id->len) ||
607  (memcmp(server_duid.data, server_id->data, server_duid.len) != 0)) {
608  log_debug("Discarding %s from %s; "
609  "not our server identifier "
610  "(CLIENTID %s, SERVERID %s, server DUID %s)",
612  piaddr(packet->client_addr),
613  print_hex_1(client_id->len, client_id->data, 60),
614  print_hex_2(server_id->len, server_id->data, 60),
615  print_hex_3(server_duid.len, server_duid.data, 60));
616  goto exit;
617  }
618 
619  /* looks good */
620  ret_val = 1;
621 
622 exit:
623  if (!ret_val) {
624  if (server_id->len > 0) {
625  data_string_forget(server_id, MDL);
626  }
627  if (client_id->len > 0) {
628  data_string_forget(client_id, MDL);
629  }
630  }
631  return ret_val;
632 }
633 
634 /*
635  * Information request validation, defined in RFC 3315, section 15.12:
636  *
637  * Servers MUST discard any received Information-request message that
638  * meets any of the following conditions:
639  *
640  * - The message includes a Server Identifier option and the DUID in
641  * the option does not match the server's DUID.
642  *
643  * - The message includes an IA option.
644  */
645 int
646 valid_client_info_req(struct packet *packet, struct data_string *server_id) {
647  int ret_val;
648  struct option_cache *oc;
649  struct data_string client_id;
650  char client_id_str[80]; /* print_hex_1() uses maximum 60 characters,
651  plus a few more for extra information */
652 
653  ret_val = 0;
654  memset(server_id, 0, sizeof(*server_id));
655  memset(&client_id, 0, sizeof(client_id));
656 
657  /*
658  * Make a string that we can print out to give more
659  * information about the client if we need to.
660  *
661  * By RFC 3315, Section 18.1.5 clients SHOULD have a
662  * client-id on an Information-request packet, but it
663  * is not strictly necessary.
664  */
665  if (get_client_id(packet, &client_id) == ISC_R_SUCCESS) {
666  snprintf(client_id_str, sizeof(client_id_str), " (CLIENTID %s)",
667  print_hex_1(client_id.len, client_id.data, 60));
668  data_string_forget(&client_id, MDL);
669  } else {
670  client_id_str[0] = '\0';
671  }
672 
673  /*
674  * Required by RFC 3315, section 15.
675  */
676  if (packet->unicast) {
677  log_debug("Discarding %s from %s; packet sent unicast%s",
679  piaddr(packet->client_addr), client_id_str);
680  goto exit;
681  }
682 
684  if (oc != NULL) {
685  log_debug("Discarding %s from %s; "
686  "IA_NA option present%s",
688  piaddr(packet->client_addr), client_id_str);
689  goto exit;
690  }
692  if (oc != NULL) {
693  log_debug("Discarding %s from %s; "
694  "IA_TA option present%s",
696  piaddr(packet->client_addr), client_id_str);
697  goto exit;
698  }
700  if (oc != NULL) {
701  log_debug("Discarding %s from %s; "
702  "IA_PD option present%s",
704  piaddr(packet->client_addr), client_id_str);
705  goto exit;
706  }
707 
709  if (oc != NULL) {
710  if (!evaluate_option_cache(server_id, packet, NULL, NULL,
711  packet->options, NULL,
712  &global_scope, oc, MDL)) {
713  log_error("Error processing %s from %s; "
714  "unable to evaluate Server Identifier%s",
716  piaddr(packet->client_addr), client_id_str);
717  goto exit;
718  }
719  if ((server_duid.len != server_id->len) ||
720  (memcmp(server_duid.data, server_id->data,
721  server_duid.len) != 0)) {
722  log_debug("Discarding %s from %s; "
723  "not our server identifier "
724  "(SERVERID %s, server DUID %s)%s",
726  piaddr(packet->client_addr),
727  print_hex_1(server_id->len,
728  server_id->data, 60),
729  print_hex_2(server_duid.len,
730  server_duid.data, 60),
731  client_id_str);
732  goto exit;
733  }
734  }
735 
736  /* looks good */
737  ret_val = 1;
738 
739 exit:
740  if (!ret_val) {
741  if (server_id->len > 0) {
742  data_string_forget(server_id, MDL);
743  }
744  }
745  return ret_val;
746 }
747 
748 /*
749  * Options that we want to send, in addition to what was requested
750  * via the ORO.
751  */
752 static const int required_opts[] = {
753  D6O_CLIENTID,
754  D6O_SERVERID,
757  0
758 };
759 static const int required_opts_NAA[] = {
760  D6O_CLIENTID,
761  D6O_SERVERID,
763  0
764 };
765 static const int required_opts_solicit[] = {
766  D6O_CLIENTID,
767  D6O_SERVERID,
768  D6O_IA_NA,
769  D6O_IA_TA,
770  D6O_IA_PD,
775  0
776 };
777 static const int required_opts_agent[] = {
780  0
781 };
782 static const int required_opts_IA[] = {
783  D6O_IAADDR,
785  0
786 };
787 static const int required_opts_IA_PD[] = {
788  D6O_IAPREFIX,
790  0
791 };
792 static const int required_opts_STATUS_CODE[] = {
794  0
795 };
796 
797 /*
798  * Extracts from packet contents an IA_* option, storing the IA structure
799  * in its entirety in enc_opt_data, and storing any decoded DHCPv6 options
800  * in enc_opt_state for later lookup and evaluation. The 'offset' indicates
801  * where in the IA_* the DHCPv6 options commence.
802  */
803 static int
804 get_encapsulated_IA_state(struct option_state **enc_opt_state,
805  struct data_string *enc_opt_data,
806  struct packet *packet,
807  struct option_cache *oc,
808  int offset)
809 {
810  /*
811  * Get the raw data for the encapsulated options.
812  */
813  memset(enc_opt_data, 0, sizeof(*enc_opt_data));
814  if (!evaluate_option_cache(enc_opt_data, packet,
815  NULL, NULL, packet->options, NULL,
816  &global_scope, oc, MDL)) {
817  log_error("get_encapsulated_IA_state: "
818  "error evaluating raw option.");
819  return 0;
820  }
821  if (enc_opt_data->len < offset) {
822  log_error("get_encapsulated_IA_state: raw option too small.");
823  data_string_forget(enc_opt_data, MDL);
824  return 0;
825  }
826 
827  /*
828  * Now create the option state structure, and pass it to the
829  * function that parses options.
830  */
831  *enc_opt_state = NULL;
832  if (!option_state_allocate(enc_opt_state, MDL)) {
833  log_error("get_encapsulated_IA_state: no memory for options.");
834  data_string_forget(enc_opt_data, MDL);
835  return 0;
836  }
837  if (!parse_option_buffer(*enc_opt_state,
838  enc_opt_data->data + offset,
839  enc_opt_data->len - offset,
840  &dhcpv6_universe)) {
841  log_error("get_encapsulated_IA_state: error parsing options.");
842  option_state_dereference(enc_opt_state, MDL);
843  data_string_forget(enc_opt_data, MDL);
844  return 0;
845  }
846 
847  return 1;
848 }
849 
850 static int
851 set_status_code(u_int16_t status_code, const char *status_message,
852  struct option_state *opt_state)
853 {
854  struct data_string d;
855  int ret_val;
856 
857  memset(&d, 0, sizeof(d));
858  d.len = sizeof(status_code) + strlen(status_message);
859  if (!buffer_allocate(&d.buffer, d.len, MDL)) {
860  log_fatal("set_status_code: no memory for status code.");
861  }
862  d.data = d.buffer->data;
863  putUShort(d.buffer->data, status_code);
864  memcpy(d.buffer->data + sizeof(status_code),
865  status_message, d.len - sizeof(status_code));
866  if (!save_option_buffer(&dhcpv6_universe, opt_state,
867  d.buffer, (unsigned char *)d.data, d.len,
868  D6O_STATUS_CODE, 0)) {
869  log_error("set_status_code: error saving status code.");
870  ret_val = 0;
871  } else {
872  ret_val = 1;
873  }
874  data_string_forget(&d, MDL);
875  return ret_val;
876 }
877 
878 void check_pool6_threshold(struct reply_state *reply,
879  struct iasubopt *lease)
880 {
881  struct ipv6_pond *pond;
882  isc_uint64_t used, count, high_threshold;
883  int poolhigh = 0, poollow = 0;
884  char *shared_name = "no name";
885  char tmp_addr[INET6_ADDRSTRLEN];
886 
887  if ((lease->ipv6_pool == NULL) || (lease->ipv6_pool->ipv6_pond == NULL))
888  return;
889  pond = lease->ipv6_pool->ipv6_pond;
890 
891  /* If the address range is too large to track, just skip all this. */
892  if (pond->jumbo_range == 1) {
893  return;
894  }
895 
896  count = pond->num_total;
897  used = pond->num_active;
898 
899  /* get network name for logging */
900  if ((pond->shared_network != NULL) &&
901  (pond->shared_network->name != NULL)) {
902  shared_name = pond->shared_network->name;
903  }
904 
905  /* The logged flag indicates if we have already crossed the high
906  * threshold and emitted a log message. If it is set we check to
907  * see if we have re-crossed the low threshold and need to reset
908  * things. When we cross the high threshold we determine what
909  * the low threshold is and save it into the low_threshold value.
910  * When we cross that threshold we reset the logged flag and
911  * the low_threshold to 0 which allows the high threshold message
912  * to be emitted once again.
913  * if we haven't recrossed the boundry we don't need to do anything.
914  */
915  if (pond->logged !=0) {
916  if (used <= pond->low_threshold) {
917  pond->low_threshold = 0;
918  pond->logged = 0;
919  log_error("Pool threshold reset - shared subnet: %s; "
920  "address: %s; low threshold %llu/%llu.",
921  shared_name,
922  inet_ntop(AF_INET6, &lease->addr,
923  tmp_addr, sizeof(tmp_addr)),
924  used, count);
925  }
926  return;
927  }
928 
929  /* find the high threshold */
930  if (get_option_int(&poolhigh, &server_universe, reply->packet, NULL,
931  NULL, reply->packet->options, reply->opt_state,
932  reply->opt_state, &lease->scope,
933  SV_LOG_THRESHOLD_HIGH, MDL) == 0) {
934  /* no threshold bail out */
935  return;
936  }
937 
938  /* We do have a threshold for this pool, see if its valid */
939  if ((poolhigh <= 0) || (poolhigh > 100)) {
940  /* not valid */
941  return;
942  }
943 
944  /* we have a valid value, have we exceeded it */
945  high_threshold = FIND_POND6_PERCENT(count, poolhigh);
946  if (used < high_threshold) {
947  /* nope, no more to do */
948  return;
949  }
950 
951  /* we've exceeded it, output a message */
952  log_error("Pool threshold exceeded - shared subnet: %s; "
953  "address: %s; high threshold %d%% %llu/%llu.",
954  shared_name,
955  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
956  poolhigh, used, count);
957 
958  /* handle the low threshold now, if we don't
959  * have one we default to 0. */
960  if ((get_option_int(&poollow, &server_universe, reply->packet, NULL,
961  NULL, reply->packet->options, reply->opt_state,
962  reply->opt_state, &lease->scope,
963  SV_LOG_THRESHOLD_LOW, MDL) == 0) ||
964  (poollow > 100)) {
965  poollow = 0;
966  }
967 
968  /*
969  * If the low theshold is higher than the high threshold we continue to log
970  * If it isn't then we set the flag saying we already logged and determine
971  * what the reset threshold is.
972  */
973  if (poollow < poolhigh) {
974  pond->logged = 1;
975  pond->low_threshold = FIND_POND6_PERCENT(count, poollow);
976  }
977 }
978 
979 /*
980  * We have a set of operations we do to set up the reply packet, which
981  * is the same for many message types.
982  */
983 static int
984 start_reply(struct packet *packet,
985  const struct data_string *client_id,
986  const struct data_string *server_id,
987  struct option_state **opt_state,
988  struct dhcpv6_packet *reply)
989 {
990  struct option_cache *oc;
991  const unsigned char *server_id_data;
992  int server_id_len;
993 
994  /*
995  * Build our option state for reply.
996  */
997  *opt_state = NULL;
998  if (!option_state_allocate(opt_state, MDL)) {
999  log_error("start_reply: no memory for option_state.");
1000  return 0;
1001  }
1002  execute_statements_in_scope(NULL, packet, NULL, NULL,
1003  packet->options, *opt_state,
1004  &global_scope, root_group, NULL, NULL);
1005 
1006  /*
1007  * A small bit of special handling for Solicit messages.
1008  *
1009  * We could move the logic into a flag, but for now just check
1010  * explicitly.
1011  */
1012  if (packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
1013  reply->msg_type = DHCPV6_ADVERTISE;
1014 
1015  /*
1016  * If:
1017  * - this message type supports rapid commit (Solicit), and
1018  * - the server is configured to supply a rapid commit, and
1019  * - the client requests a rapid commit,
1020  * Then we add a rapid commit option, and send Reply (instead
1021  * of an Advertise).
1022  */
1024  *opt_state, D6O_RAPID_COMMIT);
1025  if (oc != NULL) {
1027  packet->options, D6O_RAPID_COMMIT);
1028  if (oc != NULL) {
1029  /* Rapid-commit in action. */
1030  reply->msg_type = DHCPV6_REPLY;
1031  } else {
1032  /* Don't want a rapid-commit in advertise. */
1034  *opt_state, D6O_RAPID_COMMIT);
1035  }
1036  }
1037  } else {
1038  reply->msg_type = DHCPV6_REPLY;
1039  /* Delete the rapid-commit from the sent options. */
1041  *opt_state, D6O_RAPID_COMMIT);
1042  if (oc != NULL) {
1044  *opt_state, D6O_RAPID_COMMIT);
1045  }
1046  }
1047 
1048  /*
1049  * Use the client's transaction identifier for the reply.
1050  */
1051  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
1052  sizeof(reply->transaction_id));
1053 
1054  /*
1055  * RFC 3315, section 18.2 says we need server identifier and
1056  * client identifier.
1057  *
1058  * If the server ID is defined via the configuration file, then
1059  * it will already be present in the option state at this point,
1060  * so we don't need to set it.
1061  *
1062  * If we have a server ID passed in from the caller,
1063  * use that, otherwise use the global DUID.
1064  */
1065  oc = lookup_option(&dhcpv6_universe, *opt_state, D6O_SERVERID);
1066  if (oc == NULL) {
1067  if (server_id == NULL) {
1068  server_id_data = server_duid.data;
1069  server_id_len = server_duid.len;
1070  } else {
1071  server_id_data = server_id->data;
1072  server_id_len = server_id->len;
1073  }
1074  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1075  NULL, (unsigned char *)server_id_data,
1076  server_id_len, D6O_SERVERID, 0)) {
1077  log_error("start_reply: "
1078  "error saving server identifier.");
1079  return 0;
1080  }
1081  }
1082 
1083  if (client_id->buffer != NULL) {
1084  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1085  client_id->buffer,
1086  (unsigned char *)client_id->data,
1087  client_id->len,
1088  D6O_CLIENTID, 0)) {
1089  log_error("start_reply: error saving "
1090  "client identifier.");
1091  return 0;
1092  }
1093  }
1094 
1095  /*
1096  * If the client accepts reconfiguration, let it know that we
1097  * will send them.
1098  *
1099  * Note: we don't actually do this yet, but DOCSIS requires we
1100  * claim to.
1101  */
1102  oc = lookup_option(&dhcpv6_universe, packet->options,
1104  if (oc != NULL) {
1105  if (!save_option_buffer(&dhcpv6_universe, *opt_state,
1106  NULL, (unsigned char *)"", 0,
1107  D6O_RECONF_ACCEPT, 0)) {
1108  log_error("start_reply: "
1109  "error saving RECONF_ACCEPT option.");
1110  option_state_dereference(opt_state, MDL);
1111  return 0;
1112  }
1113  }
1114 
1115  return 1;
1116 }
1117 
1118 /*
1119  * Try to get the IPv6 address the client asked for from the
1120  * pool.
1121  *
1122  * addr is the result (should be a pointer to NULL on entry)
1123  * pool is the pool to search in
1124  * requested_addr is the address the client wants
1125  */
1126 static isc_result_t
1127 try_client_v6_address(struct iasubopt **addr,
1128  struct ipv6_pool *pool,
1129  const struct data_string *requested_addr)
1130 {
1131  struct in6_addr tmp_addr;
1132  isc_result_t result;
1133 
1134  if (requested_addr->len < sizeof(tmp_addr)) {
1135  return DHCP_R_INVALIDARG;
1136  }
1137  memcpy(&tmp_addr, requested_addr->data, sizeof(tmp_addr));
1138  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) {
1139  return ISC_R_FAILURE;
1140  }
1141 
1142  /*
1143  * The address is not covered by this (or possibly any) dynamic
1144  * range.
1145  */
1146  if (!ipv6_in_pool(&tmp_addr, pool)) {
1147  return ISC_R_ADDRNOTAVAIL;
1148  }
1149 
1150  if (lease6_exists(pool, &tmp_addr)) {
1151  return ISC_R_ADDRINUSE;
1152  }
1153 
1154  result = iasubopt_allocate(addr, MDL);
1155  if (result != ISC_R_SUCCESS) {
1156  return result;
1157  }
1158  (*addr)->addr = tmp_addr;
1159  (*addr)->plen = 0;
1160 
1161  /* Default is soft binding for 2 minutes. */
1162  result = add_lease6(pool, *addr, cur_time + 120);
1163  if (result != ISC_R_SUCCESS) {
1164  iasubopt_dereference(addr, MDL);
1165  }
1166  return result;
1167 }
1168 
1169 
1191 static isc_result_t
1192 pick_v6_address(struct reply_state *reply)
1193 {
1194  struct ipv6_pool *p = NULL;
1195  struct ipv6_pond *pond;
1196  int i;
1197  int start_pool;
1198  unsigned int attempts;
1199  char tmp_buf[INET6_ADDRSTRLEN];
1200  struct iasubopt **addr = &reply->lease;
1201  isc_uint64_t total = 0;
1202  isc_uint64_t active = 0;
1203  isc_uint64_t abandoned = 0;
1204  int jumbo_range = 0;
1205  char *shared_name = (reply->shared->name ?
1206  reply->shared->name : "(no name)");
1207 
1208  /*
1209  * Do a quick walk through of the ponds and pools
1210  * to see if we have any NA address pools
1211  */
1212  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1213  if (pond->ipv6_pools == NULL)
1214  continue;
1215 
1216  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1217  if (p->pool_type == D6O_IA_NA)
1218  break;
1219  }
1220  if (p != NULL)
1221  break;
1222  }
1223 
1224  /* If we get here and p is NULL we have no useful pools */
1225  if (p == NULL) {
1226  log_debug("Unable to pick client address: "
1227  "no IPv6 pools on this shared network");
1228  return ISC_R_NORESOURCES;
1229  }
1230 
1231  /*
1232  * We have at least one pool that could provide an address
1233  * Now we walk through the ponds and pools again and check
1234  * to see if the client is permitted and if an address is
1235  * available
1236  *
1237  * Within a given pond we start looking at the last pool we
1238  * allocated from, unless it had a collision trying to allocate
1239  * an address. This will tend to move us into less-filled pools.
1240  */
1241 
1242  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1243  isc_result_t result = ISC_R_FAILURE;
1244 
1245  if (((pond->prohibit_list != NULL) &&
1246  (permitted(reply->packet, pond->prohibit_list))) ||
1247  ((pond->permit_list != NULL) &&
1248  (!permitted(reply->packet, pond->permit_list))))
1249  continue;
1250 
1251  start_pool = pond->last_ipv6_pool;
1252  i = start_pool;
1253  do {
1254  p = pond->ipv6_pools[i];
1255  if (p->pool_type == D6O_IA_NA) {
1256  result = create_lease6(p, addr, &attempts,
1257  &reply->ia->iaid_duid,
1258  cur_time + 120);
1259  if (result == ISC_R_SUCCESS) {
1260  /*
1261  * Record the pool used (or next one if
1262  * there was a collision).
1263  */
1264  if (attempts > 1) {
1265  i++;
1266  if (pond->ipv6_pools[i]
1267  == NULL) {
1268  i = 0;
1269  }
1270  }
1271 
1272  pond->last_ipv6_pool = i;
1273 
1274  log_debug("Picking pool address %s",
1275  inet_ntop(AF_INET6,
1276  &((*addr)->addr),
1277  tmp_buf, sizeof(tmp_buf)));
1278  return (ISC_R_SUCCESS);
1279  }
1280  }
1281 
1282  i++;
1283  if (pond->ipv6_pools[i] == NULL) {
1284  i = 0;
1285  }
1286  } while (i != start_pool);
1287 
1288  if (result == ISC_R_NORESOURCES) {
1289  jumbo_range += pond->jumbo_range;
1290  total += pond->num_total;
1291  active += pond->num_active;
1292  abandoned += pond->num_abandoned;
1293  }
1294  }
1295 
1296  /*
1297  * If we failed to pick an IPv6 address from any of the subnets.
1298  * Presumably that means we have no addresses for the client.
1299  */
1300  if (jumbo_range != 0) {
1301  log_debug("Unable to pick client address: "
1302  "no addresses available - shared network %s: "
1303  " 2^64-1 < total, %llu active, %llu abandoned",
1304  shared_name, active - abandoned, abandoned);
1305  } else {
1306  log_debug("Unable to pick client address: "
1307  "no addresses available - shared network %s: "
1308  "%llu total, %llu active, %llu abandoned",
1309  shared_name, total, active - abandoned, abandoned);
1310  }
1311 
1312  return ISC_R_NORESOURCES;
1313 }
1314 
1315 /*
1316  * Try to get the IPv6 prefix the client asked for from the
1317  * prefix pool.
1318  *
1319  * pref is the result (should be a pointer to NULL on entry)
1320  * pool is the prefix pool to search in
1321  * requested_pref is the address the client wants
1322  */
1323 static isc_result_t
1324 try_client_v6_prefix(struct iasubopt **pref,
1325  struct ipv6_pool *pool,
1326  const struct data_string *requested_pref)
1327 {
1328  u_int8_t tmp_plen;
1329  struct in6_addr tmp_pref;
1330  struct iaddr ia;
1331  isc_result_t result;
1332 
1333  if (requested_pref->len < sizeof(tmp_plen) + sizeof(tmp_pref)) {
1334  return DHCP_R_INVALIDARG;
1335  }
1336  tmp_plen = (int) requested_pref->data[0];
1337  if ((tmp_plen < 3) || (tmp_plen > 128) ||
1338  ((int)tmp_plen != pool->units)) {
1339  return ISC_R_FAILURE;
1340  }
1341  memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
1342  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_pref)) {
1343  return ISC_R_FAILURE;
1344  }
1345  ia.len = 16;
1346  memcpy(&ia.iabuf, &tmp_pref, 16);
1347  if (!is_cidr_mask_valid(&ia, (int) tmp_plen)) {
1348  return ISC_R_FAILURE;
1349  }
1350 
1351  if (!ipv6_in_pool(&tmp_pref, pool)) {
1352  return ISC_R_ADDRNOTAVAIL;
1353  }
1354 
1355  if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
1356  return ISC_R_ADDRINUSE;
1357  }
1358 
1359  result = iasubopt_allocate(pref, MDL);
1360  if (result != ISC_R_SUCCESS) {
1361  return result;
1362  }
1363  (*pref)->addr = tmp_pref;
1364  (*pref)->plen = tmp_plen;
1365 
1366  /* Default is soft binding for 2 minutes. */
1367  result = add_lease6(pool, *pref, cur_time + 120);
1368  if (result != ISC_R_SUCCESS) {
1369  iasubopt_dereference(pref, MDL);
1370  }
1371  return result;
1372 }
1373 
1413 static isc_result_t
1414 pick_v6_prefix(struct reply_state *reply) {
1415  struct ipv6_pool *p = NULL;
1416  struct ipv6_pond *pond;
1417  int i;
1418  isc_result_t result;
1419 
1420  /*
1421  * Do a quick walk through of the ponds and pools
1422  * to see if we have any prefix pools
1423  */
1424  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1425  if (pond->ipv6_pools == NULL)
1426  continue;
1427 
1428  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1429  if (p->pool_type == D6O_IA_PD)
1430  break;
1431  }
1432  if (p != NULL)
1433  break;
1434  }
1435 
1436  /* If we get here and p is NULL we have no useful pools */
1437  if (p == NULL) {
1438  log_debug("Unable to pick client prefix: "
1439  "no IPv6 pools on this shared network");
1440  return ISC_R_NORESOURCES;
1441  }
1442 
1443  if (reply->preflen <= 0) {
1444  /* If we didn't get a plen (-1) or client plen is 0, then just
1445  * select first available (same as PLM_INGORE) */
1446  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1447  } else {
1448  switch (prefix_length_mode) {
1449  case PLM_PREFER:
1450  /* First we look for an exact match, if not found
1451  * then first available */
1452  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1453  if (result != ISC_R_SUCCESS) {
1454  result = pick_v6_prefix_helper(reply,
1455  PLM_IGNORE);
1456  }
1457  break;
1458 
1459  case PLM_EXACT:
1460  /* Match exactly or fail */
1461  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1462  break;
1463 
1464  case PLM_MINIMUM:
1465  case PLM_MAXIMUM:
1466  /* First we look for an exact match, if not found
1467  * then first available by mode */
1468  result = pick_v6_prefix_helper(reply, PLM_EXACT);
1469  if (result != ISC_R_SUCCESS) {
1470  result = pick_v6_prefix_helper(reply,
1472  }
1473  break;
1474 
1475  default:
1476  /* First available */
1477  result = pick_v6_prefix_helper(reply, PLM_IGNORE);
1478  break;
1479  }
1480  }
1481 
1482  if (result == ISC_R_SUCCESS) {
1483  char tmp_buf[INET6_ADDRSTRLEN];
1484 
1485  log_debug("Picking pool prefix %s/%u",
1486  inet_ntop(AF_INET6, &(reply->lease->addr),
1487  tmp_buf, sizeof(tmp_buf)),
1488  (unsigned)(reply->lease->plen));
1489  return (ISC_R_SUCCESS);
1490  }
1491 
1492  /*
1493  * If we failed to pick an IPv6 prefix
1494  * Presumably that means we have no prefixes for the client.
1495  */
1496  log_debug("Unable to pick client prefix: no prefixes available");
1497  return ISC_R_NORESOURCES;
1498 }
1499 
1523 isc_result_t
1524 pick_v6_prefix_helper(struct reply_state *reply, int prefix_mode) {
1525  struct ipv6_pool *p = NULL;
1526  struct ipv6_pond *pond;
1527  int i;
1528  unsigned int attempts;
1529  struct iasubopt **pref = &reply->lease;
1530 
1531  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
1532  if (((pond->prohibit_list != NULL) &&
1533  (permitted(reply->packet, pond->prohibit_list))) ||
1534  ((pond->permit_list != NULL) &&
1535  (!permitted(reply->packet, pond->permit_list))))
1536  continue;
1537 
1538  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
1539  if ((p->pool_type == D6O_IA_PD) &&
1540  (eval_prefix_mode(p->units, reply->preflen,
1541  prefix_mode) == 1) &&
1542  (create_prefix6(p, pref, &attempts,
1543  &reply->ia->iaid_duid,
1544  cur_time + 120) == ISC_R_SUCCESS)) {
1545  return (ISC_R_SUCCESS);
1546  }
1547  }
1548  }
1549 
1550  return ISC_R_NORESOURCES;
1551 }
1552 
1567 int
1568 eval_prefix_mode(int len, int preflen, int prefix_mode) {
1569  int use_it = 1;
1570  switch (prefix_mode) {
1571  case PLM_EXACT:
1572  use_it = (len == preflen);
1573  break;
1574  case PLM_MINIMUM:
1575  /* they asked for a prefix length no "shorter" than preflen */
1576  use_it = (len >= preflen);
1577  break;
1578  case PLM_MAXIMUM:
1579  /* they asked for a prefix length no "longer" than preflen */
1580  use_it = (len <= preflen);
1581  break;
1582  default:
1583  /* otherwise use it */
1584  break;
1585  }
1586 
1587 #if defined (DEBUG)
1588  log_debug("eval_prefix_mode: "
1589  "len %d, preflen %d, mode %s, use_it %d",
1590  len, preflen,
1591  prefix_length_modes.values[prefix_mode].name, use_it);
1592 #endif
1593 
1594  return (use_it);
1595 }
1596 
1597 /*
1598  *! \file server/dhcpv6.c
1599  *
1600  * \brief construct a reply containing information about a client's lease
1601  *
1602  * lease_to_client() is called from several messages to construct a
1603  * reply that contains all that we know about the client's correct lease
1604  * (or projected lease).
1605  *
1606  * Solicit - "Soft" binding, ignore unknown addresses or bindings, just
1607  * send what we "may" give them on a request.
1608  *
1609  * Request - "Hard" binding, but ignore supplied addresses (just provide what
1610  * the client should really use).
1611  *
1612  * Renew - "Hard" binding, but client-supplied addresses are 'real'. Error
1613  * Rebind out any "wrong" addresses the client sends. This means we send
1614  * an empty IA_NA with a status code of NoBinding or NotOnLink or
1615  * possibly send the address with zeroed lifetimes.
1616  *
1617  * Information-Request - No binding.
1618  *
1619  * The basic structure is to traverse the client-supplied data first, and
1620  * validate and echo back any contents that can be. If the client-supplied
1621  * data does not error out (on renew/rebind as above), but we did not send
1622  * any addresses, attempt to allocate one.
