From b146f9adc80cc2c2cdf2b04bfeec4c861a2a0e23 Mon Sep 17 00:00:00 2001 From: Kaspar Schleiser Date: Thu, 23 Jan 2014 16:39:43 +0100 Subject: [PATCH] add support for multiple prefixes with distinct IAIDs Changes from v1: - removed some unneeded changes - use *_add_state instead of (semantically identical and so unnecessary) *_append_state This is missing IAID validation for prefixes. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories --- src/dhcpv6.c | 148 +++++++++++++++++++++++++++++++++----------------- src/odhcp6c.c | 28 ++++++++-- src/odhcp6c.h | 9 ++- src/ra.c | 2 +- 4 files changed, 128 insertions(+), 59 deletions(-) diff --git a/src/dhcpv6.c b/src/dhcpv6.c index 7416f61..973ca8f 100644 --- a/src/dhcpv6.c +++ b/src/dhcpv6.c @@ -105,10 +105,8 @@ static bool accept_reconfig = false; // Reconfigure key static uint8_t reconf_key[16]; - -int init_dhcpv6(const char *ifname, int request_pd, bool strict_options, int sol_timeout) +int init_dhcpv6(const char *ifname, bool strict_options, int sol_timeout) { - request_prefix = request_pd; dhcpv6_retx[DHCPV6_MSG_SOLICIT].max_timeo = sol_timeout; sock = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP); @@ -201,7 +199,6 @@ void dhcpv6_set_ia_mode(enum odhcp6c_ia_mode na, enum odhcp6c_ia_mode pd) pd_mode = pd; } - static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs) { // Build FQDN @@ -230,62 +227,112 @@ static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs) // Build IA_PDs size_t ia_pd_entries, ia_pd_len = 0; - struct odhcp6c_entry *e = odhcp6c_get_state(STATE_IA_PD, &ia_pd_entries); - ia_pd_entries /= sizeof(*e); - struct dhcpv6_ia_hdr hdr_ia_pd = { - htons(DHCPV6_OPT_IA_PD), - htons(sizeof(hdr_ia_pd) - 4), - 1, 0, 0 - }; + uint8_t *ia_pd; + if (type == DHCPV6_MSG_SOLICIT) { + odhcp6c_clear_state(STATE_IA_PD); + size_t n_prefixes; + struct odhcp6c_request_prefix *request_prefixes = odhcp6c_get_state(STATE_IA_PD_INIT, &n_prefixes); + n_prefixes /= sizeof(struct odhcp6c_request_prefix); + + ia_pd = alloca(n_prefixes * (sizeof(struct dhcpv6_ia_hdr) + sizeof(struct dhcpv6_ia_prefix))); + + for (size_t i = 0; i < n_prefixes; i++) { + struct dhcpv6_ia_hdr hdr_ia_pd = { + htons(DHCPV6_OPT_IA_PD), + htons(sizeof(hdr_ia_pd) - 4 + sizeof(struct dhcpv6_ia_prefix)), + request_prefixes[i].iaid, 0, 0 + }; + struct dhcpv6_ia_prefix pref = { + .type = htons(DHCPV6_OPT_IA_PREFIX), + .len = htons(25), .prefix = request_prefixes[i].length + }; + memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd)); + ia_pd_len += sizeof(hdr_ia_pd); + memcpy(ia_pd + ia_pd_len, &pref, sizeof(pref)); + ia_pd_len += sizeof(pref); + } + } else { + struct odhcp6c_entry *e = odhcp6c_get_state(STATE_IA_PD, &ia_pd_entries); + ia_pd_entries /= sizeof(*e); + + // we're too lazy to count our distinct IAIDs, + // so just allocate maximally