project/odhcp6c.git
7 weeks agoodhcp6c: allow to request specific ipv6 prefix master
Vladislav Grishenko [Thu, 25 Jul 2024 19:51:09 +0000 (00:51 +0500)]
odhcp6c: allow to request specific ipv6 prefix

Expand -P option with optional exact ipv6 prefix format.
This allows to keep the IPv6 prefix in some cases, for example
if the prefix is issued dynamically on upstream.

Examples:
    -P <length>
    -P <prefix/length>

Based on https://github.com/openwrt/odhcp6c/pull/86

18 months agoodhcp6c: add -K option to set packet kernel priority
pacien [Sun, 9 Apr 2023 20:18:50 +0000 (22:18 +0200)]
odhcp6c: add -K option to set packet kernel priority

This adds a command line option (-K) to set the packet kernel
priority.

This makes it straightforward to set some VLAN priority for DHCP
requests through an egress qos map. (Avoiding the need for firewall
matching and marking through iptables, which prevents using flow
offloading).

(Such priority tag is a hard requirement for some ISPs, such as Orange
in France).

Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
2 years agodhcpv6: add option to ignore stateless advertise
viktor.iarmola [Fri, 21 Jan 2022 12:33:02 +0000 (14:33 +0200)]
dhcpv6: add option to ignore stateless advertise

This change adds a new option to `odhcp6c` that makes it ignore any
advertisement without *both* IA_NA and IA_PD option.
Note that there is already an way to ignore advertisements without IA_NA
specifically (`-N force`) or without IA_PD specifically (`-F`), but there
is no way to express "advertisement MUST have either IA_NA or IA_PD
to be considered" - which is addressed by this change.

There are two primary use-cases for that.
First is to fix an issue with `odhcp6c` behavior when it encounters
a setup with both "stateful" (with IA_NA or IA_PD) and "stateless"
advertisements - and both coming with the same server DUID.
In that case, when the "stateless" advertisement comes last
during the RT window - it will overwrite the advertise entry for that
server DUID and effectively make it seem like we only received
one "stateless" advertisement on the link.
This, in turn, makes `odhcp6c` go into stateless mode
unless there was `-N force` or `-F` involved.

Second use case is as described in the initial part:
when we want to run in "stateful" mode, but would like to accept either
of IA_NA or IA_PD or both of them - and discard other advertisements.

Signed-off-by: Viktor Iarmola <viktor.iarmola@ui.com>
2 years agoodhcp6c: fix IA discard when T1 > 0 and T2 = 0
Dávid Benko [Wed, 13 Jul 2022 07:33:54 +0000 (09:33 +0200)]
odhcp6c: fix IA discard when T1 > 0 and T2 = 0

My ISP uses DHCPv6 advertisements where IA_PD T1 is non-zero (43200) and
T2 is zero. Current implementation of odhcp6c doesn't handle that and
just switches to stateless mode.

According to RFC 8415, section [21.21](https://datatracker.ietf.org/doc/html/rfc8415#section-21.21):
> If a client receives an IA_PD with T1 greater than T2 and both T1 and
  T2 are greater than 0, the client discards the IA_PD option and
  processes the remainder of the message as though the server had not
  included the IA_PD option.

Currently odhcp6c discards IA_PD option if `t1 > t2`:
https://github.com/openwrt/odhcp6c/blob/39b584bcac8770619b545d6ae344758f87028612/src/dhcpv6.c#L1346-L1347

The same applies for IA_NA.

Fix it by editing IA discard condition according to RFC.

Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
2 years agoRevert "dhcpv6: add a minimum valid lifetime for IA_PD updates"
Hans Dedecker [Sun, 5 Dec 2021 17:27:07 +0000 (18:27 +0100)]
Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates"

Reverts commit ca43ea3f436c76fab0b8e3f170725c1d91ebdc36 as
gracefull handling of IA_PD options with valid_liftime 0
is supported in commit c9578e10428d12c683ceb05e17970a616817f577

2 years agodhcpv6: add support for null IA_PD valid lifetime
Alin Nastac [Wed, 10 Nov 2021 15:02:05 +0000 (16:02 +0100)]
dhcpv6: add support for null IA_PD valid lifetime

This allows immediate removal of the old PD assignments, triggered
by DHCPv6 server messages that contain both old and new IA_PD options:
  - new IA_PD, with normal valid & preferred lifetimes
  - old IA_PD, with valid & preffered lifetimes set to 0

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
3 years agodhcpv6: add a minimum valid lifetime for IA_PD updates
Alin Nastac [Fri, 29 Oct 2021 08:44:10 +0000 (10:44 +0200)]
dhcpv6: add a minimum valid lifetime for IA_PD updates