1623  *
1624  * At the end of the this function we call commit_leases_timed() to
1625  * fsync and rotate the file as necessary. commit_leases_timed() will
1626  * check that we have written at least one lease to the file and that
1627  * some time has passed before doing any fsync or file rewrite so we
1628  * don't bother tracking if we did a write_ia during this function.
1629  */
1630 /* TODO: look at client hints for lease times */
1631 
1632 static void
1633 lease_to_client(struct data_string *reply_ret,
1634  struct packet *packet,
1635  const struct data_string *client_id,
1636  const struct data_string *server_id)
1637 {
1638  static struct reply_state reply;
1639  struct option_cache *oc;
1640  struct data_string packet_oro;
1641  int i;
1642 
1643  memset(&packet_oro, 0, sizeof(packet_oro));
1644 
1645  /* Locate the client. */
1646  if (shared_network_from_packet6(&reply.shared,
1647  packet) != ISC_R_SUCCESS)
1648  goto exit;
1649 
1650  /*
1651  * Initialize the reply.
1652  */
1653  packet_reference(&reply.packet, packet, MDL);
1654  data_string_copy(&reply.client_id, client_id, MDL);
1655 
1656  if (!start_reply(packet, client_id, server_id, &reply.opt_state,
1657  &reply.buf.reply))
1658  goto exit;
1659 
1660  /* Set the write cursor to just past the reply header. */
1661  reply.cursor = REPLY_OPTIONS_INDEX;
1662 
1663  /*
1664  * Get the ORO from the packet, if any.
1665  */
1666  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO);
1667  if (oc != NULL) {
1668  if (!evaluate_option_cache(&packet_oro, packet,
1669  NULL, NULL,
1670  packet->options, NULL,
1671  &global_scope, oc, MDL)) {
1672  log_error("lease_to_client: error evaluating ORO.");
1673  goto exit;
1674  }
1675  }
1676 
1677  /*
1678  * Find a host record that matches from the packet, if any, and is
1679  * valid for the shared network the client is on.
1680  */
1681  if (find_hosts_by_uid(&reply.host, client_id->data, client_id->len,
1682  MDL)) {
1683  packet->known = 1;
1684  seek_shared_host(&reply.host, reply.shared);
1685  }
1686 
1687  if ((reply.host == NULL) &&
1688  find_hosts_by_option(&reply.host, packet, packet->options, MDL)) {
1689  packet->known = 1;
1690  seek_shared_host(&reply.host, reply.shared);
1691  }
1692 
1693  /*
1694  * Check for 'hardware' matches last, as some of the synthesis methods
1695  * are not considered to be as reliable.
1696  */
1697  if ((reply.host == NULL) &&
1698  find_hosts_by_duid_chaddr(&reply.host, client_id)) {
1699  packet->known = 1;
1700  seek_shared_host(&reply.host, reply.shared);
1701  }
1702 
1703  /* Process the client supplied IA's onto the reply buffer. */
1704  reply.ia_count = 0;
1706 
1707  for (; oc != NULL ; oc = oc->next) {
1708  isc_result_t status;
1709 
1710  /* Start counting resources (addresses) offered. */
1711  reply.client_resources = 0;
1712  reply.resources_included = ISC_FALSE;
1713 
1714  status = reply_process_ia_na(&reply, oc);
1715 
1716  /*
1717  * We continue to try other IA's whether we can address
1718  * this one or not. Any other result is an immediate fail.
1719  */
1720  if ((status != ISC_R_SUCCESS) &&
1721  (status != ISC_R_NORESOURCES))
1722  goto exit;
1723  }
1725  for (; oc != NULL ; oc = oc->next) {
1726  isc_result_t status;
1727 
1728  /* Start counting resources (addresses) offered. */
1729  reply.client_resources = 0;
1730  reply.resources_included = ISC_FALSE;
1731 
1732  status = reply_process_ia_ta(&reply, oc);
1733 
1734  /*
1735  * We continue to try other IA's whether we can address
1736  * this one or not. Any other result is an immediate fail.
1737  */
1738  if ((status != ISC_R_SUCCESS) &&
1739  (status != ISC_R_NORESOURCES))
1740  goto exit;
1741  }
1742 
1743  /* Same for IA_PD's. */
1744  reply.pd_count = 0;
1746  for (; oc != NULL ; oc = oc->next) {
1747  isc_result_t status;
1748 
1749  /* Start counting resources (prefixes) offered. */
1750  reply.client_resources = 0;
1751  reply.resources_included = ISC_FALSE;
1752 
1753  status = reply_process_ia_pd(&reply, oc);
1754 
1755  /*
1756  * We continue to try other IA_PD's whether we can address
1757  * this one or not. Any other result is an immediate fail.
1758  */
1759  if ((status != ISC_R_SUCCESS) &&
1760  (status != ISC_R_NORESOURCES))
1761  goto exit;
1762  }
1763 
1764  /*
1765  * Make no reply if we gave no resources and is not
1766  * for Information-Request.
1767  */
1768  if ((reply.ia_count == 0) && (reply.pd_count == 0)) {
1769  if (reply.packet->dhcpv6_msg_type !=
1771  goto exit;
1772 
1773  /*
1774  * Because we only execute statements on a per-IA basis,
1775  * we need to execute statements in any non-IA reply to
1776  * source configuration.
1777  */
1778  execute_statements_in_scope(NULL, reply.packet, NULL, NULL,
1779  reply.packet->options,
1780  reply.opt_state, &global_scope,
1781  reply.shared->group, root_group,
1782  NULL);
1783 
1784  /* Execute statements from class scopes. */
1785  for (i = reply.packet->class_count; i > 0; i--) {
1786  execute_statements_in_scope(NULL, reply.packet,
1787  NULL, NULL,
1788  reply.packet->options,
1789  reply.opt_state,
1790  &global_scope,
1791  reply.packet->classes[i - 1]->group,
1792  reply.shared->group, NULL);
1793  }
1794 
1795  /* Bring in any configuration from a host record. */
1796  if (reply.host != NULL)
1797  execute_statements_in_scope(NULL, reply.packet,
1798  NULL, NULL,
1799  reply.packet->options,
1800  reply.opt_state,
1801  &global_scope,
1802  reply.host->group,
1803  reply.shared->group, NULL);
1804  }
1805 
1806  /* reject unicast message, unless we set unicast option */
1807  if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined())
1808  /*
1809  * RFC3315 section 18.2.1 (Request):
1810  *
1811  * When the server receives a Request message via unicast from a client
1812  * to which the server has not sent a unicast option, the server
1813  * discards the Request message and responds with a Reply message
1814  * containing a Status Code option with the value UseMulticast, a Server
1815  * Identifier option containing the server's DUID, the Client Identifier
1816  * option from the client message, and no other options.
1817  *
1818  * Section 18.2.3 (Renew):
1819  *
1820  * When the server receives a Renew message via unicast from a client to
1821  * which the server has not sent a unicast option, the server discards
1822  * the Renew message and responds with a Reply message containing a
1823  * Status Code option with the value UseMulticast, a Server Identifier
1824  * option containing the server's DUID, the Client Identifier option
1825  * from the client message, and no other options.
1826  */
1827  {
1828  /* Set the UseMulticast status code. */
1829  if (!set_status_code(STATUS_UseMulticast,
1830  "Unicast not allowed by server.",
1831  reply.opt_state)) {
1832  log_error("lease_to_client: Unable to set "
1833  "UseMulticast status code.");
1834  goto exit;
1835  }
1836 
1837  /* Rewind the cursor to the start. */
1838  reply.cursor = REPLY_OPTIONS_INDEX;
1839 
1840  /*
1841  * Produce an reply that includes only:
1842  *
1843  * Status code.
1844  * Server DUID.
1845  * Client DUID.
1846  */
1847  reply.cursor += store_options6((char *)reply.buf.data +
1848  reply.cursor,
1849  sizeof(reply.buf) -
1850  reply.cursor,
1851  reply.opt_state, reply.packet,
1852  required_opts_NAA,
1853  NULL);
1854  }
1855 
1856  /*
1857  * RFC3315 section 17.2.2 (Solicit):
1858  *
1859  * If the server will not assign any addresses to any IAs in a
1860  * subsequent Request from the client, the server MUST send an
1861  * Advertise message to the client that includes only a Status
1862  * Code option with code NoAddrsAvail and a status message for
1863  * the user, a Server Identifier option with the server's DUID,
1864  * and a Client Identifier option with the client's DUID.
1865  *
1866  * This has been updated by an errata such that the server
1867  * can always send an IA.
1868  *
1869  * Section 18.2.1 (Request):
1870  *
1871  * If the server cannot assign any addresses to an IA in the
1872  * message from the client, the server MUST include the IA in
1873  * the Reply message with no addresses in the IA and a Status
1874  * Code option in the IA containing status code NoAddrsAvail.
1875  *
1876  * Section 18.1.8 (Client Behavior):
1877  *
1878  * Leave unchanged any information about addresses the client has
1879  * recorded in the IA but that were not included in the IA from
1880  * the server.
1881  * Sends a Renew/Rebind if the IA is not in the Reply message.
1882  */
1883 
1884  /*
1885  * Having stored the client's IA's, store any options that
1886  * will fit in the remaining space.
1887  */
1888  else
1889  reply.cursor += store_options6((char *)reply.buf.data + reply.cursor,
1890  sizeof(reply.buf) - reply.cursor,
1891  reply.opt_state, reply.packet,
1892  required_opts_solicit,
1893  &packet_oro);
1894 
1895  /* Return our reply to the caller. */
1896  reply_ret->len = reply.cursor;
1897  reply_ret->buffer = NULL;
1898  if (!buffer_allocate(&reply_ret->buffer, reply.cursor, MDL)) {
1899  log_fatal("No memory to store Reply.");
1900  }
1901  memcpy(reply_ret->buffer->data, reply.buf.data, reply.cursor);
1902  reply_ret->data = reply_ret->buffer->data;
1903 
1904  /* If appropriate commit and rotate the lease file */
1905  (void) commit_leases_timed();
1906 
1907  exit:
1908  /* Cleanup. */
1909  if (reply.shared != NULL)
1910  shared_network_dereference(&reply.shared, MDL);
1911  if (reply.host != NULL)
1912  host_dereference(&reply.host, MDL);
1913  if (reply.opt_state != NULL)
1914  option_state_dereference(&reply.opt_state, MDL);
1915  if (reply.packet != NULL)
1916  packet_dereference(&reply.packet, MDL);
1917  if (reply.client_id.data != NULL)
1918  data_string_forget(&reply.client_id, MDL);
1919  if (packet_oro.buffer != NULL)
1920  data_string_forget(&packet_oro, MDL);
1921  reply.renew = reply.rebind = reply.prefer = reply.valid = 0;
1922  reply.cursor = 0;
1923 }
1924 
1925 /* Process a client-supplied IA_NA. This may append options to the tail of
1926  * the reply packet being built in the reply_state structure.
1927  */
1928 static isc_result_t
1929 reply_process_ia_na(struct reply_state *reply, struct option_cache *ia) {
1930  isc_result_t status = ISC_R_SUCCESS;
1931  u_int32_t iaid;
1932  unsigned ia_cursor;
1933  struct option_state *packet_ia;
1934  struct option_cache *oc;
1935  struct data_string ia_data, data;
1936 
1937  /* Initialize values that will get cleaned up on return. */
1938  packet_ia = NULL;
1939  memset(&ia_data, 0, sizeof(ia_data));
1940  memset(&data, 0, sizeof(data));
1941  /*
1942  * Note that find_client_address() may set reply->lease.
1943  */
1944 
1945  /* Make sure there is at least room for the header. */
1946  if ((reply->cursor + IA_NA_OFFSET + 4) > sizeof(reply->buf)) {
1947  log_error("reply_process_ia_na: Reply too long for IA.");
1948  return ISC_R_NOSPACE;
1949  }
1950 
1951 
1952  /* Fetch the IA_NA contents. */
1953  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
1954  ia, IA_NA_OFFSET)) {
1955  log_error("reply_process_ia_na: error evaluating ia");
1956  status = ISC_R_FAILURE;
1957  goto cleanup;
1958  }
1959 
1960  /* Extract IA_NA header contents. */
1961  iaid = getULong(ia_data.data);
1962  reply->renew = getULong(ia_data.data + 4);
1963  reply->rebind = getULong(ia_data.data + 8);
1964 
1965  /* Create an IA_NA structure. */
1966  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
1967  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
1968  log_error("reply_process_ia_na: no memory for ia.");
1969  status = ISC_R_NOMEMORY;
1970  goto cleanup;
1971  }
1972  reply->ia->ia_type = D6O_IA_NA;
1973 
1974  /* Cache pre-existing IA, if any. */
1975  ia_hash_lookup(&reply->old_ia, ia_na_active,
1976  (unsigned char *)reply->ia->iaid_duid.data,
1977  reply->ia->iaid_duid.len, MDL);
1978 
1979  /*
1980  * Create an option cache to carry the IA_NA option contents, and
1981  * execute any user-supplied values into it.
1982  */
1983  if (!option_state_allocate(&reply->reply_ia, MDL)) {
1984  status = ISC_R_NOMEMORY;
1985  goto cleanup;
1986  }
1987 
1988  /* Check & cache the fixed host record. */
1989  if ((reply->host != NULL) && (reply->host->fixed_addr != NULL)) {
1990  struct iaddr tmp_addr;
1991 
1992  if (!evaluate_option_cache(&reply->fixed, NULL, NULL, NULL,
1993  NULL, NULL, &global_scope,
1994  reply->host->fixed_addr, MDL)) {
1995  log_error("reply_process_ia_na: unable to evaluate "
1996  "fixed address.");
1997  status = ISC_R_FAILURE;
1998  goto cleanup;
1999  }
2000 
2001  if (reply->fixed.len < 16) {
2002  log_error("reply_process_ia_na: invalid fixed address.");
2003  status = DHCP_R_INVALIDARG;
2004  goto cleanup;
2005  }
2006 
2007  /* Find the static lease's subnet. */
2008  tmp_addr.len = 16;
2009  memcpy(tmp_addr.iabuf, reply->fixed.data, 16);
2010 
2011  if (find_grouped_subnet(&reply->subnet, reply->shared,
2012  tmp_addr, MDL) == 0)
2013  log_fatal("Impossible condition at %s:%d.", MDL);
2014 
2015  reply->static_lease = ISC_TRUE;
2016  } else
2017  reply->static_lease = ISC_FALSE;
2018 
2019  /*
2020  * Save the cursor position at the start of the IA, so we can
2021  * set length and adjust t1/t2 values later. We write a temporary
2022  * header out now just in case we decide to adjust the packet
2023  * within sub-process functions.
2024  */
2025  ia_cursor = reply->cursor;
2026 
2027  /* Initialize the IA_NA header. First the code. */
2028  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_NA);
2029  reply->cursor += 2;
2030 
2031  /* Then option length. */
2032  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
2033  reply->cursor += 2;
2034 
2035  /* Then IA_NA header contents; IAID. */
2036  putULong(reply->buf.data + reply->cursor, iaid);
2037  reply->cursor += 4;
2038 
2039  /* We store the client's t1 for now, and may over-ride it later. */
2040  putULong(reply->buf.data + reply->cursor, reply->renew);
2041  reply->cursor += 4;
2042 
2043  /* We store the client's t2 for now, and may over-ride it later. */
2044  putULong(reply->buf.data + reply->cursor, reply->rebind);
2045  reply->cursor += 4;
2046 
2047  /*
2048  * For each address in this IA_NA, decide what to do about it.
2049  *
2050  * Guidelines:
2051  *
2052  * The client leaves unchanged any information about addresses
2053  * it has recorded but are not included ("cancel/break" below).
2054  * A not included IA ("cleanup" below) could give a Renew/Rebind.
2055  */
2056  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2057  reply->valid = reply->prefer = 0xffffffff;
2058  reply->client_valid = reply->client_prefer = 0;
2059  for (; oc != NULL ; oc = oc->next) {
2060  status = reply_process_addr(reply, oc);
2061 
2062  /*
2063  * Canceled means we did not allocate addresses to the
2064  * client, but we're "done" with this IA - we set a status
2065  * code. So transmit this reply, e.g., move on to the next
2066  * IA.
2067  */
2068  if (status == ISC_R_CANCELED)
2069  break;
2070 
2071  if ((status != ISC_R_SUCCESS) &&
2072  (status != ISC_R_ADDRINUSE) &&
2073  (status != ISC_R_ADDRNOTAVAIL))
2074  goto cleanup;
2075  }
2076 
2077  reply->ia_count++;
2078 
2079  /*
2080  * If we fell through the above and never gave the client
2081  * an address, give it one now.
2082  */
2083  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
2084  status = find_client_address(reply);
2085 
2086  if (status == ISC_R_NORESOURCES) {
2087  switch (reply->packet->dhcpv6_msg_type) {
2088  case DHCPV6_SOLICIT:
2089  /*
2090  * No address for any IA is handled
2091  * by the caller.
2092  */
2093  /* FALL THROUGH */
2094 
2095  case DHCPV6_REQUEST:
2096  /* Section 18.2.1 (Request):
2097  *
2098  * If the server cannot assign any addresses to
2099  * an IA in the message from the client, the
2100  * server MUST include the IA in the Reply
2101  * message with no addresses in the IA and a
2102  * Status Code option in the IA containing
2103  * status code NoAddrsAvail.
2104  */
2105  option_state_dereference(&reply->reply_ia, MDL);
2106  if (!option_state_allocate(&reply->reply_ia,
2107  MDL))
2108  {
2109  log_error("reply_process_ia_na: No "
2110  "memory for option state "
2111  "wipe.");
2112  status = ISC_R_NOMEMORY;
2113  goto cleanup;
2114  }
2115 
2116  if (!set_status_code(STATUS_NoAddrsAvail,
2117  "No addresses available "
2118  "for this interface.",
2119  reply->reply_ia)) {
2120  log_error("reply_process_ia_na: Unable "
2121  "to set NoAddrsAvail status "
2122  "code.");
2123  status = ISC_R_FAILURE;
2124  goto cleanup;
2125  }
2126 
2127  status = ISC_R_SUCCESS;
2128  break;
2129 
2130  default:
2131  /*
2132  * RFC 3315 does not tell us to emit a status
2133  * code in this condition, or anything else.
2134  *
2135  * If we included non-allocated addresses
2136  * (zeroed lifetimes) in an IA, then the client
2137  * will deconfigure them.
2138  *
2139  * So we want to include the IA even if we
2140  * can't give it a new address if it includes
2141  * zeroed lifetime addresses.
2142  *
2143  * We don't want to include the IA if we
2144  * provide zero addresses including zeroed
2145  * lifetimes.
2146  */
2147  if (reply->resources_included)
2148  status = ISC_R_SUCCESS;
2149  else
2150  goto cleanup;
2151  break;
2152  }
2153  }
2154 
2155  if (status != ISC_R_SUCCESS)
2156  goto cleanup;
2157  }
2158 
2159  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2160  sizeof(reply->buf) - reply->cursor,
2161  reply->reply_ia, reply->packet,
2162  required_opts_IA, NULL);
2163 
2164  /* Reset the length of this IA to match what was just written. */
2165  putUShort(reply->buf.data + ia_cursor + 2,
2166  reply->cursor - (ia_cursor + 4));
2167 
2168  /*
2169  * T1/T2 time selection is kind of weird. We actually use DHCP
2170  * (v4) scoped options as handy existing places where these might
2171  * be configured by an administrator. A value of zero tells the
2172  * client it may choose its own renewal time.
2173  */
2174  reply->renew = 0;
2175  oc = lookup_option(&dhcp_universe, reply->opt_state,
2177  if (oc != NULL) {
2178  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
2179  reply->packet->options,
2180  reply->opt_state, &global_scope,
2181  oc, MDL) ||
2182  (data.len != 4)) {
2183  log_error("Invalid renewal time.");
2184  } else {
2185  reply->renew = getULong(data.data);
2186  }
2187 
2188  if (data.data != NULL)
2189  data_string_forget(&data, MDL);
2190  }
2191  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
2192 
2193  /* Now T2. */
2194  reply->rebind = 0;
2195  oc = lookup_option(&dhcp_universe, reply->opt_state,
2197  if (oc != NULL) {
2198  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
2199  reply->packet->options,
2200  reply->opt_state, &global_scope,
2201  oc, MDL) ||
2202  (data.len != 4)) {
2203  log_error("Invalid rebinding time.");
2204  } else {
2205  reply->rebind = getULong(data.data);
2206  }
2207 
2208  if (data.data != NULL)
2209  data_string_forget(&data, MDL);
2210  }
2211  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
2212 
2213  /*
2214  * yes, goto's aren't the best but we also want to avoid extra
2215  * indents
2216  */
2217  if (status == ISC_R_CANCELED)
2218  goto cleanup;
2219 
2220  /*
2221  * Handle static leases, we always log stuff and if it's
2222  * a hard binding we run any commit statements that we have
2223  */
2224  if (reply->static_lease) {
2225  char tmp_addr[INET6_ADDRSTRLEN];
2226  log_info("%s NA: address %s to client with duid %s iaid = %d "
2227  "static",
2228  dhcpv6_type_names[reply->buf.reply.msg_type],
2229  inet_ntop(AF_INET6, reply->fixed.data, tmp_addr,
2230  sizeof(tmp_addr)),
2231  print_hex_1(reply->client_id.len,
2232  reply->client_id.data, 60),
2233  iaid);
2234 
2235  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
2236  (reply->on_star.on_commit != NULL)) {
2237  execute_statements(NULL, reply->packet, NULL, NULL,
2238  reply->packet->options,
2239  reply->opt_state, NULL,
2240  reply->on_star.on_commit, NULL);
2242  (&reply->on_star.on_commit, MDL);
2243  }
2244  goto cleanup;
2245  }
2246 
2247  /*
2248  * If we have any addresses log what we are doing.
2249  */
2250  if (reply->ia->num_iasubopt != 0) {
2251  struct iasubopt *tmp;
2252  int i;
2253  char tmp_addr[INET6_ADDRSTRLEN];
2254 
2255  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2256  tmp = reply->ia->iasubopt[i];
2257 
2258  log_info("%s NA: address %s to client with duid %s "
2259  "iaid = %d valid for %d seconds",
2260  dhcpv6_type_names[reply->buf.reply.msg_type],
2261  inet_ntop(AF_INET6, &tmp->addr,
2262  tmp_addr, sizeof(tmp_addr)),
2263  print_hex_1(reply->client_id.len,
2264  reply->client_id.data, 60),
2265  iaid, tmp->valid);
2266  }
2267  }
2268 
2269  /*
2270  * If this is not a 'soft' binding, consume the new changes into
2271  * the database (if any have been attached to the ia_na).
2272  *
2273  * Loop through the assigned dynamic addresses, referencing the
2274  * leases onto this IA_NA rather than any old ones, and updating
2275  * pool timers for each (if any).
2276  */
2277 
2278  if ((reply->ia->num_iasubopt != 0) &&
2279  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
2280  struct iasubopt *tmp;
2281  struct data_string *ia_id;
2282  int i;
2283 
2284  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2285  tmp = reply->ia->iasubopt[i];
2286 
2287  if (tmp->ia != NULL)
2288  ia_dereference(&tmp->ia, MDL);
2289  ia_reference(&tmp->ia, reply->ia, MDL);
2290 
2291  /* Commit 'hard' bindings. */
2292  renew_lease6(tmp->ipv6_pool, tmp);
2294 
2295  /* If we have anything to do on commit do it now */
2296  if (tmp->on_star.on_commit != NULL) {
2297  execute_statements(NULL, reply->packet,
2298  NULL, NULL,
2299  reply->packet->options,
2300  reply->opt_state,
2301  &tmp->scope,
2302  tmp->on_star.on_commit,
2303  &tmp->on_star);
2305  (&tmp->on_star.on_commit, MDL);
2306  }
2307 
2308 #if defined (NSUPDATE)
2309  /*
2310  * Perform ddns updates.
2311  */
2312  oc = lookup_option(&server_universe, reply->opt_state,
2313  SV_DDNS_UPDATES);
2314  if ((oc == NULL) ||
2315  evaluate_boolean_option_cache(NULL, reply->packet,
2316  NULL, NULL,
2317  reply->packet->options,
2318  reply->opt_state,
2319  &tmp->scope,
2320  oc, MDL)) {
2321  ddns_updates(reply->packet, NULL, NULL,
2322  tmp, NULL, reply->opt_state);
2323  }
2324 #endif
2325  /* Do our threshold check. */
2326  check_pool6_threshold(reply, tmp);
2327  }
2328 
2329  /* Remove any old ia from the hash. */
2330  if (reply->old_ia != NULL) {
2331  ia_id = &reply->old_ia->iaid_duid;
2332  ia_hash_delete(ia_na_active,
2333  (unsigned char *)ia_id->data,
2334  ia_id->len, MDL);
2335  ia_dereference(&reply->old_ia, MDL);
2336  }
2337 
2338  /* Put new ia into the hash. */
2339  reply->ia->cltt = cur_time;
2340  ia_id = &reply->ia->iaid_duid;
2341  ia_hash_add(ia_na_active, (unsigned char *)ia_id->data,
2342  ia_id->len, reply->ia, MDL);
2343 
2344  write_ia(reply->ia);
2345  } else {
2346  schedule_lease_timeout_reply(reply);
2347  }
2348 
2349  cleanup:
2350  if (packet_ia != NULL)
2351  option_state_dereference(&packet_ia, MDL);
2352  if (reply->reply_ia != NULL)
2353  option_state_dereference(&reply->reply_ia, MDL);
2354  if (ia_data.data != NULL)
2355  data_string_forget(&ia_data, MDL);
2356  if (data.data != NULL)
2358  if (reply->ia != NULL)
2359  ia_dereference(&reply->ia, MDL);
2360  if (reply->old_ia != NULL)
2361  ia_dereference(&reply->old_ia, MDL);
2362  if (reply->lease != NULL)
2363  iasubopt_dereference(&reply->lease, MDL);
2364  if (reply->fixed.data != NULL)
2365  data_string_forget(&reply->fixed, MDL);
2366  if (reply->subnet != NULL)
2367  subnet_dereference(&reply->subnet, MDL);
2368  if (reply->on_star.on_expiry != NULL)
2370  (&reply->on_star.on_expiry, MDL);
2371  if (reply->on_star.on_release != NULL)
2373  (&reply->on_star.on_release, MDL);
2374 
2375  /*
2376  * ISC_R_CANCELED is a status code used by the addr processing to
2377  * indicate we're replying with a status code. This is still a
2378  * success at higher layers.
2379  */
2380  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
2381 }
2382 
2383 /*
2384  * Process an IAADDR within a given IA_xA, storing any IAADDR reply contents
2385  * into the reply's current ia-scoped option cache. Returns ISC_R_CANCELED
2386  * in the event we are replying with a status code and do not wish to process
2387  * more IAADDRs within this IA.
2388  */
2389 static isc_result_t
2390 reply_process_addr(struct reply_state *reply, struct option_cache *addr) {
2391  u_int32_t pref_life, valid_life;
2392  struct binding_scope **scope;
2393  struct group *group;
2394  struct subnet *subnet;
2395  struct iaddr tmp_addr;
2396  struct option_cache *oc;
2397  struct data_string iaaddr, data;
2398  isc_result_t status = ISC_R_SUCCESS;
2399 
2400  /* Initializes values that will be cleaned up. */
2401  memset(&iaaddr, 0, sizeof(iaaddr));
2402  memset(&data, 0, sizeof(data));
2403  /* Note that reply->lease may be set by address_is_owned() */
2404 
2405  /*
2406  * There is no point trying to process an incoming address if there
2407  * is no room for an outgoing address.
2408  */
2409  if ((reply->cursor + 28) > sizeof(reply->buf)) {
2410  log_error("reply_process_addr: Out of room for address.");
2411  return ISC_R_NOSPACE;
2412  }
2413 
2414  /* Extract this IAADDR option. */
2415  if (!evaluate_option_cache(&iaaddr, reply->packet, NULL, NULL,
2416  reply->packet->options, NULL, &global_scope,
2417  addr, MDL) ||
2418  (iaaddr.len < IAADDR_OFFSET)) {
2419  log_error("reply_process_addr: error evaluating IAADDR.");
2420  status = ISC_R_FAILURE;
2421  goto cleanup;
2422  }
2423 
2424  /* The first 16 bytes are the IPv6 address. */
2425  pref_life = getULong(iaaddr.data + 16);
2426  valid_life = getULong(iaaddr.data + 20);
2427 
2428  if ((reply->client_valid == 0) ||
2429  (reply->client_valid > valid_life))
2430  reply->client_valid = valid_life;
2431 
2432  if ((reply->client_prefer == 0) ||
2433  (reply->client_prefer > pref_life))
2434  reply->client_prefer = pref_life;
2435 
2436  /*
2437  * Clients may choose to send :: as an address, with the idea to give
2438  * hints about preferred-lifetime or valid-lifetime.
2439  */
2440  tmp_addr.len = 16;
2441  memset(tmp_addr.iabuf, 0, 16);
2442  if (!memcmp(iaaddr.data, tmp_addr.iabuf, 16)) {
2443  /* Status remains success; we just ignore this one. */
2444  goto cleanup;
2445  }
2446 
2447  /* tmp_addr len remains 16 */
2448  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2449 
2450  /*
2451  * Verify that this address is on the client's network.