needed space + ia_pd = alloca(ia_pd_entries * (sizeof(struct dhcpv6_ia_prefix) + 10 + + sizeof(struct dhcpv6_ia_hdr))); + + for (size_t i = 0; i < ia_pd_entries; ++i) { + uint32_t iaid = e[i].iaid; + + // check if this is an unprocessed IAID and skip if not. + int new_iaid = 1; + for (int j = i-1; j >= 0; j--) { + if (e[j].iaid == iaid) { + new_iaid = 0; + break; + } + } - uint8_t *ia_pd = alloca(ia_pd_entries * (sizeof(struct dhcpv6_ia_prefix) + 10)); - for (size_t i = 0; i < ia_pd_entries; ++i) { - uint8_t ex_len = 0; - if (e[i].priority > 0) - ex_len = ((e[i].priority - e[i].length - 1) / 8) + 6; + if (!new_iaid) + continue; - struct dhcpv6_ia_prefix p = { - .type = htons(DHCPV6_OPT_IA_PREFIX), - .len = htons(sizeof(p) - 4U + ex_len), - .prefix = e[i].length, - .addr = e[i].target - }; + // construct header + struct dhcpv6_ia_hdr hdr_ia_pd = { + htons(DHCPV6_OPT_IA_PD), + htons(sizeof(hdr_ia_pd) - 4), + iaid, 0, 0 + }; - memcpy(ia_pd + ia_pd_len, &p, sizeof(p)); - ia_pd_len += sizeof(p); + memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd)); + struct dhcpv6_ia_hdr *hdr = (struct dhcpv6_ia_hdr *) (ia_pd + ia_pd_len); + ia_pd_len += sizeof(hdr_ia_pd); - if (ex_len) { - ia_pd[ia_pd_len++] = 0; - ia_pd[ia_pd_len++] = DHCPV6_OPT_PD_EXCLUDE; - ia_pd[ia_pd_len++] = 0; - ia_pd[ia_pd_len++] = ex_len - 4; - ia_pd[ia_pd_len++] = e[i].priority; + for (size_t j = i; j < ia_pd_entries; j++) { + if (e[j].iaid != iaid) + continue; - uint32_t excl = ntohl(e[i].router.s6_addr32[1]); - excl >>= (64 - e[i].priority); - excl <<= 8 - ((e[i].priority - e[i].length) % 8); + uint8_t ex_len = 0; + if (e[j].priority > 0) + ex_len = ((e[j].priority - e[j].length - 1) / 8) + 6; + + struct dhcpv6_ia_prefix p = { + .type = htons(DHCPV6_OPT_IA_PREFIX), + .len = htons(sizeof(p) - 4U + ex_len), + .prefix = e[j].length, + .addr = e[j].target + }; + + memcpy(ia_pd + ia_pd_len, &p, sizeof(p)); + ia_pd_len += sizeof(p); + + if (ex_len) { + ia_pd[ia_pd_len++] = 0; + ia_pd[ia_pd_len++] = DHCPV6_OPT_PD_EXCLUDE; + ia_pd[ia_pd_len++] = 0; + ia_pd[ia_pd_len++] = ex_len - 4; + ia_pd[ia_pd_len++] = e[j].priority; + + uint32_t excl = ntohl(e[j].router.s6_addr32[1]); + excl >>= (64 - e[j].priority); + excl <<= 8 - ((e[j].priority - e[j].length) % 8); + + for (size_t i = ex_len - 5; i > 0; --i, excl >>= 8) + ia_pd[ia_pd_len + i] = excl & 0xff; + ia_pd_len += ex_len - 5; + } - for (size_t i = ex_len - 5; i > 0; --i, excl >>= 8) - ia_pd[ia_pd_len + i] = excl & 0xff; - ia_pd_len += ex_len - 5; + hdr->len = htons(ntohs(hdr->len) + ntohs(p.len) + 4U); + } } } - struct dhcpv6_ia_prefix pref = { - .type = htons(DHCPV6_OPT_IA_PREFIX), - .len = htons(25), .prefix = request_prefix - }; - if (request_prefix > 0 && ia_pd_len == 0 && type == DHCPV6_MSG_SOLICIT) { - ia_pd = (uint8_t*)&pref; - ia_pd_len = sizeof(pref); - } - hdr_ia_pd.len = htons(ntohs(hdr_ia_pd.len) + ia_pd_len); + if (ia_pd_entries > 0) + request_prefix = 1; // Build IA_NAs size_t ia_na_entries, ia_na_len = 0; void *ia_na = NULL; - e = odhcp6c_get_state(STATE_IA_NA, &ia_na_entries); + struct odhcp6c_entry *e = odhcp6c_get_state(STATE_IA_NA, &ia_na_entries); ia_na_entries /= sizeof(*e); struct dhcpv6_ia_hdr hdr_ia_na = { @@ -344,7 +391,6 @@ static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs) {&fqdn, fqdn_len}, {&hdr_ia_na, sizeof(hdr_ia_na)}, {ia_na, ia_na_len}, - {&hdr_ia_pd, sizeof(hdr_ia_pd)}, {ia_pd, ia_pd_len}, }; @@ -362,8 +408,6 @@ static void dhcpv6_send(enum dhcpv6_msg type, uint8_t trid[3], uint32_t ecs) iov[5].iov_len = 0; if (ia_na_len == 0) iov[7].iov_len = 0; - if (ia_pd_len == 0) - iov[9].iov_len = 0; } if (na_mode == IA_MODE_NONE) @@ -825,7 +869,7 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc, struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]); // Test ID - if (ia_hdr->iaid != 1) + if (ia_hdr->iaid != 1 && otype == DHCPV6_OPT_IA_NA) continue; uint16_t code = DHCPV6_Success; @@ -975,7 +1019,9 @@ static int dhcpv6_parse_ia(void *opt, void *end) // Update address IA dhcpv6_for_each_option(&ia_hdr[1], end, otype, olen, odata) { struct odhcp6c_entry entry = {IN6ADDR_ANY_INIT, 0, 0, - IN6ADDR_ANY_INIT, 0, 0, 0, 0, 0}; + IN6ADDR_ANY_INIT, 0, 0, 0, 0, 0, 0}; + + entry.iaid = ia_hdr->iaid; if (otype == DHCPV6_OPT_IA_PREFIX) { struct dhcpv6_ia_prefix *prefix = (void*)&odata[-4]; diff --git a/src/odhcp6c.c b/src/odhcp6c.c index e5e415c..fdfc327 100644 --- a/src/odhcp6c.c +++ b/src/odhcp6c.c @@ -52,7 +52,6 @@ static int urandom_fd = -1, allow_slaac_only = 0; static bool bound = false, release = true; static time_t last_update = 0; - int main(_unused int argc, char* const argv[]) { // Allocate ressources @@ -64,6 +63,7 @@ int main(_unused int argc, char* const argv[]) uint16_t opttype; enum odhcp6c_ia_mode ia_na_mode = IA_MODE_TRY; enum odhcp6c_ia_mode ia_pd_mode = IA_MODE_TRY; + int ia_pd_iaid_index = 0; static struct in6_addr ifid = IN6ADDR_ANY_INIT; int sol_timeout = DHCPV6_SOL_MAX_RT; @@ -73,7 +73,7 @@ int main(_unused int argc, char* const argv[]) bool help = false, daemonize = false, strict_options = false; int logopt = LOG_PID; - int c, request_pd = 0; + int c; while ((c = getopt(argc, argv, "S::N:P:FB:c:i:r:Rs:kt:hedp:")) != -1) { switch (c) { case 'S': @@ -97,9 +97,24 @@ int main(_unused int argc, char* const argv[]) if (allow_slaac_only >= 0 && allow_slaac_only < 10) allow_slaac_only = 10; - request_pd = strtoul(optarg, NULL, 10); - if (request_pd == 0) - request_pd = -1; + char *iaid_begin; + int iaid_len = 0; + + int prefix_length = strtoul(optarg, &iaid_begin, 10); + + if (*iaid_begin != '\0' && *iaid_begin != ',') { + syslog(LOG_ERR, "invalid argument: '%s'", optarg); + return 1; + } + + struct odhcp6c_request_prefix prefix = { 0, prefix_length }; + + if (*iaid_begin == ',' && (iaid_len = strlen(iaid_begin)) > 1) + memcpy(&prefix.iaid, iaid_begin + 1, iaid_len > 4 ? 