Prefix delegation is removed when valid lifetime is set to 0,
which will result in current prefix assignments to be preserved
in odhcpd as long as their previously configured valid lifetime
allows it. When IA_PD valid lifetime is set to a small value iso 0,
netifd will update old IA_PD assignments, thus allowing removal
of the old prefixes from downstream interfaces.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
3 years agoodhcp6c: use strpbrk to provide get_sep_pos
Guilherme Janczak [Wed, 14 Jul 2021 09:32:45 +0000 (09:32 +0000)]
odhcp6c: use strpbrk to provide get_sep_pos

get_sep_pos is a reimplementation of strpbrk from the stdlib; this
patch removes it and replaces it with strpbrk in its callers.

Signed-off-by: Guilherme Janczak <guilherme.janczak@yandex.com>
3 years agocmake: enable extra compiler checks
Hans Dedecker [Sat, 3 Apr 2021 18:28:11 +0000 (20:28 +0200)]
cmake: enable extra compiler checks

Let's catch enforced compiler errors during compilation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agora: fix routing loop on point to point links
Hans Dedecker [Sat, 9 Jan 2021 20:17:48 +0000 (21:17 +0100)]
ra: fix routing loop on point to point links

For point-to-point links (e.g. PPP) don't create a link prefix route
when receiving a prefix information option with the on-link flag set.
Point-to-point links are non shared media and as such a destination
IPv6 address cannot be on-link.
If a link prefix route points to a point-to-point link it can trigger
a routing loop if the destination IPv6 address belongs to the prefix.
If such a packet is received and not directed to a local IPv6 address
it will be routed to the point-to-point link due to the link prefix route;
the upstream ISP router will route the IPv6 packet back due to the assigned
prefix route creating a "ping pong" effect

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agora: align ifindex resolving
Hans Dedecker [Wed, 6 Jan 2021 20:15:49 +0000 (21:15 +0100)]
ra: align ifindex resolving

Use ioctl SIOCGIFINDEX to resolve ifindex similar as in init_dhcpv6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: fix displaying IA info
Hans Dedecker [Sat, 26 Dec 2020 20:41:38 +0000 (21:41 +0100)]
dhcpv6: fix displaying IA info

Fix using ntohl and make clear if the recieved IA is either an IA_PD or
IA_NA option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: display status code as a string
Hans Dedecker [Sat, 26 Dec 2020 20:38:49 +0000 (21:38 +0100)]
dhcpv6: display status code as a string

For better readibility display the returned status code from the DHCPv6
server as a string

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: harden reconfigure logic
Hans Dedecker [Tue, 8 Dec 2020 17:43:38 +0000 (18:43 +0100)]
dhcpv6: harden reconfigure logic

Check if a valid DHCPv6 message is returned by dhcpv6_request in
dhcpv6_poll_reconfigure as only RENEW/REBIND/INFORMATION REQUEST
messages can trigger the transmission of these messages in reply
to a RECONFIGURE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: rework DHCPv6 message to string implementation
Hans Dedecker [Tue, 8 Dec 2020 17:31:25 +0000 (18:31 +0100)]
dhcpv6: rework DHCPv6 message to string implementation

As the DHCPv6 messages handled by odhcp6c are not numerical consecutive
drop the DHCPv6 message string array

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: fix regression
Hans Dedecker [Mon, 7 Dec 2020 20:26:47 +0000 (21:26 +0100)]
dhcpv6: fix regression

Fixes regression introduced in commit faed29a.
The DHCPv6 message type need to be returned by dhcpv6_handle_reconfigure
via dhcpv6_request when different from -1 so the correct message type
is passed to dhcpv6_request

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: improve syslog tracing
Hans Dedecker [Mon, 7 Dec 2020 20:17:16 +0000 (21:17 +0100)]
dhcpv6: improve syslog tracing

Improve syslog tracing by displaying the DHCPv6 message type
in the received DHCPv6 message and requested DHCPv6 message type in
reply to a RECONFIGURE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: only refresh timers when reconfigure is valid
Hans Dedecker [Thu, 3 Dec 2020 20:28:41 +0000 (21:28 +0100)]
dhcpv6: only refresh timers when reconfigure is valid

Refresh timers only when a valid DHCPv6 msg-type has been received
in the received DHCPv6 reconfigure

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: fix printing identity association id
Hans Dedecker [Thu, 3 Dec 2020 20:10:20 +0000 (21:10 +0100)]
dhcpv6: fix printing identity association id