2452  */
2453  for (subnet = reply->shared->subnets ; subnet != NULL ;
2454  subnet = subnet->next_sibling) {
2455  if (addr_eq(subnet_number(tmp_addr, subnet->netmask),
2456  subnet->net))
2457  break;
2458  }
2459 
2460  /* Address not found on shared network. */
2461  if (subnet == NULL) {
2462  /* Ignore this address on 'soft' bindings. */
2463  if (reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) {
2464  /* disable rapid commit */
2465  reply->buf.reply.msg_type = DHCPV6_ADVERTISE;
2467  reply->opt_state,
2469  /* status remains success */
2470  goto cleanup;
2471  }
2472 
2473  /*
2474  * RFC3315 section 18.2.1:
2475  *
2476  * If the server finds that the prefix on one or more IP
2477  * addresses in any IA in the message from the client is not
2478  * appropriate for the link to which the client is connected,
2479  * the server MUST return the IA to the client with a Status
2480  * Code option with the value NotOnLink.
2481  */
2482  if (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) {
2483  /* Rewind the IA_NA to empty. */
2484  option_state_dereference(&reply->reply_ia, MDL);
2485  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2486  log_error("reply_process_addr: No memory for "
2487  "option state wipe.");
2488  status = ISC_R_NOMEMORY;
2489  goto cleanup;
2490  }
2491 
2492  /* Append a NotOnLink status code. */
2493  if (!set_status_code(STATUS_NotOnLink,
2494  "Address not for use on this "
2495  "link.", reply->reply_ia)) {
2496  log_error("reply_process_addr: Failure "
2497  "setting status code.");
2498  status = ISC_R_FAILURE;
2499  goto cleanup;
2500  }
2501 
2502  /* Fin (no more IAADDRs). */
2503  status = ISC_R_CANCELED;
2504  goto cleanup;
2505  }
2506 
2507  /*
2508  * RFC3315 sections 18.2.3 and 18.2.4 have identical language:
2509  *
2510  * If the server finds that any of the addresses are not
2511  * appropriate for the link to which the client is attached,
2512  * the server returns the address to the client with lifetimes
2513  * of 0.
2514  */
2515  if ((reply->packet->dhcpv6_msg_type != DHCPV6_RENEW) &&
2516  (reply->packet->dhcpv6_msg_type != DHCPV6_REBIND)) {
2517  log_error("It is impossible to lease a client that is "
2518  "not sending a solicit, request, renew, or "
2519  "rebind.");
2520  status = ISC_R_FAILURE;
2521  goto cleanup;
2522  }
2523 
2524  reply->send_prefer = reply->send_valid = 0;
2525  goto send_addr;
2526  }
2527 
2528  /* Verify the address belongs to the client. */
2529  if (!address_is_owned(reply, &tmp_addr)) {
2530  /*
2531  * For solicit and request, any addresses included are
2532  * 'requested' addresses. For rebind, we actually have
2533  * no direction on what to do from 3315 section 18.2.4!
2534  * So I think the best bet is to try and give it out, and if
2535  * we can't, zero lifetimes.
2536  */
2537  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
2538  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
2539  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
2540  status = reply_process_try_addr(reply, &tmp_addr);
2541 
2542  /*
2543  * If the address is in use, or isn't in any dynamic
2544  * range, continue as normal. If any other error was
2545  * found, error out.
2546  */
2547  if ((status != ISC_R_SUCCESS) &&
2548  (status != ISC_R_ADDRINUSE) &&
2549  (status != ISC_R_ADDRNOTAVAIL))
2550  goto cleanup;
2551 
2552  /*
2553  * If we didn't honor this lease, for solicit and
2554  * request we simply omit it from our answer. For
2555  * rebind, we send it with zeroed lifetimes.
2556  */
2557  if (reply->lease == NULL) {
2558  if (reply->packet->dhcpv6_msg_type ==
2559  DHCPV6_REBIND) {
2560  reply->send_prefer = 0;
2561  reply->send_valid = 0;
2562  goto send_addr;
2563  }
2564 
2565  /* status remains success - ignore */
2566  goto cleanup;
2567  }
2568  /*
2569  * RFC3315 section 18.2.3:
2570  *
2571  * If the server cannot find a client entry for the IA the
2572  * server returns the IA containing no addresses with a Status
2573  * Code option set to NoBinding in the Reply message.
2574  *
2575  * On mismatch we (ab)use this pretending we have not the IA
2576  * as soon as we have not an address.
2577  */
2578  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
2579  /* Rewind the IA_NA to empty. */
2580  option_state_dereference(&reply->reply_ia, MDL);
2581  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2582  log_error("reply_process_addr: No memory for "
2583  "option state wipe.");
2584  status = ISC_R_NOMEMORY;
2585  goto cleanup;
2586  }
2587 
2588  /* Append a NoBinding status code. */
2589  if (!set_status_code(STATUS_NoBinding,
2590  "Address not bound to this "
2591  "interface.", reply->reply_ia)) {
2592  log_error("reply_process_addr: Unable to "
2593  "attach status code.");
2594  status = ISC_R_FAILURE;
2595  goto cleanup;
2596  }
2597 
2598  /* Fin (no more IAADDRs). */
2599  status = ISC_R_CANCELED;
2600  goto cleanup;
2601  } else {
2602  log_error("It is impossible to lease a client that is "
2603  "not sending a solicit, request, renew, or "
2604  "rebind message.");
2605  status = ISC_R_FAILURE;
2606  goto cleanup;
2607  }
2608  }
2609 
2610  if (reply->static_lease) {
2611  if (reply->host == NULL)
2612  log_fatal("Impossible condition at %s:%d.", MDL);
2613 
2614  scope = &global_scope;
2615  group = reply->subnet->group;
2616  } else {
2617  if (reply->lease == NULL)
2618  log_fatal("Impossible condition at %s:%d.", MDL);
2619 
2620  scope = &reply->lease->scope;
2621  group = reply->lease->ipv6_pool->ipv6_pond->group;
2622  }
2623 
2624  /*
2625  * If client_resources is nonzero, then the reply_process_is_addressed
2626  * function has executed configuration state into the reply option
2627  * cache. We will use that valid cache to derive configuration for
2628  * whether or not to engage in additional addresses, and similar.
2629  */
2630  if (reply->client_resources != 0) {
2631  unsigned limit = 1;
2632 
2633  /*
2634  * Does this client have "enough" addresses already? Default
2635  * to one. Everybody gets one, and one should be enough for
2636  * anybody.
2637  */
2638  oc = lookup_option(&server_universe, reply->opt_state,
2640  if (oc != NULL) {
2641  if (!evaluate_option_cache(&data, reply->packet,
2642  NULL, NULL,
2643  reply->packet->options,
2644  reply->opt_state,
2645  scope, oc, MDL) ||
2646  (data.len != 4)) {
2647  log_error("reply_process_addr: unable to "
2648  "evaluate addrs-per-ia value.");
2649  status = ISC_R_FAILURE;
2650  goto cleanup;
2651  }
2652 
2653  limit = getULong(data.data);
2655  }
2656 
2657  /*
2658  * If we wish to limit the client to a certain number of
2659  * addresses, then omit the address from the reply.
2660  */
2661  if (reply->client_resources >= limit)
2662  goto cleanup;
2663  }
2664 
2665  status = reply_process_is_addressed(reply, scope, group);
2666  if (status != ISC_R_SUCCESS)
2667  goto cleanup;
2668 
2669  send_addr:
2670  status = reply_process_send_addr(reply, &tmp_addr);
2671 
2672  cleanup:
2673  if (iaaddr.data != NULL)
2674  data_string_forget(&iaaddr, MDL);
2675  if (data.data != NULL)
2677  if (reply->lease != NULL)
2678  iasubopt_dereference(&reply->lease, MDL);
2679 
2680  return status;
2681 }
2682 
2683 /*
2684  * Verify the address belongs to the client. If we've got a host
2685  * record with a fixed address, it has to be the assigned address
2686  * (fault out all else). Otherwise it's a dynamic address, so lookup
2687  * that address and make sure it belongs to this DUID:IAID pair.
2688  */
2689 static isc_boolean_t
2690 address_is_owned(struct reply_state *reply, struct iaddr *addr) {
2691  int i;
2692  struct ipv6_pond *pond;
2693 
2694  /*
2695  * This faults out addresses that don't match fixed addresses.
2696  */
2697  if (reply->static_lease) {
2698  if (reply->fixed.data == NULL)
2699  log_fatal("Impossible condition at %s:%d.", MDL);
2700 
2701  if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
2702  return (ISC_TRUE);
2703 
2704  return (ISC_FALSE);
2705  }
2706 
2707  if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
2708  return (ISC_FALSE);
2709 
2710  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
2711  struct iasubopt *tmp;
2712 
2713  tmp = reply->old_ia->iasubopt[i];
2714 
2715  if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
2716  if (lease6_usable(tmp) == ISC_FALSE) {
2717  return (ISC_FALSE);
2718  }
2719 
2720  pond = tmp->ipv6_pool->ipv6_pond;
2721  if (((pond->prohibit_list != NULL) &&
2722  (permitted(reply->packet, pond->prohibit_list))) ||
2723  ((pond->permit_list != NULL) &&
2724  (!permitted(reply->packet, pond->permit_list))))
2725  return (ISC_FALSE);
2726 
2727  iasubopt_reference(&reply->lease, tmp, MDL);
2728 
2729  return (ISC_TRUE);
2730  }
2731  }
2732 
2733  return (ISC_FALSE);
2734 }
2735 
2736 /* Process a client-supplied IA_TA. This may append options to the tail of
2737  * the reply packet being built in the reply_state structure.
2738  */
2739 static isc_result_t
2740 reply_process_ia_ta(struct reply_state *reply, struct option_cache *ia) {
2741  isc_result_t status = ISC_R_SUCCESS;
2742  u_int32_t iaid;
2743  unsigned ia_cursor;
2744  struct option_state *packet_ia;
2745  struct option_cache *oc;
2746  struct data_string ia_data, data;
2747  struct data_string iaaddr;
2748  u_int32_t pref_life, valid_life;
2749  struct iaddr tmp_addr;
2750 
2751  /* Initialize values that will get cleaned up on return. */
2752  packet_ia = NULL;
2753  memset(&ia_data, 0, sizeof(ia_data));
2754  memset(&data, 0, sizeof(data));
2755  memset(&iaaddr, 0, sizeof(iaaddr));
2756 
2757  /* Make sure there is at least room for the header. */
2758  if ((reply->cursor + IA_TA_OFFSET + 4) > sizeof(reply->buf)) {
2759  log_error("reply_process_ia_ta: Reply too long for IA.");
2760  return ISC_R_NOSPACE;
2761  }
2762 
2763 
2764  /* Fetch the IA_TA contents. */
2765  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
2766  ia, IA_TA_OFFSET)) {
2767  log_error("reply_process_ia_ta: error evaluating ia");
2768  status = ISC_R_FAILURE;
2769  goto cleanup;
2770  }
2771 
2772  /* Extract IA_TA header contents. */
2773  iaid = getULong(ia_data.data);
2774 
2775  /* Create an IA_TA structure. */
2776  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
2777  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
2778  log_error("reply_process_ia_ta: no memory for ia.");
2779  status = ISC_R_NOMEMORY;
2780  goto cleanup;
2781  }
2782  reply->ia->ia_type = D6O_IA_TA;
2783 
2784  /* Cache pre-existing IA, if any. */
2785  ia_hash_lookup(&reply->old_ia, ia_ta_active,
2786  (unsigned char *)reply->ia->iaid_duid.data,
2787  reply->ia->iaid_duid.len, MDL);
2788 
2789  /*
2790  * Create an option cache to carry the IA_TA option contents, and
2791  * execute any user-supplied values into it.
2792  */
2793  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2794  status = ISC_R_NOMEMORY;
2795  goto cleanup;
2796  }
2797 
2798  /*
2799  * Temporary leases are dynamic by definition.
2800  */
2801  reply->static_lease = ISC_FALSE;
2802 
2803  /*
2804  * Save the cursor position at the start of the IA, so we can
2805  * set length later. We write a temporary
2806  * header out now just in case we decide to adjust the packet
2807  * within sub-process functions.
2808  */
2809  ia_cursor = reply->cursor;
2810 
2811  /* Initialize the IA_TA header. First the code. */
2812  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_TA);
2813  reply->cursor += 2;
2814 
2815  /* Then option length. */
2816  putUShort(reply->buf.data + reply->cursor, 0x04u);
2817  reply->cursor += 2;
2818 
2819  /* Then IA_TA header contents; IAID. */
2820  putULong(reply->buf.data + reply->cursor, iaid);
2821  reply->cursor += 4;
2822 
2823  /*
2824  * Deal with an IAADDR for lifetimes.
2825  * For all or none, process IAADDRs as hints.
2826  */
2827  reply->valid = reply->prefer = 0xffffffff;
2828  reply->client_valid = reply->client_prefer = 0;
2829  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAADDR);
2830  for (; oc != NULL; oc = oc->next) {
2831  memset(&iaaddr, 0, sizeof(iaaddr));
2832  if (!evaluate_option_cache(&iaaddr, reply->packet,
2833  NULL, NULL,
2834  reply->packet->options, NULL,
2835  &global_scope, oc, MDL) ||
2836  (iaaddr.len < IAADDR_OFFSET)) {
2837  log_error("reply_process_ia_ta: error "
2838  "evaluating IAADDR.");
2839  status = ISC_R_FAILURE;
2840  goto cleanup;
2841  }
2842  /* The first 16 bytes are the IPv6 address. */
2843  pref_life = getULong(iaaddr.data + 16);
2844  valid_life = getULong(iaaddr.data + 20);
2845 
2846  if ((reply->client_valid == 0) ||
2847  (reply->client_valid > valid_life))
2848  reply->client_valid = valid_life;
2849 
2850  if ((reply->client_prefer == 0) ||
2851  (reply->client_prefer > pref_life))
2852  reply->client_prefer = pref_life;
2853 
2854  /* Nothing more if something has failed. */
2855  if (status == ISC_R_CANCELED)
2856  continue;
2857 
2858  tmp_addr.len = 16;
2859  memcpy(tmp_addr.iabuf, iaaddr.data, 16);
2860  if (!temporary_is_available(reply, &tmp_addr))
2861  goto bad_temp;
2862  status = reply_process_is_addressed(reply,
2863  &reply->lease->scope,
2864  reply->lease->ipv6_pool->ipv6_pond->group);
2865  if (status != ISC_R_SUCCESS)
2866  goto bad_temp;
2867  status = reply_process_send_addr(reply, &tmp_addr);
2868  if (status != ISC_R_SUCCESS)
2869  goto bad_temp;
2870  if (reply->lease != NULL)
2871  iasubopt_dereference(&reply->lease, MDL);
2872  continue;
2873 
2874  bad_temp:
2875  /* Rewind the IA_TA to empty. */
2876  option_state_dereference(&reply->reply_ia, MDL);
2877  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2878  status = ISC_R_NOMEMORY;
2879  goto cleanup;
2880  }
2881  status = ISC_R_CANCELED;
2882  reply->client_resources = 0;
2883  reply->resources_included = ISC_FALSE;
2884  if (reply->lease != NULL)
2885  iasubopt_dereference(&reply->lease, MDL);
2886  }
2887  reply->ia_count++;
2888 
2889  /*
2890  * Give the client temporary addresses.
2891  */
2892  if (reply->client_resources != 0)
2893  goto store;
2894  status = find_client_temporaries(reply);
2895  if (status == ISC_R_NORESOURCES) {
2896  switch (reply->packet->dhcpv6_msg_type) {
2897  case DHCPV6_SOLICIT:
2898  /*
2899  * No address for any IA is handled
2900  * by the caller.
2901  */
2902  /* FALL THROUGH */
2903 
2904  case DHCPV6_REQUEST:
2905  /* Section 18.2.1 (Request):
2906  *
2907  * If the server cannot assign any addresses to
2908  * an IA in the message from the client, the
2909  * server MUST include the IA in the Reply
2910  * message with no addresses in the IA and a
2911  * Status Code option in the IA containing
2912  * status code NoAddrsAvail.
2913  */
2914  option_state_dereference(&reply->reply_ia, MDL);
2915  if (!option_state_allocate(&reply->reply_ia, MDL)) {
2916  log_error("reply_process_ia_ta: No "
2917  "memory for option state wipe.");
2918  status = ISC_R_NOMEMORY;
2919  goto cleanup;
2920  }
2921 
2922  if (!set_status_code(STATUS_NoAddrsAvail,
2923  "No addresses available "
2924  "for this interface.",
2925  reply->reply_ia)) {
2926  log_error("reply_process_ia_ta: Unable "
2927  "to set NoAddrsAvail status code.");
2928  status = ISC_R_FAILURE;
2929  goto cleanup;
2930  }
2931 
2932  status = ISC_R_SUCCESS;
2933  break;
2934 
2935  default:
2936  /*
2937  * We don't want to include the IA if we
2938  * provide zero addresses including zeroed
2939  * lifetimes.
2940  */
2941  if (reply->resources_included)
2942  status = ISC_R_SUCCESS;
2943  else
2944  goto cleanup;
2945  break;
2946  }
2947  } else if (status != ISC_R_SUCCESS)
2948  goto cleanup;
2949 
2950  store:
2951  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
2952  sizeof(reply->buf) - reply->cursor,
2953  reply->reply_ia, reply->packet,
2954  required_opts_IA, NULL);
2955 
2956  /* Reset the length of this IA to match what was just written. */
2957  putUShort(reply->buf.data + ia_cursor + 2,
2958  reply->cursor - (ia_cursor + 4));
2959 
2960  /*
2961  * yes, goto's aren't the best but we also want to avoid extra
2962  * indents
2963  */
2964  if (status == ISC_R_CANCELED)
2965  goto cleanup;
2966 
2967  /*
2968  * If we have any addresses log what we are doing.
2969  */
2970  if (reply->ia->num_iasubopt != 0) {
2971  struct iasubopt *tmp;
2972  int i;
2973  char tmp_addr[INET6_ADDRSTRLEN];
2974 
2975  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
2976  tmp = reply->ia->iasubopt[i];
2977 
2978  log_info("%s TA: address %s to client with duid %s "
2979  "iaid = %d valid for %d seconds",
2980  dhcpv6_type_names[reply->buf.reply.msg_type],
2981  inet_ntop(AF_INET6, &tmp->addr,
2982  tmp_addr, sizeof(tmp_addr)),
2983  print_hex_1(reply->client_id.len,
2984  reply->client_id.data, 60),
2985  iaid,
2986  tmp->valid);
2987  }
2988  }
2989 
2990  /*
2991  * For hard bindings we consume the new changes into
2992  * the database (if any have been attached to the ia_ta).
2993  *
2994  * Loop through the assigned dynamic addresses, referencing the
2995  * leases onto this IA_TA rather than any old ones, and updating
2996  * pool timers for each (if any).
2997  */
2998  if ((reply->ia->num_iasubopt != 0) &&
2999  (reply->buf.reply.msg_type == DHCPV6_REPLY)) {
3000  struct iasubopt *tmp;
3001  struct data_string *ia_id;
3002  int i;
3003 
3004  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
3005  tmp = reply->ia->iasubopt[i];
3006 
3007  if (tmp->ia != NULL)
3008  ia_dereference(&tmp->ia, MDL);
3009  ia_reference(&tmp->ia, reply->ia, MDL);
3010 
3011  /* Commit 'hard' bindings. */
3012  renew_lease6(tmp->ipv6_pool, tmp);
3014 
3015  /* If we have anything to do on commit do it now */
3016  if (tmp->on_star.on_commit != NULL) {
3017  execute_statements(NULL, reply->packet,
3018  NULL, NULL,
3019  reply->packet->options,
3020  reply->opt_state,
3021  &tmp->scope,
3022  tmp->on_star.on_commit,
3023  &tmp->on_star);
3025  (&tmp->on_star.on_commit, MDL);
3026  }
3027 
3028 #if defined (NSUPDATE)
3029  /*
3030  * Perform ddns updates.
3031  */
3032  oc = lookup_option(&server_universe, reply->opt_state,
3033  SV_DDNS_UPDATES);
3034  if ((oc == NULL) ||
3035  evaluate_boolean_option_cache(NULL, reply->packet,
3036  NULL, NULL,
3037  reply->packet->options,
3038  reply->opt_state,
3039  &tmp->scope,
3040  oc, MDL)) {
3041  ddns_updates(reply->packet, NULL, NULL,
3042  tmp, NULL, reply->opt_state);
3043  }
3044 #endif
3045  /* Do our threshold check. */
3046  check_pool6_threshold(reply, tmp);
3047  }
3048 
3049  /* Remove any old ia from the hash. */
3050  if (reply->old_ia != NULL) {
3051  ia_id = &reply->old_ia->iaid_duid;
3052  ia_hash_delete(ia_ta_active,
3053  (unsigned char *)ia_id->data,
3054  ia_id->len, MDL);
3055  ia_dereference(&reply->old_ia, MDL);
3056  }
3057 
3058  /* Put new ia into the hash. */
3059  reply->ia->cltt = cur_time;
3060  ia_id = &reply->ia->iaid_duid;
3061  ia_hash_add(ia_ta_active, (unsigned char *)ia_id->data,
3062  ia_id->len, reply->ia, MDL);
3063 
3064  write_ia(reply->ia);
3065  } else {
3066  schedule_lease_timeout_reply(reply);
3067  }
3068 
3069  cleanup:
3070  if (packet_ia != NULL)
3071  option_state_dereference(&packet_ia, MDL);
3072  if (iaaddr.data != NULL)
3073  data_string_forget(&iaaddr, MDL);
3074  if (reply->reply_ia != NULL)
3075  option_state_dereference(&reply->reply_ia, MDL);
3076  if (ia_data.data != NULL)
3077  data_string_forget(&ia_data, MDL);
3078  if (data.data != NULL)
3080  if (reply->ia != NULL)
3081  ia_dereference(&reply->ia, MDL);
3082  if (reply->old_ia != NULL)
3083  ia_dereference(&reply->old_ia, MDL);
3084  if (reply->lease != NULL)
3085  iasubopt_dereference(&reply->lease, MDL);
3086 
3087  /*
3088  * ISC_R_CANCELED is a status code used by the addr processing to
3089  * indicate we're replying with other addresses. This is still a
3090  * success at higher layers.
3091  */
3092  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
3093 }
3094 
3095 /*
3096  * Verify the temporary address is available.
3097  */
3098 static isc_boolean_t
3099 temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
3100  struct in6_addr tmp_addr;
3101  struct subnet *subnet;
3102  struct ipv6_pool *pool = NULL;
3103  struct ipv6_pond *pond = NULL;
3104  int i;
3105 
3106  memcpy(&tmp_addr, addr->iabuf, sizeof(tmp_addr));
3107  /*
3108  * Clients may choose to send :: as an address, with the idea to give
3109  * hints about preferred-lifetime or valid-lifetime.
3110  * So this is not a request for this address.
3111  */
3112  if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
3113  return ISC_FALSE;
3114 
3115  /*
3116  * Verify that this address is on the client's network.
3117  */
3118  for (subnet = reply->shared->subnets ; subnet != NULL ;
3119  subnet = subnet->next_sibling) {
3120  if (addr_eq(subnet_number(*addr, subnet->netmask),
3121  subnet->net))
3122  break;
3123  }
3124 
3125  /* Address not found on shared network. */
3126  if (subnet == NULL)
3127  return ISC_FALSE;
3128 
3129  /*
3130  * Check if this address is owned (must be before next step).
3131  */
3132  if (address_is_owned(reply, addr))
3133  return ISC_TRUE;
3134 
3135  /*
3136  * Verify that this address is in a temporary pool and try to get it.
3137  */
3138  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3139  if (((pond->prohibit_list != NULL) &&
3140  (permitted(reply->packet, pond->prohibit_list))) ||
3141  ((pond->permit_list != NULL) &&
3142  (!permitted(reply->packet, pond->permit_list))))
3143  continue;
3144 
3145  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3146  if (pool->pool_type != D6O_IA_TA)
3147  continue;
3148 
3149  if (ipv6_in_pool(&tmp_addr, pool))
3150  break;
3151  }
3152 
3153  if (pool != NULL)
3154  break;
3155  }
3156 
3157  if (pool == NULL)
3158  return ISC_FALSE;
3159  if (lease6_exists(pool, &tmp_addr))
3160  return ISC_FALSE;
3161  if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
3162  return ISC_FALSE;
3163  reply->lease->addr = tmp_addr;
3164  reply->lease->plen = 0;
3165  /* Default is soft binding for 2 minutes. */
3166  if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
3167  return ISC_FALSE;
3168 
3169  return ISC_TRUE;
3170 }
3171 
3172 /*
3173  * Get a temporary address per prefix.
3174  */
3175 static isc_result_t
3176 find_client_temporaries(struct reply_state *reply) {
3177  int i;
3178  struct ipv6_pool *p = NULL;
3179  struct ipv6_pond *pond;
3180  isc_result_t status = ISC_R_NORESOURCES;;
3181  unsigned int attempts;
3182  struct iaddr send_addr;
3183 
3184  /*
3185  * Do a quick walk through of the ponds and pools
3186  * to see if we have any prefix pools
3187  */
3188  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3189  if (pond->ipv6_pools == NULL)
3190  continue;
3191 
3192  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3193  if (p->pool_type == D6O_IA_TA)
3194  break;
3195  }
3196  if (p != NULL)
3197  break;
3198  }
3199 
3200  /* If we get here and p is NULL we have no useful pools */
3201  if (p == NULL) {
3202  log_debug("Unable to get client addresses: "
3203  "no IPv6 pools on this shared network");
3204  return ISC_R_NORESOURCES;
3205  }
3206 
3207  /*
3208  * We have at least one pool that could provide an address
3209  * Now we walk through the ponds and pools again and check
3210  * to see if the client is permitted and if an address is
3211  * available
3212  */
3213 
3214  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3215  if (((pond->prohibit_list != NULL) &&
3216  (permitted(reply->packet, pond->prohibit_list))) ||
3217  ((pond->permit_list != NULL) &&
3218  (!permitted(reply->packet, pond->permit_list))))
3219  continue;
3220 
3221  for (i = 0; (p = pond->ipv6_pools[i]) != NULL; i++) {
3222  if (p->pool_type != D6O_IA_TA) {
3223  continue;
3224  }
3225 
3226  /*
3227  * Get an address in this temporary pool.
3228  */
3229  status = create_lease6(p, &reply->lease, &attempts,
3230  &reply->client_id, cur_time + 120);
3231  if (status != ISC_R_SUCCESS) {
3232  log_debug("Unable to get a temporary address.");
3233  goto cleanup;
3234  }
3235 
3236  status = reply_process_is_addressed(reply,
3237  &reply->lease->scope,
3238  pond->group);
3239  if (status != ISC_R_SUCCESS) {
3240  goto cleanup;
3241  }
3242  send_addr.len = 16;
3243  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3244  status = reply_process_send_addr(reply, &send_addr);
3245  if (status != ISC_R_SUCCESS) {
3246  goto cleanup;
3247  }
3248  /*
3249  * reply->lease can't be null as we use it above
3250  * add check if that changes
3251  */
3252  iasubopt_dereference(&reply->lease, MDL);
3253  }
3254  }
3255 
3256  cleanup:
3257  if (reply->lease != NULL) {
3258  iasubopt_dereference(&reply->lease, MDL);
3259  }
3260  return status;
3261 }
3262 
3263 /*
3264  * This function only returns failure on 'hard' failures. If it succeeds,
3265  * it will leave a lease structure behind.
3266  */
3267 static isc_result_t
3268 reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
3269  isc_result_t status = ISC_R_ADDRNOTAVAIL;
3270  struct ipv6_pool *pool = NULL;
3271  struct ipv6_pond *pond = NULL;
3272  int i;
3273  struct data_string data_addr;
3274 
3275  if ((reply == NULL) || (reply->shared == NULL) ||
3276  (addr == NULL) || (reply->lease != NULL))
3277  return (DHCP_R_INVALIDARG);
3278 
3279  /*
3280  * Do a quick walk through of the ponds and pools
3281  * to see if we have any NA address pools
3282  */
3283  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3284  if (pond->ipv6_pools == NULL)
3285  continue;
3286 
3287  for (i = 0; ; i++) {
3288  pool = pond->ipv6_pools[i];
3289  if ((pool == NULL) ||
3290  (pool->pool_type == D6O_IA_NA))
3291  break;
3292  }
3293  if (pool != NULL)
3294  break;
3295  }
3296 
3297  /* If we get here and p is NULL we have no useful pools */
3298  if (pool == NULL) {
3299  return (ISC_R_ADDRNOTAVAIL);
3300  }
3301 
3302  memset(&data_addr, 0, sizeof(data_addr));
3303  data_addr.len = addr->len;
3304  data_addr.data = addr->iabuf;
3305 
3306  /*
3307  * We have at least one pool that could provide an address
3308  * Now we walk through the ponds and pools again and check
3309  * to see if the client is permitted and if an address is
3310  * available
3311  *
3312  * Within a given pond we start looking at the last pool we
3313  * allocated from, unless it had a collision trying to allocate
3314  * an address. This will tend to move us into less-filled pools.