4 : iaid_len); + else + prefix.iaid = ++ia_pd_iaid_index; + + odhcp6c_add_state(STATE_IA_PD_INIT, &prefix, sizeof(prefix)); break; @@ -193,7 +208,7 @@ int main(_unused int argc, char* const argv[]) signal(SIGUSR2, sighandler); if ((urandom_fd = open("/dev/urandom", O_CLOEXEC | O_RDONLY)) < 0 || - init_dhcpv6(ifname, request_pd, strict_options, sol_timeout) || + init_dhcpv6(ifname, strict_options, sol_timeout) || ra_init(ifname, &ifid) || script_init(script, ifname)) { syslog(LOG_ERR, "failed to initialize: %s", strerror(errno)); return 3; @@ -554,6 +569,7 @@ bool odhcp6c_update_entry_safe(enum odhcp6c_state state, struct odhcp6c_entry *n x->t1 = new->t1; x->t2 = new->t2; x->class = new->class; + x->iaid = new->iaid; } else { odhcp6c_add_state(state, new, sizeof(*new)); } diff --git a/src/odhcp6c.h b/src/odhcp6c.h index 3f23e64..a8f4206 100644 --- a/src/odhcp6c.h +++ b/src/odhcp6c.h @@ -192,6 +192,7 @@ enum odhcp6c_state { STATE_SEARCH, STATE_IA_NA, STATE_IA_PD, + STATE_IA_PD_INIT, STATE_CUSTOM_OPTS, STATE_SNTP_IP, STATE_NTP_IP, @@ -236,10 +237,15 @@ struct odhcp6c_entry { uint32_t t1; uint32_t t2; uint16_t class; + uint32_t iaid; }; +struct odhcp6c_request_prefix { + uint32_t iaid; + uint16_t length; +}; -int init_dhcpv6(const char *ifname, int request_pd, bool strict_options, int sol_timeout); +int init_dhcpv6(const char *ifname, bool strict_options, int sol_timeout); void dhcpv6_set_ia_mode(enum odhcp6c_ia_mode na, enum odhcp6c_ia_mode pd); int dhcpv6_request(enum dhcpv6_msg type); int dhcpv6_poll_reconfigure(void); @@ -262,6 +268,7 @@ bool odhcp6c_is_bound(void); // State manipulation void odhcp6c_clear_state(enum odhcp6c_state state); void odhcp6c_add_state(enum odhcp6c_state state, const void *data, size_t len); +void odhcp6c_append_state(enum odhcp6c_state state, const void *data, size_t len); void odhcp6c_insert_state(enum odhcp6c_state state, size_t offset, const void *data, size_t len); size_t odhcp6c_remove_state(enum odhcp6c_state state, size_t offset, size_t len); void* odhcp6c_move_state(enum odhcp6c_state state, size_t *len); diff --git a/src/ra.c b/src/ra.c index d048e85..570ff6f 100644 --- a/src/ra.c +++ b/src/ra.c @@ -230,7 +230,7 @@ bool ra_process(void) bool has_lladdr = !IN6_IS_ADDR_UNSPECIFIED(&lladdr); uint8_t buf[1500], cmsg_buf[128]; struct nd_router_advert *adv = (struct nd_router_advert*)buf; - struct odhcp6c_entry entry = {IN6ADDR_ANY_INIT, 0, 0, IN6ADDR_ANY_INIT, 0, 0, 0, 0, 0}; + struct odhcp6c_entry entry = {IN6ADDR_ANY_INIT, 0, 0, IN6ADDR_ANY_INIT, 0, 0, 0, 0, 0, 0}; const struct in6_addr any = IN6ADDR_ANY_INIT; if (!has_lladdr) { -- 2.30.2