Fix endian issue when printing the identity association id

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: avoid sending continuous renew/rebind messages
Hans Dedecker [Mon, 30 Nov 2020 21:10:09 +0000 (22:10 +0100)]
dhcpv6: avoid sending continuous renew/rebind messages

If any of the IAs is not present in the Reply message in response
to a Renew/Rebind message don't set t1 to one second.
This will cause a continuous sending of Renew messages every second
if the DHCP server does not include all IAs in the Reply message.
Instead continue the normal retransmission time as if the Reply
message is not received as specified in RFC8415 §18.2.10.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodhcpv6: add extra syslog info traces
Hans Dedecker [Sat, 28 Nov 2020 20:01:47 +0000 (21:01 +0100)]
dhcpv6: add extra syslog info traces

Add extra syslog info traces for debug purposes which are only enabled
when the verbose option is specified

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoodhcp6c_find_entry: exclude priority from the list of fields that must match
Alin Nastac [Thu, 15 Oct 2020 15:12:15 +0000 (17:12 +0200)]
odhcp6c_find_entry: exclude priority from the list of fields that must match

Priority of an entry can vary from one RA to another, but the entry
identity should be the same regardless of the priority declared in the
RA message handled in ra_process() at a time.

CDRouter for instance tests compliance of the device  to requirement
G-5 of RFC 7084 by provisioning initially the CPE with a valid default
route that has a medium preference after which it sends a low preference
RA with lifetime 0 to check that CPE will start sending RAs with
lifetime 0 on the LAN side. Because odhcp6c didn't matched the low
precedence default router entry with the odhcp6c_entry that was
previously stored with medium precedence, it will fail to remove the
existing STATE_RA_ROUTE default route, hence preventing odhcpd from
advertising RAs with lifetime 0 to LAN.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
4 years agora: fix sending router solicitations
Hans Dedecker [Sat, 28 Mar 2020 19:47:18 +0000 (20:47 +0100)]
ra: fix sending router solicitations

Only stop sending router solicitations when a RA is received with a
valid router lifetime as specified in RFC4861 §6.3.7

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoodhcp6c: fix compilation with musl 1.2.0
Rosen Penev [Wed, 25 Mar 2020 23:15:25 +0000 (16:15 -0700)]
odhcp6c: fix compilation with musl 1.2.0

SYS_clock_gettime is gone with musl 1.2.0. Switch to using the normal
function.

This was done back in the day when uClibc was used when librt was
separate.

Removed struct initialization since it gets written to right after.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agodhcpv6: sanitize oro options
Hans Dedecker [Fri, 6 Sep 2019 20:09:29 +0000 (22:09 +0200)]
dhcpv6: sanitize oro options

Remove SOL_MAX_RT and INF_MAX_RT from the non-strict oro option
array as both options will be added anyway by the required oro
option array

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoodhcp6c: align further with RFC8415
Hans Dedecker [Fri, 11 Jan 2019 14:02:11 +0000 (15:02 +0100)]
odhcp6c: align further with RFC8415

Align acceptable options in the ORO list further with RFC8415; where
appropriate add send option support for the newly added options.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agodhcpv6: avoid parsing unncessary IAs
Hans Dedecker [Fri, 11 Jan 2019 09:25:12 +0000 (10:25 +0100)]
dhcpv6: avoid parsing unncessary IAs

Don't parse IA_NA/IA_PD options if either na_mode or pd_mode is set
to IA_MODE_NONE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agodhcpv6: set cnt to correct IOV enum
Hans Dedecker [Fri, 11 Jan 2019 09:16:54 +0000 (10:16 +0100)]
dhcpv6: set cnt to correct IOV enum

Make the code less error prone by setting cnt to IOV_HDR_IA_NA when
sending an INFORMATION REQUEST message

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agodhcpv6: get rid of request_prefix
Hans Dedecker [Fri, 11 Jan 2019 08:49:27 +0000 (09:49 +0100)]
dhcpv6: get rid of request_prefix

Get rid of the variable request_prefix as it serves no purpose anymore
and even triggers wrong code in dhcpv6_send by setting cnt to 12 which
is an invalid msg_iovlen index
Where appropriate request_prefix check can be replaced by checking the
pd_mode variable.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agodhcpv6: sanitize option request list
Hans Dedecker [Wed, 9 Jan 2019 10:38:14 +0000 (11:38 +0100)]
dhcpv6: sanitize option request list

By config statefull options can be specified for the option request
list which will be included in DHCPv6 INFORMATION request messages.
Obviously this is wrong as both RFC3315 and RFC8415 specify no
statefull options must be included in stateless mode.
In RFC8415 Table 4 specifies the options which can be included in
the option request list and which options are required to be requested
in some messages.
This commit extends the option table with flags indicating which options
may be included in the option request list.
On top the client adds by default the options 32/82/83 as they're
required to be sent depending on the message.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: add option to ignore Server Unicast option
Adrian Friedli [Wed, 11 Jul 2018 20:32:41 +0000 (22:32 +0200)]
odhcp6c: add option to ignore Server Unicast option

Add option -U to ignore Server Unicast option and force odhcp6c to use
the multicast address. This allows a workaround for broken setups.