3315  */
3316 
3317  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
3318  if (((pond->prohibit_list != NULL) &&
3319  (permitted(reply->packet, pond->prohibit_list))) ||
3320  ((pond->permit_list != NULL) &&
3321  (!permitted(reply->packet, pond->permit_list))))
3322  continue;
3323 
3324  for (i = 0 ; (pool = pond->ipv6_pools[i]) != NULL ; i++) {
3325  if (pool->pool_type != D6O_IA_NA)
3326  continue;
3327 
3328  status = try_client_v6_address(&reply->lease, pool,
3329  &data_addr);
3330  if (status == ISC_R_SUCCESS)
3331  break;
3332  }
3333 
3334  if (status == ISC_R_SUCCESS)
3335  break;
3336  }
3337 
3338  /* Note that this is just pedantry. There is no allocation to free. */
3339  data_string_forget(&data_addr, MDL);
3340  /* Return just the most recent status... */
3341  return (status);
3342 }
3343 
3344 /* Look around for an address to give the client. First, look through the
3345  * old IA for addresses we can extend. Second, try to allocate a new address.
3346  * Finally, actually add that address into the current reply IA.
3347  */
3348 static isc_result_t
3349 find_client_address(struct reply_state *reply) {
3350  struct iaddr send_addr;
3351  isc_result_t status = ISC_R_NORESOURCES;
3352  struct iasubopt *lease, *best_lease = NULL;
3353  struct binding_scope **scope;
3354  struct group *group;
3355  int i;
3356 
3357  if (reply->static_lease) {
3358  if (reply->host == NULL)
3359  return DHCP_R_INVALIDARG;
3360 
3361  send_addr.len = 16;
3362  memcpy(send_addr.iabuf, reply->fixed.data, 16);
3363 
3364  scope = &global_scope;
3365  group = reply->subnet->group;
3366  goto send_addr;
3367  }
3368 
3369  if (reply->old_ia != NULL) {
3370  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
3371  struct shared_network *candidate_shared;
3372  struct ipv6_pond *pond;
3373 
3374  lease = reply->old_ia->iasubopt[i];
3375  candidate_shared = lease->ipv6_pool->shared_network;
3376  pond = lease->ipv6_pool->ipv6_pond;
3377 
3378  /*
3379  * Look for the best lease on the client's shared
3380  * network, that is still permitted
3381  */
3382 
3383  if ((candidate_shared != reply->shared) ||
3384  (lease6_usable(lease) != ISC_TRUE))
3385  continue;
3386 
3387  if (((pond->prohibit_list != NULL) &&
3388  (permitted(reply->packet, pond->prohibit_list))) ||
3389  ((pond->permit_list != NULL) &&
3390  (!permitted(reply->packet, pond->permit_list))))
3391  continue;
3392 
3393  best_lease = lease_compare(lease, best_lease);
3394  }
3395  }
3396 
3397  /* Try to pick a new address if we didn't find one, or if we found an
3398  * abandoned lease.
3399  */
3400  if ((best_lease == NULL) || (best_lease->state == FTS_ABANDONED)) {
3401  status = pick_v6_address(reply);
3402  } else if (best_lease != NULL) {
3403  iasubopt_reference(&reply->lease, best_lease, MDL);
3404  status = ISC_R_SUCCESS;
3405  }
3406 
3407  /* Pick the abandoned lease as a last resort. */
3408  if ((status == ISC_R_NORESOURCES) && (best_lease != NULL)) {
3409  /* I don't see how this is supposed to be done right now. */
3410  log_error("Best match for DUID %s is an abandoned address,"
3411  " This may be a result of multiple clients attempting"
3412  " to use this DUID",
3413  print_hex_1(reply->client_id.len,
3414  reply->client_id.data, 60));
3415  /* iasubopt_reference(&reply->lease, best_lease, MDL); */
3416  }
3417 
3418  /* Give up now if we didn't find a lease. */
3419  if (status != ISC_R_SUCCESS)
3420  return status;
3421 
3422  if (reply->lease == NULL)
3423  log_fatal("Impossible condition at %s:%d.", MDL);
3424 
3425  /* Draw binding scopes from the lease's binding scope, and config
3426  * from the lease's containing subnet and higher. Note that it may
3427  * be desirable to place the group attachment directly in the pool.
3428  */
3429  scope = &reply->lease->scope;
3430  group = reply->lease->ipv6_pool->ipv6_pond->group;
3431 
3432  send_addr.len = 16;
3433  memcpy(send_addr.iabuf, &reply->lease->addr, 16);
3434 
3435  send_addr:
3436  status = reply_process_is_addressed(reply, scope, group);
3437  if (status != ISC_R_SUCCESS)
3438  return status;
3439 
3440  status = reply_process_send_addr(reply, &send_addr);
3441  return status;
3442 }
3443 
3444 /* Once an address is found for a client, perform several common functions;
3445  * Calculate and store valid and preferred lease times, draw client options
3446  * into the option state.
3447  */
3448 static isc_result_t
3449 reply_process_is_addressed(struct reply_state *reply,
3450  struct binding_scope **scope, struct group *group)
3451 {
3452  isc_result_t status = ISC_R_SUCCESS;
3453  struct data_string data;
3454  struct option_cache *oc;
3455  struct option_state *tmp_options = NULL;
3456  struct on_star *on_star;
3457  int i;
3458 
3459  /* Initialize values we will cleanup. */
3460  memset(&data, 0, sizeof(data));
3461 
3462  /*
3463  * Find the proper on_star block to use. We use the
3464  * one in the lease if we have a lease or the one in
3465  * the reply if we don't have a lease because this is
3466  * a static instance
3467  */
3468  if (reply->lease) {
3469  on_star = &reply->lease->on_star;
3470  } else {
3471  on_star = &reply->on_star;
3472  }
3473 
3474  /*
3475  * Bring in the root configuration. We only do this to bring
3476  * in the on * statements, as we didn't have the lease available
3477  * we did it the first time.
3478  */
3479  option_state_allocate(&tmp_options, MDL);
3480  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3481  reply->packet->options, tmp_options,
3482  &global_scope, root_group, NULL,
3483  on_star);
3484  if (tmp_options != NULL) {
3485  option_state_dereference(&tmp_options, MDL);
3486  }
3487 
3488  /*
3489  * Bring configured options into the root packet level cache - start
3490  * with the lease's closest enclosing group (passed in by the caller
3491  * as 'group').
3492  */
3493  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3494  reply->packet->options, reply->opt_state,
3495  scope, group, root_group, on_star);
3496 
3497  /* Execute statements from class scopes. */
3498  for (i = reply->packet->class_count; i > 0; i--) {
3499  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3500  reply->packet->options,
3501  reply->opt_state, scope,
3502  reply->packet->classes[i - 1]->group,
3503  group, on_star);
3504  }
3505 
3506  /*
3507  * If there is a host record, over-ride with values configured there,
3508  * without re-evaluating configuration from the previously executed
3509  * group or its common enclosers.
3510  */
3511  if (reply->host != NULL)
3512  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3513  reply->packet->options,
3514  reply->opt_state, scope,
3515  reply->host->group, group,
3516  on_star);
3517 
3518  /* Determine valid lifetime. */
3519  if (reply->client_valid == 0)
3520  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
3521  else
3522  reply->send_valid = reply->client_valid;
3523 
3524  oc = lookup_option(&server_universe, reply->opt_state,
3526  if (oc != NULL) {
3527  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3528  reply->packet->options,
3529  reply->opt_state,
3530  scope, oc, MDL) ||
3531  (data.len != 4)) {
3532  log_error("reply_process_is_addressed: unable to "
3533  "evaluate default lease time");
3534  status = ISC_R_FAILURE;
3535  goto cleanup;
3536  }
3537 
3538  reply->send_valid = getULong(data.data);
3539  data_string_forget(&data, MDL);
3540  }
3541 
3542  if (reply->client_prefer == 0)
3543  reply->send_prefer = reply->send_valid;
3544  else
3545  reply->send_prefer = reply->client_prefer;
3546 
3547  if (reply->send_prefer >= reply->send_valid)
3548  reply->send_prefer = (reply->send_valid / 2) +
3549  (reply->send_valid / 8);
3550 
3551  oc = lookup_option(&server_universe, reply->opt_state,
3553  if (oc != NULL) {
3554  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3555  reply->packet->options,
3556  reply->opt_state,
3557  scope, oc, MDL) ||
3558  (data.len != 4)) {
3559  log_error("reply_process_is_addressed: unable to "
3560  "evaluate preferred lease time");
3561  status = ISC_R_FAILURE;
3562  goto cleanup;
3563  }
3564 
3565  reply->send_prefer = getULong(data.data);
3566  data_string_forget(&data, MDL);
3567  }
3568 
3569  /* Note lowest values for later calculation of renew/rebind times. */
3570  if (reply->prefer > reply->send_prefer)
3571  reply->prefer = reply->send_prefer;
3572 
3573  if (reply->valid > reply->send_valid)
3574  reply->valid = reply->send_valid;
3575 
3576 #if 0
3577  /*
3578  * XXX: Old 4.0.0 alpha code would change the host {} record
3579  * XXX: uid upon lease assignment. This was intended to cover the
3580  * XXX: case where a client first identifies itself using vendor
3581  * XXX: options in a solicit, or request, but later neglects to include
3582  * XXX: these options in a Renew or Rebind. It is not clear that this
3583  * XXX: is required, and has some startling ramifications (such as
3584  * XXX: how to recover this dynamic host {} state across restarts).
3585  */
3586  if (reply->host != NULL)
3587  change_host_uid(host, reply->client_id->data,
3588  reply->client_id->len);
3589 #endif /* 0 */
3590 
3591  /* Perform dynamic lease related update work. */
3592  if (reply->lease != NULL) {
3593  /* Cached lifetimes */
3594  reply->lease->prefer = reply->send_prefer;
3595  reply->lease->valid = reply->send_valid;
3596 
3597  /* Advance (or rewind) the valid lifetime. */
3598  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
3599  reply->lease->soft_lifetime_end_time =
3600  cur_time + reply->send_valid;
3601  /* Wait before renew! */
3602  }
3603 
3604  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
3605  if (status != ISC_R_SUCCESS) {
3606  log_fatal("reply_process_is_addressed: Unable to "
3607  "attach lease to new IA: %s",
3608  isc_result_totext(status));
3609  }
3610 
3611  /*
3612  * If this is a new lease, make sure it is attached somewhere.
3613  */
3614  if (reply->lease->ia == NULL) {
3615  ia_reference(&reply->lease->ia, reply->ia, MDL);
3616  }
3617  }
3618 
3619  /* Bring a copy of the relevant options into the IA scope. */
3620  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3621  reply->packet->options, reply->reply_ia,
3622  scope, group, root_group, NULL);
3623 
3624  /* Execute statements from class scopes. */
3625  for (i = reply->packet->class_count; i > 0; i--) {
3626  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3627  reply->packet->options,
3628  reply->reply_ia, scope,
3629  reply->packet->classes[i - 1]->group,
3630  group, NULL);
3631  }
3632 
3633  /*
3634  * And bring in host record configuration, if any, but not to overlap
3635  * the previous group or its common enclosers.
3636  */
3637  if (reply->host != NULL)
3638  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
3639  reply->packet->options,
3640  reply->reply_ia, scope,
3641  reply->host->group, group, NULL);
3642 
3643  cleanup:
3644  if (data.data != NULL)
3645  data_string_forget(&data, MDL);
3646 
3647  if (status == ISC_R_SUCCESS)
3648  reply->client_resources++;
3649 
3650  return status;
3651 }
3652 
3653 /* Simply send an IAADDR within the IA scope as described. */
3654 static isc_result_t
3655 reply_process_send_addr(struct reply_state *reply, struct iaddr *addr) {
3656  isc_result_t status = ISC_R_SUCCESS;
3657  struct data_string data;
3658 
3659  memset(&data, 0, sizeof(data));
3660 
3661  /* Now append the lease. */
3662  data.len = IAADDR_OFFSET;
3663  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
3664  log_error("reply_process_send_addr: out of memory"
3665  "allocating new IAADDR buffer.");
3666  status = ISC_R_NOMEMORY;
3667  goto cleanup;
3668  }
3669  data.data = data.buffer->data;
3670 
3671  memcpy(data.buffer->data, addr->iabuf, 16);
3672  putULong(data.buffer->data + 16, reply->send_prefer);
3673  putULong(data.buffer->data + 20, reply->send_valid);
3674 
3675  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
3676  data.buffer, data.buffer->data,
3677  data.len, D6O_IAADDR, 0)) {
3678  log_error("reply_process_send_addr: unable "
3679  "to save IAADDR option");
3680  status = ISC_R_FAILURE;
3681  goto cleanup;
3682  }
3683 
3684  reply->resources_included = ISC_TRUE;
3685 
3686  cleanup:
3687  if (data.data != NULL)
3689 
3690  return status;
3691 }
3692 
3693 /* Choose the better of two leases. */
3694 static struct iasubopt *
3695 lease_compare(struct iasubopt *alpha, struct iasubopt *beta) {
3696  if (alpha == NULL)
3697  return beta;
3698  if (beta == NULL)
3699  return alpha;
3700 
3701  switch(alpha->state) {
3702  case FTS_ACTIVE:
3703  switch(beta->state) {
3704  case FTS_ACTIVE:
3705  /* Choose the lease with the longest lifetime (most
3706  * likely the most recently allocated).
3707  */
3708  if (alpha->hard_lifetime_end_time <
3709  beta->hard_lifetime_end_time)
3710  return beta;
3711  else
3712  return alpha;
3713 
3714  case FTS_EXPIRED:
3715  case FTS_ABANDONED:
3716  return alpha;
3717 
3718  default:
3719  log_fatal("Impossible condition at %s:%d.", MDL);
3720  }
3721  break;
3722 
3723  case FTS_EXPIRED:
3724  switch (beta->state) {
3725  case FTS_ACTIVE:
3726  return beta;
3727 
3728  case FTS_EXPIRED:
3729  /* Choose the most recently expired lease. */
3730  if (alpha->hard_lifetime_end_time <
3731  beta->hard_lifetime_end_time)
3732  return beta;
3733  else if ((alpha->hard_lifetime_end_time ==
3734  beta->hard_lifetime_end_time) &&
3735  (alpha->soft_lifetime_end_time <
3736  beta->soft_lifetime_end_time))
3737  return beta;
3738  else
3739  return alpha;
3740 
3741  case FTS_ABANDONED:
3742  return alpha;
3743 
3744  default:
3745  log_fatal("Impossible condition at %s:%d.", MDL);
3746  }
3747  break;
3748 
3749  case FTS_ABANDONED:
3750  switch (beta->state) {
3751  case FTS_ACTIVE:
3752  case FTS_EXPIRED:
3753  return alpha;
3754 
3755  case FTS_ABANDONED:
3756  /* Choose the lease that was abandoned longest ago. */
3757  if (alpha->hard_lifetime_end_time <
3758  beta->hard_lifetime_end_time)
3759  return alpha;
3760  else
3761  return beta;
3762 
3763  default:
3764  log_fatal("Impossible condition at %s:%d.", MDL);
3765  }
3766  break;
3767 
3768  default:
3769  log_fatal("Impossible condition at %s:%d.", MDL);
3770  }
3771 
3772  log_fatal("Triple impossible condition at %s:%d.", MDL);
3773  return NULL;
3774 }
3775 
3776 /* Process a client-supplied IA_PD. This may append options to the tail of
3777  * the reply packet being built in the reply_state structure.
3778  */
3779 static isc_result_t
3780 reply_process_ia_pd(struct reply_state *reply, struct option_cache *ia) {
3781  isc_result_t status = ISC_R_SUCCESS;
3782  u_int32_t iaid;
3783  unsigned ia_cursor;
3784  struct option_state *packet_ia;
3785  struct option_cache *oc;
3786  struct data_string ia_data, data;
3787 
3788  /* Initialize values that will get cleaned up on return. */
3789  packet_ia = NULL;
3790  memset(&ia_data, 0, sizeof(ia_data));
3791  memset(&data, 0, sizeof(data));
3792  /*
3793  * Note that find_client_prefix() may set reply->lease.
3794  */
3795 
3796  /* Make sure there is at least room for the header. */
3797  if ((reply->cursor + IA_PD_OFFSET + 4) > sizeof(reply->buf)) {
3798  log_error("reply_process_ia_pd: Reply too long for IA.");
3799  return ISC_R_NOSPACE;
3800  }
3801 
3802 
3803  /* Fetch the IA_PD contents. */
3804  if (!get_encapsulated_IA_state(&packet_ia, &ia_data, reply->packet,
3805  ia, IA_PD_OFFSET)) {
3806  log_error("reply_process_ia_pd: error evaluating ia");
3807  status = ISC_R_FAILURE;
3808  goto cleanup;
3809  }
3810 
3811  /* Extract IA_PD header contents. */
3812  iaid = getULong(ia_data.data);
3813  reply->renew = getULong(ia_data.data + 4);
3814  reply->rebind = getULong(ia_data.data + 8);
3815 
3816  /* Create an IA_PD structure. */
3817  if (ia_allocate(&reply->ia, iaid, (char *)reply->client_id.data,
3818  reply->client_id.len, MDL) != ISC_R_SUCCESS) {
3819  log_error("reply_process_ia_pd: no memory for ia.");
3820  status = ISC_R_NOMEMORY;
3821  goto cleanup;
3822  }
3823  reply->ia->ia_type = D6O_IA_PD;
3824 
3825  /* Cache pre-existing IA_PD, if any. */
3826  ia_hash_lookup(&reply->old_ia, ia_pd_active,
3827  (unsigned char *)reply->ia->iaid_duid.data,
3828  reply->ia->iaid_duid.len, MDL);
3829 
3830  /*
3831  * Create an option cache to carry the IA_PD option contents, and
3832  * execute any user-supplied values into it.
3833  */
3834  if (!option_state_allocate(&reply->reply_ia, MDL)) {
3835  status = ISC_R_NOMEMORY;
3836  goto cleanup;
3837  }
3838 
3839  /* Check & count the fixed prefix host records. */
3840  reply->static_prefixes = 0;
3841  if ((reply->host != NULL) && (reply->host->fixed_prefix != NULL)) {
3842  struct iaddrcidrnetlist *fp;
3843 
3844  for (fp = reply->host->fixed_prefix; fp != NULL;
3845  fp = fp->next) {
3846  reply->static_prefixes += 1;
3847  }
3848  }
3849 
3850  /*
3851  * Save the cursor position at the start of the IA_PD, so we can
3852  * set length and adjust t1/t2 values later. We write a temporary
3853  * header out now just in case we decide to adjust the packet
3854  * within sub-process functions.
3855  */
3856  ia_cursor = reply->cursor;
3857 
3858  /* Initialize the IA_PD header. First the code. */
3859  putUShort(reply->buf.data + reply->cursor, (unsigned)D6O_IA_PD);
3860  reply->cursor += 2;
3861 
3862  /* Then option length. */
3863  putUShort(reply->buf.data + reply->cursor, 0x0Cu);
3864  reply->cursor += 2;
3865 
3866  /* Then IA_PD header contents; IAID. */
3867  putULong(reply->buf.data + reply->cursor, iaid);
3868  reply->cursor += 4;
3869 
3870  /* We store the client's t1 for now, and may over-ride it later. */
3871  putULong(reply->buf.data + reply->cursor, reply->renew);
3872  reply->cursor += 4;
3873 
3874  /* We store the client's t2 for now, and may over-ride it later. */
3875  putULong(reply->buf.data + reply->cursor, reply->rebind);
3876  reply->cursor += 4;
3877 
3878  /*
3879  * For each prefix in this IA_PD, decide what to do about it.
3880  */
3881  oc = lookup_option(&dhcpv6_universe, packet_ia, D6O_IAPREFIX);
3882  reply->valid = reply->prefer = 0xffffffff;
3883  reply->client_valid = reply->client_prefer = 0;
3884  reply->preflen = -1;
3885  for (; oc != NULL ; oc = oc->next) {
3886  status = reply_process_prefix(reply, oc);
3887 
3888  /*
3889  * Canceled means we did not allocate prefixes to the
3890  * client, but we're "done" with this IA - we set a status
3891  * code. So transmit this reply, e.g., move on to the next
3892  * IA.
3893  */
3894  if (status == ISC_R_CANCELED)
3895  break;
3896 
3897  if ((status != ISC_R_SUCCESS) &&
3898  (status != ISC_R_ADDRINUSE) &&
3899  (status != ISC_R_ADDRNOTAVAIL))
3900  goto cleanup;
3901  }
3902 
3903  reply->pd_count++;
3904 
3905  /*
3906  * If we fell through the above and never gave the client
3907  * a prefix, give it one now.
3908  */
3909  if ((status != ISC_R_CANCELED) && (reply->client_resources == 0)) {
3910  status = find_client_prefix(reply);
3911 
3912  if (status == ISC_R_NORESOURCES) {
3913  switch (reply->packet->dhcpv6_msg_type) {
3914  case DHCPV6_SOLICIT:
3915  /*
3916  * No prefix for any IA is handled
3917  * by the caller.
3918  */
3919  /* FALL THROUGH */
3920 
3921  case DHCPV6_REQUEST:
3922  /* Same than for addresses. */
3923  option_state_dereference(&reply->reply_ia, MDL);
3924  if (!option_state_allocate(&reply->reply_ia,
3925  MDL))
3926  {
3927  log_error("reply_process_ia_pd: No "
3928  "memory for option state "
3929  "wipe.");
3930  status = ISC_R_NOMEMORY;
3931  goto cleanup;
3932  }
3933 
3934  if (!set_status_code(STATUS_NoPrefixAvail,
3935  "No prefixes available "
3936  "for this interface.",
3937  reply->reply_ia)) {
3938  log_error("reply_process_ia_pd: "
3939  "Unable to set "
3940  "NoPrefixAvail status "
3941  "code.");
3942  status = ISC_R_FAILURE;
3943  goto cleanup;
3944  }
3945 
3946  status = ISC_R_SUCCESS;
3947  break;
3948 
3949  default:
3950  if (reply->resources_included)
3951  status = ISC_R_SUCCESS;
3952  else
3953  goto cleanup;
3954  break;
3955  }
3956  }
3957 
3958  if (status != ISC_R_SUCCESS)
3959  goto cleanup;
3960  }
3961 
3962  reply->cursor += store_options6((char *)reply->buf.data + reply->cursor,
3963  sizeof(reply->buf) - reply->cursor,
3964  reply->reply_ia, reply->packet,
3965  required_opts_IA_PD, NULL);
3966 
3967  /* Reset the length of this IA_PD to match what was just written. */
3968  putUShort(reply->buf.data + ia_cursor + 2,
3969  reply->cursor - (ia_cursor + 4));
3970 
3971  /*
3972  * T1/T2 time selection is kind of weird. We actually use DHCP
3973  * (v4) scoped options as handy existing places where these might
3974  * be configured by an administrator. A value of zero tells the
3975  * client it may choose its own renewal time.
3976  */
3977  reply->renew = 0;
3978  oc = lookup_option(&dhcp_universe, reply->opt_state,
3980  if (oc != NULL) {
3981  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
3982  reply->packet->options,
3983  reply->opt_state, &global_scope,
3984  oc, MDL) ||
3985  (data.len != 4)) {
3986  log_error("Invalid renewal time.");
3987  } else {
3988  reply->renew = getULong(data.data);
3989  }
3990 
3991  if (data.data != NULL)
3992  data_string_forget(&data, MDL);
3993  }
3994  putULong(reply->buf.data + ia_cursor + 8, reply->renew);
3995 
3996  /* Now T2. */
3997  reply->rebind = 0;
3998  oc = lookup_option(&dhcp_universe, reply->opt_state,
4000  if (oc != NULL) {
4001  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4002  reply->packet->options,
4003  reply->opt_state, &global_scope,
4004  oc, MDL) ||
4005  (data.len != 4)) {
4006  log_error("Invalid rebinding time.");
4007  } else {
4008  reply->rebind = getULong(data.data);
4009  }
4010 
4011  if (data.data != NULL)
4012  data_string_forget(&data, MDL);
4013  }
4014  putULong(reply->buf.data + ia_cursor + 12, reply->rebind);
4015 
4016  /*
4017  * yes, goto's aren't the best but we also want to avoid extra
4018  * indents
4019  */
4020  if (status == ISC_R_CANCELED)
4021  goto cleanup;
4022 
4023  /*
4024  * Handle static prefixes, we always log stuff and if it's
4025  * a hard binding we run any commit statements that we have
4026  */
4027  if (reply->static_prefixes != 0) {
4028  char tmp_addr[INET6_ADDRSTRLEN];
4029  log_info("%s PD: address %s/%d to client with duid %s "
4030  "iaid = %d static",
4031  dhcpv6_type_names[reply->buf.reply.msg_type],
4032  inet_ntop(AF_INET6, reply->fixed_pref.lo_addr.iabuf,
4033  tmp_addr, sizeof(tmp_addr)),
4034  reply->fixed_pref.bits,
4035  print_hex_1(reply->client_id.len,
4036  reply->client_id.data, 60),
4037  iaid);
4038  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4039  (reply->on_star.on_commit != NULL)) {
4040  execute_statements(NULL, reply->packet, NULL, NULL,
4041  reply->packet->options,
4042  reply->opt_state,
4043  NULL, reply->on_star.on_commit,
4044  NULL);
4046  (&reply->on_star.on_commit, MDL);
4047  }
4048  goto cleanup;
4049  }
4050 
4051  /*
4052  * If we have any addresses log what we are doing.
4053  */
4054  if (reply->ia->num_iasubopt != 0) {
4055  struct iasubopt *tmp;
4056  int i;
4057  char tmp_addr[INET6_ADDRSTRLEN];
4058 
4059  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4060  tmp = reply->ia->iasubopt[i];
4061 
4062  log_info("%s PD: address %s/%d to client with duid %s"
4063  " iaid = %d valid for %d seconds",
4064  dhcpv6_type_names[reply->buf.reply.msg_type],
4065  inet_ntop(AF_INET6, &tmp->addr,
4066  tmp_addr, sizeof(tmp_addr)),
4067  (int)tmp->plen,
4068  print_hex_1(reply->client_id.len,
4069  reply->client_id.data, 60),
4070  iaid, tmp->valid);
4071  }
4072  }
4073 
4074  /*
4075  * If this is not a 'soft' binding, consume the new changes into
4076  * the database (if any have been attached to the ia_pd).
4077  *
4078  * Loop through the assigned dynamic prefixes, referencing the
4079  * prefixes onto this IA_PD rather than any old ones, and updating
4080  * prefix pool timers for each (if any).
4081  */
4082  if ((reply->buf.reply.msg_type == DHCPV6_REPLY) &&
4083  (reply->ia->num_iasubopt != 0)) {
4084  struct iasubopt *tmp;
4085  struct data_string *ia_id;
4086  int i;
4087 
4088  for (i = 0 ; i < reply->ia->num_iasubopt ; i++) {
4089  tmp = reply->ia->iasubopt[i];
4090 
4091  if (tmp->ia != NULL)
4092  ia_dereference(&tmp->ia, MDL);
4093  ia_reference(&tmp->ia, reply->ia, MDL);
4094 
4095  /* Commit 'hard' bindings. */
4096  renew_lease6(tmp->ipv6_pool, tmp);
4098 
4099  /* If we have anything to do on commit do it now */
4100  if (tmp->on_star.on_commit != NULL) {
4101  execute_statements(NULL, reply->packet,
4102  NULL, NULL,
4103  reply->packet->options,
4104  reply->opt_state,
4105  &tmp->scope,
4106  tmp->on_star.on_commit,
4107  &tmp->on_star);
4109  (&tmp->on_star.on_commit, MDL);
4110  }
4111 
4112  /* Do our threshold check. */
4113  check_pool6_threshold(reply, tmp);
4114  }
4115 
4116  /* Remove any old ia from the hash. */
4117  if (reply->old_ia != NULL) {
4118  ia_id = &reply->old_ia->iaid_duid;
4119  ia_hash_delete(ia_pd_active,
4120  (unsigned char *)ia_id->data,
4121  ia_id->len, MDL);
4122  ia_dereference(&reply->old_ia, MDL);
4123  }
4124 
4125  /* Put new ia into the hash. */
4126  reply->ia->cltt = cur_time;
4127  ia_id = &reply->ia->iaid_duid;
4128  ia_hash_add(ia_pd_active, (unsigned char *)ia_id->data,
4129  ia_id->len, reply->ia, MDL);
4130 
4131  write_ia(reply->ia);
4132  } else {
4133  schedule_lease_timeout_reply(reply);
4134  }
4135 
4136  cleanup:
4137  if (packet_ia != NULL)
4138  option_state_dereference(&packet_ia, MDL);
4139  if (reply->reply_ia != NULL)
4140  option_state_dereference(&reply->reply_ia, MDL);
4141  if (ia_data.data != NULL)
4142  data_string_forget(&ia_data, MDL);
4143  if (data.data != NULL)
4145  if (reply->ia != NULL)
4146  ia_dereference(&reply->ia, MDL);
4147  if (reply->old_ia != NULL)
4148  ia_dereference(&reply->old_ia, MDL);
4149  if (reply->lease != NULL)
4150  iasubopt_dereference(&reply->lease, MDL);
4151  if (reply->on_star.on_expiry != NULL)
4153  (&reply->on_star.on_expiry, MDL);
4154  if (reply->on_star.on_release != NULL)
4156  (&reply->on_star.on_release, MDL);
4157 
4158  /*
4159  * ISC_R_CANCELED is a status code used by the prefix processing to
4160  * indicate we're replying with a status code. This is still a
4161  * success at higher layers.
4162  */
4163  return((status == ISC_R_CANCELED) ? ISC_R_SUCCESS : status);
4164 }
4165 
4166 /*
4167  * Process an IAPREFIX within a given IA_PD, storing any IAPREFIX reply
4168  * contents into the reply's current ia_pd-scoped option cache. Returns
4169  * ISC_R_CANCELED in the event we are replying with a status code and do
4170  * not wish to process more IAPREFIXes within this IA_PD.