Signed-off-by: Adrian Friedli <adi@koalatux.ch>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: remove len check in option parsing handle
Hans Dedecker [Wed, 20 Jun 2018 12:42:11 +0000 (14:42 +0200)]
odhcp6c: remove len check in option parsing handle

Replace len check by checking src to determine end of option data in the
different option data handlers.
This will make Coverity happy as reported in CID1437049, CID1430905,
CID1430898 and CID1430848

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: add support for user string options
Hans Dedecker [Fri, 8 Jun 2018 14:29:50 +0000 (16:29 +0200)]
odhcp6c: add support for user string options

Support user defined options having a string as option value.
The option value is detected as a string if it starts and ends with
either a double or single quote.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agora: always trigger update in case of RA parameter change
Hans Dedecker [Sun, 29 Apr 2018 20:30:00 +0000 (22:30 +0200)]
ra: always trigger update in case of RA parameter change

Always launch a ra-updated event in case the RA hoplimit/mtu/reachable/
retransmit parameters change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodhcpv6: fix strncpy bounds
Hans Dedecker [Sat, 21 Apr 2018 11:40:29 +0000 (13:40 +0200)]
dhcpv6: fix strncpy bounds

Fixes dhcpv6.c:138:2: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]                                                                                                        strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoscript: fix possible negative delay
Hans Dedecker [Thu, 5 Apr 2018 14:51:19 +0000 (16:51 +0200)]
script: fix possible negative delay

Fix delay becoming negative when killing a running script

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodhcpv6: always trigger script update in case of IA updates
Hans Dedecker [Thu, 5 Apr 2018 09:55:50 +0000 (11:55 +0200)]
dhcpv6: always trigger script update in case of IA updates

Trigger a script update when IAs have been updated during a reply in reponse
to to either a renew/rebind.
This will make sure new IAs assigned by the DHCPv6 server are published via
a script update.

This covers the following scenario:
    -Prefix A is assigned by DHCPv6 server
    -Prefix A is renewed but the DHCPv6 server does not include prefix A in
    the reply but assigns a new prefix B.
    -Prefix B is published via the update script while renews for prefix A
    will still be sent

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agora: rework route information option handling
Hans Dedecker [Mon, 2 Apr 2018 19:09:16 +0000 (21:09 +0200)]
ra: rework route information option handling

Use struct icmpv6_opt_route_info to parse the route information option;
improve route information option sanity checks.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: improve code readibility
Hans Dedecker [Sat, 31 Mar 2018 16:57:45 +0000 (18:57 +0200)]
odhcp6c: improve code readibility

Improve code readibility by always checking the sep variable for end of
option data in the different option data parsing functions.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotreewide: improve error handling
Hans Dedecker [Tue, 27 Mar 2018 19:00:08 +0000 (21:00 +0200)]
treewide: improve error handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodhcpv6: initialize ifreq struct
Hans Dedecker [Tue, 27 Mar 2018 19:00:08 +0000 (21:00 +0200)]
dhcpv6: initialize ifreq struct

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agora: handle socket fail creation
Hans Dedecker [Tue, 27 Mar 2018 18:49:40 +0000 (20:49 +0200)]
ra: handle socket fail creation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: fix file pointer leakage
Hans Dedecker [Tue, 27 Mar 2018 18:45:04 +0000 (20:45 +0200)]
odhcp6c: fix file pointer leakage

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodhcpv6: rework option passthrough logic
Hans Dedecker [Tue, 16 Jan 2018 12:16:09 +0000 (13:16 +0100)]
dhcpv6: rework option passthrough logic

Options are not added to the passthru state depending on the option code
check. Rework this logic by defining the flag OPT_NO_PASSTHRU which is set
for options in the opts table; when constructing the passthru state the
option is added if the flag is not set.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: rework userclass and vendorclass command handling
Hans Dedecker [Tue, 16 Jan 2018 10:11:04 +0000 (11:11 +0100)]
odhcp6c: rework userclass and vendorclass command handling

Remove the userclass and vendorclass states; add the userclass and
vendorclass options specified via commands to the OPTS state which
contains the user specified options to be sent.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: add -x opt:val support
Hans Dedecker [Thu, 11 Jan 2018 15:31:57 +0000 (16:31 +0100)]
odhcp6c: add -x opt:val support

Add -x opt:val command support which allows to add options in sent packets.
The opt argument can be either specified as a string for well known options,
a decimal or a base-16 encoded value.

For some well-known options val will be parsed according to the data format
specified in the corresponding RFCs.

Supported well-know options are :
    authentication (option 11) : stream of base-16 encoded bytes
    userclass (option 15) : array of strings
    vendorclass (option 16) : stream of base-16 encoded bytes
    dns (option 23) : array of IPv6 addresses
    search (option 24) : Domain name
    sntpservers (option 31) : array of IPv6 addresses
    ntpserver (option 56) : stream of base-16 encoded bytes
    sipserver_d (option 21) : Domain name
    sipserver_a (option 22) : array of IPv6 addresses

The val array elements can be separated by either a white space, comma or tab.

The val for non well-known options is a stream of base-16 encoded bytes.

Config examples :

-x sntpservers:3001:3001::1,3001:3001::2
-x 11:00000000000000000000006674692F
-x 0x3e8:ABCDEF

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotreewide: update copyrights to 2018
Hans Dedecker [Sat, 13 Jan 2018 20:28:32 +0000 (21:28 +0100)]
treewide: update copyrights to 2018

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: let odhcp6c_add_state return a success/failure indication
Hans Dedecker [Sat, 13 Jan 2018 18:09:53 +0000 (19:09 +0100)]
odhcp6c: let odhcp6c_add_state return a success/failure indication

This will allow callers of odhcp6_add_state parsing a command line option :
generate a syslog error in case of failure
bail out with return an error code

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoRevert "odhcp6c: Replace strerror(errno) with %m"
Hans Dedecker [Wed, 3 Jan 2018 09:47:32 +0000 (10:47 +0100)]
Revert "odhcp6c: Replace strerror(errno) with %m"

The code is ISO C source enforced by the usage of the pedantic compile
option; using %m triggers the compiler warning "error: ISO C does not
support the '%m' gnu_printf format [-Werror=format=]" which breaks
compilation due to Werror being set set.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: Replace strerror(errno) with %m
Rosen Penev [Mon, 25 Dec 2017 23:05:13 +0000 (15:05 -0800)]
odhcp6c: Replace strerror(errno) with %m

Reduction of 48 bytes in compiled size. No functional difference.

-pedantic was removed as %m is a GNU extension.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agora: align RA update interval with RFC4861 (FS#964)
Hans Dedecker [Thu, 31 Aug 2017 15:03:02 +0000 (17:03 +0200)]
ra: align RA update interval with RFC4861 (FS#964)

RFC4861 paragraph 6.2.1 states the minimum allowed time between sending
unsolicited multicast Router Advertisements is 3 seconds.
Align the odhcp6c implementation to this requirement as before Router
Advertisement updates were accepted each 30 seconds.
This lead to IPv6 connectivity issues when a network sends Router
Advertisements with an interval smaller than 30 seconds as reported
in FS#964.
While at it rework the RA update logic making it clear the -m option
is only related to RA updates.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: rebind capability support in reconfigure message (rfc6644)
Hans Dedecker [Wed, 22 Mar 2017 13:14:26 +0000 (14:14 +0100)]
dhcpv6: rebind capability support in reconfigure message (rfc6644)

Allow rebind message type to appear in reconfigure message option of
a reconfigure message as desccribed in rfc6644

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: respect renew end point when handling reconfigure message
Hans Dedecker [Wed, 22 Mar 2017 12:58:04 +0000 (13:58 +0100)]
dhcpv6: respect renew end point when handling reconfigure message

Set T1 to 0 when receiving reconfigure message with as msg type renew;
this keeps the renew end point fixed meaning rebinding is started at T2
as initially calculated.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: calculate T1, T2 and T3 in a more sane manner
Hans Dedecker [Wed, 22 Mar 2017 12:28:53 +0000 (13:28 +0100)]
dhcpv6: calculate T1, T2 and T3 in a more sane manner

Refresh T1, T2 and T3 only in response to DHCPv6 messages which request
statefull DHCPv6 options.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agomd5: use libubox md5 library as local implementation
Hans Dedecker [Tue, 21 Mar 2017 14:25:52 +0000 (15:25 +0100)]
md5: use libubox md5 library as local implementation