4171  */
4172 static isc_result_t
4173 reply_process_prefix(struct reply_state *reply, struct option_cache *pref) {
4174  u_int32_t pref_life, valid_life;
4175  struct binding_scope **scope;
4176  struct iaddrcidrnet tmp_pref;
4177  struct option_cache *oc;
4178  struct data_string iapref, data;
4179  isc_result_t status = ISC_R_SUCCESS;
4180  struct group *group;
4181 
4182  /* Initializes values that will be cleaned up. */
4183  memset(&iapref, 0, sizeof(iapref));
4184  memset(&data, 0, sizeof(data));
4185  /* Note that reply->lease may be set by prefix_is_owned() */
4186 
4187  /*
4188  * There is no point trying to process an incoming prefix if there
4189  * is no room for an outgoing prefix.
4190  */
4191  if ((reply->cursor + 29) > sizeof(reply->buf)) {
4192  log_error("reply_process_prefix: Out of room for prefix.");
4193  return ISC_R_NOSPACE;
4194  }
4195 
4196  /* Extract this IAPREFIX option. */
4197  if (!evaluate_option_cache(&iapref, reply->packet, NULL, NULL,
4198  reply->packet->options, NULL, &global_scope,
4199  pref, MDL) ||
4200  (iapref.len < IAPREFIX_OFFSET)) {
4201  log_error("reply_process_prefix: error evaluating IAPREFIX.");
4202  status = ISC_R_FAILURE;
4203  goto cleanup;
4204  }
4205 
4206  /*
4207  * Layout: preferred and valid lifetimes followed by the prefix
4208  * length and the IPv6 address.
4209  */
4210  pref_life = getULong(iapref.data);
4211  valid_life = getULong(iapref.data + 4);
4212 
4213  if ((reply->client_valid == 0) ||
4214  (reply->client_valid > valid_life))
4215  reply->client_valid = valid_life;
4216 
4217  if ((reply->client_prefer == 0) ||
4218  (reply->client_prefer > pref_life))
4219  reply->client_prefer = pref_life;
4220 
4221  /*
4222  * Clients may choose to send ::/0 as a prefix, with the idea to give
4223  * hints about preferred-lifetime or valid-lifetime.
4224  */
4225  tmp_pref.lo_addr.len = 16;
4226  memset(tmp_pref.lo_addr.iabuf, 0, 16);
4227  if ((iapref.data[8] == 0) &&
4228  (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0)) {
4229  /* Status remains success; we just ignore this one. */
4230  goto cleanup;
4231  }
4232 
4233  /*
4234  * Clients may choose to send ::/X as a prefix to specify a
4235  * preferred/requested prefix length. Note X is never zero here.
4236  */
4237  tmp_pref.bits = (int) iapref.data[8];
4238  if (reply->preflen < 0) {
4239  /* Cache the first preferred prefix length. */
4240  reply->preflen = tmp_pref.bits;
4241  }
4242  if (memcmp(iapref.data + 9, tmp_pref.lo_addr.iabuf, 16) == 0) {
4243  goto cleanup;
4244  }
4245 
4246  memcpy(tmp_pref.lo_addr.iabuf, iapref.data + 9, 16);
4247 
4248  /* Verify the prefix belongs to the client. */
4249  if (!prefix_is_owned(reply, &tmp_pref)) {
4250  /* Same than for addresses. */
4251  if ((reply->packet->dhcpv6_msg_type == DHCPV6_SOLICIT) ||
4252  (reply->packet->dhcpv6_msg_type == DHCPV6_REQUEST) ||
4253  (reply->packet->dhcpv6_msg_type == DHCPV6_REBIND)) {
4254  status = reply_process_try_prefix(reply, &tmp_pref);
4255 
4256  /* Either error out or skip this prefix. */
4257  if ((status != ISC_R_SUCCESS) &&
4258  (status != ISC_R_ADDRINUSE) &&
4259  (status != ISC_R_ADDRNOTAVAIL))
4260  goto cleanup;
4261 
4262  if (reply->lease == NULL) {
4263  if (reply->packet->dhcpv6_msg_type ==
4264  DHCPV6_REBIND) {
4265  reply->send_prefer = 0;
4266  reply->send_valid = 0;
4267  goto send_pref;
4268  }
4269 
4270  /* status remains success - ignore */
4271  goto cleanup;
4272  }
4273  /*
4274  * RFC3633 section 18.2.3:
4275  *
4276  * If the delegating router cannot find a binding
4277  * for the requesting router's IA_PD the delegating
4278  * router returns the IA_PD containing no prefixes
4279  * with a Status Code option set to NoBinding in the
4280  * Reply message.
4281  *
4282  * On mismatch we (ab)use this pretending we have not the IA
4283  * as soon as we have not a prefix.
4284  */
4285  } else if (reply->packet->dhcpv6_msg_type == DHCPV6_RENEW) {
4286  /* Rewind the IA_PD to empty. */
4287  option_state_dereference(&reply->reply_ia, MDL);
4288  if (!option_state_allocate(&reply->reply_ia, MDL)) {
4289  log_error("reply_process_prefix: No memory "
4290  "for option state wipe.");
4291  status = ISC_R_NOMEMORY;
4292  goto cleanup;
4293  }
4294 
4295  /* Append a NoBinding status code. */
4296  if (!set_status_code(STATUS_NoBinding,
4297  "Prefix not bound to this "
4298  "interface.", reply->reply_ia)) {
4299  log_error("reply_process_prefix: Unable to "
4300  "attach status code.");
4301  status = ISC_R_FAILURE;
4302  goto cleanup;
4303  }
4304 
4305  /* Fin (no more IAPREFIXes). */
4306  status = ISC_R_CANCELED;
4307  goto cleanup;
4308  } else {
4309  log_error("It is impossible to lease a client that is "
4310  "not sending a solicit, request, renew, or "
4311  "rebind message.");
4312  status = ISC_R_FAILURE;
4313  goto cleanup;
4314  }
4315  }
4316 
4317  if (reply->static_prefixes > 0) {
4318  if (reply->host == NULL)
4319  log_fatal("Impossible condition at %s:%d.", MDL);
4320 
4321  scope = &global_scope;
4322 
4323  /* Find the static prefixe's subnet. */
4324  if (find_grouped_subnet(&reply->subnet, reply->shared,
4325  tmp_pref.lo_addr, MDL) == 0)
4326  log_fatal("Impossible condition at %s:%d.", MDL);
4327  group = reply->subnet->group;
4328  subnet_dereference(&reply->subnet, MDL);
4329 
4330  /* Copy the static prefix for logging purposes */
4331  memcpy(&reply->fixed_pref, &tmp_pref, sizeof(tmp_pref));
4332  } else {
4333  if (reply->lease == NULL)
4334  log_fatal("Impossible condition at %s:%d.", MDL);
4335 
4336  scope = &reply->lease->scope;
4337  group = reply->lease->ipv6_pool->ipv6_pond->group;
4338  }
4339 
4340  /*
4341  * If client_resources is nonzero, then the reply_process_is_prefixed
4342  * function has executed configuration state into the reply option
4343  * cache. We will use that valid cache to derive configuration for
4344  * whether or not to engage in additional prefixes, and similar.
4345  */
4346  if (reply->client_resources != 0) {
4347  unsigned limit = 1;
4348 
4349  /*
4350  * Does this client have "enough" prefixes already? Default
4351  * to one. Everybody gets one, and one should be enough for
4352  * anybody.
4353  */
4354  oc = lookup_option(&server_universe, reply->opt_state,
4356  if (oc != NULL) {
4357  if (!evaluate_option_cache(&data, reply->packet,
4358  NULL, NULL,
4359  reply->packet->options,
4360  reply->opt_state,
4361  scope, oc, MDL) ||
4362  (data.len != 4)) {
4363  log_error("reply_process_prefix: unable to "
4364  "evaluate prefs-per-ia value.");
4365  status = ISC_R_FAILURE;
4366  goto cleanup;
4367  }
4368 
4369  limit = getULong(data.data);
4370  data_string_forget(&data, MDL);
4371  }
4372 
4373  /*
4374  * If we wish to limit the client to a certain number of
4375  * prefixes, then omit the prefix from the reply.
4376  */
4377  if (reply->client_resources >= limit)
4378  goto cleanup;
4379  }
4380 
4381  status = reply_process_is_prefixed(reply, scope, group);
4382  if (status != ISC_R_SUCCESS)
4383  goto cleanup;
4384 
4385  send_pref:
4386  status = reply_process_send_prefix(reply, &tmp_pref);
4387 
4388  cleanup:
4389  if (iapref.data != NULL)
4390  data_string_forget(&iapref, MDL);
4391  if (data.data != NULL)
4392  data_string_forget(&data, MDL);
4393  if (reply->lease != NULL)
4394  iasubopt_dereference(&reply->lease, MDL);
4395 
4396  return status;
4397 }
4398 
4399 /*
4400  * Verify the prefix belongs to the client. If we've got a host
4401  * record with fixed prefixes, it has to be an assigned prefix
4402  * (fault out all else). Otherwise it's a dynamic prefix, so lookup
4403  * that prefix and make sure it belongs to this DUID:IAID pair.
4404  */
4405 static isc_boolean_t
4406 prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
4407  struct iaddrcidrnetlist *l;
4408  int i;
4409  struct ipv6_pond *pond;
4410 
4411  /*
4412  * This faults out prefixes that don't match fixed prefixes.
4413  */
4414  if (reply->static_prefixes > 0) {
4415  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4416  if ((pref->bits == l->cidrnet.bits) &&
4417  (memcmp(pref->lo_addr.iabuf,
4418  l->cidrnet.lo_addr.iabuf, 16) == 0))
4419  return (ISC_TRUE);
4420  }
4421  return (ISC_FALSE);
4422  }
4423 
4424  if ((reply->old_ia == NULL) ||
4425  (reply->old_ia->num_iasubopt == 0))
4426  return (ISC_FALSE);
4427 
4428  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4429  struct iasubopt *tmp;
4430 
4431  tmp = reply->old_ia->iasubopt[i];
4432 
4433  if ((pref->bits == (int) tmp->plen) &&
4434  (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
4435  if (lease6_usable(tmp) == ISC_FALSE) {
4436  return (ISC_FALSE);
4437  }
4438 
4439  pond = tmp->ipv6_pool->ipv6_pond;
4440  if (((pond->prohibit_list != NULL) &&
4441  (permitted(reply->packet, pond->prohibit_list))) ||
4442  ((pond->permit_list != NULL) &&
4443  (!permitted(reply->packet, pond->permit_list))))
4444  return (ISC_FALSE);
4445 
4446  iasubopt_reference(&reply->lease, tmp, MDL);
4447  return (ISC_TRUE);
4448  }
4449  }
4450 
4451  return (ISC_FALSE);
4452 }
4453 
4454 /*
4455  * This function only returns failure on 'hard' failures. If it succeeds,
4456  * it will leave a prefix structure behind.
4457  */
4458 static isc_result_t
4459 reply_process_try_prefix(struct reply_state *reply,
4460  struct iaddrcidrnet *pref) {
4461  isc_result_t status = ISC_R_ADDRNOTAVAIL;
4462  struct ipv6_pool *pool = NULL;
4463  struct ipv6_pond *pond = NULL;
4464  int i;
4465  struct data_string data_pref;
4466 
4467  if ((reply == NULL) || (reply->shared == NULL) ||
4468  (pref == NULL) || (reply->lease != NULL))
4469  return (DHCP_R_INVALIDARG);
4470 
4471  /*
4472  * Do a quick walk through of the ponds and pools
4473  * to see if we have any prefix pools
4474  */
4475  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4476  if (pond->ipv6_pools == NULL)
4477  continue;
4478 
4479  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4480  if (pool->pool_type == D6O_IA_PD)
4481  break;
4482  }
4483  if (pool != NULL)
4484  break;
4485  }
4486 
4487  /* If we get here and p is NULL we have no useful pools */
4488  if (pool == NULL) {
4489  return (ISC_R_ADDRNOTAVAIL);
4490  }
4491 
4492  memset(&data_pref, 0, sizeof(data_pref));
4493  data_pref.len = 17;
4494  if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
4495  log_error("reply_process_try_prefix: out of memory.");
4496  return (ISC_R_NOMEMORY);
4497  }
4498  data_pref.data = data_pref.buffer->data;
4499  data_pref.buffer->data[0] = (u_int8_t) pref->bits;
4500  memcpy(data_pref.buffer->data + 1, pref->lo_addr.iabuf, 16);
4501 
4502  /*
4503  * We have at least one pool that could provide a prefix
4504  * Now we walk through the ponds and pools again and check
4505  * to see if the client is permitted and if an prefix is
4506  * available
4507  *
4508  */
4509 
4510  for (pond = reply->shared->ipv6_pond; pond != NULL; pond = pond->next) {
4511  if (((pond->prohibit_list != NULL) &&
4512  (permitted(reply->packet, pond->prohibit_list))) ||
4513  ((pond->permit_list != NULL) &&
4514  (!permitted(reply->packet, pond->permit_list))))
4515  continue;
4516 
4517  for (i = 0; (pool = pond->ipv6_pools[i]) != NULL; i++) {
4518  if (pool->pool_type != D6O_IA_PD) {
4519  continue;
4520  }
4521 
4522  status = try_client_v6_prefix(&reply->lease, pool,
4523  &data_pref);
4524  /* If we found it in this pool (either in use or available),
4525  there is no need to look further. */
4526  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4527  break;
4528  }
4529  if ( (status == ISC_R_SUCCESS) || (status == ISC_R_ADDRINUSE) )
4530  break;
4531  }
4532 
4533  data_string_forget(&data_pref, MDL);
4534  /* Return just the most recent status... */
4535  return (status);
4536 }
4537 
4538 /* Look around for a prefix to give the client. First, look through the old
4539  * IA_PD for prefixes we can extend. Second, try to allocate a new prefix.
4540  * Finally, actually add that prefix into the current reply IA_PD.
4541  */
4542 static isc_result_t
4543 find_client_prefix(struct reply_state *reply) {
4544  struct iaddrcidrnet send_pref;
4545  isc_result_t status = ISC_R_NORESOURCES;
4546  struct iasubopt *prefix, *best_prefix = NULL;
4547  struct binding_scope **scope;
4548  int i;
4549  struct group *group;
4550 
4551  if (reply->static_prefixes > 0) {
4552  struct iaddrcidrnetlist *l;
4553 
4554  if (reply->host == NULL)
4555  return DHCP_R_INVALIDARG;
4556 
4557  for (l = reply->host->fixed_prefix; l != NULL; l = l->next) {
4558  if (l->cidrnet.bits == reply->preflen)
4559  break;
4560  }
4561  if (l == NULL) {
4562  /*
4563  * If no fixed prefix has the preferred length,
4564  * get the first one.
4565  */
4566  l = reply->host->fixed_prefix;
4567  }
4568  memcpy(&send_pref, &l->cidrnet, sizeof(send_pref));
4569 
4570  scope = &global_scope;
4571 
4572  /* Find the static prefixe's subnet. */
4573  if (find_grouped_subnet(&reply->subnet, reply->shared,
4574  send_pref.lo_addr, MDL) == 0)
4575  log_fatal("Impossible condition at %s:%d.", MDL);
4576  group = reply->subnet->group;
4577  subnet_dereference(&reply->subnet, MDL);
4578 
4579  /* Copy the prefix for logging purposes */
4580  memcpy(&reply->fixed_pref, &l->cidrnet, sizeof(send_pref));
4581 
4582  goto send_pref;
4583  }
4584 
4585  if (reply->old_ia != NULL) {
4586  for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
4587  struct shared_network *candidate_shared;
4588  struct ipv6_pond *pond;
4589 
4590  prefix = reply->old_ia->iasubopt[i];
4591  candidate_shared = prefix->ipv6_pool->shared_network;
4592  pond = prefix->ipv6_pool->ipv6_pond;
4593 
4594  /*
4595  * Consider this prefix if it is in a global pool or
4596  * if it is scoped in a pool under the client's shared
4597  * network.
4598  */
4599  if (((candidate_shared != NULL) &&
4600  (candidate_shared != reply->shared)) ||
4601  (lease6_usable(prefix) != ISC_TRUE))
4602  continue;
4603 
4604  /*
4605  * And check if the prefix is still permitted
4606  */
4607 
4608  if (((pond->prohibit_list != NULL) &&
4609  (permitted(reply->packet, pond->prohibit_list))) ||
4610  ((pond->permit_list != NULL) &&
4611  (!permitted(reply->packet, pond->permit_list))))
4612  continue;
4613 
4614  best_prefix = prefix_compare(reply, prefix,
4615  best_prefix);
4616  }
4617  }
4618 
4619  /* Try to pick a new prefix if we didn't find one, or if we found an
4620  * abandoned prefix.
4621  */
4622  if ((best_prefix == NULL) || (best_prefix->state == FTS_ABANDONED)) {
4623  status = pick_v6_prefix(reply);
4624  } else if (best_prefix != NULL) {
4625  iasubopt_reference(&reply->lease, best_prefix, MDL);
4626  status = ISC_R_SUCCESS;
4627  }
4628 
4629  /* Pick the abandoned prefix as a last resort. */
4630  if ((status == ISC_R_NORESOURCES) && (best_prefix != NULL)) {
4631  /* I don't see how this is supposed to be done right now. */
4632  log_error("Reclaiming abandoned prefixes is not yet "
4633  "supported. Treating this as an out of space "
4634  "condition.");
4635  /* iasubopt_reference(&reply->lease, best_prefix, MDL); */
4636  }
4637 
4638  /* Give up now if we didn't find a prefix. */
4639  if (status != ISC_R_SUCCESS)
4640  return status;
4641 
4642  if (reply->lease == NULL)
4643  log_fatal("Impossible condition at %s:%d.", MDL);
4644 
4645  scope = &reply->lease->scope;
4646  group = reply->lease->ipv6_pool->ipv6_pond->group;
4647 
4648  send_pref.lo_addr.len = 16;
4649  memcpy(send_pref.lo_addr.iabuf, &reply->lease->addr, 16);
4650  send_pref.bits = (int) reply->lease->plen;
4651 
4652  send_pref:
4653  status = reply_process_is_prefixed(reply, scope, group);
4654  if (status != ISC_R_SUCCESS)
4655  return status;
4656 
4657  status = reply_process_send_prefix(reply, &send_pref);
4658  return status;
4659 }
4660 
4661 /* Once a prefix is found for a client, perform several common functions;
4662  * Calculate and store valid and preferred prefix times, draw client options
4663  * into the option state.
4664  */
4665 static isc_result_t
4666 reply_process_is_prefixed(struct reply_state *reply,
4667  struct binding_scope **scope, struct group *group)
4668 {
4669  isc_result_t status = ISC_R_SUCCESS;
4670  struct data_string data;
4671  struct option_cache *oc;
4672  struct option_state *tmp_options = NULL;
4673  struct on_star *on_star;
4674  int i;
4675 
4676  /* Initialize values we will cleanup. */
4677  memset(&data, 0, sizeof(data));
4678 
4679  /*
4680  * Find the proper on_star block to use. We use the
4681  * one in the lease if we have a lease or the one in
4682  * the reply if we don't have a lease because this is
4683  * a static instance
4684  */
4685  if (reply->lease) {
4686  on_star = &reply->lease->on_star;
4687  } else {
4688  on_star = &reply->on_star;
4689  }
4690 
4691  /*
4692  * Bring in the root configuration. We only do this to bring
4693  * in the on * statements, as we didn't have the lease available
4694  * we we did it the first time.
4695  */
4696  option_state_allocate(&tmp_options, MDL);
4697  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4698  reply->packet->options, tmp_options,
4699  &global_scope, root_group, NULL,
4700  on_star);
4701  if (tmp_options != NULL) {
4702  option_state_dereference(&tmp_options, MDL);
4703  }
4704 
4705  /*
4706  * Bring configured options into the root packet level cache - start
4707  * with the lease's closest enclosing group (passed in by the caller
4708  * as 'group').
4709  */
4710  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4711  reply->packet->options, reply->opt_state,
4712  scope, group, root_group, on_star);
4713 
4714  /* Execute statements from class scopes. */
4715  for (i = reply->packet->class_count; i > 0; i--) {
4716  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4717  reply->packet->options,
4718  reply->opt_state, scope,
4719  reply->packet->classes[i - 1]->group,
4720  group, on_star);
4721  }
4722 
4723  /*
4724  * If there is a host record, over-ride with values configured there,
4725  * without re-evaluating configuration from the previously executed
4726  * group or its common enclosers.
4727  */
4728  if (reply->host != NULL)
4729  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4730  reply->packet->options,
4731  reply->opt_state, scope,
4732  reply->host->group, group,
4733  on_star);
4734 
4735  /* Determine valid lifetime. */
4736  if (reply->client_valid == 0)
4737  reply->send_valid = DEFAULT_DEFAULT_LEASE_TIME;
4738  else
4739  reply->send_valid = reply->client_valid;
4740 
4741  oc = lookup_option(&server_universe, reply->opt_state,
4743  if (oc != NULL) {
4744  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4745  reply->packet->options,
4746  reply->opt_state,
4747  scope, oc, MDL) ||
4748  (data.len != 4)) {
4749  log_error("reply_process_is_prefixed: unable to "
4750  "evaluate default prefix time");
4751  status = ISC_R_FAILURE;
4752  goto cleanup;
4753  }
4754 
4755  reply->send_valid = getULong(data.data);
4756  data_string_forget(&data, MDL);
4757  }
4758 
4759  if (reply->client_prefer == 0)
4760  reply->send_prefer = reply->send_valid;
4761  else
4762  reply->send_prefer = reply->client_prefer;
4763 
4764  if (reply->send_prefer >= reply->send_valid)
4765  reply->send_prefer = (reply->send_valid / 2) +
4766  (reply->send_valid / 8);
4767 
4768  oc = lookup_option(&server_universe, reply->opt_state,
4770  if (oc != NULL) {
4771  if (!evaluate_option_cache(&data, reply->packet, NULL, NULL,
4772  reply->packet->options,
4773  reply->opt_state,
4774  scope, oc, MDL) ||
4775  (data.len != 4)) {
4776  log_error("reply_process_is_prefixed: unable to "
4777  "evaluate preferred prefix time");
4778  status = ISC_R_FAILURE;
4779  goto cleanup;
4780  }
4781 
4782  reply->send_prefer = getULong(data.data);
4783  data_string_forget(&data, MDL);
4784  }
4785 
4786  /* Note lowest values for later calculation of renew/rebind times. */
4787  if (reply->prefer > reply->send_prefer)
4788  reply->prefer = reply->send_prefer;
4789 
4790  if (reply->valid > reply->send_valid)
4791  reply->valid = reply->send_valid;
4792 
4793  /* Perform dynamic prefix related update work. */
4794  if (reply->lease != NULL) {
4795  /* Cached lifetimes */
4796  reply->lease->prefer = reply->send_prefer;
4797  reply->lease->valid = reply->send_valid;
4798 
4799  /* Advance (or rewind) the valid lifetime. */
4800  if (reply->buf.reply.msg_type == DHCPV6_REPLY) {
4801  reply->lease->soft_lifetime_end_time =
4802  cur_time + reply->send_valid;
4803  /* Wait before renew! */
4804  }
4805 
4806  status = ia_add_iasubopt(reply->ia, reply->lease, MDL);
4807  if (status != ISC_R_SUCCESS) {
4808  log_fatal("reply_process_is_prefixed: Unable to "
4809  "attach prefix to new IA_PD: %s",
4810  isc_result_totext(status));
4811  }
4812 
4813  /*
4814  * If this is a new prefix, make sure it is attached somewhere.
4815  */
4816  if (reply->lease->ia == NULL) {
4817  ia_reference(&reply->lease->ia, reply->ia, MDL);
4818  }
4819  }
4820 
4821  /* Bring a copy of the relevant options into the IA_PD scope. */
4822  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4823  reply->packet->options, reply->reply_ia,
4824  scope, group, root_group, NULL);
4825 
4826  /* Execute statements from class scopes. */
4827  for (i = reply->packet->class_count; i > 0; i--) {
4828  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4829  reply->packet->options,
4830  reply->reply_ia, scope,
4831  reply->packet->classes[i - 1]->group,
4832  group, NULL);
4833  }
4834 
4835  /*
4836  * And bring in host record configuration, if any, but not to overlap
4837  * the previous group or its common enclosers.
4838  */
4839  if (reply->host != NULL)
4840  execute_statements_in_scope(NULL, reply->packet, NULL, NULL,
4841  reply->packet->options,
4842  reply->reply_ia, scope,
4843  reply->host->group, group, NULL);
4844 
4845  cleanup:
4846  if (data.data != NULL)
4847  data_string_forget(&data, MDL);
4848 
4849  if (status == ISC_R_SUCCESS)
4850  reply->client_resources++;
4851 
4852  return status;
4853 }
4854 
4855 /* Simply send an IAPREFIX within the IA_PD scope as described. */
4856 static isc_result_t
4857 reply_process_send_prefix(struct reply_state *reply,
4858  struct iaddrcidrnet *pref) {
4859  isc_result_t status = ISC_R_SUCCESS;
4860  struct data_string data;
4861 
4862  memset(&data, 0, sizeof(data));
4863 
4864  /* Now append the prefix. */
4865  data.len = IAPREFIX_OFFSET;
4866  if (!buffer_allocate(&data.buffer, data.len, MDL)) {
4867  log_error("reply_process_send_prefix: out of memory"
4868  "allocating new IAPREFIX buffer.");
4869  status = ISC_R_NOMEMORY;
4870  goto cleanup;
4871  }
4872  data.data = data.buffer->data;
4873 
4874  putULong(data.buffer->data, reply->send_prefer);
4875  putULong(data.buffer->data + 4, reply->send_valid);
4876  data.buffer->data[8] = pref->bits;
4877  memcpy(data.buffer->data + 9, pref->lo_addr.iabuf, 16);
4878 
4879  if (!append_option_buffer(&dhcpv6_universe, reply->reply_ia,
4880  data.buffer, data.buffer->data,
4881  data.len, D6O_IAPREFIX, 0)) {
4882  log_error("reply_process_send_prefix: unable "
4883  "to save IAPREFIX option");
4884  status = ISC_R_FAILURE;
4885  goto cleanup;
4886  }
4887 
4888  reply->resources_included = ISC_TRUE;
4889 
4890  cleanup:
4891  if (data.data != NULL)
4893 
4894  return status;
4895 }
4896 
4897 /* Choose the better of two prefixes. */
4898 static struct iasubopt *
4899 prefix_compare(struct reply_state *reply,
4900  struct iasubopt *alpha, struct iasubopt *beta) {
4901  if (alpha == NULL)
4902  return beta;
4903  if (beta == NULL)
4904  return alpha;
4905 
4906  if (reply->preflen >= 0) {
4907  if ((alpha->plen == reply->preflen) &&
4908  (beta->plen != reply->preflen))
4909  return alpha;
4910  if ((beta->plen == reply->preflen) &&
4911  (alpha->plen != reply->preflen))
4912  return beta;
4913  }
4914 
4915  switch(alpha->state) {
4916  case FTS_ACTIVE:
4917  switch(beta->state) {
4918  case FTS_ACTIVE:
4919  /* Choose the prefix with the longest lifetime (most
4920  * likely the most recently allocated).
4921  */
4922  if (alpha->hard_lifetime_end_time <
4923  beta->hard_lifetime_end_time)
4924  return beta;
4925  else
4926  return alpha;
4927 
4928  case FTS_EXPIRED:
4929  case FTS_ABANDONED:
4930  return alpha;
4931 
4932  default:
4933  log_fatal("Impossible condition at %s:%d.", MDL);
4934  }
4935  break;
4936 
4937  case FTS_EXPIRED:
4938  switch (beta->state) {
4939  case FTS_ACTIVE:
4940  return beta;
4941 
4942  case FTS_EXPIRED:
4943  /* Choose the most recently expired prefix. */
4944  if (alpha->hard_lifetime_end_time <
4945  beta->hard_lifetime_end_time)
4946  return beta;
4947  else if ((alpha->hard_lifetime_end_time ==
4948  beta->hard_lifetime_end_time) &&
4949  (alpha->soft_lifetime_end_time <
4950  beta->soft_lifetime_end_time))
4951  return beta;
4952  else
4953  return alpha;
4954 
4955  case FTS_ABANDONED:
4956  return alpha;
4957 
4958  default:
4959  log_fatal("Impossible condition at %s:%d.", MDL);
4960  }
4961  break;
4962 
4963  case FTS_ABANDONED:
4964  switch (beta->state) {
4965  case FTS_ACTIVE:
4966  case FTS_EXPIRED:
4967  return alpha;
4968 
4969  case FTS_ABANDONED:
4970  /* Choose the prefix that was abandoned longest ago. */
4971  if (alpha->hard_lifetime_end_time <
4972  beta->hard_lifetime_end_time)
4973  return alpha;
4974  else
4975  return beta;
4976 
4977  default:
4978  log_fatal("Impossible condition at %s:%d.", MDL);
4979  }
4980  break;
4981 
4982  default:
4983  log_fatal("Impossible condition at %s:%d.", MDL);
4984  }
4985 
4986  log_fatal("Triple impossible condition at %s:%d.", MDL);
4987  return NULL;
4988 }
4989 
4990 /*
4991  * Solicit is how a client starts requesting addresses.