Replace local md5 library by libubox md5 library as the local md5 library
has big endian issues.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: don't return renew msg in case of invalid msg type in reconfigure msg
Hans Dedecker [Sat, 18 Mar 2017 17:00:03 +0000 (18:00 +0100)]
dhcpv6: don't return renew msg in case of invalid msg type in reconfigure msg

Return -1 in case the msg type in the reconfigure message is invalid and
as such don't start sending renew messages.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agotreewide: align coding style
Hans Dedecker [Fri, 17 Mar 2017 22:16:57 +0000 (23:16 +0100)]
treewide: align coding style

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoCMakeLists: don't enable libubox md5 implementation by default
Hans Dedecker [Thu, 16 Mar 2017 20:17:24 +0000 (21:17 +0100)]
CMakeLists: don't enable libubox md5 implementation by default

Simplify odhcp6c standalone compilation by selecting local md5
implementation by default

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: use PRIu64 print macro
Hans Dedecker [Tue, 21 Feb 2017 21:02:32 +0000 (22:02 +0100)]
dhcpv6: use PRIu64 print macro

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoodhcp6c: fix possible stack corruption when parsing proc if_inet6
Hans Dedecker [Tue, 7 Feb 2017 21:32:57 +0000 (22:32 +0100)]
odhcp6c: fix possible stack corruption when parsing proc if_inet6

Fix buffer overflow when storing the IPv6 address in addr_buf as
the trailing zero was out of bounds.
Fix possible buffer overflow when storing the interface name in
name as interface name can contain IF_NAMESIZE characters.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: fix white space error
Hans Dedecker [Mon, 30 Jan 2017 11:27:22 +0000 (12:27 +0100)]
dhcpv6: fix white space error

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: trigger restart of DHCPv6 state machine when not receiving statefull options
Hans Dedecker [Mon, 30 Jan 2017 11:21:16 +0000 (12:21 +0100)]
dhcpv6: trigger restart of DHCPv6 state machine when not receiving statefull options

Don't set the renew timeout to 600 seconds in case no statefull options
are received but rather trigger an immediate restart of the DHCPv6
client state machine.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoupdate README
Hans Dedecker [Fri, 27 Jan 2017 10:35:00 +0000 (11:35 +0100)]
update README

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agodhcpv6: server unicast option support
Hans Dedecker [Fri, 27 Jan 2017 09:39:52 +0000 (10:39 +0100)]
dhcpv6: server unicast option support

Add server unicast option support according rfc3315

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoAdd option to ignore default lifetime for RDNSS records
Matthias Schiffer [Wed, 16 Nov 2016 13:47:46 +0000 (14:47 +0100)]
Add option to ignore default lifetime for RDNSS records

While RFC6106 mandates that the RDNSS lifetime is capped to the default
lifetime, this behaviour is often undesirable. In particular, it prevents
accepting RDNSS records from RAs that don't also advertise a default route
(set the default lifetime to 0).

Therefore, make it possible to opt out of this behaviour and respect the
RDNSS lifetime independently of the default lifetime using the new command
line switch -L.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
8 years agoMerge pull request #50 from sartura/libubox_md5_reuse
Luka Perkov [Sun, 6 Nov 2016 22:54:44 +0000 (23:54 +0100)]
Merge pull request #50 from sartura/libubox_md5_reuse

odhcp6c: reuse md5 from libubox

8 years agoodhcp6c: reuse md5 from libubox
Hrvoje Varga [Tue, 25 Oct 2016 14:08:25 +0000 (14:08 +0000)]
odhcp6c: reuse md5 from libubox

Added config support to use the MD5 implementation from libubox instead
of the in-house implementation. By default if not specified, libubox
will be linked and its MD5 will be used instead of the in-house
implementation.

Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
8 years agoMerge pull request #45 from themiron/master
Steven Barth [Mon, 8 Feb 2016 07:02:31 +0000 (08:02 +0100)]
Merge pull request #45 from themiron/master

Alignment cleanups

8 years agoSync style with the existing _packed & _unused macros
Vladislav Grishenko [Sun, 31 Jan 2016 16:03:55 +0000 (21:03 +0500)]
Sync style with the existing _packed & _unused macros

8 years agoUse more conventional way for the alignment
Vladislav Grishenko [Sun, 31 Jan 2016 16:03:00 +0000 (21:03 +0500)]
Use more conventional way for the alignment

8 years agoMerge pull request #44 from bwhacks/alignment-fixes
Steven Barth [Sun, 31 Jan 2016 15:18:16 +0000 (16:18 +0100)]
Merge pull request #44 from bwhacks/alignment-fixes

Alignment fixes

8 years agoMerge pull request #43 from bwhacks/security-fixes
Steven Barth [Fri, 29 Jan 2016 06:10:51 +0000 (07:10 +0100)]
Merge pull request #43 from bwhacks/security-fixes

Security/regression fixes

8 years agoFix end pointer passed from dhcpv6_handle_reply() to dhcpv6_parse_ia()
Ben Hutchings [Thu, 28 Jan 2016 22:45:39 +0000 (22:45 +0000)]
Fix end pointer passed from dhcpv6_handle_reply() to dhcpv6_parse_ia()

The end of the IA option is odata + olen; there's no need to add anything.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix regression in entry_to_env()
Ben Hutchings [Thu, 28 Jan 2016 22:45:14 +0000 (22:45 +0000)]
Fix regression in entry_to_env()

I broke entry_to_env() by incrementing the wrong variable in commit
a6bbd1d7f5c2 ("Fix potential buffer overflow in entry_to_env").

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoMerge pull request #42 from bwhacks/logic-fixes
Steven Barth [Thu, 28 Jan 2016 19:06:46 +0000 (20:06 +0100)]
Merge pull request #42 from bwhacks/logic-fixes

Logic fixes

8 years agoMerge pull request #41 from bwhacks/security-fixes
Steven Barth [Thu, 28 Jan 2016 15:59:12 +0000 (16:59 +0100)]
Merge pull request #41 from bwhacks/security-fixes

Security fixes

8 years agoFix alignment of hash buffer in dhcpv6_response_is_valid
Ben Hutchings [Thu, 28 Jan 2016 02:18:51 +0000 (02:18 +0000)]
Fix alignment of hash buffer in dhcpv6_response_is_valid

md5_final() writes to the hash buffer in 32-bit chunks, so it needs
to be 32-bit aligned.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix unaligned 32-bit reads from DHCP packets
Ben Hutchings [Thu, 28 Jan 2016 01:59:14 +0000 (01:59 +0000)]
Fix unaligned 32-bit reads from DHCP packets

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix alignment of buffers in ra_process and dhcpv6_request
Ben Hutchings [Fri, 22 Jan 2016 20:57:34 +0000 (20:57 +0000)]
Fix alignment of buffers in ra_process and dhcpv6_request

The packet buffer needs to be 32-bit aligned to ensure that the various
32-bit fields we pick out are naturally aligned.

The control message buffers needs to be naturally aligned for struct
cmsghdr.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoAdd padding between odhcp6c_entry structures to ensure 32-bit alignment
Ben Hutchings [Thu, 28 Jan 2016 04:33:48 +0000 (04:33 +0000)]
Add padding between odhcp6c_entry structures to ensure 32-bit alignment

struct odhcp6c_entry is not declared as __packed, so the compiler may
assume it is naturally aligned.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix iteration after expiring a list entry
Ben Hutchings [Fri, 22 Jan 2016 19:34:41 +0000 (19:34 +0000)]
Fix iteration after expiring a list entry

After removing an entry, the next entry will be at the same offset as
the entry we just removed.  Also the total length will have changed.

Update the length when we remove an entry, and advance the offset only
when we don't.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix script environment variable setting for empty lists
Ben Hutchings [Fri, 22 Jan 2016 20:13:35 +0000 (20:13 +0000)]
Fix script environment variable setting for empty lists

When setting an environment variable as a space-separated list, and
the list is empty, we must not delete the '=' before the value.

In practice putenv() is likely to discard the invalid string, leaving
the variable unset, but this is not guaranteed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoAdd missing option length checks in dhcpv6_handle_advert
Ben Hutchings [Thu, 28 Jan 2016 02:09:47 +0000 (02:09 +0000)]
Add missing option length checks in dhcpv6_handle_advert

These might be redundant with checks elsewhere but it's better to be
safe.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix potential log forgery via status string
Ben Hutchings [Thu, 28 Jan 2016 01:44:10 +0000 (01:44 +0000)]
Fix potential log forgery via status string

We should not include any control characters from the server status
message when logging it; in particular if we include '\n' this could
result in additional arbitrary log lines.  In dhcpv6_log_status_code,
replace all control characters with '?'.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoCheck for unsupported PD exclusion configuration in dhcpv6_parse_ia
Ben Hutchings [Thu, 28 Jan 2016 01:28:32 +0000 (01:28 +0000)]
Check for unsupported PD exclusion configuration in dhcpv6_parse_ia

We currently only support PD exclusions that only affect bits 64-95 of
the address, so we require:

    32 <= PD prefix length < exclusion prefix length <= 64

The first inequality was not validated, and this could result in a
buffer overflow when generating the next request message.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state fails
Ben Hutchings [Thu, 28 Jan 2016 01:16:31 +0000 (01:16 +0000)]
Fix memory leak in dhcpv6_add_server_cand in case odhcp6c_insert_state fails

If we fail to store information from the new server, the associated
NA and PD options will never be freed.  An attacker could use this
for denial-of-service.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoChange odhcp6c_insert_state to return a success/failure indicator
Ben Hutchings [Thu, 28 Jan 2016 01:14:04 +0000 (01:14 +0000)]
Change odhcp6c_insert_state to return a success/failure indicator

Some callers will need to free resources on failure.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix possible stack buffer overflow in s46_to_env when copying IPv6 prefixes
Ben Hutchings [Thu, 28 Jan 2016 00:49:22 +0000 (00:49 +0000)]
Fix possible stack buffer overflow in s46_to_env when copying IPv6 prefixes

An 8-bit prefix-length field can be as large as 255, but values larger
than 128 will result in a buffer overflow when copying to in6.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix off-by-one in buffer length in int_to_env
Ben Hutchings [Fri, 22 Jan 2016 19:07:52 +0000 (19:07 +0000)]
Fix off-by-one in buffer length in int_to_env

We need to allow for '=', negative sign, 10 digits and the null
terminator, adding up to 13 bytes not 12.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoFix potential buffer overflow in entry_to_env
Ben Hutchings [Fri, 22 Jan 2016 18:02:04 +0000 (18:02 +0000)]
Fix potential buffer overflow in entry_to_env

It appears that an entry of type ENTRY_PREFIX with iaid != 1 and an
exclusion can expand to a string of length up to 154 bytes, whereas we
allocate only 144 bytes per entry.

Also, in case of truncation, snprintf() returns the length of the
un-truncated output so we must not use this to increment buf_len.

Finally some of the lengths given to snprintf() are unnecessarily
generous.  Reduce them so we don't have to increase the allocated
length per entry further.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoAvoid copying buffer after dn_expand() fails
Ben Hutchings [Fri, 22 Jan 2016 20:15:31 +0000 (20:15 +0000)]
Avoid copying buffer after dn_expand() fails

If dn_expand() returns an error we could copy from an uninitialised
output buffer or append the previous domain name again.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
8 years agoMerge pull request #40 from dedeckeh/bugfixes
Steven Barth [Tue, 26 Jan 2016 19:29:01 +0000 (20:29 +0100)]
Merge pull request #40 from dedeckeh/bugfixes

script: Launch script with correct action if last script call is terminated

8 years agoscript: Launch script with correct action if last script call is terminated
Hans Dedecker [Tue, 26 Jan 2016 08:20:33 +0000 (09:20 +0100)]
script: Launch script with correct action if last script call is terminated

Actions launched as resume will be used in a next script_call
if the new action is not marked as resume even when the previous
script run was already terminated.
This behavior is particular visible when a RA is received as
the script will run with action bound and not ra-updated
resulting into a wan6 interface down/up transition

9 years agoodhcp6c: sync and accumulate RA & DHCPv6 events correctly
Steven Barth [Mon, 27 Jul 2015 13:39:11 +0000 (15:39 +0200)]
odhcp6c: sync and accumulate RA & DHCPv6 events correctly

9 years agoMerge pull request #37 from themiron/master
Steven Barth [Mon, 13 Jul 2015 14:15:52 +0000 (16:15 +0200)]
Merge pull request #37 from themiron/master

Avoid solicit for zero-length prefix

9 years agoMerge branch 'upstream'
Vladislav Grishenko [Mon, 13 Jul 2015 13:12:41 +0000 (18:12 +0500)]
Merge branch 'upstream'

9 years agodhcpv6: remove dead code
Steven Barth [Mon, 13 Jul 2015 10:38:42 +0000 (12:38 +0200)]
dhcpv6: remove dead code

9 years agoAvoid solicit for zero-length prefix
Vladislav Grishenko [Sun, 12 Jul 2015 12:02:30 +0000 (17:02 +0500)]
Avoid solicit for zero-length prefix

9 years agodhcpv6: clear CUSTOM_OPTS in a more sane manner
Steven Barth [Tue, 9 Jun 2015 12:04:59 +0000 (14:04 +0200)]
dhcpv6: clear CUSTOM_OPTS in a more sane manner

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoFix LW4over6 parameter handling
Steven Barth [Sat, 16 May 2015 07:28:01 +0000 (09:28 +0200)]
Fix LW4over6 parameter handling