4992  *
4993  * If the client asks for rapid commit, and we support it, we will
4994  * allocate the addresses and reply.
4995  *
4996  * Otherwise we will send an advertise message.
4997  */
4998 
4999 static void
5000 dhcpv6_solicit(struct data_string *reply_ret, struct packet *packet) {
5001  struct data_string client_id;
5002 
5004 
5005  /*
5006  * Validate our input.
5007  */
5008  if (!valid_client_msg(packet, &client_id)) {
5009  return;
5010  }
5011 
5012  lease_to_client(reply_ret, packet, &client_id, NULL);
5013 
5014  /*
5015  * Clean up.
5016  */
5017  data_string_forget(&client_id, MDL);
5018 
5020 }
5021 
5022 /*
5023  * Request is how a client actually requests addresses.
5024  *
5025  * Very similar to Solicit handling, except the server DUID is required.
5026  */
5027 
5028 static void
5029 dhcpv6_request(struct data_string *reply_ret, struct packet *packet) {
5030  struct data_string client_id;
5031  struct data_string server_id;
5032 
5034 
5035  /*
5036  * Validate our input.
5037  */
5038  if (!valid_client_resp(packet, &client_id, &server_id)) {
5039  return;
5040  }
5041 
5042  /*
5043  * Issue our lease.
5044  */
5045  lease_to_client(reply_ret, packet, &client_id, &server_id);
5046 
5047  /*
5048  * Cleanup.
5049  */
5050  data_string_forget(&client_id, MDL);
5051  data_string_forget(&server_id, MDL);
5052 
5054 }
5055 
5056 /* Find a DHCPv6 packet's shared network from hints in the packet.
5057  */
5058 static isc_result_t
5059 shared_network_from_packet6(struct shared_network **shared,
5060  struct packet *packet)
5061 {
5062  const struct packet *chk_packet;
5063  const struct in6_addr *link_addr, *first_link_addr;
5064  struct iaddr tmp_addr;
5065  struct subnet *subnet;
5066  isc_result_t status;
5067 
5068  if ((shared == NULL) || (*shared != NULL) || (packet == NULL))
5069  return DHCP_R_INVALIDARG;
5070 
5071  /*
5072  * First, find the link address where the packet from the client
5073  * first appeared (if this packet was relayed).
5074  */
5075  first_link_addr = NULL;
5076  chk_packet = packet->dhcpv6_container_packet;
5077  while (chk_packet != NULL) {
5078  link_addr = &chk_packet->dhcpv6_link_address;
5079  if (!IN6_IS_ADDR_UNSPECIFIED(link_addr) &&
5080  !IN6_IS_ADDR_LINKLOCAL(link_addr)) {
5081  first_link_addr = link_addr;
5082  break;
5083  }
5084  chk_packet = chk_packet->dhcpv6_container_packet;
5085  }
5086 
5087  /*
5088  * If there is a relayed link address, find the subnet associated
5089  * with that, and use that to get the appropriate
5090  * shared_network.
5091  */
5092  if (first_link_addr != NULL) {
5093  tmp_addr.len = sizeof(*first_link_addr);
5094  memcpy(tmp_addr.iabuf,
5095  first_link_addr, sizeof(*first_link_addr));
5096  subnet = NULL;
5097  if (!find_subnet(&subnet, tmp_addr, MDL)) {
5098  log_debug("No subnet found for link-address %s.",
5099  piaddr(tmp_addr));
5100  return ISC_R_NOTFOUND;
5101  }
5102  status = shared_network_reference(shared,
5103  subnet->shared_network, MDL);
5104  subnet_dereference(&subnet, MDL);
5105 
5106  /*
5107  * If there is no link address, we will use the interface
5108  * that this packet came in on to pick the shared_network.
5109  */
5110  } else if (packet->interface != NULL) {
5111  status = shared_network_reference(shared,
5112  packet->interface->shared_network,
5113  MDL);
5114  if (packet->dhcpv6_container_packet != NULL) {
5115  log_info("[L2 Relay] No link address in relay packet "
5116  "assuming L2 relay and using receiving "
5117  "interface");
5118  }
5119 
5120  } else {
5121  /*
5122  * We shouldn't be able to get here but if there is no link
5123  * address and no interface we don't know where to get the
5124  * pool from log an error and return an error.
5125  */
5126  log_error("No interface and no link address "
5127  "can't determine pool");
5128  status = DHCP_R_INVALIDARG;
5129  }
5130 
5131  return status;
5132 }
5133 
5134 /*
5135  * When a client thinks it might be on a new link, it sends a
5136  * Confirm message.
5137  *
5138  * From RFC3315 section 18.2.2:
5139  *
5140  * When the server receives a Confirm message, the server determines
5141  * whether the addresses in the Confirm message are appropriate for the
5142  * link to which the client is attached. If all of the addresses in the
5143  * Confirm message pass this test, the server returns a status of
5144  * Success. If any of the addresses do not pass this test, the server
5145  * returns a status of NotOnLink. If the server is unable to perform
5146  * this test (for example, the server does not have information about
5147  * prefixes on the link to which the client is connected), or there were
5148  * no addresses in any of the IAs sent by the client, the server MUST
5149  * NOT send a reply to the client.
5150  */
5151 
5152 static void
5153 dhcpv6_confirm(struct data_string *reply_ret, struct packet *packet) {
5154  struct shared_network *shared;
5155  struct subnet *subnet;
5156  struct option_cache *ia, *ta, *oc;
5157  struct data_string cli_enc_opt_data, iaaddr, client_id, packet_oro;
5158  struct option_state *cli_enc_opt_state, *opt_state;
5159  struct iaddr cli_addr;
5160  int pass;
5161  isc_boolean_t inappropriate, has_addrs;
5162  char reply_data[65536];
5163  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5164  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5165 
5167 
5168  /*
5169  * Basic client message validation.
5170  */
5171  memset(&client_id, 0, sizeof(client_id));
5172  if (!valid_client_msg(packet, &client_id)) {
5173  return;
5174  }
5175 
5176  /*
5177  * Do not process Confirms that do not have IA's we do not recognize.
5178  */
5181  if ((ia == NULL) && (ta == NULL))
5182  return;
5183 
5184  /*
5185  * IA_PD's are simply ignored.
5186  */
5188 
5189  /*
5190  * Bit of variable initialization.
5191  */
5192  opt_state = cli_enc_opt_state = NULL;
5193  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5194  memset(&iaaddr, 0, sizeof(iaaddr));
5195  memset(&packet_oro, 0, sizeof(packet_oro));
5196 
5197  /* Determine what shared network the client is connected to. We
5198  * must not respond if we don't have any information about the
5199  * network the client is on.
5200  */
5201  shared = NULL;
5202  if ((shared_network_from_packet6(&shared, packet) != ISC_R_SUCCESS) ||
5203  (shared == NULL))
5204  goto exit;
5205 
5206  /* If there are no recorded subnets, then we have no
5207  * information about this subnet - ignore Confirms.
5208  */
5209  subnet = shared->subnets;
5210  if (subnet == NULL)
5211  goto exit;
5212 
5213  /* Are the addresses in all the IA's appropriate for that link? */
5214  has_addrs = inappropriate = ISC_FALSE;
5215  pass = D6O_IA_NA;
5216  while(!inappropriate) {
5217  /* If we've reached the end of the IA_NA pass, move to the
5218  * IA_TA pass.
5219  */
5220  if ((pass == D6O_IA_NA) && (ia == NULL)) {
5221  pass = D6O_IA_TA;
5222  ia = ta;
5223  }
5224 
5225  /* If we've reached the end of all passes, we're done. */
5226  if (ia == NULL)
5227  break;
5228 
5229  if (((pass == D6O_IA_NA) &&
5230  !get_encapsulated_IA_state(&cli_enc_opt_state,
5231  &cli_enc_opt_data,
5232  packet, ia, IA_NA_OFFSET)) ||
5233  ((pass == D6O_IA_TA) &&
5234  !get_encapsulated_IA_state(&cli_enc_opt_state,
5235  &cli_enc_opt_data,
5236  packet, ia, IA_TA_OFFSET))) {
5237  goto exit;
5238  }
5239 
5240  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5241  D6O_IAADDR);
5242 
5243  for ( ; oc != NULL ; oc = oc->next) {
5244  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5245  packet->options, NULL,
5246  &global_scope, oc, MDL) ||
5247  (iaaddr.len < IAADDR_OFFSET)) {
5248  log_error("dhcpv6_confirm: "
5249  "error evaluating IAADDR.");
5250  goto exit;
5251  }
5252 
5253  /* Copy out the IPv6 address for processing. */
5254  cli_addr.len = 16;
5255  memcpy(cli_addr.iabuf, iaaddr.data, 16);
5256 
5257  data_string_forget(&iaaddr, MDL);
5258 
5259  /* Record that we've processed at least one address. */
5260  has_addrs = ISC_TRUE;
5261 
5262  /* Find out if any subnets cover this address. */
5263  for (subnet = shared->subnets ; subnet != NULL ;
5264  subnet = subnet->next_sibling) {
5265  if (addr_eq(subnet_number(cli_addr,
5266  subnet->netmask),
5267  subnet->net))
5268  break;
5269  }
5270 
5271  /* If we reach the end of the subnet list, and no
5272  * subnet matches the client address, then it must
5273  * be inappropriate to the link (so far as our
5274  * configuration says). Once we've found one
5275  * inappropriate address, there is no reason to
5276  * continue searching.
5277  */
5278  if (subnet == NULL) {
5279  inappropriate = ISC_TRUE;
5280  break;
5281  }
5282  }
5283 
5284  option_state_dereference(&cli_enc_opt_state, MDL);
5285  data_string_forget(&cli_enc_opt_data, MDL);
5286 
5287  /* Advance to the next IA_*. */
5288  ia = ia->next;
5289  }
5290 
5291  /* If the client supplied no addresses, do not reply. */
5292  if (!has_addrs)
5293  goto exit;
5294 
5295  /*
5296  * Set up reply.
5297  */
5298  if (!start_reply(packet, &client_id, NULL, &opt_state, reply)) {
5299  goto exit;
5300  }
5301 
5302  /*
5303  * Set our status.
5304  */
5305  if (inappropriate) {
5306  if (!set_status_code(STATUS_NotOnLink,
5307  "Some of the addresses are not on link.",
5308  opt_state)) {
5309  goto exit;
5310  }
5311  } else {
5312  if (!set_status_code(STATUS_Success,
5313  "All addresses still on link.",
5314  opt_state)) {
5315  goto exit;
5316  }
5317  }
5318 
5319  /*
5320  * Only one option: add it.
5321  */
5322  reply_ofs += store_options6(reply_data+reply_ofs,
5323  sizeof(reply_data)-reply_ofs,
5324  opt_state, packet,
5325  required_opts, &packet_oro);
5326 
5327  /*
5328  * Return our reply to the caller.
5329  */
5330  reply_ret->len = reply_ofs;
5331  reply_ret->buffer = NULL;
5332  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5333  log_fatal("No memory to store reply.");
5334  }
5335  reply_ret->data = reply_ret->buffer->data;
5336  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5337 
5338 exit:
5339  /* Cleanup any stale data strings. */
5340  if (cli_enc_opt_data.buffer != NULL)
5341  data_string_forget(&cli_enc_opt_data, MDL);
5342  if (iaaddr.buffer != NULL)
5343  data_string_forget(&iaaddr, MDL);
5344  if (client_id.buffer != NULL)
5345  data_string_forget(&client_id, MDL);
5346  if (packet_oro.buffer != NULL)
5347  data_string_forget(&packet_oro, MDL);
5348 
5349  /* Release any stale option states. */
5350  if (cli_enc_opt_state != NULL)
5351  option_state_dereference(&cli_enc_opt_state, MDL);
5352  if (opt_state != NULL)
5353  option_state_dereference(&opt_state, MDL);
5354 
5356 }
5357 
5358 /*
5359  * Renew is when a client wants to extend its lease/prefix, at time T1.
5360  *
5361  * We handle this the same as if the client wants a new lease/prefix,
5362  * except for the error code of when addresses don't match.
5363  */
5364 
5365 static void
5366 dhcpv6_renew(struct data_string *reply, struct packet *packet) {
5367  struct data_string client_id;
5368  struct data_string server_id;
5369 
5371 
5372  /*
5373  * Validate the request.
5374  */
5375  if (!valid_client_resp(packet, &client_id, &server_id)) {
5376  return;
5377  }
5378 
5379  /*
5380  * Renew our lease.
5381  */
5382  lease_to_client(reply, packet, &client_id, &server_id);
5383 
5384  /*
5385  * Cleanup.
5386  */
5387  data_string_forget(&server_id, MDL);
5388  data_string_forget(&client_id, MDL);
5389 
5391 }
5392 
5393 /*
5394  * Rebind is when a client wants to extend its lease, at time T2.
5395  *
5396  * We handle this the same as if the client wants a new lease, except
5397  * for the error code of when addresses don't match.
5398  */
5399 
5400 static void
5401 dhcpv6_rebind(struct data_string *reply, struct packet *packet) {
5402  struct data_string client_id;
5403 
5405 
5406  if (!valid_client_msg(packet, &client_id)) {
5407  return;
5408  }
5409 
5410  lease_to_client(reply, packet, &client_id, NULL);
5411 
5412  data_string_forget(&client_id, MDL);
5413 
5415 }
5416 
5417 static void
5418 ia_na_match_decline(const struct data_string *client_id,
5419  const struct data_string *iaaddr,
5420  struct iasubopt *lease)
5421 {
5422  char tmp_addr[INET6_ADDRSTRLEN];
5423 
5424  log_error("Client %s reports address %s is "
5425  "already in use by another host!",
5426  print_hex_1(client_id->len, client_id->data, 60),
5427  inet_ntop(AF_INET6, iaaddr->data,
5428  tmp_addr, sizeof(tmp_addr)));
5429  if (lease != NULL) {
5430  decline_lease6(lease->ipv6_pool, lease);
5431  lease->ia->cltt = cur_time;
5432  write_ia(lease->ia);
5433  }
5434 }
5435 
5436 static void
5437 ia_na_nomatch_decline(const struct data_string *client_id,
5438  const struct data_string *iaaddr,
5439  u_int32_t *ia_na_id,
5440  struct packet *packet,
5441  char *reply_data,
5442  int *reply_ofs,
5443  int reply_len)
5444 {
5445  char tmp_addr[INET6_ADDRSTRLEN];
5446  struct option_state *host_opt_state;
5447  int len;
5448 
5449  log_info("Client %s declines address %s, which is not offered to it.",
5450  print_hex_1(client_id->len, client_id->data, 60),
5451  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5452 
5453  /*
5454  * Create state for this IA_NA.
5455  */
5456  host_opt_state = NULL;
5457  if (!option_state_allocate(&host_opt_state, MDL)) {
5458  log_error("ia_na_nomatch_decline: out of memory "
5459  "allocating option_state.");
5460  goto exit;
5461  }
5462 
5463  if (!set_status_code(STATUS_NoBinding, "Decline for unknown address.",
5464  host_opt_state)) {
5465  goto exit;
5466  }
5467 
5468  /*
5469  * Insure we have enough space
5470  */
5471  if (reply_len < (*reply_ofs + 16)) {
5472  log_error("ia_na_nomatch_decline: "
5473  "out of space for reply packet.");
5474  goto exit;
5475  }
5476 
5477  /*
5478  * Put our status code into the reply packet.
5479  */
5480  len = store_options6(reply_data+(*reply_ofs)+16,
5481  reply_len-(*reply_ofs)-16,
5482  host_opt_state, packet,
5483  required_opts_STATUS_CODE, NULL);
5484 
5485  /*
5486  * Store the non-encapsulated option data for this
5487  * IA_NA into our reply packet. Defined in RFC 3315,
5488  * section 22.4.
5489  */
5490  /* option number */
5491  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5492  /* option length */
5493  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5494  /* IA_NA, copied from the client */
5495  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5496  /* t1 and t2, odd that we need them, but here it is */
5497  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5498  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5499 
5500  /*
5501  * Get ready for next IA_NA.
5502  */
5503  *reply_ofs += (len + 16);
5504 
5505 exit:
5506  option_state_dereference(&host_opt_state, MDL);
5507 }
5508 
5509 static void
5510 iterate_over_ia_na(struct data_string *reply_ret,
5511  struct packet *packet,
5512  const struct data_string *client_id,
5513  const struct data_string *server_id,
5514  const char *packet_type,
5515  void (*ia_na_match)(),
5516  void (*ia_na_nomatch)())
5517 {
5518  struct option_state *opt_state;
5519  struct host_decl *packet_host;
5520  struct option_cache *ia;
5521  struct option_cache *oc;
5522  /* cli_enc_... variables come from the IA_NA/IA_TA options */
5523  struct data_string cli_enc_opt_data;
5524  struct option_state *cli_enc_opt_state;
5525  struct host_decl *host;
5526  struct option_state *host_opt_state;
5527  struct data_string iaaddr;
5528  struct data_string fixed_addr;
5529  char reply_data[65536];
5530  struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
5531  int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
5532  char status_msg[32];
5533  struct iasubopt *lease;
5534  struct ia_xx *existing_ia_na;
5535  int i;
5536  struct data_string key;
5537  u_int32_t iaid;
5538 
5539  /*
5540  * Initialize to empty values, in case we have to exit early.
5541  */
5542  opt_state = NULL;
5543  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
5544  cli_enc_opt_state = NULL;
5545  memset(&iaaddr, 0, sizeof(iaaddr));
5546  memset(&fixed_addr, 0, sizeof(fixed_addr));
5547  host_opt_state = NULL;
5548  lease = NULL;
5549 
5550  /*
5551  * Find the host record that matches from the packet, if any.
5552  */
5553  packet_host = NULL;
5554  if (!find_hosts_by_uid(&packet_host,
5555  client_id->data, client_id->len, MDL)) {
5556  packet_host = NULL;
5557  /*
5558  * Note: In general, we don't expect a client to provide
5559  * enough information to match by option for these
5560  * types of messages, but if we don't have a UID
5561  * match we can check anyway.
5562  */
5563  if (!find_hosts_by_option(&packet_host,
5564  packet, packet->options, MDL)) {
5565  packet_host = NULL;
5566 
5567  if (!find_hosts_by_duid_chaddr(&packet_host,
5568  client_id))
5569  packet_host = NULL;
5570  }
5571  }
5572 
5573  /*
5574  * Set our reply information.
5575  */
5576  reply->msg_type = DHCPV6_REPLY;
5577  memcpy(reply->transaction_id, packet->dhcpv6_transaction_id,
5578  sizeof(reply->transaction_id));
5579 
5580  /*
5581  * Build our option state for reply.
5582  */
5583  opt_state = NULL;
5584  if (!option_state_allocate(&opt_state, MDL)) {
5585  log_error("iterate_over_ia_na: no memory for option_state.");
5586  goto exit;
5587  }
5588  execute_statements_in_scope(NULL, packet, NULL, NULL,
5589  packet->options, opt_state,
5590  &global_scope, root_group, NULL, NULL);
5591 
5592  /*
5593  * RFC 3315, section 18.2.7 tells us which options to include.
5594  */
5595  oc = lookup_option(&dhcpv6_universe, opt_state, D6O_SERVERID);
5596  if (oc == NULL) {
5597  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
5598  (unsigned char *)server_duid.data,
5599  server_duid.len, D6O_SERVERID, 0)) {
5600  log_error("iterate_over_ia_na: "
5601  "error saving server identifier.");
5602  goto exit;
5603  }
5604  }
5605 
5606  if (!save_option_buffer(&dhcpv6_universe, opt_state,
5607  client_id->buffer,
5608  (unsigned char *)client_id->data,
5609  client_id->len,
5610  D6O_CLIENTID, 0)) {
5611  log_error("iterate_over_ia_na: "
5612  "error saving client identifier.");
5613  goto exit;
5614  }
5615 
5616  /* reject unicast message, unless we set unicast option */
5617  if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) {
5618  /*
5619  * RFC3315 section 18.2.6 (Release):
5620  *
5621  * When the server receives a Release message via unicast from a client
5622  * to which the server has not sent a unicast option, the server
5623  * discards the Release message and responds with a Reply message
5624  * containing a Status Code option with value UseMulticast, a Server
5625  * Identifier option containing the server's DUID, the Client Identifier
5626  * option from the client message, and no other options.
5627  *
5628  * Section 18.2.7 (Decline):
5629  *
5630  * When the server receives a Decline message via unicast from a client
5631  * to which the server has not sent a unicast option, the server
5632  * discards the Decline message and responds with a Reply message
5633  * containing a Status Code option with the value UseMulticast, a Server
5634  * Identifier option containing the server's DUID, the Client Identifier
5635  * option from the client message, and no other options.
5636  */
5637  snprintf(status_msg, sizeof(status_msg),
5638  "%s received unicast.", packet_type);
5639  if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) {
5640  goto exit;
5641  }
5642 
5643  /*
5644  * Produce an reply that includes only:
5645  *
5646  * Status code.
5647  * Server DUID.
5648  * Client DUID.
5649  */
5650  reply_ofs += store_options6(reply_data+reply_ofs,
5651  sizeof(reply_data)-reply_ofs,
5652  opt_state, packet,
5653  required_opts_NAA, NULL);
5654 
5655  goto return_reply;
5656  } else {
5657  snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type);
5658  if (!set_status_code(STATUS_Success, status_msg, opt_state)) {
5659  goto exit;
5660  }
5661 
5662  /*
5663  * Add our options that are not associated with any IA_NA or IA_TA.
5664  */
5665  reply_ofs += store_options6(reply_data+reply_ofs,
5666  sizeof(reply_data)-reply_ofs,
5667  opt_state, packet,
5668  required_opts, NULL);
5669  }
5670 
5671  /*
5672  * Loop through the IA_NA reported by the client, and deal with
5673  * addresses reported as already in use.
5674  */
5675  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_NA);
5676  ia != NULL; ia = ia->next) {
5677 
5678  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
5679  &cli_enc_opt_data,
5680  packet, ia, IA_NA_OFFSET)) {
5681  goto exit;
5682  }
5683 
5684  iaid = getULong(cli_enc_opt_data.data);
5685 
5686  /*
5687  * XXX: It is possible that we can get multiple addresses
5688  * sent by the client. We don't send multiple
5689  * addresses, so this indicates a client error.
5690  * We should check for multiple IAADDR options, log
5691  * if found, and set as an error.
5692  */
5693  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
5694  D6O_IAADDR);
5695  if (oc == NULL) {
5696  /* no address given for this IA, ignore */
5697  option_state_dereference(&cli_enc_opt_state, MDL);
5698  data_string_forget(&cli_enc_opt_data, MDL);
5699  continue;
5700  }
5701 
5702  memset(&iaaddr, 0, sizeof(iaaddr));
5703  if (!evaluate_option_cache(&iaaddr, packet, NULL, NULL,
5704  packet->options, NULL,
5705  &global_scope, oc, MDL)) {
5706  log_error("iterate_over_ia_na: "
5707  "error evaluating IAADDR.");
5708  goto exit;
5709  }
5710 
5711  /*
5712  * Now we need to figure out which host record matches
5713  * this IA_NA and IAADDR (encapsulated option contents
5714  * matching a host record by option).
5715  *
5716  * XXX: We don't currently track IA_NA separately, but
5717  * we will need to do this!
5718  */
5719  host = NULL;
5720  if (!find_hosts_by_option(&host, packet,
5721  cli_enc_opt_state, MDL)) {
5722  if (packet_host != NULL) {
5723  host = packet_host;
5724  } else {
5725  host = NULL;
5726  }
5727  }
5728  while (host != NULL) {
5729  if (host->fixed_addr != NULL) {
5730  if (!evaluate_option_cache(&fixed_addr, NULL,
5731  NULL, NULL, NULL,
5732  NULL, &global_scope,
5733  host->fixed_addr,
5734  MDL)) {
5735  log_error("iterate_over_ia_na: error "
5736  "evaluating host address.");
5737  goto exit;
5738  }
5739  if ((iaaddr.len >= 16) &&
5740  !memcmp(fixed_addr.data, iaaddr.data, 16)) {
5741  data_string_forget(&fixed_addr, MDL);
5742  break;
5743  }
5744  data_string_forget(&fixed_addr, MDL);
5745  }
5746  host = host->n_ipaddr;
5747  }
5748 
5749  if ((host == NULL) && (iaaddr.len >= IAADDR_OFFSET)) {
5750  /*
5751  * Find existing IA_NA.
5752  */
5753  if (ia_make_key(&key, iaid,
5754  (char *)client_id->data,
5755  client_id->len,
5756  MDL) != ISC_R_SUCCESS) {
5757  log_fatal("iterate_over_ia_na: no memory for "
5758  "key.");
5759  }
5760 
5761  existing_ia_na = NULL;
5762  if (ia_hash_lookup(&existing_ia_na, ia_na_active,
5763  (unsigned char *)key.data,
5764  key.len, MDL)) {
5765  /*
5766  * Make sure this address is in the IA_NA.
5767  */
5768  for (i=0; i<existing_ia_na->num_iasubopt; i++) {
5769  struct iasubopt *tmp;
5770  struct in6_addr *in6_addr;
5771 
5772  tmp = existing_ia_na->iasubopt[i];
5773  in6_addr = &tmp->addr;
5774  if (memcmp(in6_addr,
5775  iaaddr.data, 16) == 0) {
5776  iasubopt_reference(&lease,
5777  tmp, MDL);
5778  break;
5779  }
5780  }
5781  }
5782 
5783  data_string_forget(&key, MDL);
5784  }
5785 
5786  if ((host != NULL) || (lease != NULL)) {
5787  ia_na_match(client_id, &iaaddr, lease);
5788  } else {
5789  ia_na_nomatch(client_id, &iaaddr,
5790  (u_int32_t *)cli_enc_opt_data.data,
5791  packet, reply_data, &reply_ofs,
5792  sizeof(reply_data));
5793  }
5794 
5795  if (lease != NULL) {
5796  iasubopt_dereference(&lease, MDL);
5797  }
5798 
5799  data_string_forget(&iaaddr, MDL);
5800  option_state_dereference(&cli_enc_opt_state, MDL);
5801  data_string_forget(&cli_enc_opt_data, MDL);
5802  }
5803 
5804  /*
5805  * Return our reply to the caller.
5806  */
5807 return_reply:
5808  reply_ret->len = reply_ofs;
5809  reply_ret->buffer = NULL;
5810  if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) {
5811  log_fatal("No memory to store reply.");
5812  }
5813  reply_ret->data = reply_ret->buffer->data;
5814  memcpy(reply_ret->buffer->data, reply, reply_ofs);
5815 
5816 exit:
5817  if (lease != NULL) {
5818  iasubopt_dereference(&lease, MDL);
5819  }
5820  if (host_opt_state != NULL) {
5821  option_state_dereference(&host_opt_state, MDL);
5822  }
5823  if (fixed_addr.buffer != NULL) {
5824  data_string_forget(&fixed_addr, MDL);
5825  }
5826  if (iaaddr.buffer != NULL) {
5827  data_string_forget(&iaaddr, MDL);
5828  }
5829  if (cli_enc_opt_state != NULL) {
5830  option_state_dereference(&cli_enc_opt_state, MDL);
5831  }
5832  if (cli_enc_opt_data.buffer != NULL) {
5833  data_string_forget(&cli_enc_opt_data, MDL);
5834  }
5835  if (opt_state != NULL) {
5836  option_state_dereference(&opt_state, MDL);
5837  }
5838 }
5839 
5840 /*
5841  * Decline means a client has detected that something else is using an
5842  * address we gave it.
5843  *
5844  * Since we're only dealing with fixed leases for now, there's not
5845  * much we can do, other that log the occurrence.
5846  *
5847  * When we start issuing addresses from pools, then we will have to
5848  * record our declined addresses and issue another. In general with
5849  * IPv6 there is no worry about DoS by clients exhausting space, but
5850  * we still need to be aware of this possibility.
5851  */
5852 
5853 /* TODO: IA_TA */
5854 static void
5855 dhcpv6_decline(struct data_string *reply, struct packet *packet) {
5856  struct data_string client_id;
5857  struct data_string server_id;
5858 
5860 
5861  /*
5862  * Validate our input.
5863  */
5864  if (!valid_client_resp(packet, &client_id, &server_id)) {
5865  return;
5866  }
5867 
5868  /*
5869  * Undefined for IA_PD.
5870  */
5872 
5873  /*
5874  * And operate on each IA_NA in this packet.
5875  */
5876  iterate_over_ia_na(reply, packet, &client_id, &server_id, "Decline",
5877  ia_na_match_decline, ia_na_nomatch_decline);
5878 
5879  data_string_forget(&server_id, MDL);
5880  data_string_forget(&client_id, MDL);
5881 
5883 }
5884 
5885 static void
5886 ia_na_match_release(const struct data_string *client_id,
5887  const struct data_string *iaaddr,
5888  struct iasubopt *lease)
5889 {
5890  char tmp_addr[INET6_ADDRSTRLEN];
5891 
5892  log_info("Client %s releases address %s",
5893  print_hex_1(client_id->len, client_id->data, 60),
5894  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5895  if (lease != NULL) {
5896  release_lease6(lease->ipv6_pool, lease);
5897  lease->ia->cltt = cur_time;
5898  write_ia(lease->ia);
5899  }
5900 }
5901 
5902 static void
5903 ia_na_nomatch_release(const struct data_string *client_id,
5904  const struct data_string *iaaddr,
5905  u_int32_t *ia_na_id,
5906  struct packet *packet,
5907  char *reply_data,
5908  int *reply_ofs,
5909  int reply_len)
5910 {
5911  char tmp_addr[INET6_ADDRSTRLEN];
5912  struct option_state *host_opt_state;
5913  int len;
5914 
5915  log_info("Client %s releases address %s, which is not leased to it.",
5916  print_hex_1(client_id->len, client_id->data, 60),
5917  inet_ntop(AF_INET6, iaaddr->data, tmp_addr, sizeof(tmp_addr)));
5918 
5919  /*
5920  * Create state for this IA_NA.
5921  */
5922  host_opt_state = NULL;
5923  if (!option_state_allocate(&host_opt_state, MDL)) {
5924  log_error("ia_na_nomatch_release: out of memory "
5925  "allocating option_state.");
5926  goto exit;
5927  }
5928 
5929  if (!set_status_code(STATUS_NoBinding,
5930  "Release for non-leased address.",
5931  host_opt_state)) {
5932  goto exit;
5933  }
5934 
5935  /*
5936  * Insure we have enough space
5937  */
5938  if (reply_len < (*reply_ofs + 16)) {
5939  log_error("ia_na_nomatch_release: "
5940  "out of space for reply packet.");
5941  goto exit;
5942  }
5943 
5944  /*
5945  * Put our status code into the reply packet.
5946  */
5947  len = store_options6(reply_data+(*reply_ofs)+16,
5948  reply_len-(*reply_ofs)-16,
5949  host_opt_state, packet,
5950  required_opts_STATUS_CODE, NULL);
5951 
5952  /*
5953  * Store the non-encapsulated option data for this
5954  * IA_NA into our reply packet. Defined in RFC 3315,
5955  * section 22.4.
5956  */
5957  /* option number */
5958  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_NA);
5959  /* option length */
5960  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
5961  /* IA_NA, copied from the client */
5962  memcpy(reply_data+(*reply_ofs)+4, ia_na_id, 4);
5963  /* t1 and t2, odd that we need them, but here it is */
5964  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
5965  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
5966 
5967  /*
5968  * Get ready for next IA_NA.
5969  */
5970  *reply_ofs += (len + 16);
5971 
5972 exit:
5973  option_state_dereference(&host_opt_state, MDL);
5974 }
5975 
5976 static void
5977 ia_pd_match_release(const struct data_string *client_id,
5978  const struct data_string *iapref,
5979  struct iasubopt *prefix)
5980 {
5981  char tmp_addr[INET6_ADDRSTRLEN];
5982 
5983  log_info("Client %s releases prefix %s/%u",
5984  print_hex_1(client_id->len, client_id->data, 60),
5985  inet_ntop(AF_INET6, iapref->data + 9,
5986  tmp_addr, sizeof(tmp_addr)),
5987  (unsigned) getUChar(iapref->data + 8));
5988  if (prefix != NULL) {
5989  release_lease6(prefix->ipv6_pool, prefix);
5990  prefix->ia->cltt = cur_time;
5991  write_ia(prefix->ia);
5992  }
5993 }
5994 
5995 static void
5996 ia_pd_nomatch_release(const struct data_string *client_id,
5997  const struct data_string *iapref,
5998  u_int32_t *ia_pd_id,
5999  struct packet *packet,
6000  char *reply_data,
6001  int *reply_ofs,
6002  int reply_len)
6003 {
6004  char tmp_addr[INET6_ADDRSTRLEN];
6005  struct option_state *host_opt_state;
6006  int len;
6007 
6008  log_info("Client %s releases prefix %s/%u, which is not leased to it.",
6009  print_hex_1(client_id->len, client_id->data, 60),
6010  inet_ntop(AF_INET6, iapref->data + 9,
6011  tmp_addr, sizeof(tmp_addr)),
6012  (unsigned) getUChar(iapref->data + 8));
6013 
6014  /*
6015  * Create state for this IA_PD.
6016  */
6017  host_opt_state = NULL;
6018  if (!option_state_allocate(&host_opt_state, MDL)) {
6019  log_error("ia_pd_nomatch_release: out of memory "
6020  "allocating option_state.");
6021  goto exit;
6022  }
6023 
6024  if (!set_status_code(STATUS_NoBinding,
6025  "Release for non-leased prefix.",
6026  host_opt_state)) {
6027  goto exit;
6028  }
6029 
6030  /*
6031  * Insure we have enough space
6032  */
6033  if (reply_len < (*reply_ofs + 16)) {
6034  log_error("ia_pd_nomatch_release: "
6035  "out of space for reply packet.");
6036  goto exit;
6037  }
6038 
6039  /*
6040  * Put our status code into the reply packet.
6041  */
6042  len = store_options6(reply_data+(*reply_ofs)+16,
6043  reply_len-(*reply_ofs)-16,
6044  host_opt_state, packet,
6045  required_opts_STATUS_CODE, NULL);
6046 
6047  /*
6048  * Store the non-encapsulated option data for this
6049  * IA_PD into our reply packet. Defined in RFC 3315,
6050  * section 22.4.
6051  */
6052  /* option number */
6053  putUShort((unsigned char *)reply_data+(*reply_ofs), D6O_IA_PD);
6054  /* option length */
6055  putUShort((unsigned char *)reply_data+(*reply_ofs)+2, len + 12);
6056  /* IA_PD, copied from the client */
6057  memcpy(reply_data+(*reply_ofs)+4, ia_pd_id, 4);
6058  /* t1 and t2, odd that we need them, but here it is */
6059  putULong((unsigned char *)reply_data+(*reply_ofs)+8, 0);
6060  putULong((unsigned char *)reply_data+(*reply_ofs)+12, 0);
6061 
6062  /*
6063  * Get ready for next IA_PD.
6064  */
6065  *reply_ofs += (len + 16);
6066 
6067 exit:
6068  option_state_dereference(&host_opt_state, MDL);
6069 }
6070 
6071 static void
6072 iterate_over_ia_pd(struct data_string *reply_ret,
6073  struct packet *packet,
6074  const struct data_string *client_id,
6075  const struct data_string *server_id,
6076  const char *packet_type,
6077  void (*ia_pd_match)(),
6078  void (*ia_pd_nomatch)())
6079 {
6080  struct data_string reply_new;
6081  int reply_len;
6082  struct option_state *opt_state;
6083  struct host_decl *packet_host;
6084  struct option_cache *ia;
6085  struct option_cache *oc;
6086  /* cli_enc_... variables come from the IA_PD options */
6087  struct data_string cli_enc_opt_data;
6088  struct option_state *cli_enc_opt_state;
6089  struct host_decl *host;
6090  struct option_state *host_opt_state;
6091  struct data_string iaprefix;
6092  char reply_data[65536];
6093  int reply_ofs;
6094  struct iasubopt *prefix;
6095  struct ia_xx *existing_ia_pd;
6096  int i;
6097  struct data_string key;
6098  u_int32_t iaid;
6099 
6100  /*
6101  * Initialize to empty values, in case we have to exit early.
6102  */
6103  memset(&reply_new, 0, sizeof(reply_new));
6104  opt_state = NULL;
6105  memset(&cli_enc_opt_data, 0, sizeof(cli_enc_opt_data));
6106  cli_enc_opt_state = NULL;
6107  memset(&iaprefix, 0, sizeof(iaprefix));
6108  host_opt_state = NULL;
6109  prefix = NULL;
6110 
6111  /*
6112  * Compute the available length for the reply.
6113  */
6114  reply_len = sizeof(reply_data) - reply_ret->len;
6115  reply_ofs = 0;
6116 
6117  /*
6118  * Find the host record that matches from the packet, if any.
6119  */
6120  packet_host = NULL;
6121  if (!find_hosts_by_uid(&packet_host,
6122  client_id->data, client_id->len, MDL)) {
6123  packet_host = NULL;
6124  /*
6125  * Note: In general, we don't expect a client to provide
6126  * enough information to match by option for these
6127  * types of messages, but if we don't have a UID
6128  * match we can check anyway.
6129  */
6130  if (!find_hosts_by_option(&packet_host,
6131  packet, packet->options, MDL)) {
6132  packet_host = NULL;
6133 
6134  if (!find_hosts_by_duid_chaddr(&packet_host,
6135  client_id))
6136  packet_host = NULL;
6137  }
6138  }
6139 
6140  /*
6141  * Build our option state for reply.
6142  */
6143  opt_state = NULL;
6144  if (!option_state_allocate(&opt_state, MDL)) {
6145  log_error("iterate_over_ia_pd: no memory for option_state.");
6146  goto exit;
6147  }
6148  execute_statements_in_scope(NULL, packet, NULL, NULL,
6149  packet->options, opt_state,
6150  &global_scope, root_group, NULL, NULL);
6151 
6152  /*
6153  * Loop through the IA_PD reported by the client, and deal with
6154  * prefixes reported as already in use.
6155  */
6156  for (ia = lookup_option(&dhcpv6_universe, packet->options, D6O_IA_PD);
6157  ia != NULL; ia = ia->next) {
6158 
6159  if (!get_encapsulated_IA_state(&cli_enc_opt_state,
6160  &cli_enc_opt_data,
6161  packet, ia, IA_PD_OFFSET)) {
6162  goto exit;
6163  }
6164 
6165  iaid = getULong(cli_enc_opt_data.data);
6166 
6167  oc = lookup_option(&dhcpv6_universe, cli_enc_opt_state,
6168  D6O_IAPREFIX);
6169  if (oc == NULL) {
6170  /* no prefix given for this IA_PD, ignore */
6171  option_state_dereference(&cli_enc_opt_state, MDL);
6172  data_string_forget(&cli_enc_opt_data, MDL);
6173  continue;
6174  }
6175 
6176  for (; oc != NULL; oc = oc->next) {
6177  memset(&iaprefix, 0, sizeof(iaprefix));
6178  if (!evaluate_option_cache(&iaprefix, packet, NULL, NULL,
6179  packet->options, NULL,
6180  &global_scope, oc, MDL)) {
6181  log_error("iterate_over_ia_pd: "
6182  "error evaluating IAPREFIX.");
6183  goto exit;
6184  }
6185 
6186  /*
6187  * Now we need to figure out which host record matches
6188  * this IA_PD and IAPREFIX (encapsulated option contents
6189  * matching a host record by option).
6190  *
6191  * XXX: We don't currently track IA_PD separately, but
6192  * we will need to do this!
6193  */
6194  host = NULL;
6195  if (!find_hosts_by_option(&host, packet,
6196  cli_enc_opt_state, MDL)) {
6197  if (packet_host != NULL) {
6198  host = packet_host;
6199  } else {
6200  host = NULL;
6201  }
6202  }
6203  while (host != NULL) {
6204  if (host->fixed_prefix != NULL) {
6205  struct iaddrcidrnetlist *l;
6206  int plen = (int) getUChar(iaprefix.data + 8);
6207 
6208  for (l = host->fixed_prefix; l != NULL;
6209  l = l->next) {
6210  if (plen != l->cidrnet.bits)
6211  continue;
6212  if (memcmp(iaprefix.data + 9,
6213  l->cidrnet.lo_addr.iabuf,
6214  16) == 0)
6215  break;
6216  }
6217  if ((l != NULL) && (iaprefix.len >= 17))
6218  break;
6219  }
6220  host = host->n_ipaddr;
6221  }
6222 
6223  if ((host == NULL) && (iaprefix.len >= IAPREFIX_OFFSET)) {
6224  /*
6225  * Find existing IA_PD.
6226  */
6227  if (ia_make_key(&key, iaid,
6228  (char *)client_id->data,
6229  client_id->len,
6230  MDL) != ISC_R_SUCCESS) {
6231  log_fatal("iterate_over_ia_pd: no memory for "
6232  "key.");
6233  }
6234 
6235  existing_ia_pd = NULL;
6236  if (ia_hash_lookup(&existing_ia_pd, ia_pd_active,
6237  (unsigned char *)key.data,
6238  key.len, MDL)) {
6239  /*
6240  * Make sure this prefix is in the IA_PD.
6241  */
6242  for (i = 0;
6243  i < existing_ia_pd->num_iasubopt;
6244  i++) {
6245  struct iasubopt *tmp;
6246  u_int8_t plen;
6247 
6248  plen = getUChar(iaprefix.data + 8);
6249  tmp = existing_ia_pd->iasubopt[i];
6250  if ((tmp->plen == plen) &&
6251  (memcmp(&tmp->addr,
6252  iaprefix.data + 9,
6253  16) == 0)) {
6254  iasubopt_reference(&prefix,
6255  tmp, MDL);
6256  break;
6257  }
6258  }
6259  }
6260 
6261  data_string_forget(&key, MDL);
6262  }
6263 
6264  if ((host != NULL) || (prefix != NULL)) {
6265  ia_pd_match(client_id, &iaprefix, prefix);
6266  } else {
6267  ia_pd_nomatch(client_id, &iaprefix,
6268  (u_int32_t *)cli_enc_opt_data.data,
6269  packet, reply_data, &reply_ofs,
6270  reply_len - reply_ofs);
6271  }
6272 
6273  if (prefix != NULL) {
6274  iasubopt_dereference(&prefix, MDL);
6275  }
6276 
6277  data_string_forget(&iaprefix, MDL);
6278  }
6279 
6280  option_state_dereference(&cli_enc_opt_state, MDL);
6281  data_string_forget(&cli_enc_opt_data, MDL);
6282  }
6283 
6284  /*
6285  * Return our reply to the caller.
6286  * The IA_NA routine has already filled at least the header.
6287  */
6288  reply_new.len = reply_ret->len + reply_ofs;
6289  if (!buffer_allocate(&reply_new.buffer, reply_new.len, MDL)) {
6290  log_fatal("No memory to store reply.");
6291  }
6292  reply_new.data = reply_new.buffer->data;
6293  memcpy(reply_new.buffer->data,
6294  reply_ret->buffer->data, reply_ret->len);
6295  memcpy(reply_new.buffer->data + reply_ret->len,
6296  reply_data, reply_ofs);
6297  data_string_forget(reply_ret, MDL);
6298  data_string_copy(reply_ret, &reply_new, MDL);
6299  data_string_forget(&reply_new, MDL);
6300 
6301 exit:
6302  if (prefix != NULL) {
6303  iasubopt_dereference(&prefix, MDL);
6304  }
6305  if (host_opt_state != NULL) {
6306  option_state_dereference(&host_opt_state, MDL);
6307  }
6308  if (iaprefix.buffer != NULL) {
6309  data_string_forget(&iaprefix, MDL);
6310  }
6311  if (cli_enc_opt_state != NULL) {
6312  option_state_dereference(&cli_enc_opt_state, MDL);
6313  }
6314  if (cli_enc_opt_data.buffer != NULL) {
6315  data_string_forget(&cli_enc_opt_data, MDL);
6316  }
6317  if (opt_state != NULL) {
6318  option_state_dereference(&opt_state, MDL);
6319  }
6320 }
6321 
6322 /*
6323  * Release means a client is done with the leases.
6324  */
6325 
6326 static void
6327 dhcpv6_release(struct data_string *reply, struct packet *packet) {
6328  struct data_string client_id;
6329  struct data_string server_id;
6330 
6332 
6333  /*
6334  * Validate our input.
6335  */
6336  if (!valid_client_resp(packet, &client_id, &server_id)) {
6337  return;
6338  }
6339 
6340  /*
6341  * And operate on each IA_NA in this packet.
6342  */
6343  iterate_over_ia_na(reply, packet, &client_id, &server_id, "Release",
6344  ia_na_match_release, ia_na_nomatch_release);
6345 
6346  /*
6347  * And operate on each IA_PD in this packet.
6348  */
6349  iterate_over_ia_pd(reply, packet, &client_id, &server_id, "Release",
6350  ia_pd_match_release, ia_pd_nomatch_release);
6351 
6352  data_string_forget(&server_id, MDL);
6353  data_string_forget(&client_id, MDL);
6354 
6356 }
6357 
6358 /*
6359  * Information-Request is used by clients who have obtained an address
6360  * from other means, but want configuration information from the server.
6361  */
6362 
6363 static void
6364 dhcpv6_information_request(struct data_string *reply, struct packet *packet) {
6365  struct data_string client_id;
6366  struct data_string server_id;
6367 
6369 
6370  /*
6371  * Validate our input.
6372  */
6373  if (!valid_client_info_req(packet, &server_id)) {
6374  return;
6375  }
6376 
6377  /*
6378  * Get our client ID, if there is one.
6379  */
6380  memset(&client_id, 0, sizeof(client_id));
6381  if (get_client_id(packet, &client_id) != ISC_R_SUCCESS) {
6382  data_string_forget(&client_id, MDL);
6383  }
6384 
6385  /*
6386  * Use the lease_to_client() function. This will work fine,
6387  * because the valid_client_info_req() insures that we
6388  * don't have any IA that would cause us to allocate
6389  * resources to the client.
6390  */
6391  lease_to_client(reply, packet, &client_id,
6392  server_id.data != NULL ? &server_id : NULL);
6393 
6394  /*
6395  * Cleanup.
6396  */
6397  if (client_id.data != NULL) {
6398  data_string_forget(&client_id, MDL);
6399  }
6400  data_string_forget(&server_id, MDL);
6401 
6403 }
6404 
6405 /*
6406  * The Relay-forw message is sent by relays. It typically contains a
6407  * single option, which encapsulates an entire packet.
6408  *
6409  * We need to build an encapsulated reply.
6410  */
6411 
6412 /* XXX: this is very, very similar to do_packet6(), and should probably
6413  be combined in a clever way */
6414 static void
6415 dhcpv6_relay_forw(struct data_string *reply_ret, struct packet *packet) {
6416  struct option_cache *oc;
6417  struct data_string enc_opt_data;
6418  struct packet *enc_packet;
6419  unsigned char msg_type;
6420  const struct dhcpv6_packet *msg;
6421  const struct dhcpv6_relay_packet *relay;
6422  struct data_string enc_reply;
6423  char link_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6424  char peer_addr[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
6425  struct data_string a_opt, packet_ero;
6426  struct option_state *opt_state;
6427  static char reply_data[65536];
6428  struct dhcpv6_relay_packet *reply;
6429  int reply_ofs;
6430 
6432 
6433  /*
6434  * Initialize variables for early exit.
6435  */
6436  opt_state = NULL;
6437  memset(&a_opt, 0, sizeof(a_opt));
6438  memset(&packet_ero, 0, sizeof(packet_ero));
6439  memset(&enc_reply, 0, sizeof(enc_reply));
6440  memset(&enc_opt_data, 0, sizeof(enc_opt_data));
6441  enc_packet = NULL;
6442 
6443  /*
6444  * Get our encapsulated relay message.
6445  */
6447  if (oc == NULL) {
6448  inet_ntop(AF_INET6, &packet->dhcpv6_link_address,
6449  link_addr, sizeof(link_addr));
6450  inet_ntop(AF_INET6, &packet->dhcpv6_peer_address,
6451  peer_addr, sizeof(peer_addr));
6452  log_info("Relay-forward from %s with link address=%s and "
6453  "peer address=%s missing Relay Message option.",
6454  piaddr(packet->client_addr), link_addr, peer_addr);
6455  goto exit;
6456  }
6457 
6458  if (!evaluate_option_cache(&enc_opt_data, NULL, NULL, NULL,
6459  NULL, NULL, &global_scope, oc, MDL)) {
6460  log_error("dhcpv6_forw_relay: error evaluating "
6461  "relayed message.");
6462  goto exit;
6463  }
6464 
6465  if (!packet6_len_okay((char *)enc_opt_data.data, enc_opt_data.len)) {
6466  log_error("dhcpv6_forw_relay: encapsulated packet too short.");
6467  goto exit;
6468  }
6469 
6470  /*
6471  * Build a packet structure from this encapsulated packet.
6472  */
6473  enc_packet = NULL;
6474  if (!packet_allocate(&enc_packet, MDL)) {
6475  log_error("dhcpv6_forw_relay: "
6476  "no memory for encapsulated packet.");
6477  goto exit;
6478  }
6479 
6480  if (!option_state_allocate(&enc_packet->options, MDL)) {
6481  log_error("dhcpv6_forw_relay: "
6482  "no memory for encapsulated packet's options.");
6483  goto exit;
6484  }
6485 
6486  enc_packet->client_port = packet->client_port;
6487  enc_packet->client_addr = packet->client_addr;
6488  interface_reference(&enc_packet->interface, packet->interface, MDL);
6489  enc_packet->dhcpv6_container_packet = packet;
6490 
6491  msg_type = enc_opt_data.data[0];
6492  if ((msg_type == DHCPV6_RELAY_FORW) ||
6493  (msg_type == DHCPV6_RELAY_REPL)) {
6494  int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options));
6495  relay = (struct dhcpv6_relay_packet *)enc_opt_data.data;
6496  enc_packet->dhcpv6_msg_type = relay->msg_type;
6497 
6498  /* relay-specific data */
6499  enc_packet->dhcpv6_hop_count = relay->hop_count;
6500  memcpy(&enc_packet->dhcpv6_link_address,
6501  relay->link_address, sizeof(relay->link_address));
6502  memcpy(&enc_packet->dhcpv6_peer_address,
6503  relay->peer_address, sizeof(relay->peer_address));
6504 
6505  if (!parse_option_buffer(enc_packet->options,
6506  relay->options,
6507  enc_opt_data.len - relaylen,
6508  &dhcpv6_universe)) {
6509  /* no logging here, as parse_option_buffer() logs all
6510  cases where it fails */
6511  goto exit;
6512  }
6513  } else {
6514  int msglen = (int)(offsetof(struct dhcpv6_packet, options));
6515  msg = (struct dhcpv6_packet *)enc_opt_data.data;
6516  enc_packet->dhcpv6_msg_type = msg->msg_type;
6517 
6518  /* message-specific data */
6519  memcpy(enc_packet->dhcpv6_transaction_id,
6520  msg->transaction_id,
6521  sizeof(enc_packet->dhcpv6_transaction_id));
6522 
6523  if (!parse_option_buffer(enc_packet->options,
6524  msg->options,
6525  enc_opt_data.len - msglen,
6526  &dhcpv6_universe)) {
6527  /* no logging here, as parse_option_buffer() logs all
6528  cases where it fails */
6529  goto exit;
6530  }
6531  }
6532 
6533  /*
6534  * This is recursive. It is possible to exceed maximum packet size.
6535  * XXX: This will cause the packet send to fail.
6536  */
6537  build_dhcpv6_reply(&enc_reply, enc_packet);
6538 
6539  /*
6540  * If we got no encapsulated data, then it is discarded, and
6541  * our reply-forw is also discarded.
6542  */
6543  if (enc_reply.data == NULL) {
6544  goto exit;
6545  }
6546 
6547  /*
6548  * Now we can use the reply_data buffer.
6549  * Packet header stuff all comes from the forward message.
6550  */
6551  reply = (struct dhcpv6_relay_packet *)reply_data;
6552  reply->msg_type = DHCPV6_RELAY_REPL;
6553  reply->hop_count = packet->dhcpv6_hop_count;
6554  memcpy(reply->link_address, &packet->dhcpv6_link_address,
6555  sizeof(reply->link_address));
6556  memcpy(reply->peer_address, &packet->dhcpv6_peer_address,
6557  sizeof(reply->peer_address));
6558  reply_ofs = (int)(offsetof(struct dhcpv6_relay_packet, options));
6559 
6560  /*
6561  * Get the reply option state.
6562  */
6563  opt_state = NULL;
6564  if (!option_state_allocate(&opt_state, MDL)) {
6565  log_error("dhcpv6_relay_forw: no memory for option state.");
6566  goto exit;
6567  }
6568 
6569  /*
6570  * Append the interface-id if present.
6571  */
6572  oc = lookup_option(&dhcpv6_universe, packet->options,
6574  if (oc != NULL) {
6575  if (!evaluate_option_cache(&a_opt, packet,
6576  NULL, NULL,
6577  packet->options, NULL,
6578  &global_scope, oc, MDL)) {
6579  log_error("dhcpv6_relay_forw: error evaluating "
6580  "Interface ID.");
6581  goto exit;
6582  }
6583  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6584  (unsigned char *)a_opt.data,
6585  a_opt.len,
6586  D6O_INTERFACE_ID, 0)) {
6587  log_error("dhcpv6_relay_forw: error saving "
6588  "Interface ID.");
6589  goto exit;
6590  }
6591  data_string_forget(&a_opt, MDL);
6592  }
6593 
6594  /*
6595  * Append our encapsulated stuff for caller.
6596  */
6597  if (!save_option_buffer(&dhcpv6_universe, opt_state, NULL,
6598  (unsigned char *)enc_reply.data,
6599  enc_reply.len,
6600  D6O_RELAY_MSG, 0)) {
6601  log_error("dhcpv6_relay_forw: error saving Relay MSG.");
6602  goto exit;
6603  }
6604 
6605  /*
6606  * Get the ERO if any.
6607  */
6608  oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ERO);
6609  if (oc != NULL) {
6610  unsigned req;
6611  int i;
6612 
6613  if (!evaluate_option_cache(&packet_ero, packet,
6614  NULL, NULL,
6615  packet->options, NULL,
6616  &global_scope, oc, MDL) ||
6617  (packet_ero.len & 1)) {
6618  log_error("dhcpv6_relay_forw: error evaluating ERO.");
6619  goto exit;
6620  }
6621 
6622  /* Decode and apply the ERO. */
6623  for (i = 0; i < packet_ero.len; i += 2) {
6624  req = getUShort(packet_ero.data + i);
6625  /* Already in the reply? */
6626  oc = lookup_option(&dhcpv6_universe, opt_state, req);
6627  if (oc != NULL)
6628  continue;
6629  /* Get it from the packet if present. */
6631  packet->options,
6632  req);
6633  if (oc == NULL)
6634  continue;
6635  if (!evaluate_option_cache(&a_opt, packet,
6636  NULL, NULL,
6637  packet->options, NULL,
6638  &global_scope, oc, MDL)) {
6639  log_error("dhcpv6_relay_forw: error "
6640  "evaluating option %u.", req);
6641  goto exit;
6642  }
6644  opt_state,
6645  NULL,
6646  (unsigned char *)a_opt.data,
6647  a_opt.len,
6648  req,
6649  0)) {
6650  log_error("dhcpv6_relay_forw: error saving "
6651  "option %u.", req);
6652  goto exit;
6653  }
6654  data_string_forget(&a_opt, MDL);
6655  }
6656  }
6657 
6658  reply_ofs += store_options6(reply_data + reply_ofs,
6659  sizeof(reply_data) - reply_ofs,
6660  opt_state, packet,
6661  required_opts_agent, &packet_ero);
6662 
6663  /*
6664  * Return our reply to the caller.
6665  */
6666  reply_ret->len = reply_ofs;
6667  reply_ret->buffer = NULL;
6668  if (!buffer_allocate(&reply_ret->buffer, reply_ret->len, MDL)) {
6669  log_fatal("No memory to store reply.");
6670  }
6671  reply_ret->data = reply_ret->buffer->data;
6672  memcpy(reply_ret->buffer->data, reply_data, reply_ofs);
6673 
6674 exit:
6675  if (opt_state != NULL)
6676  option_state_dereference(&opt_state, MDL);
6677  if (a_opt.data != NULL) {
6678  data_string_forget(&a_opt, MDL);
6679  }
6680  if (packet_ero.data != NULL) {
6681  data_string_forget(&packet_ero, MDL);
6682  }
6683  if (enc_reply.data != NULL) {
6684  data_string_forget(&enc_reply, MDL);
6685  }
6686  if (enc_opt_data.data != NULL) {
6687  data_string_forget(&enc_opt_data, MDL);
6688  }
6689  if (enc_packet != NULL) {
6690  packet_dereference(&enc_packet, MDL);
6691  }
6692 
6694 }
6695 
6696 static void
6697 dhcpv6_discard(struct packet *packet) {
6698  /* INSIST(packet->msg_type > 0); */
6699  /* INSIST(packet->msg_type < dhcpv6_type_name_max); */
6700 
6701  log_debug("Discarding %s from %s; message type not handled by server",
6703  piaddr(packet->client_addr));
6704 }
6705 
6706 static void
6707 build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
6708  memset(reply, 0, sizeof(*reply));
6709 
6710  /* I would like to classify the client once here, but
6711  * as I don't want to classify all of the incoming packets
6712  * I need to do it before handling specific types.
6713  * We don't need to classify if we are tossing the packet
6714  * or if it is a relay - the classification step will get
6715  * done when we process the inner client packet.
6716  */
6717 
6718  switch (packet->dhcpv6_msg_type) {
6719  case DHCPV6_SOLICIT:
6720  classify_client(packet);
6721  dhcpv6_solicit(reply, packet);
6722  break;
6723  case DHCPV6_ADVERTISE:
6724  dhcpv6_discard(packet);
6725  break;
6726  case DHCPV6_REQUEST:
6727  classify_client(packet);
6728  dhcpv6_request(reply, packet);
6729  break;
6730  case DHCPV6_CONFIRM:
6731  classify_client(packet);
6732  dhcpv6_confirm(reply, packet);
6733  break;
6734  case DHCPV6_RENEW:
6735  classify_client(packet);
6736  dhcpv6_renew(reply, packet);
6737  break;
6738  case DHCPV6_REBIND:
6739  classify_client(packet);
6740  dhcpv6_rebind(reply, packet);
6741  break;
6742  case DHCPV6_REPLY:
6743  dhcpv6_discard(packet);
6744  break;
6745  case DHCPV6_RELEASE:
6746  classify_client(packet);
6747  dhcpv6_release(reply, packet);
6748  break;
6749  case DHCPV6_DECLINE:
6750  classify_client(packet);
6751  dhcpv6_decline(reply, packet);
6752  break;
6753  case DHCPV6_RECONFIGURE:
6754  dhcpv6_discard(packet);
6755  break;
6757  classify_client(packet);
6758  dhcpv6_information_request(reply, packet);
6759  break;
6760  case DHCPV6_RELAY_FORW:
6761  dhcpv6_relay_forw(reply, packet);
6762  break;
6763  case DHCPV6_RELAY_REPL:
6764  dhcpv6_discard(packet);
6765  break;
6766  case DHCPV6_LEASEQUERY:
6767  classify_client(packet);
6768  dhcpv6_leasequery(reply, packet);
6769  break;
6771  dhcpv6_discard(packet);
6772  break;
6773  default:
6774  /* XXX: would be nice if we had "notice" level,
6775  as syslog, for this */
6776  log_info("Discarding unknown DHCPv6 message type %d "
6777  "from %s", packet->dhcpv6_msg_type,
6778  piaddr(packet->client_addr));
6779  }
6780 }
6781 
6782 static void
6783 log_packet_in(const struct packet *packet) {
6784  struct data_string s;
6785  u_int32_t tid;
6786  char tmp_addr[INET6_ADDRSTRLEN];
6787  const void *addr;
6788 
6789  memset(&s, 0, sizeof(s));
6790 
6791  if (packet->dhcpv6_msg_type < dhcpv6_type_name_max) {
6792  data_string_sprintfa(&s, "%s message from %s port %d",
6794  piaddr(packet->client_addr),
6795  ntohs(packet->client_port));
6796  } else {
6798  "Unknown message type %d from %s port %d",
6799  packet->dhcpv6_msg_type,
6800  piaddr(packet->client_addr),
6801  ntohs(packet->client_port));
6802  }
6803  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6804  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6805  addr = &packet->dhcpv6_link_address;
6806  data_string_sprintfa(&s, ", link address %s",
6807  inet_ntop(AF_INET6, addr,
6808  tmp_addr, sizeof(tmp_addr)));
6809  addr = &packet->dhcpv6_peer_address;
6810  data_string_sprintfa(&s, ", peer address %s",
6811  inet_ntop(AF_INET6, addr,
6812  tmp_addr, sizeof(tmp_addr)));
6813  } else {
6814  tid = 0;
6815  memcpy(((char *)&tid)+1, packet->dhcpv6_transaction_id, 3);
6816  data_string_sprintfa(&s, ", transaction ID 0x%06X", tid);
6817 
6818 /*
6819  oc = lookup_option(&dhcpv6_universe, packet->options,
6820  D6O_CLIENTID);
6821  if (oc != NULL) {
6822  memset(&tmp_ds, 0, sizeof(tmp_ds_));
6823  if (!evaluate_option_cache(&tmp_ds, packet, NULL, NULL,
6824  packet->options, NULL,
6825  &global_scope, oc, MDL)) {
6826  log_error("Error evaluating Client Identifier");
6827  } else {
6828  data_strint_sprintf(&s, ", client ID %s",
6829 
6830  data_string_forget(&tmp_ds, MDL);
6831  }
6832  }
6833 */
6834 
6835  }
6836  log_info("%s", s.data);
6837 
6838  data_string_forget(&s, MDL);
6839 }
6840 
6841 void
6842 dhcpv6(struct packet *packet) {
6843  struct data_string reply;
6844  struct sockaddr_in6 to_addr;
6845  int send_ret;
6846 
6847  /*
6848  * Log a message that we received this packet.
6849  */
6850  log_packet_in(packet);
6851 
6852  /*
6853  * Build our reply packet.
6854  */
6855  build_dhcpv6_reply(&reply, packet);
6856 
6857  if (reply.data != NULL) {
6858  /*
6859  * Send our reply, if we have one.
6860  */
6861  memset(&to_addr, 0, sizeof(to_addr));
6862  to_addr.sin6_family = AF_INET6;
6863  if ((packet->dhcpv6_msg_type == DHCPV6_RELAY_FORW) ||
6864  (packet->dhcpv6_msg_type == DHCPV6_RELAY_REPL)) {
6865  to_addr.sin6_port = local_port;
6866  } else {
6867  to_addr.sin6_port = remote_port;
6868  }
6869 
6870 #if defined (REPLY_TO_SOURCE_PORT)
6871  /*
6872  * This appears to have been included for testing so we would
6873  * not need a root client, but was accidently left in the
6874  * final code. We continue to include it in case
6875  * some users have come to rely upon it, but leave
6876  * it off by default as it's a bad idea.
6877  */
6878  to_addr.sin6_port = packet->client_port;
6879 #endif
6880 
6881  memcpy(&to_addr.sin6_addr, packet->client_addr.iabuf,
6882  sizeof(to_addr.sin6_addr));
6883 
6884  log_info("Sending %s to %s port %d",
6885  dhcpv6_type_names[reply.data[0]],
6886  piaddr(packet->client_addr),
6887  ntohs(to_addr.sin6_port));
6888 
6889  send_ret = send_packet6(packet->interface,
6890  reply.data, reply.len, &to_addr);
6891  if (send_ret != reply.len) {
6892  log_error("dhcpv6: send_packet6() sent %d of %d bytes",
6893  send_ret, reply.len);
6894  }
6895  data_string_forget(&reply, MDL);
6896  }
6897 }
6898 
6899 static void
6900 seek_shared_host(struct host_decl **hp, struct shared_network *shared) {
6901  struct host_decl *nofixed = NULL;
6902  struct host_decl *seek, *hold = NULL;
6903 
6904  /*
6905  * Seek forward through fixed addresses for the right link.
6906  *
6907  * Note: how to do this for fixed prefixes???
6908  */
6909  host_reference(&hold, *hp, MDL);
6910  host_dereference(hp, MDL);
6911  seek = hold;
6912  while (seek != NULL) {
6913  if (seek->fixed_addr == NULL)
6914  nofixed = seek;
6915  else if (fixed_matches_shared(seek, shared))
6916  break;
6917 
6918  seek = seek->n_ipaddr;
6919  }
6920 
6921  if ((seek == NULL) && (nofixed != NULL))
6922  seek = nofixed;
6923 
6924  if (seek != NULL)
6925  host_reference(hp, seek, MDL);
6926 }
6927 
6928 static isc_boolean_t
6929 fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
6930  struct subnet *subnet;
6931  struct data_string addr;
6932  isc_boolean_t matched;
6933  struct iaddr fixed;
6934 
6935  if (host->fixed_addr == NULL)
6936  return ISC_FALSE;
6937 
6938  memset(&addr, 0, sizeof(addr));
6939  if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
6940  &global_scope, host->fixed_addr, MDL))
6941  return ISC_FALSE;
6942 
6943  if (addr.len < 16) {
6944  data_string_forget(&addr, MDL);
6945  return ISC_FALSE;
6946  }
6947 
6948  fixed.len = 16;
6949  memcpy(fixed.iabuf, addr.data, 16);
6950 
6951  matched = ISC_FALSE;
6952  for (subnet = shared->subnets ; subnet != NULL ;
6953  subnet = subnet->next_sibling) {
6954  if (addr_eq(subnet_number(fixed, subnet->netmask),
6955  subnet->net)) {
6956  matched = ISC_TRUE;
6957  break;
6958  }
6959  }
6960 
6961  data_string_forget(&addr, MDL);
6962  return matched;
6963 }
6964 
6965 /*
6966  * find_host_by_duid_chaddr() synthesizes a DHCPv4-like 'hardware'
6967  * parameter from a DHCPv6 supplied DUID (client-identifier option),
6968  * and may seek to use client or relay supplied hardware addresses.
6969  */
6970 static int
6971 find_hosts_by_duid_chaddr(struct host_decl **host,
6972  const struct data_string *client_id) {
6973  static int once_htype;
6974  int htype, hlen;
6975  const unsigned char *chaddr;
6976 
6977  /*
6978  * The DUID-LL and DUID-LLT must have a 2-byte DUID type and 2-byte
6979  * htype.
6980  */
6981  if (client_id->len < 4)
6982  return 0;
6983 
6984  /*
6985  * The third and fourth octets of the DUID-LL and DUID-LLT
6986  * is the hardware type, but in 16 bits.
6987  */
6988  htype = getUShort(client_id->data + 2);
6989  hlen = 0;
6990  chaddr = NULL;
6991 
6992  /* The first two octets of the DUID identify the type. */
6993  switch(getUShort(client_id->data)) {
6994  case DUID_LLT:
6995  if (client_id->len > 8) {
6996  hlen = client_id->len - 8;
6997  chaddr = client_id->data + 8;
6998  }
6999  break;
7000 
7001  case DUID_LL:
7002  /*
7003  * Note that client_id->len must be greater than or equal
7004  * to four to get to this point in the function.
7005  */
7006  hlen = client_id->len - 4;
7007  chaddr = client_id->data + 4;
7008  break;
7009 
7010  default:
7011  break;
7012  }
7013 
7014  if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN))
7015  return 0;
7016 
7017  /*
7018  * XXX: DHCPv6 gives a 16-bit field for the htype. DHCPv4 gives an
7019  * 8-bit field. To change the semantics of the generic 'hardware'
7020  * structure, we would have to adjust many DHCPv4 sources (from
7021  * interface to DHCPv4 lease code), and we would have to update the
7022  * 'hardware' config directive (probably being reverse compatible and
7023  * providing a new upgrade/replacement primitive). This is a little
7024  * too much to change for now. Hopefully we will revisit this before
7025  * hardware types exceeding 8 bits are assigned.
7026  */
7027  if ((htype & 0xFF00) && !once_htype) {
7028  once_htype = 1;
7029  log_error("Attention: At least one client advertises a "
7030  "hardware type of %d, which exceeds the software "
7031  "limitation of 255.", htype);
7032  }
7033 
7034  return find_hosts_by_haddr(host, htype, chaddr, hlen, MDL);
7035 }
7036 
7037 #endif /* DHCPv6 */
7038 
#define FTS_ABANDONED
Definition: dhcpd.h:502
struct iaddrcidrnet cidrnet
Definition: inet.h:77
ia_hash_t * ia_ta_active
#define DHCPD_SIX_RELAY_FORW_DONE()
Definition: probes.h:416
isc_result_t renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Renew a lease in the pool.
Definition: mdb6.c:1444
struct ipv6_pond * next
Definition: dhcpd.h:1640
int find_grouped_subnet(struct subnet **, struct shared_network *, struct iaddr, const char *, int)
Definition: mdb.c:901
unsigned char peer_address[16]
Definition: dhcp6.h:194
#define DHCPD_SIX_INFORMATION_REQUEST_START()
Definition: probes.h:383
const char int line
Definition: dhcpd.h:3615
#define D6O_IAADDR
Definition: dhcp6.h:35
struct binding_scope * global_scope
Definition: tree.c:39
#define STATUS_NoBinding
Definition: dhcp6.h:86
#define DHCPV6_RELEASE
Definition: dhcp6.h:105
struct subnet * subnets
Definition: dhcpd.h:975
isc_result_t add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, time_t valid_lifetime_end_time)
Definition: mdb6.c:1234
#define DHCPD_SIX_SOLICIT_DONE()
Definition: probes.h:240
Definition: dhcpd.h:521
isc_result_t ia_make_key(struct data_string *key, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:310
unsigned len
Definition: tree.h:80
int executable_statement_dereference(struct executable_statement **ptr, const char *file, int line)
Definition: execute.c:615
isc_uint64_t num_active
Definition: dhcpd.h:1653
struct shared_network * shared_network
Definition: dhcpd.h:1281
int bits
Definition: inet.h:72
const char * piaddr(const struct iaddr addr)
Definition: inet.c:581
u_int8_t hlen
Definition: dhcpd.h:454
Definition: dhcpd.h:1574
#define D6O_STATUS_CODE
Definition: dhcp6.h:43
unsigned char dhcpv6_transaction_id[3]
Definition: dhcpd.h:385
isc_boolean_t server_duid_isset(void)
const char * name
Definition: tree.h:42
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:195
int units
Definition: dhcpd.h:1613
int prefix_length_mode
Definition: dhcpd.c:82
void dhcpv6_leasequery(struct data_string *, struct packet *)
isc_result_t ia_dereference(struct ia_xx **ia, const char *file, int line)
Definition: mdb6.c:402
#define PLM_EXACT
Definition: dhcpd.h:812
#define DHCPD_SIX_RELAY_FORW_START()
Definition: probes.h:405
unsigned char msg_type
Definition: dhcp6.h:179
int data_string_sprintfa(struct data_string *ds, const char *fmt,...)
Definition: tree.c:57
Definition: dhcpd.h:985
struct universe server_universe
Definition: stables.c:175
int execute_statements(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct executable_statement *statements, struct on_star *on_star)
Definition: execute.c:35
#define HTYPE_RESERVED
Definition: dhcp.h:84
#define MDL
Definition: omapip.h:568
isc_boolean_t lease6_usable(struct iasubopt *lease)
Check if address is available to a lease.
Definition: mdb6.c:1372
#define D6O_PREFERENCE
Definition: dhcp6.h:37
int find_hosts_by_option(struct host_decl **, struct packet *, struct option_state *, const char *, int)
Definition: mdb.c:639
unsigned char iabuf[16]
Definition: inet.h:33
#define print_hex_1(len, data, limit)
Definition: dhcpd.h:2477
#define IA_PD_OFFSET
Definition: dhcp6.h:126
#define DHCP_R_INVALIDARG
Definition: result.h:48
#define STATUS_NoAddrsAvail
Definition: dhcp6.h:85
#define DHCPD_SIX_RELEASE_DONE()
Definition: probes.h:372
const char * dhcpv6_type_names[]
Definition: tables.c:619
int int int log_debug(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_REPLY
Definition: dhcp6.h:104
#define DHCPV6_REQUEST
Definition: dhcp6.h:100
int last_ipv6_pool
Definition: dhcpd.h:1650
#define DHCPV6_RECONFIGURE
Definition: dhcp6.h:107
#define IAADDR_OFFSET
Definition: dhcp6.h:129
#define SV_PREFER_LIFETIME
Definition: dhcpd.h:716
#define D6O_RAPID_COMMIT
Definition: dhcp6.h:44
#define PLM_PREFER
Definition: dhcpd.h:811
struct universe dhcp_universe
#define D6O_SERVERID
Definition: dhcp6.h:32
#define STATUS_NotOnLink
Definition: dhcp6.h:87
void data_string_forget(struct data_string *data, const char *file, int line)
Definition: alloc.c:1340
struct option_cache * next
Definition: dhcpd.h:358
struct shared_network * shared_network
Definition: dhcpd.h:1642
#define DHCPD_SIX_RENEW_DONE()
Definition: probes.h:306
#define D6O_INTERFACE_ID
Definition: dhcp6.h:48
#define DHCPD_SIX_DECLINE_DONE()
Definition: probes.h:350
struct option_cache * fixed_addr
Definition: dhcpd.h:908
struct group * root_group
Definition: memory.c:31
unsigned char msg_type
Definition: dhcp6.h:191
#define DUID_LL
Definition: dhcp6.h:121
void delete_option(struct universe *universe, struct option_state *options, int code)
Definition: options.c:2751
u_int32_t valid
Definition: dhcpd.h:1550
int log_error(const char *,...) __attribute__((__format__(__printf__
time_t cltt
Definition: dhcpd.h:1580
#define FTS_EXPIRED
Definition: dhcpd.h:500
struct on_star on_star
Definition: dhcpd.h:1571
int known
Definition: dhcpd.h:422
struct binding_scope * scope
Definition: dhcpd.h:1546
struct ipv6_pond * ipv6_pond
Definition: dhcpd.h:1624
void copy_server_duid(struct data_string *ds, const char *file, int line)
#define DHO_DHCP_REBINDING_TIME
Definition: dhcp.h:151
#define STATUS_Success
Definition: dhcp6.h:83
unsigned len
Definition: inet.h:32
#define IA_NA_OFFSET
Definition: dhcp6.h:124
int find_hosts_by_haddr(struct host_decl **, int, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:611
#define DHCPD_SIX_RENEW_START()
Definition: probes.h:295
int logged
Definition: dhcpd.h:1655
#define DHCPD_SIX_SOLICIT_START()
Definition: probes.h:229
#define D6O_CLIENTID
Definition: dhcp6.h:31
struct permit * prohibit_list
Definition: dhcpd.h:1645
Definition: dhcpd.h:514
#define DHCPD_SIX_REBIND_DONE()
Definition: probes.h:328
struct option_state * options
Definition: dhcpd.h:414
unsigned char dhcpv6_hop_count
Definition: dhcpd.h:388
unsigned char link_address[16]
Definition: dhcp6.h:193
unsigned char dhcpv6_msg_type
Definition: dhcpd.h:382
isc_boolean_t lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr)
Definition: mdb6.c:1344
void log_fatal(const char *,...) __attribute__((__format__(__printf__
#define DHCPV6_RELAY_REPL
Definition: dhcp6.h:110
int client_port
Definition: dhcpd.h:396
#define DHCPV6_LEASEQUERY
Definition: dhcp6.h:111
#define D6O_IA_TA
Definition: dhcp6.h:34
int parse_option_buffer(struct option_state *options, const unsigned char *buffer, unsigned length, struct universe *universe)
Definition: options.c:117
#define PLM_MINIMUM
Definition: dhcpd.h:813
#define SV_LOG_THRESHOLD_HIGH
Definition: dhcpd.h:751
#define DHCPD_SIX_DECLINE_START()
Definition: probes.h:339
#define D6O_UNICAST
Definition: dhcp6.h:42
#define DHCPD_SIX_REQUEST_DONE()
Definition: probes.h:262
isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1597
struct iaddr subnet_number(struct iaddr addr, struct iaddr mask)
Definition: inet.c:36
#define SV_DDNS_UPDATES
Definition: dhcpd.h:693
int find_subnet(struct subnet **sp, struct iaddr addr, const char *file, int line)
Definition: dhclient.c:1280
#define D6O_IAPREFIX
Definition: dhcp6.h:56
void execute_statements_in_scope(struct binding_value **result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *out_options, struct binding_scope **scope, struct group *group, struct group *limiting_group, struct on_star *on_star)
Definition: execute.c:555
void change_host_uid(struct host_decl *host, const char *data, int len)
Definition: mdb.c:185
isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease)
Definition: mdb6.c:1622
void schedule_lease_timeout(struct ipv6_pool *pool)
Definition: mdb6.c:1986
#define DUID_TIME_EPOCH
Definition: dhcp6.h:209
int option_state_allocate(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:847
time_t hard_lifetime_end_time
Definition: dhcpd.h:1547
int evaluate_option_cache(struct data_string *result, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2688
#define STATUS_NoPrefixAvail
Definition: dhcp6.h:89
int packet_reference(struct packet **ptr, struct packet *bp, const char *file, int line)
Definition: alloc.c:1054
Definition: dhcpd.h:939
#define DHCPV6_RENEW
Definition: dhcp6.h:102
ia_hash_t * ia_na_active
struct ipv6_pool * ipv6_pool
Definition: dhcpd.h:1552
struct iaddr net
Definition: dhcpd.h:992
int buffer_allocate(struct buffer **ptr, unsigned len, const char *file, int line)
Definition: alloc.c:680
struct interface_info * interface
Definition: dhcpd.h:398
#define PLM_IGNORE
Definition: dhcpd.h:810
ssize_t send_packet6(struct interface_info *, const unsigned char *, size_t, struct sockaddr_in6 *)
#define PLM_MAXIMUM
Definition: dhcpd.h:814
struct enumeration_value * values
Definition: tree.h:50
void putULong(unsigned char *, u_int32_t)
Definition: convert.c:70
#define DHCPV6_REBIND
Definition: dhcp6.h:103
u_int16_t local_port
Definition: dhclient.c:88
Definition: dhcpd.h:376
struct iaddrcidrnetlist * next
Definition: inet.h:76
#define DEFAULT_DEFAULT_LEASE_TIME
Definition: dhcpd.h:788
u_int8_t plen
Definition: dhcpd.h:1544
#define cur_time
Definition: dhcpd.h:1988
#define DHCPV6_RELAY_FORW
Definition: dhcp6.h:109
int save_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2390
u_int32_t getUShort(const unsigned char *)
#define D6O_ERO
Definition: dhcp6.h:73
void set_server_duid(struct data_string *new_duid)
isc_result_t create_lease6(struct ipv6_pool *pool, struct iasubopt **addr, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:953
u_int32_t prefer
Definition: dhcpd.h:1549
struct host_decl * n_ipaddr
Definition: dhcpd.h:898
int jumbo_range
Definition: dhcpd.h:1657
struct hardware hw_address
Definition: dhcpd.h:1283
struct option_cache * lookup_option(struct universe *universe, struct option_state *options, unsigned code)
Definition: options.c:2348
#define IA_TA_OFFSET
Definition: dhcp6.h:125
#define print_hex_3(len, data, limit)
Definition: dhcpd.h:2479
int permitted(struct packet *, struct permit *)
Definition: dhcp.c:4778
void set_server_duid_type(int type)
int num_iasubopt
Definition: dhcpd.h:1578
int int log_info(const char *,...) __attribute__((__format__(__printf__
struct ipv6_pool ** ipv6_pools
Definition: dhcpd.h:1649
binding_state_t state
Definition: dhcpd.h:1545
int packet6_len_okay(const char *packet, int len)
Definition: options.c:3977
struct interface_info * interfaces
Definition: discover.c:43
u_int32_t getULong(const unsigned char *)
struct shared_network * shared_network
Definition: dhcpd.h:989
int find_hosts_by_uid(struct host_decl **, const unsigned char *, unsigned, const char *, int)
Definition: mdb.c:631
int addr_eq(struct iaddr addr1, struct iaddr addr2)
Definition: inet.c:168
isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool)
Definition: mdb6.c:2094
void cleanup(void)
#define DHCPV6_LEASEQUERY_REPLY
Definition: dhcp6.h:112
isc_result_t get_client_id(struct packet *, struct data_string *)
#define IAPREFIX_OFFSET
Definition: dhcp6.h:132
Definition: inet.h:31
ipv6_pool structure
Definition: dhcpd.h:1608
int store_options6(char *buf, int buflen, struct option_state *opt_state, struct packet *packet, const int *required_opts, struct data_string *oro)
Definition: options.c:931
int append_option_buffer(struct universe *universe, struct option_state *options, struct buffer *bp, unsigned char *buffer, unsigned length, unsigned code, int terminatep)
Definition: options.c:2414
#define FIND_POND6_PERCENT(count, percent)
Definition: dhcpd.h:3711
u_int32_t getUChar(const unsigned char *)
struct iaddrcidrnetlist * fixed_prefix
Definition: dhcpd.h:909
int option_state_dereference(struct option_state **ptr, const char *file, int line)
Definition: alloc.c:912
ia_hash_t * ia_pd_active
Definition: dhcpd.h:884
void dhcpv6(struct packet *)
int commit_leases_timed(void)
Definition: db.c:1046
const int dhcpv6_type_name_max
Definition: tables.c:637
isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits)
Definition: inet.c:305
unsigned char hop_count
Definition: dhcp6.h:192
#define DHCPD_SIX_CONFIRM_START()
Definition: probes.h:273
isc_uint64_t low_threshold
Definition: dhcpd.h:1656
struct interface_info * next
Definition: dhcpd.h:1280
struct universe dhcpv6_universe
Definition: tables.c:329
isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, const struct in6_addr *pref, u_int8_t plen)
Definition: mdb6.c:1804
int evaluate_boolean_option_cache(int *ignorep, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct binding_scope **scope, struct option_cache *oc, const char *file, int line)
Definition: tree.c:2722
#define D6O_IA_NA
Definition: dhcp6.h:33
#define print_hex_2(len, data, limit)
Definition: dhcpd.h:2478
int packet_dereference(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1082
int ddns_updates(struct packet *, struct lease *, struct lease *, struct iasubopt *, struct iasubopt *, struct option_state *)
int packet_allocate(struct packet **ptr, const char *file, int line)
Definition: alloc.c:1016
const char int
Definition: omapip.h:443
struct iaddr netmask
Definition: dhcpd.h:993
isc_result_t iasubopt_dereference(struct iasubopt **iasubopt, const char *file, int line)
Definition: mdb6.c:260
#define DHCPV6_ADVERTISE
Definition: dhcp6.h:99
#define DHCPD_SIX_REQUEST_START()
Definition: probes.h:251
#define SV_LOG_THRESHOLD_LOW
Definition: dhcpd.h:750
isc_uint64_t num_abandoned
Definition: dhcpd.h:1654
isc_result_t set_server_duid_from_option(void)
isc_result_t ia_allocate(struct ia_xx **ia, u_int32_t iaid, const char *duid, unsigned int duid_len, const char *file, int line)
Definition: mdb6.c:338
#define D6O_ORO
Definition: dhcp6.h:36
struct subnet * next_sibling
Definition: dhcpd.h:988
isc_boolean_t unicast
Definition: dhcpd.h:435
isc_result_t ia_add_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, const char *file, int line)
Definition: mdb6.c:438
unsigned char data[1]
Definition: tree.h:63
unsigned char transaction_id[3]
Definition: dhcp6.h:180
time_t soft_lifetime_end_time
Definition: dhcpd.h:1548
struct iaddr lo_addr
Definition: inet.h:71
#define DHCPD_SIX_INFORMATION_REQUEST_DONE()
Definition: probes.h:394
#define SV_DEFAULT_LEASE_TIME
Definition: dhcpd.h:664
u_int8_t hbuf[HARDWARE_ADDR_LEN+1]
Definition: dhcpd.h:455
#define DHCPV6_CONFIRM
Definition: dhcp6.h:101
struct iaddr client_addr
Definition: dhcpd.h:397
ipv6_pond structure
Definition: dhcpd.h:1638
#define HARDWARE_ADDR_LEN
Definition: dhcpd.h:448
#define DHCPD_SIX_CONFIRM_DONE()
Definition: probes.h:284
isc_uint64_t num_total
Definition: dhcpd.h:1652
#define D6O_IA_PD
Definition: dhcp6.h:55
#define REPLY_OPTIONS_INDEX
Definition: dhcp6.h:185
#define DUID_LLT
Definition: dhcp6.h:119
struct iasubopt ** iasubopt
Definition: dhcpd.h:1581
int write_ia(const struct ia_xx *)
Definition: db.c:519
struct ia_xx * ia
Definition: dhcpd.h:1551
u_int16_t remote_port
Definition: dhclient.c:89
#define DHO_DHCP_RENEWAL_TIME
Definition: dhcp.h:150
struct in6_addr dhcpv6_peer_address
Definition: dhcpd.h:390
const char * file
Definition: dhcpd.h:3615
char * name
Definition: dhcpd.h:970
void putUShort(unsigned char *, u_int32_t)
Definition: convert.c:86
isc_result_t create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, unsigned int *attempts, const struct data_string *uid, time_t soft_lifetime_end_time)
Definition: mdb6.c:1715
#define DHCPD_SIX_RELEASE_START()
Definition: probes.h:361
#define DHCPD_SIX_REBIND_START()
Definition: probes.h:317
struct shared_network * shared_network
Definition: dhcpd.h:1621
struct in6_addr addr
Definition: dhcpd.h:1543
isc_result_t ia_reference(struct ia_xx **ia, struct ia_xx *src, const char *file, int line)
Definition: mdb6.c:376
struct executable_statement * on_commit
Definition: dhcpd.h:516
#define SV_LIMIT_ADDRS_PER_IA
Definition: dhcpd.h:719
const unsigned char * data
Definition: tree.h:79
int get_option_int(int *result, struct universe *universe, struct packet *packet, struct lease *lease, struct client_state *client_state, struct option_state *in_options, struct option_state *cfg_options, struct option_state *options, struct binding_scope **scope, unsigned code, const char *file, int line)
Definition: options.c:2203
isc_result_t generate_new_server_duid(void)
void data_string_copy(struct data_string *dest, const struct data_string *src, const char *file, int line)
Definition: alloc.c:1324
#define D6O_RELAY_MSG
Definition: dhcp6.h:39
struct permit * permit_list
Definition: dhcpd.h:1644
#define D6O_RECONF_ACCEPT
Definition: dhcp6.h:50
struct enumeration prefix_length_modes
Definition: stables.c:359
u_int16_t pool_type
Definition: dhcpd.h:1610
#define DHCPV6_INFORMATION_REQUEST
Definition: dhcp6.h:108
#define DHCPV6_DECLINE
Definition: dhcp6.h:106
struct in6_addr dhcpv6_link_address
Definition: dhcpd.h:389
unsigned char options[FLEXIBLE_ARRAY_MEMBER]
Definition: dhcp6.h:181
void classify_client(struct packet *)
Definition: class.c:63
struct group * group
Definition: dhcpd.h:1641
#define DHCPV6_SOLICIT
Definition: dhcp6.h:98
struct buffer * buffer
Definition: tree.h:78
#define TRACE(probe)
Definition: trace.h:10
#define SV_LIMIT_PREFS_PER_IA
Definition: dhcpd.h:720
#define STATUS_UseMulticast
Definition: dhcp6.h:88
struct packet * dhcpv6_container_packet
Definition: dhcpd.h:393
#define FTS_ACTIVE
Definition: dhcpd.h:499
isc_result_t iasubopt_reference(struct iasubopt **iasubopt, struct iasubopt *src, const char *file, int line)
Definition: mdb6.c:233